-- Run this once in the central auth database if trusted_devices_manage permission is not already available.
SET @access_program_id := (SELECT id FROM programs WHERE program_code='ACCESS_DASHBOARD' LIMIT 1);

INSERT INTO permissions (program_id, permission_key, permission_name, permission_group, sort_order, is_active, created_at, updated_at)
VALUES (@access_program_id, 'trusted_devices_manage', 'Manage Trusted Devices', 'Security', 420, 1, NOW(), NOW())
ON DUPLICATE KEY UPDATE
    permission_name = VALUES(permission_name),
    permission_group = VALUES(permission_group),
    sort_order = VALUES(sort_order),
    is_active = 1,
    updated_at = NOW();

-- Give Super Admin role this permission.
INSERT IGNORE INTO role_permissions (role_id, permission_id)
SELECT r.id, p.id
FROM roles r
INNER JOIN permissions p ON p.permission_key='trusted_devices_manage'
INNER JOIN programs pr ON pr.id=p.program_id AND pr.program_code='ACCESS_DASHBOARD'
WHERE r.role_key='super_admin';