Merge branch 'feat/BE/sso-adjustment' into 'development'

[FIX/BE-US]add feature restrict by location and areas in roles See merge request mbugroup/lti-api!189
2026-05-20 13:31:56 +00:00 · 2026-01-28 11:22:47 +07:00
parent b468ba3df9 8410573ee6
commit 9dd4a93476
50 changed files with 2584 additions and 171 deletions
@@ -88,9 +88,14 @@ func (s projectFlockKandangService) GetAll(c *fiber.Ctx, params *validation.Quer
 		return nil, 0, err
 	}

+	scope, err := m.ResolveLocationScope(c, s.Repository.DB())
+	if err != nil {
+		return nil, 0, err
+	}
+
 	offset := (params.Page - 1) * params.Limit

-	projectFlockKandangs, total, err := s.Repository.GetAllWithFilters(c.Context(), offset, params.Limit, params)
+	projectFlockKandangs, total, err := s.Repository.GetAllWithFiltersScoped(c.Context(), offset, params.Limit, params, scope.IDs, scope.Restrict)

 	if err != nil {
 		s.Log.Errorf("Failed to get projectFlockKandangs: %+v", err)
@@ -106,6 +111,28 @@ func (s projectFlockKandangService) GetAll(c *fiber.Ctx, params *validation.Quer
 }

 func (s projectFlockKandangService) GetOne(c *fiber.Ctx, id uint) (*entity.ProjectFlockKandang, map[uint]float64, []entity.ProductWarehouse, error) {
+	scope, err := m.ResolveLocationScope(c, s.Repository.DB())
+	if err != nil {
+		return nil, nil, nil, err
+	}
+	if scope.Restrict {
+		if len(scope.IDs) == 0 {
+			return nil, nil, nil, fiber.NewError(fiber.StatusNotFound, "ProjectFlockKandang not found")
+		}
+		var count int64
+		if err := s.Repository.DB().WithContext(c.Context()).
+			Table("project_flock_kandangs").
+			Joins("JOIN project_flocks ON project_flocks.id = project_flock_kandangs.project_flock_id").
+			Where("project_flock_kandangs.id = ?", id).
+			Where("project_flocks.location_id IN ?", scope.IDs).
+			Count(&count).Error; err != nil {
+			return nil, nil, nil, err
+		}
+		if count == 0 {
+			return nil, nil, nil, fiber.NewError(fiber.StatusNotFound, "ProjectFlockKandang not found")
+		}
+	}
+
 	projectFlockKandang, err := s.Repository.GetByID(c.Context(), id)
 	if errors.Is(err, gorm.ErrRecordNotFound) {
 		return nil, nil, nil, fiber.NewError(fiber.StatusNotFound, "ProjectFlockKandang not found")
@@ -12,6 +12,7 @@ import (
 	service "gitlab.com/mbugroup/lti-api.git/internal/modules/production/project_flocks/services"
 	validation "gitlab.com/mbugroup/lti-api.git/internal/modules/production/project_flocks/validations"
 	"gitlab.com/mbugroup/lti-api.git/internal/response"
+	"gitlab.com/mbugroup/lti-api.git/internal/utils"

 	"github.com/gofiber/fiber/v2"
 )
@@ -76,6 +77,7 @@ func (u *ProjectflockController) GetAll(c *fiber.Ctx) error {
 		query.Category = category

