Revert "[FIX/BE-US]add feature restrict by location and areas in roles"

This reverts commit dff9e73ab1.

cmd/api/main.go

@@ -14,8 +14,8 @@ import (
 	"gitlab.com/mbugroup/lti-api.git/internal/database"
 	"gitlab.com/mbugroup/lti-api.git/internal/middleware"
 	"gitlab.com/mbugroup/lti-api.git/internal/modules/sso/session"
-	sso "gitlab.com/mbugroup/lti-api.git/internal/modules/sso/verifier"
 	"gitlab.com/mbugroup/lti-api.git/internal/route"
+	"gitlab.com/mbugroup/lti-api.git/internal/sso"
 	"gitlab.com/mbugroup/lti-api.git/internal/utils"
 
 	"github.com/gofiber/fiber/v2"

internal/middleware/auth.go

@@ -7,8 +7,8 @@ import (
 	"gitlab.com/mbugroup/lti-api.git/internal/config"
 	entity "gitlab.com/mbugroup/lti-api.git/internal/entities"
 	"gitlab.com/mbugroup/lti-api.git/internal/modules/sso/session"
-	sso "gitlab.com/mbugroup/lti-api.git/internal/modules/sso/verifier"
 	service "gitlab.com/mbugroup/lti-api.git/internal/modules/users/services"
+	"gitlab.com/mbugroup/lti-api.git/internal/sso"
 	"gitlab.com/mbugroup/lti-api.git/internal/utils"
 )
 

internal/middleware/role_scope.go

@@ -1,280 +0,0 @@
-package middleware
-
-import (
-	"errors"
-	"strings"
-
-	"github.com/gofiber/fiber/v2"
-	"gorm.io/gorm"
-
-	"gitlab.com/mbugroup/lti-api.git/internal/config"
-	entity "gitlab.com/mbugroup/lti-api.git/internal/entities"
-)
-
-type ScopeFilter struct {
-	IDs      []uint
-	Restrict bool
-}
-
-type roleScope struct {
-	allArea      bool
-	allLocation  bool
-	areaIDs      []uint
-	locationIDs  []uint
-	hasAnyScopes bool
-}
-
-func ResolveAreaScope(c *fiber.Ctx, db *gorm.DB) (ScopeFilter, error) {
-	scope, err := collectRoleScope(c)
-	if err != nil || !scope.hasAnyScopes {
-		return ScopeFilter{}, err
-	}
-
-	if scope.allArea || scope.allLocation {
-		return ScopeFilter{}, nil
-	}
-
-	allowed := uniqueUint(scope.areaIDs)
-	if len(scope.locationIDs) > 0 {
-		derived, err := areaIDsByLocationIDs(db, scope.locationIDs)
-		if err != nil {
-			return ScopeFilter{}, err
-		}
-		allowed = uniqueUint(append(allowed, derived...))
-	}
-
-	if len(allowed) == 0 {
-		return ScopeFilter{Restrict: true}, nil
-	}
-	return ScopeFilter{IDs: allowed, Restrict: true}, nil
-}
-
-func ResolveLocationScope(c *fiber.Ctx, db *gorm.DB) (ScopeFilter, error) {
-	scope, err := collectRoleScope(c)
-	if err != nil || !scope.hasAnyScopes {
-		return ScopeFilter{}, err
-	}
-
-	if scope.allLocation || scope.allArea {
-		return ScopeFilter{}, nil
-	}
-
-	areaIDs := uniqueUint(scope.areaIDs)
-	locationIDs := uniqueUint(scope.locationIDs)
-
-	switch {
-	case len(locationIDs) > 0 && len(areaIDs) > 0:
-		filtered, err := filterLocationIDsByAreaIDs(db, locationIDs, areaIDs)
-		if err != nil {
-			return ScopeFilter{}, err
-		}
-		locationIDs = filtered
-	case len(locationIDs) == 0 && len(areaIDs) > 0:
-		derived, err := locationIDsByAreaIDs(db, areaIDs)
-		if err != nil {
-			return ScopeFilter{}, err
-		}
-		locationIDs = derived
-	}
-
-	locationIDs = uniqueUint(locationIDs)
-	if len(locationIDs) == 0 {
-		return ScopeFilter{Restrict: true}, nil
-	}
-	return ScopeFilter{IDs: locationIDs, Restrict: true}, nil
-}
-
-func collectRoleScope(c *fiber.Ctx) (roleScope, error) {
-	ctx, ok := AuthDetails(c)
-	if !ok || ctx == nil || len(ctx.Roles) == 0 {
-		return roleScope{}, nil
-	}
-
-	clientAlias := resolveClientAlias(ctx)
-
-	scope := roleScope{}
-	areaSet := make(map[uint]struct{})
-	locationSet := make(map[uint]struct{})
-
-	for _, role := range ctx.Roles {
-		if clientAlias != "" && !strings.EqualFold(strings.TrimSpace(role.ClientAlias), clientAlias) {
-			continue
-		}
-		scope.hasAnyScopes = true
-		if role.AllArea {
-			scope.allArea = true
-		}
-		if role.AllLocation {
-			scope.allLocation = true
-		}
-		for _, id := range role.AreaIDs {
-			if id == 0 {
-				continue
-			}
-			areaSet[id] = struct{}{}
-		}
-		for _, id := range role.LocationIDs {
-			if id == 0 {
-				continue
-			}
-			locationSet[id] = struct{}{}
-		}
-	}
-
-	scope.areaIDs = keysUint(areaSet)
-	scope.locationIDs = keysUint(locationSet)
-
-	scope.hasAnyScopes = scope.hasAnyScopes &&
-		(scope.allArea || scope.allLocation || len(scope.areaIDs) > 0 || len(scope.locationIDs) > 0)
-
-	return scope, nil
-}
-
-func areaIDsByLocationIDs(db *gorm.DB, locationIDs []uint) ([]uint, error) {
-	if db == nil {
-		return nil, errors.New("database not configured")
-	}
-	if len(locationIDs) == 0 {
-		return nil, nil
-	}
-	var areaIDs []uint
-	if err := db.Model(&entity.Location{}).
-		Where("deleted_at IS NULL").
-		Where("id IN ?", locationIDs).
-		Distinct("area_id").
-		Pluck("area_id", &areaIDs).Error; err != nil {
-		return nil, err
-	}
-	return areaIDs, nil
-}
-
-func locationIDsByAreaIDs(db *gorm.DB, areaIDs []uint) ([]uint, error) {
-	if db == nil {
-		return nil, errors.New("database not configured")
-	}
-	if len(areaIDs) == 0 {
-		return nil, nil
-	}
-	var locationIDs []uint
-	if err := db.Model(&entity.Location{}).
-		Where("deleted_at IS NULL").
-		Where("area_id IN ?", areaIDs).
-		Distinct("id").
-		Pluck("id", &locationIDs).Error; err != nil {
-		return nil, err
-	}
-	return locationIDs, nil
-}
-
-func filterLocationIDsByAreaIDs(db *gorm.DB, locationIDs, areaIDs []uint) ([]uint, error) {
-	if db == nil {
-		return nil, errors.New("database not configured")
-	}
-	if len(locationIDs) == 0 || len(areaIDs) == 0 {
-		return nil, nil
-	}
-	var filtered []uint
-	if err := db.Model(&entity.Location{}).
-		Where("deleted_at IS NULL").
-		Where("id IN ?", locationIDs).
-		Where("area_id IN ?", areaIDs).
-		Distinct("id").
-		Pluck("id", &filtered).Error; err != nil {
-		return nil, err
-	}
-	return filtered, nil
-}
-
-func uniqueUint(ids []uint) []uint {
-	if len(ids) == 0 {
-		return nil
-	}
-	seen := make(map[uint]struct{}, len(ids))
-	result := make([]uint, 0, len(ids))
-	for _, id := range ids {
-		if id == 0 {
-			continue
-		}
-		if _, ok := seen[id]; ok {
-			continue
-		}
-		seen[id] = struct{}{}
-		result = append(result, id)
-	}
-	return result
-}
-
-func keysUint(set map[uint]struct{}) []uint {
-	if len(set) == 0 {
-		return nil
-	}
-	out := make([]uint, 0, len(set))
-	for id := range set {
-		out = append(out, id)
-	}
-	return out
-}
-
-func resolveClientAlias(ctx *AuthContext) string {
-	if ctx == nil || ctx.Verification == nil || ctx.Verification.Claims == nil {
-		return ""
-	}
-
-	scopes := ctx.Verification.Claims.Scopes()
-	if len(scopes) == 0 {
-		return ""
-	}
-
-	seen := make(map[string]struct{})
-	for _, scope := range scopes {
-		scope = strings.ToLower(strings.TrimSpace(scope))
-		if scope == "" {
-			continue
-		}
-		prefix := scope
-		if idx := strings.IndexAny(prefix, ".:"); idx > 0 {
-			prefix = prefix[:idx]
-		}
-		prefix = strings.TrimSpace(prefix)
-		if prefix == "" {
-			continue
-		}
-		if alias := matchAlias(prefix); alias != "" {
-			seen[alias] = struct{}{}
-		}
-	}
-
-	if len(seen) != 1 {
-		return ""
-	}
-	for alias := range seen {
-		return alias
-	}
-	return ""
-}
-
-func matchAlias(alias string) string {
-	alias = strings.ToLower(strings.TrimSpace(alias))
-	if alias == "" {
-		return ""
-	}
-	if _, ok := config.SSOClients[alias]; ok {
-		return alias
-	}
-	for key := range config.SSOClients {
-		if strings.EqualFold(key, alias) {
-			return strings.ToLower(strings.TrimSpace(key))
-		}
-	}
-	return ""
-}
-
-func ApplyScopeFilter(db *gorm.DB, scope ScopeFilter, column string) *gorm.DB {
-	if db == nil || !scope.Restrict {
-		return db
-	}
-	if len(scope.IDs) == 0 {
-		return db.Where("1 = 0")
-	}
-	return db.Where(column+" IN ?", scope.IDs)
-}

internal/modules/daily-checklists/services/daily-checklist.service.go

@@ -9,7 +9,7 @@ import (
 	"time"
 
 	entity "gitlab.com/mbugroup/lti-api.git/internal/entities"
-	m "gitlab.com/mbugroup/lti-api.git/internal/middleware"
+	middleware "gitlab.com/mbugroup/lti-api.git/internal/middleware"
 	repository "gitlab.com/mbugroup/lti-api.git/internal/modules/daily-checklists/repositories"
 	validation "gitlab.com/mbugroup/lti-api.git/internal/modules/daily-checklists/validations"
 	phaseRepo "gitlab.com/mbugroup/lti-api.git/internal/modules/master/phasess/repositories"
@@ -456,7 +456,7 @@ func (s dailyChecklistService) UpdateOne(c *fiber.Ctx, req *validation.Update, i
 		updateBody["reject_reason"] = *req.RejectReason
 	}
 
