-- 025_owner_full_access.sql
--
-- The system-default Owner role enumerated per-resource wildcards
-- (server.*, wipe.*, players.*, ...). Every feature added since drift past that
-- enumeration: apikeys, webhooks, alerts, analytics, chat, schedules,
-- notifications, map, users, and ALL plugin-config modules (plus a singular
-- 'plugin.*' vs granted 'plugins.*' mismatch) were silently locked out for any
-- non-super-admin Owner — PermissionsGuard denies a permission the role doesn't
-- grant. The Owner has "full control of their license" by definition, so grant
-- a global wildcard instead of an enumeration that must be amended per feature.
--
-- PermissionsGuard and the frontend auth store both honor "*" as allow-all.
UPDATE roles
SET permissions = '{"*": true}'::jsonb
WHERE role_name = 'Owner' AND is_system_default = true;