feat/BE/US-304/TASK-307,306-adjustment middleware check if user have permission,create all permission in modules lti

2026-05-21 13:55:43 +00:00 · 2025-12-10 08:53:09 +07:00
parent e6094528b5
commit 2effa08648
29 changed files with 289 additions and 136 deletions
@@ -15,5 +15,5 @@ func ApprovalRoutes(v1 fiber.Router, u user.UserService, s common.ApprovalServic
 	route := v1.Group("/approvals")
 	route.Use(m.Auth(u))

-	route.Get("/", ctrl.GetAll)
+	route.Get("/", ctrl.GetAll,m.RequirePermissions(m.P_ApprovalGetAll))
 }
@@ -1,7 +1,7 @@
 package closings

 import (
-	// m "gitlab.com/mbugroup/lti-api.git/internal/middleware"
+	m "gitlab.com/mbugroup/lti-api.git/internal/middleware"
 	controller "gitlab.com/mbugroup/lti-api.git/internal/modules/closings/controllers"
 	closing "gitlab.com/mbugroup/lti-api.git/internal/modules/closings/services"
 	user "gitlab.com/mbugroup/lti-api.git/internal/modules/users/services"
@@ -13,14 +13,14 @@ func ClosingRoutes(v1 fiber.Router, u user.UserService, s closing.ClosingService
 	ctrl := controller.NewClosingController(s)

 	route := v1.Group("/closing")
-
+	route.Use(m.Auth(u))
 	// route.Get("/", m.Auth(u), ctrl.GetAll)
 	// route.Post("/", m.Auth(u), ctrl.CreateOne)
 	// route.Get("/:id", m.Auth(u), ctrl.GetOne)
 	// route.Patch("/:id", m.Auth(u), ctrl.UpdateOne)
 	// route.Delete("/:id", m.Auth(u), ctrl.DeleteOne)

-	route.Get("/", ctrl.GetAll)
-	route.Get("/:project_flock_id/penjualan", ctrl.GetPenjualan)
-	route.Get("/:projectFlockId", ctrl.GetClosingSummary)
+	route.Get("/",m.RequirePermissions(m.P_ClosingGetAll), ctrl.GetAll)
+	route.Get("/:project_flock_id/penjualan",m.RequirePermissions(m.P_ClosingPenjualan), ctrl.GetPenjualan)
+	route.Get("/:projectFlockId",m.RequirePermissions(m.P_ClosingGetSummary),  ctrl.GetClosingSummary)
 }
@@ -12,6 +12,5 @@ func ConstantRoutes(v1 fiber.Router, s constant.ConstantService) {
 	ctrl := controller.NewConstantController(s)

 	route := v1.Group("/constants")
-
 	route.Get("/", ctrl.GetAll)
 }
@@ -22,16 +22,16 @@ func ExpenseRoutes(v1 fiber.Router, u user.UserService, s expense.ExpenseService
 	// route.Patch("/:id", m.Auth(u), ctrl.UpdateOne)
 	// route.Delete("/:id", m.Auth(u), ctrl.DeleteOne)

