Merge pull request 'is_oem' (#72) from is_oem into main

Reviewed-on: #72
Reviewed-by: Wiktor Dudzic <dudzic_wiktor@ma-al.com>

app/delivery/middleware/auth.go

@@ -7,17 +7,18 @@ import (
 	"time"
 
 	"git.ma-al.com/goc_daniel/b2b/app/config"
+	"git.ma-al.com/goc_daniel/b2b/app/delivery/middleware/perms"
 	"git.ma-al.com/goc_daniel/b2b/app/model"
 	"git.ma-al.com/goc_daniel/b2b/app/service/authService"
 	constdata "git.ma-al.com/goc_daniel/b2b/app/utils/const_data"
+	"git.ma-al.com/goc_daniel/b2b/app/utils/localeExtractor"
 
 	"github.com/gofiber/fiber/v3"
 )
 
 // AuthMiddleware creates authentication middleware
-func AuthMiddleware() fiber.Handler {
+func Authenticate() fiber.Handler {
 	authService := authService.NewAuthService()
-
 	return func(c fiber.Ctx) error {
 		// Get token from Authorization header
 		authHeader := c.Get("Authorization")
@@ -25,17 +26,13 @@ func AuthMiddleware() fiber.Handler {
 			// Try to get from cookie
 			authHeader = c.Cookies("access_token")
 			if authHeader == "" {
-				return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{
+				return c.Next()
-					"error": "authorization token required",
-				})
 			}
 		} else {
 			// Extract token from "Bearer <token>"
 			parts := strings.Split(authHeader, " ")
 			if len(parts) != 2 || parts[0] != "Bearer" {
-				return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{
+				return c.Next()
-					"error": "invalid authorization header format",
-				})
 			}
 			authHeader = parts[1]
 		}
@@ -43,24 +40,18 @@ func AuthMiddleware() fiber.Handler {
 		// Validate token
 		claims, err := authService.ValidateToken(authHeader)
 		if err != nil {
-			return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{
+			return c.Next()
-				"error": "invalid or expired token",
-			})
 		}
 
 		// Get user from database
 		user, err := authService.GetUserByID(claims.UserID)
 		if err != nil {
-			return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{
+			return c.Next()
-				"error": "user not found",
-			})
 		}
 
 		// Check if user is active
 		if !user.IsActive {
-			return c.Status(fiber.StatusForbidden).JSON(fiber.Map{
+			return c.Next()
-				"error": "user account is inactive",
-			})
 		}
 
 		// Create locale. LangID is overwritten by auth Token
@@ -78,10 +69,8 @@ func AuthMiddleware() fiber.Handler {
 		}
 
 		// We now populate the target user
-		if model.CustomerRole(user.Role.Name) != model.RoleAdmin {
+		if !userLocale.OriginalUser.HasPermission(perms.Teleport) {
-			return c.Status(fiber.StatusForbidden).JSON(fiber.Map{
+			return c.Next()
-				"error": "admin access required",
-			})
 		}
 
 		targetUserID, err := strconv.Atoi(targetUserIDAttribute)
@@ -114,6 +103,18 @@ func AuthMiddleware() fiber.Handler {
 	}
 }
 
+func Authorize() fiber.Handler {
+	return func(c fiber.Ctx) error {
+		_, ok := localeExtractor.GetUserID(c)
+		if !ok {
+			return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{
+				"error": "not authenticated",
+			})
+		}
+		return c.Next()
+	}
+}
+
 // Webdav
 func Webdav() fiber.Handler {
 	authService := authService.NewAuthService()

app/delivery/middleware/perms/permissions.go

@@ -14,4 +14,5 @@ const (
 	SearchCreateIndex           Permission = "search.create_index"
 	OrdersViewAll               Permission = "orders.view_all"
 	OrdersModifyAll             Permission = "orders.modify_all"
+	Teleport                    Permission = "teleport"
 )

app/delivery/web/api/public/auth.go

@@ -49,7 +49,7 @@ func AuthHandlerRoutes(r fiber.Router) fiber.Router {
 	r.Get("/google", handler.GoogleLogin)
 	r.Get("/google/callback", handler.GoogleCallback)
 
-	authProtected := r.Group("", middleware.AuthMiddleware())
+	authProtected := r.Group("", middleware.Authorize())
 	authProtected.Get("/me", handler.Me)
 	authProtected.Post("/update-choice", handler.UpdateJWTToken)
 

app/delivery/web/api/public/routing.go

@@ -2,6 +2,7 @@ package public
 
 import (
 	"git.ma-al.com/goc_daniel/b2b/app/service/menuService"
+	constdata "git.ma-al.com/goc_daniel/b2b/app/utils/const_data"
 	"git.ma-al.com/goc_daniel/b2b/app/utils/i18n"
 	"git.ma-al.com/goc_daniel/b2b/app/utils/localeExtractor"
 	"git.ma-al.com/goc_daniel/b2b/app/utils/nullable"
@@ -31,12 +32,21 @@ func RoutingHandlerRoutes(r fiber.Router) fiber.Router {
 }
 
 func (h *RoutingHandler) GetRouting(c fiber.Ctx) error {
-	lang_id, ok := localeExtractor.GetLangID(c)
+	langId, ok := localeExtractor.GetLangID(c)
 	if !ok {
-		return c.Status(responseErrors.GetErrorStatus(responseErrors.ErrBadAttribute)).
+		return c.Status(responseErrors.GetErrorStatus(responseErrors.ErrInvalidBody)).
-			JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(c, responseErrors.ErrBadAttribute)))
+			JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(c, responseErrors.ErrInvalidBody)))
 	}
-	menu, err := h.menuService.GetRoutes(lang_id)
+
+	var roleId uint
+	customer, ok := localeExtractor.GetCustomer(c)
+	if !ok {
+		roleId = constdata.UNLOGGED_USER_ROLE_ID
+	} else {
+		roleId = customer.RoleID
+	}
+
+	menu, err := h.menuService.GetRoutes(langId, roleId)
 	if err != nil {
 		return c.Status(responseErrors.GetErrorStatus(err)).
 			JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(c, err)))

app/delivery/web/api/restricted/carts.go

@@ -29,10 +29,12 @@ func CartsHandlerRoutes(r fiber.Router) fiber.Router {
 	handler := NewCartsHandler()
 
 	r.Get("/add-new-cart", handler.AddNewCart)
+	r.Delete("/remove-cart", handler.RemoveCart)
 	r.Get("/change-cart-name", handler.ChangeCartName)
 	r.Get("/retrieve-carts-info", handler.RetrieveCartsInfo)
 	r.Get("/retrieve-cart", handler.RetrieveCart)
 	r.Get("/add-product-to-cart", handler.AddProduct)
+	r.Delete("/remove-product-from-cart", handler.RemoveProduct)
 
 	return r
 }
@@ -44,7 +46,8 @@ func (h *CartsHandler) AddNewCart(c fiber.Ctx) error {
 			JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(c, responseErrors.ErrInvalidBody)))
 	}
 
-	new_cart, err := h.cartsService.CreateNewCart(userID)
+	name := c.Query("name")
+	new_cart, err := h.cartsService.CreateNewCart(userID, name)
 	if err != nil {
 		return c.Status(responseErrors.GetErrorStatus(err)).
 			JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(c, err)))
@@ -53,6 +56,29 @@ func (h *CartsHandler) AddNewCart(c fiber.Ctx) error {
 	return c.JSON(response.Make(&new_cart, 0, i18n.T_(c, response.Message_OK)))
 }
 
+func (h *CartsHandler) RemoveCart(c fiber.Ctx) error {
+	userID, ok := localeExtractor.GetUserID(c)
+	if !ok {
+		return c.Status(responseErrors.GetErrorStatus(responseErrors.ErrInvalidBody)).
+			JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(c, responseErrors.ErrInvalidBody)))
+	}
+
+	cart_id_attribute := c.Query("cart_id")
+	cart_id, err := strconv.Atoi(cart_id_attribute)
+	if err != nil {
+		return c.Status(responseErrors.GetErrorStatus(responseErrors.ErrBadAttribute)).
+			JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(c, responseErrors.ErrBadAttribute)))
+	}
+
+	err = h.cartsService.RemoveCart(userID, uint(cart_id))
+	if err != nil {
+		return c.Status(responseErrors.GetErrorStatus(err)).
+			JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(c, err)))
+	}
+
+	return c.JSON(response.Make(nullable.GetNil(""), 0, i18n.T_(c, response.Message_OK)))
+}
+
 func (h *CartsHandler) ChangeCartName(c fiber.Ctx) error {
 	userID, ok := localeExtractor.GetUserID(c)
 	if !ok {
@@ -117,6 +143,7 @@ func (h *CartsHandler) RetrieveCart(c fiber.Ctx) error {
 	return c.JSON(response.Make(cart, 0, i18n.T_(c, response.Message_OK)))
 }
 
