goc_daniel/b2b
2
0
Fork 0
Code Issues 7 Pull Requests Actions Packages Projects Releases Wiki Activity

product-procedures #52

Merged
goc_marek merged 17 commits from product-procedures into main 2026-04-07 08:45:16 +00:00
Conversation 1 Commits 17 Files Changed 50 +65 -55
6 changed files with 65 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 76ca2a2eed - Show all commits

92
app/delivery/web/api/restricted/customer.go
View File

@@ -4,9 +4,9 @@ import (
"strconv"
"git.ma-al.com/goc_daniel/b2b/app/delivery/middleware/perms"
"git.ma-al.com/goc_daniel/b2b/app/model"
"git.ma-al.com/goc_daniel/b2b/app/service/customerService"
"git.ma-al.com/goc_daniel/b2b/app/utils/i18n"
"git.ma-al.com/goc_daniel/b2b/app/utils/localeExtractor"
"git.ma-al.com/goc_daniel/b2b/app/utils/nullable"
"git.ma-al.com/goc_daniel/b2b/app/utils/response"
"git.ma-al.com/goc_daniel/b2b/app/utils/responseErrors"
@@ -28,37 +28,34 @@ func CustomerHandlerRoutes(r fiber.Router) fiber.Router {
handler := NewCustomerHandler()
r.Get("", handler.customerData)
r.Get("/list", handler.listCustomers)
// r.Get("/list", handler.listCustomers)
return r
}
func (h *customerHandler) customerData(fc fiber.Ctx) error {
var customerId uint
user, ok := localeExtractor.GetCustomer(fc)
if !ok || user == nil {
return fc.Status(responseErrors.GetErrorStatus(responseErrors.ErrBadAttribute)).
JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(fc, responseErrors.ErrBadAttribute)))
}
customerIdStr := fc.Query("id")
if customerIdStr != "" {
user, ok := fc.Locals("user").(*model.UserSession)
if !ok {
return fc.Status(responseErrors.GetErrorStatus(responseErrors.ErrBadAttribute)).
JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(fc, responseErrors.ErrBadAttribute)))
}
id, err := strconv.ParseUint(customerIdStr, 10, 64)
if err != nil {
return fiber.ErrBadRequest
}
if user.UserID != uint(id) && !user.HasPermission(perms.UserReadAny) {
if user.ID != uint(id) && !user.HasPermission(perms.UserReadAny) {
return fc.Status(fiber.StatusForbidden).
JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(fc, responseErrors.ErrForbidden)))
}
customerId = uint(id)
} else {
id, ok := fc.Locals("userID").(uint)
if !ok {
return fc.Status(responseErrors.GetErrorStatus(responseErrors.ErrBadAttribute)).
JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(fc, responseErrors.ErrBadAttribute)))
}
customerId = id
customerId = user.ID
}
customer, err := h.service.GetById(customerId)
@@ -70,40 +67,41 @@ func (h *customerHandler) customerData(fc fiber.Ctx) error {
return fc.JSON(response.Make(&customer, 0, i18n.T_(fc, response.Message_OK)))
}
func (h *customerHandler) listCustomers(fc fiber.Ctx) error {
var customerId uint
customerIdStr := fc.Query("id")
if customerIdStr != "" {
user, ok := fc.Locals("user").(*model.UserSession)
if !ok {
return fc.Status(responseErrors.GetErrorStatus(responseErrors.ErrBadAttribute)).
JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(fc, responseErrors.ErrBadAttribute)))
}
id, err := strconv.ParseUint(customerIdStr, 10, 64)
if err != nil {
return fiber.ErrBadRequest
}
// func (h *customerHandler) listCustomers(fc fiber.Ctx) error {
// var customerId uint
// customerIdStr := fc.Query("id")
// if customerIdStr != "" {
if user.UserID != uint(id) && !user.HasPermission(perms.UserReadAny) {
return fc.Status(fiber.StatusForbidden).
JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(fc, responseErrors.ErrForbidden)))
}
// user, ok := localeExtractor.GetCustomer(fc)
// if !ok || user == nil {
// return fc.Status(responseErrors.GetErrorStatus(responseErrors.ErrBadAttribute)).
// JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(fc, responseErrors.ErrBadAttribute)))
// }
// id, err := strconv.ParseUint(customerIdStr, 10, 64)
// if err != nil {
// return fiber.ErrBadRequest
// }
customerId = uint(id)
} else {
id, ok := fc.Locals("userID").(uint)
if !ok {
return fc.Status(responseErrors.GetErrorStatus(responseErrors.ErrBadAttribute)).
JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(fc, responseErrors.ErrBadAttribute)))
}
customerId = id
}
// if user.UserID != uint(id) && !user.HasPermission(perms.UserReadAny) {
// return fc.Status(fiber.StatusForbidden).
// JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(fc, responseErrors.ErrForbidden)))
// }
customer, err := h.service.GetById(customerId)
if err != nil {
return fc.Status(responseErrors.GetErrorStatus(err)).
JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(fc, err)))
}
// customerId = uint(id)
// } else {
// id, ok := fc.Locals("userID").(uint)
// if !ok {
// return fc.Status(responseErrors.GetErrorStatus(responseErrors.ErrBadAttribute)).
// JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(fc, responseErrors.ErrBadAttribute)))
// }
// customerId = id
// }
return fc.JSON(response.Make(&customer, 0, i18n.T_(fc, response.Message_OK)))
}
// customer, err := h.service.GetById(customerId)
// if err != nil {
// return fc.Status(responseErrors.GetErrorStatus(err)).
// JSON(response.Make(nullable.GetNil(""), 0, responseErrors.GetErrorCode(fc, err)))
// }
// return fc.JSON(response.Make(&customer, 0, i18n.T_(fc, response.Message_OK)))
// }