-	route.Get("/", ctrl.GetAll)
-	route.Post("/", ctrl.CreateOne)
-	route.Get("/:id", ctrl.GetOne)
-	route.Patch("/:id", ctrl.UpdateOne)
-	route.Delete("/:id", ctrl.DeleteOne)
-	route.Post("/approvals/manager", ctrl.Approval)
-	route.Post("/approvals/finance", ctrl.Approval)
-	route.Post("/:id/realizations", ctrl.CreateRealization)
-	route.Patch("/:id/realizations", ctrl.UpdateRealization)
-	route.Post("/:id/complete", ctrl.CompleteExpense)
-	route.Delete("/:id/documents/:documentId", ctrl.DeleteDocument)
-	route.Delete("/:id/realization-documents/:documentId", ctrl.DeleteRealizationDocument)
+	route.Get("/",m.RequirePermissions(m.P_ExpenseGetAll), ctrl.GetAll)
+	route.Post("/",m.RequirePermissions(m.P_ExpenseCreateOne), ctrl.CreateOne)
+	route.Get("/:id",m.RequirePermissions(m.P_ExpenseGetOne), ctrl.GetOne)
+	route.Patch("/:id",m.RequirePermissions(m.P_ExpenseUpdateOne), ctrl.UpdateOne)
+	route.Delete("/:id",m.RequirePermissions(m.P_ExpenseDeleteOne), ctrl.DeleteOne)
+	route.Post("/approvals/manager",m.RequirePermissions(m.P_ExpenseApprovalManager), ctrl.Approval)
+	route.Post("/approvals/finance",m.RequirePermissions(m.P_ExpenseApprovalFinance), ctrl.Approval)
+	route.Post("/:id/realizations",m.RequirePermissions(m.P_ExpenseCreateRealizations), ctrl.CreateRealization)
+	route.Patch("/:id/realizations",m.RequirePermissions(m.P_ExpenseUpdateRealizations), ctrl.UpdateRealization)
+	route.Post("/:id/complete",m.RequirePermissions(m.P_ExpenseCompleteExpense), ctrl.CompleteExpense)
+	route.Delete("/:id/documents/:documentId",m.RequirePermissions(m.P_ExpenseDocument), ctrl.DeleteDocument)
+	route.Delete("/:id/realization-documents/:documentId",m.RequirePermissions(m.P_ExpenseDocumentRealizations), ctrl.DeleteRealizationDocument)
 }
@@ -1,7 +1,7 @@
 package adjustments

 import (
-	// m "gitlab.com/mbugroup/lti-api.git/internal/middleware"
+	m "gitlab.com/mbugroup/lti-api.git/internal/middleware"
 	controller "gitlab.com/mbugroup/lti-api.git/internal/modules/inventory/adjustments/controllers"
 	adjustment "gitlab.com/mbugroup/lti-api.git/internal/modules/inventory/adjustments/services"
 	user "gitlab.com/mbugroup/lti-api.git/internal/modules/users/services"
@@ -13,10 +13,10 @@ func AdjustmentRoutes(v1 fiber.Router, u user.UserService, s adjustment.Adjustme
 	ctrl := controller.NewAdjustmentController(s)

 	route := v1.Group("/adjustments")
-
+	route.Use(m.Auth(u))
 	// Standard CRUD routes following master data pattern
-	route.Get("/", ctrl.AdjustmentHistory) // Get all with pagination and filters
-	route.Post("/", ctrl.Adjustment)       // Create adjustment
-	route.Get("/:id", ctrl.GetOne)
+	route.Get("/",m.RequirePermissions(m.P_AdjustmentGetAll), ctrl.AdjustmentHistory) // Get all with pagination and filters
+	route.Post("/",m.RequirePermissions(m.P_AdjustmentCreate), ctrl.Adjustment)       // Create adjustment
+	route.Get("/:id",m.RequirePermissions(m.P_AdjustmentGetOne), ctrl.GetOne)

 }
@@ -1,7 +1,7 @@
 package productStocks

 import (
-	// m "gitlab.com/mbugroup/lti-api.git/internal/middleware"
+	m "gitlab.com/mbugroup/lti-api.git/internal/middleware"
 	controller "gitlab.com/mbugroup/lti-api.git/internal/modules/inventory/product-stocks/controllers"
 	productStock "gitlab.com/mbugroup/lti-api.git/internal/modules/inventory/product-stocks/services"
 	user "gitlab.com/mbugroup/lti-api.git/internal/modules/users/services"
@@ -13,13 +13,13 @@ func ProductStockRoutes(v1 fiber.Router, u user.UserService, s productStock.Prod
 	ctrl := controller.NewProductStockController(s)

 	route := v1.Group("/product-stocks")
-
+route.Use(m.Auth(u))
 	// route.Get("/", m.Auth(u), ctrl.GetAll)
 	// route.Post("/", m.Auth(u), ctrl.CreateOne)
 	// route.Get("/:id", m.Auth(u), ctrl.GetOne)
 	// route.Patch("/:id", m.Auth(u), ctrl.UpdateOne)
 	// route.Delete("/:id", m.Auth(u), ctrl.DeleteOne)

