pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor RBAC migration scripts and update configuration handling

Browse Source 
- Removed old migration scripts for profiles and users to RBAC.
- Updated config redirector to utilize environment variables for configuration loading.
- Added .gitignore files to firmware, log, and marketing directories to prevent unnecessary file tracking.
- Introduced new configuration files for acceptance, development, and production environments with relevant settings.
- Enhanced settings files to include exception lists, security keys, and database settings.
This commit is contained in:
“VeLiTi”
2026-02-06 13:34:54 +01:00
parent 4564a4a04b
commit 4b83f596f1
15 changed files with 575 additions and 545 deletions
Download Patch File Download Diff File Expand all files Collapse all files

114
assets/database/marketing_install.sql
View File

@@ -1,114 +0,0 @@
-- Marketing System Database Tables
-- Run this script to create the necessary tables for the marketing file management system
--
-- Usage: Import this file into your MySQL database or run the commands individually
-- Make sure to select the correct database before running these commands
-- Disable foreign key checks temporarily to avoid constraint errors
SET FOREIGN_KEY_CHECKS = 0;
-- Create marketing_folders table
CREATE TABLE IF NOT EXISTS `marketing_folders` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`folder_name` varchar(255) NOT NULL,
`parent_id` int(11) DEFAULT NULL,
`description` text DEFAULT NULL,
`created` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
`createdby` varchar(100) DEFAULT NULL,
`updated` timestamp NULL DEFAULT NULL ON UPDATE CURRENT_TIMESTAMP,
`updatedby` varchar(100) DEFAULT NULL,
`accounthierarchy` text DEFAULT NULL,
PRIMARY KEY (`id`),
KEY `parent_id` (`parent_id`),
KEY `accounthierarchy_idx` (`accounthierarchy`(100))
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-- Create marketing_files table
CREATE TABLE IF NOT EXISTS `marketing_files` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`title` varchar(255) NOT NULL,
`original_filename` varchar(255) NOT NULL,
`file_path` varchar(500) NOT NULL,
`thumbnail_path` varchar(500) DEFAULT NULL,
`file_type` varchar(10) NOT NULL,
`file_size` bigint(20) NOT NULL DEFAULT 0,
`folder_id` int(11) DEFAULT NULL,
`tags` json DEFAULT NULL,
`created` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
`createdby` varchar(100) DEFAULT NULL,
`updated` timestamp NULL DEFAULT NULL ON UPDATE CURRENT_TIMESTAMP,
`updatedby` varchar(100) DEFAULT NULL,
`accounthierarchy` text DEFAULT NULL,
PRIMARY KEY (`id`),
KEY `folder_id` (`folder_id`),
KEY `file_type` (`file_type`),
KEY `accounthierarchy_idx` (`accounthierarchy`(100)),
KEY `created_idx` (`created`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-- Create marketing_tags table
CREATE TABLE IF NOT EXISTS `marketing_tags` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`tag_name` varchar(100) NOT NULL,
`created` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (`id`),
UNIQUE KEY `tag_name` (`tag_name`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-- Create marketing_file_tags junction table
CREATE TABLE IF NOT EXISTS `marketing_file_tags` (
`file_id` int(11) NOT NULL,
`tag_id` int(11) NOT NULL,
PRIMARY KEY (`file_id`, `tag_id`),
KEY `file_id` (`file_id`),
KEY `tag_id` (`tag_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-- Add foreign key constraints after all tables are created
ALTER TABLE `marketing_folders`
ADD CONSTRAINT `fk_marketing_folders_parent`
FOREIGN KEY (`parent_id`) REFERENCES `marketing_folders`(`id`) ON DELETE CASCADE;
ALTER TABLE `marketing_files`
ADD CONSTRAINT `fk_marketing_files_folder`
FOREIGN KEY (`folder_id`) REFERENCES `marketing_folders`(`id`) ON DELETE SET NULL;
ALTER TABLE `marketing_file_tags`
ADD CONSTRAINT `fk_marketing_file_tags_file`
FOREIGN KEY (`file_id`) REFERENCES `marketing_files`(`id`) ON DELETE CASCADE;
ALTER TABLE `marketing_file_tags`
ADD CONSTRAINT `fk_marketing_file_tags_tag`