 	}
+	query.TransferContext = c.Query(utils.TransferContextKey, "")

 	if kandangRaw := c.Query("kandang_id", c.Query("kandang_ids", "")); kandangRaw != "" {
 		ids, err := parseUintList(kandangRaw)
@@ -14,6 +14,7 @@ import (
 type ProjectflockRepository interface {
 	repository.BaseRepository[entity.ProjectFlock]
 	GetAllWithFilters(ctx context.Context, offset, limit int, params *validation.Query) ([]entity.ProjectFlock, int64, error)
+	GetAllWithFiltersScoped(ctx context.Context, offset, limit int, params *validation.Query, locationIDs []uint, restrict bool) ([]entity.ProjectFlock, int64, error)
 	WithDefaultRelations() func(*gorm.DB) *gorm.DB
 	ExistsByFlockName(ctx context.Context, flockName string, excludeID *uint) (bool, error)
 	GetNextPeriodsForKandangs(ctx context.Context, kandangIDs []uint) (map[uint]int, error)
@@ -48,6 +49,19 @@ func (r *ProjectflockRepositoryImpl) GetAllWithFilters(ctx context.Context, offs
 	})
 }

+func (r *ProjectflockRepositoryImpl) GetAllWithFiltersScoped(ctx context.Context, offset, limit int, params *validation.Query, locationIDs []uint, restrict bool) ([]entity.ProjectFlock, int64, error) {
+	return r.GetAll(ctx, offset, limit, func(db *gorm.DB) *gorm.DB {
+		db = r.applyQueryFilters(r.WithDefaultRelations()(db), params)
+		if restrict {
+			if len(locationIDs) == 0 {
+				return db.Where("1 = 0")
+			}
+			db = db.Where("project_flocks.location_id IN ?", locationIDs)
+		}
+		return db
+	})
+}
+
 func (r *ProjectflockRepositoryImpl) WithDefaultRelations() func(*gorm.DB) *gorm.DB {
 	return func(db *gorm.DB) *gorm.DB {
 		return db.
@@ -20,6 +20,7 @@ type ProjectFlockKandangRepository interface {
 	DeleteMany(ctx context.Context, projectFlockID uint, kandangIDs []uint) error
 	GetAll(ctx context.Context, offset int, limit int, modifier func(*gorm.DB) *gorm.DB) ([]entity.ProjectFlockKandang, int64, error)
 	GetAllWithFilters(ctx context.Context, offset int, limit int, params interface{}) ([]entity.ProjectFlockKandang, int64, error)
+	GetAllWithFiltersScoped(ctx context.Context, offset int, limit int, params interface{}, locationIDs []uint, restrict bool) ([]entity.ProjectFlockKandang, int64, error)
 	GetByProjectFlockID(ctx context.Context, projectFlockID uint) ([]entity.ProjectFlockKandang, error)
 	ListExistingKandangIDs(ctx context.Context, projectFlockID uint, kandangIDs []uint) ([]uint, error)
 	HasKandangsLinkedToOtherProject(ctx context.Context, kandangIDs []uint, exceptProjectID *uint) (bool, error)
@@ -197,6 +198,104 @@ func (r *projectFlockKandangRepositoryImpl) GetAllWithFilters(ctx context.Contex
 	return records, total, nil
 }

