Feat(BE-304): add permission in report and closing

internal/capabilities/capabilities.go

@@ -1,44 +0,0 @@
-package capabilities
-
-import (
-	"strings"
-
-	permission "gitlab.com/mbugroup/lti-api.git/internal/middleware"
-)
-
-// FromPermissions returns a filtered map of capabilities that the frontend can use
-// to toggle features. Only permissions recognized by the application are exposed.
-func FromPermissions(perms []string) map[string]bool {
-	if len(perms) == 0 {
-		return nil
-	}
-
-	out := make(map[string]bool)
-	for _, perm := range perms {
-		if key, ok := normalizeAndAllow(perm); ok {
-			out[key] = true
-		}
-	}
-	if len(out) == 0 {
-		return nil
-	}
-	return out
-}
-
-func normalizeAndAllow(perm string) (string, bool) {
-	perm = strings.ToLower(strings.TrimSpace(perm))
-	if perm == "" {
-		return "", false
-	}
-	if _, ok := allowed[perm]; !ok {
-		return "", false
-	}
-	return perm, true
-}
-
-var allowed = map[string]struct{}{
-	permission.PermissionRecordingRead:   {},
-	permission.PermissionRecordingCreate: {},
-	permission.PermissionRecordingUpdate: {},
-	permission.PermissionRecordingDelete: {},
-}

internal/middleware/permissions.go

@@ -1,183 +1,197 @@
 package middleware
 
-//project-flock
+// project-flock
 const (
 	P_ProjectFlockKandangsClosing = "lti.production.project_flock_kandangs.closing"
-	P_ProjectFlockKandangsGetAll = "lti.production.project_flock_kandangs.list"
+	P_ProjectFlockKandangsGetAll  = "lti.production.project_flock_kandangs.list"
-	P_ProjectFlockKandangsGetOne = "lti.production.project_flock_kandangs.detail"
+	P_ProjectFlockKandangsGetOne  = "lti.production.project_flock_kandangs.detail"
 
-	P_ProjectFlockGetAll = "lti.production.project_flocks.list"
+	P_ProjectFlockGetAll     = "lti.production.project_flocks.list"
-	P_ProjectFlockCreate = "lti.production.project_flocks.create"
+	P_ProjectFlockCreate     = "lti.production.project_flocks.create"
-	P_ProjectFlockGetOne = "lti.production.project_flocks.detail"
+	P_ProjectFlockGetOne     = "lti.production.project_flocks.detail"
-	P_ProjectFlockUpdate = "lti.production.project_flocks.update"
+	P_ProjectFlockUpdate     = "lti.production.project_flocks.update"
-	P_ProjectFlockDelete = "lti.production.project_flocks.delete"
+	P_ProjectFlockDelete     = "lti.production.project_flocks.delete"
-	P_ProjectFlockApprove = "lti.production.project_flocks.approve"
+	P_ProjectFlockApprove    = "lti.production.project_flocks.approve"
-	P_ProjectFlockLookup = "lti.production.project_flocks.lookup"
+	P_ProjectFlockLookup     = "lti.production.project_flocks.lookup"
 	P_ProjectFlockNextPeriod = "lti.production.project_flocks.next_period"
-	P_ProjectFlockResubmit = "lti.production.project_flocks.resubmit"
+	P_ProjectFlockResubmit   = "lti.production.project_flocks.resubmit"
 )
 