-	actorID, err := m.ActorIDFromContext(c)
+	actorID, err := middleware.ActorIDFromContext(c)
 	if err != nil {
 		return &entity.DailyChecklist{}, fiber.NewError(fiber.StatusUnauthorized, "Failed to get actor ID from context")
 	}
@@ -946,11 +946,6 @@ func (s dailyChecklistService) GetReport(c *fiber.Ctx, params *validation.Report
 		return nil, 0, err
 	}
 
-	scope, err := m.ResolveLocationScope(c, s.Repository.DB())
-	if err != nil {
-		return nil, 0, err
-	}
-
 	offset := (params.Page - 1) * params.Limit
 
 	buildBase := func() *gorm.DB {
@@ -967,8 +962,6 @@ func (s dailyChecklistService) GetReport(c *fiber.Ctx, params *validation.Report
 			Where("EXTRACT(YEAR FROM dc.date) = ?", params.Year).
 			Where("dc.status = ?", "APPROVED")
 
-		db = m.ApplyScopeFilter(db, scope, "loc.id")
-
 		if params.AreaID != nil {
 			db = db.Where("a.id = ?", *params.AreaID)
 		}

internal/modules/dashboards/controllers/dashboard.controller.go

@@ -6,7 +6,6 @@ import (
 	"strings"
 	"time"
 
-	m "gitlab.com/mbugroup/lti-api.git/internal/middleware"
 	"gitlab.com/mbugroup/lti-api.git/internal/modules/dashboards/dto"
 	service "gitlab.com/mbugroup/lti-api.git/internal/modules/dashboards/services"
 	validation "gitlab.com/mbugroup/lti-api.git/internal/modules/dashboards/validations"
@@ -82,20 +81,6 @@ func (u *DashboardController) GetAll(c *fiber.Ctx) error {
 		return fiber.NewError(fiber.StatusBadRequest, "Invalid include")
 	}
 
-	scope, err := m.ResolveLocationScope(c, u.DashboardService.DB())
-	if err != nil {
-		return err
-	}
-	if scope.Restrict {
-		if len(scope.IDs) == 0 {
-			lokasiIds = []uint{}
-		} else if len(lokasiIds) > 0 {
-			lokasiIds = intersectUint(lokasiIds, scope.IDs)
-		} else {
-			lokasiIds = scope.IDs
-		}
-	}
-
 	analysisMode := strings.ToUpper(strings.TrimSpace(c.Query("analysis_mode", validation.AnalysisModeOverview)))
 	metric := strings.ToLower(strings.TrimSpace(c.Query("metric", "")))
 
@@ -191,23 +176,6 @@ func defaultUintSlice(values []uint) []uint {
 	return values
 }
 
-func intersectUint(a, b []uint) []uint {
-	if len(a) == 0 || len(b) == 0 {
-		return nil
-	}
-	set := make(map[uint]struct{}, len(b))
-	for _, id := range b {
-		set[id] = struct{}{}
-	}
-	out := make([]uint, 0, len(a))
-	for _, id := range a {
-		if _, ok := set[id]; ok {
-			out = append(out, id)
-		}
-	}
-	return out
-}
-
 func parsePeriodDates(startDateRaw, endDateRaw string, location *time.Location) (time.Time, time.Time, time.Time, error) {
 	now := time.Now().In(location)
 	startDate := time.Date(now.Year(), now.Month(), 1, 0, 0, 0, 0, location)

internal/modules/dashboards/services/dashboard.service.go

@@ -17,12 +17,10 @@ import (
 
 	"github.com/go-playground/validator/v10"
 	"github.com/sirupsen/logrus"
-	"gorm.io/gorm"
 )
 
 type DashboardService interface {
 	GetAll(ctx context.Context, params *validation.Query) (dto.DashboardPerformanceOverviewDTO, int64, error)
-	DB() *gorm.DB
 }
 
 type dashboardService struct {
@@ -39,10 +37,6 @@ func NewDashboardService(repo repository.DashboardRepository, validate *validato
 	}
 }
 
-func (s dashboardService) DB() *gorm.DB {
-	return s.Repository.DB()
-}
-
 func (s dashboardService) GetAll(ctx context.Context, params *validation.Query) (dto.DashboardPerformanceOverviewDTO, int64, error) {
 	if err := s.Validate.Struct(params); err != nil {
 		return dto.DashboardPerformanceOverviewDTO{}, 0, err

internal/modules/expenses/repositories/expense_realization.repository.go

@@ -138,28 +138,9 @@ func (r *ExpenseRealizationRepositoryImpl) GetAllWithFilters(ctx context.Context
 	locationID := filters.LocationId
 	areaID := filters.AreaId
 
-	if filters.AllowedLocationIDs != nil || filters.AllowedAreaIDs != nil || locationID > 0 || areaID > 0 {
-		db = db.Joins("JOIN kandangs ON kandangs.id = expense_nonstocks.kandang_id")
-	}
-
-	if filters.AllowedLocationIDs != nil {
-		if len(filters.AllowedLocationIDs) == 0 {
-			db = db.Where("1 = 0")
-		} else {
-			db = db.Where("kandangs.location_id IN ?", filters.AllowedLocationIDs)
-		}
-	}
-
-	if filters.AllowedAreaIDs != nil {
-		if len(filters.AllowedAreaIDs) == 0 {
-			db = db.Where("1 = 0")
-		} else {
-			db = db.Joins("JOIN locations ON locations.id = kandangs.location_id").
-				Where("locations.area_id IN ?", filters.AllowedAreaIDs)
-		}
-	}
-
 	if locationID > 0 || areaID > 0 {
+		db = db.Joins("JOIN kandangs ON kandangs.id = expense_nonstocks.kandang_id")
+
 		if locationID > 0 {
 			db = db.Where("kandangs.location_id = ?", uint(locationID))
 		}

internal/modules/expenses/services/expense.service.go

@@ -87,16 +87,10 @@ func (s expenseService) GetAll(c *fiber.Ctx, params *validation.Query) ([]expens
 		return nil, 0, err
 	}
 
-	scope, err := middleware.ResolveLocationScope(c, s.Repository.DB())
-	if err != nil {
-		return nil, 0, err
-	}
-
 	offset := (params.Page - 1) * params.Limit
 
 	expenses, total, err := s.Repository.GetAll(c.Context(), offset, params.Limit, func(db *gorm.DB) *gorm.DB {
 		db = s.withRelations(db)
-		db = middleware.ApplyScopeFilter(db, scope, "location_id")
 		if params.Search != "" {
 			return db.Where("category ILIKE ?", "%"+params.Search+"%")
 		}
@@ -123,16 +117,7 @@ func (s expenseService) GetAll(c *fiber.Ctx, params *validation.Query) ([]expens
 }
 
 func (s expenseService) GetOne(c *fiber.Ctx, id uint) (*expenseDto.ExpenseDetailDTO, error) {
-	scope, err := middleware.ResolveLocationScope(c, s.Repository.DB())
+	expense, err := s.Repository.GetByID(c.Context(), id, s.withRelations)
-	if err != nil {
-		return nil, err
-	}
-
-	expense, err := s.Repository.GetByID(c.Context(), id, func(db *gorm.DB) *gorm.DB {
-		db = s.withRelations(db)
-		db = middleware.ApplyScopeFilter(db, scope, "location_id")
-		return db
-	})
 	if err != nil {
 		if errors.Is(err, gorm.ErrRecordNotFound) {
 

internal/modules/inventory/product-stocks/services/product-stock.service.go

@@ -4,7 +4,6 @@ import (
 	"errors"
 
 	entity "gitlab.com/mbugroup/lti-api.git/internal/entities"
-	m "gitlab.com/mbugroup/lti-api.git/internal/middleware"
 	validation "gitlab.com/mbugroup/lti-api.git/internal/modules/inventory/product-stocks/validations"
 	productRepository "gitlab.com/mbugroup/lti-api.git/internal/modules/master/products/repositories"
 	"gitlab.com/mbugroup/lti-api.git/internal/utils"
@@ -62,34 +61,15 @@ func (s productStockService) GetAll(c *fiber.Ctx, params *validation.Query) ([]e
 		return nil, 0, err
 	}
 
