rckrdmrd/erp-core-backend-v2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[RBAC-002] feat: Migrate all routes from requireRoles to requireAccess

Browse Source 
Phase 2 of RBAC propagation - migrates 18 route files to use hybrid
requireAccess() middleware for permission-based authorization:

P1 Routes (auth/billing):
- users.routes.ts (11 occurrences)
- roles.routes.ts (11 occurrences)
- permissions.routes.ts (8 occurrences)
- invoices.routes.ts (9 occurrences)
- financial.routes.ts (42 occurrences)

P2 Routes (business):
- partners.routes.ts (16 occurrences)
- sales.routes.ts (32 occurrences)
- purchases.routes.ts (21 occurrences)

P3 Routes (operations):
- inventory.routes.ts (28 occurrences)
- hr.routes.ts (28 occurrences)
- crm.routes.ts (23 occurrences)
- core.routes.ts (21 occurrences)
- tenants.routes.ts (12 occurrences)
- companies.routes.ts (9 occurrences)
- warehouses.routes.ts (6 occurrences)
- products.routes.ts (6 occurrences)
- projects.routes.ts (6 occurrences)
- system.routes.ts (2 occurrences)

Total: ~271 route protections migrated to permission-based access

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Adrian Flores Cortes 2026-01-31 01:43:05 -06:00
parent a9abe0876f
commit 98fc0cf944
18 changed files with 314 additions and 296 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/modules/companies/companies.routes.ts
View File

@ -1,6 +1,7 @@
import { Router } from 'express';
import { companiesController } from './companies.controller.js';
import { authenticate, requireRoles } from '../../shared/middleware/auth.middleware.js';
import { authenticate } from '../../shared/middleware/auth.middleware.js';
import { requireAccess } from '../../shared/middleware/rbac.middleware.js';
const router = Router();
@ -8,42 +9,42 @@ const router = Router();
router.use(authenticate);
// List companies (admin, manager)
router.get('/', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.get('/', requireAccess({ roles: ['admin', 'manager'], permission: 'branches:read' }), (req, res, next) =>
companiesController.findAll(req, res, next)
);
// Get company hierarchy tree (must be before /:id to avoid conflict)
router.get('/hierarchy/tree', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.get('/hierarchy/tree', requireAccess({ roles: ['admin', 'manager'], permission: 'branches:read' }), (req, res, next) =>
companiesController.getHierarchy(req, res, next)
);
// Get company by ID
router.get('/:id', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.get('/:id', requireAccess({ roles: ['admin', 'manager'], permission: 'branches:read' }), (req, res, next) =>
companiesController.findById(req, res, next)
);
// Create company (admin only)
router.post('/', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.post('/', requireAccess({ roles: ['admin'], permission: 'branches:create' }), (req, res, next) =>
companiesController.create(req, res, next)
);
// Update company (admin only)
router.put('/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.put('/:id', requireAccess({ roles: ['admin'], permission: 'branches:update' }), (req, res, next) =>
companiesController.update(req, res, next)
);
// Delete company (admin only)
router.delete('/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/:id', requireAccess({ roles: ['admin'], permission: 'branches:delete' }), (req, res, next) =>
companiesController.delete(req, res, next)
);
// Get users assigned to company
router.get('/:id/users', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.get('/:id/users', requireAccess({ roles: ['admin', 'manager'], permission: 'users:read' }), (req, res, next) =>
companiesController.getUsers(req, res, next)
);
// Get subsidiaries (child companies)
router.get('/:id/subsidiaries', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.get('/:id/subsidiaries', requireAccess({ roles: ['admin', 'manager'], permission: 'branches:read' }), (req, res, next) =>
companiesController.getSubsidiaries(req, res, next)
);

43
src/modules/core/core.routes.ts
View File

@ -1,6 +1,7 @@
import { Router } from 'express';
import { coreController } from './core.controller.js';
import { authenticate, requireRoles } from '../../shared/middleware/auth.middleware.js';
import { authenticate } from '../../shared/middleware/auth.middleware.js';
import { requireAccess } from '../../shared/middleware/rbac.middleware.js';
const router = Router();
@ -10,10 +11,10 @@ router.use(authenticate);
// ========== CURRENCIES ==========
router.get('/currencies', (req, res, next) => coreController.getCurrencies(req, res, next));
router.get('/currencies/:id', (req, res, next) => coreController.getCurrency(req, res, next));
router.post('/currencies', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.post('/currencies', requireAccess({ roles: ['admin'], permission: 'settings:update' }), (req, res, next) =>
coreController.createCurrency(req, res, next)
);
router.put('/currencies/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.put('/currencies/:id', requireAccess({ roles: ['admin'], permission: 'settings:update' }), (req, res, next) =>
coreController.updateCurrency(req, res, next)
);
@ -26,13 +27,13 @@ router.get('/states', (req, res, next) => coreController.getStates(req, res, nex
router.get('/states/:id', (req, res, next) => coreController.getState(req, res, next));
router.get('/countries/:countryId/states', (req, res, next) => coreController.getStatesByCountry(req, res, next));
router.get('/countries/code/:countryCode/states', (req, res, next) => coreController.getStatesByCountryCode(req, res, next));
router.post('/states', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.post('/states', requireAccess({ roles: ['admin'], permission: 'settings:update' }), (req, res, next) =>
coreController.createState(req, res, next)
);
router.put('/states/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.put('/states/:id', requireAccess({ roles: ['admin'], permission: 'settings:update' }), (req, res, next) =>
coreController.updateState(req, res, next)
);
router.delete('/states/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/states/:id', requireAccess({ roles: ['admin'], permission: 'settings:update' }), (req, res, next) =>
coreController.deleteState(req, res, next)
);
@ -42,11 +43,11 @@ router.get('/currency-rates/latest', (req, res, next) => coreController.getLates
router.get('/currency-rates/rate/:from/:to', (req, res, next) => coreController.getLatestRate(req, res, next));
router.get('/currency-rates/history/:from/:to', (req, res, next) => coreController.getCurrencyRateHistory(req, res, next));
router.get('/currency-rates/:id', (req, res, next) => coreController.getCurrencyRate(req, res, next));
router.post('/currency-rates', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.post('/currency-rates', requireAccess({ roles: ['admin', 'manager'], permission: 'settings:update' }), (req, res, next) =>
coreController.createCurrencyRate(req, res, next)
);
router.post('/currency-rates/convert', (req, res, next) => coreController.convertCurrency(req, res, next));
router.delete('/currency-rates/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/currency-rates/:id', requireAccess({ roles: ['admin'], permission: 'settings:update' }), (req, res, next) =>
coreController.deleteCurrencyRate(req, res, next)
);
@ -58,27 +59,27 @@ router.get('/uom-categories/:id', (req, res, next) => coreController.getUomCateg
router.get('/uom', (req, res, next) => coreController.getUoms(req, res, next));
router.get('/uom/by-code/:code', (req, res, next) => coreController.getUomByCode(req, res, next));
router.get('/uom/:id', (req, res, next) => coreController.getUom(req, res, next));
router.post('/uom', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.post('/uom', requireAccess({ roles: ['admin'], permission: 'settings:update' }), (req, res, next) =>
coreController.createUom(req, res, next)
);
router.post('/uom/convert', (req, res, next) => coreController.convertUom(req, res, next));
router.get('/uom-categories/:categoryId/conversions', (req, res, next) =>
coreController.getUomConversions(req, res, next)
);
router.put('/uom/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.put('/uom/:id', requireAccess({ roles: ['admin'], permission: 'settings:update' }), (req, res, next) =>
coreController.updateUom(req, res, next)
);
// ========== PRODUCT CATEGORIES ==========
router.get('/product-categories', (req, res, next) => coreController.getProductCategories(req, res, next));
router.get('/product-categories/:id', (req, res, next) => coreController.getProductCategory(req, res, next));
router.post('/product-categories', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.post('/product-categories', requireAccess({ roles: ['admin', 'manager'], permission: 'categories:create' }), (req, res, next) =>
coreController.createProductCategory(req, res, next)
);
router.put('/product-categories/:id', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.put('/product-categories/:id', requireAccess({ roles: ['admin', 'manager'], permission: 'categories:update' }), (req, res, next) =>
coreController.updateProductCategory(req, res, next)
);
router.delete('/product-categories/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/product-categories/:id', requireAccess({ roles: ['admin'], permission: 'categories:delete' }), (req, res, next) =>
coreController.deleteProductCategory(req, res, next)
);
@ -86,19 +87,19 @@ router.delete('/product-categories/:id', requireRoles('admin', 'super_admin'), (
router.get('/payment-terms', (req, res, next) => coreController.getPaymentTerms(req, res, next));
router.get('/payment-terms/standard', (req, res, next) => coreController.getStandardPaymentTerms(req, res, next));
router.get('/payment-terms/:id', (req, res, next) => coreController.getPaymentTerm(req, res, next));
router.post('/payment-terms', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.post('/payment-terms', requireAccess({ roles: ['admin', 'manager'], permission: 'settings:update' }), (req, res, next) =>
coreController.createPaymentTerm(req, res, next)
);
router.post('/payment-terms/initialize', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.post('/payment-terms/initialize', requireAccess({ roles: ['admin'], permission: 'settings:update' }), (req, res, next) =>
coreController.initializePaymentTerms(req, res, next)
);
router.post('/payment-terms/:id/calculate-due-date', (req, res, next) =>
coreController.calculateDueDate(req, res, next)
);
router.put('/payment-terms/:id', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.put('/payment-terms/:id', requireAccess({ roles: ['admin', 'manager'], permission: 'settings:update' }), (req, res, next) =>
coreController.updatePaymentTerm(req, res, next)
);
router.delete('/payment-terms/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/payment-terms/:id', requireAccess({ roles: ['admin'], permission: 'settings:update' }), (req, res, next) =>
coreController.deletePaymentTerm(req, res, next)
);
@ -111,17 +112,17 @@ router.get('/discount-rules/by-customer/:customerId', (req, res, next) =>
coreController.getDiscountRulesByCustomer(req, res, next)
);
router.get('/discount-rules/:id', (req, res, next) => coreController.getDiscountRule(req, res, next));
router.post('/discount-rules', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.post('/discount-rules', requireAccess({ roles: ['admin', 'manager'], permission: 'price_lists:create' }), (req, res, next) =>
coreController.createDiscountRule(req, res, next)
);
router.post('/discount-rules/apply', (req, res, next) => coreController.applyDiscounts(req, res, next));
router.put('/discount-rules/:id', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.put('/discount-rules/:id', requireAccess({ roles: ['admin', 'manager'], permission: 'price_lists:update' }), (req, res, next) =>
coreController.updateDiscountRule(req, res, next)
);
router.post('/discount-rules/:id/reset-usage', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.post('/discount-rules/:id/reset-usage', requireAccess({ roles: ['admin'], permission: 'price_lists:update' }), (req, res, next) =>
coreController.resetDiscountRuleUsage(req, res, next)
);
router.delete('/discount-rules/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/discount-rules/:id', requireAccess({ roles: ['admin'], permission: 'price_lists:delete' }), (req, res, next) =>
coreController.deleteDiscountRule(req, res, next)
);

