fix: allow any authenticated user to list vehicles
Vehicle list (GET) now requires only authentication, not trips.vehicles permission. Users with trips.view can see available cars in the trip modal. Create/update/delete still require trips.vehicles. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
BOHA
@@ -1,13 +1,13 @@
|
|||||||
import { FastifyInstance } from 'fastify';
|
import { FastifyInstance } from 'fastify';
|
||||||
import prisma from '../../config/database';
|
import prisma from '../../config/database';
|
||||||
import { requirePermission } from '../../middleware/auth';
|
import { requireAuth, requirePermission } from '../../middleware/auth';
|
||||||
import { logAudit } from '../../services/audit';
|
import { logAudit } from '../../services/audit';
|
||||||
import { success, error, parseId } from '../../utils/response';
|
import { success, error, parseId } from '../../utils/response';
|
||||||
import { parseBody } from '../../schemas/common';
|
import { parseBody } from '../../schemas/common';
|
||||||
import { CreateVehicleSchema, UpdateVehicleSchema } from '../../schemas/vehicles.schema';
|
import { CreateVehicleSchema, UpdateVehicleSchema } from '../../schemas/vehicles.schema';
|
||||||
|
|
||||||
export default async function vehiclesRoutes(fastify: FastifyInstance): Promise<void> {
|
export default async function vehiclesRoutes(fastify: FastifyInstance): Promise<void> {
|
||||||
fastify.get('/', { preHandler: requirePermission('trips.vehicles') }, async (_request, reply) => {
|
fastify.get('/', { preHandler: requireAuth }, async (_request, reply) => {
|
||||||
const vehicles = await prisma.vehicles.findMany({ orderBy: { name: 'asc' } });
|
const vehicles = await prisma.vehicles.findMany({ orderBy: { name: 'asc' } });
|
||||||
|
|
||||||
// Compute current_km and trip_count from trips table
|
// Compute current_km and trip_count from trips table
|
||||||
|
|||||||
Reference in New Issue
Block a user