diff --git a/internal/middleware/permissions.go b/internal/middleware/permissions.go
index 37e26b47..0734b035 100644
--- a/internal/middleware/permissions.go
+++ b/internal/middleware/permissions.go
@@ -17,10 +17,167 @@ const (
 	P_ProjectFlockResubmit = "lti.production.project_flocks.resubmit"
 )
 
+const(
+	P_ExpenseGetAll= "lti.expense.list"
+	P_ExpenseCreateOne= "lti.expense.create"
+	P_ExpenseUpdateOne= "lti.expense.update"
+	P_ExpenseGetOne= "lti.expense.detail"
+	P_ExpenseDeleteOne= "lti.expense.delete"
+	P_ExpenseApprovalManager= "lti.expense.approve.manager"
+	P_ExpenseApprovalFinance= "lti.expense.approve.finance"
+	P_ExpenseCreateRealizations= "lti.expense.create.realization"
+	P_ExpenseUpdateRealizations= "lti.expense.update.realization"
+	P_ExpenseCompleteExpense= "lti.expense.complete.expense"
+	P_ExpenseDocument= "lti.expense.document"
+	P_ExpenseDocumentRealizations= "lti.expense.document.realization"
+)
+const(
+	P_AdjustmentGetAll="lti.inventory.list"
+	P_AdjustmentCreate="lti.inventory.create"
+	P_AdjustmentGetOne="lti.inventory.detail"
+)
+const(
+	P_ApprovalGetAll = "lti.approval.list"
+)
+
+const(
+	P_ClosingGetAll = "lti.closing.list"
+	P_ClosingPenjualan = "lti.closing.penjualan"
+	P_ClosingGetSummary = "lti.closing.getsummary"
+	P_ProductStockGetAll = "lti.inventory.product_stock.list"
+	P_ProductStockGetOne = "lti.inventory.product_stock.detail"
+	P_ProductWarehousekGetAll = "lti.inventory.product_warehouses.list"
+	P_ProductWarehouseGetOne = "lti.inventory.product_warehouses.detail"
+)
+
+const(
+	P_TransferGetAll = "lti.inventory.transfer.list"
+	P_TransferGetOne = "lti.inventory.transfer.detail"
+	P_TransferCreateOne = "lti.inventory.transfer.create"
+)
+
+const(
+	P_DeliveryGetAll = "lti.marketing.delivery_order.list"
+	P_DeliveryGetOne = "lti.marketing.delivery_order.detail"
+	P_DeliveryCreateOne = "lti.marketing.delivery_order.create"
+	P_DeliveryUpdateOne = "lti.marketing.delivery_order.update"
+	P_SalesOrderDelete = "lti.marketing.sales_order.delete"
+	P_SalesOrderApproval = "lti.marketing.sales_order.approve"
+	P_SalesOrderCreateOne = "lti.marketing.sales_order.create"
+	P_SalesOrderUpdateOne = "lti.marketing.sales_order.update"
+)
+
+const(
+	P_AreaGetAll = "lti.master.area.list"
+	P_AreaGetOne = "lti.master.area.detail"
+	P_AreaCreateOne = "lti.master.area.create"
+	P_AreaUpdateOne = "lti.master.area.update"
+	P_AreaDeleteOne = "lti.master.area.delete"
+
+	P_BanksGetAll = "lti.master.banks.list"
+	P_BanksGetOne = "lti.master.banks.detail"
+	P_BanksCreateOne = "lti.master.banks.create"
+	P_BanksUpdateOne = "lti.master.banks.update"
+	P_BanksDeleteOne = "lti.master.banks.delete"
+
+	P_CustomerGetAll = "lti.master.customer.list"
+	P_CustomerGetOne = "lti.master.customer.detail"
+	P_CustomerCreateOne = "lti.master.customer.create"
+	P_CustomerUpdateOne = "lti.master.customer.update"
+	P_CustomerDeleteOne = "lti.master.customer.delete"
+	
+	P_FcrGetAll = "lti.master.fcr.list"
+	P_FcrGetOne = "lti.master.fcr.detail"
+	P_FcrCreateOne = "lti.master.fcr.create"
+	P_FcrUpdateOne = "lti.master.fcr.update"
+	P_FcrDeleteOne = "lti.master.fcr.delete"
+	
+	P_FlocksGetAll = "lti.master.flocks.list"
+	P_FlocksGetOne = "lti.master.flocks.detail"
+	P_FlocksCreateOne = "lti.master.flocks.create"
+	P_FlocksUpdateOne = "lti.master.flocks.update"
+	P_FlocksDeleteOne = "lti.master.flocks.delete"
+	
+	P_KandangsGetAll = "lti.master.kandangs.list"
+	P_KandangsGetOne = "lti.master.kandangs.detail"
+	P_KandangsCreateOne = "lti.master.kandangs.create"
+	P_KandangsUpdateOne = "lti.master.kandangs.update"
+	P_KandangsDeleteOne = "lti.master.kandangs.delete"
+	
+	P_LocationsGetAll = "lti.master.locations.list"
+	P_LocationsGetOne = "lti.master.locations.detail"
+	P_LocationsCreateOne = "lti.master.locations.create"
+	P_LocationsUpdateOne = "lti.master.locations.update"
+	P_LocationsDeleteOne = "lti.master.locations.delete"
+	
+	P_NonstocksGetAll = "lti.master.nonstocks.list"
+	P_NonstocksGetOne = "lti.master.nonstocks.detail"
+	P_NonstocksCreateOne = "lti.master.nonstocks.create"
+	P_NonstocksUpdateOne = "lti.master.nonstocks.update"
+	P_NonstocksDeleteOne = "lti.master.nonstocks.delete"
+
+	P_ProductCategoriesGetAll = "lti.master.Product_categories.list"
+	P_ProductCategoriesGetOne = "lti.master.Product_categories.detail"
+	P_ProductCategoriesCreateOne = "lti.master.Product_categories.create"
+	P_ProductCategoriesUpdateOne = "lti.master.Product_categories.update"
+	P_ProductCategoriesDeleteOne = "lti.master.Product_categories.delete"
+	
+	P_ProductsGetAll = "lti.master.Products.list"
+	P_ProductsGetOne = "lti.master.Products.detail"
+	P_ProductsCreateOne = "lti.master.Products.create"
+	P_ProductsUpdateOne = "lti.master.Products.update"
+	P_ProductsDeleteOne = "lti.master.Products.delete"
+	
+	P_SuppliersGetAll = "lti.master.suppliers.list"
+	P_SuppliersGetOne = "lti.master.suppliers.detail"
+	P_SuppliersCreateOne = "lti.master.suppliers.create"
+	P_SuppliersUpdateOne = "lti.master.suppliers.update"
+	P_SuppliersDeleteOne = "lti.master.suppliers.delete"
+
+	P_UomsGetAll = "lti.master.uoms.list"
+	P_UomsGetOne = "lti.master.uoms.detail"
+	P_UomsCreateOne = "lti.master.uoms.create"
+	P_UomsUpdateOne = "lti.master.uoms.update"
+	P_UomsDeleteOne = "lti.master.uoms.delete"
+
+	P_WarehousesGetAll = "lti.master.warehouses.list"
+	P_WarehousesGetOne = "lti.master.warehouses.detail"
+	P_WarehousesCreateOne = "lti.master.warehouses.create"
+	P_WarehousesUpdateOne = "lti.master.warehouses.update"
+	P_WarehousesDeleteOne = "lti.master.warehouses.delete"
+
+)
+
+
+const(
+	P_ChickinsCreateOne = "lti.production.chickins.create"
+	P_ChickinsGetOne = "lti.production.chickins.detail"
+	P_ChickinsApproval = "lti.production.chickins.approve"
+)
 //recording
 const (
-	PermissionRecordingRead   = "recording.index"
-	PermissionRecordingCreate = "recording.create"
-	PermissionRecordingUpdate = "recording.update"
-	PermissionRecordingDelete = "recording.delete"
+	P_RecordingGetAll   = "lti.production.recording.list"
+	P_RecordingGetOne   = "lti.production.recording.detail"
+	P_RecordingCreateOne   = "lti.production.recording.create"
+	P_RecordingUpdateOne   = "lti.production.recording.update"
+	P_RecordingDeleteOne   = "lti.production.recording.delete"
+	P_RecordingNextDay   = "lti.production.recording.next_day"
+	P_RecordingApproval   = "lti.production.recording.approve"
+)
+
+const (
+	P_PurchaseGetAll   = "lti.Purchase.list"
+	P_PurchaseGetOne   = "lti.Purchase.detail"
+	P_PurchaseCreateOne   = "lti.Purchase.create"
+	P_PurchaseUpdateOne   = "lti.Purchase.update"
+	P_PurchaseDeleteOne   = "lti.Purchase.delete"
+	P_PurchaseItemDeleteOne   = "lti.Purchase.delete.item"
+	P_PurchaseReceive   = "lti.Purchase.receive"
+	P_PurchaseApprovalStaff   = "lti.Purchase.approve.staff"
+	P_PurchaseApprovalManager   = "lti.Purchase.approve.manager"
+)
+
+const(
+	P_UserGetAll = "lti.users.list"
+	P_UserGetOne = "lti.users.detail"
 )
\ No newline at end of file
diff --git a/internal/modules/approvals/route.go b/internal/modules/approvals/route.go
index 5dd39616..cd479c03 100644
--- a/internal/modules/approvals/route.go
+++ b/internal/modules/approvals/route.go
@@ -15,5 +15,5 @@ func ApprovalRoutes(v1 fiber.Router, u user.UserService, s common.ApprovalServic
 	route := v1.Group("/approvals")
 	route.Use(m.Auth(u))
 