-	scope, err := m.ResolveLocationScope(c, s.ProductRepository.DB())
-	if err != nil {
-		return nil, 0, err
-	}
-
 	offset := (params.Page - 1) * params.Limit
 
 	productStocks, total, err := s.ProductRepository.GetAll(c.Context(), offset, params.Limit, func(db *gorm.DB) *gorm.DB {
-		if scope.Restrict {
+		db = db.Where(`EXISTS (
-			if len(scope.IDs) == 0 {
+			SELECT 1
-				return db.Where("1 = 0")
+			FROM product_warehouses pw
-			}
+			WHERE pw.product_id = products.id
-			db = db.Where(`EXISTS (
+				AND pw.qty > 0
-				SELECT 1
+		)`)
-				FROM product_warehouses pw
-				JOIN warehouses w ON w.id = pw.warehouse_id
-				WHERE pw.product_id = products.id
-					AND pw.qty > 0
-					AND w.location_id IN ?
-			)`, scope.IDs)
-		} else {
-			db = db.Where(`EXISTS (
-				SELECT 1
-				FROM product_warehouses pw
-				WHERE pw.product_id = products.id
-					AND pw.qty > 0
-			)`)
-		}
 
 		db = s.withRelations(db)
 		if params.Search != "" {
@@ -106,30 +86,6 @@ func (s productStockService) GetAll(c *fiber.Ctx, params *validation.Query) ([]e
 }
 
 func (s productStockService) GetOne(c *fiber.Ctx, id uint) (*entity.Product, error) {
-	scope, err := m.ResolveLocationScope(c, s.ProductRepository.DB())
-	if err != nil {
-		return nil, err
-	}
-
-	if scope.Restrict {
-		if len(scope.IDs) == 0 {
-			return nil, fiber.NewError(fiber.StatusNotFound, "Product not found")
-		}
-		var count int64
-		if err := s.ProductRepository.DB().WithContext(c.Context()).
-			Table("product_warehouses pw").
-			Joins("JOIN warehouses w ON w.id = pw.warehouse_id").
-			Where("pw.product_id = ?", id).
-			Where("pw.qty > 0").
-			Where("w.location_id IN ?", scope.IDs).
-			Count(&count).Error; err != nil {
-			return nil, err
-		}
-		if count == 0 {
-			return nil, fiber.NewError(fiber.StatusNotFound, "Product not found")
-		}
-	}
-
 	product, err := s.ProductRepository.GetByID(c.Context(), id, s.withRelations)
 	if errors.Is(err, gorm.ErrRecordNotFound) {
 		return nil, fiber.NewError(fiber.StatusNotFound, "Product not found")

internal/modules/inventory/product-warehouses/services/product_warehouse.service.go

@@ -8,7 +8,7 @@ import (
 	validation "gitlab.com/mbugroup/lti-api.git/internal/modules/inventory/product-warehouses/validations"
 	kandangrepo "gitlab.com/mbugroup/lti-api.git/internal/modules/master/kandangs/repositories"
 	"gitlab.com/mbugroup/lti-api.git/internal/utils"
-	m "gitlab.com/mbugroup/lti-api.git/internal/middleware"
+
 	"github.com/go-playground/validator/v10"
 	"github.com/gofiber/fiber/v2"
 	"github.com/sirupsen/logrus"
@@ -53,11 +53,6 @@ func (s productWarehouseService) GetAll(c *fiber.Ctx, params *validation.Query)
 		return nil, 0, err
 	}
 
-	scope, err := m.ResolveLocationScope(c, s.Repository.DB())
-	if err != nil {
-		return nil, 0, err
-	}
-
 	if params.ProductId > 0 {
 		isProductExist, err := s.Repository.IsProductExist(c.Context(), params.ProductId)
 		if err != nil {
@@ -95,14 +90,6 @@ func (s productWarehouseService) GetAll(c *fiber.Ctx, params *validation.Query)
 	productWarehouses, total, err := s.Repository.GetAll(c.Context(), offset, params.Limit, func(db *gorm.DB) *gorm.DB {
 		db = s.withRelations(db)
 
-		if scope.Restrict {
-			if len(scope.IDs) == 0 {
-				return db.Where("1 = 0")
-			}
-			db = db.Joins("JOIN warehouses w_scope ON product_warehouses.warehouse_id = w_scope.id").
-				Where("w_scope.location_id IN ?", scope.IDs)
-		}
-
 		if params.ProductId != 0 {
 			db = db.Where("product_id = ?", params.ProductId)
 		}
@@ -129,22 +116,7 @@ func (s productWarehouseService) GetAll(c *fiber.Ctx, params *validation.Query)
 }
 
 func (s productWarehouseService) GetOne(c *fiber.Ctx, id uint) (*entity.ProductWarehouse, error) {
-	scope, err := m.ResolveLocationScope(c, s.Repository.DB())
+	productWarehouse, err := s.Repository.GetByID(c.Context(), id, s.withRelations)
-	if err != nil {
-		return nil, err
-	}
-
-	productWarehouse, err := s.Repository.GetByID(c.Context(), id, func(db *gorm.DB) *gorm.DB {
-		db = s.withRelations(db)
-		if scope.Restrict {
-			if len(scope.IDs) == 0 {
-				return db.Where("1 = 0")
-			}
-			db = db.Joins("JOIN warehouses w_scope ON product_warehouses.warehouse_id = w_scope.id").
-				Where("w_scope.location_id IN ?", scope.IDs)
-		}
-		return db
-	})
 	if errors.Is(err, gorm.ErrRecordNotFound) {
 		return nil, fiber.NewError(fiber.StatusNotFound, "ProductWarehouse not found")
 	}

internal/modules/inventory/transfers/services/transfer.service.go

@@ -94,24 +94,10 @@ func (s transferService) GetAll(c *fiber.Ctx, params *validation.Query) ([]entit
 		return nil, 0, err
 	}
 
-	scope, err := m.ResolveLocationScope(c, s.StockTransferRepo.DB())
-	if err != nil {
-		return nil, 0, err
-	}
-
 	offset := (params.Page - 1) * params.Limit
 
 	transfers, total, err := s.StockTransferRepo.GetAll(c.Context(), offset, params.Limit, func(db *gorm.DB) *gorm.DB {
 		db = s.withRelations(db)
-		if scope.Restrict {
-			if len(scope.IDs) == 0 {
-				return db.Where("1 = 0")
-			}
-			db = db.
-				Joins("JOIN warehouses w_from ON w_from.id = stock_transfers.from_warehouse_id").
-				Joins("JOIN warehouses w_to ON w_to.id = stock_transfers.to_warehouse_id").
-				Where("w_from.location_id IN ? OR w_to.location_id IN ?", scope.IDs, scope.IDs)
-		}
 		if params.Search != "" {
 			db = db.Where("movement_number ILIKE ?", "%"+strings.TrimSpace(params.Search)+"%")
 		}
@@ -126,28 +112,6 @@ func (s transferService) GetAll(c *fiber.Ctx, params *validation.Query) ([]entit
 }
 
 func (s transferService) GetOne(c *fiber.Ctx, id uint) (*entity.StockTransfer, error) {
-	scope, err := m.ResolveLocationScope(c, s.StockTransferRepo.DB())
-	if err != nil {
-		return nil, err
-	}
-	if scope.Restrict {
-		if len(scope.IDs) == 0 {
-			return nil, fiber.NewError(fiber.StatusNotFound, "Transfer not found")
-		}
-		var count int64
-		if err := s.StockTransferRepo.DB().WithContext(c.Context()).
-			Table("stock_transfers").
-			Joins("JOIN warehouses w_from ON w_from.id = stock_transfers.from_warehouse_id").
-			Joins("JOIN warehouses w_to ON w_to.id = stock_transfers.to_warehouse_id").
-			Where("stock_transfers.id = ?", id).
-			Where("w_from.location_id IN ? OR w_to.location_id IN ?", scope.IDs, scope.IDs).
-			Count(&count).Error; err != nil {
-			return nil, err
-		}
-		if count == 0 {
-			return nil, fiber.NewError(fiber.StatusNotFound, "Transfer not found")
-		}
-	}
 
 	transferPtr, err := s.StockTransferRepo.GetByID(c.Context(), id, func(db *gorm.DB) *gorm.DB {
 		return s.withRelations(db)

internal/modules/master/areas/services/area.service.go

@@ -47,21 +47,10 @@ func (s areaService) GetAll(c *fiber.Ctx, params *validation.Query) ([]entity.Ar
 		return nil, 0, err
 	}
 
-	scope, err := m.ResolveAreaScope(c, s.Repository.DB())
-	if err != nil {
-		return nil, 0, err
-	}
-
 	offset := (params.Page - 1) * params.Limit
 
 	areas, total, err := s.Repository.GetAll(c.Context(), offset, params.Limit, func(db *gorm.DB) *gorm.DB {
 		db = s.withRelations(db)
-		if scope.Restrict {
-			if len(scope.IDs) == 0 {
-				return db.Where("1 = 0")
-			}
-			db = db.Where("id IN ?", scope.IDs)
-		}
 		if params.Search != "" {
 			return db.Where("name ILIKE ?", "%"+params.Search+"%")
 		}
@@ -76,21 +65,7 @@ func (s areaService) GetAll(c *fiber.Ctx, params *validation.Query) ([]entity.Ar
 }
 
 func (s areaService) GetOne(c *fiber.Ctx, id uint) (*entity.Area, error) {
-	scope, err := m.ResolveAreaScope(c, s.Repository.DB())
+	area, err := s.Repository.GetByID(c.Context(), id, s.withRelations)
-	if err != nil {
-		return nil, err
-	}
-
-	area, err := s.Repository.GetByID(c.Context(), id, func(db *gorm.DB) *gorm.DB {
-		db = s.withRelations(db)
-		if scope.Restrict {
-			if len(scope.IDs) == 0 {
-				return db.Where("1 = 0")
-			}
-			db = db.Where("id IN ?", scope.IDs)
-		}
-		return db
-	})
 	if errors.Is(err, gorm.ErrRecordNotFound) {
 		return nil, fiber.NewError(fiber.StatusNotFound, "Area not found")
 	}

internal/modules/master/kandangs/services/kandang.service.go

@@ -49,16 +49,10 @@ func (s kandangService) GetAll(c *fiber.Ctx, params *validation.Query) ([]entity
 		return nil, 0, err
 	}
 
