Merge branch 'main' of ssh://git.ma-al.com:8822/goc_daniel/b2b into orders

2026-04-14 13:14:52 +02:00
parent 1f6d5ecb72 e5988a85f3
commit 604247b7c8
59 changed files with 1986 additions and 864 deletions
--- a/app/delivery/middleware/auth.go
+++ b/app/delivery/middleware/auth.go
@@ -10,7 +10,6 @@ import (
 	"git.ma-al.com/goc_daniel/b2b/app/model"
 	"git.ma-al.com/goc_daniel/b2b/app/service/authService"
 	constdata "git.ma-al.com/goc_daniel/b2b/app/utils/const_data"
-	"git.ma-al.com/goc_daniel/b2b/app/utils/localeExtractor"

 	"github.com/gofiber/fiber/v3"
 )
@@ -115,26 +114,6 @@ func AuthMiddleware() fiber.Handler {
 	}
 }

-// RequireAdmin creates admin-only middleware
-func RequireAdmin() fiber.Handler {
-	return func(c fiber.Ctx) error {
-		originalUserRole, ok := localeExtractor.GetOriginalUserRole(c)
-		if !ok {
-			return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{
-				"error": "not authenticated",
-			})
-		}
-
-		if model.CustomerRole(originalUserRole.Name) != model.RoleAdmin {
-			return c.Status(fiber.StatusForbidden).JSON(fiber.Map{
-				"error": "admin access required",
-			})
-		}
-
-		return c.Next()
-	}
-}
-
 // Webdav
 func Webdav() fiber.Handler {
 	authService := authService.NewAuthService()
--- a/app/delivery/middleware/permissions.go
+++ b/app/delivery/middleware/permissions.go
@@ -2,27 +2,27 @@ package middleware

 import (
 	"git.ma-al.com/goc_daniel/b2b/app/delivery/middleware/perms"
-	"git.ma-al.com/goc_daniel/b2b/app/model"
+	"git.ma-al.com/goc_daniel/b2b/app/utils/localeExtractor"
+	"git.ma-al.com/goc_daniel/b2b/app/utils/nullable"
+	"git.ma-al.com/goc_daniel/b2b/app/utils/response"
+	"git.ma-al.com/goc_daniel/b2b/app/utils/responseErrors"
 	"github.com/gofiber/fiber/v3"
 )

 func Require(p perms.Permission) fiber.Handler {
 	return func(c fiber.Ctx) error {
-		u := c.Locals("user")
-		if u == nil {
-			return c.SendStatus(fiber.StatusUnauthorized)
-		}
-
-		user, ok := u.(*model.UserSession)
+		user, ok := localeExtractor.GetCustomer(c)
 		if !ok {
-			return c.SendStatus(fiber.StatusInternalServerError)
+			return c.Status(responseErrors.GetErrorStatus(responseErrors.ErrInvalidBody)).
+				JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(c, responseErrors.ErrInvalidBody)))
 		}

-		for _, perm := range user.Permissions {
-			if perm == p {
+		for _, perm := range user.Role.Permissions {
+			if perm.Name == p {
 				return c.Next()
 			}
 		}
-		return c.SendStatus(fiber.StatusForbidden)
+		return c.Status(responseErrors.GetErrorStatus(responseErrors.ErrForbidden)).
+			JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(c, responseErrors.ErrForbidden)))
 	}
 }
--- a/app/delivery/middleware/perms/permissions.go
+++ b/app/delivery/middleware/perms/permissions.go
@@ -3,10 +3,22 @@ package perms
 type Permission string

 const (
+<<<<<<< HEAD
 	UserReadAny     Permission = "user.read.any"
 	UserWriteAny    Permission = "user.write.any"
 	UserDeleteAny   Permission = "user.delete.any"
 	CurrencyWrite   Permission = "currency.write"
 	ViewAllOrders   Permission = "orders.view"
 	ModifyAllOrders Permission = "orders.modify"
+=======
+	UserReadAny                 Permission = "user.read.any"
+	UserWriteAny                Permission = "user.write.any"
+	UserDeleteAny               Permission = "user.delete.any"
+	CurrencyWrite               Permission = "currency.write"
+	SpecificPriceManage         Permission = "specific_price.manage"
+	WebdavCreateToken           Permission = "webdav.create_token"
+	ProductTranslationSave      Permission = "product_translation.save"
+	ProductTranslationTranslate Permission = "product_translation.translate"
+	SearchCreateIndex           Permission = "search.create_index"
+>>>>>>> e5988a85f32e0b3324f6d9f48254355fbffd559e
 )