FOREIGN KEY (`tag_id`) REFERENCES `marketing_tags`(`id`) ON DELETE CASCADE;
-- Re-enable foreign key checks
SET FOREIGN_KEY_CHECKS = 1;
-- Insert some default sample data (optional)
-- Uncomment the lines below if you want to start with sample folders and tags
-- INSERT INTO `marketing_folders` (`folder_name`, `description`, `createdby`) VALUES
-- ('Product Brochures', 'Marketing brochures and product information', 'system'),
-- ('Technical Specifications', 'Technical documentation and specifications', 'system'),
-- ('Images', 'Product images and photos', 'system'),
-- ('Videos', 'Product videos and demonstrations', 'system');
-- INSERT INTO `marketing_tags` (`tag_name`) VALUES
-- ('brochure'),
-- ('specification'),
-- ('manual'),
-- ('image'),
-- ('video'),
-- ('product'),
-- ('marketing'),
-- ('technical');
-- Create upload directories (Note: This requires manual creation on file system)
-- Create the following directories in your web server:
-- - ./marketing/uploads/
-- - ./marketing/uploads/thumbs/
--
-- Linux/macOS commands:
-- mkdir -p marketing/uploads/thumbs
-- chmod 755 marketing/uploads
-- chmod 755 marketing/uploads/thumbs

222
assets/database/migration_profiles_to_rbac.sql
View File

@@ -1,222 +0,0 @@
-- ===================================================
-- PROFILE TO RBAC MIGRATION SCRIPT
-- Date: 2025-01-22
-- Description: Migrate from settingsprofiles.php to user_roles RBAC system
-- Note: Uses existing access_elements table (already populated)
-- ===================================================
START TRANSACTION;
-- ===================================================
-- PHASE 1: CREATE ROLES (matching existing profiles)
-- ===================================================
INSERT INTO `user_roles` (`name`, `description`, `is_active`, `created`, `createdby`) VALUES
('Standard', 'Basic user access - view equipment, history, service reports', 1, NOW(), 1),
('Superuser', 'Extended access - manage equipment, products, users', 1, NOW(), 1),
('Admin', 'Administrative access - full management capabilities', 1, NOW(), 1),
('AdminPlus', 'System administrator - complete system access', 1, NOW(), 1),
('Build', 'Build tool access only', 1, NOW(), 1),
('Commerce', 'E-commerce and catalog management', 1, NOW(), 1),
('Distribution', 'Distribution partner access', 1, NOW(), 1),
('Firmware', 'Firmware/software update access only', 1, NOW(), 1),
('Garage', 'Car testing and diagnostics', 1, NOW(), 1),
('Interface', 'API/Interface access', 1, NOW(), 1),
('Service', 'Service technician access', 1, NOW(), 1),
('Other', 'Miscellaneous access level', 1, NOW(), 1)
ON DUPLICATE KEY UPDATE `description` = VALUES(`description`);
-- ===================================================
-- PHASE 2: CREATE ROLE_ACCESS_PERMISSIONS MAPPINGS
-- ===================================================
-- Get role IDs
SET @role_standard = (SELECT rowID FROM user_roles WHERE name = 'Standard' LIMIT 1);
SET @role_superuser = (SELECT rowID FROM user_roles WHERE name = 'Superuser' LIMIT 1);
SET @role_admin = (SELECT rowID FROM user_roles WHERE name = 'Admin' LIMIT 1);
SET @role_adminplus = (SELECT rowID FROM user_roles WHERE name = 'AdminPlus' LIMIT 1);
SET @role_build = (SELECT rowID FROM user_roles WHERE name = 'Build' LIMIT 1);
SET @role_commerce = (SELECT rowID FROM user_roles WHERE name = 'Commerce' LIMIT 1);
SET @role_distribution = (SELECT rowID FROM user_roles WHERE name = 'Distribution' LIMIT 1);
SET @role_firmware = (SELECT rowID FROM user_roles WHERE name = 'Firmware' LIMIT 1);
SET @role_garage = (SELECT rowID FROM user_roles WHERE name = 'Garage' LIMIT 1);
SET @role_interface = (SELECT rowID FROM user_roles WHERE name = 'Interface' LIMIT 1);
SET @role_service = (SELECT rowID FROM user_roles WHERE name = 'Service' LIMIT 1);
SET @role_other = (SELECT rowID FROM user_roles WHERE name = 'Other' LIMIT 1);
-- ===================================================
-- STANDARD ROLE PERMISSIONS (Read-only)
-- Profile: application,firmwaretool,histories,history,servicereport,servicereports,dashboard,profile,equipment,equipments,products_software