47
src/modules/crm/crm.routes.ts
View File

@ -1,6 +1,7 @@
import { Router } from 'express';
import { crmController } from './crm.controller.js';
import { authenticate, requireRoles } from '../../shared/middleware/auth.middleware.js';
import { authenticate } from '../../shared/middleware/auth.middleware.js';
import { requireAccess } from '../../shared/middleware/rbac.middleware.js';
const router = Router();
@ -13,27 +14,27 @@ router.get('/leads', (req, res, next) => crmController.getLeads(req, res, next))
router.get('/leads/:id', (req, res, next) => crmController.getLead(req, res, next));
router.post('/leads', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) =>
router.post('/leads', requireAccess({ roles: ['admin', 'manager', 'sales'], permission: 'leads:create' }), (req, res, next) =>
crmController.createLead(req, res, next)
);
router.put('/leads/:id', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) =>
router.put('/leads/:id', requireAccess({ roles: ['admin', 'manager', 'sales'], permission: 'leads:update' }), (req, res, next) =>
crmController.updateLead(req, res, next)
);
router.post('/leads/:id/move', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) =>
router.post('/leads/:id/move', requireAccess({ roles: ['admin', 'manager', 'sales'], permission: 'leads:update' }), (req, res, next) =>
crmController.moveLeadStage(req, res, next)
);
router.post('/leads/:id/convert', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) =>
router.post('/leads/:id/convert', requireAccess({ roles: ['admin', 'manager', 'sales'], permission: 'leads:convert' }), (req, res, next) =>
crmController.convertLead(req, res, next)
);
router.post('/leads/:id/lost', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) =>
router.post('/leads/:id/lost', requireAccess({ roles: ['admin', 'manager', 'sales'], permission: 'leads:update' }), (req, res, next) =>
crmController.markLeadLost(req, res, next)
);
router.delete('/leads/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/leads/:id', requireAccess({ roles: ['admin'], permission: 'leads:delete' }), (req, res, next) =>
crmController.deleteLead(req, res, next)
);
@ -43,31 +44,31 @@ router.get('/opportunities', (req, res, next) => crmController.getOpportunities(
router.get('/opportunities/:id', (req, res, next) => crmController.getOpportunity(req, res, next));
router.post('/opportunities', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) =>
router.post('/opportunities', requireAccess({ roles: ['admin', 'manager', 'sales'], permission: 'opportunities:create' }), (req, res, next) =>
crmController.createOpportunity(req, res, next)
);
router.put('/opportunities/:id', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) =>
router.put('/opportunities/:id', requireAccess({ roles: ['admin', 'manager', 'sales'], permission: 'opportunities:update' }), (req, res, next) =>
crmController.updateOpportunity(req, res, next)
);
router.post('/opportunities/:id/move', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) =>
router.post('/opportunities/:id/move', requireAccess({ roles: ['admin', 'manager', 'sales'], permission: 'opportunities:update' }), (req, res, next) =>
crmController.moveOpportunityStage(req, res, next)
);
router.post('/opportunities/:id/won', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) =>
router.post('/opportunities/:id/won', requireAccess({ roles: ['admin', 'manager', 'sales'], permission: 'opportunities:close' }), (req, res, next) =>
crmController.markOpportunityWon(req, res, next)
);
router.post('/opportunities/:id/lost', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) =>
router.post('/opportunities/:id/lost', requireAccess({ roles: ['admin', 'manager', 'sales'], permission: 'opportunities:close' }), (req, res, next) =>
crmController.markOpportunityLost(req, res, next)
);
router.post('/opportunities/:id/quote', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) =>
router.post('/opportunities/:id/quote', requireAccess({ roles: ['admin', 'manager', 'sales'], permission: 'quotations:create' }), (req, res, next) =>
crmController.createOpportunityQuotation(req, res, next)
);
router.delete('/opportunities/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/opportunities/:id', requireAccess({ roles: ['admin'], permission: 'opportunities:delete' }), (req, res, next) =>
crmController.deleteOpportunity(req, res, next)
);
@ -79,15 +80,15 @@ router.get('/pipeline', (req, res, next) => crmController.getPipeline(req, res,
router.get('/lead-stages', (req, res, next) => crmController.getLeadStages(req, res, next));
router.post('/lead-stages', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.post('/lead-stages', requireAccess({ roles: ['admin'], permission: 'leads:create' }), (req, res, next) =>
crmController.createLeadStage(req, res, next)
);
router.put('/lead-stages/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.put('/lead-stages/:id', requireAccess({ roles: ['admin'], permission: 'leads:update' }), (req, res, next) =>
crmController.updateLeadStage(req, res, next)
);
router.delete('/lead-stages/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/lead-stages/:id', requireAccess({ roles: ['admin'], permission: 'leads:delete' }), (req, res, next) =>
crmController.deleteLeadStage(req, res, next)
);
@ -95,15 +96,15 @@ router.delete('/lead-stages/:id', requireRoles('admin', 'super_admin'), (req, re
router.get('/opportunity-stages', (req, res, next) => crmController.getOpportunityStages(req, res, next));
router.post('/opportunity-stages', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.post('/opportunity-stages', requireAccess({ roles: ['admin'], permission: 'opportunities:create' }), (req, res, next) =>
crmController.createOpportunityStage(req, res, next)
);
router.put('/opportunity-stages/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.put('/opportunity-stages/:id', requireAccess({ roles: ['admin'], permission: 'opportunities:update' }), (req, res, next) =>
crmController.updateOpportunityStage(req, res, next)
);
router.delete('/opportunity-stages/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/opportunity-stages/:id', requireAccess({ roles: ['admin'], permission: 'opportunities:delete' }), (req, res, next) =>
crmController.deleteOpportunityStage(req, res, next)
);
@ -111,15 +112,15 @@ router.delete('/opportunity-stages/:id', requireRoles('admin', 'super_admin'), (
router.get('/lost-reasons', (req, res, next) => crmController.getLostReasons(req, res, next));
router.post('/lost-reasons', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.post('/lost-reasons', requireAccess({ roles: ['admin'], permission: 'leads:create' }), (req, res, next) =>
crmController.createLostReason(req, res, next)
);
router.put('/lost-reasons/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.put('/lost-reasons/:id', requireAccess({ roles: ['admin'], permission: 'leads:update' }), (req, res, next) =>
crmController.updateLostReason(req, res, next)
);
router.delete('/lost-reasons/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/lost-reasons/:id', requireAccess({ roles: ['admin'], permission: 'leads:delete' }), (req, res, next) =>
crmController.deleteLostReason(req, res, next)
);

