feat/BE/US-304/TASK-307,306-adjustment middleware check if user have permission,create all permission in modules lti

internal/modules/purchases/route.go

@@ -15,12 +15,12 @@ func Routes(router fiber.Router, purchaseService service.PurchaseService, userSe
 	route := router.Group("/purchases")
 	route.Use(m.Auth(userService))
 
-	route.Get("/", ctrl.GetAll)
-	route.Get("/:id", ctrl.GetOne)
-	route.Post("/", ctrl.CreateOne)
-	route.Post("/:id/approvals/staff", ctrl.ApproveStaffPurchase)
-	route.Post("/:id/approvals/manager", ctrl.ApproveManagerPurchase)
-	route.Post("/:id/receipts", ctrl.ReceiveProducts)
-	route.Delete("/:id", ctrl.DeletePurchase)
-	route.Delete("/:id/items", ctrl.DeleteItems)
+	route.Get("/",m.RequirePermissions(m.P_PurchaseGetAll), ctrl.GetAll)
+	route.Get("/:id",m.RequirePermissions(m.P_PurchaseGetOne), ctrl.GetOne)
+	route.Post("/",m.RequirePermissions(m.P_PurchaseCreateOne), ctrl.CreateOne)
+	route.Post("/:id/approvals/staff",m.RequirePermissions(m.P_PurchaseApprovalStaff), ctrl.ApproveStaffPurchase)
+	route.Post("/:id/approvals/manager",m.RequirePermissions(m.P_PurchaseApprovalManager), ctrl.ApproveManagerPurchase)
+	route.Post("/:id/receipts",m.RequirePermissions(m.P_PurchaseReceive), ctrl.ReceiveProducts)
+	route.Delete("/:id",m.RequirePermissions(m.P_RecordingDeleteOne), ctrl.DeletePurchase)
+	route.Delete("/:id/items",m.RequirePermissions(m.P_PurchaseItemDeleteOne), ctrl.DeleteItems)
 }