enterprise_assest_management_app/scripts/setup-permissions.sh

#!/bin/bash

# Setup Directus Permissions Script
# This script grants the admin role full permissions to our custom collections

DIRECTUS_URL="http://localhost:8055"
ADMIN_EMAIL="admin@assetmanagement.com"
ADMIN_PASSWORD="AssetAdmin2024!"

echo "🔐 Setting up Directus permissions..."
echo

# Authenticate and get token
echo "🔑 Authenticating with Directus..."
AUTH_RESPONSE=$(curl -s -X POST "$DIRECTUS_URL/auth/login" \
  -H "Content-Type: application/json" \
  -d "{\"email\":\"$ADMIN_EMAIL\",\"password\":\"$ADMIN_PASSWORD\"}")

ACCESS_TOKEN=$(echo $AUTH_RESPONSE | grep -o '"access_token":"[^"]*"' | cut -d'"' -f4)

if [ -z "$ACCESS_TOKEN" ]; then
  echo "❌ Authentication failed"
  exit 1
fi

echo "✅ Authentication successful"

# Get the admin role ID
echo "👤 Getting admin role ID..."
ROLES_RESPONSE=$(curl -s -H "Authorization: Bearer $ACCESS_TOKEN" \
  "$DIRECTUS_URL/roles")

ADMIN_ROLE_ID=$(echo $ROLES_RESPONSE | grep -o '"id":"[^"]*","name":"Administrator"' | head -1 | cut -d'"' -f4)

if [ -z "$ADMIN_ROLE_ID" ]; then
  echo "❌ Could not find Administrator role"
  exit 1
fi

echo "✅ Found admin role: $ADMIN_ROLE_ID"

# Collections that need permissions
COLLECTIONS=(
  "organizations"
  "subscription_plans" 
  "asset_categories"
  "locations"
  "vendors"
  "assets"
  "asset_components"
  "asset_qr_codes"
  "work_order_types"
  "work_orders"
  "asset_reminders"
)

# Function to create permission for a collection
create_permission() {
  local collection=$1
  local action=$2
  
  echo "  📋 Granting $action permission for $collection..."
  
  PERMISSION_DATA="{
    \"role\": \"$ADMIN_ROLE_ID\",
    \"collection\": \"$collection\",
    \"action\": \"$action\",
    \"permissions\": {},
    \"validation\": {},
    \"presets\": null,
    \"fields\": [\"*\"]
  }"
  
  RESPONSE=$(curl -s -X POST "$DIRECTUS_URL/permissions" \
    -H "Authorization: Bearer $ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d "$PERMISSION_DATA")
  
  if echo "$RESPONSE" | grep -q "error"; then
    echo "    ⚠️  Warning: $(echo $RESPONSE | grep -o '"message":"[^"]*"' | cut -d'"' -f4)"
  fi
}

echo
echo "🔓 Creating permissions for all collections..."

# Create CRUD permissions for each collection
for collection in "${COLLECTIONS[@]}"; do
  echo "📁 Setting up permissions for: $collection"
  create_permission "$collection" "create"
  create_permission "$collection" "read"
  create_permission "$collection" "update"
  create_permission "$collection" "delete"
  echo
done

echo "🎉 Permission setup completed!"
echo
echo "📋 Testing asset creation..."

# Test creating an asset with required fields
TEST_ASSET_DATA='{
  "organization_id": "'$(curl -s -H "Authorization: Bearer $ACCESS_TOKEN" "$DIRECTUS_URL/items/organizations?limit=1" | grep -o '"id":"[^"]*"' | head -1 | cut -d'"' -f4)'",
  "name": "Test Asset",
  "asset_identifier": "TEST-'$(date +%s)'",
  "category_id": "'$(curl -s -H "Authorization: Bearer $ACCESS_TOKEN" "$DIRECTUS_URL/items/asset_categories?limit=1" | grep -o '"id":"[^"]*"' | head -1 | cut -d'"' -f4)'",
  "location_id": "'$(curl -s -H "Authorization: Bearer $ACCESS_TOKEN" "$DIRECTUS_URL/items/locations?limit=1" | grep -o '"id":"[^"]*"' | head -1 | cut -d'"' -f4)'",
  "acquisition_cost": 1000.00
}'

echo "Testing with data: $TEST_ASSET_DATA"
echo

CREATE_RESPONSE=$(curl -s -X POST "$DIRECTUS_URL/items/assets" \
  -H "Authorization: Bearer $ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d "$TEST_ASSET_DATA")

if echo "$CREATE_RESPONSE" | grep -q "error"; then
  echo "❌ Asset creation still failing:"
  echo "$CREATE_RESPONSE"
else
  echo "✅ Test asset created successfully!"
  echo "🎯 Frontend should now be able to create assets"
fi

echo
echo "📋 Next steps:"
echo "1. Try creating an asset through your frontend again"
echo "2. Check the Directus admin panel to verify permissions"
echo "3. Visit http://localhost:8055/admin/settings/roles/permissions"