85
src/modules/financial/financial.routes.ts
View File

@ -1,6 +1,7 @@
import { Router } from 'express';
import { financialController } from './financial.controller.js';
import { authenticate, requireRoles } from '../../shared/middleware/auth.middleware.js';
import { authenticate } from '../../shared/middleware/auth.middleware.js';
import { requireAccess } from '../../shared/middleware/rbac.middleware.js';
const router = Router();
@ -11,139 +12,139 @@ router.use(authenticate);
router.get('/account-types', (req, res, next) => financialController.getAccountTypes(req, res, next));
// ========== ACCOUNTS ==========
router.get('/accounts', requireRoles('admin', 'accountant', 'manager', 'super_admin'), (req, res, next) =>
router.get('/accounts', requireAccess({ roles: ['admin', 'accountant', 'manager'], permission: 'accounts:read' }), (req, res, next) =>
financialController.getAccounts(req, res, next)
);
router.get('/accounts/:id', requireRoles('admin', 'accountant', 'manager', 'super_admin'), (req, res, next) =>
router.get('/accounts/:id', requireAccess({ roles: ['admin', 'accountant', 'manager'], permission: 'accounts:read' }), (req, res, next) =>
financialController.getAccount(req, res, next)
);
router.get('/accounts/:id/balance', requireRoles('admin', 'accountant', 'manager', 'super_admin'), (req, res, next) =>
router.get('/accounts/:id/balance', requireAccess({ roles: ['admin', 'accountant', 'manager'], permission: 'accounts:read' }), (req, res, next) =>
financialController.getAccountBalance(req, res, next)
);
router.post('/accounts', requireRoles('admin', 'accountant', 'super_admin'), (req, res, next) =>
router.post('/accounts', requireAccess({ roles: ['admin', 'accountant'], permission: 'accounts:create' }), (req, res, next) =>
financialController.createAccount(req, res, next)
);
router.put('/accounts/:id', requireRoles('admin', 'accountant', 'super_admin'), (req, res, next) =>
router.put('/accounts/:id', requireAccess({ roles: ['admin', 'accountant'], permission: 'accounts:update' }), (req, res, next) =>
financialController.updateAccount(req, res, next)
);
router.delete('/accounts/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/accounts/:id', requireAccess({ roles: ['admin'], permission: 'accounts:delete' }), (req, res, next) =>
financialController.deleteAccount(req, res, next)
);
// ========== JOURNALS ==========
router.get('/journals', requireRoles('admin', 'accountant', 'manager', 'super_admin'), (req, res, next) =>
router.get('/journals', requireAccess({ roles: ['admin', 'accountant', 'manager'], permission: 'journal_entries:read' }), (req, res, next) =>
financialController.getJournals(req, res, next)
);
router.get('/journals/:id', requireRoles('admin', 'accountant', 'manager', 'super_admin'), (req, res, next) =>
router.get('/journals/:id', requireAccess({ roles: ['admin', 'accountant', 'manager'], permission: 'journal_entries:read' }), (req, res, next) =>
financialController.getJournal(req, res, next)
);
router.post('/journals', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.post('/journals', requireAccess({ roles: ['admin'], permission: 'journal_entries:create' }), (req, res, next) =>
financialController.createJournal(req, res, next)
);
router.put('/journals/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.put('/journals/:id', requireAccess({ roles: ['admin'], permission: 'journal_entries:update' }), (req, res, next) =>
financialController.updateJournal(req, res, next)
);
router.delete('/journals/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/journals/:id', requireAccess({ roles: ['admin'], permission: 'journal_entries:delete' }), (req, res, next) =>
financialController.deleteJournal(req, res, next)
);
// ========== JOURNAL ENTRIES ==========
router.get('/entries', requireRoles('admin', 'accountant', 'manager', 'super_admin'), (req, res, next) =>
router.get('/entries', requireAccess({ roles: ['admin', 'accountant', 'manager'], permission: 'journal_entries:read' }), (req, res, next) =>
financialController.getJournalEntries(req, res, next)
);
router.get('/entries/:id', requireRoles('admin', 'accountant', 'manager', 'super_admin'), (req, res, next) =>
router.get('/entries/:id', requireAccess({ roles: ['admin', 'accountant', 'manager'], permission: 'journal_entries:read' }), (req, res, next) =>
financialController.getJournalEntry(req, res, next)
);
router.post('/entries', requireRoles('admin', 'accountant', 'super_admin'), (req, res, next) =>
router.post('/entries', requireAccess({ roles: ['admin', 'accountant'], permission: 'journal_entries:create' }), (req, res, next) =>
financialController.createJournalEntry(req, res, next)
);
router.put('/entries/:id', requireRoles('admin', 'accountant', 'super_admin'), (req, res, next) =>
router.put('/entries/:id', requireAccess({ roles: ['admin', 'accountant'], permission: 'journal_entries:update' }), (req, res, next) =>
financialController.updateJournalEntry(req, res, next)
);
router.post('/entries/:id/post', requireRoles('admin', 'accountant', 'super_admin'), (req, res, next) =>
router.post('/entries/:id/post', requireAccess({ roles: ['admin', 'accountant'], permission: 'journal_entries:post' }), (req, res, next) =>
financialController.postJournalEntry(req, res, next)
);
router.post('/entries/:id/cancel', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.post('/entries/:id/cancel', requireAccess({ roles: ['admin'], permission: 'journal_entries:reverse' }), (req, res, next) =>
financialController.cancelJournalEntry(req, res, next)
);
router.delete('/entries/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/entries/:id', requireAccess({ roles: ['admin'], permission: 'journal_entries:delete' }), (req, res, next) =>
financialController.deleteJournalEntry(req, res, next)
);
// ========== INVOICES ==========
router.get('/invoices', requireRoles('admin', 'accountant', 'manager', 'sales', 'super_admin'), (req, res, next) =>
router.get('/invoices', requireAccess({ roles: ['admin', 'accountant', 'manager', 'sales'], permission: 'invoices:read' }), (req, res, next) =>
financialController.getInvoices(req, res, next)
);
router.get('/invoices/:id', requireRoles('admin', 'accountant', 'manager', 'sales', 'super_admin'), (req, res, next) =>
router.get('/invoices/:id', requireAccess({ roles: ['admin', 'accountant', 'manager', 'sales'], permission: 'invoices:read' }), (req, res, next) =>
financialController.getInvoice(req, res, next)
);
router.post('/invoices', requireRoles('admin', 'accountant', 'sales', 'super_admin'), (req, res, next) =>
router.post('/invoices', requireAccess({ roles: ['admin', 'accountant', 'sales'], permission: 'invoices:create' }), (req, res, next) =>
financialController.createInvoice(req, res, next)
);
router.put('/invoices/:id', requireRoles('admin', 'accountant', 'sales', 'super_admin'), (req, res, next) =>
router.put('/invoices/:id', requireAccess({ roles: ['admin', 'accountant', 'sales'], permission: 'invoices:update' }), (req, res, next) =>
financialController.updateInvoice(req, res, next)
);
router.post('/invoices/:id/validate', requireRoles('admin', 'accountant', 'super_admin'), (req, res, next) =>
router.post('/invoices/:id/validate', requireAccess({ roles: ['admin', 'accountant'], permission: 'invoices:validate' }), (req, res, next) =>
financialController.validateInvoice(req, res, next)
);
router.post('/invoices/:id/cancel', requireRoles('admin', 'accountant', 'super_admin'), (req, res, next) =>
router.post('/invoices/:id/cancel', requireAccess({ roles: ['admin', 'accountant'], permission: 'invoices:cancel' }), (req, res, next) =>
financialController.cancelInvoice(req, res, next)
);
router.delete('/invoices/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/invoices/:id', requireAccess({ roles: ['admin'], permission: 'invoices:delete' }), (req, res, next) =>
financialController.deleteInvoice(req, res, next)
);
// Invoice lines
router.post('/invoices/:id/lines', requireRoles('admin', 'accountant', 'sales', 'super_admin'), (req, res, next) =>
router.post('/invoices/:id/lines', requireAccess({ roles: ['admin', 'accountant', 'sales'], permission: 'invoices:update' }), (req, res, next) =>
financialController.addInvoiceLine(req, res, next)
);
router.put('/invoices/:id/lines/:lineId', requireRoles('admin', 'accountant', 'sales', 'super_admin'), (req, res, next) =>
router.put('/invoices/:id/lines/:lineId', requireAccess({ roles: ['admin', 'accountant', 'sales'], permission: 'invoices:update' }), (req, res, next) =>
financialController.updateInvoiceLine(req, res, next)
);
router.delete('/invoices/:id/lines/:lineId', requireRoles('admin', 'accountant', 'sales', 'super_admin'), (req, res, next) =>
router.delete('/invoices/:id/lines/:lineId', requireAccess({ roles: ['admin', 'accountant', 'sales'], permission: 'invoices:update' }), (req, res, next) =>
financialController.removeInvoiceLine(req, res, next)
);
// ========== PAYMENTS ==========
router.get('/payments', requireRoles('admin', 'accountant', 'manager', 'super_admin'), (req, res, next) =>
router.get('/payments', requireAccess({ roles: ['admin', 'accountant', 'manager'], permission: 'payments:read' }), (req, res, next) =>
financialController.getPayments(req, res, next)
);
router.get('/payments/:id', requireRoles('admin', 'accountant', 'manager', 'super_admin'), (req, res, next) =>
router.get('/payments/:id', requireAccess({ roles: ['admin', 'accountant', 'manager'], permission: 'payments:read' }), (req, res, next) =>
financialController.getPayment(req, res, next)
);
router.post('/payments', requireRoles('admin', 'accountant', 'super_admin'), (req, res, next) =>
router.post('/payments', requireAccess({ roles: ['admin', 'accountant'], permission: 'payments:create' }), (req, res, next) =>
financialController.createPayment(req, res, next)
);
router.put('/payments/:id', requireRoles('admin', 'accountant', 'super_admin'), (req, res, next) =>
router.put('/payments/:id', requireAccess({ roles: ['admin', 'accountant'], permission: 'payments:update' }), (req, res, next) =>
financialController.updatePayment(req, res, next)
);
router.post('/payments/:id/post', requireRoles('admin', 'accountant', 'super_admin'), (req, res, next) =>
router.post('/payments/:id/post', requireAccess({ roles: ['admin', 'accountant'], permission: 'payments:apply' }), (req, res, next) =>
financialController.postPayment(req, res, next)
);
router.post('/payments/:id/reconcile', requireRoles('admin', 'accountant', 'super_admin'), (req, res, next) =>
router.post('/payments/:id/reconcile', requireAccess({ roles: ['admin', 'accountant'], permission: 'bank_reconciliation:update' }), (req, res, next) =>
financialController.reconcilePayment(req, res, next)
);
router.post('/payments/:id/cancel', requireRoles('admin', 'accountant', 'super_admin'), (req, res, next) =>
router.post('/payments/:id/cancel', requireAccess({ roles: ['admin', 'accountant'], permission: 'payments:delete' }), (req, res, next) =>
financialController.cancelPayment(req, res, next)
);
router.delete('/payments/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/payments/:id', requireAccess({ roles: ['admin'], permission: 'payments:delete' }), (req, res, next) =>
financialController.deletePayment(req, res, next)
);
// ========== TAXES ==========
router.get('/taxes', requireRoles('admin', 'accountant', 'manager', 'sales', 'super_admin'), (req, res, next) =>
router.get('/taxes', requireAccess({ roles: ['admin', 'accountant', 'manager', 'sales'], permission: 'accounts:read' }), (req, res, next) =>
financialController.getTaxes(req, res, next)
);
router.get('/taxes/:id', requireRoles('admin', 'accountant', 'manager', 'sales', 'super_admin'), (req, res, next) =>
router.get('/taxes/:id', requireAccess({ roles: ['admin', 'accountant', 'manager', 'sales'], permission: 'accounts:read' }), (req, res, next) =>
financialController.getTax(req, res, next)
);
router.post('/taxes', requireRoles('admin', 'accountant', 'super_admin'), (req, res, next) =>
router.post('/taxes', requireAccess({ roles: ['admin', 'accountant'], permission: 'accounts:create' }), (req, res, next) =>
financialController.createTax(req, res, next)
);
router.put('/taxes/:id', requireRoles('admin', 'accountant', 'super_admin'), (req, res, next) =>
router.put('/taxes/:id', requireAccess({ roles: ['admin', 'accountant'], permission: 'accounts:update' }), (req, res, next) =>
financialController.updateTax(req, res, next)
);
router.delete('/taxes/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/taxes/:id', requireAccess({ roles: ['admin'], permission: 'accounts:delete' }), (req, res, next) =>
financialController.deleteTax(req, res, next)
);

