82974170e9
Three related issues: - READ_ALL was stored in the DB but missing from the Permission enum - ADMIN_USER, ADMIN_TAG and ADMIN_PERMISSION were in the enum and used in controllers but never granted to any user, making those endpoints permanently inaccessible - No runtime signal when a DB permission string drifts from the enum Changes: - Add READ_ALL to Permission enum - Grant all six permissions to the Administrators group in DataInitializer - Warn in CustomUserDetailsService when a DB permission string has no matching Permission enum value Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>