+// adds or sets given amount of products to the cart
 func (h *CartsHandler) AddProduct(c fiber.Ctx) error {
 	userID, ok := localeExtractor.GetUserID(c)
 	if !ok {
@@ -159,7 +186,59 @@ func (h *CartsHandler) AddProduct(c fiber.Ctx) error {
 			JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(c, responseErrors.ErrBadAttribute)))
 	}
 
-	err = h.cartsService.AddProduct(userID, uint(cart_id), uint(product_id), product_attribute_id, uint(amount))
+	set_amount_attribute := c.Query("set_amount")
+	set_amount, err := strconv.ParseBool(set_amount_attribute)
+	if err != nil {
+		return c.Status(responseErrors.GetErrorStatus(responseErrors.ErrBadAttribute)).
+			JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(c, responseErrors.ErrBadAttribute)))
+	}
+
+	err = h.cartsService.AddProduct(userID, uint(cart_id), uint(product_id), product_attribute_id, amount, set_amount)
+	if err != nil {
+		return c.Status(responseErrors.GetErrorStatus(err)).
+			JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(c, err)))
+	}
+
+	return c.JSON(response.Make(nullable.GetNil(""), 0, i18n.T_(c, response.Message_OK)))
+}
+
+// removes product from the cart.
+func (h *CartsHandler) RemoveProduct(c fiber.Ctx) error {
+	userID, ok := localeExtractor.GetUserID(c)
+	if !ok {
+		return c.Status(responseErrors.GetErrorStatus(responseErrors.ErrInvalidBody)).
+			JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(c, responseErrors.ErrInvalidBody)))
+	}
+
+	cart_id_attribute := c.Query("cart_id")
+	cart_id, err := strconv.Atoi(cart_id_attribute)
+	if err != nil {
+		return c.Status(responseErrors.GetErrorStatus(responseErrors.ErrBadAttribute)).
+			JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(c, responseErrors.ErrBadAttribute)))
+	}
+
+	product_id_attribute := c.Query("product_id")
+	product_id, err := strconv.Atoi(product_id_attribute)
+	if err != nil {
+		return c.Status(responseErrors.GetErrorStatus(responseErrors.ErrBadAttribute)).
+			JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(c, responseErrors.ErrBadAttribute)))
+	}
+
+	product_attribute_id_attribute := c.Query("product_attribute_id")
+	var product_attribute_id *uint
+	if product_attribute_id_attribute == "" {
+		product_attribute_id = nil
+	} else {
+		val, err := strconv.Atoi(product_attribute_id_attribute)
+		if err != nil {
+			return c.Status(responseErrors.GetErrorStatus(responseErrors.ErrBadAttribute)).
+				JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(c, responseErrors.ErrBadAttribute)))
+		}
+		uval := uint(val)
+		product_attribute_id = &uval
+	}
+
+	err = h.cartsService.RemoveProduct(userID, uint(cart_id), uint(product_id), product_attribute_id)
 	if err != nil {
 		return c.Status(responseErrors.GetErrorStatus(err)).
 			JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(c, err)))

app/delivery/web/api/restricted/customer.go

@@ -3,6 +3,7 @@ package restricted
 import (
 	"strconv"
 
+	"git.ma-al.com/goc_daniel/b2b/app/delivery/middleware"
 	"git.ma-al.com/goc_daniel/b2b/app/delivery/middleware/perms"
 	"git.ma-al.com/goc_daniel/b2b/app/model"
 	"git.ma-al.com/goc_daniel/b2b/app/service/customerService"
@@ -30,7 +31,8 @@ func CustomerHandlerRoutes(r fiber.Router) fiber.Router {
 	handler := NewCustomerHandler()
 
 	r.Get("", handler.customerData)
-	r.Get("/list", handler.listCustomers)
+	r.Get("/list", middleware.Require(perms.UserReadAny), handler.listCustomers)
+	r.Patch("/no-vat", middleware.Require(perms.UserWriteAny), handler.setCustomerNoVatStatus)
 	return r
 }
 
@@ -75,10 +77,6 @@ func (h *customerHandler) listCustomers(fc fiber.Ctx) error {
 		return fc.Status(responseErrors.GetErrorStatus(responseErrors.ErrBadAttribute)).
 			JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(fc, responseErrors.ErrBadAttribute)))
 	}
-	if !user.HasPermission(perms.UserReadAny) {
-		return fc.Status(fiber.StatusForbidden).
-			JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(fc, responseErrors.ErrForbidden)))
-	}
 
 	p, filt, err := query_params.ParseFilters[model.Customer](fc, columnMappingListUsers)
 	if err != nil {
@@ -87,12 +85,6 @@ func (h *customerHandler) listCustomers(fc fiber.Ctx) error {
 	}
 
 	search := fc.Query("search")
-	if search != "" {
-		if !user.HasPermission(perms.UserReadAny) {
-			return fc.Status(fiber.StatusForbidden).
-				JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(fc, responseErrors.ErrForbidden)))
-		}
-	}
 
 	customer, err := h.service.Find(user.LangID, p, filt, search)
 	if err != nil {
@@ -109,3 +101,28 @@ var columnMappingListUsers map[string]string = map[string]string{
 	"first_name": "users.first_name",
 	"last_name":  "users.last_name",
 }
+
+func (h *customerHandler) setCustomerNoVatStatus(fc fiber.Ctx) error {
+	user, ok := localeExtractor.GetCustomer(fc)
+	if !ok || user == nil {
+		return fc.Status(responseErrors.GetErrorStatus(responseErrors.ErrInvalidBody)).
+			JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(fc, responseErrors.ErrInvalidBody)))
+	}
+
+	var req struct {
+		CustomerID uint `json:"customer_id"`
+		IsNoVat    bool `json:"is_no_vat"`
+	}
+
+	if err := fc.Bind().Body(&req); err != nil {
+		return fc.Status(responseErrors.GetErrorStatus(responseErrors.ErrJSONBody)).
+			JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(fc, responseErrors.ErrJSONBody)))
+	}
+
+	if err := h.service.SetCustomerNoVatStatus(req.CustomerID, req.IsNoVat); err != nil {
+		return fc.Status(responseErrors.GetErrorStatus(err)).
+			JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(fc, err)))
+	}
+
+	return fc.JSON(response.Make(nullable.GetNil(""), 0, i18n.T_(fc, response.Message_OK)))
+}

app/delivery/web/api/restricted/product.go

@@ -112,6 +112,7 @@ var columnMappingListProducts map[string]string = map[string]string{
 	"quantity":    "bp.quantity",
 	"is_favorite": "bp.is_favorite",
 	"is_new":      "bp.is_new",
+	"is_oem":      "bp.is_oem",
 }
 
 func (h *ProductsHandler) AddToFavorites(c fiber.Ctx) error {

app/delivery/web/init.go

@@ -86,9 +86,10 @@ func (s *Server) Setup() error {
 
 	// API routes
 	s.api = s.app.Group("/api/v1")
+	s.api.Use(middleware.Authenticate())
 	s.public = s.api.Group("/public")
 	s.restricted = s.api.Group("/restricted")
-	s.restricted.Use(middleware.AuthMiddleware())
+	s.restricted.Use(middleware.Authorize())
 	s.webdav = s.api.Group("/webdav")
 	s.webdav.Use(middleware.Webdav())
 

app/model/customer.go

@@ -35,6 +35,7 @@ type Customer struct {
 	CreatedAt                time.Time      `json:"created_at"`
 	UpdatedAt                time.Time      `json:"updated_at"`
 	DeletedAt                gorm.DeletedAt `gorm:"index" json:"-"`
+	IsNoVat                  bool           `gorm:"default:false" json:"is_no_vat"`
 }
 
 func (u *Customer) HasPermission(permission perms.Permission) bool {

app/model/product.go

@@ -12,7 +12,8 @@ type ProductInList struct {
 	PriceTaxExcl   float64 `gorm:"column:price_tax_excl" json:"price_tax_excl"`
 	PriceTaxIncl   float64 `gorm:"column:price_tax_incl" json:"price_tax_incl"`
 	IsFavorite     bool    `gorm:"column:is_favorite" json:"is_favorite"`
-	IsNew          uint    `gorm:"column:is_new" json:"is_new"`
+	IsNew          bool    `gorm:"column:is_new" json:"is_new"`
+	IsOEM          bool    `gorm:"column:is_oem" json:"is_oem"`
 }
 