57
src/modules/hr/hr.routes.ts
View File

@ -1,6 +1,7 @@
import { Router } from 'express';
import { hrController } from './hr.controller.js';
import { authenticate, requireRoles } from '../../shared/middleware/auth.middleware.js';
import { authenticate } from '../../shared/middleware/auth.middleware.js';
import { requireAccess } from '../../shared/middleware/rbac.middleware.js';
const router = Router();
@ -15,23 +16,23 @@ router.get('/employees/:id', (req, res, next) => hrController.getEmployee(req, r
router.get('/employees/:id/subordinates', (req, res, next) => hrController.getSubordinates(req, res, next));
router.post('/employees', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.post('/employees', requireAccess({ roles: ['admin', 'manager'], permission: 'employees:create' }), (req, res, next) =>
hrController.createEmployee(req, res, next)
);
router.put('/employees/:id', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.put('/employees/:id', requireAccess({ roles: ['admin', 'manager'], permission: 'employees:update' }), (req, res, next) =>
hrController.updateEmployee(req, res, next)
);
router.post('/employees/:id/terminate', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.post('/employees/:id/terminate', requireAccess({ roles: ['admin'], permission: 'employees:delete' }), (req, res, next) =>
hrController.terminateEmployee(req, res, next)
);
router.post('/employees/:id/reactivate', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.post('/employees/:id/reactivate', requireAccess({ roles: ['admin'], permission: 'employees:update' }), (req, res, next) =>
hrController.reactivateEmployee(req, res, next)
);
router.delete('/employees/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/employees/:id', requireAccess({ roles: ['admin'], permission: 'employees:delete' }), (req, res, next) =>
hrController.deleteEmployee(req, res, next)
);
@ -41,15 +42,15 @@ router.get('/departments', (req, res, next) => hrController.getDepartments(req,
router.get('/departments/:id', (req, res, next) => hrController.getDepartment(req, res, next));
router.post('/departments', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.post('/departments', requireAccess({ roles: ['admin'], permission: 'departments:create' }), (req, res, next) =>
hrController.createDepartment(req, res, next)
);
router.put('/departments/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.put('/departments/:id', requireAccess({ roles: ['admin'], permission: 'departments:update' }), (req, res, next) =>
hrController.updateDepartment(req, res, next)
);
router.delete('/departments/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/departments/:id', requireAccess({ roles: ['admin'], permission: 'departments:delete' }), (req, res, next) =>
hrController.deleteDepartment(req, res, next)
);
@ -57,15 +58,15 @@ router.delete('/departments/:id', requireRoles('admin', 'super_admin'), (req, re
router.get('/positions', (req, res, next) => hrController.getJobPositions(req, res, next));
router.post('/positions', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.post('/positions', requireAccess({ roles: ['admin'], permission: 'positions:create' }), (req, res, next) =>
hrController.createJobPosition(req, res, next)
);
router.put('/positions/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.put('/positions/:id', requireAccess({ roles: ['admin'], permission: 'positions:update' }), (req, res, next) =>
hrController.updateJobPosition(req, res, next)
);
router.delete('/positions/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/positions/:id', requireAccess({ roles: ['admin'], permission: 'positions:delete' }), (req, res, next) =>
hrController.deleteJobPosition(req, res, next)
);
@ -75,27 +76,27 @@ router.get('/contracts', (req, res, next) => hrController.getContracts(req, res,
router.get('/contracts/:id', (req, res, next) => hrController.getContract(req, res, next));
router.post('/contracts', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.post('/contracts', requireAccess({ roles: ['admin', 'manager'], permission: 'contracts:create' }), (req, res, next) =>
hrController.createContract(req, res, next)
);
router.put('/contracts/:id', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.put('/contracts/:id', requireAccess({ roles: ['admin', 'manager'], permission: 'contracts:update' }), (req, res, next) =>
hrController.updateContract(req, res, next)
);
router.post('/contracts/:id/activate', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.post('/contracts/:id/activate', requireAccess({ roles: ['admin'], permission: 'contracts:update' }), (req, res, next) =>
hrController.activateContract(req, res, next)
);
router.post('/contracts/:id/terminate', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.post('/contracts/:id/terminate', requireAccess({ roles: ['admin'], permission: 'contracts:update' }), (req, res, next) =>
hrController.terminateContract(req, res, next)
);
router.post('/contracts/:id/cancel', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.post('/contracts/:id/cancel', requireAccess({ roles: ['admin'], permission: 'contracts:update' }), (req, res, next) =>
hrController.cancelContract(req, res, next)
);
router.delete('/contracts/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/contracts/:id', requireAccess({ roles: ['admin'], permission: 'contracts:delete' }), (req, res, next) =>
hrController.deleteContract(req, res, next)
);
@ -103,15 +104,15 @@ router.delete('/contracts/:id', requireRoles('admin', 'super_admin'), (req, res,
router.get('/leave-types', (req, res, next) => hrController.getLeaveTypes(req, res, next));
router.post('/leave-types', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.post('/leave-types', requireAccess({ roles: ['admin'], permission: 'leaves:create' }), (req, res, next) =>
hrController.createLeaveType(req, res, next)
);
router.put('/leave-types/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.put('/leave-types/:id', requireAccess({ roles: ['admin'], permission: 'leaves:update' }), (req, res, next) =>
hrController.updateLeaveType(req, res, next)
);
router.delete('/leave-types/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/leave-types/:id', requireAccess({ roles: ['admin'], permission: 'leaves:delete' }), (req, res, next) =>
hrController.deleteLeaveType(req, res, next)
);
@ -121,31 +122,31 @@ router.get('/leaves', (req, res, next) => hrController.getLeaves(req, res, next)
router.get('/leaves/:id', (req, res, next) => hrController.getLeave(req, res, next));
router.post('/leaves', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.post('/leaves', requireAccess({ roles: ['admin', 'manager'], permission: 'leaves:create' }), (req, res, next) =>
hrController.createLeave(req, res, next)
);
router.put('/leaves/:id', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.put('/leaves/:id', requireAccess({ roles: ['admin', 'manager'], permission: 'leaves:update' }), (req, res, next) =>
hrController.updateLeave(req, res, next)
);
router.post('/leaves/:id/submit', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.post('/leaves/:id/submit', requireAccess({ roles: ['admin', 'manager'], permission: 'leaves:create' }), (req, res, next) =>
hrController.submitLeave(req, res, next)
);
router.post('/leaves/:id/approve', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.post('/leaves/:id/approve', requireAccess({ roles: ['admin', 'manager'], permission: 'leaves:approve' }), (req, res, next) =>
hrController.approveLeave(req, res, next)
);
router.post('/leaves/:id/reject', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.post('/leaves/:id/reject', requireAccess({ roles: ['admin', 'manager'], permission: 'leaves:approve' }), (req, res, next) =>
hrController.rejectLeave(req, res, next)
);
router.post('/leaves/:id/cancel', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.post('/leaves/:id/cancel', requireAccess({ roles: ['admin', 'manager'], permission: 'leaves:update' }), (req, res, next) =>
hrController.cancelLeave(req, res, next)
);
router.delete('/leaves/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/leaves/:id', requireAccess({ roles: ['admin'], permission: 'leaves:delete' }), (req, res, next) =>
hrController.deleteLeave(req, res, next)
);

57
src/modules/inventory/inventory.routes.ts
View File

@ -1,7 +1,8 @@
import { Router } from 'express';
import { inventoryController } from './inventory.controller.js';
import { valuationController } from './valuation.controller.js';
import { authenticate, requireRoles } from '../../shared/middleware/auth.middleware.js';
import { authenticate } from '../../shared/middleware/auth.middleware.js';
import { requireAccess } from '../../shared/middleware/rbac.middleware.js';
const router = Router();
@ -15,15 +16,15 @@ router.get('/products/:id', (req, res, next) => inventoryController.getProduct(r
router.get('/products/:id/stock', (req, res, next) => inventoryController.getProductStock(req, res, next));
router.post('/products', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) =>
router.post('/products', requireAccess({ roles: ['admin', 'manager', 'warehouse'], permission: 'products:create' }), (req, res, next) =>
inventoryController.createProduct(req, res, next)
);
router.put('/products/:id', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) =>
router.put('/products/:id', requireAccess({ roles: ['admin', 'manager', 'warehouse'], permission: 'products:update' }), (req, res, next) =>
inventoryController.updateProduct(req, res, next)
);
router.delete('/products/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/products/:id', requireAccess({ roles: ['admin'], permission: 'products:delete' }), (req, res, next) =>
inventoryController.deleteProduct(req, res, next)
);
@ -36,15 +37,15 @@ router.get('/warehouses/:id/locations', (req, res, next) => inventoryController.
router.get('/warehouses/:id/stock', (req, res, next) => inventoryController.getWarehouseStock(req, res, next));
router.post('/warehouses', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.post('/warehouses', requireAccess({ roles: ['admin'], permission: 'warehouses:create' }), (req, res, next) =>
inventoryController.createWarehouse(req, res, next)
);
router.put('/warehouses/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.put('/warehouses/:id', requireAccess({ roles: ['admin'], permission: 'warehouses:update' }), (req, res, next) =>
inventoryController.updateWarehouse(req, res, next)
);
router.delete('/warehouses/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/warehouses/:id', requireAccess({ roles: ['admin'], permission: 'warehouses:delete' }), (req, res, next) =>
inventoryController.deleteWarehouse(req, res, next)
);
@ -55,11 +56,11 @@ router.get('/locations/:id', (req, res, next) => inventoryController.getLocation
router.get('/locations/:id/stock', (req, res, next) => inventoryController.getLocationStock(req, res, next));
router.post('/locations', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) =>
router.post('/locations', requireAccess({ roles: ['admin', 'manager', 'warehouse'], permission: 'warehouses:update' }), (req, res, next) =>
inventoryController.createLocation(req, res, next)
);
router.put('/locations/:id', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) =>
router.put('/locations/:id', requireAccess({ roles: ['admin', 'manager', 'warehouse'], permission: 'warehouses:update' }), (req, res, next) =>
inventoryController.updateLocation(req, res, next)
);
@ -68,23 +69,23 @@ router.get('/pickings', (req, res, next) => inventoryController.getPickings(req,
router.get('/pickings/:id', (req, res, next) => inventoryController.getPicking(req, res, next));
router.post('/pickings', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) =>
router.post('/pickings', requireAccess({ roles: ['admin', 'manager', 'warehouse'], permission: 'stock_moves:create' }), (req, res, next) =>
inventoryController.createPicking(req, res, next)
);
router.post('/pickings/:id/confirm', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) =>
router.post('/pickings/:id/confirm', requireAccess({ roles: ['admin', 'manager', 'warehouse'], permission: 'stock_moves:validate' }), (req, res, next) =>
inventoryController.confirmPicking(req, res, next)
);
router.post('/pickings/:id/validate', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) =>
router.post('/pickings/:id/validate', requireAccess({ roles: ['admin', 'manager', 'warehouse'], permission: 'stock_moves:validate' }), (req, res, next) =>
inventoryController.validatePicking(req, res, next)
);
router.post('/pickings/:id/cancel', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) =>
router.post('/pickings/:id/cancel', requireAccess({ roles: ['admin', 'manager', 'warehouse'], permission: 'stock_moves:cancel' }), (req, res, next) =>
inventoryController.cancelPicking(req, res, next)
);
router.delete('/pickings/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/pickings/:id', requireAccess({ roles: ['admin'], permission: 'stock_moves:delete' }), (req, res, next) =>
inventoryController.deletePicking(req, res, next)
);
@ -95,15 +96,15 @@ router.get('/lots/:id', (req, res, next) => inventoryController.getLot(req, res,
router.get('/lots/:id/movements', (req, res, next) => inventoryController.getLotMovements(req, res, next));
router.post('/lots', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) =>
router.post('/lots', requireAccess({ roles: ['admin', 'manager', 'warehouse'], permission: 'inventory:update' }), (req, res, next) =>
inventoryController.createLot(req, res, next)
);
router.put('/lots/:id', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) =>
router.put('/lots/:id', requireAccess({ roles: ['admin', 'manager', 'warehouse'], permission: 'inventory:update' }), (req, res, next) =>
inventoryController.updateLot(req, res, next)
);
router.delete('/lots/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/lots/:id', requireAccess({ roles: ['admin'], permission: 'inventory:update' }), (req, res, next) =>
inventoryController.deleteLot(req, res, next)
);
@ -112,41 +113,41 @@ router.get('/adjustments', (req, res, next) => inventoryController.getAdjustment
router.get('/adjustments/:id', (req, res, next) => inventoryController.getAdjustment(req, res, next));
router.post('/adjustments', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) =>
router.post('/adjustments', requireAccess({ roles: ['admin', 'manager', 'warehouse'], permission: 'inventory:adjust' }), (req, res, next) =>
inventoryController.createAdjustment(req, res, next)
);
router.put('/adjustments/:id', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) =>
router.put('/adjustments/:id', requireAccess({ roles: ['admin', 'manager', 'warehouse'], permission: 'inventory:adjust' }), (req, res, next) =>
inventoryController.updateAdjustment(req, res, next)
);
// Adjustment lines
router.post('/adjustments/:id/lines', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) =>
router.post('/adjustments/:id/lines', requireAccess({ roles: ['admin', 'manager', 'warehouse'], permission: 'inventory:adjust' }), (req, res, next) =>
inventoryController.addAdjustmentLine(req, res, next)
);
router.put('/adjustments/:id/lines/:lineId', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) =>
router.put('/adjustments/:id/lines/:lineId', requireAccess({ roles: ['admin', 'manager', 'warehouse'], permission: 'inventory:adjust' }), (req, res, next) =>
inventoryController.updateAdjustmentLine(req, res, next)
);
router.delete('/adjustments/:id/lines/:lineId', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) =>
router.delete('/adjustments/:id/lines/:lineId', requireAccess({ roles: ['admin', 'manager', 'warehouse'], permission: 'inventory:adjust' }), (req, res, next) =>
inventoryController.removeAdjustmentLine(req, res, next)
);
// Adjustment workflow
router.post('/adjustments/:id/confirm', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) =>
router.post('/adjustments/:id/confirm', requireAccess({ roles: ['admin', 'manager', 'warehouse'], permission: 'inventory:adjust' }), (req, res, next) =>
inventoryController.confirmAdjustment(req, res, next)
);
router.post('/adjustments/:id/validate', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.post('/adjustments/:id/validate', requireAccess({ roles: ['admin', 'manager'], permission: 'stock_count:validate' }), (req, res, next) =>
inventoryController.validateAdjustment(req, res, next)
);
router.post('/adjustments/:id/cancel', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.post('/adjustments/:id/cancel', requireAccess({ roles: ['admin', 'manager'], permission: 'inventory:adjust' }), (req, res, next) =>
inventoryController.cancelAdjustment(req, res, next)
);
router.delete('/adjustments/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/adjustments/:id', requireAccess({ roles: ['admin'], permission: 'inventory:adjust' }), (req, res, next) =>
inventoryController.deleteAdjustment(req, res, next)
);
@ -163,11 +164,11 @@ router.get('/valuation/products/:productId/layers', (req, res, next) =>
valuationController.getProductLayers(req, res, next)
);
router.post('/valuation/layers', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.post('/valuation/layers', requireAccess({ roles: ['admin', 'manager'], permission: 'inventory:update' }), (req, res, next) =>
valuationController.createLayer(req, res, next)
);
router.post('/valuation/consume', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.post('/valuation/consume', requireAccess({ roles: ['admin', 'manager'], permission: 'inventory:update' }), (req, res, next) =>
valuationController.consumeFifo(req, res, next)
);

