-- Optional reference schema for PostgreSQL (JPA ddl-auto=update is enabled by default)

create table if not exists sys_tenants (
  id uuid primary key,
  tenant_id varchar(100) not null unique,
  name varchar(255) not null,
  active boolean not null,
  created_at timestamp with time zone not null
);

create table if not exists sec_permissions (
  id uuid primary key,
  tenant_id varchar(100) not null,
  code varchar(100) not null,
  name varchar(255) not null,
  created_at timestamp with time zone,
  updated_at timestamp with time zone,
  created_by varchar(255),
  updated_by varchar(255),
  constraint sec_uk_permissions_tenant_code unique (tenant_id, code)
);

create table if not exists sec_roles (
  id uuid primary key,
  tenant_id varchar(100) not null,
  code varchar(100) not null,
  name varchar(255) not null,
  created_at timestamp with time zone,
  updated_at timestamp with time zone,
  created_by varchar(255),
  updated_by varchar(255),
  constraint sec_uk_roles_tenant_code unique (tenant_id, code)
);

create table if not exists sec_users (
  id uuid primary key,
  tenant_id varchar(100) not null,
  username varchar(100) not null,
  password varchar(255),
  auth_source varchar(20) not null default 'LOCAL',
  ldap_dn varchar(512),
  enabled boolean not null,
  created_at timestamp with time zone,
  updated_at timestamp with time zone,
  created_by varchar(255),
  updated_by varchar(255),
  constraint sec_uk_users_tenant_username unique (tenant_id, username)
);

create table if not exists sec_user_roles (
  user_id uuid not null references sec_users(id),
  role_id uuid not null references sec_roles(id),
  primary key (user_id, role_id)
);

create table if not exists sec_role_permissions (
  role_id uuid not null references sec_roles(id),
  permission_id uuid not null references sec_permissions(id),
  primary key (role_id, permission_id)
);

create table if not exists sec_user_ui_preferences (
  id uuid primary key,
  tenant_id varchar(100) not null,
  user_id uuid not null references sec_users(id),
  preference_key varchar(255) not null,
  value_json text not null,
  created_at timestamp with time zone,
  updated_at timestamp with time zone,
  created_by varchar(255),
  updated_by varchar(255),
  constraint sec_uk_user_ui_preferences unique (tenant_id, user_id, preference_key)
);
create index if not exists sec_idx_user_ui_preferences_tenant_user_updated on sec_user_ui_preferences (tenant_id, user_id, updated_at);
create index if not exists sec_idx_user_ui_preferences_tenant_user on sec_user_ui_preferences (tenant_id, user_id);
create index if not exists sec_idx_user_ui_preferences_user on sec_user_ui_preferences (user_id);

create table if not exists sec_refresh_tokens (
  id uuid primary key,
  tenant_id varchar(100) not null,
  user_id uuid not null references sec_users(id),
  token varchar(512) not null unique,
  expires_at timestamp with time zone not null,
  revoked boolean not null,
  created_at timestamp with time zone,
  updated_at timestamp with time zone,
  created_by varchar(255),
  updated_by varchar(255)
);

create table if not exists sys_system_modules (
  id uuid primary key,
  tenant_id varchar(100) not null,
  code varchar(100) not null,
  name varchar(255) not null,
  enabled boolean not null,
  created_at timestamp with time zone,
  updated_at timestamp with time zone,
  created_by varchar(255),
  updated_by varchar(255),
  constraint sys_uk_system_modules_tenant_code unique (tenant_id, code)
);

create table if not exists sys_approval_requests (
  id uuid primary key,
  tenant_id varchar(100) not null,
  resource_type varchar(255) not null,
  resource_id varchar(255) not null,
  payload text,
  status varchar(50) not null,
  required_steps integer not null,
  current_step integer not null,
  maker_username varchar(255) not null,
  created_at timestamp with time zone,
  updated_at timestamp with time zone,
  created_by varchar(255),
  updated_by varchar(255)
);

create table if not exists sys_approval_steps (
  id uuid primary key,
  tenant_id varchar(100) not null,
  request_id uuid not null references sys_approval_requests(id),
  step_order integer not null,
  checker_role varchar(255) not null,
  status varchar(50) not null,
  created_at timestamp with time zone,
  updated_at timestamp with time zone,
  created_by varchar(255),
  updated_by varchar(255)
);

create table if not exists sys_approval_history (
  id uuid primary key,
  tenant_id varchar(100) not null,
  request_id uuid not null references sys_approval_requests(id),
  action varchar(50) not null,
  actor_username varchar(255) not null,
  notes text,
  created_at timestamp with time zone,
  updated_at timestamp with time zone,
  created_by varchar(255),
  updated_by varchar(255)
);

create table if not exists sys_audit_trails (
  id uuid primary key,
  tenant_id varchar(100) not null,
  correlation_id varchar(100),
  actor varchar(255) not null,
  action varchar(100) not null,
  domain varchar(100),
  resource_type varchar(100),
  resource_id varchar(255),
  outcome varchar(20) not null,
  http_method varchar(20),
  request_path varchar(500),
  client_ip varchar(80),
  error_message varchar(1000),
  details text,
  before_state text,
  after_state text,
  created_at timestamp with time zone,
  updated_at timestamp with time zone,
  created_by varchar(255),
  updated_by varchar(255)
);

create index if not exists sys_idx_audit_tenant_created_on on sys_audit_trails (tenant_id, created_at);
create index if not exists sys_idx_audit_correlation on sys_audit_trails (correlation_id);
create index if not exists sys_idx_audit_actor on sys_audit_trails (actor);
create index if not exists sys_idx_audit_action on sys_audit_trails (action);