-- ============================================================
-- NICC Admin Menu - Migracion 0004
-- Manager tiene acceso EXCLUSIVO a herramientas avanzadas
-- Admin NO tiene acceso a:
--   - Sistema y Configuracion
--   - Herramientas
--   - Configurar Menu NICC
-- ============================================================

-- Manager tiene acceso completo a TODO
UPDATE admin_menu_permissions
SET can_view = 1, can_execute = 1
WHERE role = 'manager';

-- Quitar permisos de ADMIN para items de "Sistema y Configuracion"
UPDATE admin_menu_permissions
SET can_view = 0, can_execute = 0
WHERE role = 'admin'
AND item_id IN (
    SELECT i.id FROM admin_menu_items i
    JOIN admin_menu_categories c ON i.category_id = c.id
    WHERE c.code = 'system'
);

-- Quitar permisos de ADMIN para items de "Herramientas"
UPDATE admin_menu_permissions
SET can_view = 0, can_execute = 0
WHERE role = 'admin'
AND item_id IN (
    SELECT i.id FROM admin_menu_items i
    JOIN admin_menu_categories c ON i.category_id = c.id
    WHERE c.code = 'tools'
);

-- Quitar permisos de ADMIN para "Configurar Menu NICC"
UPDATE admin_menu_permissions
SET can_view = 0, can_execute = 0
WHERE role = 'admin'
AND item_id IN (
    SELECT id FROM admin_menu_items WHERE code = 'niccadminmenu'
);

-- Asegurar que manager tiene acceso a items peligrosos tambien
UPDATE admin_menu_permissions
SET can_view = 1, can_execute = 1
WHERE role = 'manager'
AND item_id IN (
    SELECT id FROM admin_menu_items WHERE is_dangerous = 1
);

-- Fin de migracion
SELECT 1;