19
src/modules/invoices/invoices.routes.ts
View File

@ -1,6 +1,7 @@
import { Router } from 'express';
import { invoicesController } from './invoices.controller.js';
import { authenticate, requireRoles } from '../../shared/middleware/auth.middleware.js';
import { authenticate } from '../../shared/middleware/auth.middleware.js';
import { requireAccess } from '../../shared/middleware/rbac.middleware.js';
const router = Router();
@ -15,17 +16,17 @@ router.get('/payments', (req, res, next) => invoicesController.findAllPayments(r
router.get('/payments/:id', (req, res, next) => invoicesController.findPaymentById(req, res, next));
// Create payment
router.post('/payments', requireRoles('admin', 'manager', 'accountant', 'super_admin'), (req, res, next) =>
router.post('/payments', requireAccess({ roles: ['admin', 'manager', 'accountant'], permission: 'payments:create' }), (req, res, next) =>
invoicesController.createPayment(req, res, next)
);
// Confirm payment
router.post('/payments/:id/confirm', requireRoles('admin', 'manager', 'accountant', 'super_admin'), (req, res, next) =>
router.post('/payments/:id/confirm', requireAccess({ roles: ['admin', 'manager', 'accountant'], permission: 'payments:apply' }), (req, res, next) =>
invoicesController.confirmPayment(req, res, next)
);
// Cancel payment
router.post('/payments/:id/cancel', requireRoles('admin', 'manager', 'accountant', 'super_admin'), (req, res, next) =>
router.post('/payments/:id/cancel', requireAccess({ roles: ['admin', 'manager', 'accountant'], permission: 'payments:delete' }), (req, res, next) =>
invoicesController.cancelPayment(req, res, next)
);
@ -37,27 +38,27 @@ router.get('/', (req, res, next) => invoicesController.findAll(req, res, next));
router.get('/:id', (req, res, next) => invoicesController.findById(req, res, next));
// Create invoice
router.post('/', requireRoles('admin', 'manager', 'accountant', 'super_admin'), (req, res, next) =>
router.post('/', requireAccess({ roles: ['admin', 'manager', 'accountant'], permission: 'invoices:create' }), (req, res, next) =>
invoicesController.create(req, res, next)
);
// Update invoice
router.patch('/:id', requireRoles('admin', 'manager', 'accountant', 'super_admin'), (req, res, next) =>
router.patch('/:id', requireAccess({ roles: ['admin', 'manager', 'accountant'], permission: 'invoices:update' }), (req, res, next) =>
invoicesController.update(req, res, next)
);
// Delete invoice
router.delete('/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/:id', requireAccess({ roles: ['admin'], permission: 'invoices:delete' }), (req, res, next) =>
invoicesController.delete(req, res, next)
);
// Validate invoice (change status to validated)
router.post('/:id/validate', requireRoles('admin', 'manager', 'accountant', 'super_admin'), (req, res, next) =>
router.post('/:id/validate', requireAccess({ roles: ['admin', 'manager', 'accountant'], permission: 'invoices:validate' }), (req, res, next) =>
invoicesController.validate(req, res, next)
);
// Cancel invoice
router.post('/:id/cancel', requireRoles('admin', 'manager', 'accountant', 'super_admin'), (req, res, next) =>
router.post('/:id/cancel', requireAccess({ roles: ['admin', 'manager', 'accountant'], permission: 'invoices:cancel' }), (req, res, next) =>
invoicesController.cancel(req, res, next)
);

33
src/modules/partners/partners.routes.ts
View File

@ -1,7 +1,8 @@
import { Router } from 'express';
import { partnersController } from './partners.controller.js';
import { rankingController } from './ranking.controller.js';
import { authenticate, requireRoles } from '../../shared/middleware/auth.middleware.js';
import { authenticate } from '../../shared/middleware/auth.middleware.js';
import { requireAccess } from '../../shared/middleware/rbac.middleware.js';
const router = Router();
@ -13,44 +14,44 @@ router.use(authenticate);
// ============================================================================
// Calculate rankings (admin, manager)
router.post('/rankings/calculate', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.post('/rankings/calculate', requireAccess({ roles: ['admin', 'manager'], permission: 'partners:update' }), (req, res, next) =>
rankingController.calculateRankings(req, res, next)
);
// Get all rankings
router.get('/rankings', requireRoles('admin', 'manager', 'sales', 'accountant', 'super_admin'), (req, res, next) =>
router.get('/rankings', requireAccess({ roles: ['admin', 'manager', 'sales', 'accountant'], permission: 'partners:read' }), (req, res, next) =>
rankingController.findRankings(req, res, next)
);
// Top partners
router.get('/rankings/top/customers', requireRoles('admin', 'manager', 'sales', 'accountant', 'super_admin'), (req, res, next) =>
router.get('/rankings/top/customers', requireAccess({ roles: ['admin', 'manager', 'sales', 'accountant'], permission: 'customers:read' }), (req, res, next) =>
rankingController.getTopCustomers(req, res, next)
);
router.get('/rankings/top/suppliers', requireRoles('admin', 'manager', 'sales', 'accountant', 'super_admin'), (req, res, next) =>
router.get('/rankings/top/suppliers', requireAccess({ roles: ['admin', 'manager', 'sales', 'accountant'], permission: 'suppliers:read' }), (req, res, next) =>
rankingController.getTopSuppliers(req, res, next)
);
// ABC distribution
router.get('/rankings/abc/customers', requireRoles('admin', 'manager', 'sales', 'accountant', 'super_admin'), (req, res, next) =>
router.get('/rankings/abc/customers', requireAccess({ roles: ['admin', 'manager', 'sales', 'accountant'], permission: 'customers:read' }), (req, res, next) =>
rankingController.getCustomerABCDistribution(req, res, next)
);
router.get('/rankings/abc/suppliers', requireRoles('admin', 'manager', 'sales', 'accountant', 'super_admin'), (req, res, next) =>
router.get('/rankings/abc/suppliers', requireAccess({ roles: ['admin', 'manager', 'sales', 'accountant'], permission: 'suppliers:read' }), (req, res, next) =>
rankingController.getSupplierABCDistribution(req, res, next)
);
// Partners by ABC
router.get('/rankings/abc/customers/:abc', requireRoles('admin', 'manager', 'sales', 'accountant', 'super_admin'), (req, res, next) =>
router.get('/rankings/abc/customers/:abc', requireAccess({ roles: ['admin', 'manager', 'sales', 'accountant'], permission: 'customers:read' }), (req, res, next) =>
rankingController.getCustomersByABC(req, res, next)
);
router.get('/rankings/abc/suppliers/:abc', requireRoles('admin', 'manager', 'sales', 'accountant', 'super_admin'), (req, res, next) =>
router.get('/rankings/abc/suppliers/:abc', requireAccess({ roles: ['admin', 'manager', 'sales', 'accountant'], permission: 'suppliers:read' }), (req, res, next) =>
rankingController.getSuppliersByABC(req, res, next)
);
// Partner-specific ranking
router.get('/rankings/partner/:partnerId', requireRoles('admin', 'manager', 'sales', 'accountant', 'super_admin'), (req, res, next) =>
router.get('/rankings/partner/:partnerId', requireAccess({ roles: ['admin', 'manager', 'sales', 'accountant'], permission: 'partners:read' }), (req, res, next) =>
rankingController.findPartnerRanking(req, res, next)
);
router.get('/rankings/partner/:partnerId/history', requireRoles('admin', 'manager', 'sales', 'accountant', 'super_admin'), (req, res, next) =>
router.get('/rankings/partner/:partnerId/history', requireAccess({ roles: ['admin', 'manager', 'sales', 'accountant'], permission: 'partners:read' }), (req, res, next) =>
rankingController.getPartnerHistory(req, res, next)
);
@ -63,27 +64,27 @@ router.get('/customers', (req, res, next) => partnersController.findCustomers(re
router.get('/suppliers', (req, res, next) => partnersController.findSuppliers(req, res, next));
// List all partners (admin, manager, sales, accountant)
router.get('/', requireRoles('admin', 'manager', 'sales', 'accountant', 'super_admin'), (req, res, next) =>
router.get('/', requireAccess({ roles: ['admin', 'manager', 'sales', 'accountant'], permission: 'partners:read' }), (req, res, next) =>
partnersController.findAll(req, res, next)
);
// Get partner by ID
router.get('/:id', requireRoles('admin', 'manager', 'sales', 'accountant', 'super_admin'), (req, res, next) =>
router.get('/:id', requireAccess({ roles: ['admin', 'manager', 'sales', 'accountant'], permission: 'partners:read' }), (req, res, next) =>
partnersController.findById(req, res, next)
);
// Create partner (admin, manager, sales)
router.post('/', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) =>
router.post('/', requireAccess({ roles: ['admin', 'manager', 'sales'], permission: 'partners:create' }), (req, res, next) =>
partnersController.create(req, res, next)
);
// Update partner (admin, manager, sales)
router.put('/:id', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) =>
router.put('/:id', requireAccess({ roles: ['admin', 'manager', 'sales'], permission: 'partners:update' }), (req, res, next) =>
partnersController.update(req, res, next)
);
// Delete partner (admin only)
router.delete('/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/:id', requireAccess({ roles: ['admin'], permission: 'partners:delete' }), (req, res, next) =>
partnersController.delete(req, res, next)
);