+func (r *projectFlockKandangRepositoryImpl) GetAllWithFiltersScoped(ctx context.Context, offset int, limit int, params interface{}, locationIDs []uint, restrict bool) ([]entity.ProjectFlockKandang, int64, error) {
+	var records []entity.ProjectFlockKandang
+	var total int64
+
+	query, ok := params.(*validation.Query)
+
+	q := r.db.WithContext(ctx).
+		Joins("JOIN \"kandangs\" ON \"project_flock_kandangs\".\"kandang_id\" = \"kandangs\".\"id\"").
+		Joins("JOIN \"project_flocks\" ON \"project_flock_kandangs\".\"project_flock_id\" = \"project_flocks\".\"id\"").
+		Preload("ProjectFlock").
+		Preload("ProjectFlock.Fcr").
+		Preload("ProjectFlock.Area").
+		Preload("ProjectFlock.Location").
+		Preload("ProjectFlock.CreatedUser").
+		Preload("ProjectFlock.Kandangs").
+		Preload("ProjectFlock.KandangHistory").
+		Preload("Kandang").
+		Preload("Chickins").
+		Preload("Chickins.CreatedUser").
+		Preload("Chickins.ProductWarehouse")
+
+	if restrict {
+		if len(locationIDs) == 0 {
+			return []entity.ProjectFlockKandang{}, 0, nil
+		}
+		q = q.Where("\"project_flocks\".\"location_id\" IN ?", locationIDs)
+	}
+
+	if ok && query != nil && query.StepName != "" {
+		q = q.Where(`
+			EXISTS (
+				SELECT 1 FROM "approvals"
+				WHERE "approvals"."approvable_id" = "project_flock_kandangs"."id"
+				AND "approvals"."approvable_type" = ?
+				AND LOWER("approvals"."step_name") = LOWER(?)
+				AND "approvals"."id" IN (
+					SELECT "approvals"."id" FROM "approvals"
+					WHERE "approvals"."approvable_id" = "project_flock_kandangs"."id"
+					AND "approvals"."approvable_type" = ?
+					ORDER BY "approvals"."id" DESC
+					LIMIT 1
+				)
+			)
+		`, "PROJECT_FLOCK_KANDANGS", query.StepName, "PROJECT_FLOCK_KANDANGS")
+	}
+
+	if ok && query != nil {
+		if query.Search != "" {
+			escapedSearch := strings.NewReplacer("\\", "\\\\", "%", "\\%", "_", "\\_").Replace(query.Search)
+			q = q.Where(
+				r.db.Where("LOWER(\"kandangs\".\"name\") LIKE LOWER(?) ESCAPE '\\'", "%"+escapedSearch+"%").
+					Or("LOWER(\"project_flocks\".\"flock_name\") LIKE LOWER(?) ESCAPE '\\'", "%"+escapedSearch+"%"),
+			)
+		}
+
+		if query.ProjectFlockId > 0 {
+			q = q.Where("\"project_flock_kandangs\".\"project_flock_id\" = ?", query.ProjectFlockId)
+		}
+
+		if query.KandangId > 0 {
+			q = q.Where("\"project_flock_kandangs\".\"kandang_id\" = ?", query.KandangId)
+		}
+
+		if query.Category != "" {
+			q = q.Where("\"project_flocks\".\"category\" = ?", query.Category)
+		}
+
+		if query.AreaId > 0 {
+			q = q.Where("\"project_flocks\".\"area_id\" = ?", query.AreaId)
+		}
+	}
+
+	if err := q.Model(&entity.ProjectFlockKandang{}).Count(&total).Error; err != nil {
+		return nil, 0, err
+	}
+
+	sortBy := "\"project_flock_kandangs\".\"created_at\" DESC"
+	if ok && query != nil && query.SortBy != "" {
+		sortOrder := "DESC"
+		if query.SortOrder == "ASC" {
+			sortOrder = "ASC"
+		}
+
+		switch query.SortBy {
+		case "created_at":
+			sortBy = "\"project_flock_kandangs\".\"created_at\" " + sortOrder
+		case "period":
+			sortBy = "\"project_flocks\".\"period\" " + sortOrder
+		}
+	}
+
+	if err := q.Order(sortBy).Offset(offset).Limit(limit).Find(&records).Error; err != nil {
+		return nil, 0, err
+	}
+
+	return records, total, nil
+}
+
 func (r *projectFlockKandangRepositoryImpl) WithTx(tx *gorm.DB) ProjectFlockKandangRepository {
 	return &projectFlockKandangRepositoryImpl{db: tx}
 }
@@ -117,9 +117,20 @@ func (s projectflockService) GetAll(c *fiber.Ctx, params *validation.Query) ([]e
 		return nil, 0, nil, err
 	}

+	scope, err := m.ResolveLocationScope(c, s.Repository.DB())
+	if err != nil {
+		return nil, 0, nil, err
+	}
+	if params.TransferContext == utils.TransferContextTransferToLaying {
+		if m.HasPermission(c, m.P_TransferToLaying_CreateOne) || m.HasPermission(c, m.P_TransferToLaying_UpdateOne) {
+			scope.Restrict = false
+			scope.IDs = nil
+		}
+	}
+
 	offset := (params.Page - 1) * params.Limit