 type ProductFilters struct {

app/model/routing.go

@@ -7,7 +7,6 @@ type Route struct {
 	Component string  `gorm:"type:varchar(255);not null;comment:path to component file" json:"component"`
 	Meta      *string `gorm:"type:longtext;default:'{}'" json:"meta,omitempty"`
 	Active    *bool   `gorm:"type:tinyint;default:1" json:"active,omitempty"`
-	SortOrder *int    `gorm:"type:int;default:0" json:"sort_order,omitempty"`
 }
 
 func (Route) TableName() string {

app/repos/cartsRepo/cartsRepo.go

@@ -1,21 +1,26 @@
 package cartsRepo
 
 import (
+	"errors"
+
 	"git.ma-al.com/goc_daniel/b2b/app/db"
 	"git.ma-al.com/goc_daniel/b2b/app/model"
 	constdata "git.ma-al.com/goc_daniel/b2b/app/utils/const_data"
+	"git.ma-al.com/goc_daniel/b2b/app/utils/responseErrors"
+	"gorm.io/gorm"
 )
 
 type UICartsRepo interface {
 	CartsAmount(user_id uint) (uint, error)
-	CreateNewCart(user_id uint) (model.CustomerCart, error)
+	CreateNewCart(user_id uint, name string) (model.CustomerCart, error)
 	RemoveCart(user_id uint, cart_id uint) error
 	UserHasCart(user_id uint, cart_id uint) (bool, error)
 	UpdateCartName(user_id uint, cart_id uint, new_name string) error
 	RetrieveCartsInfo(user_id uint) ([]model.CustomerCart, error)
 	RetrieveCart(user_id uint, cart_id uint) (*model.CustomerCart, error)
 	CheckProductExists(product_id uint, product_attribute_id *uint) (bool, error)
-	AddProduct(user_id uint, cart_id uint, product_id uint, product_attribute_id *uint, amount uint) error
+	AddProduct(cart_id uint, product_id uint, product_attribute_id *uint, amount uint, set_amount bool) error
+	RemoveProduct(cart_id uint, product_id uint, product_attribute_id *uint) error
 }
 
 type CartsRepo struct{}
@@ -37,10 +42,7 @@ func (repo *CartsRepo) CartsAmount(user_id uint) (uint, error) {
 	return amt, err
 }
 
-func (repo *CartsRepo) CreateNewCart(user_id uint) (model.CustomerCart, error) {
+func (repo *CartsRepo) CreateNewCart(user_id uint, name string) (model.CustomerCart, error) {
-	var name string
-	name = constdata.DEFAULT_NEW_CART_NAME
-
 	cart := model.CustomerCart{
 		UserID: user_id,
 		Name:   &name,
@@ -129,14 +131,61 @@ func (repo *CartsRepo) CheckProductExists(product_id uint, product_attribute_id
 	}
 }
 
-func (repo *CartsRepo) AddProduct(user_id uint, cart_id uint, product_id uint, product_attribute_id *uint, amount uint) error {
+func (repo *CartsRepo) AddProduct(cart_id uint, product_id uint, product_attribute_id *uint, amount uint, set_amount bool) error {
-	product := model.CartProduct{
+	var product model.CartProduct
+
+	err := db.DB.
+		Where(&model.CartProduct{
+			CartID:             cart_id,
+			ProductID:          product_id,
+			ProductAttributeID: product_attribute_id,
+		}).
+		First(&product).Error
+
+	if err != nil {
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			if amount < 1 {
+				return responseErrors.ErrAmountMustBePositive
+			} else if amount > constdata.MAX_AMOUNT_OF_PRODUCT_IN_CART {
+				return responseErrors.ErrAmountMustBeReasonable
+			}
+
+			product = model.CartProduct{
 				CartID:             cart_id,
 				ProductID:          product_id,
 				ProductAttributeID: product_attribute_id,
 				Amount:             amount,
 			}
-	err := db.DB.Create(&product).Error
 
+			return db.DB.Create(&product).Error
+		}
+
+		// Some other DB error
 		return err
+	}
+
+	// Product already exists in cart
+	if set_amount {
+		product.Amount = amount
+	} else {
+		product.Amount = product.Amount + amount
+	}
+
+	if product.Amount < 1 {
+		return responseErrors.ErrAmountMustBePositive
+	} else if product.Amount > constdata.MAX_AMOUNT_OF_PRODUCT_IN_CART {
+		return responseErrors.ErrAmountMustBeReasonable
+	}
+
+	return db.DB.Save(&product).Error
+}
+
+func (repo *CartsRepo) RemoveProduct(cart_id uint, product_id uint, product_attribute_id *uint) error {
+	return db.DB.
+		Where(&model.CartProduct{
+			CartID:             cart_id,
+			ProductID:          product_id,
+			ProductAttributeID: product_attribute_id,
+		}).
+		Delete(&model.CartProduct{}).Error
 }

app/repos/customerRepo/customerRepo.go

@@ -1,6 +1,7 @@
 package customerRepo
 
 import (
+	"fmt"
 	"strings"
 
 	"git.ma-al.com/goc_daniel/b2b/app/db"
@@ -16,6 +17,7 @@ type UICustomerRepo interface {
 	Find(langId uint, p find.Paging, filt *filters.FiltersList, search string) (*find.Found[model.UserInList], error)
 	Save(customer *model.Customer) error
 	Create(customer *model.Customer) error
+	SetCustomerNoVatStatus(customerID uint, isNoVat bool) error
 }
 
 type CustomerRepo struct{}
@@ -80,13 +82,16 @@ func (repo *CustomerRepo) Find(langId uint, p find.Paging, filt *filters.Filters
 		for _, word := range words {
 
 			conditions = append(conditions, `
-			(LOWER(first_name) LIKE ? OR
+			(
+			 id = ? OR
+			 LOWER(first_name) LIKE ? OR
 			 LOWER(last_name) LIKE ? OR
 			 LOWER(email) LIKE ?)
 		`)
 
+			args = append(args, strings.ToLower(word))
 			for range 3 {
-				args = append(args, "%"+strings.ToLower(word)+"%")
+				args = append(args, fmt.Sprintf("%%%s%%", strings.ToLower(word)))
 			}
 		}
 
@@ -111,87 +116,6 @@ func (repo *CustomerRepo) Create(customer *model.Customer) error {
 	return db.DB.Create(customer).Error
 }
 
-// func (repo *CustomerRepo) Search(
+func (repo *CustomerRepo) SetCustomerNoVatStatus(customerID uint, isNoVat bool) error {
-// 	customerId uint,
+	return db.DB.Model(&model.Customer{}).Where("id = ?", customerID).Update("is_no_vat", isNoVat).Error
-// 	partnerCode string,
+}
-// 	p find.Paging,
-// 	filt *filters.FiltersList,
-// 	search string,
-// ) (found find.Found[model.UserInList], err error) {
-// 	words := strings.Fields(search)
-// 	if len(words) > 5 {
-// 		words = words[:5]
-// 	}
-
-// 	query := ctx.DB().
-// 		Model(&model.Customer{}).
-// 		Select("customer.id AS id, customer.first_name as first_name, customer.last_name as last_name, customer.phone_number AS phone_number, customer.email AS email, count(distinct investment_plan_contract.id) as iiplan_purchases, count(distinct `order`.id) as single_purchases, entity.name as entity_name").
-// 		Where("customer.id <> ?", customerId).
-// 		Where("(customer.id IN (SELECT id FROM customer WHERE partner_code IN (WITH RECURSIVE partners AS (SELECT code AS dst FROM partner WHERE code = ? UNION SELECT code FROM partner JOIN partners ON partners.dst = partner.superior_code) SELECT dst FROM partners)) OR customer.recommender_code = ?)", partnerCode, partnerCode).
-// 		Scopes(view.CustomerListQuery())
-
-// 	var conditions []string
-// 	var args []interface{}
-// 	for _, word := range words {
-
-// 		conditions = append(conditions, `
-// 			(LOWER(first_name) LIKE ? OR
-// 			 LOWER(last_name) LIKE ? OR
-// 			 phone_number LIKE ? OR
-// 			 LOWER(email) LIKE ?)
-// 		`)
-
-// 		for i := 0; i < 4; i++ {
-// 			args = append(args, "%"+strings.ToLower(word)+"%")
-// 		}
-// 	}
-
-// 	finalQuery := strings.Join(conditions, " AND ")
-
-// 	query = query.Where(finalQuery, args...).
-// 		Scopes(filt.All()...)
-
-// 	found, err = find.Paginate[V](ctx, p, query)
-
-// 	return found, errs.Recorded(span, err)
-// }
-
-// func (repo *ListRepo) ListUsers(id_lang uint, p find.Paging, filt *filters.FiltersList) (find.Found[model.UserInList], error) {
-// 	var list []model.UserInList
-// 	var total int64
-
-// 	query := db.Get().
-// 		Table("b2b_customers AS users").
-// 		Select(`
-// 			users.id AS id,
-// 			users.email AS email,
-// 			users.first_name AS first_name,
-// 			users.last_name AS last_name,
-// 			users.role AS role
-// 		`)
-
-// 	// Apply all filters
-// 	if filt != nil {
-// 		filt.ApplyAll(query)
-// 	}
-
-// 	//  run counter first as query is without limit and offset
-// 	err := query.Count(&total).Error
-// 	if err != nil {
-// 		return find.Found[model.UserInList]{}, err
-// 	}
-
-// 	err = query.
-// 		Order("users.id DESC").
-// 		Limit(p.Limit()).
-// 		Offset(p.Offset()).
-// 		Find(&list).Error
-// 	if err != nil {
-// 		return find.Found[model.UserInList]{}, err
-// 	}
-
-// 	return find.Found[model.UserInList]{
-// 		Items: list,
-// 		Count: uint(total),
-// 	}, nil
-// }

