feat: roles, permissions

app/delivery/middleware/auth.go

@@ -63,7 +63,7 @@ func AuthMiddleware() fiber.Handler {
 		// Set user in context
 		c.Locals(constdata.USER_LOCALES_NAME, user.ToSession())
 		c.Locals(constdata.USER_LOCALES_ID, user.ID)
-
+		c.Locals(constdata.LANG_LOCALES_ID, user.LangID)
 		return c.Next()
 	}
 }
@@ -85,7 +85,7 @@ func RequireAdmin() fiber.Handler {
 			})
 		}
 
-		if userSession.Role != model.RoleAdmin {
+		if model.CustomerRole(userSession.RoleName) != model.RoleAdmin {
 			return c.Status(fiber.StatusForbidden).JSON(fiber.Map{
 				"error": "admin access required",
 			})

app/delivery/middleware/permissions.go

@@ -0,0 +1,28 @@
+package middleware
+
+import (
+	"git.ma-al.com/goc_daniel/b2b/app/delivery/middleware/perms"
+	"git.ma-al.com/goc_daniel/b2b/app/model"
+	"github.com/gofiber/fiber/v3"
+)
+
+func Require(p perms.Permission) fiber.Handler {
+	return func(c fiber.Ctx) error {
+		u := c.Locals("user")
+		if u == nil {
+			return c.SendStatus(fiber.StatusUnauthorized)
+		}
+
+		user, ok := u.(*model.UserSession)
+		if !ok {
+			return c.SendStatus(fiber.StatusInternalServerError)
+		}
+
+		for _, perm := range user.Permissions {
+			if perm == p {
+				return c.Next()
+			}
+		}
+		return c.SendStatus(fiber.StatusForbidden)
+	}
+}

app/delivery/middleware/perms/permissions.go

@@ -0,0 +1,11 @@
+package perms
+
+type Permission string
+
+const (
+	UserRead      Permission = "user.read"
+	UserWrite     Permission = "user.write"
+	UserReadAny   Permission = "user.read.any"
+	UserWriteAny  Permission = "user.write.any"
+	UserDeleteAny Permission = "user.delete.any"
+)