-	route.Get("/", ctrl.GetAll)
+	route.Get("/", ctrl.GetAll,m.RequirePermissions(m.P_ApprovalGetAll))
 }
diff --git a/internal/modules/closings/route.go b/internal/modules/closings/route.go
index ba18f3b9..059eb764 100644
--- a/internal/modules/closings/route.go
+++ b/internal/modules/closings/route.go
@@ -1,7 +1,7 @@
 package closings
 
 import (
-	// m "gitlab.com/mbugroup/lti-api.git/internal/middleware"
+	m "gitlab.com/mbugroup/lti-api.git/internal/middleware"
 	controller "gitlab.com/mbugroup/lti-api.git/internal/modules/closings/controllers"
 	closing "gitlab.com/mbugroup/lti-api.git/internal/modules/closings/services"
 	user "gitlab.com/mbugroup/lti-api.git/internal/modules/users/services"
@@ -13,14 +13,14 @@ func ClosingRoutes(v1 fiber.Router, u user.UserService, s closing.ClosingService
 	ctrl := controller.NewClosingController(s)
 
 	route := v1.Group("/closing")
-
+	route.Use(m.Auth(u))
 	// route.Get("/", m.Auth(u), ctrl.GetAll)
 	// route.Post("/", m.Auth(u), ctrl.CreateOne)
 	// route.Get("/:id", m.Auth(u), ctrl.GetOne)
 	// route.Patch("/:id", m.Auth(u), ctrl.UpdateOne)
 	// route.Delete("/:id", m.Auth(u), ctrl.DeleteOne)
 
-	route.Get("/", ctrl.GetAll)
-	route.Get("/:project_flock_id/penjualan", ctrl.GetPenjualan)
-	route.Get("/:projectFlockId", ctrl.GetClosingSummary)
+	route.Get("/",m.RequirePermissions(m.P_ClosingGetAll), ctrl.GetAll)
+	route.Get("/:project_flock_id/penjualan",m.RequirePermissions(m.P_ClosingPenjualan), ctrl.GetPenjualan)
+	route.Get("/:projectFlockId",m.RequirePermissions(m.P_ClosingGetSummary),  ctrl.GetClosingSummary)
 }
diff --git a/internal/modules/constants/route.go b/internal/modules/constants/route.go
index 1da14371..46def610 100644
--- a/internal/modules/constants/route.go
+++ b/internal/modules/constants/route.go
@@ -12,6 +12,5 @@ func ConstantRoutes(v1 fiber.Router, s constant.ConstantService) {
 	ctrl := controller.NewConstantController(s)
 
 	route := v1.Group("/constants")
-
 	route.Get("/", ctrl.GetAll)
 }
diff --git a/internal/modules/expenses/route.go b/internal/modules/expenses/route.go
index 1fc5c07a..fa3191fa 100644
--- a/internal/modules/expenses/route.go
+++ b/internal/modules/expenses/route.go
@@ -22,16 +22,16 @@ func ExpenseRoutes(v1 fiber.Router, u user.UserService, s expense.ExpenseService
 	// route.Patch("/:id", m.Auth(u), ctrl.UpdateOne)
 	// route.Delete("/:id", m.Auth(u), ctrl.DeleteOne)
 