app/repos/localeSelectorRepo/localeSelectorRepo.go

@@ -3,6 +3,7 @@ package localeSelectorRepo
 import (
 	"git.ma-al.com/goc_daniel/b2b/app/db"
 	"git.ma-al.com/goc_daniel/b2b/app/model"
+	"git.ma-al.com/goc_daniel/b2b/app/model/dbmodel"
 )
 
 type UILocaleSelectorRepo interface {
@@ -25,7 +26,9 @@ func (r *LocaleSelectorRepo) GetLanguages() ([]model.Language, error) {
 func (r *LocaleSelectorRepo) GetCountriesAndCurrencies() ([]model.Country, error) {
 	var countries []model.Country
 	err := db.Get().
-		Preload("PSCurrency").
+		Select("*").
+		Preload("Currency").
+		Joins("LEFT JOIN " + dbmodel.TableNamePsCountryLang + " AS cl ON cl." + dbmodel.PsCountryLangCols.IDCountry.Col() + " = b2b_countries.ps_id_country AND cl." + dbmodel.PsCountryLangCols.IDLang.Col() + " = 2").
 		Find(&countries).Error
 	return countries, err
 }

app/repos/productsRepo/productsRepo.go

@@ -18,7 +18,7 @@ type UIProductsRepo interface {
 	// GetJSON(p_id_product, p_id_shop, p_id_lang, p_id_customer, b2b_id_country, p_quantity int) (*json.RawMessage, error)
 	Find(id_lang uint, userID uint, p find.Paging, filt *filters.FiltersList) (*find.Found[model.ProductInList], error)
 	GetProductVariants(langID uint, productID uint, shopID uint, customerID uint, countryID uint, quantity uint) ([]view.ProductAttribute, error)
-	GetBase(p_id_product, p_id_shop, p_id_lang uint) (view.Product, error)
+	GetBase(p_id_product, p_id_shop, p_id_lang, p_id_customer uint) (view.Product, error)
 	GetPrice(p_id_product uint, productAttributeID *uint, p_id_shop uint, p_id_customer uint, p_id_country uint, p_quantity uint) (view.Price, error)
 	GetVariants(p_id_product, p_id_shop, p_id_lang, p_id_customer, p_id_country, p_quantity uint) ([]view.ProductAttribute, error)
 	AddToFavorites(userID uint, productID uint) error
@@ -33,11 +33,11 @@ func New() UIProductsRepo {
 	return &ProductsRepo{}
 }
 
-func (repo *ProductsRepo) GetBase(p_id_product, p_id_shop, p_id_lang uint) (view.Product, error) {
+func (repo *ProductsRepo) GetBase(p_id_product, p_id_shop, p_id_lang, p_id_customer uint) (view.Product, error) {
 	var result view.Product
 
-	err := db.DB.Raw(`CALL get_product_base(?,?,?)`,
+	err := db.DB.Raw(`CALL get_product_base(?,?,?,?)`,
-		p_id_product, p_id_shop, p_id_lang).
+		p_id_product, p_id_shop, p_id_lang, p_id_customer).
 		Scan(&result).Error
 
 	return result, err
@@ -122,6 +122,19 @@ func (repo *ProductsRepo) Find(langID uint, userID uint, p find.Paging, filt *fi
 							Group("product_id"),
 					},
 				},
+				{
+					Name: "oems",
+					Subquery: exclause.Subquery{
+						DB: db.DB.
+							Table("b2b_oems").
+							Select(`
+								product_id AS product_id,
+								COUNT(*) > 0 AS is_customers_oem
+							`).
+							Where("user_id = ?", userID).
+							Group("product_id"),
+					},
+				},
 				{
 					Name: "new_product_days",
 					Subquery: exclause.Subquery{
@@ -150,6 +163,7 @@ func (repo *ProductsRepo) Find(langID uint, userID uint, p find.Paging, filt *fi
 								pl.name AS name,
 								ps.id_category_default AS category_id,
 								p.reference AS reference,
+								p.is_oem AS is_oem,
 								sa.quantity AS quantity,
 								COALESCE(f.is_favorite, 0) AS is_favorite,
 								CASE
@@ -166,7 +180,9 @@ func (repo *ProductsRepo) Find(langID uint, userID uint, p find.Paging, filt *fi
 							Joins("LEFT JOIN favorites f ON f.product_id = ps.id_product").
 							Joins("LEFT JOIN ps_stock_available sa ON sa.id_product = ps.id_product AND sa.id_product_attribute = 0").
 							Joins("LEFT JOIN new_product_days npd ON 1 = 1").
+							Joins("LEFT JOIN oems ON oems.product_id = ps.id_product").
 							Where("ps.active = ?", 1).
+							Where("(p.is_oem = 0 OR oems.is_customers_oem > 0)").
 							Group("ps.id_product"),
 					},
 				},
@@ -182,7 +198,8 @@ func (repo *ProductsRepo) Find(langID uint, userID uint, p find.Paging, filt *fi
 			COALESCE(v.variants_number, 0) AS variants_number,
 			bp.quantity AS quantity,
 			bp.is_favorite AS is_favorite,
-			bp.is_new AS is_new
+			bp.is_new AS is_new,
+			bp.is_oem AS is_oem
 		`, config.Get().Image.ImagePrefix).
 		Joins("JOIN ps_product_lang pl ON pl.id_product = bp.product_id AND pl.id_lang = ?", langID).
 		Joins("JOIN ps_image_shop ims ON ims.id_product = bp.product_id AND ims.cover = 1").

app/repos/routesRepo/routesRepo.go

@@ -7,7 +7,7 @@ import (
 )
 
 type UIRoutesRepo interface {
-	GetRoutes(langId uint) ([]model.Route, error)
+	GetRoutes(langId uint, roleId uint) ([]model.Route, error)
 	GetTopMenu(id uint, roleId uint) ([]model.B2BTopMenu, error)
 }
 
@@ -17,13 +17,18 @@ func New() UIRoutesRepo {
 	return &RoutesRepo{}
 }
 
-func (p *RoutesRepo) GetRoutes(langId uint) ([]model.Route, error) {
+func (p *RoutesRepo) GetRoutes(langId uint, roleId uint) ([]model.Route, error) {
 	routes := []model.Route{}
-	err := db.DB.Find(&routes, model.Route{Active: nullable.GetNil(true)}).Error
+
-	if err != nil {
+	err := db.
-		return nil, err
+		Get().
-	}
+		Model(model.Route{}).
-	return routes, nil
+		Joins("JOIN b2b_route_roles rr ON rr.route_id = b2b_routes.id").
+		Where(model.Route{Active: nullable.GetNil(true)}).
+		Where("rr.role_id = ?", roleId).
+		Find(&routes).Error
+
+	return routes, err
 }
 
 func (p *RoutesRepo) GetTopMenu(langId uint, roleId uint) ([]model.B2BTopMenu, error) {

app/service/cartsService/cartsService.go

@@ -17,7 +17,7 @@ func New() *CartsService {
 	}
 }
 
-func (s *CartsService) CreateNewCart(user_id uint) (model.CustomerCart, error) {
+func (s *CartsService) CreateNewCart(user_id uint, name string) (model.CustomerCart, error) {
 	var cart model.CustomerCart
 
 	customers_carts_amount, err := s.repo.CartsAmount(user_id)
@@ -28,8 +28,12 @@ func (s *CartsService) CreateNewCart(user_id uint) (model.CustomerCart, error) {
 		return cart, responseErrors.ErrMaxAmtOfCartsReached
 	}
 