-	scope, err := m.ResolveLocationScope(c, s.Repository.DB())
-	if err != nil {
-		return nil, 0, err
-	}
-
 	offset := (params.Page - 1) * params.Limit
 
 	kandangs, total, err := s.Repository.GetAll(c.Context(), offset, params.Limit, func(db *gorm.DB) *gorm.DB {
 		db = s.withRelations(db)
-		db = m.ApplyScopeFilter(db, scope, "location_id")
 		if params.Search != "" {
 			return db.Where("name ILIKE ?", "%"+params.Search+"%")
 		}
@@ -79,16 +73,7 @@ func (s kandangService) GetAll(c *fiber.Ctx, params *validation.Query) ([]entity
 }
 
 func (s kandangService) GetOne(c *fiber.Ctx, id uint) (*entity.Kandang, error) {
-	scope, err := m.ResolveLocationScope(c, s.Repository.DB())
+	kandang, err := s.Repository.GetByID(c.Context(), id, s.withRelations)
-	if err != nil {
-		return nil, err
-	}
-
-	kandang, err := s.Repository.GetByID(c.Context(), id, func(db *gorm.DB) *gorm.DB {
-		db = s.withRelations(db)
-		db = m.ApplyScopeFilter(db, scope, "location_id")
-		return db
-	})
 	if errors.Is(err, gorm.ErrRecordNotFound) {
 		return nil, fiber.NewError(fiber.StatusNotFound, "Kandang not found")
 	}

internal/modules/master/locations/services/location.service.go

@@ -47,21 +47,10 @@ func (s locationService) GetAll(c *fiber.Ctx, params *validation.Query) ([]entit
 		return nil, 0, err
 	}
 
-	scope, err := m.ResolveLocationScope(c, s.Repository.DB())
-	if err != nil {
-		return nil, 0, err
-	}
-
 	offset := (params.Page - 1) * params.Limit
 
 	locations, total, err := s.Repository.GetAll(c.Context(), offset, params.Limit, func(db *gorm.DB) *gorm.DB {
 		db = s.withRelations(db)
-		if scope.Restrict {
-			if len(scope.IDs) == 0 {
-				return db.Where("1 = 0")
-			}
-			db = db.Where("id IN ?", scope.IDs)
-		}
 		if params.Search != "" {
 			db = db.Where("name ILIKE ?", "%"+params.Search+"%")
 		}
@@ -79,21 +68,7 @@ func (s locationService) GetAll(c *fiber.Ctx, params *validation.Query) ([]entit
 }
 
 func (s locationService) GetOne(c *fiber.Ctx, id uint) (*entity.Location, error) {
-	scope, err := m.ResolveLocationScope(c, s.Repository.DB())
+	location, err := s.Repository.GetByID(c.Context(), id, s.withRelations)
-	if err != nil {
-		return nil, err
-	}
-
-	location, err := s.Repository.GetByID(c.Context(), id, func(db *gorm.DB) *gorm.DB {
-		db = s.withRelations(db)
-		if scope.Restrict {
-			if len(scope.IDs) == 0 {
-				return db.Where("1 = 0")
-			}
-			db = db.Where("id IN ?", scope.IDs)
-		}
-		return db
-	})
 	if errors.Is(err, gorm.ErrRecordNotFound) {
 		return nil, fiber.NewError(fiber.StatusNotFound, "Location not found")
 	}

internal/modules/master/warehouses/services/warehouse.service.go

@@ -48,16 +48,10 @@ func (s warehouseService) GetAll(c *fiber.Ctx, params *validation.Query) ([]enti
 		return nil, 0, err
 	}
 
-	scope, err := m.ResolveAreaScope(c, s.Repository.DB())
-	if err != nil {
-		return nil, 0, err
-	}
-
 	offset := (params.Page - 1) * params.Limit
 
 	warehouses, total, err := s.Repository.GetAll(c.Context(), offset, params.Limit, func(db *gorm.DB) *gorm.DB {
 		db = s.withRelations(db)
-		db = m.ApplyScopeFilter(db, scope, "area_id")
 		if params.Search != "" {
 			db = db.Where("warehouses.name ILIKE ?", "%"+params.Search+"%")
 		}
@@ -92,16 +86,7 @@ func (s warehouseService) GetAll(c *fiber.Ctx, params *validation.Query) ([]enti
 }
 
 func (s warehouseService) GetOne(c *fiber.Ctx, id uint) (*entity.Warehouse, error) {
-	scope, err := m.ResolveAreaScope(c, s.Repository.DB())
+	warehouse, err := s.Repository.GetByID(c.Context(), id, s.withRelations)
-	if err != nil {
-		return nil, err
-	}
-
-	warehouse, err := s.Repository.GetByID(c.Context(), id, func(db *gorm.DB) *gorm.DB {
-		db = s.withRelations(db)
-		db = m.ApplyScopeFilter(db, scope, "area_id")
-		return db
-	})
 	if errors.Is(err, gorm.ErrRecordNotFound) {
 		return nil, fiber.NewError(fiber.StatusNotFound, "Warehouse not found")
 	}

internal/modules/production/project-flock-kandangs/services/project_flock_kandang.service.go

@@ -88,14 +88,9 @@ func (s projectFlockKandangService) GetAll(c *fiber.Ctx, params *validation.Quer
 		return nil, 0, err
 	}
 
-	scope, err := m.ResolveLocationScope(c, s.Repository.DB())
-	if err != nil {
-		return nil, 0, err
-	}
-
 	offset := (params.Page - 1) * params.Limit
 
-	projectFlockKandangs, total, err := s.Repository.GetAllWithFiltersScoped(c.Context(), offset, params.Limit, params, scope.IDs, scope.Restrict)
+	projectFlockKandangs, total, err := s.Repository.GetAllWithFilters(c.Context(), offset, params.Limit, params)
 
 	if err != nil {
 		s.Log.Errorf("Failed to get projectFlockKandangs: %+v", err)
@@ -111,28 +106,6 @@ func (s projectFlockKandangService) GetAll(c *fiber.Ctx, params *validation.Quer
 }
 
 func (s projectFlockKandangService) GetOne(c *fiber.Ctx, id uint) (*entity.ProjectFlockKandang, map[uint]float64, []entity.ProductWarehouse, error) {
-	scope, err := m.ResolveLocationScope(c, s.Repository.DB())
-	if err != nil {
-		return nil, nil, nil, err
-	}
-	if scope.Restrict {
-		if len(scope.IDs) == 0 {
-			return nil, nil, nil, fiber.NewError(fiber.StatusNotFound, "ProjectFlockKandang not found")
-		}
-		var count int64
-		if err := s.Repository.DB().WithContext(c.Context()).
-			Table("project_flock_kandangs").
-			Joins("JOIN project_flocks ON project_flocks.id = project_flock_kandangs.project_flock_id").
-			Where("project_flock_kandangs.id = ?", id).
-			Where("project_flocks.location_id IN ?", scope.IDs).
-			Count(&count).Error; err != nil {
-			return nil, nil, nil, err
-		}
-		if count == 0 {
-			return nil, nil, nil, fiber.NewError(fiber.StatusNotFound, "ProjectFlockKandang not found")
-		}
-	}
-
 	projectFlockKandang, err := s.Repository.GetByID(c.Context(), id)
 	if errors.Is(err, gorm.ErrRecordNotFound) {
 		return nil, nil, nil, fiber.NewError(fiber.StatusNotFound, "ProjectFlockKandang not found")

internal/modules/production/project_flocks/repositories/projectflock.repository.go

@@ -14,7 +14,6 @@ import (
 type ProjectflockRepository interface {
 	repository.BaseRepository[entity.ProjectFlock]
 	GetAllWithFilters(ctx context.Context, offset, limit int, params *validation.Query) ([]entity.ProjectFlock, int64, error)
-	GetAllWithFiltersScoped(ctx context.Context, offset, limit int, params *validation.Query, locationIDs []uint, restrict bool) ([]entity.ProjectFlock, int64, error)
 	WithDefaultRelations() func(*gorm.DB) *gorm.DB
 	ExistsByFlockName(ctx context.Context, flockName string, excludeID *uint) (bool, error)
 	GetNextPeriodsForKandangs(ctx context.Context, kandangIDs []uint) (map[uint]int, error)
@@ -49,19 +48,6 @@ func (r *ProjectflockRepositoryImpl) GetAllWithFilters(ctx context.Context, offs
 	})
 }
 
