goc_daniel/b2b
2
0
Fork 0
Code Issues 7 Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'main' of ssh://git.ma-al.com:8822/goc_daniel/b2b into no-vat-customers

Browse Source
This commit is contained in:
Wiktor Dudzic
2026-04-15 11:14:40 +02:00
parent 8e063978a8 80a1314dc0
commit e31ecda582
6 changed files with 19 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/delivery/middleware/auth.go
View File

@@ -7,6 +7,7 @@ import (
"time"
"git.ma-al.com/goc_daniel/b2b/app/config"
"git.ma-al.com/goc_daniel/b2b/app/delivery/middleware/perms"
"git.ma-al.com/goc_daniel/b2b/app/model"
"git.ma-al.com/goc_daniel/b2b/app/service/authService"
constdata "git.ma-al.com/goc_daniel/b2b/app/utils/const_data"
@@ -68,7 +69,7 @@ func Authenticate() fiber.Handler {
}
// We now populate the target user
if model.CustomerRole(user.Role.Name) != model.RoleAdmin {
if !userLocale.OriginalUser.HasPermission(perms.Teleport) {
return c.Next()
}

1
app/delivery/middleware/perms/permissions.go
View File

@@ -14,4 +14,5 @@ const (
SearchCreateIndex Permission = "search.create_index"
OrdersViewAll Permission = "orders.view_all"
OrdersModifyAll Permission = "orders.modify_all"
Teleport Permission = "teleport"
)

12
app/delivery/web/api/restricted/customer.go
View File

@@ -31,7 +31,7 @@ func CustomerHandlerRoutes(r fiber.Router) fiber.Router {
handler := NewCustomerHandler()
r.Get("", handler.customerData)
r.Get("/list", handler.listCustomers)
r.Get("/list", middleware.Require(perms.UserReadAny), handler.listCustomers)
r.Patch("/no-vat", middleware.Require(perms.UserWriteAny), handler.setCustomerNoVatStatus)
return r
}
@@ -77,10 +77,6 @@ func (h *customerHandler) listCustomers(fc fiber.Ctx) error {
return fc.Status(responseErrors.GetErrorStatus(responseErrors.ErrBadAttribute)).
JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(fc, responseErrors.ErrBadAttribute)))
}
if !user.HasPermission(perms.UserReadAny) {
return fc.Status(fiber.StatusForbidden).
JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(fc, responseErrors.ErrForbidden)))
}
p, filt, err := query_params.ParseFilters[model.Customer](fc, columnMappingListUsers)
if err != nil {
@@ -89,12 +85,6 @@ func (h *customerHandler) listCustomers(fc fiber.Ctx) error {
}
search := fc.Query("search")
if search != "" {
if !user.HasPermission(perms.UserReadAny) {
return fc.Status(fiber.StatusForbidden).
JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(fc, responseErrors.ErrForbidden)))
}
}
customer, err := h.service.Find(user.LangID, p, filt, search)
if err != nil {