Merge pull request 'fix pointer' (#9) from feature/outlet-table into main

Reviewed-on: #9

Dockerfile

@@ -1,5 +1,5 @@
 # 1) Build stage
-FROM golang:1.21-alpine AS build
+FROM golang:1.24-alpine AS build
 RUN apk --no-cache add ca-certificates tzdata git curl
 WORKDIR /src
 COPY go.mod go.sum ./

internal/handler/order_handler.go

@@ -140,7 +140,6 @@ func (h *OrderHandler) ListOrders(c *gin.Context) {
 	if modelReq.OutletID == nil && contextInfo.OutletID != uuid.Nil {
 		modelReq.OutletID = &contextInfo.OutletID
 	}
-
 	response, err := h.orderService.ListOrders(c.Request.Context(), modelReq)
 	if err != nil {
 		util.HandleResponse(c.Writer, c.Request, contract.BuildErrorResponse([]*contract.ResponseError{contract.NewResponseError("internal_error", "OrderHandler::ListOrders", err.Error())}), "OrderHandler::ListOrders")

internal/repository/order_repository.go

@@ -98,42 +98,7 @@ func (r *OrderRepositoryImpl) List(ctx context.Context, filters map[string]inter
 	var orders []*entities.Order
 	var total int64
 
-	// organization_id is mandatory to prevent cross-org data leaks
-	organizationID, ok := filters["organization_id"]
-	if !ok {
-		return nil, 0, fmt.Errorf("organization_id is required for listing orders")
-	}
-
-	baseQuery := r.db.WithContext(ctx).Model(&entities.Order{}).
-		Where("organization_id = ?", organizationID)
-
-	// outlet_id is optional — if present, scope to that outlet; otherwise return all outlets in the org
-	if outletID, exists := filters["outlet_id"]; exists {
-		baseQuery = baseQuery.Where("outlet_id = ?", outletID)
-	}
-
-	for key, value := range filters {
-		switch key {
-		case "organization_id", "outlet_id":
-			// already handled above
-		case "search":
-			searchValue := "%" + value.(string) + "%"
-			baseQuery = baseQuery.Where("order_number ILIKE ?", searchValue)
-		case "date_from":
-			baseQuery = baseQuery.Where("created_at >= ?", value)
-		case "date_to":
-			baseQuery = baseQuery.Where("created_at <= ?", value)
-		default:
-			baseQuery = baseQuery.Where(key+" = ?", value)
-		}
-	}
-
-	// Use separate queries for count and find to avoid GORM state mutation issues
-	if err := baseQuery.Count(&total).Error; err != nil {
-		return nil, 0, err
-	}
-
-	err := baseQuery.
+	query := r.db.WithContext(ctx).Model(&entities.Order{}).
 		Preload("Organization").
 		Preload("Outlet").
 		Preload("User").
@@ -142,8 +107,27 @@ func (r *OrderRepositoryImpl) List(ctx context.Context, filters map[string]inter
 		Preload("OrderItems.ProductVariant").
 		Preload("Payments").
 		Preload("Payments.PaymentMethod").
-		Preload("Payments.PaymentOrderItems").
-		Limit(limit).Offset(offset).Order("created_at DESC").Find(&orders).Error
+		Preload("Payments.PaymentOrderItems")
+
+	for key, value := range filters {
+		switch key {
+		case "search":
+			searchValue := "%" + value.(string) + "%"
+			query = query.Where("order_number ILIKE ?", searchValue)
+		case "date_from":
+			query = query.Where("created_at >= ?", value)
+		case "date_to":
+			query = query.Where("created_at <= ?", value)
+		default:
+			query = query.Where(key+" = ?", value)
+		}
+	}
+
+	if err := query.Count(&total).Error; err != nil {
+		return nil, 0, err
+	}
+
+	err := query.Limit(limit).Offset(offset).Order("created_at DESC").Find(&orders).Error
 	return orders, total, err
 }
 

internal/repository/organization_repository.go

@@ -105,7 +105,7 @@ func (r *OrganizationRepositoryImpl) GetTotalOmset(ctx context.Context, organiza
 	var total float64
 	err := r.db.WithContext(ctx).
 		Table("orders").
-		Where("organization_id = ? AND payment_status = ? AND is_void = ? AND is_refund = ?", organizationID, "completed", false, false).
+		Where("organization_id = ? AND payment_status = ?", organizationID, "completed").
 		Select("COALESCE(SUM(total_amount), 0)").
 		Scan(&total).Error
 	return total, err