-- ===================================================
INSERT INTO `role_access_permissions` (`role_id`, `access_id`, `can_create`, `can_read`, `can_update`, `can_delete`)
SELECT @role_standard, rowID, 0, 1, 0, 0 FROM access_elements WHERE access_path IN (
'application', 'firmwaretool', 'histories', 'history', 'servicereport', 'servicereports',
'dashboard', 'profile', 'equipment', 'equipments', 'products_software'
)
ON DUPLICATE KEY UPDATE can_read = 1;
-- ===================================================
-- SUPERUSER ROLE PERMISSIONS (Create, Read, Update)
-- Profile: application,assets,firmwaretool,histories,history,history_manage,marketing,partner,partners,
-- servicereport,servicereports,admin,dashboard,profile,equipment,equipment_manage,
-- equipment_manage_edit,equipments,equipments_mass_update,product,product_manage,products,
-- products_software,products_versions,user,user_manage,users
-- ===================================================
INSERT INTO `role_access_permissions` (`role_id`, `access_id`, `can_create`, `can_read`, `can_update`, `can_delete`)
SELECT @role_superuser, rowID, 1, 1, 1, 0 FROM access_elements WHERE access_path IN (
'application', 'firmwaretool', 'histories', 'history', 'history_manage',
'marketing', 'partner', 'partners', 'servicereport', 'servicereports',
'dashboard', 'profile', 'equipment', 'equipment_manage',
'equipments', 'equipments_mass_update', 'product', 'product_manage', 'products',
'products_software', 'products_versions', 'user', 'users'
)
ON DUPLICATE KEY UPDATE can_create = 1, can_read = 1, can_update = 1;
-- ===================================================
-- ADMIN ROLE PERMISSIONS (Full CRUD)
-- ===================================================
INSERT INTO `role_access_permissions` (`role_id`, `access_id`, `can_create`, `can_read`, `can_update`, `can_delete`)
SELECT @role_admin, rowID, 1, 1, 1, 1 FROM access_elements WHERE access_path IN (
'application', 'buildtool', 'cartest', 'cartest_manage', 'cartests',
'changelog', 'communication', 'communication_send', 'communications', 'firmwaretool',
'histories', 'history', 'history_manage', 'marketing', 'partner', 'partners',
'servicereport', 'servicereports', 'software_available', 'software_download',
'software_update', 'softwaretool', 'account', 'accounts', 'dashboard', 'profile',
'contract', 'contract_manage', 'contracts', 'equipment', 'equipment_data',
'equipment_healthindex', 'equipment_history', 'equipment_manage',
'equipments', 'equipments_mass_update', 'product', 'product_manage', 'products',
'products_software', 'products_software_assignment', 'products_software_assignments',
'products_software_licenses', 'products_versions', 'report_build',
'report_contracts_billing', 'report_healthindex', 'rma', 'rma_history',
'rma_manage', 'rmas', 'user', 'users'
)
ON DUPLICATE KEY UPDATE can_create = 1, can_read = 1, can_update = 1, can_delete = 1;
-- ===================================================
-- ADMINPLUS ROLE PERMISSIONS (Full access to everything)
-- ===================================================
INSERT INTO `role_access_permissions` (`role_id`, `access_id`, `can_create`, `can_read`, `can_update`, `can_delete`)
SELECT @role_adminplus, rowID, 1, 1, 1, 1 FROM access_elements WHERE is_active = 1
ON DUPLICATE KEY UPDATE can_create = 1, can_read = 1, can_update = 1, can_delete = 1;
-- ===================================================
-- BUILD ROLE PERMISSIONS
-- Profile: application,buildtool,firmwaretool,dashboard,profile,products_software
-- ===================================================
INSERT INTO `role_access_permissions` (`role_id`, `access_id`, `can_create`, `can_read`, `can_update`, `can_delete`)
SELECT @role_build, rowID, 1, 1, 1, 0 FROM access_elements WHERE access_path IN (
'application', 'buildtool', 'firmwaretool', 'dashboard', 'profile', 'products_software'
)
ON DUPLICATE KEY UPDATE can_create = 1, can_read = 1, can_update = 1;
-- ===================================================
-- COMMERCE ROLE PERMISSIONS
