v1.6.7: add settings.system permission, move numbering/VAT to company tab, rename security tab to roles

- New settings.system permission with migration (idempotent INSERT)
- requireAnyPermission helper for route guards accepting multiple perms
- Move document numbering + currency/VAT cards from system tab to CompanySettings
- Rename security tab to roles, add canManageSystem alongside canManageCompany
- TOTP required endpoint and system-info now use settings.system
- Roles list now includes user_count
- Sidebar Settings link includes settings.system

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
BOHA
2026-05-18 14:03:31 +02:00
parent 55648c9a30
commit 66b98e2765
10 changed files with 1041 additions and 962 deletions

View File

@@ -3,6 +3,7 @@ import prisma from "../../config/database";
import {
requireAuth,
requirePermission,
requireAnyPermission,
optionalAuth,
} from "../../middleware/auth";
import { logAudit } from "../../services/audit";
@@ -333,7 +334,7 @@ export default async function companySettingsRoutes(
// GET /api/admin/company-settings/system-info
fastify.get(
"/system-info",
{ preHandler: requirePermission("settings.company") },
{ preHandler: requirePermission("settings.system") },
async (request, reply) => {
// eslint-disable-next-line @typescript-eslint/no-var-requires
const pkg = require("../../../package.json") as { version: string };
@@ -404,7 +405,7 @@ export default async function companySettingsRoutes(
fastify.put(
"/",
{ preHandler: requirePermission("settings.company") },
{ preHandler: requireAnyPermission("settings.company", "settings.system") },
async (request, reply) => {
const parsed = parseBody(UpdateCompanySettingsSchema, request.body);
if ("error" in parsed) return error(reply, parsed.error, 400);

View File

@@ -14,18 +14,29 @@ export default async function rolesRoutes(
"/",
{ preHandler: requirePermission("settings.roles") },
async (request, reply) => {
const roles = await prisma.roles.findMany({
include: {
role_permissions: {
include: { permissions: true },
const [roles, userCounts] = await Promise.all([
prisma.roles.findMany({
include: {
role_permissions: {
include: { permissions: true },
},
},
},
orderBy: { id: "asc" },
});
orderBy: { id: "asc" },
}),
prisma.users.groupBy({
by: ["role_id"],
_count: { id: true },
}),
]);
const countMap = new Map(
userCounts.map((u) => [u.role_id, Number(u._count.id)]),
);
const data = roles.map((r) => ({
...r,
permissions: r.role_permissions.map((rp) => rp.permissions),
user_count: countMap.get(r.id) || 0,
}));
return success(reply, data);
@@ -38,7 +49,7 @@ export default async function rolesRoutes(
{ preHandler: requirePermission("settings.roles") },
async (_request, reply) => {
const permissions = await prisma.permissions.findMany({
orderBy: [{ module: "asc" }, { id: "asc"}]
orderBy: [{ module: "asc" }, { id: "asc" }],
});
return success(reply, permissions);
},

View File

@@ -207,7 +207,7 @@ export default async function totpRoutes(
fastify.post(
"/required",
{
preHandler: [requireAuth, requirePermission("settings.company")],
preHandler: [requireAuth, requirePermission("settings.system")],
bodyLimit: 10240,
},
async (request, reply) => {