most importantly: new category and filter on is_new

app/delivery/web/api/restricted/storage.go

@@ -4,7 +4,7 @@ import (
 	"strconv"
 
 	"git.ma-al.com/goc_daniel/b2b/app/config"
-	"git.ma-al.com/goc_daniel/b2b/app/model"
+	"git.ma-al.com/goc_daniel/b2b/app/delivery/middleware"
 	"git.ma-al.com/goc_daniel/b2b/app/service/storageService"
 	"git.ma-al.com/goc_daniel/b2b/app/utils/i18n"
 	"git.ma-al.com/goc_daniel/b2b/app/utils/localeExtractor"
@@ -34,7 +34,7 @@ func StorageHandlerRoutes(r fiber.Router) fiber.Router {
 	r.Get("/download-file/*", handler.DownloadFile)
 
 	// for admins only
-	r.Get("/create-new-webdav-token", handler.CreateNewWebdavToken)
+	r.Get("/create-new-webdav-token", middleware.Require("webdav.create_token"), handler.CreateNewWebdavToken)
 
 	return r
 }
@@ -84,12 +84,6 @@ func (h *StorageHandler) CreateNewWebdavToken(c fiber.Ctx) error {
 			JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(c, responseErrors.ErrInvalidBody)))
 	}
 
-	userRole, ok := localeExtractor.GetOriginalUserRole(c)
-	if !ok || model.CustomerRole(userRole.Name) != model.RoleAdmin {
-		return c.Status(responseErrors.GetErrorStatus(responseErrors.ErrAdminAccessRequired)).
-			JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(c, responseErrors.ErrAdminAccessRequired)))
-	}
-
 	new_token, err := h.storageService.NewWebdavToken(userID)
 	if err != nil {
 		return c.Status(responseErrors.GetErrorStatus(err)).