Fixes #5083 - Upgrade from `< 3.6` to `>= 3.6` breaks Roles chat permission.

Co-authored-by: Florian Liebe <fl@zammad.com>

db/migrate/20240321081409_issue5083_chat_permission.rb

@@ -0,0 +1,18 @@
+# Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
+
+class Issue5083ChatPermission < ActiveRecord::Migration[7.0]
+  def change
+    # return if it's a new setup
+    return if !Setting.exists?(name: 'system_init_done')
+
+    parent_chat_permission = Permission.find_by(name: 'chat')
+    chat_permissions       = Permission.where("name LIKE 'chat.%'")
+
+    Role.find_each do |role|
+      next if role.permissions.exclude?(parent_chat_permission)
+
+      role.permissions -= [parent_chat_permission]
+      role.permissions += chat_permissions
+    end
+  end
+end

spec/db/migrate/issue_5083_chat_permission_spec.rb

@@ -0,0 +1,45 @@
+# Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
+
+require 'rails_helper'
+
+RSpec.describe Issue5083ChatPermission, type: :db_migration do
+  let(:role_with_chat_permission)    { create(:role) }
+  let(:role_without_chat_permission) { create(:role) }
+
+  before do
+
+    # undisable chat permission
+    Permission.create_or_update(
+      name:        'chat',
+      note:        __('Access to %s'),
+      preferences: {
+        translations: [__('Chat')],
+      },
+    )
+
+    role_with_chat_permission.permissions << Permission.find_by(name: 'chat')
+    role_without_chat_permission
+
+    # reset original state
+    Permission.create_or_update(
+      name:        'chat',
+      note:        __('Access to %s'),
+      preferences: {
+        translations: [__('Chat')],
+        disabled:     true,
+      },
+    )
+
+    migrate
+  end
+
+  it 'does migrate role with chat permission', :aggregate_failures do
+    expect(role_with_chat_permission.reload.permissions).not_to include(Permission.find_by(name: 'chat'))
+    expect(role_with_chat_permission.reload.permissions).to include(Permission.find_by(name: 'chat.agent'))
+  end
+
+  it 'does not touch role without chat permission', :aggregate_failures do
+    expect(role_without_chat_permission.reload.permissions).not_to include(Permission.find_by(name: 'chat'))
+    expect(role_without_chat_permission.reload.permissions).not_to include(Permission.find_by(name: 'chat.agent'))
+  end
+end