[FIX/BE-US] changes role to user and query

internal/middleware/auth.go

@@ -24,6 +24,10 @@ type AuthContext struct {
 	User         *entity.User
 	Roles        []sso.Role
 	Permissions  map[string]struct{}
+	UserAreaIDs     []uint
+	UserLocationIDs []uint
+	UserAllArea     bool
+	UserAllLocation bool
 }
 
 // Auth validates the incoming request against the central SSO access token and
@@ -67,15 +71,19 @@ func Auth(userService service.UserService, requiredScopes ...string) fiber.Handl
 
 		var roles []sso.Role
 		permissions := make(map[string]struct{})
+		var profile *sso.UserProfile
 		if verification.UserID != 0 {
-			if profile, err := sso.FetchProfile(c.Context(), token, verification); err != nil {
+			if p, err := sso.FetchProfile(c.Context(), token, verification); err != nil {
 				utils.Log.WithError(err).Warn("auth: failed to fetch sso profile")
-			} else if profile != nil {
-				roles = profile.Roles
-				for _, perm := range profile.PermissionNames() {
-					if perm != "" {
-						permissions[perm] = struct{}{}
-					}
+			} else {
+				profile = p
+			}
+		}
+		if profile != nil {
+			roles = profile.Roles
+			for _, perm := range profile.PermissionNames() {
+				if perm != "" {
+					permissions[perm] = struct{}{}
 				}
 			}
 		}
@@ -86,6 +94,16 @@ func Auth(userService service.UserService, requiredScopes ...string) fiber.Handl
 			User:         user,
 			Roles:        roles,
 			Permissions:  permissions,
+			UserAreaIDs:     nil,
+			UserLocationIDs: nil,
+			UserAllArea:     false,
+			UserAllLocation: false,
+		}
+		if profile != nil {
+			ctx.UserAreaIDs = profile.AreaIDs
+			ctx.UserLocationIDs = profile.LocationIDs
+			ctx.UserAllArea = profile.AllArea
+			ctx.UserAllLocation = profile.AllLocation
 		}
 
 		c.Locals(authContextLocalsKey, ctx)