-	route.Get("/", ctrl.GetAll)
-	route.Post("/", ctrl.CreateOne)
-	route.Get("/:id", ctrl.GetOne)
-	route.Patch("/:id", ctrl.UpdateOne)
-	route.Delete("/:id", ctrl.DeleteOne)
-	route.Post("/approvals/manager", ctrl.Approval)
-	route.Post("/approvals/finance", ctrl.Approval)
-	route.Post("/:id/realizations", ctrl.CreateRealization)
-	route.Patch("/:id/realizations", ctrl.UpdateRealization)
-	route.Post("/:id/complete", ctrl.CompleteExpense)
-	route.Delete("/:id/documents/:documentId", ctrl.DeleteDocument)
-	route.Delete("/:id/realization-documents/:documentId", ctrl.DeleteRealizationDocument)
+	route.Get("/",m.RequirePermissions(m.P_ExpenseGetAll), ctrl.GetAll)
+	route.Post("/",m.RequirePermissions(m.P_ExpenseCreateOne), ctrl.CreateOne)
+	route.Get("/:id",m.RequirePermissions(m.P_ExpenseGetOne), ctrl.GetOne)
+	route.Patch("/:id",m.RequirePermissions(m.P_ExpenseUpdateOne), ctrl.UpdateOne)
+	route.Delete("/:id",m.RequirePermissions(m.P_ExpenseDeleteOne), ctrl.DeleteOne)
+	route.Post("/approvals/manager",m.RequirePermissions(m.P_ExpenseApprovalManager), ctrl.Approval)
+	route.Post("/approvals/finance",m.RequirePermissions(m.P_ExpenseApprovalFinance), ctrl.Approval)
+	route.Post("/:id/realizations",m.RequirePermissions(m.P_ExpenseCreateRealizations), ctrl.CreateRealization)
+	route.Patch("/:id/realizations",m.RequirePermissions(m.P_ExpenseUpdateRealizations), ctrl.UpdateRealization)
+	route.Post("/:id/complete",m.RequirePermissions(m.P_ExpenseCompleteExpense), ctrl.CompleteExpense)
+	route.Delete("/:id/documents/:documentId",m.RequirePermissions(m.P_ExpenseDocument), ctrl.DeleteDocument)
+	route.Delete("/:id/realization-documents/:documentId",m.RequirePermissions(m.P_ExpenseDocumentRealizations), ctrl.DeleteRealizationDocument)
 }
diff --git a/internal/modules/inventory/adjustments/route.go b/internal/modules/inventory/adjustments/route.go
index 8f58bb4d..f99fe01e 100644
--- a/internal/modules/inventory/adjustments/route.go
+++ b/internal/modules/inventory/adjustments/route.go
@@ -1,7 +1,7 @@
 package adjustments
 
 import (
-	// m "gitlab.com/mbugroup/lti-api.git/internal/middleware"
+	m "gitlab.com/mbugroup/lti-api.git/internal/middleware"
 	controller "gitlab.com/mbugroup/lti-api.git/internal/modules/inventory/adjustments/controllers"
 	adjustment "gitlab.com/mbugroup/lti-api.git/internal/modules/inventory/adjustments/services"
 	user "gitlab.com/mbugroup/lti-api.git/internal/modules/users/services"
@@ -13,10 +13,10 @@ func AdjustmentRoutes(v1 fiber.Router, u user.UserService, s adjustment.Adjustme
 	ctrl := controller.NewAdjustmentController(s)
 
 	route := v1.Group("/adjustments")
-
+	route.Use(m.Auth(u))
 	// Standard CRUD routes following master data pattern
-	route.Get("/", ctrl.AdjustmentHistory) // Get all with pagination and filters
-	route.Post("/", ctrl.Adjustment)       // Create adjustment
-	route.Get("/:id", ctrl.GetOne)
+	route.Get("/",m.RequirePermissions(m.P_AdjustmentGetAll), ctrl.AdjustmentHistory) // Get all with pagination and filters
+	route.Post("/",m.RequirePermissions(m.P_AdjustmentCreate), ctrl.Adjustment)       // Create adjustment
+	route.Get("/:id",m.RequirePermissions(m.P_AdjustmentGetOne), ctrl.GetOne)
 
 }
diff --git a/internal/modules/inventory/product-stocks/route.go b/internal/modules/inventory/product-stocks/route.go
index c7bb37f8..41714edc 100644
--- a/internal/modules/inventory/product-stocks/route.go
+++ b/internal/modules/inventory/product-stocks/route.go
@@ -1,7 +1,7 @@
 package productStocks
 
 import (
-	// m "gitlab.com/mbugroup/lti-api.git/internal/middleware"
+	m "gitlab.com/mbugroup/lti-api.git/internal/middleware"
 	controller "gitlab.com/mbugroup/lti-api.git/internal/modules/inventory/product-stocks/controllers"
 	productStock "gitlab.com/mbugroup/lti-api.git/internal/modules/inventory/product-stocks/services"
 	user "gitlab.com/mbugroup/lti-api.git/internal/modules/users/services"
@@ -13,13 +13,13 @@ func ProductStockRoutes(v1 fiber.Router, u user.UserService, s productStock.Prod
 	ctrl := controller.NewProductStockController(s)
 
 	route := v1.Group("/product-stocks")
-
+route.Use(m.Auth(u))
 	// route.Get("/", m.Auth(u), ctrl.GetAll)
 	// route.Post("/", m.Auth(u), ctrl.CreateOne)
 	// route.Get("/:id", m.Auth(u), ctrl.GetOne)
 	// route.Patch("/:id", m.Auth(u), ctrl.UpdateOne)
 	// route.Delete("/:id", m.Auth(u), ctrl.DeleteOne)
 