-	route.Get("/", ctrl.GetAll)
-	route.Get("/:id", ctrl.GetOne)
+	route.Get("/",m.RequirePermissions(m.P_ProductStockGetAll), ctrl.GetAll)
+	route.Get("/:id",m.RequirePermissions(m.P_ProductStockGetOne), ctrl.GetOne)
 }
@@ -15,7 +15,7 @@ func ProductWarehouseRoutes(v1 fiber.Router, u user.UserService, s productWareho
 	route := v1.Group("/product-warehouses")
 	route.Use(m.Auth(u))

-	route.Get("/", ctrl.GetAll)
-	route.Get("/:id", ctrl.GetOne)
+	route.Get("/",m.RequirePermissions(m.P_ProductWarehousekGetAll), ctrl.GetAll)
+	route.Get("/:id",m.RequirePermissions(m.P_ProductWarehouseGetOne), ctrl.GetOne)

 }
@@ -15,8 +15,8 @@ func TransferRoutes(v1 fiber.Router, u user.UserService, s transfer.TransferServ
 	route := v1.Group("/transfers")
 	route.Use(m.Auth(u))

-	route.Get("/", ctrl.GetAll)
-	route.Post("/", ctrl.CreateOne)
-	route.Get("/:id", ctrl.GetOne)
+	route.Get("/",m.RequirePermissions(m.P_TransferGetAll), ctrl.GetAll)
+	route.Post("/",m.RequirePermissions(m.P_TransferCreateOne), ctrl.CreateOne)
+	route.Get("/:id",m.RequirePermissions(m.P_TransferGetOne), ctrl.GetOne)

 }
@@ -11,13 +11,12 @@ import (

 func DeliveryOrdersRoutes(v1 fiber.Router, u user.UserService, s deliveryOrders.DeliveryOrdersService) {
 	ctrl := controller.NewDeliveryOrdersController(s)
-
-	v1.Get("/", ctrl.GetAll)
-	v1.Get("/:id", ctrl.GetOne)
+	v1.Use(m.Auth(u))
+	v1.Get("/",m.RequirePermissions(m.P_DeliveryGetAll), ctrl.GetAll)
+	v1.Get("/:id",m.RequirePermissions(m.P_DeliveryGetOne), ctrl.GetOne)

 	// Sisanya di group /delivery-orders
 	route := v1.Group("/delivery-orders")
-	route.Use(m.Auth(u))

 	// route.Get("/", m.Auth(u), ctrl.GetAll)
 	// route.Post("/", m.Auth(u), ctrl.CreateOne)
@@ -25,7 +24,7 @@ func DeliveryOrdersRoutes(v1 fiber.Router, u user.UserService, s deliveryOrders.
 	// route.Patch("/:id", m.Auth(u), ctrl.UpdateOne)
 	// route.Delete("/:id", m.Auth(u), ctrl.DeleteOne)

-	route.Post("/", ctrl.CreateOne)
-	route.Patch("/:id", ctrl.UpdateOne)
+	route.Post("/",m.RequirePermissions(m.P_DeliveryCreateOne), ctrl.CreateOne)
+	route.Patch("/:id",m.RequirePermissions(m.P_DeliveryUpdateOne), ctrl.UpdateOne)

 }
@@ -11,17 +11,16 @@ import (

 func SalesOrdersRoutes(v1 fiber.Router, u user.UserService, s salesOrders.SalesOrdersService) {
 	ctrl := controller.NewSalesOrdersController(s)
-
-	v1.Delete("/:id", ctrl.DeleteOne)
+	v1.Use(m.Auth(u))
+	v1.Delete("/:id",m.RequirePermissions(m.P_SalesOrderDelete), ctrl.DeleteOne)
 	route := v1.Group("/sales-orders")
-	route.Use(m.Auth(u))

 	// route.Post("/", m.Auth(u), ctrl.CreateOne)
 	// route.Patch("/:id", m.Auth(u), ctrl.UpdateOne)
 	// route.Delete("/:id", m.Auth(u), ctrl.DeleteOne)

