-- Add 'management' role to app_role enum
ALTER TYPE public.app_role ADD VALUE IF NOT EXISTS 'management';

-- Add visible_to_roles to amenities (which roles can view this amenity's calendar)
ALTER TABLE public.amenities
  ADD COLUMN IF NOT EXISTS visible_to_roles jsonb NOT NULL DEFAULT '[]'::jsonb;

-- Seed default (no permissions) role_permissions rows for the new 'management' role
-- across all existing feature areas; safe to re-run.
INSERT INTO public.role_permissions (role, feature_area, can_read, can_create, can_edit, can_delete)
SELECT 'management', feature_area, false, false, false, false
FROM (SELECT DISTINCT feature_area FROM public.role_permissions) f
ON CONFLICT (role, feature_area) DO NOTHING;