-	projectflocks, total, err := s.Repository.GetAllWithFilters(c.Context(), offset, params.Limit, params)
+	projectflocks, total, err := s.Repository.GetAllWithFiltersScoped(c.Context(), offset, params.Limit, params, scope.IDs, scope.Restrict)

 	if err != nil {
 		s.Log.Errorf("Failed to get projectflocks: %+v", err)
@@ -193,7 +204,16 @@ func (s projectflockService) getOneEntityOnly(c *fiber.Ctx, id uint) (*entity.Pr
 }

 func (s projectflockService) GetOne(c *fiber.Ctx, id uint) (*entity.ProjectFlock, *flockDTO.FlockRelationDTO, error) {
-	projectflock, err := s.Repository.GetByID(c.Context(), id, s.Repository.WithDefaultRelations())
+	scope, err := m.ResolveLocationScope(c, s.Repository.DB())
+	if err != nil {
+		return nil, nil, err
+	}
+
+	projectflock, err := s.Repository.GetByID(c.Context(), id, func(db *gorm.DB) *gorm.DB {
+		db = s.Repository.WithDefaultRelations()(db)
+		db = m.ApplyScopeFilter(db, scope, "project_flocks.location_id")
+		return db
+	})
 	if errors.Is(err, gorm.ErrRecordNotFound) {
 		return nil, nil, fiber.NewError(fiber.StatusNotFound, "Projectflock not found")
 	}
@@ -12,16 +12,17 @@ type Create struct {
 }

 type Query struct {
-	Page       int    `query:"page" validate:"omitempty,number,min=1"`
-	Limit      int    `query:"limit" validate:"omitempty,number,min=1,max=100"`
-	Search     string `query:"search" validate:"omitempty,max=50"`
-	SortBy     string `query:"sort_by" validate:"omitempty"`
-	SortOrder  string `query:"sort_order" validate:"omitempty,oneof=asc desc"`
-	AreaId     uint   `query:"area_id" validate:"omitempty,number,gt=0"`
-	LocationId uint   `query:"location_id" validate:"omitempty,number,gt=0"`
-	Period     int    `query:"period" validate:"omitempty,number,gt=0"`
-	Category   string `query:"category" validate:"omitempty"`
-	KandangIds []uint `query:"kandang_id" validate:"omitempty,dive,gt=0"`
+	Page            int    `query:"page" validate:"omitempty,number,min=1"`
+	Limit           int    `query:"limit" validate:"omitempty,number,min=1,max=100"`
+	Search          string `query:"search" validate:"omitempty,max=50"`
+	SortBy          string `query:"sort_by" validate:"omitempty"`
+	SortOrder       string `query:"sort_order" validate:"omitempty,oneof=asc desc"`
+	AreaId          uint   `query:"area_id" validate:"omitempty,number,gt=0"`
+	LocationId      uint   `query:"location_id" validate:"omitempty,number,gt=0"`
+	Period          int    `query:"period" validate:"omitempty,number,gt=0"`
+	Category        string `query:"category" validate:"omitempty"`
+	KandangIds      []uint `query:"kandang_id" validate:"omitempty,dive,gt=0"`
+	TransferContext string `query:"transfer_context" validate:"omitempty,oneof=transfer_to_laying"`
 }

 type Approve struct {
@@ -108,6 +108,13 @@ func (s recordingService) GetAll(c *fiber.Ctx, params *validation.Query) ([]enti
 		return nil, 0, err
 	}