-const(
+const (
-	P_ExpenseGetAll= "lti.expense.list"
+	P_ExpenseGetAll               = "lti.expense.list"
-	P_ExpenseCreateOne= "lti.expense.create"
+	P_ExpenseCreateOne            = "lti.expense.create"
-	P_ExpenseUpdateOne= "lti.expense.update"
+	P_ExpenseUpdateOne            = "lti.expense.update"
-	P_ExpenseGetOne= "lti.expense.detail"
+	P_ExpenseGetOne               = "lti.expense.detail"
-	P_ExpenseDeleteOne= "lti.expense.delete"
+	P_ExpenseDeleteOne            = "lti.expense.delete"
-	P_ExpenseApprovalManager= "lti.expense.approve.manager"
+	P_ExpenseApprovalManager      = "lti.expense.approve.manager"
-	P_ExpenseApprovalFinance= "lti.expense.approve.finance"
+	P_ExpenseApprovalFinance      = "lti.expense.approve.finance"
-	P_ExpenseCreateRealizations= "lti.expense.create.realization"
+	P_ExpenseCreateRealizations   = "lti.expense.create.realization"
-	P_ExpenseUpdateRealizations= "lti.expense.update.realization"
+	P_ExpenseUpdateRealizations   = "lti.expense.update.realization"
-	P_ExpenseCompleteExpense= "lti.expense.complete.expense"
+	P_ExpenseCompleteExpense      = "lti.expense.complete.expense"
-	P_ExpenseDocument= "lti.expense.document"
+	P_ExpenseDocument             = "lti.expense.document"
-	P_ExpenseDocumentRealizations= "lti.expense.document.realization"
+	P_ExpenseDocumentRealizations = "lti.expense.document.realization"
 )
-const(
+const (
-	P_AdjustmentGetAll="lti.inventory.list"
+	P_AdjustmentGetAll = "lti.inventory.list"
-	P_AdjustmentCreate="lti.inventory.create"
+	P_AdjustmentCreate = "lti.inventory.create"
-	P_AdjustmentGetOne="lti.inventory.detail"
+	P_AdjustmentGetOne = "lti.inventory.detail"
 )
-const(
+const (
 	P_ApprovalGetAll = "lti.approval.list"
 )
-
+const (
-const(
+	P_ReportExpenseGetAll = "lti.repport.expense.list"
-	P_ClosingGetAll = "lti.closing.list"
+	P_ReportDeliveryGetAll = "lti.repport.delivery.list"
-	P_ClosingPenjualan = "lti.closing.penjualan"
-	P_ClosingGetSummary = "lti.closing.getsummary"
-	P_ProductStockGetAll = "lti.inventory.product_stock.list"
-	P_ProductStockGetOne = "lti.inventory.product_stock.detail"
-	P_ProductWarehousekGetAll = "lti.inventory.product_warehouses.list"
-	P_ProductWarehouseGetOne = "lti.inventory.product_warehouses.detail"
 )
 
-const(
+
-	P_TransferGetAll = "lti.inventory.transfer.list"
+const (
-	P_TransferGetOne = "lti.inventory.transfer.detail"
+	P_ProductStockGetAll      = "lti.inventory.product_stock.list"
+	P_ProductStockGetOne      = "lti.inventory.product_stock.detail"
+	P_ProductWarehousekGetAll = "lti.inventory.product_warehouses.list"
+	P_ProductWarehouseGetOne  = "lti.inventory.product_warehouses.detail"
+)
+const (
+	P_ClosingGetAll     = "lti.closing.list"
+	P_ClosingPenjualan  = "lti.closing.penjualan"
+	P_ClosingGetSummary = "lti.closing.getsummary"
+
+
+	//?baru
+	P_ClosingGetOverhead = "lti.closing.getoverhead"
+	P_ClosingCountSapronakKandang = "lti.closing.getsapronakcountbykandang"
+	P_ClosingCountSapronak = "lti.closing.getsapronakcount"
+	P_ClosingSapronak = "lti.closing.getsapronak"
+
+)
+
+const (
+	P_TransferGetAll    = "lti.inventory.transfer.list"
+	P_TransferGetOne    = "lti.inventory.transfer.detail"
 	P_TransferCreateOne = "lti.inventory.transfer.create"
 )
 
-const(
+const (
-	P_DeliveryGetAll = "lti.marketing.delivery_order.list"
+	P_DeliveryGetAll      = "lti.marketing.delivery_order.list"
-	P_DeliveryGetOne = "lti.marketing.delivery_order.detail"
+	P_DeliveryGetOne      = "lti.marketing.delivery_order.detail"
-	P_DeliveryCreateOne = "lti.marketing.delivery_order.create"
+	P_DeliveryCreateOne   = "lti.marketing.delivery_order.create"
-	P_DeliveryUpdateOne = "lti.marketing.delivery_order.update"
+	P_DeliveryUpdateOne   = "lti.marketing.delivery_order.update"
-	P_SalesOrderDelete = "lti.marketing.sales_order.delete"
+	P_SalesOrderDelete    = "lti.marketing.sales_order.delete"
-	P_SalesOrderApproval = "lti.marketing.sales_order.approve"
+	P_SalesOrderApproval  = "lti.marketing.sales_order.approve"
 	P_SalesOrderCreateOne = "lti.marketing.sales_order.create"
 	P_SalesOrderUpdateOne = "lti.marketing.sales_order.update"
 )
 