-func (r *ProjectflockRepositoryImpl) GetAllWithFiltersScoped(ctx context.Context, offset, limit int, params *validation.Query, locationIDs []uint, restrict bool) ([]entity.ProjectFlock, int64, error) {
-	return r.GetAll(ctx, offset, limit, func(db *gorm.DB) *gorm.DB {
-		db = r.applyQueryFilters(r.WithDefaultRelations()(db), params)
-		if restrict {
-			if len(locationIDs) == 0 {
-				return db.Where("1 = 0")
-			}
-			db = db.Where("project_flocks.location_id IN ?", locationIDs)
-		}
-		return db
-	})
-}
-
 func (r *ProjectflockRepositoryImpl) WithDefaultRelations() func(*gorm.DB) *gorm.DB {
 	return func(db *gorm.DB) *gorm.DB {
 		return db.

internal/modules/production/project_flocks/repositories/projectflock_kandang.repository.go

@@ -20,7 +20,6 @@ type ProjectFlockKandangRepository interface {
 	DeleteMany(ctx context.Context, projectFlockID uint, kandangIDs []uint) error
 	GetAll(ctx context.Context, offset int, limit int, modifier func(*gorm.DB) *gorm.DB) ([]entity.ProjectFlockKandang, int64, error)
 	GetAllWithFilters(ctx context.Context, offset int, limit int, params interface{}) ([]entity.ProjectFlockKandang, int64, error)
-	GetAllWithFiltersScoped(ctx context.Context, offset int, limit int, params interface{}, locationIDs []uint, restrict bool) ([]entity.ProjectFlockKandang, int64, error)
 	GetByProjectFlockID(ctx context.Context, projectFlockID uint) ([]entity.ProjectFlockKandang, error)
 	ListExistingKandangIDs(ctx context.Context, projectFlockID uint, kandangIDs []uint) ([]uint, error)
 	HasKandangsLinkedToOtherProject(ctx context.Context, kandangIDs []uint, exceptProjectID *uint) (bool, error)
@@ -197,104 +196,6 @@ func (r *projectFlockKandangRepositoryImpl) GetAllWithFilters(ctx context.Contex
 	return records, total, nil
 }
 
-func (r *projectFlockKandangRepositoryImpl) GetAllWithFiltersScoped(ctx context.Context, offset int, limit int, params interface{}, locationIDs []uint, restrict bool) ([]entity.ProjectFlockKandang, int64, error) {
-	var records []entity.ProjectFlockKandang
-	var total int64
-
-	query, ok := params.(*validation.Query)
-
-	q := r.db.WithContext(ctx).
-		Joins("JOIN \"kandangs\" ON \"project_flock_kandangs\".\"kandang_id\" = \"kandangs\".\"id\"").
-		Joins("JOIN \"project_flocks\" ON \"project_flock_kandangs\".\"project_flock_id\" = \"project_flocks\".\"id\"").
-		Preload("ProjectFlock").
-		Preload("ProjectFlock.Fcr").
-		Preload("ProjectFlock.Area").
-		Preload("ProjectFlock.Location").
-		Preload("ProjectFlock.CreatedUser").
-		Preload("ProjectFlock.Kandangs").
-		Preload("ProjectFlock.KandangHistory").
-		Preload("Kandang").
-		Preload("Chickins").
-		Preload("Chickins.CreatedUser").
-		Preload("Chickins.ProductWarehouse")
-
-	if restrict {
-		if len(locationIDs) == 0 {
-			return []entity.ProjectFlockKandang{}, 0, nil
-		}
-		q = q.Where("\"project_flocks\".\"location_id\" IN ?", locationIDs)
-	}
-
-	if ok && query != nil && query.StepName != "" {
-		q = q.Where(`
-			EXISTS (
-				SELECT 1 FROM "approvals"
-				WHERE "approvals"."approvable_id" = "project_flock_kandangs"."id"
-				AND "approvals"."approvable_type" = ?
-				AND LOWER("approvals"."step_name") = LOWER(?)
-				AND "approvals"."id" IN (
-					SELECT "approvals"."id" FROM "approvals"
-					WHERE "approvals"."approvable_id" = "project_flock_kandangs"."id"
-					AND "approvals"."approvable_type" = ?
-					ORDER BY "approvals"."id" DESC
-					LIMIT 1
-				)
-			)
-		`, "PROJECT_FLOCK_KANDANGS", query.StepName, "PROJECT_FLOCK_KANDANGS")
-	}
-
-	if ok && query != nil {
-		if query.Search != "" {
-			escapedSearch := strings.NewReplacer("\\", "\\\\", "%", "\\%", "_", "\\_").Replace(query.Search)
-			q = q.Where(
-				r.db.Where("LOWER(\"kandangs\".\"name\") LIKE LOWER(?) ESCAPE '\\'", "%"+escapedSearch+"%").
-					Or("LOWER(\"project_flocks\".\"flock_name\") LIKE LOWER(?) ESCAPE '\\'", "%"+escapedSearch+"%"),
-			)
-		}
-
-		if query.ProjectFlockId > 0 {
-			q = q.Where("\"project_flock_kandangs\".\"project_flock_id\" = ?", query.ProjectFlockId)
-		}
-
-		if query.KandangId > 0 {
-			q = q.Where("\"project_flock_kandangs\".\"kandang_id\" = ?", query.KandangId)
-		}
-
-		if query.Category != "" {
-			q = q.Where("\"project_flocks\".\"category\" = ?", query.Category)
-		}
-
-		if query.AreaId > 0 {
-			q = q.Where("\"project_flocks\".\"area_id\" = ?", query.AreaId)
-		}
-	}
-
-	if err := q.Model(&entity.ProjectFlockKandang{}).Count(&total).Error; err != nil {
-		return nil, 0, err
-	}
-
-	sortBy := "\"project_flock_kandangs\".\"created_at\" DESC"
-	if ok && query != nil && query.SortBy != "" {
-		sortOrder := "DESC"
-		if query.SortOrder == "ASC" {
-			sortOrder = "ASC"
-		}
-
-		switch query.SortBy {
-		case "created_at":
-			sortBy = "\"project_flock_kandangs\".\"created_at\" " + sortOrder
-		case "period":
-			sortBy = "\"project_flocks\".\"period\" " + sortOrder
-		}
-	}
-
-	if err := q.Order(sortBy).Offset(offset).Limit(limit).Find(&records).Error; err != nil {
-		return nil, 0, err
-	}
-
-	return records, total, nil
-}
-
 func (r *projectFlockKandangRepositoryImpl) WithTx(tx *gorm.DB) ProjectFlockKandangRepository {
 	return &projectFlockKandangRepositoryImpl{db: tx}
 }

internal/modules/production/project_flocks/services/projectflock.service.go

@@ -114,14 +114,9 @@ func (s projectflockService) GetAll(c *fiber.Ctx, params *validation.Query) ([]e
 		return nil, 0, nil, err
 	}
 
-	scope, err := m.ResolveLocationScope(c, s.Repository.DB())
-	if err != nil {
-		return nil, 0, nil, err
-	}
-
 	offset := (params.Page - 1) * params.Limit
 
-	projectflocks, total, err := s.Repository.GetAllWithFiltersScoped(c.Context(), offset, params.Limit, params, scope.IDs, scope.Restrict)
+	projectflocks, total, err := s.Repository.GetAllWithFilters(c.Context(), offset, params.Limit, params)
 
 	if err != nil {
 		s.Log.Errorf("Failed to get projectflocks: %+v", err)
@@ -195,16 +190,7 @@ func (s projectflockService) getOneEntityOnly(c *fiber.Ctx, id uint) (*entity.Pr
 }
 
 func (s projectflockService) GetOne(c *fiber.Ctx, id uint) (*entity.ProjectFlock, *flockDTO.FlockRelationDTO, error) {
-	scope, err := m.ResolveLocationScope(c, s.Repository.DB())
+	projectflock, err := s.Repository.GetByID(c.Context(), id, s.Repository.WithDefaultRelations())
-	if err != nil {
-		return nil, nil, err
-	}
-
-	projectflock, err := s.Repository.GetByID(c.Context(), id, func(db *gorm.DB) *gorm.DB {
-		db = s.Repository.WithDefaultRelations()(db)
-		db = m.ApplyScopeFilter(db, scope, "project_flocks.location_id")
-		return db
-	})
 	if errors.Is(err, gorm.ErrRecordNotFound) {
 		return nil, nil, fiber.NewError(fiber.StatusNotFound, "Projectflock not found")
 	}

internal/modules/purchases/services/purchase.service.go

@@ -124,11 +124,6 @@ func (s *purchaseService) GetAll(c *fiber.Ctx, params *validation.Query) ([]enti
 		return nil, 0, err
 	}
 
-	scope, err := m.ResolveLocationScope(c, s.PurchaseRepo.DB())
-	if err != nil {
-		return nil, 0, err
-	}
-
 	offset := (params.Page - 1) * params.Limit
 
 	createdFrom, createdTo, err := utils.ParseDateRangeForQuery(params.CreatedFrom, params.CreatedTo)
@@ -152,21 +147,6 @@ func (s *purchaseService) GetAll(c *fiber.Ctx, params *validation.Query) ([]enti
 			db = db.Where("created_at < ?", *createdTo)
 		}
 