-	route.Get("/", ctrl.GetAll)
-	route.Get("/:id", ctrl.GetOne)
+	route.Get("/",m.RequirePermissions(m.P_ProductStockGetAll), ctrl.GetAll)
+	route.Get("/:id",m.RequirePermissions(m.P_ProductStockGetOne), ctrl.GetOne)
 }
diff --git a/internal/modules/inventory/product-warehouses/route.go b/internal/modules/inventory/product-warehouses/route.go
index 9c6c8e2b..81c06a08 100644
--- a/internal/modules/inventory/product-warehouses/route.go
+++ b/internal/modules/inventory/product-warehouses/route.go
@@ -15,7 +15,7 @@ func ProductWarehouseRoutes(v1 fiber.Router, u user.UserService, s productWareho
 	route := v1.Group("/product-warehouses")
 	route.Use(m.Auth(u))
 
-	route.Get("/", ctrl.GetAll)
-	route.Get("/:id", ctrl.GetOne)
+	route.Get("/",m.RequirePermissions(m.P_ProductWarehousekGetAll), ctrl.GetAll)
+	route.Get("/:id",m.RequirePermissions(m.P_ProductWarehouseGetOne), ctrl.GetOne)
 
 }
diff --git a/internal/modules/inventory/transfers/route.go b/internal/modules/inventory/transfers/route.go
index f608af42..d24dbcb4 100644
--- a/internal/modules/inventory/transfers/route.go
+++ b/internal/modules/inventory/transfers/route.go
@@ -15,8 +15,8 @@ func TransferRoutes(v1 fiber.Router, u user.UserService, s transfer.TransferServ
 	route := v1.Group("/transfers")
 	route.Use(m.Auth(u))
 
-	route.Get("/", ctrl.GetAll)
-	route.Post("/", ctrl.CreateOne)
-	route.Get("/:id", ctrl.GetOne)
+	route.Get("/",m.RequirePermissions(m.P_TransferGetAll), ctrl.GetAll)
+	route.Post("/",m.RequirePermissions(m.P_TransferCreateOne), ctrl.CreateOne)
+	route.Get("/:id",m.RequirePermissions(m.P_TransferGetOne), ctrl.GetOne)
 
 }
diff --git a/internal/modules/marketing/delivery-orderss/route.go b/internal/modules/marketing/delivery-orderss/route.go
index c83330da..f4c08457 100644
--- a/internal/modules/marketing/delivery-orderss/route.go
+++ b/internal/modules/marketing/delivery-orderss/route.go
@@ -11,13 +11,12 @@ import (
 
 func DeliveryOrdersRoutes(v1 fiber.Router, u user.UserService, s deliveryOrders.DeliveryOrdersService) {
 	ctrl := controller.NewDeliveryOrdersController(s)
-
-	v1.Get("/", ctrl.GetAll)
-	v1.Get("/:id", ctrl.GetOne)
+	v1.Use(m.Auth(u))
+	v1.Get("/",m.RequirePermissions(m.P_DeliveryGetAll), ctrl.GetAll)
+	v1.Get("/:id",m.RequirePermissions(m.P_DeliveryGetOne), ctrl.GetOne)
 
 	// Sisanya di group /delivery-orders
 	route := v1.Group("/delivery-orders")
-	route.Use(m.Auth(u))
 
 	// route.Get("/", m.Auth(u), ctrl.GetAll)
 	// route.Post("/", m.Auth(u), ctrl.CreateOne)
@@ -25,7 +24,7 @@ func DeliveryOrdersRoutes(v1 fiber.Router, u user.UserService, s deliveryOrders.
 	// route.Patch("/:id", m.Auth(u), ctrl.UpdateOne)
 	// route.Delete("/:id", m.Auth(u), ctrl.DeleteOne)
 
-	route.Post("/", ctrl.CreateOne)
-	route.Patch("/:id", ctrl.UpdateOne)
+	route.Post("/",m.RequirePermissions(m.P_DeliveryCreateOne), ctrl.CreateOne)
+	route.Patch("/:id",m.RequirePermissions(m.P_DeliveryUpdateOne), ctrl.UpdateOne)
 
 }
diff --git a/internal/modules/marketing/sales-orders/route.go b/internal/modules/marketing/sales-orders/route.go
index f87cea66..17249840 100644
--- a/internal/modules/marketing/sales-orders/route.go
+++ b/internal/modules/marketing/sales-orders/route.go
@@ -11,17 +11,16 @@ import (
 
 func SalesOrdersRoutes(v1 fiber.Router, u user.UserService, s salesOrders.SalesOrdersService) {
 	ctrl := controller.NewSalesOrdersController(s)
-
-	v1.Delete("/:id", ctrl.DeleteOne)
+	v1.Use(m.Auth(u))
+	v1.Delete("/:id",m.RequirePermissions(m.P_SalesOrderDelete), ctrl.DeleteOne)
 	route := v1.Group("/sales-orders")
-	route.Use(m.Auth(u))
 
 	// route.Post("/", m.Auth(u), ctrl.CreateOne)
 	// route.Patch("/:id", m.Auth(u), ctrl.UpdateOne)
 	// route.Delete("/:id", m.Auth(u), ctrl.DeleteOne)
 
-	route.Post("/", ctrl.CreateOne)
-	route.Patch("/:id", ctrl.UpdateOne)
+	route.Post("/",m.RequirePermissions(m.P_SalesOrderCreateOne), ctrl.CreateOne)
+	route.Patch("/:id",m.RequirePermissions(m.P_SalesOrderUpdateOne), ctrl.UpdateOne)
 
