From 851d63f626162bc599af6651a0ab230221ea731b Mon Sep 17 00:00:00 2001
From: Moritz <moritz.m@local-it.org>
Date: Tue, 6 Jan 2026 17:18:34 +0100
Subject: [PATCH] feat: add authorization domain migration

Create roles table and add role_id to users table with indexes
and foreign key constraints.
---
 ...0260106161215_add_authorization_domain.exs | 79 +++++++++++++++++++
 1 file changed, 79 insertions(+)
 create mode 100644 priv/repo/migrations/20260106161215_add_authorization_domain.exs

diff --git a/priv/repo/migrations/20260106161215_add_authorization_domain.exs b/priv/repo/migrations/20260106161215_add_authorization_domain.exs
new file mode 100644
index 0000000..02edcd3
--- /dev/null
+++ b/priv/repo/migrations/20260106161215_add_authorization_domain.exs
@@ -0,0 +1,79 @@
+defmodule Mv.Repo.Migrations.AddAuthorizationDomain do
+  @moduledoc """
+  Updates resources based on their most recent snapshots.
+
+  This file was autogenerated with `mix ash_postgres.generate_migrations`
+  """
+
+  use Ecto.Migration
+
+  def up do
+    alter table(:users) do
+      add :role_id, :uuid
+    end
+
+    create table(:roles, primary_key: false) do
+      add :id, :uuid, null: false, default: fragment("gen_random_uuid()"), primary_key: true
+    end
+
+    alter table(:users) do
+      modify :role_id,
+             references(:roles,
+               column: :id,
+               name: "users_role_id_fkey",
+               type: :uuid,
+               prefix: "public"
+             )
+    end
+
+    alter table(:roles) do
+      add :name, :text, null: false
+      add :description, :text
+      add :permission_set_name, :text, null: false
+      add :is_system_role, :boolean, null: false, default: false
+
+      add :inserted_at, :utc_datetime_usec,
+        null: false,
+        default: fragment("(now() AT TIME ZONE 'utc')")
+
+      add :updated_at, :utc_datetime_usec,
+        null: false,
+        default: fragment("(now() AT TIME ZONE 'utc')")
+    end
+
+    create unique_index(:roles, [:name], name: "roles_unique_name_index")
+
+    create index(:roles, [:permission_set_name], name: "roles_permission_set_name_index")
+
+    create index(:users, [:role_id], name: "users_role_id_index")
+  end
+
+  def down do
+    drop_if_exists index(:users, [:role_id], name: "users_role_id_index")
+
+    drop_if_exists index(:roles, [:permission_set_name], name: "roles_permission_set_name_index")
+
+    drop_if_exists unique_index(:roles, [:name], name: "roles_unique_name_index")
+
+    alter table(:roles) do
+      remove :updated_at
+      remove :inserted_at
+      remove :is_system_role
+      remove :permission_set_name
+      remove :description
+      remove :name
+    end
+
+    drop constraint(:users, "users_role_id_fkey")
+
+    alter table(:users) do
+      modify :role_id, :uuid
+    end
+
+    drop table(:roles)
+
+    alter table(:users) do
+      remove :role_id
+    end
+  end
+end