+	var scopeErr error
+	if params.ProjectFlockKandangId != 0 {
+		if err := m.EnsureProjectFlockKandangAccess(c, s.Repository.DB(), 0, params.ProjectFlockKandangId); err != nil {
+			return nil, 0, err
+		}
+	}
+
 	limit := params.Limit
 	if limit == 0 {
 		limit = 10
@@ -120,6 +127,10 @@ func (s recordingService) GetAll(c *fiber.Ctx, params *validation.Query) ([]enti

 	recordings, total, err := s.Repository.GetAll(c.Context(), offset, limit, func(db *gorm.DB) *gorm.DB {
 		db = s.Repository.WithRelations(db)
+		db = db.
+			Joins("JOIN project_flock_kandangs pfk ON pfk.id = recordings.project_flock_kandangs_id").
+			Joins("JOIN project_flocks pf ON pf.id = pfk.project_flock_id")
+		db, scopeErr = m.ApplyLocationScope(c, db, "pf.location_id")
 		if params.ProjectFlockKandangId != 0 {
 			db = db.Where("project_flock_kandangs_id = ?", params.ProjectFlockKandangId)
 		}
@@ -127,6 +138,9 @@ func (s recordingService) GetAll(c *fiber.Ctx, params *validation.Query) ([]enti
 		return db.Order("recordings.record_datetime DESC").Order("recordings.created_at DESC")
 	})

+	if scopeErr != nil {
+		return nil, 0, scopeErr
+	}
 	if err != nil {
 		s.Log.Errorf("Failed to get recordings: %+v", err)
 		return nil, 0, err
@@ -141,6 +155,10 @@ func (s recordingService) GetAll(c *fiber.Ctx, params *validation.Query) ([]enti
 }

 func (s recordingService) GetOne(c *fiber.Ctx, id uint) (*entity.Recording, error) {
+	if err := m.EnsureRecordingAccess(c, s.Repository.DB(), id); err != nil {
+		return nil, err
+	}
+
 	recording, err := s.Repository.GetByID(c.Context(), id, func(db *gorm.DB) *gorm.DB {
 		return s.Repository.WithRelations(db)
 	})
@@ -164,6 +182,9 @@ func (s recordingService) GetNextDay(c *fiber.Ctx, projectFlockKandangId uint, r
 	if projectFlockKandangId == 0 {
 		return 0, fiber.NewError(fiber.StatusBadRequest, "project_flock_kandang_id is required")
 	}
+	if err := m.EnsureProjectFlockKandangAccess(c, s.Repository.DB(), 0, projectFlockKandangId); err != nil {
+		return 0, err
+	}

 	if recordTime.IsZero() {
 		recordTime = time.Now().UTC()
@@ -181,6 +202,9 @@ func (s *recordingService) CreateOne(c *fiber.Ctx, req *validation.Create) (*ent
 	if err := s.Validate.Struct(req); err != nil {
 		return nil, err
 	}
+	if err := m.EnsureProjectFlockKandangAccess(c, s.Repository.DB(), 0, req.ProjectFlockKandangId); err != nil {
+		return nil, err
+	}

 	ctx := c.Context()
 	recordTime := time.Now().UTC()
@@ -352,6 +376,9 @@ func (s recordingService) UpdateOne(c *fiber.Ctx, req *validation.Update, id uin
 	if err := s.Validate.Struct(req); err != nil {
 		return nil, err
 	}
+	if err := m.EnsureRecordingAccess(c, s.Repository.DB(), id); err != nil {
+		return nil, err
+	}

 	if req.Stocks == nil && req.Depletions == nil && req.Eggs == nil {
 		return s.GetOne(c, id)
@@ -633,6 +660,11 @@ func (s recordingService) Approval(c *fiber.Ctx, req *validation.Approve) ([]ent
 	if err := s.Validate.Struct(req); err != nil {
 		return nil, err
 	}
+	for _, id := range req.ApprovableIds {
+		if err := m.EnsureRecordingAccess(c, s.Repository.DB(), id); err != nil {
+			return nil, err
+		}
+	}

 	actionValue := strings.ToUpper(strings.TrimSpace(req.Action))
 	var action entity.ApprovalAction
@@ -710,6 +742,9 @@ func (s recordingService) Approval(c *fiber.Ctx, req *validation.Approve) ([]ent
 }

