From 01acb45320c9b114fb9e4421653f71686f30afd2 Mon Sep 17 00:00:00 2001
From: Mondo Diaz <armando.m.diaz@boeing.com>
Date: Thu, 29 Jan 2026 13:37:56 -0600
Subject: [PATCH] Fix purge_seed_data type mismatch for
 access_permissions.user_id (#107)

AccessPermission.user_id is VARCHAR (stores username), not UUID.
Changed to compare with user.username instead of user.id.
---
 CHANGELOG.md                   | 3 +++
 backend/app/purge_seed_data.py | 3 ++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d57ee72..0c07ef7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+### Fixed
+- Fixed purge_seed_data crash when deleting access permissions - was comparing UUID to VARCHAR column (#107)
+
 ### Changed
 - Upstream source connectivity test no longer follows redirects, fixing "Exceeded maximum allowed redirects" error with Artifactory proxies (#107)
 - Upstream sources table now has dedicated "Test" column with OK/Error status badges (#107)
diff --git a/backend/app/purge_seed_data.py b/backend/app/purge_seed_data.py
index 41e5c0c..b4f5698 100644
--- a/backend/app/purge_seed_data.py
+++ b/backend/app/purge_seed_data.py
@@ -194,7 +194,8 @@ def purge_seed_data(db: Session) -> dict:
             synchronize_session=False
         )
         # Delete any access permissions for this user
-        db.query(AccessPermission).filter(AccessPermission.user_id == user.id).delete(
+        # Note: AccessPermission.user_id is VARCHAR (username), not UUID
+        db.query(AccessPermission).filter(AccessPermission.user_id == user.username).delete(
             synchronize_session=False
         )
         db.delete(user)