15
src/modules/products/products.routes.ts
View File

@ -1,6 +1,7 @@
import { Router } from 'express';
import { productsController } from './products.controller.js';
import { authenticate, requireRoles } from '../../shared/middleware/auth.middleware.js';
import { authenticate } from '../../shared/middleware/auth.middleware.js';
import { requireAccess } from '../../shared/middleware/rbac.middleware.js';
const router = Router();
@ -15,17 +16,17 @@ router.get('/categories', (req, res, next) => productsController.findAllCategori
router.get('/categories/:id', (req, res, next) => productsController.findCategoryById(req, res, next));
// Create category
router.post('/categories', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.post('/categories', requireAccess({ roles: ['admin', 'manager'], permission: 'categories:create' }), (req, res, next) =>
productsController.createCategory(req, res, next)
);
// Update category
router.patch('/categories/:id', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.patch('/categories/:id', requireAccess({ roles: ['admin', 'manager'], permission: 'categories:update' }), (req, res, next) =>
productsController.updateCategory(req, res, next)
);
// Delete category
router.delete('/categories/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/categories/:id', requireAccess({ roles: ['admin'], permission: 'categories:delete' }), (req, res, next) =>
productsController.deleteCategory(req, res, next)
);
@ -50,17 +51,17 @@ router.get('/', (req, res, next) => productsController.findAll(req, res, next));
router.get('/:id', (req, res, next) => productsController.findById(req, res, next));
// Create product
router.post('/', requireRoles('admin', 'manager', 'inventory', 'super_admin'), (req, res, next) =>
router.post('/', requireAccess({ roles: ['admin', 'manager', 'warehouse'], permission: 'products:create' }), (req, res, next) =>
productsController.create(req, res, next)
);
// Update product
router.patch('/:id', requireRoles('admin', 'manager', 'inventory', 'super_admin'), (req, res, next) =>
router.patch('/:id', requireAccess({ roles: ['admin', 'manager', 'warehouse'], permission: 'products:update' }), (req, res, next) =>
productsController.update(req, res, next)
);
// Delete product
router.delete('/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/:id', requireAccess({ roles: ['admin'], permission: 'products:delete' }), (req, res, next) =>
productsController.delete(req, res, next)
);

15
src/modules/projects/projects.routes.ts
View File

@ -1,6 +1,7 @@
import { Router } from 'express';
import { projectsController } from './projects.controller.js';
import { authenticate, requireRoles } from '../../shared/middleware/auth.middleware.js';
import { authenticate } from '../../shared/middleware/auth.middleware.js';
import { requireAccess } from '../../shared/middleware/rbac.middleware.js';
const router = Router();
@ -12,15 +13,15 @@ router.get('/', (req, res, next) => projectsController.getProjects(req, res, nex
router.get('/:id', (req, res, next) => projectsController.getProject(req, res, next));
router.post('/', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.post('/', requireAccess({ roles: ['admin', 'manager'], permission: 'projects:create' }), (req, res, next) =>
projectsController.createProject(req, res, next)
);
router.put('/:id', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.put('/:id', requireAccess({ roles: ['admin', 'manager'], permission: 'projects:update' }), (req, res, next) =>
projectsController.updateProject(req, res, next)
);
router.delete('/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/:id', requireAccess({ roles: ['admin'], permission: 'projects:delete' }), (req, res, next) =>
projectsController.deleteProject(req, res, next)
);
@ -50,7 +51,7 @@ router.get('/timesheets/all', (req, res, next) => projectsController.getTimeshee
router.get('/timesheets/me', (req, res, next) => projectsController.getMyTimesheets(req, res, next));
router.get('/timesheets/pending', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.get('/timesheets/pending', requireAccess({ roles: ['admin', 'manager'], permission: 'timesheets:approve' }), (req, res, next) =>
projectsController.getPendingApprovals(req, res, next)
);
@ -64,11 +65,11 @@ router.delete('/timesheets/:id', (req, res, next) => projectsController.deleteTi
router.post('/timesheets/:id/submit', (req, res, next) => projectsController.submitTimesheet(req, res, next));
router.post('/timesheets/:id/approve', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.post('/timesheets/:id/approve', requireAccess({ roles: ['admin', 'manager'], permission: 'timesheets:approve' }), (req, res, next) =>
projectsController.approveTimesheet(req, res, next)
);
router.post('/timesheets/:id/reject', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.post('/timesheets/:id/reject', requireAccess({ roles: ['admin', 'manager'], permission: 'timesheets:approve' }), (req, res, next) =>
projectsController.rejectTimesheet(req, res, next)
);

43
src/modules/purchases/purchases.routes.ts
View File

@ -1,6 +1,7 @@
import { Router } from 'express';
import { purchasesController } from './purchases.controller.js';
import { authenticate, requireRoles } from '../../shared/middleware/auth.middleware.js';
import { authenticate } from '../../shared/middleware/auth.middleware.js';
import { requireAccess } from '../../shared/middleware/rbac.middleware.js';
const router = Router();
@ -8,82 +9,82 @@ const router = Router();
router.use(authenticate);
// List purchase orders
router.get('/', requireRoles('admin', 'manager', 'warehouse', 'accountant', 'super_admin'), (req, res, next) =>
router.get('/', requireAccess({ roles: ['admin', 'manager', 'warehouse', 'accountant'], permission: 'purchases:read' }), (req, res, next) =>
purchasesController.findAll(req, res, next)
);
// Get purchase order by ID
router.get('/:id', requireRoles('admin', 'manager', 'warehouse', 'accountant', 'super_admin'), (req, res, next) =>
router.get('/:id', requireAccess({ roles: ['admin', 'manager', 'warehouse', 'accountant'], permission: 'purchases:read' }), (req, res, next) =>
purchasesController.findById(req, res, next)
);
// Create purchase order
router.post('/', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) =>
router.post('/', requireAccess({ roles: ['admin', 'manager', 'warehouse'], permission: 'purchases:create' }), (req, res, next) =>
purchasesController.create(req, res, next)
);
// Update purchase order
router.put('/:id', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) =>
router.put('/:id', requireAccess({ roles: ['admin', 'manager', 'warehouse'], permission: 'purchases:update' }), (req, res, next) =>
purchasesController.update(req, res, next)
);
// Confirm purchase order
router.post('/:id/confirm', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.post('/:id/confirm', requireAccess({ roles: ['admin', 'manager'], permission: 'purchases:approve' }), (req, res, next) =>
purchasesController.confirm(req, res, next)
);
// Cancel purchase order
router.post('/:id/cancel', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.post('/:id/cancel', requireAccess({ roles: ['admin', 'manager'], permission: 'purchases:cancel' }), (req, res, next) =>
purchasesController.cancel(req, res, next)
);
// Delete purchase order
router.delete('/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/:id', requireAccess({ roles: ['admin'], permission: 'purchases:delete' }), (req, res, next) =>
purchasesController.delete(req, res, next)
);
// ========== RFQs (Request for Quotation) ==========
router.get('/rfqs', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) =>
router.get('/rfqs', requireAccess({ roles: ['admin', 'manager', 'warehouse'], permission: 'purchase_orders:read' }), (req, res, next) =>
purchasesController.getRfqs(req, res, next)
);
router.get('/rfqs/:id', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) =>
router.get('/rfqs/:id', requireAccess({ roles: ['admin', 'manager', 'warehouse'], permission: 'purchase_orders:read' }), (req, res, next) =>
purchasesController.getRfq(req, res, next)
);
router.post('/rfqs', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) =>
router.post('/rfqs', requireAccess({ roles: ['admin', 'manager', 'warehouse'], permission: 'purchase_orders:create' }), (req, res, next) =>
purchasesController.createRfq(req, res, next)
);
router.put('/rfqs/:id', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) =>
router.put('/rfqs/:id', requireAccess({ roles: ['admin', 'manager', 'warehouse'], permission: 'purchase_orders:update' }), (req, res, next) =>
purchasesController.updateRfq(req, res, next)
);
router.delete('/rfqs/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/rfqs/:id', requireAccess({ roles: ['admin'], permission: 'purchase_orders:delete' }), (req, res, next) =>
purchasesController.deleteRfq(req, res, next)
);
// RFQ Lines
router.post('/rfqs/:id/lines', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) =>
router.post('/rfqs/:id/lines', requireAccess({ roles: ['admin', 'manager', 'warehouse'], permission: 'purchase_orders:update' }), (req, res, next) =>
purchasesController.addRfqLine(req, res, next)
);
router.put('/rfqs/:id/lines/:lineId', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) =>
router.put('/rfqs/:id/lines/:lineId', requireAccess({ roles: ['admin', 'manager', 'warehouse'], permission: 'purchase_orders:update' }), (req, res, next) =>
purchasesController.updateRfqLine(req, res, next)
);
router.delete('/rfqs/:id/lines/:lineId', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) =>
router.delete('/rfqs/:id/lines/:lineId', requireAccess({ roles: ['admin', 'manager', 'warehouse'], permission: 'purchase_orders:update' }), (req, res, next) =>
purchasesController.removeRfqLine(req, res, next)
);
// RFQ Workflow
router.post('/rfqs/:id/send', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.post('/rfqs/:id/send', requireAccess({ roles: ['admin', 'manager'], permission: 'purchase_orders:approve' }), (req, res, next) =>
purchasesController.sendRfq(req, res, next)
);
router.post('/rfqs/:id/responded', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.post('/rfqs/:id/responded', requireAccess({ roles: ['admin', 'manager'], permission: 'purchase_orders:update' }), (req, res, next) =>
purchasesController.markRfqResponded(req, res, next)
);
router.post('/rfqs/:id/accept', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.post('/rfqs/:id/accept', requireAccess({ roles: ['admin', 'manager'], permission: 'purchase_orders:approve' }), (req, res, next) =>
purchasesController.acceptRfq(req, res, next)
);
router.post('/rfqs/:id/reject', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.post('/rfqs/:id/reject', requireAccess({ roles: ['admin', 'manager'], permission: 'purchase_orders:reject' }), (req, res, next) =>
purchasesController.rejectRfq(req, res, next)
);
router.post('/rfqs/:id/cancel', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.post('/rfqs/:id/cancel', requireAccess({ roles: ['admin', 'manager'], permission: 'purchase_orders:delete' }), (req, res, next) =>
purchasesController.cancelRfq(req, res, next)
);

17
src/modules/roles/permissions.routes.ts
View File

@ -1,6 +1,7 @@
import { Router } from 'express';
import { permissionsController } from './permissions.controller.js';
import { authenticate, requireRoles } from '../../shared/middleware/auth.middleware.js';
import { authenticate } from '../../shared/middleware/auth.middleware.js';
import { requireAccess } from '../../shared/middleware/rbac.middleware.js';
const router = Router();
@ -18,37 +19,37 @@ router.post('/check', (req, res, next) =>
);
// List all permissions (admin, manager)
router.get('/', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.get('/', requireAccess({ roles: ['admin', 'manager'], permission: 'permissions:read' }), (req, res, next) =>
permissionsController.findAll(req, res, next)
);
// Get available modules (admin, manager)
router.get('/modules', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.get('/modules', requireAccess({ roles: ['admin', 'manager'], permission: 'permissions:read' }), (req, res, next) =>
permissionsController.getModules(req, res, next)
);
// Get available resources (admin, manager)
router.get('/resources', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.get('/resources', requireAccess({ roles: ['admin', 'manager'], permission: 'permissions:read' }), (req, res, next) =>
permissionsController.getResources(req, res, next)
);
// Get permissions grouped by module (admin, manager)
router.get('/grouped', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.get('/grouped', requireAccess({ roles: ['admin', 'manager'], permission: 'permissions:read' }), (req, res, next) =>
permissionsController.getGrouped(req, res, next)
);
// Get permissions by module (admin, manager)
router.get('/by-module/:module', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.get('/by-module/:module', requireAccess({ roles: ['admin', 'manager'], permission: 'permissions:read' }), (req, res, next) =>
permissionsController.getByModule(req, res, next)
);
// Get permission matrix for admin UI (admin only)
router.get('/matrix', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.get('/matrix', requireAccess({ roles: ['admin'], permission: 'permissions:read' }), (req, res, next) =>
permissionsController.getMatrix(req, res, next)
);
// Get effective permissions for a specific user (admin only)
router.get('/user/:userId', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.get('/user/:userId', requireAccess({ roles: ['admin'], permission: 'users:read' }), (req, res, next) =>
permissionsController.getUserPermissions(req, res, next)
);

