feat: ensure all role

2026-06-19 13:58:36 +07:00 · 2026-06-19 13:58:36 +07:00 · 37bcb90ab0
commit 37bcb90ab0
parent e345aeee97
2 changed files with 11 additions and 7 deletions
--- a/internal/middleware/auth_middleware.go
+++ b/internal/middleware/auth_middleware.go
@ -82,7 +82,11 @@ func (m *AuthMiddleware) RequireRole(allowedRoles ...string) gin.HandlerFunc {
 }
 func (m *AuthMiddleware) RequireAdminOrManager() gin.HandlerFunc {
-	return m.RequireRole("superadmin", "admin", "manager")
+	return m.RequireRole("superadmin", "admin", "manager", "owner",  "purchasing")
 }
 func (m *AuthMiddleware) RequireAdminOrManagerOrPurchasing() gin.HandlerFunc {
 	return m.RequireRole("superadmin", "admin", "manager", "owner", "purchasing")
 }
 func (m *AuthMiddleware) RequireAdmin() gin.HandlerFunc {
--- a/internal/router/router.go
+++ b/internal/router/router.go
@ -356,7 +356,7 @@ func (r *Router) addAppRoutes(rg *gin.Engine) {
 			}
 			ingredients := protected.Group("/ingredients")
-			ingredients.Use(r.authMiddleware.RequireAdminOrManager())
+			ingredients.Use(r.authMiddleware.RequireAdminOrManagerOrPurchasing())
 			{
 				ingredients.POST("", r.ingredientHandler.Create)
 				ingredients.GET("", r.ingredientHandler.GetAll)
@ -369,7 +369,7 @@ func (r *Router) addAppRoutes(rg *gin.Engine) {
 			}
 			vendors := protected.Group("/vendors")
-			vendors.Use(r.authMiddleware.RequireAdminOrManager())
+			vendors.Use(r.authMiddleware.RequireAdminOrManagerOrPurchasing())
 			{
 				vendors.POST("", r.vendorHandler.CreateVendor)
 				vendors.GET("", r.vendorHandler.ListVendors)
@ -380,7 +380,7 @@ func (r *Router) addAppRoutes(rg *gin.Engine) {
 			}
 			purchaseOrders := protected.Group("/purchase-orders")
-			purchaseOrders.Use(r.authMiddleware.RequireAdminOrManager())
+			purchaseOrders.Use(r.authMiddleware.RequireAdminOrManagerOrPurchasing())
 			{
 				purchaseOrders.POST("", r.purchaseOrderHandler.CreatePurchaseOrder)
 				purchaseOrders.GET("", r.purchaseOrderHandler.ListPurchaseOrders)
@ -393,7 +393,7 @@ func (r *Router) addAppRoutes(rg *gin.Engine) {
 			}
 			purchaseCategories := protected.Group("/purchase-categories")
-			purchaseCategories.Use(r.authMiddleware.RequireAdminOrManager())
+			purchaseCategories.Use(r.authMiddleware.RequireAdminOrManagerOrPurchasing())
 			{
 				purchaseCategories.POST("", r.purchaseCategoryHandler.CreatePurchaseCategory)
 				purchaseCategories.GET("", r.purchaseCategoryHandler.ListPurchaseCategories)
@ -403,7 +403,7 @@ func (r *Router) addAppRoutes(rg *gin.Engine) {
 			}
 			unitConverters := protected.Group("/unit-converters")
-			unitConverters.Use(r.authMiddleware.RequireAdminOrManager())
+			unitConverters.Use(r.authMiddleware.RequireAdminOrManagerOrPurchasing())
 			{
 				unitConverters.POST("", r.unitConverterHandler.CreateIngredientUnitConverter)
 				unitConverters.GET("", r.unitConverterHandler.ListIngredientUnitConverters)
@ -465,7 +465,7 @@ func (r *Router) addAppRoutes(rg *gin.Engine) {
 			}
 			expenses := protected.Group("/expenses")
-			expenses.Use(r.authMiddleware.RequireAdminOrManager())
+			expenses.Use(r.authMiddleware.RequireAdminOrManagerOrPurchasing())
 			{
 				expenses.POST("", r.expenseHandler.CreateExpense)
 				expenses.GET("", r.expenseHandler.ListExpenses)