-		if scope.Restrict {
-			if len(scope.IDs) == 0 {
-				return db.Where("1 = 0")
-			}
-			db = db.Where(
-				`EXISTS (
-					SELECT 1
-					FROM purchase_items pi
-					JOIN warehouses w ON w.id = pi.warehouse_id
-					WHERE pi.purchase_id = purchases.id AND w.location_id IN ?
-				)`,
-				scope.IDs,
-			)
-		}
-
 		if params.AreaID > 0 {
 			db = db.Where(
 				`EXISTS (
@@ -221,42 +201,7 @@ func (s *purchaseService) GetAll(c *fiber.Ctx, params *validation.Query) ([]enti
 }
 
 func (s *purchaseService) GetOne(c *fiber.Ctx, id uint) (*entity.Purchase, error) {
-	scope, err := m.ResolveLocationScope(c, s.PurchaseRepo.DB())
+	return s.loadPurchase(c.Context(), id)
-	if err != nil {
-		return nil, err
-	}
-
-	purchase, err := s.PurchaseRepo.GetByID(c.Context(), id, func(db *gorm.DB) *gorm.DB {
-		db = s.withRelations(db)
-		if scope.Restrict {
-			if len(scope.IDs) == 0 {
-				return db.Where("1 = 0")
-			}
-			db = db.Where(
-				`EXISTS (
-					SELECT 1
-					FROM purchase_items pi
-					JOIN warehouses w ON w.id = pi.warehouse_id
-					WHERE pi.purchase_id = purchases.id AND w.location_id IN ?
-				)`,
-				scope.IDs,
-			)
-		}
-		return db
-	})
-	if err != nil {
-		if errors.Is(err, gorm.ErrRecordNotFound) {
-			return nil, utils.NotFound("Purchase not found")
-		}
-		s.Log.Errorf("Failed to get purchase %d: %+v", id, err)
-		return nil, utils.Internal("Failed to get purchase")
-	}
-	if err := s.attachLatestApproval(c.Context(), purchase); err != nil {
-		s.Log.Warnf("Unable to attach latest approval for purchase %d: %+v", id, err)
-	}
-	s.applyTravelDocumentURLs(c.Context(), purchase)
-
-	return purchase, nil
 }
 
 func (s *purchaseService) CreateOne(c *fiber.Ctx, req *validation.CreatePurchaseRequest) (*entity.Purchase, error) {

internal/modules/repports/controllers/repport.controller.go

@@ -5,7 +5,6 @@ import (
 	"strconv"
 	"strings"
 
-	m "gitlab.com/mbugroup/lti-api.git/internal/middleware"
 	"gitlab.com/mbugroup/lti-api.git/internal/modules/repports/dto"
 	service "gitlab.com/mbugroup/lti-api.git/internal/modules/repports/services"
 	validation "gitlab.com/mbugroup/lti-api.git/internal/modules/repports/validations"
@@ -50,21 +49,6 @@ func (c *RepportController) GetExpense(ctx *fiber.Ctx) error {
 		RealizationDate:       ctx.Query("realization_date", ""),
 	}
 
-	locationScope, err := m.ResolveLocationScope(ctx, c.RepportService.DB())
-	if err != nil {
-		return err
-	}
-	areaScope, err := m.ResolveAreaScope(ctx, c.RepportService.DB())
-	if err != nil {
-		return err
-	}
-	if locationScope.Restrict {
-		query.AllowedLocationIDs = toInt64Slice(locationScope.IDs)
-	}
-	if areaScope.Restrict {
-		query.AllowedAreaIDs = toInt64Slice(areaScope.IDs)
-	}
-
 	if query.Page < 1 || query.Limit < 1 {
 		return fiber.NewError(fiber.StatusBadRequest, "page and limit must be greater than 0")
 	}
@@ -146,14 +130,6 @@ func (c *RepportController) GetPurchaseSupplier(ctx *fiber.Ctx) error {
 		FilterBy:          ctx.Query("filter_by", ""),
 	}
 
-	areaScope, err := m.ResolveAreaScope(ctx, c.RepportService.DB())
-	if err != nil {
-		return err
-	}
-	if areaScope.Restrict {
-		query.AllowedAreaIDs = toInt64Slice(areaScope.IDs)
-	}
-
 	if query.Page < 1 || query.Limit < 1 {
 		return fiber.NewError(fiber.StatusBadRequest, "page and limit must be greater than 0")
 	}
@@ -330,14 +306,3 @@ func parseCommaSeparatedInt64s(raw string) ([]int64, error) {
 
 	return result, nil
 }
-
-func toInt64Slice(ids []uint) []int64 {
-	if len(ids) == 0 {
-		return nil
-	}
-	out := make([]int64, 0, len(ids))
-	for _, id := range ids {
-		out = append(out, int64(id))
-	}
-	return out
-}

internal/modules/repports/repositories/purchase_supplier.repository.go

@@ -53,18 +53,10 @@ func (r *purchaseSupplierRepositoryImpl) baseSupplierQuery(ctx context.Context,
 			Where("products.product_category_id = ?", filters.ProductCategoryId)
 	}
 
-	if filters.AreaId > 0 || filters.AllowedAreaIDs != nil {
+	if filters.AreaId > 0 {
-		db = db.Joins("JOIN warehouses ON warehouses.id = purchase_items.warehouse_id")
+		db = db.
-		if filters.AreaId > 0 {
+			Joins("JOIN warehouses ON warehouses.id = purchase_items.warehouse_id").
-			db = db.Where("warehouses.area_id = ?", filters.AreaId)
+			Where("warehouses.area_id = ?", filters.AreaId)
-		}
-		if filters.AllowedAreaIDs != nil {
-			if len(filters.AllowedAreaIDs) == 0 {
-				db = db.Where("1 = 0")
-			} else {
-				db = db.Where("warehouses.area_id IN ?", filters.AllowedAreaIDs)
-			}
-		}
 	}
 
 	if filters.StartDate != "" {
@@ -172,18 +164,10 @@ func (r *purchaseSupplierRepositoryImpl) GetItemsBySuppliers(ctx context.Context
 			Where("products.product_category_id = ?", filters.ProductCategoryId)
 	}
 
-	if filters.AreaId > 0 || filters.AllowedAreaIDs != nil {
+	if filters.AreaId > 0 {
-		db = db.Joins("JOIN warehouses ON warehouses.id = purchase_items.warehouse_id")
+		db = db.
-		if filters.AreaId > 0 {
+			Joins("JOIN warehouses ON warehouses.id = purchase_items.warehouse_id").
-			db = db.Where("warehouses.area_id = ?", filters.AreaId)
+			Where("warehouses.area_id = ?", filters.AreaId)
-		}
-		if filters.AllowedAreaIDs != nil {
-			if len(filters.AllowedAreaIDs) == 0 {
-				db = db.Where("1 = 0")
-			} else {
-				db = db.Where("warehouses.area_id IN ?", filters.AllowedAreaIDs)
-			}
-		}
 	}
 
 	if filters.StartDate != "" {

internal/modules/repports/services/repport.service.go

@@ -9,7 +9,6 @@ import (
 	"strings"
 	"time"
 
-	m "gitlab.com/mbugroup/lti-api.git/internal/middleware"
 	"gitlab.com/mbugroup/lti-api.git/internal/modules/repports/dto"
 	repportRepo "gitlab.com/mbugroup/lti-api.git/internal/modules/repports/repositories"
 	validation "gitlab.com/mbugroup/lti-api.git/internal/modules/repports/validations"
@@ -41,7 +40,6 @@ type RepportService interface {
 	GetDebtSupplier(ctx *fiber.Ctx, params *validation.DebtSupplierQuery) ([]dto.DebtSupplierDTO, int64, error)
 	GetHppPerKandang(ctx *fiber.Ctx) (*dto.HppPerKandangResponseData, *dto.HppPerKandangMetaDTO, error)
 	GetProductionResult(ctx *fiber.Ctx, params *validation.ProductionResultQuery) ([]dto.ProductionResultDTO, int64, error)
-	DB() *gorm.DB
 }
 
 type repportService struct {
@@ -97,10 +95,6 @@ func NewRepportService(
 	}
 }
 
-func (s *repportService) DB() *gorm.DB {
-	return s.ExpenseRealizationRepo.DB()
-}
-
 func (s *repportService) GetExpense(c *fiber.Ctx, params *validation.ExpenseQuery) ([]dto.RepportExpenseListDTO, int64, error) {
 	if err := s.Validate.Struct(params); err != nil {
 		return nil, 0, err
@@ -1309,36 +1303,6 @@ func (s *repportService) parseHppPerKandangQuery(ctx *fiber.Ctx) (*validation.Hp
 		return nil, dto.HppPerKandangFiltersDTO{}, fiber.NewError(fiber.StatusBadRequest, err.Error())
 	}
 
-	locationScope, err := m.ResolveLocationScope(ctx, s.ExpenseRealizationRepo.DB())
-	if err != nil {
-		return nil, dto.HppPerKandangFiltersDTO{}, err
-	}
-	areaScope, err := m.ResolveAreaScope(ctx, s.ExpenseRealizationRepo.DB())
-	if err != nil {
-		return nil, dto.HppPerKandangFiltersDTO{}, err
-	}
-
-	if locationScope.Restrict {
-		allowed := toInt64Slice(locationScope.IDs)
-		if len(allowed) == 0 {
-			locationIDs = []int64{-1}
-		} else if len(locationIDs) > 0 {
-			locationIDs = intersectInt64(locationIDs, allowed)
-		} else {
-			locationIDs = allowed
-		}
-	}
-	if areaScope.Restrict {
-		allowed := toInt64Slice(areaScope.IDs)
-		if len(allowed) == 0 {
-			areaIDs = []int64{-1}
-		} else if len(areaIDs) > 0 {
-			areaIDs = intersectInt64(areaIDs, allowed)
-		} else {
-			areaIDs = allowed
-		}
-	}
-
 	weightMin, err := parseOptionalFloat64(rawWeightMin)
 	if err != nil {
 		return nil, dto.HppPerKandangFiltersDTO{}, fiber.NewError(fiber.StatusBadRequest, err.Error())
@@ -1402,34 +1366,6 @@ func parseCommaSeparatedInt64s(raw string) ([]int64, error) {
 	return result, nil
 }
 