+	if name == "" {
+		name = constdata.DEFAULT_NEW_CART_NAME
+	}
+
 	// create new cart for customer
-	cart, err = s.repo.CreateNewCart(user_id)
+	cart, err = s.repo.CreateNewCart(user_id, name)
 
 	return cart, nil
 }
@@ -74,7 +78,7 @@ func (s *CartsService) RetrieveCart(user_id uint, cart_id uint) (*model.Customer
 	return s.repo.RetrieveCart(user_id, cart_id)
 }
 
-func (s *CartsService) AddProduct(user_id uint, cart_id uint, product_id uint, product_attribute_id *uint, amount uint) error {
+func (s *CartsService) AddProduct(user_id uint, cart_id uint, product_id uint, product_attribute_id *uint, amount int, set_amount bool) error {
 	exists, err := s.repo.UserHasCart(user_id, cart_id)
 	if err != nil {
 		return err
@@ -91,5 +95,17 @@ func (s *CartsService) AddProduct(user_id uint, cart_id uint, product_id uint, p
 		return responseErrors.ErrProductOrItsVariationDoesNotExist
 	}
 
-	return s.repo.AddProduct(user_id, cart_id, product_id, product_attribute_id, amount)
+	return s.repo.AddProduct(cart_id, product_id, product_attribute_id, uint(amount), set_amount)
+}
+
+func (s *CartsService) RemoveProduct(user_id uint, cart_id uint, product_id uint, product_attribute_id *uint) error {
+	exists, err := s.repo.UserHasCart(user_id, cart_id)
+	if err != nil {
+		return err
+	}
+	if !exists {
+		return responseErrors.ErrUserHasNoSuchCart
+	}
+
+	return s.repo.RemoveProduct(cart_id, product_id, product_attribute_id)
 }

app/service/customerService/customerService.go

@@ -24,3 +24,7 @@ func (s *CustomerService) GetById(id uint) (*model.Customer, error) {
 func (s *CustomerService) Find(langId uint, p find.Paging, filt *filters.FiltersList, search string) (*find.Found[model.UserInList], error) {
 	return s.repo.Find(langId, p, filt, search)
 }
+
+func (s *CustomerService) SetCustomerNoVatStatus(customerID uint, isNoVat bool) error {
+	return s.repo.SetCustomerNoVatStatus(customerID, isNoVat)
+}

app/service/menuService/menuService.go

@@ -102,8 +102,8 @@ func (s *MenuService) createTree(index int, all_categories *([]model.ScannedCate
 	return node, true
 }
 
-func (s *MenuService) GetRoutes(id_lang uint) ([]model.Route, error) {
+func (s *MenuService) GetRoutes(id_lang, roleId uint) ([]model.Route, error) {
-	return s.routesRepo.GetRoutes(id_lang)
+	return s.routesRepo.GetRoutes(id_lang, roleId)
 }
 
 func (s *MenuService) scannedToNormalCategory(scanned model.ScannedCategory) model.Category {
@@ -231,21 +231,54 @@ func (s *MenuService) GetTopMenu(languageId uint, roleId uint) ([]*model.B2BTopM
 
 func (s *MenuService) appendAdditional(all_categories *[]model.ScannedCategory, id_lang uint, iso_code string) {
 	for i := 0; i < len(*all_categories); i++ {
-		(*all_categories)[i].Filter = "category_id_in=" + strconv.Itoa(int((*all_categories)[i].CategoryID))
+		(*all_categories)[i].Filter = "category_id_eq=" + strconv.Itoa(int((*all_categories)[i].CategoryID))
 	}
 
-	var additional model.ScannedCategory
+	// the new products category
-	additional.CategoryID = 10001
+	var new_products_category model.ScannedCategory
-	additional.Name = "New Products"
+	new_products_category.CategoryID = constdata.ADDITIONAL_CATEGORIES_INDEX + 1
-	additional.Active = 1
+	new_products_category.Name = "New Products"
-	additional.Position = 10
+	new_products_category.Active = 1
-	additional.ParentID = 2
+	new_products_category.Position = 10
-	additional.IsRoot = 0
+	new_products_category.ParentID = 2
-	additional.LinkRewrite = i18n.T___(id_lang, "category.new_products")
+	new_products_category.IsRoot = 0
-	additional.IsoCode = iso_code
+	new_products_category.LinkRewrite = i18n.T___(id_lang, "category.new_products")
+	new_products_category.IsoCode = iso_code
 
-	additional.Visited = false
+	new_products_category.Visited = false
-	additional.Filter = "is_new_in=true"
+	new_products_category.Filter = "is_new_eq=true"
 
-	*all_categories = append(*all_categories, additional)
+	*all_categories = append(*all_categories, new_products_category)
+
+	// the oem products category
+	var oem_products_category model.ScannedCategory
+	oem_products_category.CategoryID = constdata.ADDITIONAL_CATEGORIES_INDEX + 2
+	oem_products_category.Name = "OEM Products"
+	oem_products_category.Active = 1
+	oem_products_category.Position = 11
+	oem_products_category.ParentID = 2
+	oem_products_category.IsRoot = 0
+	oem_products_category.LinkRewrite = i18n.T___(id_lang, "category.oem_products")
+	oem_products_category.IsoCode = iso_code
+
+	oem_products_category.Visited = false
+	oem_products_category.Filter = "is_oem_eq=true"
+
+	*all_categories = append(*all_categories, oem_products_category)
+
+	// the favorite products category
+	var favorite_products_category model.ScannedCategory
+	favorite_products_category.CategoryID = constdata.ADDITIONAL_CATEGORIES_INDEX + 3
+	favorite_products_category.Name = "Favourite Products" // British English version.
+	favorite_products_category.Active = 1
+	favorite_products_category.Position = 12
+	favorite_products_category.ParentID = 2
+	favorite_products_category.IsRoot = 0
+	favorite_products_category.LinkRewrite = i18n.T___(id_lang, "category.favorite_products")
+	favorite_products_category.IsoCode = iso_code
+
+	favorite_products_category.Visited = false
+	favorite_products_category.Filter = "is_favorite_eq=true"
+
+	*all_categories = append(*all_categories, favorite_products_category)
 }

app/service/productService/productService.go

@@ -27,7 +27,7 @@ func (s *ProductService) Get(
 	p_id_product, p_id_lang, p_id_customer, b2b_id_country, p_quantity uint,
 ) (*json.RawMessage, error) {
 
-	product, err := s.productsRepo.GetBase(p_id_product, constdata.SHOP_ID, p_id_lang)
+	product, err := s.productsRepo.GetBase(p_id_product, constdata.SHOP_ID, p_id_lang, p_id_customer)
 	if err != nil {
 		return nil, err
 	}

app/utils/const_data/consts.go

@@ -9,12 +9,14 @@ const ADMIN_NOTIFICATION_LANGUAGE = 2
 
 // CATEGORY_TREE_ROOT_ID corresponds to id_category in ps_category which has is_root_category=1
 const CATEGORY_TREE_ROOT_ID = 2
+const ADDITIONAL_CATEGORIES_INDEX = 10000
 
 // since arrays can not be const
 var CATEGORY_BLACKLIST = []uint{250}
 
 const MAX_AMOUNT_OF_CARTS_PER_USER = 10
 const DEFAULT_NEW_CART_NAME = "new cart"
+const MAX_AMOUNT_OF_PRODUCT_IN_CART = 1024
 
 const MAX_AMOUNT_OF_ADDRESSES_PER_USER = 10
 
@@ -32,3 +34,5 @@ const WEBDAV_TRIMMED_ROOT = "localhost:3000/api/v1/webdav/storage"
 const NON_ALNUM_REGEX = `[^a-z0-9]+`
 const MULTI_DASH_REGEX = `-+`
 const SLUG_REGEX = `^[a-z0-9]+(?:-[a-z0-9]+)*$`
+
+const UNLOGGED_USER_ROLE_ID = 4

app/utils/responseErrors/responseErrors.go

@@ -65,6 +65,8 @@ var (
 	ErrMaxAmtOfCartsReached              = errors.New("maximal amount of carts reached")
 	ErrUserHasNoSuchCart                 = errors.New("user does not have cart with given id")
 	ErrProductOrItsVariationDoesNotExist = errors.New("product or its variation with given ids does not exist")
+	ErrAmountMustBePositive              = errors.New("amount must be positive")
+	ErrAmountMustBeReasonable            = errors.New("amount must be reasonable")
 
