feat: roles, permissions

2026-04-02 15:06:00 +02:00
parent 6428ddb527
commit 0ed9d792b6
22 changed files with 391 additions and 80 deletions
--- a/app/service/authService/auth.go
+++ b/app/service/authService/auth.go
@@ -23,13 +23,13 @@ import (

 // JWTClaims represents the JWT claims
 type JWTClaims struct {
-	UserID    uint               `json:"user_id"`
-	Email     string             `json:"email"`
-	Username  string             `json:"username"`
-	Role      model.CustomerRole `json:"customer_role"`
-	CartsIDs  []uint             `json:"carts_ids"`
-	LangID    uint               `json:"lang_id"`
-	CountryID uint               `json:"country_id"`
+	UserID    uint   `json:"user_id"`
+	Email     string `json:"email"`
+	Username  string `json:"username"`
+	Role      string `json:"customer_role"`
+	CartsIDs  []uint `json:"carts_ids"`
+	LangID    uint   `json:"lang_id"`
+	CountryID uint   `json:"country_id"`
 	jwt.RegisteredClaims
 }

@@ -59,7 +59,7 @@ func (s *AuthService) Login(req *model.LoginRequest) (*model.AuthResponse, strin
 	var user model.Customer

 	// Find user by email
-	if err := s.db.Where("email = ?", req.Email).First(&user).Error; err != nil {
+	if err := s.db.Preload("Role.Permissions").Where("email = ?", req.Email).First(&user).Error; err != nil {
 		if errors.Is(err, gorm.ErrRecordNotFound) {
 			return nil, "", responseErrors.ErrInvalidCredentials
 		}
@@ -144,7 +144,7 @@ func (s *AuthService) Register(req *model.RegisterRequest) error {
 		Password:                 string(hashedPassword),
 		FirstName:                req.FirstName,
 		LastName:                 req.LastName,
-		Role:                     model.RoleUser,
+		Role:                     model.Role{},
 		Provider:                 model.ProviderLocal,
 		IsActive:                 false,
 		EmailVerified:            false,
@@ -422,7 +422,7 @@ func (s *AuthService) RevokeAllRefreshTokens(userID uint) {
 // GetUserByID retrieves a user by ID
 func (s *AuthService) GetUserByID(userID uint) (*model.Customer, error) {
 	var user model.Customer
-	if err := s.db.First(&user, userID).Error; err != nil {
+	if err := s.db.Preload("Role.Permissions").First(&user, userID).Error; err != nil {
 		if errors.Is(err, gorm.ErrRecordNotFound) {
 			return nil, responseErrors.ErrUserNotFound
 		}
@@ -489,7 +489,7 @@ func (s *AuthService) generateAccessToken(user *model.Customer) (string, error)
 		UserID:    user.ID,
 		Email:     user.Email,
 		Username:  user.Email,
-		Role:      user.Role,
+		Role:      user.Role.Name,
 		CartsIDs:  []uint{},
 		LangID:    user.LangID,
 		CountryID: user.CountryID,
--- a/app/service/authService/google_oauth.go
+++ b/app/service/authService/google_oauth.go
@@ -150,7 +150,7 @@ func (s *AuthService) findOrCreateGoogleUser(info *view.GoogleUserInfo) (*model.
 		Provider:      model.ProviderGoogle,
 		ProviderID:    info.ID,
 		AvatarURL:     info.Picture,
-		Role:          model.RoleUser,
+		Role:          model.Role{},
 		IsActive:      true,
 		EmailVerified: true,
 		LangID:        2, // default is english