9
app/model/customer.go
View File

@@ -34,6 +34,15 @@ type Customer struct {
DeletedAt gorm.DeletedAt `gorm:"index" json:"-"`
}
func (u *Customer) HasPermission(permission perms.Permission) bool {
for _, p := range u.Role.Permissions {
if p.Name == permission {
return true
}
}
return false
}
// AuthProvider represents the authentication provider
type AuthProvider string

2
app/model/role.go
View File

@@ -3,7 +3,7 @@ package model
type Role struct {
ID uint `gorm:"primaryKey" json:"id"`
Name string `gorm:"size:64" json:"name"`
Permissions []Permission `gorm:"many2many:b2b_role_permissions;" json:"-"`
Permissions []Permission `gorm:"many2many:b2b_role_permissions;" json:"permissions"`
}
func (Role) TableName() string {

2
app/repos/customerRepo/customerRepo.go
View File

@@ -19,7 +19,7 @@ func (repo *CustomerRepo) Get(id uint) (*model.Customer, error) {
var customer model.Customer
err := db.DB.
Preload("Role").
Preload("Role.Permissions").
First(&customer, id).
Error

6
bruno/api_v1/customer/Customer (me).yml
View File

@@ -5,11 +5,7 @@ info:
http:
method: GET
url: "{{bas_url}}/restricted/customer?id=1"
params:
- name: id
value: "1"
type: query
url: "{{bas_url}}/restricted/customer"
auth: inherit
settings:

9
i18n/migrations/20260302163123_create_tables_data.sql
View File

@@ -35,5 +35,12 @@ INSERT INTO `b2b_permissions` (`id`, `name`) VALUES ('2', 'user.write.any');
INSERT INTO `b2b_permissions` (`id`, `name`) VALUES ('3', 'user.delete.any');
INSERT INTO `b2b_permissions` (`id`, `name`) VALUES ('4', 'currency.write');
INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('2', '1');
INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('2', '2');
INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('2', '3');
INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('2', '4');
INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('3', '1');
INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('3', '2');
INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('3', '3');
INSERT INTO `b2b_role_permissions` (`role_id`, `permission_id`) VALUES ('3', '4');
-- +goose Down