-	route.Post("/approvals", ctrl.Approval)
+	route.Post("/approvals",m.RequirePermissions(m.P_SalesOrderApproval), ctrl.Approval)
 }
diff --git a/internal/modules/master/areas/route.go b/internal/modules/master/areas/route.go
index 755a542e..0d715fb7 100644
--- a/internal/modules/master/areas/route.go
+++ b/internal/modules/master/areas/route.go
@@ -15,9 +15,9 @@ func AreaRoutes(v1 fiber.Router, u user.UserService, s area.AreaService) {
 	route := v1.Group("/areas")
 	route.Use(m.Auth(u))
 
-	route.Get("/", ctrl.GetAll)
-	route.Post("/", ctrl.CreateOne)
-	route.Get("/:id", ctrl.GetOne)
-	route.Patch("/:id", ctrl.UpdateOne)
-	route.Delete("/:id", ctrl.DeleteOne)
+	route.Get("/",m.RequirePermissions(m.P_AreaGetAll), ctrl.GetAll)
+	route.Post("/",m.RequirePermissions(m.P_AreaCreateOne), ctrl.CreateOne)
+	route.Get("/:id",m.RequirePermissions(m.P_AreaGetOne), ctrl.GetOne)
+	route.Patch("/:id",m.RequirePermissions(m.P_AreaUpdateOne), ctrl.UpdateOne)
+	route.Delete("/:id",m.RequirePermissions(m.P_AreaDeleteOne), ctrl.DeleteOne)
 }
diff --git a/internal/modules/master/banks/route.go b/internal/modules/master/banks/route.go
index 2e5bed3b..678a834c 100644
--- a/internal/modules/master/banks/route.go
+++ b/internal/modules/master/banks/route.go
@@ -14,10 +14,9 @@ func BankRoutes(v1 fiber.Router, u user.UserService, s bank.BankService) {
 
 	route := v1.Group("/banks")
 	route.Use(m.Auth(u))
-
-	route.Get("/", ctrl.GetAll)
-	route.Post("/", ctrl.CreateOne)
-	route.Get("/:id", ctrl.GetOne)
-	route.Patch("/:id", ctrl.UpdateOne)
-	route.Delete("/:id", ctrl.DeleteOne)
+	route.Get("/",m.RequirePermissions(m.P_BanksGetAll), ctrl.GetAll)
+	route.Post("/",m.RequirePermissions(m.P_BanksCreateOne), ctrl.CreateOne)
+	route.Get("/:id",m.RequirePermissions(m.P_BanksGetOne), ctrl.GetOne)
+	route.Patch("/:id",m.RequirePermissions(m.P_BanksUpdateOne), ctrl.UpdateOne)
+	route.Delete("/:id",m.RequirePermissions(m.P_BanksDeleteOne), ctrl.DeleteOne)
 }
diff --git a/internal/modules/master/customers/route.go b/internal/modules/master/customers/route.go
index d361e167..92f8139e 100644
--- a/internal/modules/master/customers/route.go
+++ b/internal/modules/master/customers/route.go
@@ -15,9 +15,9 @@ func CustomerRoutes(v1 fiber.Router, u user.UserService, s customer.CustomerServ
 	route := v1.Group("/customers")
 	route.Use(m.Auth(u))
 
-	route.Get("/", ctrl.GetAll)
-	route.Post("/", ctrl.CreateOne)
-	route.Get("/:id", ctrl.GetOne)
-	route.Patch("/:id", ctrl.UpdateOne)
-	route.Delete("/:id", ctrl.DeleteOne)
+	route.Get("/",m.RequirePermissions(m.P_CustomerGetAll), ctrl.GetAll)
+	route.Post("/",m.RequirePermissions(m.P_CustomerCreateOne), ctrl.CreateOne)
+	route.Get("/:id",m.RequirePermissions(m.P_CustomerGetOne), ctrl.GetOne)
+	route.Patch("/:id",m.RequirePermissions(m.P_CustomerUpdateOne), ctrl.UpdateOne)
+	route.Delete("/:id",m.RequirePermissions(m.P_CustomerDeleteOne), ctrl.DeleteOne)
 }
diff --git a/internal/modules/master/fcrs/route.go b/internal/modules/master/fcrs/route.go
index 60633f16..06291ce4 100644
--- a/internal/modules/master/fcrs/route.go
+++ b/internal/modules/master/fcrs/route.go
@@ -15,9 +15,9 @@ func FcrRoutes(v1 fiber.Router, u user.UserService, s fcr.FcrService) {
 	route := v1.Group("/fcrs")
 	route.Use(m.Auth(u))
 
-	route.Get("/", ctrl.GetAll)
-	route.Post("/", ctrl.CreateOne)
-	route.Get("/:id", ctrl.GetOne)
-	route.Patch("/:id", ctrl.UpdateOne)
-	route.Delete("/:id", ctrl.DeleteOne)
+	route.Get("/",m.RequirePermissions(m.P_FcrGetAll), ctrl.GetAll)
+	route.Post("/",m.RequirePermissions(m.P_FcrCreateOne), ctrl.CreateOne)
+	route.Get("/:id",m.RequirePermissions(m.P_FcrGetOne), ctrl.GetOne)
+	route.Patch("/:id",m.RequirePermissions(m.P_FcrUpdateOne), ctrl.UpdateOne)
+	route.Delete("/:id",m.RequirePermissions(m.P_FcrDeleteOne), ctrl.DeleteOne)
 }
diff --git a/internal/modules/master/flocks/route.go b/internal/modules/master/flocks/route.go
index 429d8dcd..046e014a 100644
--- a/internal/modules/master/flocks/route.go
+++ b/internal/modules/master/flocks/route.go
@@ -15,9 +15,9 @@ func FlockRoutes(v1 fiber.Router, u user.UserService, s flock.FlockService) {
 	route := v1.Group("/flocks")
 	route.Use(m.Auth(u))
 