 	// Typed errors for orders handler
 	ErrEmptyCart          = errors.New("the cart is empty")
@@ -205,6 +207,10 @@ func GetErrorCode(c fiber.Ctx, err error) string {
 		return i18n.T_(c, "error.err_user_has_no_such_cart")
 	case errors.Is(err, ErrProductOrItsVariationDoesNotExist):
 		return i18n.T_(c, "error.err_product_or_its_variation_does_not_exist")
+	case errors.Is(err, ErrAmountMustBePositive):
+		return i18n.T_(c, "error.err_amount_must_be_positive")
+	case errors.Is(err, ErrAmountMustBeReasonable):
+		return i18n.T_(c, "error.err_amount_must_be_reasonable")
 
 	case errors.Is(err, ErrEmptyCart):
 		return i18n.T_(c, "error.err_cart_is_empty")
@@ -292,6 +298,8 @@ func GetErrorStatus(err error) int {
 		errors.Is(err, ErrMaxAmtOfCartsReached),
 		errors.Is(err, ErrUserHasNoSuchCart),
 		errors.Is(err, ErrProductOrItsVariationDoesNotExist),
+		errors.Is(err, ErrAmountMustBePositive),
+		errors.Is(err, ErrAmountMustBeReasonable),
 		errors.Is(err, ErrEmptyCart),
 		errors.Is(err, ErrUserHasNoSuchOrder),
 		errors.Is(err, ErrInvalidReductionType),

app/view/product.go

@@ -95,4 +95,6 @@ type Product struct {
 	Category     string `gorm:"column:category" json:"category"`
 
 	IsFavorite bool `gorm:"column:is_favorite" json:"is_favorite"`
+	IsOEM      bool `gorm:"column:is_oem" json:"is_oem"`
+	IsNew      bool `gorm:"column:is_new" json:"is_new"`
 }

bruno/api_v1/customer/Set is_no_vat.yml

@@ -0,0 +1,22 @@
+info:
+  name: Set is_no_vat
+  type: http
+  seq: 4
+
+http:
+  method: PATCH
+  url: "{{bas_url}}/restricted/customer/no-vat"
+  body:
+    type: json
+    data: |-
+      {
+        "customer_id":1,
+        "is_no_vat": false
+      }
+  auth: inherit
+
+settings:
+  encodeUrl: true
+  timeout: 0
+  followRedirects: true
+  maxRedirects: 5

bruno/api_v1/product/Products List.yml

@@ -5,7 +5,7 @@ info:
 
 http:
   method: GET
-  url: "{{bas_url}}/restricted/product/list?p=1&elems=30&reference=~NC100"
+  url: "{{bas_url}}/restricted/product/list?p=1&elems=30&reference=~NC100&is_new_eq=0&is_favorite_eq=false&is_oem_eq=FALSE"
   params:
     - name: p
       value: "1"
@@ -27,11 +27,12 @@ http:
     - name: is_new_eq
       value: "0"
       type: query
-      disabled: true
     - name: is_favorite_eq
       value: "false"
       type: query
-      disabled: true
+    - name: is_oem_eq
+      value: "FALSE"
+      type: query
   body:
     type: json
     data: ""

bruno/api_v1/routes/Routes.yml

@@ -0,0 +1,15 @@
+info:
+  name: Routes
+  type: http
+  seq: 1
+
+http:
+  method: GET
+  url: ""
+  auth: inherit
+
+settings:
+  encodeUrl: true
+  timeout: 0
+  followRedirects: true
+  maxRedirects: 5

bruno/api_v1/routes/folder.yml

@@ -1,7 +1,7 @@
 info:
-  name: list
+  name: routes
   type: folder
-  seq: 3
+  seq: 10
 
 request:
   auth: inherit

bruno/b2b_daniel/addresses/folder.yml

@@ -1,7 +1,7 @@
 info:
   name: addresses
   type: folder
-  seq: 10
+  seq: 9
 
 request:
   auth: inherit

bruno/b2b_daniel/carts/add-new-cart.yml

@@ -5,7 +5,11 @@ info:
 
 http:
   method: GET
-  url: http://localhost:3000/api/v1/restricted/carts/add-new-cart
+  url: http://localhost:3000/api/v1/restricted/carts/add-new-cart?name=carttt
+  params:
+    - name: name
+      value: carttt
+      type: query
   auth: inherit
 
 settings:

bruno/b2b_daniel/carts/add-product-to-cart (1).yml

@@ -5,7 +5,7 @@ info:
 
 http:
   method: GET
-  url: http://localhost:3000/api/v1/restricted/carts/add-product-to-cart?cart_id=1&product_id=51&amount=1
+  url: http://localhost:3000/api/v1/restricted/carts/add-product-to-cart?cart_id=1&product_id=51&amount=1&set_amount=false
   params:
     - name: cart_id
       value: "1"
@@ -16,6 +16,9 @@ http:
     - name: amount
       value: "1"
       type: query
+    - name: set_amount
+      value: "false"
+      type: query
   auth: inherit
 
 settings:

bruno/b2b_daniel/carts/add-product-to-cart.yml

@@ -5,7 +5,7 @@ info:
 
 http:
   method: GET
-  url: http://localhost:3000/api/v1/restricted/carts/add-product-to-cart?cart_id=1&product_id=51&product_attribute_id=1115&amount=1
+  url: http://localhost:3000/api/v1/restricted/carts/add-product-to-cart?cart_id=1&product_id=51&product_attribute_id=1115&amount=1&set_amount=true
   params:
     - name: cart_id
       value: "1"
@@ -19,6 +19,9 @@ http:
     - name: amount
       value: "1"
       type: query
+    - name: set_amount
+      value: "true"
+      type: query
   auth: inherit
 
 settings:

bruno/b2b_daniel/list/list-products.yml

@@ -1,24 +0,0 @@
-info:
-  name: list-products
-  type: http
-  seq: 1
-
-http:
-  method: GET
-  url: http://localhost:3000/api/v1/restricted/list/list-products?p=1&elems=10&target_user_id=2
-  params:
-    - name: p
-      value: "1"
-      type: query
-    - name: elems
-      value: "10"
-      type: query
-    - name: target_user_id
-      value: "2"
-      type: query
-
-settings:
-  encodeUrl: true
-  timeout: 0
-  followRedirects: true
-  maxRedirects: 5

bruno/b2b_daniel/list/list-users.yml

@@ -1,21 +0,0 @@
-info:
-  name: list-users
-  type: http
-  seq: 1
-
-http:
-  method: GET
-  url: http://localhost:3000/api/v1/restricted/list/list-users?p=1&elems=10
-  params:
-    - name: p
-      value: "1"
-      type: query
-    - name: elems
-      value: "10"
-      type: query
-
-settings:
-  encodeUrl: true
-  timeout: 0
-  followRedirects: true
-  maxRedirects: 5

bruno/b2b_daniel/orders/folder.yml

@@ -1,7 +1,7 @@
 info:
   name: orders
   type: folder
-  seq: 11
+  seq: 10
 
 request:
   auth: inherit

bruno/b2b_daniel/product-translation/folder.yml

@@ -1,7 +1,7 @@
 info:
   name: product-translation
   type: folder
-  seq: 2
+  seq: 3
 
 request:
   auth: inherit

bruno/b2b_daniel/storage-old/folder.yml

@@ -1,7 +1,7 @@
 info:
   name: storage-old
   type: folder
-  seq: 1
+  seq: 2
 
 request:
   auth: inherit

bruno/b2b_daniel/storage-restricted/folder.yml

@@ -1,7 +1,7 @@
 info:
   name: storage-restricted
   type: folder
-  seq: 9
+  seq: 8
 
 request:
   auth: inherit

i18n/migrations/20260302163100_routes.sql

@@ -43,7 +43,6 @@ INSERT IGNORE INTO `b2b_top_menu` (`menu_id`, `label`, `parent_id`, `params`, `a
 (9, JSON_COMPACT('{"name":"carts","trans":{"pl":{"label":"Koszyki"},"en":{"label":"Carts"},"de":{"label":"Warenkörbe"}}}'),3,JSON_COMPACT('{"route": {"name": "home", "params":{"locale": ""}}}'),1,1);
 
 
-
 -- +goose Down
 
 DROP TABLE IF EXISTS b2b_routes;

i18n/migrations/20260302163122_create_tables.sql

@@ -112,7 +112,8 @@ CREATE TABLE IF NOT EXISTS b2b_customers (
   country_id                      INT NULL DEFAULT 2,
   created_at                      DATETIME(6) NULL,
   updated_at                      DATETIME(6) NULL,
-  deleted_at                      DATETIME(6) NULL
+  deleted_at                      DATETIME(6) NULL,
+  is_no_vat                     TINYINT(1) NULL DEFAULT 0 
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
 