-- ===================================================
INSERT INTO `role_access_permissions` (`role_id`, `access_id`, `can_create`, `can_read`, `can_update`, `can_delete`)
SELECT @role_commerce, rowID, 1, 1, 1, 1 FROM access_elements WHERE access_path IN (
'application', 'catalog', 'categories', 'category', 'checkout', 'discount', 'discounts',
'identity', 'invoice', 'media', 'media_manage', 'order', 'orders', 'partner', 'partners',
'placeorder', 'pricelists', 'pricelists_items', 'pricelists_manage', 'shipping',
'shipping_manage', 'shopping_cart', 'taxes', 'transactions', 'transactions_items',
'translation_manage', 'translations', 'translations_details', 'uploader',
'dashboard', 'profile', 'product', 'product_manage', 'products', 'products_attributes',
'products_attributes_items', 'products_attributes_manage', 'products_categories',
'products_configurations', 'products_media', 'products_software', 'products_versions',
'user', 'users'
)
ON DUPLICATE KEY UPDATE can_create = 1, can_read = 1, can_update = 1, can_delete = 1;
-- ===================================================
-- DISTRIBUTION ROLE PERMISSIONS
-- ===================================================
INSERT INTO `role_access_permissions` (`role_id`, `access_id`, `can_create`, `can_read`, `can_update`, `can_delete`)
SELECT @role_distribution, rowID, 1, 1, 1, 0 FROM access_elements WHERE access_path IN (
'application', 'firmwaretool', 'histories', 'history', 'history_manage',
'marketing', 'partner', 'partners', 'servicereport', 'servicereports',
'dashboard', 'profile', 'equipment', 'equipment_manage',
'equipments', 'equipments_mass_update', 'product', 'product_manage', 'products',
'products_software', 'products_versions', 'user', 'users'
)
ON DUPLICATE KEY UPDATE can_create = 1, can_read = 1, can_update = 1;
-- ===================================================
-- FIRMWARE ROLE PERMISSIONS
-- Profile: application,software_available,software_download,software_update,softwaretool,
-- transactions,transactions_items,products_software_versions
-- ===================================================
INSERT INTO `role_access_permissions` (`role_id`, `access_id`, `can_create`, `can_read`, `can_update`, `can_delete`)
SELECT @role_firmware, rowID, 0, 1, 1, 0 FROM access_elements WHERE access_path IN (
'application', 'software_available', 'software_download', 'software_update',
'softwaretool', 'transactions', 'transactions_items', 'products_software_versions'
)
ON DUPLICATE KEY UPDATE can_read = 1, can_update = 1;
-- ===================================================
-- GARAGE ROLE PERMISSIONS
-- Profile: application,cartest,cartest_manage,cartests,dashboard,profile,products_versions
-- ===================================================
INSERT INTO `role_access_permissions` (`role_id`, `access_id`, `can_create`, `can_read`, `can_update`, `can_delete`)
SELECT @role_garage, rowID, 1, 1, 1, 0 FROM access_elements WHERE access_path IN (
'application', 'cartest', 'cartest_manage', 'cartests', 'dashboard', 'profile', 'products_versions'
)
ON DUPLICATE KEY UPDATE can_create = 1, can_read = 1, can_update = 1;
-- ===================================================
-- INTERFACE ROLE PERMISSIONS
-- Profile: application,firmwaretool,invoice,payment,transactions,transactions_items,
-- contract,contracts,equipment_manage,equipments,products_software,products_versions,users
-- ===================================================
INSERT INTO `role_access_permissions` (`role_id`, `access_id`, `can_create`, `can_read`, `can_update`, `can_delete`)
SELECT @role_interface, rowID, 1, 1, 1, 0 FROM access_elements WHERE access_path IN (
'application', 'firmwaretool', 'invoice', 'payment', 'transactions', 'transactions_items',
'contract', 'contracts', 'equipment_manage', 'equipments', 'products_software',
'products_versions', 'users'
)
ON DUPLICATE KEY UPDATE can_create = 1, can_read = 1, can_update = 1;
-- ===================================================
-- SERVICE ROLE PERMISSIONS
-- Profile: application,assets,firmwaretool,histories,history,history_manage,marketing,partner,partners,