-	route.Post("/", ctrl.CreateOne)
-	route.Patch("/:id", ctrl.UpdateOne)
+	route.Post("/",m.RequirePermissions(m.P_SalesOrderCreateOne), ctrl.CreateOne)
+	route.Patch("/:id",m.RequirePermissions(m.P_SalesOrderUpdateOne), ctrl.UpdateOne)

-	route.Post("/approvals", ctrl.Approval)
+	route.Post("/approvals",m.RequirePermissions(m.P_SalesOrderApproval), ctrl.Approval)
 }
@@ -15,9 +15,9 @@ func AreaRoutes(v1 fiber.Router, u user.UserService, s area.AreaService) {
 	route := v1.Group("/areas")
 	route.Use(m.Auth(u))

-	route.Get("/", ctrl.GetAll)
-	route.Post("/", ctrl.CreateOne)
-	route.Get("/:id", ctrl.GetOne)
-	route.Patch("/:id", ctrl.UpdateOne)
-	route.Delete("/:id", ctrl.DeleteOne)
+	route.Get("/",m.RequirePermissions(m.P_AreaGetAll), ctrl.GetAll)
+	route.Post("/",m.RequirePermissions(m.P_AreaCreateOne), ctrl.CreateOne)
+	route.Get("/:id",m.RequirePermissions(m.P_AreaGetOne), ctrl.GetOne)
+	route.Patch("/:id",m.RequirePermissions(m.P_AreaUpdateOne), ctrl.UpdateOne)
+	route.Delete("/:id",m.RequirePermissions(m.P_AreaDeleteOne), ctrl.DeleteOne)
 }
@@ -14,10 +14,9 @@ func BankRoutes(v1 fiber.Router, u user.UserService, s bank.BankService) {

 	route := v1.Group("/banks")
 	route.Use(m.Auth(u))
-
-	route.Get("/", ctrl.GetAll)
-	route.Post("/", ctrl.CreateOne)
-	route.Get("/:id", ctrl.GetOne)
-	route.Patch("/:id", ctrl.UpdateOne)
-	route.Delete("/:id", ctrl.DeleteOne)
+	route.Get("/",m.RequirePermissions(m.P_BanksGetAll), ctrl.GetAll)
+	route.Post("/",m.RequirePermissions(m.P_BanksCreateOne), ctrl.CreateOne)
+	route.Get("/:id",m.RequirePermissions(m.P_BanksGetOne), ctrl.GetOne)
+	route.Patch("/:id",m.RequirePermissions(m.P_BanksUpdateOne), ctrl.UpdateOne)
+	route.Delete("/:id",m.RequirePermissions(m.P_BanksDeleteOne), ctrl.DeleteOne)
 }
@@ -15,9 +15,9 @@ func CustomerRoutes(v1 fiber.Router, u user.UserService, s customer.CustomerServ
 	route := v1.Group("/customers")
 	route.Use(m.Auth(u))

-	route.Get("/", ctrl.GetAll)
-	route.Post("/", ctrl.CreateOne)
-	route.Get("/:id", ctrl.GetOne)
-	route.Patch("/:id", ctrl.UpdateOne)
-	route.Delete("/:id", ctrl.DeleteOne)
+	route.Get("/",m.RequirePermissions(m.P_CustomerGetAll), ctrl.GetAll)
+	route.Post("/",m.RequirePermissions(m.P_CustomerCreateOne), ctrl.CreateOne)
+	route.Get("/:id",m.RequirePermissions(m.P_CustomerGetOne), ctrl.GetOne)
+	route.Patch("/:id",m.RequirePermissions(m.P_CustomerUpdateOne), ctrl.UpdateOne)
+	route.Delete("/:id",m.RequirePermissions(m.P_CustomerDeleteOne), ctrl.DeleteOne)
 }
@@ -15,9 +15,9 @@ func FcrRoutes(v1 fiber.Router, u user.UserService, s fcr.FcrService) {
 	route := v1.Group("/fcrs")
 	route.Use(m.Auth(u))