-const(
+const (
-	P_AreaGetAll = "lti.master.area.list"
+	P_AreaGetAll    = "lti.master.area.list"
-	P_AreaGetOne = "lti.master.area.detail"
+	P_AreaGetOne    = "lti.master.area.detail"
 	P_AreaCreateOne = "lti.master.area.create"
 	P_AreaUpdateOne = "lti.master.area.update"
 	P_AreaDeleteOne = "lti.master.area.delete"
 
-	P_BanksGetAll = "lti.master.banks.list"
+	P_BanksGetAll    = "lti.master.banks.list"
-	P_BanksGetOne = "lti.master.banks.detail"
+	P_BanksGetOne    = "lti.master.banks.detail"
 	P_BanksCreateOne = "lti.master.banks.create"
 	P_BanksUpdateOne = "lti.master.banks.update"
 	P_BanksDeleteOne = "lti.master.banks.delete"
 
-	P_CustomerGetAll = "lti.master.customer.list"
+	P_CustomerGetAll    = "lti.master.customer.list"
-	P_CustomerGetOne = "lti.master.customer.detail"
+	P_CustomerGetOne    = "lti.master.customer.detail"
 	P_CustomerCreateOne = "lti.master.customer.create"
 	P_CustomerUpdateOne = "lti.master.customer.update"
 	P_CustomerDeleteOne = "lti.master.customer.delete"
-	
+
-	P_FcrGetAll = "lti.master.fcr.list"
+	P_FcrGetAll    = "lti.master.fcr.list"
-	P_FcrGetOne = "lti.master.fcr.detail"
+	P_FcrGetOne    = "lti.master.fcr.detail"
 	P_FcrCreateOne = "lti.master.fcr.create"
 	P_FcrUpdateOne = "lti.master.fcr.update"
 	P_FcrDeleteOne = "lti.master.fcr.delete"
-	
+
-	P_FlocksGetAll = "lti.master.flocks.list"
+	P_FlocksGetAll    = "lti.master.flocks.list"
-	P_FlocksGetOne = "lti.master.flocks.detail"
+	P_FlocksGetOne    = "lti.master.flocks.detail"
 	P_FlocksCreateOne = "lti.master.flocks.create"
 	P_FlocksUpdateOne = "lti.master.flocks.update"
 	P_FlocksDeleteOne = "lti.master.flocks.delete"
-	
+
-	P_KandangsGetAll = "lti.master.kandangs.list"
+	P_KandangsGetAll    = "lti.master.kandangs.list"
-	P_KandangsGetOne = "lti.master.kandangs.detail"
+	P_KandangsGetOne    = "lti.master.kandangs.detail"
 	P_KandangsCreateOne = "lti.master.kandangs.create"
 	P_KandangsUpdateOne = "lti.master.kandangs.update"
 	P_KandangsDeleteOne = "lti.master.kandangs.delete"
-	
+
-	P_LocationsGetAll = "lti.master.locations.list"
+	P_LocationsGetAll    = "lti.master.locations.list"
-	P_LocationsGetOne = "lti.master.locations.detail"
+	P_LocationsGetOne    = "lti.master.locations.detail"
 	P_LocationsCreateOne = "lti.master.locations.create"
 	P_LocationsUpdateOne = "lti.master.locations.update"
 	P_LocationsDeleteOne = "lti.master.locations.delete"
-	
+
-	P_NonstocksGetAll = "lti.master.nonstocks.list"
+	P_NonstocksGetAll    = "lti.master.nonstocks.list"
-	P_NonstocksGetOne = "lti.master.nonstocks.detail"
+	P_NonstocksGetOne    = "lti.master.nonstocks.detail"
 	P_NonstocksCreateOne = "lti.master.nonstocks.create"
 	P_NonstocksUpdateOne = "lti.master.nonstocks.update"
 	P_NonstocksDeleteOne = "lti.master.nonstocks.delete"
 