-	route.Get("/", ctrl.GetAll)
-	route.Post("/", ctrl.CreateOne)
-	route.Get("/:id", ctrl.GetOne)
-	route.Patch("/:id", ctrl.UpdateOne)
-	route.Delete("/:id", ctrl.DeleteOne)
+	route.Get("/",m.RequirePermissions(m.P_FlocksGetAll), ctrl.GetAll)
+	route.Post("/",m.RequirePermissions(m.P_FlocksCreateOne), ctrl.CreateOne)
+	route.Get("/:id",m.RequirePermissions(m.P_FlocksGetOne), ctrl.GetOne)
+	route.Patch("/:id",m.RequirePermissions(m.P_FlocksUpdateOne), ctrl.UpdateOne)
+	route.Delete("/:id",m.RequirePermissions(m.P_FlocksDeleteOne), ctrl.DeleteOne)
 }
diff --git a/internal/modules/master/kandangs/route.go b/internal/modules/master/kandangs/route.go
index 6a425b64..4cbf2793 100644
--- a/internal/modules/master/kandangs/route.go
+++ b/internal/modules/master/kandangs/route.go
@@ -15,9 +15,9 @@ func KandangRoutes(v1 fiber.Router, u user.UserService, s kandang.KandangService
 	route := v1.Group("/kandangs")
 	route.Use(m.Auth(u))
 
-	route.Get("/", ctrl.GetAll)
-	route.Post("/", ctrl.CreateOne)
-	route.Get("/:id", ctrl.GetOne)
-	route.Patch("/:id", ctrl.UpdateOne)
-	route.Delete("/:id", ctrl.DeleteOne)
+	route.Get("/",m.RequirePermissions(m.P_KandangsGetAll), ctrl.GetAll)
+	route.Post("/",m.RequirePermissions(m.P_KandangsCreateOne), ctrl.CreateOne)
+	route.Get("/:id",m.RequirePermissions(m.P_KandangsGetOne), ctrl.GetOne)
+	route.Patch("/:id",m.RequirePermissions(m.P_KandangsUpdateOne), ctrl.UpdateOne)
+	route.Delete("/:id",m.RequirePermissions(m.P_KandangsDeleteOne), ctrl.DeleteOne)
 }
diff --git a/internal/modules/master/locations/route.go b/internal/modules/master/locations/route.go
index 68bce594..771e2d0d 100644
--- a/internal/modules/master/locations/route.go
+++ b/internal/modules/master/locations/route.go
@@ -15,9 +15,9 @@ func LocationRoutes(v1 fiber.Router, u user.UserService, s location.LocationServ
 	route := v1.Group("/locations")
 	route.Use(m.Auth(u))
 
-	route.Get("/", ctrl.GetAll)
-	route.Post("/", ctrl.CreateOne)
-	route.Get("/:id", ctrl.GetOne)
-	route.Patch("/:id", ctrl.UpdateOne)
-	route.Delete("/:id", ctrl.DeleteOne)
+	route.Get("/",m.RequirePermissions(m.P_LocationsGetAll), ctrl.GetAll)
+	route.Post("/",m.RequirePermissions(m.P_LocationsCreateOne), ctrl.CreateOne)
+	route.Get("/:id",m.RequirePermissions(m.P_LocationsGetOne), ctrl.GetOne)
+	route.Patch("/:id",m.RequirePermissions(m.P_LocationsUpdateOne), ctrl.UpdateOne)
+	route.Delete("/:id",m.RequirePermissions(m.P_LocationsDeleteOne), ctrl.DeleteOne)
 }
diff --git a/internal/modules/master/nonstocks/route.go b/internal/modules/master/nonstocks/route.go
index 2aa7b838..6f2a2016 100644
--- a/internal/modules/master/nonstocks/route.go
+++ b/internal/modules/master/nonstocks/route.go
@@ -15,9 +15,9 @@ func NonstockRoutes(v1 fiber.Router, u user.UserService, s nonstock.NonstockServ
 	route := v1.Group("/nonstocks")
 	route.Use(m.Auth(u))
 
-	route.Get("/", ctrl.GetAll)
-	route.Post("/", ctrl.CreateOne)
-	route.Get("/:id", ctrl.GetOne)
-	route.Patch("/:id", ctrl.UpdateOne)
-	route.Delete("/:id", ctrl.DeleteOne)
+	route.Get("/",m.RequirePermissions(m.P_NonstocksGetAll), ctrl.GetAll)
+	route.Post("/",m.RequirePermissions(m.P_NonstocksCreateOne), ctrl.CreateOne)
+	route.Get("/:id",m.RequirePermissions(m.P_NonstocksGetOne), ctrl.GetOne)
+	route.Patch("/:id",m.RequirePermissions(m.P_NonstocksUpdateOne), ctrl.UpdateOne)
+	route.Delete("/:id",m.RequirePermissions(m.P_NonstocksDeleteOne), ctrl.DeleteOne)
 }
diff --git a/internal/modules/master/product-categories/route.go b/internal/modules/master/product-categories/route.go
index 4a2262f9..1fa0532f 100644
--- a/internal/modules/master/product-categories/route.go
+++ b/internal/modules/master/product-categories/route.go
@@ -15,9 +15,9 @@ func ProductCategoryRoutes(v1 fiber.Router, u user.UserService, s productCategor
 	route := v1.Group("/product-categories")
 	route.Use(m.Auth(u))
 
-	route.Get("/", ctrl.GetAll)
-	route.Post("/", ctrl.CreateOne)
-	route.Get("/:id", ctrl.GetOne)
-	route.Patch("/:id", ctrl.UpdateOne)
-	route.Delete("/:id", ctrl.DeleteOne)
+	route.Get("/",m.RequirePermissions(m.P_ProductCategoriesGetAll), ctrl.GetAll)
+	route.Post("/",m.RequirePermissions(m.P_ProductCategoriesCreateOne), ctrl.CreateOne)
+	route.Get("/:id",m.RequirePermissions(m.P_ProductCategoriesGetOne), ctrl.GetOne)
+	route.Patch("/:id",m.RequirePermissions(m.P_ProductCategoriesUpdateOne), ctrl.UpdateOne)
+	route.Delete("/:id",m.RequirePermissions(m.P_ProductCategoriesDeleteOne), ctrl.DeleteOne)
 }
diff --git a/internal/modules/master/products/route.go b/internal/modules/master/products/route.go
index 369d6ea8..04431bd4 100644
--- a/internal/modules/master/products/route.go
+++ b/internal/modules/master/products/route.go
@@ -15,9 +15,9 @@ func ProductRoutes(v1 fiber.Router, u user.UserService, s product.ProductService
 	route := v1.Group("/products")
 	route.Use(m.Auth(u))
 