-	route.Get("/", ctrl.GetAll)
-	route.Post("/", ctrl.CreateOne)
-	route.Get("/:id", ctrl.GetOne)
-	route.Patch("/:id", ctrl.UpdateOne)
-	route.Delete("/:id", ctrl.DeleteOne)
+	route.Get("/",m.RequirePermissions(m.P_FcrGetAll), ctrl.GetAll)
+	route.Post("/",m.RequirePermissions(m.P_FcrCreateOne), ctrl.CreateOne)
+	route.Get("/:id",m.RequirePermissions(m.P_FcrGetOne), ctrl.GetOne)
+	route.Patch("/:id",m.RequirePermissions(m.P_FcrUpdateOne), ctrl.UpdateOne)
+	route.Delete("/:id",m.RequirePermissions(m.P_FcrDeleteOne), ctrl.DeleteOne)
 }
@@ -15,9 +15,9 @@ func FlockRoutes(v1 fiber.Router, u user.UserService, s flock.FlockService) {
 	route := v1.Group("/flocks")
 	route.Use(m.Auth(u))

-	route.Get("/", ctrl.GetAll)
-	route.Post("/", ctrl.CreateOne)
-	route.Get("/:id", ctrl.GetOne)
-	route.Patch("/:id", ctrl.UpdateOne)
-	route.Delete("/:id", ctrl.DeleteOne)
+	route.Get("/",m.RequirePermissions(m.P_FlocksGetAll), ctrl.GetAll)
+	route.Post("/",m.RequirePermissions(m.P_FlocksCreateOne), ctrl.CreateOne)
+	route.Get("/:id",m.RequirePermissions(m.P_FlocksGetOne), ctrl.GetOne)
+	route.Patch("/:id",m.RequirePermissions(m.P_FlocksUpdateOne), ctrl.UpdateOne)
+	route.Delete("/:id",m.RequirePermissions(m.P_FlocksDeleteOne), ctrl.DeleteOne)
 }
@@ -15,9 +15,9 @@ func KandangRoutes(v1 fiber.Router, u user.UserService, s kandang.KandangService
 	route := v1.Group("/kandangs")
 	route.Use(m.Auth(u))

-	route.Get("/", ctrl.GetAll)
-	route.Post("/", ctrl.CreateOne)
-	route.Get("/:id", ctrl.GetOne)
-	route.Patch("/:id", ctrl.UpdateOne)
-	route.Delete("/:id", ctrl.DeleteOne)
+	route.Get("/",m.RequirePermissions(m.P_KandangsGetAll), ctrl.GetAll)
+	route.Post("/",m.RequirePermissions(m.P_KandangsCreateOne), ctrl.CreateOne)
+	route.Get("/:id",m.RequirePermissions(m.P_KandangsGetOne), ctrl.GetOne)
+	route.Patch("/:id",m.RequirePermissions(m.P_KandangsUpdateOne), ctrl.UpdateOne)
+	route.Delete("/:id",m.RequirePermissions(m.P_KandangsDeleteOne), ctrl.DeleteOne)
 }
@@ -15,9 +15,9 @@ func LocationRoutes(v1 fiber.Router, u user.UserService, s location.LocationServ
 	route := v1.Group("/locations")
 	route.Use(m.Auth(u))

-	route.Get("/", ctrl.GetAll)
-	route.Post("/", ctrl.CreateOne)
-	route.Get("/:id", ctrl.GetOne)
-	route.Patch("/:id", ctrl.UpdateOne)
-	route.Delete("/:id", ctrl.DeleteOne)
+	route.Get("/",m.RequirePermissions(m.P_LocationsGetAll), ctrl.GetAll)
+	route.Post("/",m.RequirePermissions(m.P_LocationsCreateOne), ctrl.CreateOne)
+	route.Get("/:id",m.RequirePermissions(m.P_LocationsGetOne), ctrl.GetOne)
+	route.Patch("/:id",m.RequirePermissions(m.P_LocationsUpdateOne), ctrl.UpdateOne)
+	route.Delete("/:id",m.RequirePermissions(m.P_LocationsDeleteOne), ctrl.DeleteOne)
 }
@@ -15,9 +15,9 @@ func NonstockRoutes(v1 fiber.Router, u user.UserService, s nonstock.NonstockServ
 	route := v1.Group("/nonstocks")
 	route.Use(m.Auth(u))