-	P_ProductCategoriesGetAll = "lti.master.Product_categories.list"
+	P_ProductCategoriesGetAll    = "lti.master.Product_categories.list"
-	P_ProductCategoriesGetOne = "lti.master.Product_categories.detail"
+	P_ProductCategoriesGetOne    = "lti.master.Product_categories.detail"
 	P_ProductCategoriesCreateOne = "lti.master.Product_categories.create"
 	P_ProductCategoriesUpdateOne = "lti.master.Product_categories.update"
 	P_ProductCategoriesDeleteOne = "lti.master.Product_categories.delete"
-	
+
-	P_ProductsGetAll = "lti.master.Products.list"
+	P_ProductsGetAll    = "lti.master.Products.list"
-	P_ProductsGetOne = "lti.master.Products.detail"
+	P_ProductsGetOne    = "lti.master.Products.detail"
 	P_ProductsCreateOne = "lti.master.Products.create"
 	P_ProductsUpdateOne = "lti.master.Products.update"
 	P_ProductsDeleteOne = "lti.master.Products.delete"
-	
+
-	P_SuppliersGetAll = "lti.master.suppliers.list"
+	P_SuppliersGetAll    = "lti.master.suppliers.list"
-	P_SuppliersGetOne = "lti.master.suppliers.detail"
+	P_SuppliersGetOne    = "lti.master.suppliers.detail"
 	P_SuppliersCreateOne = "lti.master.suppliers.create"
 	P_SuppliersUpdateOne = "lti.master.suppliers.update"
 	P_SuppliersDeleteOne = "lti.master.suppliers.delete"
 
-	P_UomsGetAll = "lti.master.uoms.list"
+	P_UomsGetAll    = "lti.master.uoms.list"
-	P_UomsGetOne = "lti.master.uoms.detail"
+	P_UomsGetOne    = "lti.master.uoms.detail"
 	P_UomsCreateOne = "lti.master.uoms.create"
 	P_UomsUpdateOne = "lti.master.uoms.update"
 	P_UomsDeleteOne = "lti.master.uoms.delete"
 
-	P_WarehousesGetAll = "lti.master.warehouses.list"
+	P_WarehousesGetAll    = "lti.master.warehouses.list"
-	P_WarehousesGetOne = "lti.master.warehouses.detail"
+	P_WarehousesGetOne    = "lti.master.warehouses.detail"
 	P_WarehousesCreateOne = "lti.master.warehouses.create"
 	P_WarehousesUpdateOne = "lti.master.warehouses.update"
 	P_WarehousesDeleteOne = "lti.master.warehouses.delete"
-
 )
 
-
+const (
-const(
 	P_ChickinsCreateOne = "lti.production.chickins.create"
-	P_ChickinsGetOne = "lti.production.chickins.detail"
+	P_ChickinsGetOne    = "lti.production.chickins.detail"
-	P_ChickinsApproval = "lti.production.chickins.approve"
+	P_ChickinsApproval  = "lti.production.chickins.approve"
 )
-//recording
+
+// recording
 const (
-	P_RecordingGetAll   = "lti.production.recording.list"
+	P_RecordingGetAll    = "lti.production.recording.list"
-	P_RecordingGetOne   = "lti.production.recording.detail"
+	P_RecordingGetOne    = "lti.production.recording.detail"
-	P_RecordingCreateOne   = "lti.production.recording.create"
+	P_RecordingCreateOne = "lti.production.recording.create"
-	P_RecordingUpdateOne   = "lti.production.recording.update"
+	P_RecordingUpdateOne = "lti.production.recording.update"
-	P_RecordingDeleteOne   = "lti.production.recording.delete"
+	P_RecordingDeleteOne = "lti.production.recording.delete"
 	P_RecordingNextDay   = "lti.production.recording.next_day"
-	P_RecordingApproval   = "lti.production.recording.approve"
+	P_RecordingApproval  = "lti.production.recording.approve"
 )
 
 const (
-	P_PurchaseGetAll   = "lti.Purchase.list"
+	P_PurchaseGetAll          = "lti.Purchase.list"
-	P_PurchaseGetOne   = "lti.Purchase.detail"
+	P_PurchaseGetOne          = "lti.Purchase.detail"
-	P_PurchaseCreateOne   = "lti.Purchase.create"
+	P_PurchaseCreateOne       = "lti.Purchase.create"
-	P_PurchaseUpdateOne   = "lti.Purchase.update"
+	P_PurchaseUpdateOne       = "lti.Purchase.update"
-	P_PurchaseDeleteOne   = "lti.Purchase.delete"
+	P_PurchaseDeleteOne       = "lti.Purchase.delete"
 	P_PurchaseItemDeleteOne   = "lti.Purchase.delete.item"
-	P_PurchaseReceive   = "lti.Purchase.receive"
+	P_PurchaseReceive         = "lti.Purchase.receive"
 	P_PurchaseApprovalStaff   = "lti.Purchase.approve.staff"
-	P_PurchaseApprovalManager   = "lti.Purchase.approve.manager"
+	P_PurchaseApprovalManager = "lti.Purchase.approve.manager"
 )
 
