BEGIN;

WITH settings_route AS (
  SELECT id FROM sys_routes WHERE route_path = '/settings' AND deleted_at IS NULL LIMIT 1
), upsert_route AS (
  INSERT INTO sys_routes (
    route_path,
    route_name,
    component,
    parent_id,
    route_title,
    icon,
    sort_order,
    is_hidden,
    is_cache,
    meta,
    status,
    created_at,
    updated_at,
    deleted_at
  )
  SELECT
    '/rule-groups',
    'rule-groups',
    'rule-groups',
    settings_route.id,
    '评查点分组',
    'ri-folder-open-line',
    4,
    FALSE,
    TRUE,
    '{"group": "settings"}'::jsonb,
    0,
    NOW(),
    NOW(),
    NULL
  FROM settings_route
  ON CONFLICT (route_path) WHERE deleted_at IS NULL
  DO UPDATE SET
    route_name = EXCLUDED.route_name,
    component = EXCLUDED.component,
    parent_id = EXCLUDED.parent_id,
    route_title = EXCLUDED.route_title,
    icon = EXCLUDED.icon,
    sort_order = EXCLUDED.sort_order,
    is_hidden = EXCLUDED.is_hidden,
    is_cache = EXCLUDED.is_cache,
    meta = EXCLUDED.meta,
    status = 0,
    updated_at = NOW(),
    deleted_at = NULL
  RETURNING id
), target_route AS (
  SELECT id FROM upsert_route
  UNION ALL
  SELECT id FROM sys_routes WHERE route_path = '/rule-groups' AND deleted_at IS NULL LIMIT 1
)
INSERT INTO permissions (
  permission_key,
  module,
  resource,
  action,
  description,
  display_name,
  permission_type,
  is_system,
  metadata,
  created_at,
  updated_at,
  sort_order,
  route_id,
  api_path,
  api_method
)
SELECT *
FROM (
  SELECT 'evaluation_group:list:read',   'evaluation_group', 'list',   'read',   '查看评查点分组列表',   '查看评查点分组列表',   'API', FALSE, '{}'::jsonb, NOW(), NOW(), 1, (SELECT id FROM target_route LIMIT 1), '/api/v3/evaluation-point-groups',              'GET'
  UNION ALL
  SELECT 'evaluation_group:detail:read', 'evaluation_group', 'detail', 'read',   '查看评查点分组详情',   '查看评查点分组详情',   'API', FALSE, '{}'::jsonb, NOW(), NOW(), 2, (SELECT id FROM target_route LIMIT 1), '/api/v3/evaluation-point-groups/{id}',         'GET'
  UNION ALL
  SELECT 'evaluation_group:create:write','evaluation_group', 'create', 'write',  '创建评查点分组',       '创建评查点分组',       'API', FALSE, '{}'::jsonb, NOW(), NOW(), 3, (SELECT id FROM target_route LIMIT 1), '/api/v3/evaluation-point-groups',              'POST'
  UNION ALL
  SELECT 'evaluation_group:update:write','evaluation_group', 'update', 'write',  '更新评查点分组',       '更新评查点分组',       'API', FALSE, '{}'::jsonb, NOW(), NOW(), 4, (SELECT id FROM target_route LIMIT 1), '/api/v3/evaluation-point-groups/{id}',         'PUT'
  UNION ALL
  SELECT 'evaluation_group:delete:delete','evaluation_group','delete', 'delete', '删除评查点分组',       '删除评查点分组',       'API', FALSE, '{}'::jsonb, NOW(), NOW(), 5, (SELECT id FROM target_route LIMIT 1), '/api/v3/evaluation-point-groups/{id}',         'DELETE'
  UNION ALL
  SELECT 'evaluation_group:batch:write', 'evaluation_group', 'batch',  'write',  '批量操作评查点分组',   '批量操作评查点分组',   'API', FALSE, '{}'::jsonb, NOW(), NOW(), 6, (SELECT id FROM target_route LIMIT 1), '/api/v3/evaluation-point-groups/batch/status', 'PATCH'
) AS seed
ON CONFLICT (permission_key)
DO UPDATE SET
  module = EXCLUDED.module,
  resource = EXCLUDED.resource,
  action = EXCLUDED.action,
  description = EXCLUDED.description,
  display_name = EXCLUDED.display_name,
  permission_type = EXCLUDED.permission_type,
  metadata = EXCLUDED.metadata,
  updated_at = NOW(),
  sort_order = EXCLUDED.sort_order,
  route_id = EXCLUDED.route_id,
  api_path = EXCLUDED.api_path,
  api_method = EXCLUDED.api_method;

WITH permission_ids AS (
  SELECT id, permission_key
  FROM permissions
  WHERE permission_key IN (
    'evaluation_group:list:read',
    'evaluation_group:detail:read',
    'evaluation_group:create:write',
    'evaluation_group:update:write',
    'evaluation_group:delete:delete',
    'evaluation_group:batch:write'
  )
), admin_roles AS (
  SELECT id
  FROM roles
  WHERE role_key IN ('super_admin', 'provincial_admin', 'admin')
), route_id AS (
  SELECT id FROM sys_routes WHERE route_path = '/rule-groups' AND deleted_at IS NULL LIMIT 1
)
INSERT INTO role_permissions (
  role_id,
  permission_id,
  grant_type,
  data_scope,
  created_at,
  updated_at
)
SELECT admin_roles.id, permission_ids.id, 'GRANT', 'ALL', NOW(), NOW()
FROM admin_roles
CROSS JOIN permission_ids
ON CONFLICT (role_id, permission_id)
DO UPDATE SET
  grant_type = EXCLUDED.grant_type,
  data_scope = EXCLUDED.data_scope,
  updated_at = NOW();

WITH admin_roles AS (
  SELECT id
  FROM roles
  WHERE role_key IN ('super_admin', 'provincial_admin', 'admin')
), route_id AS (
  SELECT id FROM sys_routes WHERE route_path = '/rule-groups' AND deleted_at IS NULL LIMIT 1
)
INSERT INTO role_route (
  role_id,
  route_id,
  permission,
  created_at,
  updated_at,
  status
)
SELECT admin_roles.id, route_id.id, 'RW', NOW(), NOW(), 1
FROM admin_roles
CROSS JOIN route_id
ON CONFLICT (role_id, route_id)
DO UPDATE SET
  permission = EXCLUDED.permission,
  updated_at = NOW(),
  status = 1;

COMMIT;