-	route.Get("/", ctrl.GetAll)
-	route.Post("/", ctrl.CreateOne)
-	route.Get("/:id", ctrl.GetOne)
-	route.Patch("/:id", ctrl.UpdateOne)
-	route.Delete("/:id", ctrl.DeleteOne)
+	route.Get("/",m.RequirePermissions(m.P_NonstocksGetAll), ctrl.GetAll)
+	route.Post("/",m.RequirePermissions(m.P_NonstocksCreateOne), ctrl.CreateOne)
+	route.Get("/:id",m.RequirePermissions(m.P_NonstocksGetOne), ctrl.GetOne)
+	route.Patch("/:id",m.RequirePermissions(m.P_NonstocksUpdateOne), ctrl.UpdateOne)
+	route.Delete("/:id",m.RequirePermissions(m.P_NonstocksDeleteOne), ctrl.DeleteOne)
 }
@@ -15,9 +15,9 @@ func ProductCategoryRoutes(v1 fiber.Router, u user.UserService, s productCategor
 	route := v1.Group("/product-categories")
 	route.Use(m.Auth(u))

-	route.Get("/", ctrl.GetAll)
-	route.Post("/", ctrl.CreateOne)
-	route.Get("/:id", ctrl.GetOne)
-	route.Patch("/:id", ctrl.UpdateOne)
-	route.Delete("/:id", ctrl.DeleteOne)
+	route.Get("/",m.RequirePermissions(m.P_ProductCategoriesGetAll), ctrl.GetAll)
+	route.Post("/",m.RequirePermissions(m.P_ProductCategoriesCreateOne), ctrl.CreateOne)
+	route.Get("/:id",m.RequirePermissions(m.P_ProductCategoriesGetOne), ctrl.GetOne)
+	route.Patch("/:id",m.RequirePermissions(m.P_ProductCategoriesUpdateOne), ctrl.UpdateOne)
+	route.Delete("/:id",m.RequirePermissions(m.P_ProductCategoriesDeleteOne), ctrl.DeleteOne)
 }
@@ -15,9 +15,9 @@ func ProductRoutes(v1 fiber.Router, u user.UserService, s product.ProductService
 	route := v1.Group("/products")
 	route.Use(m.Auth(u))

-	route.Get("/", ctrl.GetAll)
-	route.Post("/", ctrl.CreateOne)
-	route.Get("/:id", ctrl.GetOne)
-	route.Patch("/:id", ctrl.UpdateOne)
-	route.Delete("/:id", ctrl.DeleteOne)
+	route.Get("/",m.RequirePermissions(m.P_ProductsGetAll), ctrl.GetAll)
+	route.Post("/",m.RequirePermissions(m.P_ProductsCreateOne), ctrl.CreateOne)
+	route.Get("/:id",m.RequirePermissions(m.P_ProductsGetOne), ctrl.GetOne)
+	route.Patch("/:id",m.RequirePermissions(m.P_ProductsUpdateOne), ctrl.UpdateOne)
+	route.Delete("/:id",m.RequirePermissions(m.P_ProductsDeleteOne), ctrl.DeleteOne)
 }
@@ -15,9 +15,9 @@ func SupplierRoutes(v1 fiber.Router, u user.UserService, s supplier.SupplierServ
 	route := v1.Group("/suppliers")
 	route.Use(m.Auth(u))