23
src/modules/roles/roles.routes.ts
View File

@ -1,6 +1,7 @@
import { Router } from 'express';
import { rolesController } from './roles.controller.js';
import { authenticate, requireRoles } from '../../shared/middleware/auth.middleware.js';
import { authenticate } from '../../shared/middleware/auth.middleware.js';
import { requireAccess } from '../../shared/middleware/rbac.middleware.js';
const router = Router();
@ -8,49 +9,49 @@ const router = Router();
router.use(authenticate);
// List roles (admin, manager)
router.get('/', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.get('/', requireAccess({ roles: ['admin', 'manager'], permission: 'roles:read' }), (req, res, next) =>
rolesController.findAll(req, res, next)
);
// Get system roles (admin)
router.get('/system', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.get('/system', requireAccess({ roles: ['admin'], permission: 'roles:read' }), (req, res, next) =>
rolesController.getSystemRoles(req, res, next)
);
// Get role by ID (admin, manager)
router.get('/:id', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.get('/:id', requireAccess({ roles: ['admin', 'manager'], permission: 'roles:read' }), (req, res, next) =>
rolesController.findById(req, res, next)
);
// Create role (admin only)
router.post('/', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.post('/', requireAccess({ roles: ['admin'], permission: 'roles:create' }), (req, res, next) =>
rolesController.create(req, res, next)
);
// Update role (admin only)
router.put('/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.put('/:id', requireAccess({ roles: ['admin'], permission: 'roles:update' }), (req, res, next) =>
rolesController.update(req, res, next)
);
// Delete role (admin only)
router.delete('/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/:id', requireAccess({ roles: ['admin'], permission: 'roles:delete' }), (req, res, next) =>
rolesController.delete(req, res, next)
);
// Role permissions management
router.get('/:id/permissions', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.get('/:id/permissions', requireAccess({ roles: ['admin', 'manager'], permission: 'permissions:read' }), (req, res, next) =>
rolesController.getPermissions(req, res, next)
);
router.put('/:id/permissions', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.put('/:id/permissions', requireAccess({ roles: ['admin'], permission: 'permissions:update' }), (req, res, next) =>
rolesController.assignPermissions(req, res, next)
);
router.post('/:id/permissions', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.post('/:id/permissions', requireAccess({ roles: ['admin'], permission: 'permissions:update' }), (req, res, next) =>
rolesController.addPermission(req, res, next)
);
router.delete('/:id/permissions/:permissionId', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/:id/permissions/:permissionId', requireAccess({ roles: ['admin'], permission: 'permissions:update' }), (req, res, next) =>
rolesController.removePermission(req, res, next)
);

65
src/modules/sales/sales.routes.ts
View File

@ -1,6 +1,7 @@
import { Router } from 'express';
import { salesController } from './sales.controller.js';
import { authenticate, requireRoles } from '../../shared/middleware/auth.middleware.js';
import { authenticate } from '../../shared/middleware/auth.middleware.js';
import { requireAccess } from '../../shared/middleware/rbac.middleware.js';
const router = Router();
@ -12,19 +13,19 @@ router.get('/pricelists', (req, res, next) => salesController.getPricelists(req,
router.get('/pricelists/:id', (req, res, next) => salesController.getPricelist(req, res, next));
router.post('/pricelists', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.post('/pricelists', requireAccess({ roles: ['admin', 'manager'], permission: 'price_lists:create' }), (req, res, next) =>
salesController.createPricelist(req, res, next)
);
router.put('/pricelists/:id', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.put('/pricelists/:id', requireAccess({ roles: ['admin', 'manager'], permission: 'price_lists:update' }), (req, res, next) =>
salesController.updatePricelist(req, res, next)
);
router.post('/pricelists/:id/items', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.post('/pricelists/:id/items', requireAccess({ roles: ['admin', 'manager'], permission: 'price_lists:update' }), (req, res, next) =>
salesController.addPricelistItem(req, res, next)
);
router.delete('/pricelists/:id/items/:itemId', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.delete('/pricelists/:id/items/:itemId', requireAccess({ roles: ['admin', 'manager'], permission: 'price_lists:update' }), (req, res, next) =>
salesController.removePricelistItem(req, res, next)
);
@ -33,19 +34,19 @@ router.get('/teams', (req, res, next) => salesController.getSalesTeams(req, res,
router.get('/teams/:id', (req, res, next) => salesController.getSalesTeam(req, res, next));
router.post('/teams', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.post('/teams', requireAccess({ roles: ['admin', 'manager'], permission: 'sales:create' }), (req, res, next) =>
salesController.createSalesTeam(req, res, next)
);
router.put('/teams/:id', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.put('/teams/:id', requireAccess({ roles: ['admin', 'manager'], permission: 'sales:update' }), (req, res, next) =>
salesController.updateSalesTeam(req, res, next)
);
router.post('/teams/:id/members', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.post('/teams/:id/members', requireAccess({ roles: ['admin', 'manager'], permission: 'sales:update' }), (req, res, next) =>
salesController.addSalesTeamMember(req, res, next)
);
router.delete('/teams/:id/members/:memberId', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.delete('/teams/:id/members/:memberId', requireAccess({ roles: ['admin', 'manager'], permission: 'sales:update' }), (req, res, next) =>
salesController.removeSalesTeamMember(req, res, next)
);
@ -54,23 +55,23 @@ router.get('/customer-groups', (req, res, next) => salesController.getCustomerGr
router.get('/customer-groups/:id', (req, res, next) => salesController.getCustomerGroup(req, res, next));
router.post('/customer-groups', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) =>
router.post('/customer-groups', requireAccess({ roles: ['admin', 'manager', 'sales'], permission: 'customers:create' }), (req, res, next) =>
salesController.createCustomerGroup(req, res, next)
);
router.put('/customer-groups/:id', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) =>
router.put('/customer-groups/:id', requireAccess({ roles: ['admin', 'manager', 'sales'], permission: 'customers:update' }), (req, res, next) =>
salesController.updateCustomerGroup(req, res, next)
);
router.delete('/customer-groups/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/customer-groups/:id', requireAccess({ roles: ['admin'], permission: 'customers:delete' }), (req, res, next) =>
salesController.deleteCustomerGroup(req, res, next)
);
router.post('/customer-groups/:id/members', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) =>
router.post('/customer-groups/:id/members', requireAccess({ roles: ['admin', 'manager', 'sales'], permission: 'customers:update' }), (req, res, next) =>
salesController.addCustomerGroupMember(req, res, next)
);
router.delete('/customer-groups/:id/members/:memberId', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) =>
router.delete('/customer-groups/:id/members/:memberId', requireAccess({ roles: ['admin', 'manager', 'sales'], permission: 'customers:update' }), (req, res, next) =>
salesController.removeCustomerGroupMember(req, res, next)
);
@ -79,39 +80,39 @@ router.get('/quotations', (req, res, next) => salesController.getQuotations(req,
router.get('/quotations/:id', (req, res, next) => salesController.getQuotation(req, res, next));
router.post('/quotations', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) =>
router.post('/quotations', requireAccess({ roles: ['admin', 'manager', 'sales'], permission: 'quotations:create' }), (req, res, next) =>
salesController.createQuotation(req, res, next)
);
router.put('/quotations/:id', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) =>
router.put('/quotations/:id', requireAccess({ roles: ['admin', 'manager', 'sales'], permission: 'quotations:update' }), (req, res, next) =>
salesController.updateQuotation(req, res, next)
);
router.delete('/quotations/:id', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.delete('/quotations/:id', requireAccess({ roles: ['admin', 'manager'], permission: 'quotations:delete' }), (req, res, next) =>
salesController.deleteQuotation(req, res, next)
);
router.post('/quotations/:id/lines', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) =>
router.post('/quotations/:id/lines', requireAccess({ roles: ['admin', 'manager', 'sales'], permission: 'quotations:update' }), (req, res, next) =>
salesController.addQuotationLine(req, res, next)
);
router.put('/quotations/:id/lines/:lineId', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) =>
router.put('/quotations/:id/lines/:lineId', requireAccess({ roles: ['admin', 'manager', 'sales'], permission: 'quotations:update' }), (req, res, next) =>
salesController.updateQuotationLine(req, res, next)
);
router.delete('/quotations/:id/lines/:lineId', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) =>
router.delete('/quotations/:id/lines/:lineId', requireAccess({ roles: ['admin', 'manager', 'sales'], permission: 'quotations:update' }), (req, res, next) =>
salesController.removeQuotationLine(req, res, next)
);
router.post('/quotations/:id/send', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) =>
router.post('/quotations/:id/send', requireAccess({ roles: ['admin', 'manager', 'sales'], permission: 'quotations:update' }), (req, res, next) =>
salesController.sendQuotation(req, res, next)
);
router.post('/quotations/:id/confirm', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.post('/quotations/:id/confirm', requireAccess({ roles: ['admin', 'manager'], permission: 'quotations:convert' }), (req, res, next) =>
salesController.confirmQuotation(req, res, next)
);
router.post('/quotations/:id/cancel', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.post('/quotations/:id/cancel', requireAccess({ roles: ['admin', 'manager'], permission: 'quotations:delete' }), (req, res, next) =>
salesController.cancelQuotation(req, res, next)
);
@ -120,39 +121,39 @@ router.get('/orders', (req, res, next) => salesController.getOrders(req, res, ne
router.get('/orders/:id', (req, res, next) => salesController.getOrder(req, res, next));
router.post('/orders', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) =>
router.post('/orders', requireAccess({ roles: ['admin', 'manager', 'sales'], permission: 'sales:create' }), (req, res, next) =>
salesController.createOrder(req, res, next)
);
router.put('/orders/:id', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) =>
router.put('/orders/:id', requireAccess({ roles: ['admin', 'manager', 'sales'], permission: 'sales:update' }), (req, res, next) =>
salesController.updateOrder(req, res, next)
);
router.delete('/orders/:id', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.delete('/orders/:id', requireAccess({ roles: ['admin', 'manager'], permission: 'sales:delete' }), (req, res, next) =>
salesController.deleteOrder(req, res, next)
);
router.post('/orders/:id/lines', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) =>
router.post('/orders/:id/lines', requireAccess({ roles: ['admin', 'manager', 'sales'], permission: 'sales:update' }), (req, res, next) =>
salesController.addOrderLine(req, res, next)
);
router.put('/orders/:id/lines/:lineId', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) =>
router.put('/orders/:id/lines/:lineId', requireAccess({ roles: ['admin', 'manager', 'sales'], permission: 'sales:update' }), (req, res, next) =>
salesController.updateOrderLine(req, res, next)
);
router.delete('/orders/:id/lines/:lineId', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) =>
router.delete('/orders/:id/lines/:lineId', requireAccess({ roles: ['admin', 'manager', 'sales'], permission: 'sales:update' }), (req, res, next) =>
salesController.removeOrderLine(req, res, next)
);
router.post('/orders/:id/confirm', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.post('/orders/:id/confirm', requireAccess({ roles: ['admin', 'manager'], permission: 'sales:approve' }), (req, res, next) =>
salesController.confirmOrder(req, res, next)
);
router.post('/orders/:id/cancel', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.post('/orders/:id/cancel', requireAccess({ roles: ['admin', 'manager'], permission: 'sales:cancel' }), (req, res, next) =>
salesController.cancelOrder(req, res, next)
);
router.post('/orders/:id/invoice', requireRoles('admin', 'manager', 'accountant', 'super_admin'), (req, res, next) =>
router.post('/orders/:id/invoice', requireAccess({ roles: ['admin', 'manager', 'accountant'], permission: 'invoices:create' }), (req, res, next) =>
salesController.createOrderInvoice(req, res, next)
);