-	route.Get("/", ctrl.GetAll)
-	route.Post("/", ctrl.CreateOne)
-	route.Get("/:id", ctrl.GetOne)
-	route.Patch("/:id", ctrl.UpdateOne)
-	route.Delete("/:id", ctrl.DeleteOne)
+	route.Get("/",m.RequirePermissions(m.P_ProductsGetAll), ctrl.GetAll)
+	route.Post("/",m.RequirePermissions(m.P_ProductsCreateOne), ctrl.CreateOne)
+	route.Get("/:id",m.RequirePermissions(m.P_ProductsGetOne), ctrl.GetOne)
+	route.Patch("/:id",m.RequirePermissions(m.P_ProductsUpdateOne), ctrl.UpdateOne)
+	route.Delete("/:id",m.RequirePermissions(m.P_ProductsDeleteOne), ctrl.DeleteOne)
 }
diff --git a/internal/modules/master/suppliers/route.go b/internal/modules/master/suppliers/route.go
index 17271d4a..564ac725 100644
--- a/internal/modules/master/suppliers/route.go
+++ b/internal/modules/master/suppliers/route.go
@@ -15,9 +15,9 @@ func SupplierRoutes(v1 fiber.Router, u user.UserService, s supplier.SupplierServ
 	route := v1.Group("/suppliers")
 	route.Use(m.Auth(u))
 
-	route.Get("/", ctrl.GetAll)
-	route.Post("/", ctrl.CreateOne)
-	route.Get("/:id", ctrl.GetOne)
-	route.Patch("/:id", ctrl.UpdateOne)
-	route.Delete("/:id", ctrl.DeleteOne)
+	route.Get("/",m.RequirePermissions(m.P_SuppliersGetAll), ctrl.GetAll)
+	route.Post("/",m.RequirePermissions(m.P_SuppliersCreateOne), ctrl.CreateOne)
+	route.Get("/:id",m.RequirePermissions(m.P_SuppliersGetOne), ctrl.GetOne)
+	route.Patch("/:id",m.RequirePermissions(m.P_SuppliersUpdateOne), ctrl.UpdateOne)
+	route.Delete("/:id",m.RequirePermissions(m.P_SuppliersDeleteOne), ctrl.DeleteOne)
 }
diff --git a/internal/modules/master/uoms/route.go b/internal/modules/master/uoms/route.go
index 53faa239..8ffbcb62 100644
--- a/internal/modules/master/uoms/route.go
+++ b/internal/modules/master/uoms/route.go
@@ -20,4 +20,10 @@ func UomRoutes(v1 fiber.Router, u user.UserService, s uom.UomService) {
 	route.Get("/:id", ctrl.GetOne)
 	route.Patch("/:id", ctrl.UpdateOne)
 	route.Delete("/:id", ctrl.DeleteOne)
+
+	route.Get("/",m.RequirePermissions(m.P_AreaGetAll), ctrl.GetAll)
+	route.Post("/",m.RequirePermissions(m.P_AreaCreateOne), ctrl.CreateOne)
+	route.Get("/:id",m.RequirePermissions(m.P_AreaGetOne), ctrl.GetOne)
+	route.Patch("/:id",m.RequirePermissions(m.P_AreaUpdateOne), ctrl.UpdateOne)
+	route.Delete("/:id",m.RequirePermissions(m.P_AreaDeleteOne), ctrl.DeleteOne)
 }
diff --git a/internal/modules/master/warehouses/route.go b/internal/modules/master/warehouses/route.go
index 8acf4452..a08b04a5 100644
--- a/internal/modules/master/warehouses/route.go
+++ b/internal/modules/master/warehouses/route.go
@@ -15,9 +15,9 @@ func WarehouseRoutes(v1 fiber.Router, u user.UserService, s warehouse.WarehouseS
 	route := v1.Group("/warehouses")
 	route.Use(m.Auth(u))
 
-	route.Get("/", ctrl.GetAll)
-	route.Post("/", ctrl.CreateOne)
-	route.Get("/:id", ctrl.GetOne)
-	route.Patch("/:id", ctrl.UpdateOne)
-	route.Delete("/:id", ctrl.DeleteOne)
+	route.Get("/",m.RequirePermissions(m.P_WarehousesGetAll), ctrl.GetAll)
+	route.Post("/",m.RequirePermissions(m.P_WarehousesCreateOne), ctrl.CreateOne)
+	route.Get("/:id",m.RequirePermissions(m.P_WarehousesGetOne), ctrl.GetOne)
+	route.Patch("/:id",m.RequirePermissions(m.P_WarehousesUpdateOne), ctrl.UpdateOne)
+	route.Delete("/:id",m.RequirePermissions(m.P_WarehousesDeleteOne), ctrl.DeleteOne)
 }
diff --git a/internal/modules/production/chickins/route.go b/internal/modules/production/chickins/route.go
index a558dd29..103a3655 100644
--- a/internal/modules/production/chickins/route.go
+++ b/internal/modules/production/chickins/route.go
@@ -16,9 +16,9 @@ func ChickinRoutes(v1 fiber.Router, u user.UserService, s chickin.ChickinService
 	route.Use(m.Auth(u))
 
