Merge branch 'feat/BE/sso-adjustment' into 'development'

[FIX/BE-US]add feature restrict by location and areas in roles

See merge request mbugroup/lti-api!189

internal/modules/closings/services/closing.service.go

@@ -12,6 +12,7 @@ import (
 
 	commonSvc "gitlab.com/mbugroup/lti-api.git/internal/common/service"
 	entity "gitlab.com/mbugroup/lti-api.git/internal/entities"
+	m "gitlab.com/mbugroup/lti-api.git/internal/middleware"
 	"gitlab.com/mbugroup/lti-api.git/internal/modules/closings/dto"
 	repository "gitlab.com/mbugroup/lti-api.git/internal/modules/closings/repositories"
 	validation "gitlab.com/mbugroup/lti-api.git/internal/modules/closings/validations"
@@ -98,6 +99,11 @@ func (s closingService) GetAll(c *fiber.Ctx, params *validation.Query) ([]dto.Cl
 		return nil, 0, err
 	}
 
+	scope, err := m.ResolveLocationScope(c, s.Repository.DB())
+	if err != nil {
+		return nil, 0, err
+	}
+
 	offset := (params.Page - 1) * params.Limit
 	statusFilter := ""
 	if params.ProjectStatus != nil {
@@ -111,6 +117,12 @@ func (s closingService) GetAll(c *fiber.Ctx, params *validation.Query) ([]dto.Cl
 
 	closings, total, err := s.Repository.GetAll(c.Context(), offset, params.Limit, func(db *gorm.DB) *gorm.DB {
 		db = s.withClosingRelations(db)
+		if scope.Restrict {
+			if len(scope.IDs) == 0 {
+				return db.Where("1 = 0")
+			}
+			db = m.ApplyScopeFilter(db, scope, "project_flocks.location_id")
+		}
 		if params.LocationID != nil {
 			db = db.Where("location_id = ?", *params.LocationID)
 		}
@@ -150,6 +162,10 @@ func (s closingService) GetAll(c *fiber.Ctx, params *validation.Query) ([]dto.Cl
 }
 
 func (s closingService) GetProjectFlockByID(c *fiber.Ctx, id uint) (*entity.ProjectFlock, error) {
+	if err := m.EnsureProjectFlockAccess(c, s.Repository.DB(), id); err != nil {
+		return nil, err
+	}
+
 	projectFlock, err := s.ProjectFlockRepo.GetByID(c.Context(), id, s.withRelations)
 	if errors.Is(err, gorm.ErrRecordNotFound) {
 		return nil, fiber.NewError(fiber.StatusNotFound, "Project Flock not found")
@@ -161,6 +177,13 @@ func (s closingService) GetProjectFlockByID(c *fiber.Ctx, id uint) (*entity.Proj
 }
 
 func (s closingService) GetPenjualan(c *fiber.Ctx, projectFlockID uint, projectFlockKandangID *uint) ([]entity.MarketingDeliveryProduct, error) {
+	if projectFlockKandangID != nil {
+		if err := m.EnsureProjectFlockKandangAccess(c, s.Repository.DB(), projectFlockID, *projectFlockKandangID); err != nil {
+			return nil, err
+		}
+	} else if err := m.EnsureProjectFlockAccess(c, s.Repository.DB(), projectFlockID); err != nil {
+		return nil, err
+	}
 
 	realisasi, err := s.MarketingDeliveryProductRepo.GetClosingPenjualan(c.Context(), projectFlockID, projectFlockKandangID)
 	if err != nil {
@@ -174,8 +197,8 @@ func (s closingService) GetPenjualan(c *fiber.Ctx, projectFlockID uint, projectF
 }
 
 func (s closingService) GetClosingSummary(c *fiber.Ctx, projectFlockID uint, kandangID *uint) (any, error) {
-	if projectFlockID == 0 {
-		return nil, fiber.NewError(fiber.StatusBadRequest, "Invalid project flock id")
+	if err := m.EnsureProjectFlockAccess(c, s.Repository.DB(), projectFlockID); err != nil {
+		return nil, err
 	}
 
 	if kandangID != nil {
@@ -321,8 +344,8 @@ func (s closingService) getClosingSummaryByKandang(ctx context.Context, projectF
 }
 
 func (s closingService) GetClosingSapronak(c *fiber.Ctx, projectFlockID uint, params *validation.ClosingSapronakQuery) ([]dto.ClosingSapronakItemDTO, int64, error) {
-	if projectFlockID == 0 {
-		return nil, 0, fiber.NewError(fiber.StatusBadRequest, "Invalid project flock id")
+	if err := m.EnsureProjectFlockAccess(c, s.Repository.DB(), projectFlockID); err != nil {
+		return nil, 0, err
 	}
 
 	if params == nil {
@@ -344,14 +367,6 @@ func (s closingService) GetClosingSapronak(c *fiber.Ctx, projectFlockID uint, pa
 		return nil, 0, fiber.NewError(fiber.StatusBadRequest, "type must be either incoming or outgoing")
 	}
 
-	if _, err := s.Repository.GetByID(c.Context(), projectFlockID, nil); err != nil {
-		if errors.Is(err, gorm.ErrRecordNotFound) {
-			return nil, 0, fiber.NewError(fiber.StatusNotFound, "Project flock tidak ditemukan")
-		}
-		s.Log.Errorf("Failed get project flock %d for sapronak closing: %+v", projectFlockID, err)
-		return nil, 0, fiber.NewError(fiber.StatusInternalServerError, "Failed to fetch project flock")
-	}
-
 	warehouseIDs, err := s.getWarehouseIDsByProjectFlock(c.Context(), projectFlockID)
 	if err != nil {
 		s.Log.Errorf("Failed to fetch warehouses for project flock %d: %+v", projectFlockID, err)
@@ -580,6 +595,14 @@ func (s closingService) getApprovalStatuses(ctx context.Context, projectFlockID
 }
 
 func (s closingService) GetOverhead(c *fiber.Ctx, projectFlockID uint, projectFlockKandangID *uint) (*dto.OverheadListDTO, error) {
+	if projectFlockKandangID != nil {
+		if err := m.EnsureProjectFlockKandangAccess(c, s.Repository.DB(), projectFlockID, *projectFlockKandangID); err != nil {
+			return nil, err
+		}
+	} else if err := m.EnsureProjectFlockAccess(c, s.Repository.DB(), projectFlockID); err != nil {
+		return nil, err
+	}
+
 	budgets, err := s.ProjectBudgetRepo.GetByProjectFlockID(c.Context(), projectFlockID)
 	if err != nil {
 		return nil, err
@@ -668,8 +691,12 @@ func (s closingService) GetOverhead(c *fiber.Ctx, projectFlockID uint, projectFl
 }
 
 func (s closingService) GetExpeditionHPP(c *fiber.Ctx, projectFlockID uint, projectFlockKandangID *uint) (*dto.ExpeditionHPPDTO, error) {
-	if projectFlockID == 0 {
-		return nil, fiber.NewError(fiber.StatusBadRequest, "Invalid project flock id")
+	if projectFlockKandangID != nil {
+		if err := m.EnsureProjectFlockKandangAccess(c, s.Repository.DB(), projectFlockID, *projectFlockKandangID); err != nil {
+			return nil, err
+		}
+	} else if err := m.EnsureProjectFlockAccess(c, s.Repository.DB(), projectFlockID); err != nil {
+		return nil, err
 	}
 
 	rows, err := s.Repository.GetExpeditionHPP(c.Context(), projectFlockID, projectFlockKandangID)