From e6094528b569bf9600e74f536d2a130e0840fe68 Mon Sep 17 00:00:00 2001 From: ragilap Date: Mon, 8 Dec 2025 17:30:11 +0700 Subject: [PATCH 1/4] add project flock middleware --- internal/middleware/auth.go | 73 ++++++++++++++- internal/middleware/permissions.go | 91 +++++-------------- .../project-flock-kandangs/route.go | 4 +- .../production/project_flocks/route.go | 18 ++-- internal/modules/users/route.go | 8 +- 5 files changed, 106 insertions(+), 88 deletions(-) diff --git a/internal/middleware/auth.go b/internal/middleware/auth.go index 881c3a67..cf5ce1f3 100644 --- a/internal/middleware/auth.go +++ b/internal/middleware/auth.go @@ -3,14 +3,13 @@ package middleware import ( "strings" - "gitlab.com/mbugroup/lti-api.git/internal/config" + "github.com/gofiber/fiber/v2" entity "gitlab.com/mbugroup/lti-api.git/internal/entities" "gitlab.com/mbugroup/lti-api.git/internal/modules/sso/session" service "gitlab.com/mbugroup/lti-api.git/internal/modules/users/services" "gitlab.com/mbugroup/lti-api.git/internal/sso" "gitlab.com/mbugroup/lti-api.git/internal/utils" - - "github.com/gofiber/fiber/v2" + "gitlab.com/mbugroup/lti-api.git/internal/config" ) const ( @@ -199,3 +198,71 @@ func hasAllScopes(have, required []string) bool { } return true } + +// RequirePermissions ensures the authenticated user possesses all specified permissions. +func RequirePermissions(perms ...string) fiber.Handler { + required := canonicalPermissions(perms) + return func(c *fiber.Ctx) error { + if len(required) == 0 { + return c.Next() + } + + ctx, ok := AuthDetails(c) + if !ok || ctx == nil { + return fiber.NewError(fiber.StatusUnauthorized, "Please authenticate") + } + + userPerms := ctx.permissionSet() + if len(userPerms) == 0 { + return fiber.NewError(fiber.StatusForbidden, "Insufficient permission") + } + + for _, perm := range required { + if _, has := userPerms[perm]; !has { + return fiber.NewError(fiber.StatusForbidden, "Insufficient permission") + } + } + + return c.Next() + } +} + +// HasPermission reports whether the current request context includes the given permission. +func HasPermission(c *fiber.Ctx, perm string) bool { + ctx, ok := AuthDetails(c) + if !ok || ctx == nil { + return false + } + perm = canonicalPermission(perm) + if perm == "" { + return false + } + _, has := ctx.permissionSet()[perm] + return has +} + +func (a *AuthContext) permissionSet() map[string]struct{} { + if a == nil || a.Permissions == nil { + return nil + } + return a.Permissions +} + +func canonicalPermissions(perms []string) []string { + out := make([]string, 0, len(perms)) + seen := make(map[string]struct{}, len(perms)) + for _, perm := range perms { + if canonical := canonicalPermission(perm); canonical != "" { + if _, ok := seen[canonical]; ok { + continue + } + seen[canonical] = struct{}{} + out = append(out, canonical) + } + } + return out +} + +func canonicalPermission(perm string) string { + return strings.ToLower(strings.TrimSpace(perm)) +} \ No newline at end of file diff --git a/internal/middleware/permissions.go b/internal/middleware/permissions.go index 3ebe6866..37e26b47 100644 --- a/internal/middleware/permissions.go +++ b/internal/middleware/permissions.go @@ -1,75 +1,26 @@ package middleware -import ( - "strings" +//project-flock +const ( + P_ProjectFlockKandangsClosing = "lti.production.project_flock_kandangs.closing" + P_ProjectFlockKandangsGetAll = "lti.production.project_flock_kandangs.list" + P_ProjectFlockKandangsGetOne = "lti.production.project_flock_kandangs.detail" - "github.com/gofiber/fiber/v2" + P_ProjectFlockGetAll = "lti.production.project_flocks.list" + P_ProjectFlockCreate = "lti.production.project_flocks.create" + P_ProjectFlockGetOne = "lti.production.project_flocks.detail" + P_ProjectFlockUpdate = "lti.production.project_flocks.update" + P_ProjectFlockDelete = "lti.production.project_flocks.delete" + P_ProjectFlockApprove = "lti.production.project_flocks.approve" + P_ProjectFlockLookup = "lti.production.project_flocks.lookup" + P_ProjectFlockNextPeriod = "lti.production.project_flocks.next_period" + P_ProjectFlockResubmit = "lti.production.project_flocks.resubmit" ) -// RequirePermissions ensures the authenticated user possesses all specified permissions. -func RequirePermissions(perms ...string) fiber.Handler { - required := canonicalPermissions(perms) - return func(c *fiber.Ctx) error { - if len(required) == 0 { - return c.Next() - } - - ctx, ok := AuthDetails(c) - if !ok || ctx == nil { - return fiber.NewError(fiber.StatusUnauthorized, "Please authenticate") - } - - userPerms := ctx.permissionSet() - if len(userPerms) == 0 { - return fiber.NewError(fiber.StatusForbidden, "Insufficient permission") - } - - for _, perm := range required { - if _, has := userPerms[perm]; !has { - return fiber.NewError(fiber.StatusForbidden, "Insufficient permission") - } - } - - return c.Next() - } -} - -// HasPermission reports whether the current request context includes the given permission. -func HasPermission(c *fiber.Ctx, perm string) bool { - ctx, ok := AuthDetails(c) - if !ok || ctx == nil { - return false - } - perm = canonicalPermission(perm) - if perm == "" { - return false - } - _, has := ctx.permissionSet()[perm] - return has -} - -func (a *AuthContext) permissionSet() map[string]struct{} { - if a == nil || a.Permissions == nil { - return nil - } - return a.Permissions -} - -func canonicalPermissions(perms []string) []string { - out := make([]string, 0, len(perms)) - seen := make(map[string]struct{}, len(perms)) - for _, perm := range perms { - if canonical := canonicalPermission(perm); canonical != "" { - if _, ok := seen[canonical]; ok { - continue - } - seen[canonical] = struct{}{} - out = append(out, canonical) - } - } - return out -} - -func canonicalPermission(perm string) string { - return strings.ToLower(strings.TrimSpace(perm)) -} +//recording +const ( + PermissionRecordingRead = "recording.index" + PermissionRecordingCreate = "recording.create" + PermissionRecordingUpdate = "recording.update" + PermissionRecordingDelete = "recording.delete" +) \ No newline at end of file diff --git a/internal/modules/production/project-flock-kandangs/route.go b/internal/modules/production/project-flock-kandangs/route.go index 7bab770e..d4dfec30 100644 --- a/internal/modules/production/project-flock-kandangs/route.go +++ b/internal/modules/production/project-flock-kandangs/route.go @@ -20,7 +20,7 @@ func ProjectFlockKandangRoutes(v1 fiber.Router, u user.UserService, s projectFlo // route.Patch("/:id", m.Auth(u), ctrl.UpdateOne) // route.Delete("/:id", m.Auth(u), ctrl.DeleteOne) - route.Get("/", ctrl.GetAll) - route.Get("/:id", ctrl.GetOne) + route.Get("/",m.RequirePermissions(m.P_ProjectFlockKandangsGetAll), ctrl.GetAll) + route.Get("/:id",m.RequirePermissions(m.P_ProjectFlockKandangsGetOne), ctrl.GetOne) } diff --git a/internal/modules/production/project_flocks/route.go b/internal/modules/production/project_flocks/route.go index 710f5225..a962fd56 100644 --- a/internal/modules/production/project_flocks/route.go +++ b/internal/modules/production/project_flocks/route.go @@ -15,14 +15,14 @@ func ProjectflockRoutes(v1 fiber.Router, u user.UserService, s projectflock.Proj route := v1.Group("/project-flocks") route.Use(m.Auth(u)) - route.Get("/", ctrl.GetAll) - route.Post("/", ctrl.CreateOne) - route.Get("/:id", ctrl.GetOne) - route.Patch("/:id", ctrl.UpdateOne) - route.Delete("/:id", ctrl.DeleteOne) - route.Get("/kandangs/lookup", ctrl.LookupProjectFlockKandang) - route.Post("/approvals", ctrl.Approval) - route.Get("/locations/:location_id/periods", ctrl.GetPeriodSummary) - route.Put("/:id/resubmit", ctrl.Resubmit) + route.Get("/",m.RequirePermissions(m.P_ProjectFlockGetAll),ctrl.GetAll) + route.Post("/",m.RequirePermissions(m.P_ProjectFlockCreate), ctrl.CreateOne) + route.Get("/:id",m.RequirePermissions(m.P_ProjectFlockGetOne), ctrl.GetOne) + route.Patch("/:id",m.RequirePermissions(m.P_ProjectFlockUpdate), ctrl.UpdateOne) + route.Delete("/:id",m.RequirePermissions(m.P_ProjectFlockGetAll), ctrl.DeleteOne) + route.Get("/kandangs/lookup",m.RequirePermissions(m.P_ProjectFlockLookup), ctrl.LookupProjectFlockKandang) + route.Post("/approvals",m.RequirePermissions(m.P_ProjectFlockApprove), ctrl.Approval) + route.Get("/locations/:location_id/periods",m.RequirePermissions(m.P_ProjectFlockNextPeriod), ctrl.GetPeriodSummary) + route.Put("/:id/resubmit",m.RequirePermissions(m.P_ProjectFlockResubmit), ctrl.Resubmit) } diff --git a/internal/modules/users/route.go b/internal/modules/users/route.go index 9ba6bfb3..1093312f 100644 --- a/internal/modules/users/route.go +++ b/internal/modules/users/route.go @@ -3,7 +3,7 @@ package users import ( "github.com/gofiber/fiber/v2" - "gitlab.com/mbugroup/lti-api.git/internal/middleware" + m "gitlab.com/mbugroup/lti-api.git/internal/middleware" controller "gitlab.com/mbugroup/lti-api.git/internal/modules/users/controllers" user "gitlab.com/mbugroup/lti-api.git/internal/modules/users/services" ) @@ -12,11 +12,11 @@ func UserRoutes(v1 fiber.Router, s user.UserService) { ctrl := controller.NewUserController(s) route := v1.Group("/users") - route.Use(middleware.Auth(s)) + route.Use(m.Auth(s)) - route.Get("/", ctrl.GetAll) + route.Get("/", m.RequirePermissions("lti.users.list"), ctrl.GetAll) // route.Post("/", ctrl.CreateOne) - route.Get("/:id", ctrl.GetOne) + route.Get("/:id", m.RequirePermissions("lti.users.detail"), ctrl.GetOne) // route.Patch("/:id", ctrl.UpdateOne) // route.Delete("/:id", ctrl.DeleteOne) } From 2effa0864880504dd1c69a8cd662757fba455bd2 Mon Sep 17 00:00:00 2001 From: ragilap Date: Wed, 10 Dec 2025 08:53:09 +0700 Subject: [PATCH 2/4] feat/BE/US-304/TASK-307,306-adjustment middleware check if user have permission,create all permission in modules lti --- internal/middleware/permissions.go | 165 +++++++++++++++++- internal/modules/approvals/route.go | 2 +- internal/modules/closings/route.go | 10 +- internal/modules/constants/route.go | 1 - internal/modules/expenses/route.go | 24 +-- .../modules/inventory/adjustments/route.go | 10 +- .../modules/inventory/product-stocks/route.go | 8 +- .../inventory/product-warehouses/route.go | 4 +- internal/modules/inventory/transfers/route.go | 6 +- .../marketing/delivery-orderss/route.go | 11 +- .../modules/marketing/sales-orders/route.go | 11 +- internal/modules/master/areas/route.go | 10 +- internal/modules/master/banks/route.go | 11 +- internal/modules/master/customers/route.go | 10 +- internal/modules/master/fcrs/route.go | 10 +- internal/modules/master/flocks/route.go | 10 +- internal/modules/master/kandangs/route.go | 10 +- internal/modules/master/locations/route.go | 10 +- internal/modules/master/nonstocks/route.go | 10 +- .../master/product-categories/route.go | 10 +- internal/modules/master/products/route.go | 10 +- internal/modules/master/suppliers/route.go | 10 +- internal/modules/master/uoms/route.go | 6 + internal/modules/master/warehouses/route.go | 10 +- internal/modules/production/chickins/route.go | 6 +- .../project-flock-kandangs/route.go | 6 - .../modules/production/recordings/route.go | 14 +- internal/modules/purchases/route.go | 16 +- internal/modules/users/route.go | 4 +- 29 files changed, 289 insertions(+), 136 deletions(-) diff --git a/internal/middleware/permissions.go b/internal/middleware/permissions.go index 37e26b47..0734b035 100644 --- a/internal/middleware/permissions.go +++ b/internal/middleware/permissions.go @@ -17,10 +17,167 @@ const ( P_ProjectFlockResubmit = "lti.production.project_flocks.resubmit" ) +const( + P_ExpenseGetAll= "lti.expense.list" + P_ExpenseCreateOne= "lti.expense.create" + P_ExpenseUpdateOne= "lti.expense.update" + P_ExpenseGetOne= "lti.expense.detail" + P_ExpenseDeleteOne= "lti.expense.delete" + P_ExpenseApprovalManager= "lti.expense.approve.manager" + P_ExpenseApprovalFinance= "lti.expense.approve.finance" + P_ExpenseCreateRealizations= "lti.expense.create.realization" + P_ExpenseUpdateRealizations= "lti.expense.update.realization" + P_ExpenseCompleteExpense= "lti.expense.complete.expense" + P_ExpenseDocument= "lti.expense.document" + P_ExpenseDocumentRealizations= "lti.expense.document.realization" +) +const( + P_AdjustmentGetAll="lti.inventory.list" + P_AdjustmentCreate="lti.inventory.create" + P_AdjustmentGetOne="lti.inventory.detail" +) +const( + P_ApprovalGetAll = "lti.approval.list" +) + +const( + P_ClosingGetAll = "lti.closing.list" + P_ClosingPenjualan = "lti.closing.penjualan" + P_ClosingGetSummary = "lti.closing.getsummary" + P_ProductStockGetAll = "lti.inventory.product_stock.list" + P_ProductStockGetOne = "lti.inventory.product_stock.detail" + P_ProductWarehousekGetAll = "lti.inventory.product_warehouses.list" + P_ProductWarehouseGetOne = "lti.inventory.product_warehouses.detail" +) + +const( + P_TransferGetAll = "lti.inventory.transfer.list" + P_TransferGetOne = "lti.inventory.transfer.detail" + P_TransferCreateOne = "lti.inventory.transfer.create" +) + +const( + P_DeliveryGetAll = "lti.marketing.delivery_order.list" + P_DeliveryGetOne = "lti.marketing.delivery_order.detail" + P_DeliveryCreateOne = "lti.marketing.delivery_order.create" + P_DeliveryUpdateOne = "lti.marketing.delivery_order.update" + P_SalesOrderDelete = "lti.marketing.sales_order.delete" + P_SalesOrderApproval = "lti.marketing.sales_order.approve" + P_SalesOrderCreateOne = "lti.marketing.sales_order.create" + P_SalesOrderUpdateOne = "lti.marketing.sales_order.update" +) + +const( + P_AreaGetAll = "lti.master.area.list" + P_AreaGetOne = "lti.master.area.detail" + P_AreaCreateOne = "lti.master.area.create" + P_AreaUpdateOne = "lti.master.area.update" + P_AreaDeleteOne = "lti.master.area.delete" + + P_BanksGetAll = "lti.master.banks.list" + P_BanksGetOne = "lti.master.banks.detail" + P_BanksCreateOne = "lti.master.banks.create" + P_BanksUpdateOne = "lti.master.banks.update" + P_BanksDeleteOne = "lti.master.banks.delete" + + P_CustomerGetAll = "lti.master.customer.list" + P_CustomerGetOne = "lti.master.customer.detail" + P_CustomerCreateOne = "lti.master.customer.create" + P_CustomerUpdateOne = "lti.master.customer.update" + P_CustomerDeleteOne = "lti.master.customer.delete" + + P_FcrGetAll = "lti.master.fcr.list" + P_FcrGetOne = "lti.master.fcr.detail" + P_FcrCreateOne = "lti.master.fcr.create" + P_FcrUpdateOne = "lti.master.fcr.update" + P_FcrDeleteOne = "lti.master.fcr.delete" + + P_FlocksGetAll = "lti.master.flocks.list" + P_FlocksGetOne = "lti.master.flocks.detail" + P_FlocksCreateOne = "lti.master.flocks.create" + P_FlocksUpdateOne = "lti.master.flocks.update" + P_FlocksDeleteOne = "lti.master.flocks.delete" + + P_KandangsGetAll = "lti.master.kandangs.list" + P_KandangsGetOne = "lti.master.kandangs.detail" + P_KandangsCreateOne = "lti.master.kandangs.create" + P_KandangsUpdateOne = "lti.master.kandangs.update" + P_KandangsDeleteOne = "lti.master.kandangs.delete" + + P_LocationsGetAll = "lti.master.locations.list" + P_LocationsGetOne = "lti.master.locations.detail" + P_LocationsCreateOne = "lti.master.locations.create" + P_LocationsUpdateOne = "lti.master.locations.update" + P_LocationsDeleteOne = "lti.master.locations.delete" + + P_NonstocksGetAll = "lti.master.nonstocks.list" + P_NonstocksGetOne = "lti.master.nonstocks.detail" + P_NonstocksCreateOne = "lti.master.nonstocks.create" + P_NonstocksUpdateOne = "lti.master.nonstocks.update" + P_NonstocksDeleteOne = "lti.master.nonstocks.delete" + + P_ProductCategoriesGetAll = "lti.master.Product_categories.list" + P_ProductCategoriesGetOne = "lti.master.Product_categories.detail" + P_ProductCategoriesCreateOne = "lti.master.Product_categories.create" + P_ProductCategoriesUpdateOne = "lti.master.Product_categories.update" + P_ProductCategoriesDeleteOne = "lti.master.Product_categories.delete" + + P_ProductsGetAll = "lti.master.Products.list" + P_ProductsGetOne = "lti.master.Products.detail" + P_ProductsCreateOne = "lti.master.Products.create" + P_ProductsUpdateOne = "lti.master.Products.update" + P_ProductsDeleteOne = "lti.master.Products.delete" + + P_SuppliersGetAll = "lti.master.suppliers.list" + P_SuppliersGetOne = "lti.master.suppliers.detail" + P_SuppliersCreateOne = "lti.master.suppliers.create" + P_SuppliersUpdateOne = "lti.master.suppliers.update" + P_SuppliersDeleteOne = "lti.master.suppliers.delete" + + P_UomsGetAll = "lti.master.uoms.list" + P_UomsGetOne = "lti.master.uoms.detail" + P_UomsCreateOne = "lti.master.uoms.create" + P_UomsUpdateOne = "lti.master.uoms.update" + P_UomsDeleteOne = "lti.master.uoms.delete" + + P_WarehousesGetAll = "lti.master.warehouses.list" + P_WarehousesGetOne = "lti.master.warehouses.detail" + P_WarehousesCreateOne = "lti.master.warehouses.create" + P_WarehousesUpdateOne = "lti.master.warehouses.update" + P_WarehousesDeleteOne = "lti.master.warehouses.delete" + +) + + +const( + P_ChickinsCreateOne = "lti.production.chickins.create" + P_ChickinsGetOne = "lti.production.chickins.detail" + P_ChickinsApproval = "lti.production.chickins.approve" +) //recording const ( - PermissionRecordingRead = "recording.index" - PermissionRecordingCreate = "recording.create" - PermissionRecordingUpdate = "recording.update" - PermissionRecordingDelete = "recording.delete" + P_RecordingGetAll = "lti.production.recording.list" + P_RecordingGetOne = "lti.production.recording.detail" + P_RecordingCreateOne = "lti.production.recording.create" + P_RecordingUpdateOne = "lti.production.recording.update" + P_RecordingDeleteOne = "lti.production.recording.delete" + P_RecordingNextDay = "lti.production.recording.next_day" + P_RecordingApproval = "lti.production.recording.approve" +) + +const ( + P_PurchaseGetAll = "lti.Purchase.list" + P_PurchaseGetOne = "lti.Purchase.detail" + P_PurchaseCreateOne = "lti.Purchase.create" + P_PurchaseUpdateOne = "lti.Purchase.update" + P_PurchaseDeleteOne = "lti.Purchase.delete" + P_PurchaseItemDeleteOne = "lti.Purchase.delete.item" + P_PurchaseReceive = "lti.Purchase.receive" + P_PurchaseApprovalStaff = "lti.Purchase.approve.staff" + P_PurchaseApprovalManager = "lti.Purchase.approve.manager" +) + +const( + P_UserGetAll = "lti.users.list" + P_UserGetOne = "lti.users.detail" ) \ No newline at end of file diff --git a/internal/modules/approvals/route.go b/internal/modules/approvals/route.go index 5dd39616..cd479c03 100644 --- a/internal/modules/approvals/route.go +++ b/internal/modules/approvals/route.go @@ -15,5 +15,5 @@ func ApprovalRoutes(v1 fiber.Router, u user.UserService, s common.ApprovalServic route := v1.Group("/approvals") route.Use(m.Auth(u)) - route.Get("/", ctrl.GetAll) + route.Get("/", ctrl.GetAll,m.RequirePermissions(m.P_ApprovalGetAll)) } diff --git a/internal/modules/closings/route.go b/internal/modules/closings/route.go index ba18f3b9..059eb764 100644 --- a/internal/modules/closings/route.go +++ b/internal/modules/closings/route.go @@ -1,7 +1,7 @@ package closings import ( - // m "gitlab.com/mbugroup/lti-api.git/internal/middleware" + m "gitlab.com/mbugroup/lti-api.git/internal/middleware" controller "gitlab.com/mbugroup/lti-api.git/internal/modules/closings/controllers" closing "gitlab.com/mbugroup/lti-api.git/internal/modules/closings/services" user "gitlab.com/mbugroup/lti-api.git/internal/modules/users/services" @@ -13,14 +13,14 @@ func ClosingRoutes(v1 fiber.Router, u user.UserService, s closing.ClosingService ctrl := controller.NewClosingController(s) route := v1.Group("/closing") - + route.Use(m.Auth(u)) // route.Get("/", m.Auth(u), ctrl.GetAll) // route.Post("/", m.Auth(u), ctrl.CreateOne) // route.Get("/:id", m.Auth(u), ctrl.GetOne) // route.Patch("/:id", m.Auth(u), ctrl.UpdateOne) // route.Delete("/:id", m.Auth(u), ctrl.DeleteOne) - route.Get("/", ctrl.GetAll) - route.Get("/:project_flock_id/penjualan", ctrl.GetPenjualan) - route.Get("/:projectFlockId", ctrl.GetClosingSummary) + route.Get("/",m.RequirePermissions(m.P_ClosingGetAll), ctrl.GetAll) + route.Get("/:project_flock_id/penjualan",m.RequirePermissions(m.P_ClosingPenjualan), ctrl.GetPenjualan) + route.Get("/:projectFlockId",m.RequirePermissions(m.P_ClosingGetSummary), ctrl.GetClosingSummary) } diff --git a/internal/modules/constants/route.go b/internal/modules/constants/route.go index 1da14371..46def610 100644 --- a/internal/modules/constants/route.go +++ b/internal/modules/constants/route.go @@ -12,6 +12,5 @@ func ConstantRoutes(v1 fiber.Router, s constant.ConstantService) { ctrl := controller.NewConstantController(s) route := v1.Group("/constants") - route.Get("/", ctrl.GetAll) } diff --git a/internal/modules/expenses/route.go b/internal/modules/expenses/route.go index 1fc5c07a..fa3191fa 100644 --- a/internal/modules/expenses/route.go +++ b/internal/modules/expenses/route.go @@ -22,16 +22,16 @@ func ExpenseRoutes(v1 fiber.Router, u user.UserService, s expense.ExpenseService // route.Patch("/:id", m.Auth(u), ctrl.UpdateOne) // route.Delete("/:id", m.Auth(u), ctrl.DeleteOne) - route.Get("/", ctrl.GetAll) - route.Post("/", ctrl.CreateOne) - route.Get("/:id", ctrl.GetOne) - route.Patch("/:id", ctrl.UpdateOne) - route.Delete("/:id", ctrl.DeleteOne) - route.Post("/approvals/manager", ctrl.Approval) - route.Post("/approvals/finance", ctrl.Approval) - route.Post("/:id/realizations", ctrl.CreateRealization) - route.Patch("/:id/realizations", ctrl.UpdateRealization) - route.Post("/:id/complete", ctrl.CompleteExpense) - route.Delete("/:id/documents/:documentId", ctrl.DeleteDocument) - route.Delete("/:id/realization-documents/:documentId", ctrl.DeleteRealizationDocument) + route.Get("/",m.RequirePermissions(m.P_ExpenseGetAll), ctrl.GetAll) + route.Post("/",m.RequirePermissions(m.P_ExpenseCreateOne), ctrl.CreateOne) + route.Get("/:id",m.RequirePermissions(m.P_ExpenseGetOne), ctrl.GetOne) + route.Patch("/:id",m.RequirePermissions(m.P_ExpenseUpdateOne), ctrl.UpdateOne) + route.Delete("/:id",m.RequirePermissions(m.P_ExpenseDeleteOne), ctrl.DeleteOne) + route.Post("/approvals/manager",m.RequirePermissions(m.P_ExpenseApprovalManager), ctrl.Approval) + route.Post("/approvals/finance",m.RequirePermissions(m.P_ExpenseApprovalFinance), ctrl.Approval) + route.Post("/:id/realizations",m.RequirePermissions(m.P_ExpenseCreateRealizations), ctrl.CreateRealization) + route.Patch("/:id/realizations",m.RequirePermissions(m.P_ExpenseUpdateRealizations), ctrl.UpdateRealization) + route.Post("/:id/complete",m.RequirePermissions(m.P_ExpenseCompleteExpense), ctrl.CompleteExpense) + route.Delete("/:id/documents/:documentId",m.RequirePermissions(m.P_ExpenseDocument), ctrl.DeleteDocument) + route.Delete("/:id/realization-documents/:documentId",m.RequirePermissions(m.P_ExpenseDocumentRealizations), ctrl.DeleteRealizationDocument) } diff --git a/internal/modules/inventory/adjustments/route.go b/internal/modules/inventory/adjustments/route.go index 8f58bb4d..f99fe01e 100644 --- a/internal/modules/inventory/adjustments/route.go +++ b/internal/modules/inventory/adjustments/route.go @@ -1,7 +1,7 @@ package adjustments import ( - // m "gitlab.com/mbugroup/lti-api.git/internal/middleware" + m "gitlab.com/mbugroup/lti-api.git/internal/middleware" controller "gitlab.com/mbugroup/lti-api.git/internal/modules/inventory/adjustments/controllers" adjustment "gitlab.com/mbugroup/lti-api.git/internal/modules/inventory/adjustments/services" user "gitlab.com/mbugroup/lti-api.git/internal/modules/users/services" @@ -13,10 +13,10 @@ func AdjustmentRoutes(v1 fiber.Router, u user.UserService, s adjustment.Adjustme ctrl := controller.NewAdjustmentController(s) route := v1.Group("/adjustments") - + route.Use(m.Auth(u)) // Standard CRUD routes following master data pattern - route.Get("/", ctrl.AdjustmentHistory) // Get all with pagination and filters - route.Post("/", ctrl.Adjustment) // Create adjustment - route.Get("/:id", ctrl.GetOne) + route.Get("/",m.RequirePermissions(m.P_AdjustmentGetAll), ctrl.AdjustmentHistory) // Get all with pagination and filters + route.Post("/",m.RequirePermissions(m.P_AdjustmentCreate), ctrl.Adjustment) // Create adjustment + route.Get("/:id",m.RequirePermissions(m.P_AdjustmentGetOne), ctrl.GetOne) } diff --git a/internal/modules/inventory/product-stocks/route.go b/internal/modules/inventory/product-stocks/route.go index c7bb37f8..41714edc 100644 --- a/internal/modules/inventory/product-stocks/route.go +++ b/internal/modules/inventory/product-stocks/route.go @@ -1,7 +1,7 @@ package productStocks import ( - // m "gitlab.com/mbugroup/lti-api.git/internal/middleware" + m "gitlab.com/mbugroup/lti-api.git/internal/middleware" controller "gitlab.com/mbugroup/lti-api.git/internal/modules/inventory/product-stocks/controllers" productStock "gitlab.com/mbugroup/lti-api.git/internal/modules/inventory/product-stocks/services" user "gitlab.com/mbugroup/lti-api.git/internal/modules/users/services" @@ -13,13 +13,13 @@ func ProductStockRoutes(v1 fiber.Router, u user.UserService, s productStock.Prod ctrl := controller.NewProductStockController(s) route := v1.Group("/product-stocks") - +route.Use(m.Auth(u)) // route.Get("/", m.Auth(u), ctrl.GetAll) // route.Post("/", m.Auth(u), ctrl.CreateOne) // route.Get("/:id", m.Auth(u), ctrl.GetOne) // route.Patch("/:id", m.Auth(u), ctrl.UpdateOne) // route.Delete("/:id", m.Auth(u), ctrl.DeleteOne) - route.Get("/", ctrl.GetAll) - route.Get("/:id", ctrl.GetOne) + route.Get("/",m.RequirePermissions(m.P_ProductStockGetAll), ctrl.GetAll) + route.Get("/:id",m.RequirePermissions(m.P_ProductStockGetOne), ctrl.GetOne) } diff --git a/internal/modules/inventory/product-warehouses/route.go b/internal/modules/inventory/product-warehouses/route.go index 9c6c8e2b..81c06a08 100644 --- a/internal/modules/inventory/product-warehouses/route.go +++ b/internal/modules/inventory/product-warehouses/route.go @@ -15,7 +15,7 @@ func ProductWarehouseRoutes(v1 fiber.Router, u user.UserService, s productWareho route := v1.Group("/product-warehouses") route.Use(m.Auth(u)) - route.Get("/", ctrl.GetAll) - route.Get("/:id", ctrl.GetOne) + route.Get("/",m.RequirePermissions(m.P_ProductWarehousekGetAll), ctrl.GetAll) + route.Get("/:id",m.RequirePermissions(m.P_ProductWarehouseGetOne), ctrl.GetOne) } diff --git a/internal/modules/inventory/transfers/route.go b/internal/modules/inventory/transfers/route.go index f608af42..d24dbcb4 100644 --- a/internal/modules/inventory/transfers/route.go +++ b/internal/modules/inventory/transfers/route.go @@ -15,8 +15,8 @@ func TransferRoutes(v1 fiber.Router, u user.UserService, s transfer.TransferServ route := v1.Group("/transfers") route.Use(m.Auth(u)) - route.Get("/", ctrl.GetAll) - route.Post("/", ctrl.CreateOne) - route.Get("/:id", ctrl.GetOne) + route.Get("/",m.RequirePermissions(m.P_TransferGetAll), ctrl.GetAll) + route.Post("/",m.RequirePermissions(m.P_TransferCreateOne), ctrl.CreateOne) + route.Get("/:id",m.RequirePermissions(m.P_TransferGetOne), ctrl.GetOne) } diff --git a/internal/modules/marketing/delivery-orderss/route.go b/internal/modules/marketing/delivery-orderss/route.go index c83330da..f4c08457 100644 --- a/internal/modules/marketing/delivery-orderss/route.go +++ b/internal/modules/marketing/delivery-orderss/route.go @@ -11,13 +11,12 @@ import ( func DeliveryOrdersRoutes(v1 fiber.Router, u user.UserService, s deliveryOrders.DeliveryOrdersService) { ctrl := controller.NewDeliveryOrdersController(s) - - v1.Get("/", ctrl.GetAll) - v1.Get("/:id", ctrl.GetOne) + v1.Use(m.Auth(u)) + v1.Get("/",m.RequirePermissions(m.P_DeliveryGetAll), ctrl.GetAll) + v1.Get("/:id",m.RequirePermissions(m.P_DeliveryGetOne), ctrl.GetOne) // Sisanya di group /delivery-orders route := v1.Group("/delivery-orders") - route.Use(m.Auth(u)) // route.Get("/", m.Auth(u), ctrl.GetAll) // route.Post("/", m.Auth(u), ctrl.CreateOne) @@ -25,7 +24,7 @@ func DeliveryOrdersRoutes(v1 fiber.Router, u user.UserService, s deliveryOrders. // route.Patch("/:id", m.Auth(u), ctrl.UpdateOne) // route.Delete("/:id", m.Auth(u), ctrl.DeleteOne) - route.Post("/", ctrl.CreateOne) - route.Patch("/:id", ctrl.UpdateOne) + route.Post("/",m.RequirePermissions(m.P_DeliveryCreateOne), ctrl.CreateOne) + route.Patch("/:id",m.RequirePermissions(m.P_DeliveryUpdateOne), ctrl.UpdateOne) } diff --git a/internal/modules/marketing/sales-orders/route.go b/internal/modules/marketing/sales-orders/route.go index f87cea66..17249840 100644 --- a/internal/modules/marketing/sales-orders/route.go +++ b/internal/modules/marketing/sales-orders/route.go @@ -11,17 +11,16 @@ import ( func SalesOrdersRoutes(v1 fiber.Router, u user.UserService, s salesOrders.SalesOrdersService) { ctrl := controller.NewSalesOrdersController(s) - - v1.Delete("/:id", ctrl.DeleteOne) + v1.Use(m.Auth(u)) + v1.Delete("/:id",m.RequirePermissions(m.P_SalesOrderDelete), ctrl.DeleteOne) route := v1.Group("/sales-orders") - route.Use(m.Auth(u)) // route.Post("/", m.Auth(u), ctrl.CreateOne) // route.Patch("/:id", m.Auth(u), ctrl.UpdateOne) // route.Delete("/:id", m.Auth(u), ctrl.DeleteOne) - route.Post("/", ctrl.CreateOne) - route.Patch("/:id", ctrl.UpdateOne) + route.Post("/",m.RequirePermissions(m.P_SalesOrderCreateOne), ctrl.CreateOne) + route.Patch("/:id",m.RequirePermissions(m.P_SalesOrderUpdateOne), ctrl.UpdateOne) - route.Post("/approvals", ctrl.Approval) + route.Post("/approvals",m.RequirePermissions(m.P_SalesOrderApproval), ctrl.Approval) } diff --git a/internal/modules/master/areas/route.go b/internal/modules/master/areas/route.go index 755a542e..0d715fb7 100644 --- a/internal/modules/master/areas/route.go +++ b/internal/modules/master/areas/route.go @@ -15,9 +15,9 @@ func AreaRoutes(v1 fiber.Router, u user.UserService, s area.AreaService) { route := v1.Group("/areas") route.Use(m.Auth(u)) - route.Get("/", ctrl.GetAll) - route.Post("/", ctrl.CreateOne) - route.Get("/:id", ctrl.GetOne) - route.Patch("/:id", ctrl.UpdateOne) - route.Delete("/:id", ctrl.DeleteOne) + route.Get("/",m.RequirePermissions(m.P_AreaGetAll), ctrl.GetAll) + route.Post("/",m.RequirePermissions(m.P_AreaCreateOne), ctrl.CreateOne) + route.Get("/:id",m.RequirePermissions(m.P_AreaGetOne), ctrl.GetOne) + route.Patch("/:id",m.RequirePermissions(m.P_AreaUpdateOne), ctrl.UpdateOne) + route.Delete("/:id",m.RequirePermissions(m.P_AreaDeleteOne), ctrl.DeleteOne) } diff --git a/internal/modules/master/banks/route.go b/internal/modules/master/banks/route.go index 2e5bed3b..678a834c 100644 --- a/internal/modules/master/banks/route.go +++ b/internal/modules/master/banks/route.go @@ -14,10 +14,9 @@ func BankRoutes(v1 fiber.Router, u user.UserService, s bank.BankService) { route := v1.Group("/banks") route.Use(m.Auth(u)) - - route.Get("/", ctrl.GetAll) - route.Post("/", ctrl.CreateOne) - route.Get("/:id", ctrl.GetOne) - route.Patch("/:id", ctrl.UpdateOne) - route.Delete("/:id", ctrl.DeleteOne) + route.Get("/",m.RequirePermissions(m.P_BanksGetAll), ctrl.GetAll) + route.Post("/",m.RequirePermissions(m.P_BanksCreateOne), ctrl.CreateOne) + route.Get("/:id",m.RequirePermissions(m.P_BanksGetOne), ctrl.GetOne) + route.Patch("/:id",m.RequirePermissions(m.P_BanksUpdateOne), ctrl.UpdateOne) + route.Delete("/:id",m.RequirePermissions(m.P_BanksDeleteOne), ctrl.DeleteOne) } diff --git a/internal/modules/master/customers/route.go b/internal/modules/master/customers/route.go index d361e167..92f8139e 100644 --- a/internal/modules/master/customers/route.go +++ b/internal/modules/master/customers/route.go @@ -15,9 +15,9 @@ func CustomerRoutes(v1 fiber.Router, u user.UserService, s customer.CustomerServ route := v1.Group("/customers") route.Use(m.Auth(u)) - route.Get("/", ctrl.GetAll) - route.Post("/", ctrl.CreateOne) - route.Get("/:id", ctrl.GetOne) - route.Patch("/:id", ctrl.UpdateOne) - route.Delete("/:id", ctrl.DeleteOne) + route.Get("/",m.RequirePermissions(m.P_CustomerGetAll), ctrl.GetAll) + route.Post("/",m.RequirePermissions(m.P_CustomerCreateOne), ctrl.CreateOne) + route.Get("/:id",m.RequirePermissions(m.P_CustomerGetOne), ctrl.GetOne) + route.Patch("/:id",m.RequirePermissions(m.P_CustomerUpdateOne), ctrl.UpdateOne) + route.Delete("/:id",m.RequirePermissions(m.P_CustomerDeleteOne), ctrl.DeleteOne) } diff --git a/internal/modules/master/fcrs/route.go b/internal/modules/master/fcrs/route.go index 60633f16..06291ce4 100644 --- a/internal/modules/master/fcrs/route.go +++ b/internal/modules/master/fcrs/route.go @@ -15,9 +15,9 @@ func FcrRoutes(v1 fiber.Router, u user.UserService, s fcr.FcrService) { route := v1.Group("/fcrs") route.Use(m.Auth(u)) - route.Get("/", ctrl.GetAll) - route.Post("/", ctrl.CreateOne) - route.Get("/:id", ctrl.GetOne) - route.Patch("/:id", ctrl.UpdateOne) - route.Delete("/:id", ctrl.DeleteOne) + route.Get("/",m.RequirePermissions(m.P_FcrGetAll), ctrl.GetAll) + route.Post("/",m.RequirePermissions(m.P_FcrCreateOne), ctrl.CreateOne) + route.Get("/:id",m.RequirePermissions(m.P_FcrGetOne), ctrl.GetOne) + route.Patch("/:id",m.RequirePermissions(m.P_FcrUpdateOne), ctrl.UpdateOne) + route.Delete("/:id",m.RequirePermissions(m.P_FcrDeleteOne), ctrl.DeleteOne) } diff --git a/internal/modules/master/flocks/route.go b/internal/modules/master/flocks/route.go index 429d8dcd..046e014a 100644 --- a/internal/modules/master/flocks/route.go +++ b/internal/modules/master/flocks/route.go @@ -15,9 +15,9 @@ func FlockRoutes(v1 fiber.Router, u user.UserService, s flock.FlockService) { route := v1.Group("/flocks") route.Use(m.Auth(u)) - route.Get("/", ctrl.GetAll) - route.Post("/", ctrl.CreateOne) - route.Get("/:id", ctrl.GetOne) - route.Patch("/:id", ctrl.UpdateOne) - route.Delete("/:id", ctrl.DeleteOne) + route.Get("/",m.RequirePermissions(m.P_FlocksGetAll), ctrl.GetAll) + route.Post("/",m.RequirePermissions(m.P_FlocksCreateOne), ctrl.CreateOne) + route.Get("/:id",m.RequirePermissions(m.P_FlocksGetOne), ctrl.GetOne) + route.Patch("/:id",m.RequirePermissions(m.P_FlocksUpdateOne), ctrl.UpdateOne) + route.Delete("/:id",m.RequirePermissions(m.P_FlocksDeleteOne), ctrl.DeleteOne) } diff --git a/internal/modules/master/kandangs/route.go b/internal/modules/master/kandangs/route.go index 6a425b64..4cbf2793 100644 --- a/internal/modules/master/kandangs/route.go +++ b/internal/modules/master/kandangs/route.go @@ -15,9 +15,9 @@ func KandangRoutes(v1 fiber.Router, u user.UserService, s kandang.KandangService route := v1.Group("/kandangs") route.Use(m.Auth(u)) - route.Get("/", ctrl.GetAll) - route.Post("/", ctrl.CreateOne) - route.Get("/:id", ctrl.GetOne) - route.Patch("/:id", ctrl.UpdateOne) - route.Delete("/:id", ctrl.DeleteOne) + route.Get("/",m.RequirePermissions(m.P_KandangsGetAll), ctrl.GetAll) + route.Post("/",m.RequirePermissions(m.P_KandangsCreateOne), ctrl.CreateOne) + route.Get("/:id",m.RequirePermissions(m.P_KandangsGetOne), ctrl.GetOne) + route.Patch("/:id",m.RequirePermissions(m.P_KandangsUpdateOne), ctrl.UpdateOne) + route.Delete("/:id",m.RequirePermissions(m.P_KandangsDeleteOne), ctrl.DeleteOne) } diff --git a/internal/modules/master/locations/route.go b/internal/modules/master/locations/route.go index 68bce594..771e2d0d 100644 --- a/internal/modules/master/locations/route.go +++ b/internal/modules/master/locations/route.go @@ -15,9 +15,9 @@ func LocationRoutes(v1 fiber.Router, u user.UserService, s location.LocationServ route := v1.Group("/locations") route.Use(m.Auth(u)) - route.Get("/", ctrl.GetAll) - route.Post("/", ctrl.CreateOne) - route.Get("/:id", ctrl.GetOne) - route.Patch("/:id", ctrl.UpdateOne) - route.Delete("/:id", ctrl.DeleteOne) + route.Get("/",m.RequirePermissions(m.P_LocationsGetAll), ctrl.GetAll) + route.Post("/",m.RequirePermissions(m.P_LocationsCreateOne), ctrl.CreateOne) + route.Get("/:id",m.RequirePermissions(m.P_LocationsGetOne), ctrl.GetOne) + route.Patch("/:id",m.RequirePermissions(m.P_LocationsUpdateOne), ctrl.UpdateOne) + route.Delete("/:id",m.RequirePermissions(m.P_LocationsDeleteOne), ctrl.DeleteOne) } diff --git a/internal/modules/master/nonstocks/route.go b/internal/modules/master/nonstocks/route.go index 2aa7b838..6f2a2016 100644 --- a/internal/modules/master/nonstocks/route.go +++ b/internal/modules/master/nonstocks/route.go @@ -15,9 +15,9 @@ func NonstockRoutes(v1 fiber.Router, u user.UserService, s nonstock.NonstockServ route := v1.Group("/nonstocks") route.Use(m.Auth(u)) - route.Get("/", ctrl.GetAll) - route.Post("/", ctrl.CreateOne) - route.Get("/:id", ctrl.GetOne) - route.Patch("/:id", ctrl.UpdateOne) - route.Delete("/:id", ctrl.DeleteOne) + route.Get("/",m.RequirePermissions(m.P_NonstocksGetAll), ctrl.GetAll) + route.Post("/",m.RequirePermissions(m.P_NonstocksCreateOne), ctrl.CreateOne) + route.Get("/:id",m.RequirePermissions(m.P_NonstocksGetOne), ctrl.GetOne) + route.Patch("/:id",m.RequirePermissions(m.P_NonstocksUpdateOne), ctrl.UpdateOne) + route.Delete("/:id",m.RequirePermissions(m.P_NonstocksDeleteOne), ctrl.DeleteOne) } diff --git a/internal/modules/master/product-categories/route.go b/internal/modules/master/product-categories/route.go index 4a2262f9..1fa0532f 100644 --- a/internal/modules/master/product-categories/route.go +++ b/internal/modules/master/product-categories/route.go @@ -15,9 +15,9 @@ func ProductCategoryRoutes(v1 fiber.Router, u user.UserService, s productCategor route := v1.Group("/product-categories") route.Use(m.Auth(u)) - route.Get("/", ctrl.GetAll) - route.Post("/", ctrl.CreateOne) - route.Get("/:id", ctrl.GetOne) - route.Patch("/:id", ctrl.UpdateOne) - route.Delete("/:id", ctrl.DeleteOne) + route.Get("/",m.RequirePermissions(m.P_ProductCategoriesGetAll), ctrl.GetAll) + route.Post("/",m.RequirePermissions(m.P_ProductCategoriesCreateOne), ctrl.CreateOne) + route.Get("/:id",m.RequirePermissions(m.P_ProductCategoriesGetOne), ctrl.GetOne) + route.Patch("/:id",m.RequirePermissions(m.P_ProductCategoriesUpdateOne), ctrl.UpdateOne) + route.Delete("/:id",m.RequirePermissions(m.P_ProductCategoriesDeleteOne), ctrl.DeleteOne) } diff --git a/internal/modules/master/products/route.go b/internal/modules/master/products/route.go index 369d6ea8..04431bd4 100644 --- a/internal/modules/master/products/route.go +++ b/internal/modules/master/products/route.go @@ -15,9 +15,9 @@ func ProductRoutes(v1 fiber.Router, u user.UserService, s product.ProductService route := v1.Group("/products") route.Use(m.Auth(u)) - route.Get("/", ctrl.GetAll) - route.Post("/", ctrl.CreateOne) - route.Get("/:id", ctrl.GetOne) - route.Patch("/:id", ctrl.UpdateOne) - route.Delete("/:id", ctrl.DeleteOne) + route.Get("/",m.RequirePermissions(m.P_ProductsGetAll), ctrl.GetAll) + route.Post("/",m.RequirePermissions(m.P_ProductsCreateOne), ctrl.CreateOne) + route.Get("/:id",m.RequirePermissions(m.P_ProductsGetOne), ctrl.GetOne) + route.Patch("/:id",m.RequirePermissions(m.P_ProductsUpdateOne), ctrl.UpdateOne) + route.Delete("/:id",m.RequirePermissions(m.P_ProductsDeleteOne), ctrl.DeleteOne) } diff --git a/internal/modules/master/suppliers/route.go b/internal/modules/master/suppliers/route.go index 17271d4a..564ac725 100644 --- a/internal/modules/master/suppliers/route.go +++ b/internal/modules/master/suppliers/route.go @@ -15,9 +15,9 @@ func SupplierRoutes(v1 fiber.Router, u user.UserService, s supplier.SupplierServ route := v1.Group("/suppliers") route.Use(m.Auth(u)) - route.Get("/", ctrl.GetAll) - route.Post("/", ctrl.CreateOne) - route.Get("/:id", ctrl.GetOne) - route.Patch("/:id", ctrl.UpdateOne) - route.Delete("/:id", ctrl.DeleteOne) + route.Get("/",m.RequirePermissions(m.P_SuppliersGetAll), ctrl.GetAll) + route.Post("/",m.RequirePermissions(m.P_SuppliersCreateOne), ctrl.CreateOne) + route.Get("/:id",m.RequirePermissions(m.P_SuppliersGetOne), ctrl.GetOne) + route.Patch("/:id",m.RequirePermissions(m.P_SuppliersUpdateOne), ctrl.UpdateOne) + route.Delete("/:id",m.RequirePermissions(m.P_SuppliersDeleteOne), ctrl.DeleteOne) } diff --git a/internal/modules/master/uoms/route.go b/internal/modules/master/uoms/route.go index 53faa239..8ffbcb62 100644 --- a/internal/modules/master/uoms/route.go +++ b/internal/modules/master/uoms/route.go @@ -20,4 +20,10 @@ func UomRoutes(v1 fiber.Router, u user.UserService, s uom.UomService) { route.Get("/:id", ctrl.GetOne) route.Patch("/:id", ctrl.UpdateOne) route.Delete("/:id", ctrl.DeleteOne) + + route.Get("/",m.RequirePermissions(m.P_AreaGetAll), ctrl.GetAll) + route.Post("/",m.RequirePermissions(m.P_AreaCreateOne), ctrl.CreateOne) + route.Get("/:id",m.RequirePermissions(m.P_AreaGetOne), ctrl.GetOne) + route.Patch("/:id",m.RequirePermissions(m.P_AreaUpdateOne), ctrl.UpdateOne) + route.Delete("/:id",m.RequirePermissions(m.P_AreaDeleteOne), ctrl.DeleteOne) } diff --git a/internal/modules/master/warehouses/route.go b/internal/modules/master/warehouses/route.go index 8acf4452..a08b04a5 100644 --- a/internal/modules/master/warehouses/route.go +++ b/internal/modules/master/warehouses/route.go @@ -15,9 +15,9 @@ func WarehouseRoutes(v1 fiber.Router, u user.UserService, s warehouse.WarehouseS route := v1.Group("/warehouses") route.Use(m.Auth(u)) - route.Get("/", ctrl.GetAll) - route.Post("/", ctrl.CreateOne) - route.Get("/:id", ctrl.GetOne) - route.Patch("/:id", ctrl.UpdateOne) - route.Delete("/:id", ctrl.DeleteOne) + route.Get("/",m.RequirePermissions(m.P_WarehousesGetAll), ctrl.GetAll) + route.Post("/",m.RequirePermissions(m.P_WarehousesCreateOne), ctrl.CreateOne) + route.Get("/:id",m.RequirePermissions(m.P_WarehousesGetOne), ctrl.GetOne) + route.Patch("/:id",m.RequirePermissions(m.P_WarehousesUpdateOne), ctrl.UpdateOne) + route.Delete("/:id",m.RequirePermissions(m.P_WarehousesDeleteOne), ctrl.DeleteOne) } diff --git a/internal/modules/production/chickins/route.go b/internal/modules/production/chickins/route.go index a558dd29..103a3655 100644 --- a/internal/modules/production/chickins/route.go +++ b/internal/modules/production/chickins/route.go @@ -16,9 +16,9 @@ func ChickinRoutes(v1 fiber.Router, u user.UserService, s chickin.ChickinService route.Use(m.Auth(u)) // route.Get("/", ctrl.GetAll) - route.Post("/", ctrl.CreateOne) - route.Get("/:id", ctrl.GetOne) + route.Post("/",m.RequirePermissions(m.P_ChickinsCreateOne), ctrl.CreateOne) + route.Get("/:id",m.RequirePermissions(m.P_ChickinsGetOne), ctrl.GetOne) // route.Patch("/:id", ctrl.UpdateOne) // route.Delete("/:id", ctrl.DeleteOne) - route.Post("/approvals", ctrl.Approval) + route.Post("/approvals",m.RequirePermissions(m.P_ChickinsApproval), ctrl.Approval) } diff --git a/internal/modules/production/project-flock-kandangs/route.go b/internal/modules/production/project-flock-kandangs/route.go index d4dfec30..b382d1af 100644 --- a/internal/modules/production/project-flock-kandangs/route.go +++ b/internal/modules/production/project-flock-kandangs/route.go @@ -14,12 +14,6 @@ func ProjectFlockKandangRoutes(v1 fiber.Router, u user.UserService, s projectFlo route := v1.Group("/project-flock-kandangs") route.Use(m.Auth(u)) - // route.Get("/", m.Auth(u), ctrl.GetAll) - // route.Post("/", m.Auth(u), ctrl.CreateOne) - // route.Get("/:id", m.Auth(u), ctrl.GetOne) - // route.Patch("/:id", m.Auth(u), ctrl.UpdateOne) - // route.Delete("/:id", m.Auth(u), ctrl.DeleteOne) - route.Get("/",m.RequirePermissions(m.P_ProjectFlockKandangsGetAll), ctrl.GetAll) route.Get("/:id",m.RequirePermissions(m.P_ProjectFlockKandangsGetOne), ctrl.GetOne) diff --git a/internal/modules/production/recordings/route.go b/internal/modules/production/recordings/route.go index 83b426db..f05d054d 100644 --- a/internal/modules/production/recordings/route.go +++ b/internal/modules/production/recordings/route.go @@ -15,11 +15,11 @@ func RecordingRoutes(v1 fiber.Router, u user.UserService, s recording.RecordingS route := v1.Group("/recordings") route.Use(m.Auth(u)) - route.Get("/", ctrl.GetAll) - route.Get("/next-day", ctrl.GetNextDay) - route.Post("/", ctrl.CreateOne) - route.Get("/:id", ctrl.GetOne) - route.Patch("/:id", ctrl.UpdateOne) - route.Post("/approvals", ctrl.Approve) - route.Delete("/:id", ctrl.DeleteOne) + route.Get("/",m.RequirePermissions(m.P_RecordingGetAll), ctrl.GetAll) + route.Get("/:id",m.RequirePermissions(m.P_RecordingGetOne), ctrl.GetOne) + route.Post("/",m.RequirePermissions(m.P_RecordingCreateOne), ctrl.CreateOne) + route.Patch("/:id",m.RequirePermissions(m.P_RecordingUpdateOne), ctrl.UpdateOne) + route.Delete("/:id",m.RequirePermissions(m.P_RecordingDeleteOne), ctrl.DeleteOne) + route.Get("/next-day",m.RequirePermissions(m.P_RecordingNextDay), ctrl.GetNextDay) + route.Post("/approvals",m.RequirePermissions(m.P_RecordingApproval), ctrl.Approve) } diff --git a/internal/modules/purchases/route.go b/internal/modules/purchases/route.go index 5145bc94..4be485e6 100644 --- a/internal/modules/purchases/route.go +++ b/internal/modules/purchases/route.go @@ -15,12 +15,12 @@ func Routes(router fiber.Router, purchaseService service.PurchaseService, userSe route := router.Group("/purchases") route.Use(m.Auth(userService)) - route.Get("/", ctrl.GetAll) - route.Get("/:id", ctrl.GetOne) - route.Post("/", ctrl.CreateOne) - route.Post("/:id/approvals/staff", ctrl.ApproveStaffPurchase) - route.Post("/:id/approvals/manager", ctrl.ApproveManagerPurchase) - route.Post("/:id/receipts", ctrl.ReceiveProducts) - route.Delete("/:id", ctrl.DeletePurchase) - route.Delete("/:id/items", ctrl.DeleteItems) + route.Get("/",m.RequirePermissions(m.P_PurchaseGetAll), ctrl.GetAll) + route.Get("/:id",m.RequirePermissions(m.P_PurchaseGetOne), ctrl.GetOne) + route.Post("/",m.RequirePermissions(m.P_PurchaseCreateOne), ctrl.CreateOne) + route.Post("/:id/approvals/staff",m.RequirePermissions(m.P_PurchaseApprovalStaff), ctrl.ApproveStaffPurchase) + route.Post("/:id/approvals/manager",m.RequirePermissions(m.P_PurchaseApprovalManager), ctrl.ApproveManagerPurchase) + route.Post("/:id/receipts",m.RequirePermissions(m.P_PurchaseReceive), ctrl.ReceiveProducts) + route.Delete("/:id",m.RequirePermissions(m.P_RecordingDeleteOne), ctrl.DeletePurchase) + route.Delete("/:id/items",m.RequirePermissions(m.P_PurchaseItemDeleteOne), ctrl.DeleteItems) } diff --git a/internal/modules/users/route.go b/internal/modules/users/route.go index 1093312f..d6aa03fe 100644 --- a/internal/modules/users/route.go +++ b/internal/modules/users/route.go @@ -14,9 +14,9 @@ func UserRoutes(v1 fiber.Router, s user.UserService) { route := v1.Group("/users") route.Use(m.Auth(s)) - route.Get("/", m.RequirePermissions("lti.users.list"), ctrl.GetAll) + route.Get("/", m.RequirePermissions(m.P_UserGetAll), ctrl.GetAll) // route.Post("/", ctrl.CreateOne) - route.Get("/:id", m.RequirePermissions("lti.users.detail"), ctrl.GetOne) + route.Get("/:id", m.RequirePermissions(m.P_UserGetOne), ctrl.GetOne) // route.Patch("/:id", ctrl.UpdateOne) // route.Delete("/:id", ctrl.DeleteOne) } From ab9c7c216aad8f7d3e2bbf1d41a1a52dc6d0b28e Mon Sep 17 00:00:00 2001 From: ragilap Date: Fri, 19 Dec 2025 14:37:54 +0700 Subject: [PATCH 3/4] Feat(BE-304): add permission in report and closing --- internal/capabilities/capabilities.go | 44 ------ internal/middleware/permissions.go | 220 ++++++++++++++------------ internal/modules/closings/route.go | 11 +- internal/modules/repports/module.go | 7 +- internal/modules/repports/route.go | 9 +- 5 files changed, 133 insertions(+), 158 deletions(-) delete mode 100644 internal/capabilities/capabilities.go diff --git a/internal/capabilities/capabilities.go b/internal/capabilities/capabilities.go deleted file mode 100644 index 47f774ba..00000000 --- a/internal/capabilities/capabilities.go +++ /dev/null @@ -1,44 +0,0 @@ -package capabilities - -import ( - "strings" - - permission "gitlab.com/mbugroup/lti-api.git/internal/middleware" -) - -// FromPermissions returns a filtered map of capabilities that the frontend can use -// to toggle features. Only permissions recognized by the application are exposed. -func FromPermissions(perms []string) map[string]bool { - if len(perms) == 0 { - return nil - } - - out := make(map[string]bool) - for _, perm := range perms { - if key, ok := normalizeAndAllow(perm); ok { - out[key] = true - } - } - if len(out) == 0 { - return nil - } - return out -} - -func normalizeAndAllow(perm string) (string, bool) { - perm = strings.ToLower(strings.TrimSpace(perm)) - if perm == "" { - return "", false - } - if _, ok := allowed[perm]; !ok { - return "", false - } - return perm, true -} - -var allowed = map[string]struct{}{ - permission.PermissionRecordingRead: {}, - permission.PermissionRecordingCreate: {}, - permission.PermissionRecordingUpdate: {}, - permission.PermissionRecordingDelete: {}, -} diff --git a/internal/middleware/permissions.go b/internal/middleware/permissions.go index 0734b035..462bc8b7 100644 --- a/internal/middleware/permissions.go +++ b/internal/middleware/permissions.go @@ -1,183 +1,197 @@ package middleware -//project-flock +// project-flock const ( P_ProjectFlockKandangsClosing = "lti.production.project_flock_kandangs.closing" - P_ProjectFlockKandangsGetAll = "lti.production.project_flock_kandangs.list" - P_ProjectFlockKandangsGetOne = "lti.production.project_flock_kandangs.detail" + P_ProjectFlockKandangsGetAll = "lti.production.project_flock_kandangs.list" + P_ProjectFlockKandangsGetOne = "lti.production.project_flock_kandangs.detail" - P_ProjectFlockGetAll = "lti.production.project_flocks.list" - P_ProjectFlockCreate = "lti.production.project_flocks.create" - P_ProjectFlockGetOne = "lti.production.project_flocks.detail" - P_ProjectFlockUpdate = "lti.production.project_flocks.update" - P_ProjectFlockDelete = "lti.production.project_flocks.delete" - P_ProjectFlockApprove = "lti.production.project_flocks.approve" - P_ProjectFlockLookup = "lti.production.project_flocks.lookup" + P_ProjectFlockGetAll = "lti.production.project_flocks.list" + P_ProjectFlockCreate = "lti.production.project_flocks.create" + P_ProjectFlockGetOne = "lti.production.project_flocks.detail" + P_ProjectFlockUpdate = "lti.production.project_flocks.update" + P_ProjectFlockDelete = "lti.production.project_flocks.delete" + P_ProjectFlockApprove = "lti.production.project_flocks.approve" + P_ProjectFlockLookup = "lti.production.project_flocks.lookup" P_ProjectFlockNextPeriod = "lti.production.project_flocks.next_period" - P_ProjectFlockResubmit = "lti.production.project_flocks.resubmit" + P_ProjectFlockResubmit = "lti.production.project_flocks.resubmit" ) -const( - P_ExpenseGetAll= "lti.expense.list" - P_ExpenseCreateOne= "lti.expense.create" - P_ExpenseUpdateOne= "lti.expense.update" - P_ExpenseGetOne= "lti.expense.detail" - P_ExpenseDeleteOne= "lti.expense.delete" - P_ExpenseApprovalManager= "lti.expense.approve.manager" - P_ExpenseApprovalFinance= "lti.expense.approve.finance" - P_ExpenseCreateRealizations= "lti.expense.create.realization" - P_ExpenseUpdateRealizations= "lti.expense.update.realization" - P_ExpenseCompleteExpense= "lti.expense.complete.expense" - P_ExpenseDocument= "lti.expense.document" - P_ExpenseDocumentRealizations= "lti.expense.document.realization" +const ( + P_ExpenseGetAll = "lti.expense.list" + P_ExpenseCreateOne = "lti.expense.create" + P_ExpenseUpdateOne = "lti.expense.update" + P_ExpenseGetOne = "lti.expense.detail" + P_ExpenseDeleteOne = "lti.expense.delete" + P_ExpenseApprovalManager = "lti.expense.approve.manager" + P_ExpenseApprovalFinance = "lti.expense.approve.finance" + P_ExpenseCreateRealizations = "lti.expense.create.realization" + P_ExpenseUpdateRealizations = "lti.expense.update.realization" + P_ExpenseCompleteExpense = "lti.expense.complete.expense" + P_ExpenseDocument = "lti.expense.document" + P_ExpenseDocumentRealizations = "lti.expense.document.realization" ) -const( - P_AdjustmentGetAll="lti.inventory.list" - P_AdjustmentCreate="lti.inventory.create" - P_AdjustmentGetOne="lti.inventory.detail" +const ( + P_AdjustmentGetAll = "lti.inventory.list" + P_AdjustmentCreate = "lti.inventory.create" + P_AdjustmentGetOne = "lti.inventory.detail" ) -const( +const ( P_ApprovalGetAll = "lti.approval.list" ) - -const( - P_ClosingGetAll = "lti.closing.list" - P_ClosingPenjualan = "lti.closing.penjualan" - P_ClosingGetSummary = "lti.closing.getsummary" - P_ProductStockGetAll = "lti.inventory.product_stock.list" - P_ProductStockGetOne = "lti.inventory.product_stock.detail" - P_ProductWarehousekGetAll = "lti.inventory.product_warehouses.list" - P_ProductWarehouseGetOne = "lti.inventory.product_warehouses.detail" +const ( + P_ReportExpenseGetAll = "lti.repport.expense.list" + P_ReportDeliveryGetAll = "lti.repport.delivery.list" ) -const( - P_TransferGetAll = "lti.inventory.transfer.list" - P_TransferGetOne = "lti.inventory.transfer.detail" + +const ( + P_ProductStockGetAll = "lti.inventory.product_stock.list" + P_ProductStockGetOne = "lti.inventory.product_stock.detail" + P_ProductWarehousekGetAll = "lti.inventory.product_warehouses.list" + P_ProductWarehouseGetOne = "lti.inventory.product_warehouses.detail" +) +const ( + P_ClosingGetAll = "lti.closing.list" + P_ClosingPenjualan = "lti.closing.penjualan" + P_ClosingGetSummary = "lti.closing.getsummary" + + + //?baru + P_ClosingGetOverhead = "lti.closing.getoverhead" + P_ClosingCountSapronakKandang = "lti.closing.getsapronakcountbykandang" + P_ClosingCountSapronak = "lti.closing.getsapronakcount" + P_ClosingSapronak = "lti.closing.getsapronak" + +) + +const ( + P_TransferGetAll = "lti.inventory.transfer.list" + P_TransferGetOne = "lti.inventory.transfer.detail" P_TransferCreateOne = "lti.inventory.transfer.create" ) -const( - P_DeliveryGetAll = "lti.marketing.delivery_order.list" - P_DeliveryGetOne = "lti.marketing.delivery_order.detail" - P_DeliveryCreateOne = "lti.marketing.delivery_order.create" - P_DeliveryUpdateOne = "lti.marketing.delivery_order.update" - P_SalesOrderDelete = "lti.marketing.sales_order.delete" - P_SalesOrderApproval = "lti.marketing.sales_order.approve" +const ( + P_DeliveryGetAll = "lti.marketing.delivery_order.list" + P_DeliveryGetOne = "lti.marketing.delivery_order.detail" + P_DeliveryCreateOne = "lti.marketing.delivery_order.create" + P_DeliveryUpdateOne = "lti.marketing.delivery_order.update" + P_SalesOrderDelete = "lti.marketing.sales_order.delete" + P_SalesOrderApproval = "lti.marketing.sales_order.approve" P_SalesOrderCreateOne = "lti.marketing.sales_order.create" P_SalesOrderUpdateOne = "lti.marketing.sales_order.update" ) -const( - P_AreaGetAll = "lti.master.area.list" - P_AreaGetOne = "lti.master.area.detail" +const ( + P_AreaGetAll = "lti.master.area.list" + P_AreaGetOne = "lti.master.area.detail" P_AreaCreateOne = "lti.master.area.create" P_AreaUpdateOne = "lti.master.area.update" P_AreaDeleteOne = "lti.master.area.delete" - P_BanksGetAll = "lti.master.banks.list" - P_BanksGetOne = "lti.master.banks.detail" + P_BanksGetAll = "lti.master.banks.list" + P_BanksGetOne = "lti.master.banks.detail" P_BanksCreateOne = "lti.master.banks.create" P_BanksUpdateOne = "lti.master.banks.update" P_BanksDeleteOne = "lti.master.banks.delete" - P_CustomerGetAll = "lti.master.customer.list" - P_CustomerGetOne = "lti.master.customer.detail" + P_CustomerGetAll = "lti.master.customer.list" + P_CustomerGetOne = "lti.master.customer.detail" P_CustomerCreateOne = "lti.master.customer.create" P_CustomerUpdateOne = "lti.master.customer.update" P_CustomerDeleteOne = "lti.master.customer.delete" - - P_FcrGetAll = "lti.master.fcr.list" - P_FcrGetOne = "lti.master.fcr.detail" + + P_FcrGetAll = "lti.master.fcr.list" + P_FcrGetOne = "lti.master.fcr.detail" P_FcrCreateOne = "lti.master.fcr.create" P_FcrUpdateOne = "lti.master.fcr.update" P_FcrDeleteOne = "lti.master.fcr.delete" - - P_FlocksGetAll = "lti.master.flocks.list" - P_FlocksGetOne = "lti.master.flocks.detail" + + P_FlocksGetAll = "lti.master.flocks.list" + P_FlocksGetOne = "lti.master.flocks.detail" P_FlocksCreateOne = "lti.master.flocks.create" P_FlocksUpdateOne = "lti.master.flocks.update" P_FlocksDeleteOne = "lti.master.flocks.delete" - - P_KandangsGetAll = "lti.master.kandangs.list" - P_KandangsGetOne = "lti.master.kandangs.detail" + + P_KandangsGetAll = "lti.master.kandangs.list" + P_KandangsGetOne = "lti.master.kandangs.detail" P_KandangsCreateOne = "lti.master.kandangs.create" P_KandangsUpdateOne = "lti.master.kandangs.update" P_KandangsDeleteOne = "lti.master.kandangs.delete" - - P_LocationsGetAll = "lti.master.locations.list" - P_LocationsGetOne = "lti.master.locations.detail" + + P_LocationsGetAll = "lti.master.locations.list" + P_LocationsGetOne = "lti.master.locations.detail" P_LocationsCreateOne = "lti.master.locations.create" P_LocationsUpdateOne = "lti.master.locations.update" P_LocationsDeleteOne = "lti.master.locations.delete" - - P_NonstocksGetAll = "lti.master.nonstocks.list" - P_NonstocksGetOne = "lti.master.nonstocks.detail" + + P_NonstocksGetAll = "lti.master.nonstocks.list" + P_NonstocksGetOne = "lti.master.nonstocks.detail" P_NonstocksCreateOne = "lti.master.nonstocks.create" P_NonstocksUpdateOne = "lti.master.nonstocks.update" P_NonstocksDeleteOne = "lti.master.nonstocks.delete" - P_ProductCategoriesGetAll = "lti.master.Product_categories.list" - P_ProductCategoriesGetOne = "lti.master.Product_categories.detail" + P_ProductCategoriesGetAll = "lti.master.Product_categories.list" + P_ProductCategoriesGetOne = "lti.master.Product_categories.detail" P_ProductCategoriesCreateOne = "lti.master.Product_categories.create" P_ProductCategoriesUpdateOne = "lti.master.Product_categories.update" P_ProductCategoriesDeleteOne = "lti.master.Product_categories.delete" - - P_ProductsGetAll = "lti.master.Products.list" - P_ProductsGetOne = "lti.master.Products.detail" + + P_ProductsGetAll = "lti.master.Products.list" + P_ProductsGetOne = "lti.master.Products.detail" P_ProductsCreateOne = "lti.master.Products.create" P_ProductsUpdateOne = "lti.master.Products.update" P_ProductsDeleteOne = "lti.master.Products.delete" - - P_SuppliersGetAll = "lti.master.suppliers.list" - P_SuppliersGetOne = "lti.master.suppliers.detail" + + P_SuppliersGetAll = "lti.master.suppliers.list" + P_SuppliersGetOne = "lti.master.suppliers.detail" P_SuppliersCreateOne = "lti.master.suppliers.create" P_SuppliersUpdateOne = "lti.master.suppliers.update" P_SuppliersDeleteOne = "lti.master.suppliers.delete" - P_UomsGetAll = "lti.master.uoms.list" - P_UomsGetOne = "lti.master.uoms.detail" + P_UomsGetAll = "lti.master.uoms.list" + P_UomsGetOne = "lti.master.uoms.detail" P_UomsCreateOne = "lti.master.uoms.create" P_UomsUpdateOne = "lti.master.uoms.update" P_UomsDeleteOne = "lti.master.uoms.delete" - P_WarehousesGetAll = "lti.master.warehouses.list" - P_WarehousesGetOne = "lti.master.warehouses.detail" + P_WarehousesGetAll = "lti.master.warehouses.list" + P_WarehousesGetOne = "lti.master.warehouses.detail" P_WarehousesCreateOne = "lti.master.warehouses.create" P_WarehousesUpdateOne = "lti.master.warehouses.update" P_WarehousesDeleteOne = "lti.master.warehouses.delete" - ) - -const( +const ( P_ChickinsCreateOne = "lti.production.chickins.create" - P_ChickinsGetOne = "lti.production.chickins.detail" - P_ChickinsApproval = "lti.production.chickins.approve" + P_ChickinsGetOne = "lti.production.chickins.detail" + P_ChickinsApproval = "lti.production.chickins.approve" ) -//recording + +// recording const ( - P_RecordingGetAll = "lti.production.recording.list" - P_RecordingGetOne = "lti.production.recording.detail" - P_RecordingCreateOne = "lti.production.recording.create" - P_RecordingUpdateOne = "lti.production.recording.update" - P_RecordingDeleteOne = "lti.production.recording.delete" + P_RecordingGetAll = "lti.production.recording.list" + P_RecordingGetOne = "lti.production.recording.detail" + P_RecordingCreateOne = "lti.production.recording.create" + P_RecordingUpdateOne = "lti.production.recording.update" + P_RecordingDeleteOne = "lti.production.recording.delete" P_RecordingNextDay = "lti.production.recording.next_day" - P_RecordingApproval = "lti.production.recording.approve" + P_RecordingApproval = "lti.production.recording.approve" ) const ( - P_PurchaseGetAll = "lti.Purchase.list" - P_PurchaseGetOne = "lti.Purchase.detail" - P_PurchaseCreateOne = "lti.Purchase.create" - P_PurchaseUpdateOne = "lti.Purchase.update" - P_PurchaseDeleteOne = "lti.Purchase.delete" + P_PurchaseGetAll = "lti.Purchase.list" + P_PurchaseGetOne = "lti.Purchase.detail" + P_PurchaseCreateOne = "lti.Purchase.create" + P_PurchaseUpdateOne = "lti.Purchase.update" + P_PurchaseDeleteOne = "lti.Purchase.delete" P_PurchaseItemDeleteOne = "lti.Purchase.delete.item" - P_PurchaseReceive = "lti.Purchase.receive" + P_PurchaseReceive = "lti.Purchase.receive" P_PurchaseApprovalStaff = "lti.Purchase.approve.staff" - P_PurchaseApprovalManager = "lti.Purchase.approve.manager" + P_PurchaseApprovalManager = "lti.Purchase.approve.manager" ) -const( +const ( P_UserGetAll = "lti.users.list" P_UserGetOne = "lti.users.detail" -) \ No newline at end of file +) diff --git a/internal/modules/closings/route.go b/internal/modules/closings/route.go