 	// route.Get("/", ctrl.GetAll)
-	route.Post("/", ctrl.CreateOne)
-	route.Get("/:id", ctrl.GetOne)
+	route.Post("/",m.RequirePermissions(m.P_ChickinsCreateOne), ctrl.CreateOne)
+	route.Get("/:id",m.RequirePermissions(m.P_ChickinsGetOne), ctrl.GetOne)
 	// route.Patch("/:id", ctrl.UpdateOne)
 	// route.Delete("/:id", ctrl.DeleteOne)
-	route.Post("/approvals", ctrl.Approval)
+	route.Post("/approvals",m.RequirePermissions(m.P_ChickinsApproval), ctrl.Approval)
 }
diff --git a/internal/modules/production/project-flock-kandangs/route.go b/internal/modules/production/project-flock-kandangs/route.go
index d4dfec30..b382d1af 100644
--- a/internal/modules/production/project-flock-kandangs/route.go
+++ b/internal/modules/production/project-flock-kandangs/route.go
@@ -14,12 +14,6 @@ func ProjectFlockKandangRoutes(v1 fiber.Router, u user.UserService, s projectFlo
 
 	route := v1.Group("/project-flock-kandangs")
 	route.Use(m.Auth(u))
-	// route.Get("/", m.Auth(u), ctrl.GetAll)
-	// route.Post("/", m.Auth(u), ctrl.CreateOne)
-	// route.Get("/:id", m.Auth(u), ctrl.GetOne)
-	// route.Patch("/:id", m.Auth(u), ctrl.UpdateOne)
-	// route.Delete("/:id", m.Auth(u), ctrl.DeleteOne)
-
 	route.Get("/",m.RequirePermissions(m.P_ProjectFlockKandangsGetAll), ctrl.GetAll)
 	route.Get("/:id",m.RequirePermissions(m.P_ProjectFlockKandangsGetOne), ctrl.GetOne)
 
diff --git a/internal/modules/production/recordings/route.go b/internal/modules/production/recordings/route.go
index 83b426db..f05d054d 100644
--- a/internal/modules/production/recordings/route.go
+++ b/internal/modules/production/recordings/route.go
@@ -15,11 +15,11 @@ func RecordingRoutes(v1 fiber.Router, u user.UserService, s recording.RecordingS
 	route := v1.Group("/recordings")
 	route.Use(m.Auth(u))
 
-	route.Get("/", ctrl.GetAll)
-	route.Get("/next-day", ctrl.GetNextDay)
-	route.Post("/", ctrl.CreateOne)
-	route.Get("/:id", ctrl.GetOne)
-	route.Patch("/:id", ctrl.UpdateOne)
-	route.Post("/approvals", ctrl.Approve)
-	route.Delete("/:id", ctrl.DeleteOne)
+	route.Get("/",m.RequirePermissions(m.P_RecordingGetAll), ctrl.GetAll)
+	route.Get("/:id",m.RequirePermissions(m.P_RecordingGetOne), ctrl.GetOne)
+	route.Post("/",m.RequirePermissions(m.P_RecordingCreateOne), ctrl.CreateOne)
+	route.Patch("/:id",m.RequirePermissions(m.P_RecordingUpdateOne), ctrl.UpdateOne)
+	route.Delete("/:id",m.RequirePermissions(m.P_RecordingDeleteOne), ctrl.DeleteOne)
+	route.Get("/next-day",m.RequirePermissions(m.P_RecordingNextDay), ctrl.GetNextDay)
+	route.Post("/approvals",m.RequirePermissions(m.P_RecordingApproval), ctrl.Approve)
 }
diff --git a/internal/modules/purchases/route.go b/internal/modules/purchases/route.go
index 5145bc94..4be485e6 100644
--- a/internal/modules/purchases/route.go
+++ b/internal/modules/purchases/route.go
@@ -15,12 +15,12 @@ func Routes(router fiber.Router, purchaseService service.PurchaseService, userSe
 	route := router.Group("/purchases")
 	route.Use(m.Auth(userService))
 
-	route.Get("/", ctrl.GetAll)
-	route.Get("/:id", ctrl.GetOne)
-	route.Post("/", ctrl.CreateOne)
-	route.Post("/:id/approvals/staff", ctrl.ApproveStaffPurchase)
-	route.Post("/:id/approvals/manager", ctrl.ApproveManagerPurchase)
-	route.Post("/:id/receipts", ctrl.ReceiveProducts)
-	route.Delete("/:id", ctrl.DeletePurchase)
-	route.Delete("/:id/items", ctrl.DeleteItems)
+	route.Get("/",m.RequirePermissions(m.P_PurchaseGetAll), ctrl.GetAll)
+	route.Get("/:id",m.RequirePermissions(m.P_PurchaseGetOne), ctrl.GetOne)
+	route.Post("/",m.RequirePermissions(m.P_PurchaseCreateOne), ctrl.CreateOne)
+	route.Post("/:id/approvals/staff",m.RequirePermissions(m.P_PurchaseApprovalStaff), ctrl.ApproveStaffPurchase)
+	route.Post("/:id/approvals/manager",m.RequirePermissions(m.P_PurchaseApprovalManager), ctrl.ApproveManagerPurchase)
+	route.Post("/:id/receipts",m.RequirePermissions(m.P_PurchaseReceive), ctrl.ReceiveProducts)
+	route.Delete("/:id",m.RequirePermissions(m.P_RecordingDeleteOne), ctrl.DeletePurchase)
+	route.Delete("/:id/items",m.RequirePermissions(m.P_PurchaseItemDeleteOne), ctrl.DeleteItems)
 }
diff --git a/internal/modules/users/route.go b/internal/modules/users/route.go
index 1093312f..d6aa03fe 100644
--- a/internal/modules/users/route.go
+++ b/internal/modules/users/route.go
@@ -14,9 +14,9 @@ func UserRoutes(v1 fiber.Router, s user.UserService) {
 	route := v1.Group("/users")
 	route.Use(m.Auth(s))
 
-	route.Get("/", m.RequirePermissions("lti.users.list"), ctrl.GetAll)
+	route.Get("/", m.RequirePermissions(m.P_UserGetAll), ctrl.GetAll)
 	// route.Post("/", ctrl.CreateOne)
-	route.Get("/:id", m.RequirePermissions("lti.users.detail"), ctrl.GetOne)
+	route.Get("/:id", m.RequirePermissions(m.P_UserGetOne), ctrl.GetOne)
 	// route.Patch("/:id", ctrl.UpdateOne)
 	// route.Delete("/:id", ctrl.DeleteOne)
 }