# Default User Role Update Summary

## Overview
Updated the default user role assignment across the CMS to use role_id 5 (User) instead of role_id 3, ensuring consistency with the clean roles and permissions structure.

## Changes Made

### 1. Controllers Updated

#### a. `backend/src/controllers/authController.js`
- **Line 162**: Changed default role from `role_id: role_id || 3` to `role_id: role_id || 5`
- **Purpose**: Ensures new user registrations get the correct "User" role with basic permissions

#### b. `backend/src/controllers/userController.js`
- **Line 104**: Changed default role from `role_id: role_id || 3` to `role_id: role_id || 5`
- **Purpose**: Ensures user creation endpoint uses correct default role

#### c. `backend/src/controllers/contactController.js`
- **Line 140**: Changed function parameter default from `role_id = 3` to `role_id = 5`
- **Line 229**: Changed fallback role from `contactData.role_id = 3` to `contactData.role_id = 5`
- **Purpose**: Ensures contact creation uses correct default user role

#### d. `backend/src/controllers/contactTreeController.js`
- **Line 251**: Updated role filter check from `contact.role_id === 3` to `contact.role_id === 5`
- **Line 309**: Updated role filter check from `node.role_id === 3` to `node.role_id === 5`
- **Purpose**: Ensures role filtering works correctly for user role

#### e. `backend/src/controllers/superAdminController.js`
- **Line 512**: Updated role filter check from `node.role_id === 3` to `node.role_id === 5`
- **Purpose**: Ensures super admin role filtering works correctly

### 2. Models Updated

#### a. `backend/src/models/Contact.js`
- **Line 47**: Changed function parameter default from `role_id = 3` to `role_id = 5`
- **Line 321**: Updated role filter condition from `u.role_id = 3` to `u.role_id = 5`
- **Line 483**: Updated role filter condition from `u.role_id = 5` to `u.role_id = 5`
- **Purpose**: Ensures contact model uses correct default user role

## Role Structure (Based on clean_and_rebuild_roles_permissions.js)

| Role ID | Role Name    | Level | Description |
|---------|--------------|-------|-------------|
| 1       | Super Admin  | 100   | Full system access and control |
| 2       | Admin        | 50    | Elevated privileges and management |
| 3       | Manager      | 30    | Departmental oversight and management |
| 4       | Officer      | 20    | Operational access and reporting |
| 5       | User         | 10    | Standard access and basic permissions |

## Permissions for User Role (ID: 5)

The User role includes 33 basic permissions:
- `user.read`
- `unit.read`, `department.read`, `designation.read`, `rank.read`
- `contact.read`
- `message.create`, `message.read`, `message.update`, `message.delete`
- `conversation.create`, `conversation.read`, `conversation.update`
- `notification.read`, `notification.update`
- `feedback.create`, `feedback.read`
- `dashboard.view`
- `file.upload`, `file.download`
- `profile.read`, `profile.update`, `profile.change_password`
- `settings.access`, `settings.profile`, `settings.security`, `settings.notifications`, `settings.privacy`, `settings.preferences`
- `directory.access`, `directory.search`
- `conversations.access`
- `individual_messaging.access`, `individual_messaging.send`
- `feedback_form.access`, `feedback_form.submit`
- `profile_page.access`, `profile_page.edit`, `profile_page.change_avatar`

## Impact on Organizations

### Multi-Organization Support
- **Global Roles**: Roles and permissions remain global (shared across all organizations)
- **User Assignment**: Users in ALL organizations now get role_id 5 (User) by default
- **Data Isolation**: Each organization's data remains isolated through `organization_id` column
- **Consistent Permissions**: All new users across different organizations receive the same basic User permissions

### Example Usage
```javascript
// Organization 1 (Bangladesh Navy)
const user1 = await User.create({
  name: 'Naval Officer',
  organization_id: 1,
  role_id: undefined, // Defaults to 5 (User)
  // ... other fields
});

// Organization 2 (Bangladesh Army)
const user2 = await User.create({
  name: 'Army Officer',
  organization_id: 2,
  role_id: undefined, // Defaults to 5 (User)
  // ... other fields
});

// Both users get the same User role (ID: 5) with basic permissions
// But they can only access data from their respective organizations
```

## Testing Recommendations

1. **Create New Users**: Test user creation in different organizations
2. **Verify Permissions**: Ensure new users have correct basic permissions
3. **Role Filtering**: Test role filtering functionality in contact tree and search
4. **Statistics**: Verify statistics queries count users correctly
5. **Cross-Organization**: Ensure users in different organizations maintain data isolation

## Notes

- Statistics queries (using `SUM(CASE WHEN role_id = 3...)`) were NOT updated as they count existing data
- If you need to update existing users from role_id 3 to role_id 5, run a database migration
- Consider running `clean_and_rebuild_roles_permissions.js` to ensure role structure is correct

## Database Migration (Optional)

If you want to update existing users with role_id 3 to role_id 5:

```sql
-- Update existing users with role_id 3 to role_id 5
UPDATE users 
SET role_id = 5 
WHERE role_id = 3 
AND is_active = 1;

-- Verify the update
SELECT COUNT(*) as user_count 
FROM users 
WHERE role_id = 5 AND is_active = 1;
```

## Files Modified

1. `backend/src/controllers/authController.js`
2. `backend/src/controllers/userController.js`
3. `backend/src/controllers/contactController.js`
4. `backend/src/controllers/contactTreeController.js`
5. `backend/src/controllers/superAdminController.js`
6. `backend/src/models/Contact.js`

## Next Steps

1. Restart the backend server to apply changes
2. Test user creation in multiple organizations
3. Verify permissions are correctly assigned
4. Optionally run database migration to update existing users
5. Update any frontend code that references role_id 3 as "User"

