[FIX/BE-US]add feature restrict by location and areas in roles

2026-05-20 13:31:56 +00:00 · 2026-01-14 13:27:52 +07:00
parent 1847e5590a
commit dff9e73ab1
30 changed files with 1258 additions and 37 deletions
@@ -124,6 +124,11 @@ func (s *purchaseService) GetAll(c *fiber.Ctx, params *validation.Query) ([]enti
 		return nil, 0, err
 	}

+	scope, err := m.ResolveLocationScope(c, s.PurchaseRepo.DB())
+	if err != nil {
+		return nil, 0, err
+	}
+
 	offset := (params.Page - 1) * params.Limit

 	createdFrom, createdTo, err := utils.ParseDateRangeForQuery(params.CreatedFrom, params.CreatedTo)
@@ -147,6 +152,21 @@ func (s *purchaseService) GetAll(c *fiber.Ctx, params *validation.Query) ([]enti
 			db = db.Where("created_at < ?", *createdTo)
 		}

+		if scope.Restrict {
+			if len(scope.IDs) == 0 {
+				return db.Where("1 = 0")
+			}
+			db = db.Where(
+				`EXISTS (
+					SELECT 1
+					FROM purchase_items pi
+					JOIN warehouses w ON w.id = pi.warehouse_id
+					WHERE pi.purchase_id = purchases.id AND w.location_id IN ?
+				)`,
+				scope.IDs,
+			)
+		}
+
 		if params.AreaID > 0 {
 			db = db.Where(
 				`EXISTS (
@@ -201,7 +221,42 @@ func (s *purchaseService) GetAll(c *fiber.Ctx, params *validation.Query) ([]enti
 }

 func (s *purchaseService) GetOne(c *fiber.Ctx, id uint) (*entity.Purchase, error) {
-	return s.loadPurchase(c.Context(), id)
+	scope, err := m.ResolveLocationScope(c, s.PurchaseRepo.DB())
+	if err != nil {
+		return nil, err
+	}
+
+	purchase, err := s.PurchaseRepo.GetByID(c.Context(), id, func(db *gorm.DB) *gorm.DB {
+		db = s.withRelations(db)
+		if scope.Restrict {
+			if len(scope.IDs) == 0 {
+				return db.Where("1 = 0")
+			}
+			db = db.Where(
+				`EXISTS (
+					SELECT 1
+					FROM purchase_items pi
+					JOIN warehouses w ON w.id = pi.warehouse_id
+					WHERE pi.purchase_id = purchases.id AND w.location_id IN ?
+				)`,
+				scope.IDs,
+			)
+		}
+		return db
+	})
+	if err != nil {
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			return nil, utils.NotFound("Purchase not found")
+		}
+		s.Log.Errorf("Failed to get purchase %d: %+v", id, err)
+		return nil, utils.Internal("Failed to get purchase")
+	}
+	if err := s.attachLatestApproval(c.Context(), purchase); err != nil {
+		s.Log.Warnf("Unable to attach latest approval for purchase %d: %+v", id, err)
+	}
+	s.applyTravelDocumentURLs(c.Context(), purchase)
+
+	return purchase, nil
 }

 func (s *purchaseService) CreateOne(c *fiber.Ctx, req *validation.CreatePurchaseRequest) (*entity.Purchase, error) {