From 01f4a31fe190ebe8825655f25059a242f0f5fcdf Mon Sep 17 00:00:00 2001
From: "bert.hausmans" <bert@hausmans.nl>
Date: Fri, 8 May 2026 20:44:05 +0200
Subject: [PATCH] feat(timetable): seed program_manager + production_assistant
 roles
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add the two RFC-TIMETABLE §9 roles. Authorization stays role-based per
Phase A Option B; RFC §9 permission strings map to roles in policy
class docblocks, not seeded as Spatie permissions. The eventual
cross-cutting migration to fine-grained permissions is tracked under
AUTH-PERMISSIONS-MIGRATION.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 api/database/seeders/RoleSeeder.php | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/api/database/seeders/RoleSeeder.php b/api/database/seeders/RoleSeeder.php
index c32d7bf4..92100d98 100644
--- a/api/database/seeders/RoleSeeder.php
+++ b/api/database/seeders/RoleSeeder.php
@@ -22,5 +22,15 @@ class RoleSeeder extends Seeder
         Role::findOrCreate('event_manager', 'web');
         Role::findOrCreate('staff_coordinator', 'web');
         Role::findOrCreate('volunteer_coordinator', 'web');
+
+        // RFC-TIMETABLE v0.2 §9 — program/production roles. Per Phase A
+        // decision (2026-05-08), Crewli authorises by role only; the four
+        // RFC §9 permission strings (events.view_program, events.manage_program,
+        // organisations.manage_artists, organisations.manage_settings) are
+        // mapped to roles in policy class docblocks rather than seeded as
+        // Spatie permissions. See BACKLOG entry AUTH-PERMISSIONS-MIGRATION
+        // for the eventual cross-cutting migration.
+        Role::findOrCreate('program_manager', 'web');
+        Role::findOrCreate('production_assistant', 'web');
     }
 }