-	route.Get("/", ctrl.GetAll)
-	route.Post("/", ctrl.CreateOne)
-	route.Get("/:id", ctrl.GetOne)
-	route.Patch("/:id", ctrl.UpdateOne)
-	route.Delete("/:id", ctrl.DeleteOne)
+	route.Get("/",m.RequirePermissions(m.P_SuppliersGetAll), ctrl.GetAll)
+	route.Post("/",m.RequirePermissions(m.P_SuppliersCreateOne), ctrl.CreateOne)
+	route.Get("/:id",m.RequirePermissions(m.P_SuppliersGetOne), ctrl.GetOne)
+	route.Patch("/:id",m.RequirePermissions(m.P_SuppliersUpdateOne), ctrl.UpdateOne)
+	route.Delete("/:id",m.RequirePermissions(m.P_SuppliersDeleteOne), ctrl.DeleteOne)
 }
@@ -20,4 +20,10 @@ func UomRoutes(v1 fiber.Router, u user.UserService, s uom.UomService) {
 	route.Get("/:id", ctrl.GetOne)
 	route.Patch("/:id", ctrl.UpdateOne)
 	route.Delete("/:id", ctrl.DeleteOne)
+
+	route.Get("/",m.RequirePermissions(m.P_AreaGetAll), ctrl.GetAll)
+	route.Post("/",m.RequirePermissions(m.P_AreaCreateOne), ctrl.CreateOne)
+	route.Get("/:id",m.RequirePermissions(m.P_AreaGetOne), ctrl.GetOne)
+	route.Patch("/:id",m.RequirePermissions(m.P_AreaUpdateOne), ctrl.UpdateOne)
+	route.Delete("/:id",m.RequirePermissions(m.P_AreaDeleteOne), ctrl.DeleteOne)
 }
@@ -15,9 +15,9 @@ func WarehouseRoutes(v1 fiber.Router, u user.UserService, s warehouse.WarehouseS
 	route := v1.Group("/warehouses")
 	route.Use(m.Auth(u))

-	route.Get("/", ctrl.GetAll)
-	route.Post("/", ctrl.CreateOne)
-	route.Get("/:id", ctrl.GetOne)
-	route.Patch("/:id", ctrl.UpdateOne)
-	route.Delete("/:id", ctrl.DeleteOne)
+	route.Get("/",m.RequirePermissions(m.P_WarehousesGetAll), ctrl.GetAll)
+	route.Post("/",m.RequirePermissions(m.P_WarehousesCreateOne), ctrl.CreateOne)
+	route.Get("/:id",m.RequirePermissions(m.P_WarehousesGetOne), ctrl.GetOne)
+	route.Patch("/:id",m.RequirePermissions(m.P_WarehousesUpdateOne), ctrl.UpdateOne)
+	route.Delete("/:id",m.RequirePermissions(m.P_WarehousesDeleteOne), ctrl.DeleteOne)
 }
@@ -16,9 +16,9 @@ func ChickinRoutes(v1 fiber.Router, u user.UserService, s chickin.ChickinService
 	route.Use(m.Auth(u))

 	// route.Get("/", ctrl.GetAll)
-	route.Post("/", ctrl.CreateOne)
-	route.Get("/:id", ctrl.GetOne)
+	route.Post("/",m.RequirePermissions(m.P_ChickinsCreateOne), ctrl.CreateOne)
+	route.Get("/:id",m.RequirePermissions(m.P_ChickinsGetOne), ctrl.GetOne)
 	// route.Patch("/:id", ctrl.UpdateOne)
 	// route.Delete("/:id", ctrl.DeleteOne)
-	route.Post("/approvals", ctrl.Approval)
+	route.Post("/approvals",m.RequirePermissions(m.P_ChickinsApproval), ctrl.Approval)
 }
@@ -14,12 +14,6 @@ func ProjectFlockKandangRoutes(v1 fiber.Router, u user.UserService, s projectFlo

 	route := v1.Group("/project-flock-kandangs")
 	route.Use(m.Auth(u))
-	// route.Get("/", m.Auth(u), ctrl.GetAll)
-	// route.Post("/", m.Auth(u), ctrl.CreateOne)
-	// route.Get("/:id", m.Auth(u), ctrl.GetOne)
-	// route.Patch("/:id", m.Auth(u), ctrl.UpdateOne)
-	// route.Delete("/:id", m.Auth(u), ctrl.DeleteOne)
-
 	route.Get("/",m.RequirePermissions(m.P_ProjectFlockKandangsGetAll), ctrl.GetAll)
 	route.Get("/:id",m.RequirePermissions(m.P_ProjectFlockKandangsGetOne), ctrl.GetOne)