index 5033f989..38f8a816 100644 --- a/internal/modules/closings/route.go +++ b/internal/modules/closings/route.go @@ -24,11 +24,8 @@ func ClosingRoutes(v1 fiber.Router, u user.UserService, s closing.ClosingService route.Get("/",m.RequirePermissions(m.P_ClosingGetAll), ctrl.GetAll) route.Get("/:project_flock_id/penjualan",m.RequirePermissions(m.P_ClosingPenjualan), ctrl.GetPenjualan) route.Get("/:projectFlockId",m.RequirePermissions(m.P_ClosingGetSummary), ctrl.GetClosingSummary) - route.Get("/", ctrl.GetAll) - route.Get("/:project_flock_id/penjualan", ctrl.GetPenjualan) - route.Get("/:project_flock_id/overhead", ctrl.GetOverhead) - route.Get("/:project_flock_id/:project_flock_kandang_id/perhitungan_sapronak", ctrl.GetSapronakByKandang) - route.Get("/:project_flock_id/perhitungan_sapronak", ctrl.GetSapronakByProject) - route.Get("/:projectFlockId", ctrl.GetClosingSummary) - route.Get("/:projectFlockId/sapronak", ctrl.GetClosingSapronak) + route.Get("/:project_flock_id/overhead",m.RequirePermissions(m.P_ClosingGetOverhead), ctrl.GetOverhead) + route.Get("/:project_flock_id/:project_flock_kandang_id/perhitungan_sapronak",m.RequirePermissions(m.P_ClosingCountSapronakKandang) ,ctrl.GetSapronakByKandang) + route.Get("/:project_flock_id/perhitungan_sapronak",m.RequirePermissions(m.P_ClosingCountSapronak) ,ctrl.GetSapronakByProject) + route.Get("/:projectFlockId/sapronak",m.RequirePermissions(m.P_ClosingSapronak), ctrl.GetClosingSapronak) } diff --git a/internal/modules/repports/module.go b/internal/modules/repports/module.go index 4479b733..c1a00e8c 100644 --- a/internal/modules/repports/module.go +++ b/internal/modules/repports/module.go @@ -11,6 +11,9 @@ import ( expenseRepo "gitlab.com/mbugroup/lti-api.git/internal/modules/expenses/repositories" marketingRepo "gitlab.com/mbugroup/lti-api.git/internal/modules/marketing/repositories" + + rUser "gitlab.com/mbugroup/lti-api.git/internal/modules/users/repositories" + sUser "gitlab.com/mbugroup/lti-api.git/internal/modules/users/services" ) type RepportModule struct{} @@ -20,9 +23,11 @@ func (RepportModule) RegisterRoutes(router fiber.Router, db *gorm.DB, validate * expenseRealizationRepository := expenseRepo.NewExpenseRealizationRepository(db) marketingDeliveryProductRepository := marketingRepo.NewMarketingDeliveryProductRepository(db) approvalRepository := commonRepo.NewApprovalRepository(db) + userRepository := rUser.NewUserRepository(db) approvalSvc := approvalService.NewApprovalService(approvalRepository) repportService := sRepport.NewRepportService(validate, expenseRealizationRepository, marketingDeliveryProductRepository, approvalSvc) + userService := sUser.NewUserService(userRepository, validate) - RepportRoutes(router, repportService) + RepportRoutes(router, userService, repportService) } diff --git a/internal/modules/repports/route.go b/internal/modules/repports/route.go index 4aea831c..4edba9c7 100644 --- a/internal/modules/repports/route.go +++ b/internal/modules/repports/route.go @@ -1,17 +1,20 @@ package repports import ( + m "gitlab.com/mbugroup/lti-api.git/internal/middleware" controller "gitlab.com/mbugroup/lti-api.git/internal/modules/repports/controllers" repport "gitlab.com/mbugroup/lti-api.git/internal/modules/repports/services" + user "gitlab.com/mbugroup/lti-api.git/internal/modules/users/services" "github.com/gofiber/fiber/v2" ) -func RepportRoutes(v1 fiber.Router, s repport.RepportService) { +func RepportRoutes(v1 fiber.Router, u user.UserService, s repport.RepportService) { ctrl := controller.NewRepportController(s) route := v1.Group("/reports") + route.Use(m.Auth(u)) - route.Get("/expense", ctrl.GetExpense) - route.Get("/marketing", ctrl.GetMarketing) + route.Get("/expense", m.RequirePermissions(m.P_ReportExpenseGetAll), ctrl.GetExpense) + route.Get("/marketing", m.RequirePermissions(m.P_ReportDeliveryGetAll), ctrl.GetMarketing) } From 1af8f0a72600430e6f80932bc84e6ddd4a2e4348 Mon Sep 17 00:00:00 2001 From: ragilap Date: Fri, 19 Dec 2025 15:55:30 +0700 Subject: [PATCH 4/4] Feat(BE-304): add permission in report and closing --- internal/middleware/permissions.go | 10 ++++++---- internal/modules/closings/route.go | 20 ++++++++++---------- internal/modules/repports/route.go | 2 +- 3 files changed, 17 insertions(+), 15 deletions(-) diff --git a/internal/middleware/permissions.go b/internal/middleware/permissions.go index 462bc8b7..e715aae9 100644 --- a/internal/middleware/permissions.go +++ b/internal/middleware/permissions.go @@ -42,6 +42,7 @@ const ( const ( P_ReportExpenseGetAll = "lti.repport.expense.list" P_ReportDeliveryGetAll = "lti.repport.delivery.list" + P_ReportPurchaseSupplierGetAll = "lti.repport.purchasesupplier.list" ) @@ -55,14 +56,15 @@ const ( P_ClosingGetAll = "lti.closing.list" P_ClosingPenjualan = "lti.closing.penjualan" P_ClosingGetSummary = "lti.closing.getsummary" - - - //?baru P_ClosingGetOverhead = "lti.closing.getoverhead" - P_ClosingCountSapronakKandang = "lti.closing.getsapronakcountbykandang" + P_ClosingCountSapronakKandang = "lti.closing.getsapronakcount.kandang" P_ClosingCountSapronak = "lti.closing.getsapronakcount" P_ClosingSapronak = "lti.closing.getsapronak" + P_ClosingExpeditionHpp = "lti.closing.expedition" + P_ClosingExpeditionHppByKandang = "lti.closing.expedition.kandang" + P_ClosingDataProduction = "lti.closing.production.data" + ) const ( diff --git a/internal/modules/closings/route.go b/internal/modules/closings/route.go index 58372183..d4250624 100644 --- a/internal/modules/closings/route.go +++ b/internal/modules/closings/route.go @@ -21,14 +21,14 @@ func ClosingRoutes(v1 fiber.Router, u user.UserService, s closing.ClosingService // route.Patch("/:id", m.Auth(u), ctrl.UpdateOne) // route.Delete("/:id", m.Auth(u), ctrl.DeleteOne) - route.Get("/",m.RequirePermissions(m.P_ClosingGetAll), ctrl.GetAll) - route.Get("/:project_flock_id/penjualan",m.RequirePermissions(m.P_ClosingPenjualan), ctrl.GetPenjualan) - route.Get("/:projectFlockId",m.RequirePermissions(m.P_ClosingGetSummary), ctrl.GetClosingSummary) - route.Get("/:project_flock_id/overhead",m.RequirePermissions(m.P_ClosingGetOverhead), ctrl.GetOverhead) - route.Get("/:project_flock_id/:project_flock_kandang_id/perhitungan_sapronak",m.RequirePermissions(m.P_ClosingCountSapronakKandang) ,ctrl.GetSapronakByKandang) - route.Get("/:project_flock_id/perhitungan_sapronak",m.RequirePermissions(m.P_ClosingCountSapronak) ,ctrl.GetSapronakByProject) - route.Get("/:projectFlockId/sapronak",m.RequirePermissions(m.P_ClosingSapronak), ctrl.GetClosingSapronak) - route.Get("/:project_flock_id/expedition-hpp", ctrl.GetExpeditionHPP) - route.Get("/:project_flock_id/:project_flock_kandang_id/expedition-hpp", ctrl.GetExpeditionHPPByKandang) - route.Get("/:projectFlockId/data-produksi", ctrl.GetClosingDataProduksi) + route.Get("/", m.RequirePermissions(m.P_ClosingGetAll), ctrl.GetAll) + route.Get("/:project_flock_id/penjualan", m.RequirePermissions(m.P_ClosingPenjualan), ctrl.GetPenjualan) + route.Get("/:projectFlockId", m.RequirePermissions(m.P_ClosingGetSummary), ctrl.GetClosingSummary) + route.Get("/:project_flock_id/overhead", m.RequirePermissions(m.P_ClosingGetOverhead), ctrl.GetOverhead) + route.Get("/:project_flock_id/:project_flock_kandang_id/perhitungan_sapronak", m.RequirePermissions(m.P_ClosingCountSapronakKandang), ctrl.GetSapronakByKandang) + route.Get("/:project_flock_id/perhitungan_sapronak", m.RequirePermissions(m.P_ClosingCountSapronak), ctrl.GetSapronakByProject) + route.Get("/:projectFlockId/sapronak", m.RequirePermissions(m.P_ClosingSapronak), ctrl.GetClosingSapronak) + route.Get("/:project_flock_id/expedition-hpp", m.RequirePermissions(m.P_ClosingExpeditionHpp), ctrl.GetExpeditionHPP) + route.Get("/:project_flock_id/:project_flock_kandang_id/expedition-hpp", m.RequirePermissions(m.P_ClosingExpeditionHppByKandang), ctrl.GetExpeditionHPPByKandang) + route.Get("/:projectFlockId/data-produksi", m.RequirePermissions(m.P_ClosingDataProduction), ctrl.GetClosingDataProduksi) } diff --git a/internal/modules/repports/route.go b/internal/modules/repports/route.go index 93758f07..45dc32b7 100644 --- a/internal/modules/repports/route.go +++ b/internal/modules/repports/route.go @@ -17,5 +17,5 @@ func RepportRoutes(v1 fiber.Router, u user.UserService, s repport.RepportService route.Get("/expense", m.RequirePermissions(m.P_ReportExpenseGetAll), ctrl.GetExpense) route.Get("/marketing", m.RequirePermissions(m.P_ReportDeliveryGetAll), ctrl.GetMarketing) - route.Get("/purchase-supplier", ctrl.GetPurchaseSupplier) + route.Get("/purchase-supplier", m.RequirePermissions(m.P_ReportPurchaseSupplierGetAll), ctrl.GetPurchaseSupplier) }