fix(masterdata): MASTERDATA-Permissions und JSON-Serialisierung der REST-Responses

MASTERDATA_READ/WRITE fehlten im Permission-Enum und in den Rollen-Seed-Daten,
dadurch bekam der Admin bei allen Stammdaten-Schreiboperationen Access Denied.

Die Masterdata-Controller gaben Domain-Objekte direkt als JSON zurück, die von
Jackson nicht serialisiert werden konnten (method-style Accessors statt JavaBean-
Getter). Response-DTOs als Records eingeführt, die Domain-Objekte in flache
JSON-Strukturen mappen. Frontend-Mapping-Layer entfernt, da Backend-Responses
jetzt 1:1 die erwarteten Feldnamen liefern.

backend/src/main/resources/db/changelog/changes/008-add-masterdata-permissions.sql

@@ -0,0 +1,30 @@
+-- Add MASTERDATA_READ and MASTERDATA_WRITE permissions to relevant roles.
+-- These permissions are required by the Masterdata BC controllers
+-- (ArticleController, ProductCategoryController, SupplierController, CustomerController).
+
+-- ADMIN gets both READ and WRITE
+INSERT INTO role_permissions (role_id, permission) VALUES
+    ('c0a80121-0000-0000-0000-000000000001', 'MASTERDATA_READ'),
+    ('c0a80121-0000-0000-0000-000000000001', 'MASTERDATA_WRITE');
+
+-- PROCUREMENT_MANAGER gets both (manages suppliers, articles)
+INSERT INTO role_permissions (role_id, permission) VALUES
+    ('c0a80121-0000-0000-0000-000000000006', 'MASTERDATA_READ'),
+    ('c0a80121-0000-0000-0000-000000000006', 'MASTERDATA_WRITE');
+
+-- SALES_MANAGER gets both (manages customers)
+INSERT INTO role_permissions (role_id, permission) VALUES
+    ('c0a80121-0000-0000-0000-000000000008', 'MASTERDATA_READ'),
+    ('c0a80121-0000-0000-0000-000000000008', 'MASTERDATA_WRITE');
+
+-- PRODUCTION_MANAGER gets READ (needs to view articles, categories)
+INSERT INTO role_permissions (role_id, permission) VALUES
+    ('c0a80121-0000-0000-0000-000000000002', 'MASTERDATA_READ');
+
+-- WAREHOUSE_WORKER gets READ (needs to view articles)
+INSERT INTO role_permissions (role_id, permission) VALUES
+    ('c0a80121-0000-0000-0000-000000000007', 'MASTERDATA_READ');
+
+-- SALES_STAFF gets READ (needs to view articles, customers)
+INSERT INTO role_permissions (role_id, permission) VALUES
+    ('c0a80121-0000-0000-0000-000000000009', 'MASTERDATA_READ');

backend/src/main/resources/db/changelog/changes/008-add-masterdata-permissions.xml

@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<databaseChangeLog
+        xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
+        http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-latest.xsd">
+
+    <changeSet id="008-add-masterdata-permissions" author="effigenix">
+        <sqlFile path="db/changelog/changes/008-add-masterdata-permissions.sql"/>
+    </changeSet>
+
+</databaseChangeLog>

backend/src/main/resources/db/changelog/db.changelog-master.xml

@@ -12,5 +12,6 @@
     <include file="db/changelog/changes/005-create-masterdata-schema.xml"/>
     <include file="db/changelog/changes/006-create-supplier-schema.xml"/>
     <include file="db/changelog/changes/007-create-customer-schema.xml"/>
+    <include file="db/changelog/changes/008-add-masterdata-permissions.xml"/>
 
 </databaseChangeLog>