-- servicereport,servicereports,admin,dashboard,profile,equipment,equipment_manage,equipments,
-- products_software,user,user_manage,users
-- ===================================================
INSERT INTO `role_access_permissions` (`role_id`, `access_id`, `can_create`, `can_read`, `can_update`, `can_delete`)
SELECT @role_service, rowID, 1, 1, 1, 0 FROM access_elements WHERE access_path IN (
'application', 'firmwaretool', 'histories', 'history', 'history_manage',
'marketing', 'partner', 'partners', 'servicereport', 'servicereports',
'dashboard', 'profile', 'equipment', 'equipment_manage', 'equipments', 'products_software',
'user', 'users'
)
ON DUPLICATE KEY UPDATE can_create = 1, can_read = 1, can_update = 1;
-- ===================================================
-- OTHER ROLE PERMISSIONS
-- Profile: application,assets,firmwaretool,histories,history,history_manage,marketing,partner,partners,
-- servicereport,servicereports,admin,dashboard,profile,equipment,equipment_manage,equipments,products_software
-- ===================================================
INSERT INTO `role_access_permissions` (`role_id`, `access_id`, `can_create`, `can_read`, `can_update`, `can_delete`)
SELECT @role_other, rowID, 0, 1, 1, 0 FROM access_elements WHERE access_path IN (
'application', 'firmwaretool', 'histories', 'history', 'history_manage',
'marketing', 'partner', 'partners', 'servicereport', 'servicereports',
'dashboard', 'profile', 'equipment', 'equipment_manage', 'equipments', 'products_software'
)
ON DUPLICATE KEY UPDATE can_read = 1, can_update = 1;
-- ===================================================
-- VERIFICATION QUERIES
-- ===================================================
-- Check roles created
SELECT rowID, name, description, is_active FROM user_roles ORDER BY rowID;
-- Check permissions per role
SELECT ur.name as role_name, COUNT(rap.rowID) as permission_count
FROM user_roles ur
LEFT JOIN role_access_permissions rap ON ur.rowID = rap.role_id
GROUP BY ur.rowID, ur.name
ORDER BY ur.rowID;
-- ===================================================
-- Change ROLLBACK to COMMIT when ready to apply
-- ===================================================
COMMIT;

141
assets/database/migration_users_to_rbac.sql
View File

@@ -1,141 +0,0 @@
-- ===================================================
-- USER TO RBAC ROLE ASSIGNMENT MIGRATION SCRIPT
-- Date: 2025-01-22
-- Description: Migrate users from settings/view fields to user_role_assignments
-- Prerequisites: Run migration_profiles_to_rbac.sql first to create roles
-- ===================================================
START TRANSACTION;
-- ===================================================
-- MAPPING REFERENCE:
--
-- users.settings field values -> role names:
-- 'admin_profile' or view=4 -> TSS_Admin
-- 'distribution' -> Distribution
-- 'service' -> Service
-- 'firmware' -> Software_Tool
-- 'interface' -> Interface
-- 'superuser_profile' or view=1 -> Service
-- All others (including empty/NULL) -> Service
--
-- IGNORED/REMOVED PROFILES:
-- 'standard_profile', 'adminplus_profile', 'build', 'commerce',
-- 'garage', 'other'
-- ===================================================
-- Get role IDs
SET @role_tss_admin = (SELECT rowID FROM user_roles WHERE name = 'TSS_Admin' LIMIT 1);
SET @role_distribution = (SELECT rowID FROM user_roles WHERE name = 'Distribution' LIMIT 1);
SET @role_service = (SELECT rowID FROM user_roles WHERE name = 'Service' LIMIT 1);
SET @role_software_tool = (SELECT rowID FROM user_roles WHERE name = 'Software_Tool' LIMIT 1);
SET @role_interface = (SELECT rowID FROM user_roles WHERE name = 'Interface' LIMIT 1);
-- ===================================================
-- PHASE 1: MIGRATE USERS BY SETTINGS FIELD (profile name)
-- ===================================================
-- Users with 'admin_profile' setting -> TSS_Admin
INSERT INTO `user_role_assignments` (`user_id`, `role_id`, `is_active`, `assigned_by`, `assigned_at`, `created`, `createdby`)
SELECT id, @role_tss_admin, 1, 'migration_script', NOW(), NOW(), 1