-const(
+const (
 	P_UserGetAll = "lti.users.list"
 	P_UserGetOne = "lti.users.detail"
-)
+)

internal/modules/closings/route.go

@@ -24,11 +24,8 @@ func ClosingRoutes(v1 fiber.Router, u user.UserService, s closing.ClosingService
 	route.Get("/",m.RequirePermissions(m.P_ClosingGetAll), ctrl.GetAll)
 	route.Get("/:project_flock_id/penjualan",m.RequirePermissions(m.P_ClosingPenjualan), ctrl.GetPenjualan)
 	route.Get("/:projectFlockId",m.RequirePermissions(m.P_ClosingGetSummary),  ctrl.GetClosingSummary)
-	route.Get("/", ctrl.GetAll)
+	route.Get("/:project_flock_id/overhead",m.RequirePermissions(m.P_ClosingGetOverhead), ctrl.GetOverhead)
-	route.Get("/:project_flock_id/penjualan", ctrl.GetPenjualan)
+	route.Get("/:project_flock_id/:project_flock_kandang_id/perhitungan_sapronak",m.RequirePermissions(m.P_ClosingCountSapronakKandang) ,ctrl.GetSapronakByKandang)
-	route.Get("/:project_flock_id/overhead", ctrl.GetOverhead)
+	route.Get("/:project_flock_id/perhitungan_sapronak",m.RequirePermissions(m.P_ClosingCountSapronak) ,ctrl.GetSapronakByProject)
-	route.Get("/:project_flock_id/:project_flock_kandang_id/perhitungan_sapronak", ctrl.GetSapronakByKandang)
+	route.Get("/:projectFlockId/sapronak",m.RequirePermissions(m.P_ClosingSapronak), ctrl.GetClosingSapronak)
-	route.Get("/:project_flock_id/perhitungan_sapronak", ctrl.GetSapronakByProject)
-	route.Get("/:projectFlockId", ctrl.GetClosingSummary)
-	route.Get("/:projectFlockId/sapronak", ctrl.GetClosingSapronak)
 }

internal/modules/repports/module.go

@@ -11,6 +11,9 @@ import (
 
 	expenseRepo "gitlab.com/mbugroup/lti-api.git/internal/modules/expenses/repositories"
 	marketingRepo "gitlab.com/mbugroup/lti-api.git/internal/modules/marketing/repositories"
+
+	rUser "gitlab.com/mbugroup/lti-api.git/internal/modules/users/repositories"
+	sUser "gitlab.com/mbugroup/lti-api.git/internal/modules/users/services"
 )
 
 type RepportModule struct{}
@@ -20,9 +23,11 @@ func (RepportModule) RegisterRoutes(router fiber.Router, db *gorm.DB, validate *
 	expenseRealizationRepository := expenseRepo.NewExpenseRealizationRepository(db)
 	marketingDeliveryProductRepository := marketingRepo.NewMarketingDeliveryProductRepository(db)
 	approvalRepository := commonRepo.NewApprovalRepository(db)
+	userRepository := rUser.NewUserRepository(db)
 
 	approvalSvc := approvalService.NewApprovalService(approvalRepository)
 	repportService := sRepport.NewRepportService(validate, expenseRealizationRepository, marketingDeliveryProductRepository, approvalSvc)
+	userService := sUser.NewUserService(userRepository, validate)
 
-	RepportRoutes(router, repportService)
+	RepportRoutes(router, userService, repportService)
 }

internal/modules/repports/route.go

@@ -1,17 +1,20 @@
 package repports
 
 import (
+	m "gitlab.com/mbugroup/lti-api.git/internal/middleware"
 	controller "gitlab.com/mbugroup/lti-api.git/internal/modules/repports/controllers"
 	repport "gitlab.com/mbugroup/lti-api.git/internal/modules/repports/services"
+	user "gitlab.com/mbugroup/lti-api.git/internal/modules/users/services"
 
 	"github.com/gofiber/fiber/v2"
 )
 
-func RepportRoutes(v1 fiber.Router, s repport.RepportService) {
+func RepportRoutes(v1 fiber.Router, u user.UserService, s repport.RepportService) {
 	ctrl := controller.NewRepportController(s)
 
 	route := v1.Group("/reports")
+	route.Use(m.Auth(u))
 
-	route.Get("/expense", ctrl.GetExpense)
+	route.Get("/expense", m.RequirePermissions(m.P_ReportExpenseGetAll), ctrl.GetExpense)
-	route.Get("/marketing", ctrl.GetMarketing)
+	route.Get("/marketing", m.RequirePermissions(m.P_ReportDeliveryGetAll), ctrl.GetMarketing)
 }