 func (s recordingService) DeleteOne(c *fiber.Ctx, id uint) error {
+	if err := m.EnsureRecordingAccess(c, s.Repository.DB(), id); err != nil {
+		return err
+	}
 	ctx := c.Context()
 	actorID, err := m.ActorIDFromContext(c)
 	if err != nil {
@@ -1445,6 +1480,7 @@ func ensureRecordingEggsUnused(eggs []entity.RecordingEgg) error {
 }

 func stocksMatch(existing []entity.RecordingStock, incoming []validation.Stock) bool {
+
 	existingUsage := make(map[uint]float64)
 	for _, stock := range existing {
 		var usage float64
@@ -52,6 +52,8 @@ type GetAllFilterParams struct {
 	FlockSource      []uint
 	FlockDestination []uint
 	Status           []string
+	LocationIDs      []uint
+	LocationRestrict bool
 }

 func (r *TransferLayingRepositoryImpl) GetAllWithFilters(ctx context.Context, offset int, limit int, params *GetAllFilterParams) ([]entity.LayingTransfer, int64, error) {
@@ -110,6 +112,25 @@ func (r *TransferLayingRepositoryImpl) GetAllWithFilters(ctx context.Context, of
 		}
 	}

+	if params.LocationRestrict {
+		if len(params.LocationIDs) == 0 {
+			q = q.Where("1 = 0")
+		} else {
+			q = q.Where(
+				`EXISTS (
+					SELECT 1 FROM project_flocks pf
+					WHERE pf.id = laying_transfers.from_project_flock_id
+						AND pf.location_id IN ?
+				) OR EXISTS (
+					SELECT 1 FROM project_flocks pf
+					WHERE pf.id = laying_transfers.to_project_flock_id
+						AND pf.location_id IN ?
+				)`,
+				params.LocationIDs, params.LocationIDs,
+			)
+		}
+	}
+
 	if err := q.Count(&total).Error; err != nil {
 		return nil, 0, err
 	}
@@ -107,6 +107,11 @@ func (s transferLayingService) GetAll(c *fiber.Ctx, params *validation.Query) ([
 		return nil, 0, err
 	}

+	scope, err := m.ResolveLocationScope(c, s.Repository.DB())
+	if err != nil {
+		return nil, 0, err
+	}
+
 	offset := (params.Page - 1) * params.Limit

 	filterParams := &repository.GetAllFilterParams{
@@ -116,6 +121,8 @@ func (s transferLayingService) GetAll(c *fiber.Ctx, params *validation.Query) ([
 		FlockSource:      params.FlockSource,
 		FlockDestination: params.FlockDestination,
 		Status:           params.Status,
+		LocationIDs:      scope.IDs,
+		LocationRestrict: scope.Restrict,
 	}

 	transferLayings, total, err := s.Repository.GetAllWithFilters(c.Context(), offset, params.Limit, filterParams)
@@ -124,11 +131,6 @@ func (s transferLayingService) GetAll(c *fiber.Ctx, params *validation.Query) ([
 		return nil, 0, err
 	}

-	if err != nil {
-		s.Log.Errorf("Failed to get transferLayings: %+v", err)
-		return nil, 0, err
-	}
-
 	approvalRepo := commonRepo.NewApprovalRepository(s.Repository.DB())
 	for i, transfer := range transferLayings {
 		latestApproval, err := approvalRepo.LatestByTarget(c.Context(), string(utils.ApprovalWorkflowTransferToLaying), transfer.Id, func(db *gorm.DB) *gorm.DB {
@@ -168,6 +170,11 @@ func (s *transferLayingService) CreateOne(c *fiber.Ctx, req *validation.Create)
 	if err := s.Validate.Struct(req); err != nil {
 		return nil, err
 	}
+	if !m.HasPermission(c, m.P_TransferToLaying_CreateOne) {
+		if err := m.EnsureProjectFlockAccess(c, s.Repository.DB(), req.TargetProjectFlockId); err != nil {
+			return nil, err
+		}
+	}