-func toInt64Slice(ids []uint) []int64 {
-	if len(ids) == 0 {
-		return nil
-	}
-	out := make([]int64, 0, len(ids))
-	for _, id := range ids {
-		out = append(out, int64(id))
-	}
-	return out
-}
-
-func intersectInt64(a, b []int64) []int64 {
-	if len(a) == 0 || len(b) == 0 {
-		return nil
-	}
-	set := make(map[int64]struct{}, len(b))
-	for _, id := range b {
-		set[id] = struct{}{}
-	}
-	out := make([]int64, 0, len(a))
-	for _, id := range a {
-		if _, ok := set[id]; ok {
-			out = append(out, id)
-		}
-	}
-	return out
-}
-
 func parseOptionalFloat64(raw string) (*float64, error) {
 	raw = strings.TrimSpace(raw)
 	if raw == "" {

internal/modules/repports/validations/repport.validation.go

@@ -13,8 +13,6 @@ type ExpenseQuery struct {
 	AreaId                int64  `query:"area_id" validate:"omitempty"`
 	LocationId            int64  `query:"location_id" validate:"omitempty"`
 	RealizationDate       string `query:"realization_date" validate:"omitempty"`
-	AllowedAreaIDs        []int64 `query:"-"`
-	AllowedLocationIDs    []int64 `query:"-"`
 }
 
 type MarketingQuery struct {
@@ -44,7 +42,6 @@ type PurchaseSupplierQuery struct {
 	EndDate           string `query:"end_date" validate:"omitempty"`
 	SortBy            string `query:"sort_by" validate:"omitempty"`
 	FilterBy          string `query:"filter_by" validate:"omitempty"`
-	AllowedAreaIDs    []int64 `query:"-"`
 }
 
 type DebtSupplierQuery struct {

internal/modules/sso/controllers/master_data.controller.go

@@ -1,331 +0,0 @@
-package controllers
-
-import (
-	"context"
-	"crypto/hmac"
-	"crypto/sha256"
-	"encoding/base64"
-	"encoding/hex"
-	"errors"
-	"fmt"
-	"strconv"
-	"strings"
-	"sync"
-	"time"
-
-	"github.com/gofiber/fiber/v2"
-	"github.com/redis/go-redis/v9"
-	"gorm.io/gorm"
-
-	"gitlab.com/mbugroup/lti-api.git/internal/config"
-	entity "gitlab.com/mbugroup/lti-api.git/internal/entities"
-	sso "gitlab.com/mbugroup/lti-api.git/internal/modules/sso/verifier"
-	"gitlab.com/mbugroup/lti-api.git/internal/response"
-	"gitlab.com/mbugroup/lti-api.git/internal/utils"
-)
-
-type MasterDataController struct {
-	db         *gorm.DB
-	redis      *redis.Client
-	clients    map[string]config.SSOClientConfig
-	drift      time.Duration
-	nonceTTL   time.Duration
-	localNonce sync.Map
-}
-
-type masterArea struct {
-	ID   uint   `json:"id"`
-	Name string `json:"name"`
-}
-
-type masterLocation struct {
-	ID     uint   `json:"id"`
-	Name   string `json:"name"`
-	AreaID uint   `json:"area_id"`
-}
-
-func NewMasterDataController(db *gorm.DB, redis *redis.Client, clients map[string]config.SSOClientConfig) *MasterDataController {
-	normalized := make(map[string]config.SSOClientConfig, len(clients))
-	for alias, cfg := range clients {
-		alias = strings.ToLower(strings.TrimSpace(alias))
-		normalized[alias] = cfg
-	}
-
-	drift := config.SSOUserSyncDrift
-	if drift <= 0 {
-		drift = 2 * time.Minute
-	}
-
-	nonceTTL := config.SSOUserSyncNonceTTL
-	if nonceTTL <= 0 {
-		nonceTTL = 10 * time.Minute
-	}
-
-	return &MasterDataController{
-		db:       db,
-		redis:    redis,
-		clients:  normalized,
-		drift:    drift,
-		nonceTTL: nonceTTL,
-	}
-}
-
-func (h *MasterDataController) GetAreas(c *fiber.Ctx) error {
-	if _, _, err := h.authenticate(c, nil); err != nil {
-		return err
-	}
-
-	search := strings.TrimSpace(c.Query("search", ""))
-	ids := parseUintList(c.Query("ids", ""))
-
-	query := h.db.WithContext(c.Context()).
-		Model(&entity.Area{}).
-		Where("deleted_at IS NULL")
-	if search != "" {
-		query = query.Where("name ILIKE ?", "%"+search+"%")
-	}
-	if len(ids) > 0 {
-		query = query.Where("id IN ?", ids)
-	}
-
-	var areas []masterArea
-	if err := query.Order("name ASC").Find(&areas).Error; err != nil {
-		utils.Log.WithError(err).Error("failed to fetch areas for master data")
-		return fiber.NewError(fiber.StatusInternalServerError, "failed to fetch areas")
-	}
-
-	return c.Status(fiber.StatusOK).JSON(response.Success{
-		Code:    fiber.StatusOK,
-		Status:  "success",
-		Message: "Get areas successfully",
-		Data:    areas,
-	})
-}
-
-func (h *MasterDataController) GetLocations(c *fiber.Ctx) error {
-	if _, _, err := h.authenticate(c, nil); err != nil {
-		return err
-	}
-
-	search := strings.TrimSpace(c.Query("search", ""))
-	areaIDs := parseUintList(c.Query("area_ids", ""))
-	ids := parseUintList(c.Query("ids", ""))
-
-	query := h.db.WithContext(c.Context()).
-		Model(&entity.Location{}).
-		Where("deleted_at IS NULL")
-	if search != "" {
-		query = query.Where("name ILIKE ?", "%"+search+"%")
-	}
-	if len(areaIDs) > 0 {
-		query = query.Where("area_id IN ?", areaIDs)
-	}
-	if len(ids) > 0 {
-		query = query.Where("id IN ?", ids)
-	}
-
-	var locations []masterLocation
-	if err := query.Order("name ASC").Find(&locations).Error; err != nil {
-		utils.Log.WithError(err).Error("failed to fetch locations for master data")
-		return fiber.NewError(fiber.StatusInternalServerError, "failed to fetch locations")
-	}
-
-	return c.Status(fiber.StatusOK).JSON(response.Success{
-		Code:    fiber.StatusOK,
-		Status:  "success",
-		Message: "Get locations successfully",
-		Data:    locations,
-	})
-}
-
-func (h *MasterDataController) authenticate(c *fiber.Ctx, body []byte) (string, config.SSOClientConfig, error) {
-	rawAlias := strings.TrimSpace(c.Get("X-Sync-Client"))
-	if rawAlias == "" {
-		return "", config.SSOClientConfig{}, fiber.NewError(fiber.StatusUnauthorized, "missing sync client header")
-	}
-
-	aliasKey := strings.ToLower(rawAlias)
-	clientCfg, ok := h.clients[aliasKey]
-	if !ok {
-		return "", config.SSOClientConfig{}, fiber.NewError(fiber.StatusUnauthorized, "unknown sync client")
-	}
-
-	if err := h.verifyAuthorization(c, aliasKey); err != nil {
-		return "", config.SSOClientConfig{}, err
-	}
-
-	secret := strings.TrimSpace(clientCfg.SyncSecret)
-	if secret == "" {
-		return "", config.SSOClientConfig{}, fiber.NewError(fiber.StatusUnauthorized, "sync secret not configured")
-	}
-
-	timestamp := strings.TrimSpace(c.Get("X-Sync-Timestamp"))
-	nonce := strings.TrimSpace(c.Get("X-Sync-Nonce"))
-	signature := strings.TrimSpace(c.Get("X-Sync-Signature"))
-	if timestamp == "" || nonce == "" || signature == "" {
-		return "", config.SSOClientConfig{}, fiber.NewError(fiber.StatusUnauthorized, "missing signature headers")
-	}
-	if len(nonce) < 16 {
-		return "", config.SSOClientConfig{}, fiber.NewError(fiber.StatusUnauthorized, "nonce too short")
-	}
-
-	ts, err := strconv.ParseInt(timestamp, 10, 64)
-	if err != nil {
-		return "", config.SSOClientConfig{}, fiber.NewError(fiber.StatusBadRequest, "invalid timestamp")
-	}
-
-	msgTime := time.Unix(ts, 0).UTC()
-	now := time.Now().UTC()
-	drift := now.Sub(msgTime)
-	if drift > h.drift || drift < -h.drift {
-		return "", config.SSOClientConfig{}, fiber.NewError(fiber.StatusUnauthorized, "timestamp outside allowed window")
-	}
-
-	providedSig, err := decodeMasterSignature(signature)
-	if err != nil {
-		return "", config.SSOClientConfig{}, fiber.NewError(fiber.StatusUnauthorized, "invalid signature encoding")
-	}
-
-	expectedSignature := calculateSignature(secret, rawAlias, timestamp, nonce, body)
-	if !hmac.Equal(providedSig, expectedSignature) {
-		return "", config.SSOClientConfig{}, fiber.NewError(fiber.StatusUnauthorized, "invalid signature")
-	}
-
-	if err := h.registerNonce(c.Context(), aliasKey, nonce); err != nil {
-		return "", config.SSOClientConfig{}, err
-	}
-
-	return aliasKey, clientCfg, nil
-}
-
-func (h *MasterDataController) verifyAuthorization(c *fiber.Ctx, alias string) error {
-	authHeader := strings.TrimSpace(c.Get(fiber.HeaderAuthorization))
-	if authHeader == "" {
-		return fiber.NewError(fiber.StatusUnauthorized, "missing authorization header")
-	}
-	parts := strings.SplitN(authHeader, " ", 2)
-	if len(parts) != 2 || !strings.EqualFold(parts[0], "Bearer") {
-		return fiber.NewError(fiber.StatusUnauthorized, "invalid authorization header")
-	}
-
-	token := strings.TrimSpace(parts[1])
-	if token == "" {
-		return fiber.NewError(fiber.StatusUnauthorized, "invalid authorization header")
-	}
-
-	verification, err := sso.VerifyAccessToken(token)
-	if err != nil {
-		return fiber.NewError(fiber.StatusUnauthorized, "invalid access token")
-	}
-
-	if verification.ServiceAlias == "" || verification.ServiceAlias != alias {
-		return fiber.NewError(fiber.StatusUnauthorized, "service subject mismatch")
-	}
-	if !hasAnyScope(verification.Claims.Scopes(), []string{"sync.master", "sync.users"}) {
-		return fiber.NewError(fiber.StatusForbidden, "missing sync scope")
-	}
-	return nil
-}
-
-func (h *MasterDataController) registerNonce(ctx context.Context, alias, nonce string) error {
-	ttl := h.nonceTTL
-	if ttl <= 0 {
-		ttl = 10 * time.Minute
-	}
-
-	key := fmt.Sprintf("sso:sync:%s:%s", alias, nonce)
-	if h.redis != nil {
-		stored, err := h.redis.SetNX(ctx, key, "1", ttl).Result()
-		if err == nil {
-			if !stored {
-				return fiber.NewError(fiber.StatusUnauthorized, "nonce already used")
-			}
-			return nil
-		}
-		utils.Log.WithError(err).Warn("store sync nonce failed")
-	}
-
-	now := time.Now().UTC()
-	if expRaw, ok := h.localNonce.Load(key); ok {
-		if expTime, ok := expRaw.(time.Time); ok && expTime.After(now) {
-			return fiber.NewError(fiber.StatusUnauthorized, "nonce already used")
-		}
-	}
-	h.localNonce.Store(key, now.Add(ttl))
-	return nil
-}
-
-func calculateSignature(secret, alias, timestamp, nonce string, body []byte) []byte {
-	mac := hmac.New(sha256.New, []byte(secret))
-	mac.Write([]byte(alias))
-	mac.Write([]byte("\n"))
-	mac.Write([]byte(timestamp))
-	mac.Write([]byte("\n"))
-	mac.Write([]byte(nonce))
-	mac.Write([]byte("\n"))
-	if len(body) > 0 {
-		mac.Write(body)
-	}
-	return mac.Sum(nil)
-}
-
-func decodeMasterSignature(sig string) ([]byte, error) {
-	sig = strings.TrimSpace(sig)
-	if sig == "" {
-		return nil, errors.New("empty signature")
-	}
-	if decoded, err := hex.DecodeString(sig); err == nil {
-		return decoded, nil
-	}
-	if decoded, err := base64.StdEncoding.DecodeString(sig); err == nil {
-		return decoded, nil
-	}
-	if decoded, err := base64.URLEncoding.DecodeString(sig); err == nil {
-		return decoded, nil
-	}
-	return nil, errors.New("unrecognized signature encoding")
-}
-
-func parseUintList(raw string) []uint {
-	raw = strings.TrimSpace(raw)
-	if raw == "" {
-		return nil
-	}
-	parts := strings.Split(raw, ",")
-	out := make([]uint, 0, len(parts))
-	seen := make(map[uint]struct{}, len(parts))
-	for _, part := range parts {
-		part = strings.TrimSpace(part)
-		if part == "" {
-			continue
-		}
-		val, err := strconv.ParseUint(part, 10, 64)
-		if err != nil || val == 0 {
-			continue
-		}
-		if _, ok := seen[uint(val)]; ok {
-			continue
-		}
-		seen[uint(val)] = struct{}{}
-		out = append(out, uint(val))
-	}
-	return out
-}
-
-func hasAnyScope(scopes []string, targets []string) bool {
-	if len(scopes) == 0 || len(targets) == 0 {
-		return false
-	}
-	for _, scope := range scopes {
-		scope = strings.ToLower(strings.TrimSpace(scope))
-		if scope == "" {
-			continue
-		}
-		for _, target := range targets {
-			if scope == strings.ToLower(strings.TrimSpace(target)) {
-				return true
-			}
-		}
-	}
-	return false
-}

