From 617bb5ab39613683699211b646efd73a991f24c4 Mon Sep 17 00:00:00 2001
From: Tiago Yamamoto <tiago.ribeiro@inventcloud.com.br>
Date: Wed, 24 Dec 2025 18:14:35 -0300
Subject: [PATCH] fix(rbac): add migration to fix seeded users roles and patch
 notifications store

---
 backend/cmd/manual_migrate/main.go            |  8 ++++----
 .../023_ensure_seeded_admins_roles.sql        | 20 +++++++++++++++++++
 frontend/src/lib/store/notifications-store.ts |  4 ++--
 seeder-api/src/seeders/users.js               | 11 ++++++++++
 4 files changed, 37 insertions(+), 6 deletions(-)
 create mode 100644 backend/migrations/023_ensure_seeded_admins_roles.sql

diff --git a/backend/cmd/manual_migrate/main.go b/backend/cmd/manual_migrate/main.go
index 59cbccd..e2102e2 100644
--- a/backend/cmd/manual_migrate/main.go
+++ b/backend/cmd/manual_migrate/main.go
@@ -46,10 +46,10 @@ func main() {
 
 	// Try multiple paths
 	paths := []string{
-		"migrations/017_create_tickets_table.sql",
-		"backend/migrations/017_create_tickets_table.sql",
-		"../migrations/017_create_tickets_table.sql",
-		"/home/yamamoto/lab/gohorsejobs/backend/migrations/017_create_tickets_table.sql",
+		"migrations/023_ensure_seeded_admins_roles.sql",
+		"backend/migrations/023_ensure_seeded_admins_roles.sql",
+		"../migrations/023_ensure_seeded_admins_roles.sql",
+		"/home/yamamoto/lab/gohorsejobs/backend/migrations/023_ensure_seeded_admins_roles.sql",
 	}
 
 	var content []byte
diff --git a/backend/migrations/023_ensure_seeded_admins_roles.sql b/backend/migrations/023_ensure_seeded_admins_roles.sql
new file mode 100644
index 0000000..30cd342
--- /dev/null
+++ b/backend/migrations/023_ensure_seeded_admins_roles.sql
@@ -0,0 +1,20 @@
+-- Migration: Ensure Seeded Users Have Roles
+-- Description: Fixes missing roles for seeded users (admins, recruiters, candidates) due to previous seeder/migration race conditions.
+
+-- 1. Fix Admins
+INSERT INTO user_roles (user_id, role)
+SELECT id, 'admin' FROM users WHERE identifier IN ('takeshi_yamamoto', 'kenji', 'wile_e_coyote')
+ON CONFLICT (user_id, role) DO NOTHING;
+
+-- 2. Fix Recruiters
+INSERT INTO user_roles (user_id, role)
+SELECT id, 'recruiter' FROM users WHERE identifier = 'maria_santos'
+ON CONFLICT (user_id, role) DO NOTHING;
+
+-- 3. Fix Candidates (including legacy ones)
+INSERT INTO user_roles (user_id, role)
+SELECT id, 'candidate' FROM users WHERE identifier IN (
+    'paulo_santos', 'maria_email',
+    'ana_silva', 'carlos_santos', 'maria_oliveira', 'pedro_costa', 'juliana_ferreira'
+)
+ON CONFLICT (user_id, role) DO NOTHING;
diff --git a/frontend/src/lib/store/notifications-store.ts b/frontend/src/lib/store/notifications-store.ts
index 8b9063a..bc16a50 100644
--- a/frontend/src/lib/store/notifications-store.ts
+++ b/frontend/src/lib/store/notifications-store.ts
@@ -21,8 +21,8 @@ export const useNotificationsStore = create<NotificationsState>((set, get) => ({
         try {
             const data = await notificationsApi.list();
             set({
-                notifications: data,
-                unreadCount: data.filter((n) => !n.readAt).length,
+                notifications: data || [],
+                unreadCount: (data || []).filter((n) => !n.readAt).length,
             });
         } catch (error) {
             console.error("Failed to fetch notifications", error);
diff --git a/seeder-api/src/seeders/users.js b/seeder-api/src/seeders/users.js
index fdc7722..9966f54 100644
--- a/seeder-api/src/seeders/users.js
+++ b/seeder-api/src/seeders/users.js
@@ -190,6 +190,17 @@ export async function seedUsers() {
                 cand.bio
             ]);
             console.log(`   ✓ Legacy candidate created: ${cand.email}`);
+
+            // Fix: Insert role into user_roles
+            const result = await pool.query('SELECT id FROM users WHERE identifier = $1', [cand.identifier]);
+            if (result.rows[0]) {
+                const userId = result.rows[0].id;
+                await pool.query(`
+                    INSERT INTO user_roles (user_id, role)
+                    VALUES ($1, 'candidate')
+                    ON CONFLICT (user_id, role) DO NOTHING
+                `, [userId]);
+            }
         }
 
     } catch (error) {