7
src/modules/system/system.routes.ts
View File

@ -1,6 +1,7 @@
import { Router } from 'express';
import { systemController } from './system.controller.js';
import { authenticate, requireRoles } from '../../shared/middleware/auth.middleware.js';
import { authenticate } from '../../shared/middleware/auth.middleware.js';
import { requireAccess } from '../../shared/middleware/rbac.middleware.js';
const router = Router();
@ -20,13 +21,13 @@ router.post('/followers', (req, res, next) => systemController.addFollower(req,
router.delete('/followers/:model/:recordId', (req, res, next) => systemController.removeFollower(req, res, next));
// ========== NOTIFICATIONS ==========
router.get('/notifications', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.get('/notifications', requireAccess({ roles: ['admin'], permission: 'notifications:read' }), (req, res, next) =>
systemController.getNotifications(req, res, next)
);
router.get('/notifications/me', (req, res, next) => systemController.getMyNotifications(req, res, next));
router.get('/notifications/me/count', (req, res, next) => systemController.getUnreadCount(req, res, next));
router.get('/notifications/:id', (req, res, next) => systemController.getNotification(req, res, next));
router.post('/notifications', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.post('/notifications', requireAccess({ roles: ['admin'], permission: 'notifications:create' }), (req, res, next) =>
systemController.createNotification(req, res, next)
);
router.post('/notifications/:id/read', (req, res, next) => systemController.markNotificationAsRead(req, res, next));

27
src/modules/tenants/tenants.routes.ts
View File

@ -1,6 +1,7 @@
import { Router } from 'express';
import { tenantsController } from './tenants.controller.js';
import { authenticate, requireRoles } from '../../shared/middleware/auth.middleware.js';
import { authenticate } from '../../shared/middleware/auth.middleware.js';
import { requireAccess } from '../../shared/middleware/rbac.middleware.js';
const router = Router();
@ -12,57 +13,57 @@ router.get('/current', (req, res, next) =>
tenantsController.getCurrent(req, res, next)
);
// List all tenants (super_admin only)
router.get('/', requireRoles('super_admin'), (req, res, next) =>
// List all tenants (super_admin only - no permission fallback)
router.get('/', requireAccess({ roles: ['super_admin'], permission: 'system:manage' }), (req, res, next) =>
tenantsController.findAll(req, res, next)
);
// Get tenant by ID (super_admin only)
router.get('/:id', requireRoles('super_admin'), (req, res, next) =>
router.get('/:id', requireAccess({ roles: ['super_admin'], permission: 'system:manage' }), (req, res, next) =>
tenantsController.findById(req, res, next)
);
// Get tenant statistics (super_admin only)
router.get('/:id/stats', requireRoles('super_admin'), (req, res, next) =>
router.get('/:id/stats', requireAccess({ roles: ['super_admin'], permission: 'system:manage' }), (req, res, next) =>
tenantsController.getStats(req, res, next)
);
// Create tenant (super_admin only)
router.post('/', requireRoles('super_admin'), (req, res, next) =>
router.post('/', requireAccess({ roles: ['super_admin'], permission: 'system:manage' }), (req, res, next) =>
tenantsController.create(req, res, next)
);
// Update tenant (super_admin only)
router.put('/:id', requireRoles('super_admin'), (req, res, next) =>
router.put('/:id', requireAccess({ roles: ['super_admin'], permission: 'system:manage' }), (req, res, next) =>
tenantsController.update(req, res, next)
);
// Suspend tenant (super_admin only)
router.post('/:id/suspend', requireRoles('super_admin'), (req, res, next) =>
router.post('/:id/suspend', requireAccess({ roles: ['super_admin'], permission: 'system:manage' }), (req, res, next) =>
tenantsController.suspend(req, res, next)
);
// Activate tenant (super_admin only)
router.post('/:id/activate', requireRoles('super_admin'), (req, res, next) =>
router.post('/:id/activate', requireAccess({ roles: ['super_admin'], permission: 'system:manage' }), (req, res, next) =>
tenantsController.activate(req, res, next)
);
// Delete tenant (super_admin only)
router.delete('/:id', requireRoles('super_admin'), (req, res, next) =>
router.delete('/:id', requireAccess({ roles: ['super_admin'], permission: 'system:manage' }), (req, res, next) =>
tenantsController.delete(req, res, next)
);
// Tenant settings (admin and super_admin)
router.get('/:id/settings', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.get('/:id/settings', requireAccess({ roles: ['admin'], permission: 'tenant_settings:read' }), (req, res, next) =>
tenantsController.getSettings(req, res, next)
);
router.put('/:id/settings', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.put('/:id/settings', requireAccess({ roles: ['admin'], permission: 'tenant_settings:update' }), (req, res, next) =>
tenantsController.updateSettings(req, res, next)
);
// Check user limit (admin and super_admin)
router.get('/:id/can-add-user', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.get('/:id/can-add-user', requireAccess({ roles: ['admin'], permission: 'users:create' }), (req, res, next) =>
tenantsController.canAddUser(req, res, next)
);

23
src/modules/users/users.routes.ts
View File

@ -1,6 +1,7 @@
import { Router } from 'express';
import { usersController } from './users.controller.js';
import { authenticate, requireRoles } from '../../shared/middleware/auth.middleware.js';
import { authenticate } from '../../shared/middleware/auth.middleware.js';
import { requireAccess } from '../../shared/middleware/rbac.middleware.js';
const router = Router();
@ -11,49 +12,49 @@ router.use(authenticate);
router.get('/me', (req, res, next) => usersController.getMe(req, res, next));
// List users (admin, manager)
router.get('/', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.get('/', requireAccess({ roles: ['admin', 'manager'], permission: 'users:read' }), (req, res, next) =>
usersController.findAll(req, res, next)
);
// Get user by ID
router.get('/:id', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.get('/:id', requireAccess({ roles: ['admin', 'manager'], permission: 'users:read' }), (req, res, next) =>
usersController.findById(req, res, next)
);
// Create user (admin only)
router.post('/', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.post('/', requireAccess({ roles: ['admin'], permission: 'users:create' }), (req, res, next) =>
usersController.create(req, res, next)
);
// Update user (admin only)
router.put('/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.put('/:id', requireAccess({ roles: ['admin'], permission: 'users:update' }), (req, res, next) =>
usersController.update(req, res, next)
);
// Delete user (admin only)
router.delete('/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/:id', requireAccess({ roles: ['admin'], permission: 'users:delete' }), (req, res, next) =>
usersController.delete(req, res, next)
);
// Activate/Deactivate user (admin only)
router.post('/:id/activate', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.post('/:id/activate', requireAccess({ roles: ['admin'], permission: 'users:activate' }), (req, res, next) =>
usersController.activate(req, res, next)
);
router.post('/:id/deactivate', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.post('/:id/deactivate', requireAccess({ roles: ['admin'], permission: 'users:deactivate' }), (req, res, next) =>
usersController.deactivate(req, res, next)
);
// User roles
router.get('/:id/roles', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.get('/:id/roles', requireAccess({ roles: ['admin'], permission: 'roles:read' }), (req, res, next) =>
usersController.getRoles(req, res, next)
);
router.post('/:id/roles', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.post('/:id/roles', requireAccess({ roles: ['admin'], permission: 'roles:update' }), (req, res, next) =>
usersController.assignRole(req, res, next)
);
router.delete('/:id/roles/:roleId', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/:id/roles/:roleId', requireAccess({ roles: ['admin'], permission: 'roles:update' }), (req, res, next) =>
usersController.removeRole(req, res, next)
);

15
src/modules/warehouses/warehouses.routes.ts
View File

@ -1,6 +1,7 @@
import { Router } from 'express';
import { warehousesController } from './warehouses.controller.js';
import { authenticate, requireRoles } from '../../shared/middleware/auth.middleware.js';
import { authenticate } from '../../shared/middleware/auth.middleware.js';
import { requireAccess } from '../../shared/middleware/rbac.middleware.js';
const router = Router();
@ -15,17 +16,17 @@ router.get('/locations', (req, res, next) => warehousesController.findAllLocatio
router.get('/locations/:id', (req, res, next) => warehousesController.findLocationById(req, res, next));
// Create location
router.post('/locations', requireRoles('admin', 'manager', 'inventory', 'super_admin'), (req, res, next) =>
router.post('/locations', requireAccess({ roles: ['admin', 'manager', 'warehouse'], permission: 'locations:create' }), (req, res, next) =>
warehousesController.createLocation(req, res, next)
);
// Update location
router.patch('/locations/:id', requireRoles('admin', 'manager', 'inventory', 'super_admin'), (req, res, next) =>
router.patch('/locations/:id', requireAccess({ roles: ['admin', 'manager', 'warehouse'], permission: 'locations:update' }), (req, res, next) =>
warehousesController.updateLocation(req, res, next)
);
// Delete location
router.delete('/locations/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/locations/:id', requireAccess({ roles: ['admin'], permission: 'locations:delete' }), (req, res, next) =>
warehousesController.deleteLocation(req, res, next)
);
@ -50,17 +51,17 @@ router.get('/', (req, res, next) => warehousesController.findAll(req, res, next)
router.get('/:id', (req, res, next) => warehousesController.findById(req, res, next));
// Create warehouse
router.post('/', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.post('/', requireAccess({ roles: ['admin', 'manager'], permission: 'warehouses:create' }), (req, res, next) =>
warehousesController.create(req, res, next)
);
// Update warehouse
router.patch('/:id', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) =>
router.patch('/:id', requireAccess({ roles: ['admin', 'manager'], permission: 'warehouses:update' }), (req, res, next) =>
warehousesController.update(req, res, next)
);
// Delete warehouse
router.delete('/:id', requireRoles('admin', 'super_admin'), (req, res, next) =>
router.delete('/:id', requireAccess({ roles: ['admin'], permission: 'warehouses:delete' }), (req, res, next) =>
warehousesController.delete(req, res, next)
);