internal/modules/sso/controllers/sso.controller.go

@@ -16,7 +16,7 @@ import (
 
 	"gitlab.com/mbugroup/lti-api.git/internal/config"
 	"gitlab.com/mbugroup/lti-api.git/internal/modules/sso/session"
-	sso "gitlab.com/mbugroup/lti-api.git/internal/modules/sso/verifier"
+	"gitlab.com/mbugroup/lti-api.git/internal/sso"
 	"gitlab.com/mbugroup/lti-api.git/internal/utils"
 	"gitlab.com/mbugroup/lti-api.git/internal/utils/secure"
 )

internal/modules/sso/controllers/user_sync.controller.go

@@ -9,24 +9,23 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"strconv"
-	"strings"
-	"sync"
-	"time"
-
 	"github.com/go-playground/validator/v10"
 	"github.com/gofiber/fiber/v2"
 	"github.com/redis/go-redis/v9"
 	"github.com/sirupsen/logrus"
 	"gorm.io/gorm"
+	"strconv"
+	"strings"
+	"sync"
+	"time"
 
 	"gitlab.com/mbugroup/lti-api.git/internal/config"
 	entity "gitlab.com/mbugroup/lti-api.git/internal/entities"
 	"gitlab.com/mbugroup/lti-api.git/internal/modules/sso/session"
-	sso "gitlab.com/mbugroup/lti-api.git/internal/modules/sso/verifier"
 	"gitlab.com/mbugroup/lti-api.git/internal/modules/users/dto"
 	userRepository "gitlab.com/mbugroup/lti-api.git/internal/modules/users/repositories"
 	"gitlab.com/mbugroup/lti-api.git/internal/response"
+	"gitlab.com/mbugroup/lti-api.git/internal/sso"
 	"gitlab.com/mbugroup/lti-api.git/internal/utils"
 )
 

internal/modules/sso/route.go

@@ -26,7 +26,6 @@ func Routes(router fiber.Router, db *gorm.DB, validate *validator.Validate) {
 	ctrl := ssoController.NewController(&http.Client{Timeout: 10 * time.Second}, store, session.GetRevocationStore())
 	userRepo := userRepository.NewUserRepository(db)
 	syncCtrl := ssoController.NewUserSyncController(validate, userRepo, cache.Redis(), config.SSOClients)
-	masterCtrl := ssoController.NewMasterDataController(db, cache.Redis(), config.SSOClients)
 
 	group := router.Group("/sso")
 	group.Get("/start", middleware.NewLimiter(30, time.Minute), ctrl.Start)
@@ -35,6 +34,4 @@ func Routes(router fiber.Router, db *gorm.DB, validate *validator.Validate) {
 	group.Post("/refresh", middleware.NewLimiter(60, time.Minute), ctrl.Refresh)
 	group.Post("/logout", middleware.NewLimiter(60, time.Minute), ctrl.Logout)
 	group.Post("/users/sync", middleware.NewLimiter(30, time.Minute), syncCtrl.Sync)
-	group.Get("/master/areas", middleware.NewLimiter(60, time.Minute), masterCtrl.GetAreas)
-	group.Get("/master/locations", middleware.NewLimiter(60, time.Minute), masterCtrl.GetLocations)
 }

internal/sso/profile.go

@@ -49,10 +49,6 @@ type Role struct {
 	ClientID     uint
 	ClientAlias  string
 	ClientName   string
-	AllArea      bool
-	AllLocation  bool
-	AreaIDs      []uint
-	LocationIDs  []uint
 	Permissions  []Permission
 	RawReference json.RawMessage `json:"-"`
 }
@@ -166,10 +162,6 @@ func fetchProfileFromSSO(ctx context.Context, token string) (*UserProfile, error
 			ClientAlias: strings.TrimSpace(r.Client.Alias),
 			ClientName:  strings.TrimSpace(r.Client.Name),
 			ClientID:    uint(r.Client.ID),
-			AllArea:     r.AllArea,
-			AllLocation: r.AllLocation,
-			AreaIDs:     r.AreaIDs,
-			LocationIDs: r.LocationIDs,
 		}
 		rolePerms := make([]Permission, 0, len(r.Permissions))
 		for _, p := range r.Permissions {
@@ -296,10 +288,6 @@ type userInfoRole struct {
 	ID          int64             `json:"id"`
 	Key         string            `json:"key"`
 	Name        string            `json:"name"`
-	AllArea     bool              `json:"all_area"`
-	AllLocation bool              `json:"all_location"`
-	AreaIDs     []uint            `json:"area_ids"`
-	LocationIDs []uint            `json:"location_ids"`
 	Client      userInfoClient    `json:"client"`
 	Permissions []userInfoPermRaw `json:"permissions"`
 }