CREATE TABLE IF NOT EXISTS `role_permissions` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `role` varchar(255) NOT NULL,
  `resource` varchar(255) NOT NULL,
  `action` varchar(255) NOT NULL,
  `fields` text DEFAULT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `role_resource_action` (`role`,`resource`,`action`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;

-- Default Permissions

-- Admin: Can do everything
INSERT INTO `role_permissions` (`role`, `resource`, `action`, `fields`) VALUES
('Admin', 'asset', 'create', '*'),
('Admin', 'asset', 'read', '*'),
('Admin', 'asset', 'update', '*'),
('Admin', 'asset', 'delete', '*'),
('Admin', 'user', 'create', '*'),
('Admin', 'user', 'read', '*'),
('Admin', 'user', 'update', '*'),
('Admin', 'user', 'delete', '*');

-- Asset Manager: Can manage assets
INSERT INTO `role_permissions` (`role`, `resource`, `action`, `fields`) VALUES
('Asset Manager', 'asset', 'create', '*'),
('Asset Manager', 'asset', 'read', '*'),
('Asset Manager', 'asset', 'update', '*'),
('Asset Manager', 'asset', 'delete', '*');

-- IT Technician: Can manage assets
INSERT INTO `role_permissions` (`role`, `resource`, `action`, `fields`) VALUES
('IT Technician', 'asset', 'create', '*'),
('IT Technician', 'asset', 'read', '*'),
('IT Technician', 'asset', 'update', '*'),
('IT Technician', 'asset', 'delete', '*');

-- Employee: Can only read some asset fields
INSERT INTO `role_permissions` (`role`, `resource`, `action`, `fields`) VALUES
('Employee', 'asset', 'read', 'name,asset_tag,status,location,manufacturer,model');