v1.6.7: add settings.system permission, move numbering/VAT to company tab, rename security tab to roles
- New settings.system permission with migration (idempotent INSERT) - requireAnyPermission helper for route guards accepting multiple perms - Move document numbering + currency/VAT cards from system tab to CompanySettings - Rename security tab to roles, add canManageSystem alongside canManageCompany - TOTP required endpoint and system-info now use settings.system - Roles list now includes user_count - Sidebar Settings link includes settings.system Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
@@ -3,6 +3,7 @@ import prisma from "../../config/database";
|
||||
import {
|
||||
requireAuth,
|
||||
requirePermission,
|
||||
requireAnyPermission,
|
||||
optionalAuth,
|
||||
} from "../../middleware/auth";
|
||||
import { logAudit } from "../../services/audit";
|
||||
@@ -333,7 +334,7 @@ export default async function companySettingsRoutes(
|
||||
// GET /api/admin/company-settings/system-info
|
||||
fastify.get(
|
||||
"/system-info",
|
||||
{ preHandler: requirePermission("settings.company") },
|
||||
{ preHandler: requirePermission("settings.system") },
|
||||
async (request, reply) => {
|
||||
// eslint-disable-next-line @typescript-eslint/no-var-requires
|
||||
const pkg = require("../../../package.json") as { version: string };
|
||||
@@ -404,7 +405,7 @@ export default async function companySettingsRoutes(
|
||||
|
||||
fastify.put(
|
||||
"/",
|
||||
{ preHandler: requirePermission("settings.company") },
|
||||
{ preHandler: requireAnyPermission("settings.company", "settings.system") },
|
||||
async (request, reply) => {
|
||||
const parsed = parseBody(UpdateCompanySettingsSchema, request.body);
|
||||
if ("error" in parsed) return error(reply, parsed.error, 400);
|
||||
|
||||
@@ -14,18 +14,29 @@ export default async function rolesRoutes(
|
||||
"/",
|
||||
{ preHandler: requirePermission("settings.roles") },
|
||||
async (request, reply) => {
|
||||
const roles = await prisma.roles.findMany({
|
||||
include: {
|
||||
role_permissions: {
|
||||
include: { permissions: true },
|
||||
const [roles, userCounts] = await Promise.all([
|
||||
prisma.roles.findMany({
|
||||
include: {
|
||||
role_permissions: {
|
||||
include: { permissions: true },
|
||||
},
|
||||
},
|
||||
},
|
||||
orderBy: { id: "asc" },
|
||||
});
|
||||
orderBy: { id: "asc" },
|
||||
}),
|
||||
prisma.users.groupBy({
|
||||
by: ["role_id"],
|
||||
_count: { id: true },
|
||||
}),
|
||||
]);
|
||||
|
||||
const countMap = new Map(
|
||||
userCounts.map((u) => [u.role_id, Number(u._count.id)]),
|
||||
);
|
||||
|
||||
const data = roles.map((r) => ({
|
||||
...r,
|
||||
permissions: r.role_permissions.map((rp) => rp.permissions),
|
||||
user_count: countMap.get(r.id) || 0,
|
||||
}));
|
||||
|
||||
return success(reply, data);
|
||||
@@ -38,7 +49,7 @@ export default async function rolesRoutes(
|
||||
{ preHandler: requirePermission("settings.roles") },
|
||||
async (_request, reply) => {
|
||||
const permissions = await prisma.permissions.findMany({
|
||||
orderBy: [{ module: "asc" }, { id: "asc"}]
|
||||
orderBy: [{ module: "asc" }, { id: "asc" }],
|
||||
});
|
||||
return success(reply, permissions);
|
||||
},
|
||||
|
||||
@@ -207,7 +207,7 @@ export default async function totpRoutes(
|
||||
fastify.post(
|
||||
"/required",
|
||||
{
|
||||
preHandler: [requireAuth, requirePermission("settings.company")],
|
||||
preHandler: [requireAuth, requirePermission("settings.system")],
|
||||
bodyLimit: 10240,
|
||||
},
|
||||
async (request, reply) => {
|
||||
|
||||
Reference in New Issue
Block a user