From 18e5d18cc78a8347179b0861530a1ea512b8e901 Mon Sep 17 00:00:00 2001 From: Marcel Date: Sat, 2 May 2026 18:42:46 +0200 Subject: [PATCH] feat(geschichte): V59 grants BLOG_WRITE to existing WRITE_ALL groups MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Without this, the Geschichten feature ships dark on prod day-one — no group holds BLOG_WRITE, so the editor controls never render even for admins. The mapping "anyone who can write documents can also author family stories" is the safest default and admins can revoke afterwards via the new checkbox UI. Closes Tobias's review S5 on PR #382. Co-Authored-By: Claude Opus 4.7 --- .../db/migration/V59__seed_blog_write.sql | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 backend/src/main/resources/db/migration/V59__seed_blog_write.sql diff --git a/backend/src/main/resources/db/migration/V59__seed_blog_write.sql b/backend/src/main/resources/db/migration/V59__seed_blog_write.sql new file mode 100644 index 00000000..b653072a --- /dev/null +++ b/backend/src/main/resources/db/migration/V59__seed_blog_write.sql @@ -0,0 +1,16 @@ +-- Grant BLOG_WRITE to every existing group that already holds WRITE_ALL. +-- Without this, the Geschichten feature ships dark to production: no group +-- has BLOG_WRITE, so the editor controls are invisible and "+ Neue Geschichte" +-- is never rendered. The natural mapping is "groups that can already write +-- documents and tags can also author family stories." Admins can revoke or +-- re-assign via the group editor afterwards. + +INSERT INTO group_permissions (group_id, permission) +SELECT DISTINCT gp.group_id, 'BLOG_WRITE' +FROM group_permissions gp +WHERE gp.permission = 'WRITE_ALL' + AND NOT EXISTS ( + SELECT 1 FROM group_permissions existing + WHERE existing.group_id = gp.group_id + AND existing.permission = 'BLOG_WRITE' + );