-- 005_refine_employee_login_and_role_policy.sql
-- 调整员工登录规则：员工默认密码改为 pw111111，手机号在未删除员工范围内全局唯一。

ALTER TABLE roles
  ADD COLUMN is_system TINYINT(1) NOT NULL DEFAULT 0 COMMENT '是否服务端内置角色，内置角色不可修改或删除' AFTER description;

UPDATE roles
SET is_system = 1
WHERE code IN ('store_manager', 'cashier', 'kitchen', 'part_time', 'admin');

-- 旧版本默认员工密码是 Employee@123456，这里只迁移仍使用旧默认哈希的员工。
UPDATE employees
SET password_hash = 'pbkdf2$sha256$310000$QnXyjrpm0QzcGYLEPdunWg$CfR-CywGl1c_Omh_3PyOWPmo93EcbMY1FEjjd5MDjFo'
WHERE password_hash = 'pbkdf2$sha256$310000$Vd5Mh3XgZPZ4ozECQzmviA$YnzG8OAqy9bZE9ZmA2yT1RpUl0bbC0yA9LpYUO8LltQ';

ALTER TABLE employees
  MODIFY password_hash VARCHAR(255) NOT NULL DEFAULT 'pbkdf2$sha256$310000$QnXyjrpm0QzcGYLEPdunWg$CfR-CywGl1c_Omh_3PyOWPmo93EcbMY1FEjjd5MDjFo' COMMENT '员工登录密码哈希，禁止存储明文密码';

ALTER TABLE employees
  DROP INDEX uk_employees_store_active_phone,
  ADD UNIQUE KEY uk_employees_active_phone (active_phone);