FROM users
WHERE settings = 'admin_profile'
ON DUPLICATE KEY UPDATE updated = NOW();
-- Users with 'distribution' setting -> Distribution
INSERT INTO `user_role_assignments` (`user_id`, `role_id`, `is_active`, `assigned_by`, `assigned_at`, `created`, `createdby`)
SELECT id, @role_distribution, 1, 'migration_script', NOW(), NOW(), 1
FROM users
WHERE settings = 'distribution'
ON DUPLICATE KEY UPDATE updated = NOW();
-- Users with 'service' setting -> Service
INSERT INTO `user_role_assignments` (`user_id`, `role_id`, `is_active`, `assigned_by`, `assigned_at`, `created`, `createdby`)
SELECT id, @role_service, 1, 'migration_script', NOW(), NOW(), 1
FROM users
WHERE settings = 'service'
ON DUPLICATE KEY UPDATE updated = NOW();
-- Users with 'firmware' setting -> Software_Tool
INSERT INTO `user_role_assignments` (`user_id`, `role_id`, `is_active`, `assigned_by`, `assigned_at`, `created`, `createdby`)
SELECT id, @role_software_tool, 1, 'migration_script', NOW(), NOW(), 1
FROM users
WHERE settings = 'firmware'
ON DUPLICATE KEY UPDATE updated = NOW();
-- Users with 'interface' setting -> Interface
INSERT INTO `user_role_assignments` (`user_id`, `role_id`, `is_active`, `assigned_by`, `assigned_at`, `created`, `createdby`)
SELECT id, @role_interface, 1, 'migration_script', NOW(), NOW(), 1
FROM users
WHERE settings = 'interface'
ON DUPLICATE KEY UPDATE updated = NOW();
-- Users with 'superuser_profile' setting -> Service
INSERT INTO `user_role_assignments` (`user_id`, `role_id`, `is_active`, `assigned_by`, `assigned_at`, `created`, `createdby`)
SELECT id, @role_service, 1, 'migration_script', NOW(), NOW(), 1
FROM users
WHERE settings = 'superuser_profile'
ON DUPLICATE KEY UPDATE updated = NOW();
-- ===================================================
-- PHASE 2: MIGRATE USERS WITH EMPTY/NULL SETTINGS (use view field)
-- Only for users not already assigned a role
-- ===================================================
-- Users with view=4 (Admin) and no settings -> TSS_Admin
INSERT INTO `user_role_assignments` (`user_id`, `role_id`, `is_active`, `assigned_by`, `assigned_at`, `created`, `createdby`)
SELECT u.id, @role_tss_admin, 1, 'migration_script', NOW(), NOW(), 1
FROM users u
LEFT JOIN user_role_assignments ura ON u.id = ura.user_id AND ura.is_active = 1
WHERE (u.settings IS NULL OR u.settings = '')
AND u.view = '4'
AND ura.rowID IS NULL
ON DUPLICATE KEY UPDATE updated = NOW();
-- ===================================================
-- PHASE 3: CATCH-ALL - Any remaining users without role -> Service
-- ===================================================
INSERT INTO `user_role_assignments` (`user_id`, `role_id`, `is_active`, `assigned_by`, `assigned_at`, `created`, `createdby`)
SELECT u.id, @role_service, 1, 'migration_script', NOW(), NOW(), 1
FROM users u
LEFT JOIN user_role_assignments ura ON u.id = ura.user_id AND ura.is_active = 1
WHERE ura.rowID IS NULL
ON DUPLICATE KEY UPDATE updated = NOW();
-- ===================================================
-- VERIFICATION QUERIES
-- ===================================================
-- Check migration results: users per role
SELECT
ur.name as role_name,
COUNT(ura.user_id) as user_count
FROM user_roles ur
LEFT JOIN user_role_assignments ura ON ur.rowID = ura.role_id AND ura.is_active = 1
GROUP BY ur.rowID, ur.name
ORDER BY user_count DESC;
-- Check for users without role assignments (should be 0)
SELECT COUNT(*) as users_without_role
FROM users u
LEFT JOIN user_role_assignments ura ON u.id = ura.user_id AND ura.is_active = 1
WHERE ura.rowID IS NULL;
-- Compare old vs new: show users with their old settings and new role
SELECT
u.id,
u.username,
u.settings as old_profile,
u.view as old_view_level,
ur.name as new_role
FROM users u
LEFT JOIN user_role_assignments ura ON u.id = ura.user_id AND ura.is_active = 1
LEFT JOIN user_roles ur ON ura.role_id = ur.rowID
ORDER BY u.id
LIMIT 50;
-- ===================================================
-- Change ROLLBACK to COMMIT when ready to apply
-- ===================================================
COMMIT;