 	actorID, err := m.ActorIDFromContext(c)
 	if err != nil {
@@ -396,6 +403,11 @@ func (s *transferLayingService) UpdateOne(c *fiber.Ctx, req *validation.Update,
 	if err := s.Validate.Struct(req); err != nil {
 		return nil, err
 	}
+	if !m.HasPermission(c, m.P_TransferToLaying_UpdateOne) {
+		if err := m.EnsureProjectFlockAccess(c, s.Repository.DB(), req.TargetProjectFlockId); err != nil {
+			return nil, err
+		}
+	}

 	existingTransfer, err := s.Repository.GetByID(c.Context(), id, func(db *gorm.DB) *gorm.DB {
 		return db.Preload("Sources.ProductWarehouse").Preload("Targets")
@@ -571,6 +583,9 @@ func (s *transferLayingService) UpdateOne(c *fiber.Ctx, req *validation.Update,
 }

 func (s transferLayingService) DeleteOne(c *fiber.Ctx, id uint) error {
+	if err := m.EnsureLayingTransferAccess(c, s.Repository.DB(), id); err != nil {
+		return err
+	}

 	_, err := s.Repository.GetByID(c.Context(), id, func(db *gorm.DB) *gorm.DB {
 		return db.Preload("Sources.ProductWarehouse").Preload("Targets")
@@ -641,6 +656,12 @@ func (s transferLayingService) Approval(c *fiber.Ctx, req *validation.Approve) (
 		return nil, fiber.NewError(fiber.StatusBadRequest, "approvable_ids must contain at least one id")
 	}

+	for _, approvableID := range approvableIDs {
+		if err := m.EnsureLayingTransferAccess(c, s.Repository.DB(), approvableID); err != nil {
+			return nil, err
+		}
+	}
+
 	step := utils.TransferToLayingStepPengajuan
 	if action == entity.ApprovalActionApproved {
 		step = utils.TransferToLayingStepDisetujui
@@ -12,7 +12,7 @@ import (

 type UniformityRepository interface {
 	repository.BaseRepository[entity.ProjectFlockKandangUniformity]
-	GetAllWithFilters(ctx context.Context, offset, limit int, params *validation.Query) ([]entity.ProjectFlockKandangUniformity, int64, error)
+	GetAllWithFilters(ctx context.Context, offset, limit int, params *validation.Query, modifiers ...func(*gorm.DB) *gorm.DB) ([]entity.ProjectFlockKandangUniformity, int64, error)
 	WithDefaultRelations() func(*gorm.DB) *gorm.DB
 	DeleteByProjectFlockKandangIDs(ctx context.Context, projectFlockKandangIDs []uint) error
 }
@@ -27,9 +27,15 @@ func NewUniformityRepository(db *gorm.DB) UniformityRepository {
 	}
 }

-func (r *UniformityRepositoryImpl) GetAllWithFilters(ctx context.Context, offset, limit int, params *validation.Query) ([]entity.ProjectFlockKandangUniformity, int64, error) {
+func (r *UniformityRepositoryImpl) GetAllWithFilters(ctx context.Context, offset, limit int, params *validation.Query, modifiers ...func(*gorm.DB) *gorm.DB) ([]entity.ProjectFlockKandangUniformity, int64, error) {
 	return r.GetAll(ctx, offset, limit, func(db *gorm.DB) *gorm.DB {
-		return r.applyQueryFilters(r.WithDefaultRelations()(db), params)
+		db = r.applyQueryFilters(r.WithDefaultRelations()(db), params)
+		for _, modifier := range modifiers {
+			if modifier != nil {
+				db = modifier(db)
+			}
+		}
+		return db
 	})
 }