 CREATE UNIQUE INDEX IF NOT EXISTS idx_customers_email
@@ -161,6 +162,16 @@ CREATE TABLE IF NOT EXISTS b2b_favorites (
 ) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4;
 
 
+-- oems
+CREATE TABLE IF NOT EXISTS b2b_oems (
+  user_id BIGINT UNSIGNED NOT NULL,
+  product_id INT UNSIGNED NOT NULL,
+  PRIMARY KEY (user_id, product_id),
+  CONSTRAINT fk_oems_customer FOREIGN KEY (user_id) REFERENCES b2b_customers(id) ON DELETE CASCADE ON UPDATE CASCADE,
+  CONSTRAINT fk_oems_product FOREIGN KEY (product_id) REFERENCES ps_product(id_product) ON DELETE CASCADE ON UPDATE CASCADE
+) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4;
+
+
 -- refresh_tokens
 CREATE TABLE IF NOT EXISTS b2b_refresh_tokens (
   id INT UNSIGNED AUTO_INCREMENT PRIMARY KEY,
@@ -338,6 +349,24 @@ ON b2b_specific_price_customer (b2b_id_customer);
 CREATE INDEX idx_bsp_country_rel
 ON b2b_specific_price_country (b2b_id_country);
 
+CREATE TABLE b2b_route_roles ( 
+  route_id INT NOT NULL,
+  role_id BIGINT UNSIGNED NOT NULL,
+  PRIMARY KEY (route_id, role_id),
+  INDEX idx_role_id (role_id),
+  INDEX idx_route_id (route_id),
+  CONSTRAINT FK_b2b_route_roles_route_id
+    FOREIGN KEY (route_id)
+    REFERENCES b2b_routes (id)
+    ON DELETE CASCADE
+    ON UPDATE CASCADE,
+  CONSTRAINT FK_b2b_route_roles_role_id
+    FOREIGN KEY (role_id)
+    REFERENCES b2b_roles (id)
+    ON DELETE CASCADE
+    ON UPDATE CASCADE
+) ENGINE=InnoDB;
+
 DELIMITER //
 
 CREATE FUNCTION IF NOT EXISTS slugify_eu(input TEXT)
@@ -438,6 +467,7 @@ DROP TABLE IF EXISTS b2b_customer_carts;
 DROP TABLE IF EXISTS b2b_specific_price_country;
 DROP TABLE IF EXISTS b2b_specific_price_customer;
 DROP TABLE IF EXISTS b2b_specific_price_product_attribute;
+DROP TABLE IF EXISTS b2b_route_roles;
 DROP TABLE IF EXISTS b2b_specific_price_category;
 DROP TABLE IF EXISTS b2b_specific_price_product;
 DROP TABLE IF EXISTS b2b_specific_price;

i18n/migrations/20260302163123_create_tables_data.sql

@@ -10,6 +10,7 @@ VALUES
 INSERT INTO `b2b_roles` (`name`, `id`) VALUES ('user','1');
 INSERT INTO `b2b_roles` (`name`, `id`) VALUES ('admin','2');
 INSERT INTO `b2b_roles` (`name`, `id`) VALUES ('super_admin','3');
+INSERT INTO `b2b_roles` (`name`, `id`) VALUES ('unlogged','4');
 
 
 -- insert sample admin user admin@ma-al.com/Maal12345678
@@ -39,6 +40,9 @@ INSERT INTO `b2b_permissions` (`id`, `name`) VALUES ('6', 'webdav.create_token')
 INSERT INTO `b2b_permissions` (`id`, `name`) VALUES ('7', 'product_translation.save');
 INSERT INTO `b2b_permissions` (`id`, `name`) VALUES ('8', 'product_translation.translate');
 INSERT INTO `b2b_permissions` (`id`, `name`) VALUES ('9', 'search.create_index');
+INSERT INTO `b2b_permissions` (`id`, `name`) VALUES ('10', 'orders.view_all');
+INSERT INTO `b2b_permissions` (`id`, `name`) VALUES ('11', 'orders.modify_all');
+INSERT INTO `b2b_permissions` (`id`, `name`) VALUES ('12', 'teleport');
 
 INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('2', '1');
 INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('2', '2');
@@ -49,6 +53,9 @@ INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('2', '6'
 INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('2', '7');
 INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('2', '8');
 INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('2', '9');
+INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('2', '10');
+INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('2', '11');
+INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('2', '12');
 INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('3', '1');
 INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('3', '2');
 INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('3', '3');
@@ -58,4 +65,36 @@ INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('3', '6'
 INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('3', '7');
 INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('3', '8');
 INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('3', '9');
+INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('3', '10');
+INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('3', '11');
+INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('3', '12');
+
+INSERT INTO `b2b_route_roles` (`route_id`, `role_id`) VALUES
+(1, '1'),
+(1, '2'),
+(1, '3'),
+(2, '1'),
+(2, '2'),
+(2, '3'),
+(2, '4'),
+(3, '1'),
+(3, '2'),
+(3, '3'),
+(3, '4'),
+(4, '1'),
+(4, '2'),
+(4, '3'),
+(4, '4'),
+(5, '1'),
+(5, '2'),
+(5, '3'),
+(5, '4'),
+(6, '1'),
+(6, '2'),
+(6, '3'),
+(6, '4'),
+(7, '1'),
+(7, '2'),
+(7, '3'),
+(7, '4');
 -- +goose Down

i18n/migrations/20260319163200_procedures.sql

@@ -16,6 +16,7 @@ READS SQL DATA
 BEGIN
 
   DECLARE v_tax_rate DECIMAL(10,4) DEFAULT 0;
+  DECLARE v_tax_group INT;
 
   DECLARE v_base_raw DECIMAL(20,6);
   DECLARE v_base DECIMAL(20,6);
@@ -29,45 +30,54 @@ BEGIN
 
   DECLARE v_has_specific INT DEFAULT 0;
 
-  -- currency
   DECLARE v_target_currency BIGINT;
   DECLARE v_target_rate DECIMAL(13,6) DEFAULT 1;
   DECLARE v_specific_rate DECIMAL(13,6) DEFAULT 1;
 
+  DECLARE v_is_no_vat TINYINT DEFAULT 0;
+
   SET p_id_product_attribute = NULLIF(p_id_product_attribute, 0);
 
+  -- ================= CUSTOMER VAT =================
+  SELECT COALESCE(c.is_no_vat, 0)
+  INTO v_is_no_vat
+  FROM b2b_customers c
+  WHERE c.id = p_id_customer
+  LIMIT 1;
+
+  -- ================= TAX GROUP =================
+  SELECT ps.id_tax_rules_group
+  INTO v_tax_group
+  FROM ps_product_shop ps
+  WHERE ps.id_product = p_id_product
+    AND ps.id_shop = p_id_shop
+  LIMIT 1;
+
   -- ================= TAX =================
   SELECT COALESCE(t.rate, 0)
   INTO v_tax_rate
   FROM ps_tax_rule tr
   JOIN ps_tax t ON t.id_tax = tr.id_tax
   LEFT JOIN b2b_countries c ON c.id = p_id_country
-  WHERE tr.id_tax_rules_group = (
+  WHERE tr.id_tax_rules_group = v_tax_group
-    SELECT ps.id_tax_rules_group
-    FROM ps_product_shop ps
-    WHERE ps.id_product = p_id_product
-      AND ps.id_shop = p_id_shop
-    LIMIT 1
-  )
     AND tr.id_country = c.ps_id_country
   LIMIT 1;
 
-  -- ================= TARGET CURRENCY =================
+  IF v_is_no_vat = 1 THEN
-  SELECT c.b2b_id_currency
+    SET v_tax_rate = 0;
-  INTO v_target_currency
+  END IF;
-  FROM b2b_countries c
-  WHERE c.id = p_id_country
-  LIMIT 1;
 
-  -- latest target rate
+  -- ================= CURRENCY =================
-  SELECT r.conversion_rate
+  SELECT c.b2b_id_currency, r.conversion_rate
-  INTO v_target_rate
+  INTO v_target_currency, v_target_rate
-  FROM b2b_currency_rates r
+  FROM b2b_countries c
-  WHERE r.b2b_id_currency = v_target_currency
+  LEFT JOIN b2b_currency_rates r
+    ON r.b2b_id_currency = c.b2b_id_currency
+  WHERE c.id = p_id_country
   ORDER BY r.created_at DESC
   LIMIT 1;
 