@@ -15,11 +15,11 @@ func RecordingRoutes(v1 fiber.Router, u user.UserService, s recording.RecordingS
 	route := v1.Group("/recordings")
 	route.Use(m.Auth(u))

-	route.Get("/", ctrl.GetAll)
-	route.Get("/next-day", ctrl.GetNextDay)
-	route.Post("/", ctrl.CreateOne)
-	route.Get("/:id", ctrl.GetOne)
-	route.Patch("/:id", ctrl.UpdateOne)
-	route.Post("/approvals", ctrl.Approve)
-	route.Delete("/:id", ctrl.DeleteOne)
+	route.Get("/",m.RequirePermissions(m.P_RecordingGetAll), ctrl.GetAll)
+	route.Get("/:id",m.RequirePermissions(m.P_RecordingGetOne), ctrl.GetOne)
+	route.Post("/",m.RequirePermissions(m.P_RecordingCreateOne), ctrl.CreateOne)
+	route.Patch("/:id",m.RequirePermissions(m.P_RecordingUpdateOne), ctrl.UpdateOne)
+	route.Delete("/:id",m.RequirePermissions(m.P_RecordingDeleteOne), ctrl.DeleteOne)
+	route.Get("/next-day",m.RequirePermissions(m.P_RecordingNextDay), ctrl.GetNextDay)
+	route.Post("/approvals",m.RequirePermissions(m.P_RecordingApproval), ctrl.Approve)
 }
@@ -15,12 +15,12 @@ func Routes(router fiber.Router, purchaseService service.PurchaseService, userSe
 	route := router.Group("/purchases")
 	route.Use(m.Auth(userService))

-	route.Get("/", ctrl.GetAll)
-	route.Get("/:id", ctrl.GetOne)
-	route.Post("/", ctrl.CreateOne)
-	route.Post("/:id/approvals/staff", ctrl.ApproveStaffPurchase)
-	route.Post("/:id/approvals/manager", ctrl.ApproveManagerPurchase)
-	route.Post("/:id/receipts", ctrl.ReceiveProducts)
-	route.Delete("/:id", ctrl.DeletePurchase)
-	route.Delete("/:id/items", ctrl.DeleteItems)
+	route.Get("/",m.RequirePermissions(m.P_PurchaseGetAll), ctrl.GetAll)
+	route.Get("/:id",m.RequirePermissions(m.P_PurchaseGetOne), ctrl.GetOne)
+	route.Post("/",m.RequirePermissions(m.P_PurchaseCreateOne), ctrl.CreateOne)
+	route.Post("/:id/approvals/staff",m.RequirePermissions(m.P_PurchaseApprovalStaff), ctrl.ApproveStaffPurchase)
+	route.Post("/:id/approvals/manager",m.RequirePermissions(m.P_PurchaseApprovalManager), ctrl.ApproveManagerPurchase)
+	route.Post("/:id/receipts",m.RequirePermissions(m.P_PurchaseReceive), ctrl.ReceiveProducts)
+	route.Delete("/:id",m.RequirePermissions(m.P_RecordingDeleteOne), ctrl.DeletePurchase)
+	route.Delete("/:id/items",m.RequirePermissions(m.P_PurchaseItemDeleteOne), ctrl.DeleteItems)
 }
@@ -14,9 +14,9 @@ func UserRoutes(v1 fiber.Router, s user.UserService) {
 	route := v1.Group("/users")
 	route.Use(m.Auth(s))

-	route.Get("/", m.RequirePermissions("lti.users.list"), ctrl.GetAll)
+	route.Get("/", m.RequirePermissions(m.P_UserGetAll), ctrl.GetAll)
 	// route.Post("/", ctrl.CreateOne)
-	route.Get("/:id", m.RequirePermissions("lti.users.detail"), ctrl.GetOne)
+	route.Get("/:id", m.RequirePermissions(m.P_UserGetOne), ctrl.GetOne)
 	// route.Patch("/:id", ctrl.UpdateOne)
 	// route.Delete("/:id", ctrl.DeleteOne)
 }