@@ -87,9 +87,20 @@ func (s uniformityService) GetAll(c *fiber.Ctx, params *validation.Query) ([]ent
 		return nil, 0, err
 	}

-	offset := (params.Page - 1) * params.Limit
-	uniformitys, total, err := s.Repository.GetAllWithFilters(c.Context(), offset, params.Limit, params)
+	var scopeErr error

+	offset := (params.Page - 1) * params.Limit
+	uniformitys, total, err := s.Repository.GetAllWithFilters(c.Context(), offset, params.Limit, params, func(db *gorm.DB) *gorm.DB {
+		db = db.
+			Joins("JOIN project_flock_kandangs pfk ON pfk.id = project_flock_kandang_uniformity.project_flock_kandang_id").
+			Joins("JOIN project_flocks pf ON pf.id = pfk.project_flock_id")
+		db, scopeErr = m.ApplyLocationScope(c, db, "pf.location_id")
+		return db
+	})
+
+	if scopeErr != nil {
+		return nil, 0, scopeErr
+	}
 	if err != nil {
 		s.Log.Errorf("Failed to get uniformitys: %+v", err)
 		return nil, 0, err
@@ -101,6 +112,10 @@ func (s uniformityService) GetAll(c *fiber.Ctx, params *validation.Query) ([]ent
 }

 func (s uniformityService) GetOne(c *fiber.Ctx, id uint) (*entity.ProjectFlockKandangUniformity, error) {
+	if err := m.EnsureUniformityAccess(c, s.Repository.DB(), id); err != nil {
+		return nil, err
+	}
+
 	uniformity, err := s.Repository.GetByID(c.Context(), id, s.Repository.WithDefaultRelations())
 	if errors.Is(err, gorm.ErrRecordNotFound) {
 		return nil, fiber.NewError(fiber.StatusNotFound, "Uniformity not found")
@@ -326,6 +341,9 @@ func (s *uniformityService) CreateOne(c *fiber.Ctx, req *validation.Create, file
 	if err := s.Validate.Struct(req); err != nil {
 		return nil, err
 	}
+	if err := m.EnsureProjectFlockKandangAccess(c, s.Repository.DB(), 0, req.ProjectFlockKandangId); err != nil {
+		return nil, err
+	}
 	if s.ProjectFlockKandangRepo == nil {
 		return nil, fiber.NewError(fiber.StatusInternalServerError, "Project flock kandang repository not available")
 	}
@@ -484,6 +502,9 @@ func (s uniformityService) UpdateOne(c *fiber.Ctx, req *validation.Update, id ui
 	if err := s.Validate.Struct(req); err != nil {
 		return nil, err
 	}
+	if err := m.EnsureUniformityAccess(c, s.Repository.DB(), id); err != nil {
+		return nil, err
+	}

 	updateBody := make(map[string]any)
 	var uniformDate *time.Time
@@ -699,6 +720,10 @@ func (s *uniformityService) ensureUniqueUniformity(ctx context.Context, id uint,
 }

 func (s uniformityService) DeleteOne(c *fiber.Ctx, id uint) error {
+	if err := m.EnsureUniformityAccess(c, s.Repository.DB(), id); err != nil {
+		return err
+	}
+
 	if err := s.Repository.DeleteOne(c.Context(), id); err != nil {
 		if errors.Is(err, gorm.ErrRecordNotFound) {
 			return fiber.NewError(fiber.StatusNotFound, "Uniformity not found")
@@ -729,6 +754,11 @@ func (s uniformityService) Approval(c *fiber.Ctx, req *validation.Approve) ([]en
 	if len(ids) == 0 {
 		return nil, fiber.NewError(fiber.StatusBadRequest, "approvable_ids must contain at least one id")
 	}
+	for _, id := range ids {
+		if err := m.EnsureUniformityAccess(c, s.Repository.DB(), id); err != nil {
+			return nil, err
+		}
+	}

 	step := utils.UniformityStepPengajuan
 	if action == entity.ApprovalActionApproved {