-  -- ================= BASE PRICE (RAW) =================
+  -- ================= BASE PRICE =================
   SELECT
     COALESCE(ps.price, p.price) + COALESCE(pas.price, 0)
   INTO v_base_raw
@@ -79,8 +89,8 @@ BEGIN
     AND pas.id_shop = p_id_shop
   WHERE p.id_product = p_id_product;
 
-  -- convert base to target currency
   SET v_base = v_base_raw * v_target_rate;
+  SET v_excl = v_base;
 
   -- ================= RULE SELECTION =================
   SELECT
@@ -99,71 +109,67 @@ BEGIN
 
   FROM b2b_specific_price bsp
 
+  LEFT JOIN b2b_specific_price_product spp
+    ON spp.b2b_specific_price_id = bsp.id
+    AND spp.id_product = p_id_product
+
+  LEFT JOIN b2b_specific_price_product_attribute spa
+    ON spa.b2b_specific_price_id = bsp.id
+    AND spa.id_product_attribute = p_id_product_attribute
+
+  LEFT JOIN b2b_specific_price_customer spc
+    ON spc.b2b_specific_price_id = bsp.id
+    AND spc.b2b_id_customer = p_id_customer
+
+  LEFT JOIN b2b_specific_price_country spco
+    ON spco.b2b_specific_price_id = bsp.id
+    AND spco.b2b_id_country = p_id_country
+
+  LEFT JOIN b2b_specific_price_category spcat
+    ON spcat.b2b_specific_price_id = bsp.id
+
+  LEFT JOIN ps_category_product cp
+    ON cp.id_category = spcat.id_category
+    AND cp.id_product = p_id_product
+
   WHERE bsp.is_active = 1
     AND bsp.from_quantity <= p_quantity
 
-    -- intersection rules (unchanged)
+    AND (spp.id_product IS NOT NULL OR NOT EXISTS (
-    AND (
+          SELECT 1 FROM b2b_specific_price_product x WHERE x.b2b_specific_price_id = bsp.id
-      NOT EXISTS (SELECT 1 FROM b2b_specific_price_product x WHERE x.b2b_specific_price_id = bsp.id)
+        ))
-      OR EXISTS (SELECT 1 FROM b2b_specific_price_product x WHERE x.b2b_specific_price_id = bsp.id AND x.id_product = p_id_product)
-    )
 
-    AND (
+    AND (spa.id_product_attribute IS NOT NULL OR NOT EXISTS (
-      NOT EXISTS (SELECT 1 FROM b2b_specific_price_product_attribute x WHERE x.b2b_specific_price_id = bsp.id)
+          SELECT 1 FROM b2b_specific_price_product_attribute x WHERE x.b2b_specific_price_id = bsp.id
-      OR EXISTS (SELECT 1 FROM b2b_specific_price_product_attribute x WHERE x.b2b_specific_price_id = bsp.id AND x.id_product_attribute = p_id_product_attribute)
+        ))
-    )
 
-    AND (
+    AND (spc.b2b_id_customer IS NOT NULL OR NOT EXISTS (
-      NOT EXISTS (SELECT 1 FROM b2b_specific_price_category x WHERE x.b2b_specific_price_id = bsp.id)
+          SELECT 1 FROM b2b_specific_price_customer x WHERE x.b2b_specific_price_id = bsp.id
-      OR EXISTS (
+        ))
-        SELECT 1 FROM b2b_specific_price_category x
-        JOIN ps_category_product cp ON cp.id_category = x.id_category
-        WHERE x.b2b_specific_price_id = bsp.id AND cp.id_product = p_id_product
-      )
-    )
 
-    AND (
+    AND (spco.b2b_id_country IS NOT NULL OR NOT EXISTS (
-      NOT EXISTS (SELECT 1 FROM b2b_specific_price_customer x WHERE x.b2b_specific_price_id = bsp.id)
+          SELECT 1 FROM b2b_specific_price_country x WHERE x.b2b_specific_price_id = bsp.id
-      OR EXISTS (SELECT 1 FROM b2b_specific_price_customer x WHERE x.b2b_specific_price_id = bsp.id AND x.b2b_id_customer = p_id_customer)
+        ))
-    )
 
-    AND (
+    AND (cp.id_product IS NOT NULL OR NOT EXISTS (
-      NOT EXISTS (SELECT 1 FROM b2b_specific_price_country x WHERE x.b2b_specific_price_id = bsp.id)
+          SELECT 1 FROM b2b_specific_price_category x WHERE x.b2b_specific_price_id = bsp.id
-      OR EXISTS (SELECT 1 FROM b2b_specific_price_country x WHERE x.b2b_specific_price_id = bsp.id AND x.b2b_id_country = p_id_country)
+        ))
-    )
 
   ORDER BY
-    -- customer wins
+    (spc.b2b_id_customer IS NOT NULL) DESC,
-    (EXISTS (SELECT 1 FROM b2b_specific_price_customer x WHERE x.b2b_specific_price_id = bsp.id AND x.b2b_id_customer = p_id_customer)) DESC,
+    (spa.id_product_attribute IS NOT NULL) DESC,
-
+    (spp.id_product IS NOT NULL) DESC,
-    -- attribute
+    (cp.id_product IS NOT NULL) DESC,
-    (EXISTS (SELECT 1 FROM b2b_specific_price_product_attribute x WHERE x.b2b_specific_price_id = bsp.id AND x.id_product_attribute = p_id_product_attribute)) DESC,
+    (spco.b2b_id_country IS NOT NULL) DESC,
-
-    -- product
-    (EXISTS (SELECT 1 FROM b2b_specific_price_product x WHERE x.b2b_specific_price_id = bsp.id AND x.id_product = p_id_product)) DESC,
-
-    -- category
-    (EXISTS (
-      SELECT 1 FROM b2b_specific_price_category x
-      JOIN ps_category_product cp ON cp.id_category = x.id_category
-      WHERE x.b2b_specific_price_id = bsp.id AND cp.id_product = p_id_product
-    )) DESC,
-
-    -- country
-    (EXISTS (SELECT 1 FROM b2b_specific_price_country x WHERE x.b2b_specific_price_id = bsp.id AND x.b2b_id_country = p_id_country)) DESC,
-
     bsp.id DESC
 
   LIMIT 1;
 
   -- ================= APPLY =================
-  SET v_excl = v_base;
-
   IF v_has_specific = 1 THEN
 
     IF v_reduction_type = 'amount' THEN
 
-      -- convert specific price currency if needed
       IF v_specific_currency_id IS NOT NULL AND v_specific_currency_id != v_target_currency THEN
 
         SELECT r.conversion_rate
@@ -173,7 +179,6 @@ BEGIN
         ORDER BY r.created_at DESC
         LIMIT 1;
 
-        -- normalize → then convert to target
         SET v_excl = (v_fixed_price / v_specific_rate) * v_target_rate;
 
       ELSE
@@ -319,7 +324,8 @@ DROP PROCEDURE IF EXISTS get_product_base //
 CREATE PROCEDURE get_product_base(
   IN p_id_product INT,
   IN p_id_shop INT,
-  IN p_id_lang INT
+  IN p_id_lang INT,
+  IN p_id_customer INT
 )
 BEGIN
     SELECT
@@ -376,14 +382,21 @@ BEGIN
         
         -- Relations
         m.name AS manufacturer,
-        cl.name AS category
+        cl.name AS category,
 
-        -- This doesn't fit to base product, I'll add proper is_favorite to product later
+        p.is_oem,
-
+        EXISTS(
-        -- EXISTS(
+          SELECT 1 FROM b2b_favorites f
-        --   SELECT 1 FROM b2b_favorites f
+          WHERE f.user_id = p_id_customer AND f.product_id = p_id_product
-        --   WHERE f.user_id = p_id_customer AND f.product_id = p_id_product
+        ) AS is_favorite,
-        -- ) AS is_favorite
+        CASE
+          WHEN ps.date_add >= DATE_SUB(
+            NOW(),
+            INTERVAL COALESCE(CAST(ps_configuration.value AS SIGNED), 20) DAY
+          ) AND ps.active = 1
+          THEN 1
+          ELSE 0
+        END AS is_new
 
 
 
@@ -401,6 +414,8 @@ BEGIN
        AND cl.id_shop = p_id_shop
     LEFT JOIN ps_manufacturer m 
         ON m.id_manufacturer = p.id_manufacturer
+    LEFT JOIN ps_configuration
+        ON ps_configuration.name = PS_NB_DAYS_NEW_PRODUCT
 
     WHERE p.id_product = p_id_product
     LIMIT 1;