fix: validation role for history order

2024-07-26 13:39:08 +07:00 · 2024-07-26 13:39:08 +07:00 · 5ef14f3043
commit 5ef14f3043
parent 5a68a1daa4
5 changed files with 31 additions and 8 deletions
--- a/internal/handlers/http/order/order.go
+++ b/internal/handlers/http/order/order.go
@ -7,6 +7,7 @@ import (
 	"furtuna-be/internal/handlers/response"
 	"furtuna-be/internal/services"
 	"net/http"
+	"strings"
 	"time"

 	"github.com/gin-gonic/gin"
@ -170,13 +171,23 @@ func (h *Handler) toHistoryOrderResponse(resp *entity.HistoryOrder) response.His
 }

 func (h *Handler) GetAllHistoryOrders(c *gin.Context) {
+	tokenString := c.GetHeader("Authorization")
+
+	if tokenString == "" {
+		c.JSON(http.StatusUnauthorized, gin.H{"error": "Authorization header is required"})
+		c.Abort()
+		return
+	}
+
+	tokenString = strings.TrimPrefix(tokenString, "Bearer ")
+
 	var req request.HistoryOrderParam
 	if err := c.ShouldBindQuery(&req); err != nil {
 		response.ErrorWrapper(c, errors.ErrorBadRequest)
 		return
 	}

-	orders, total, err := h.service.GetAllHistoryOrders(c.Request.Context(), req.ToEntity())
+	orders, total, err := h.service.GetAllHistoryOrders(c.Request.Context(), tokenString, req.ToEntity())
 	if err != nil {
 		response.ErrorWrapper(c, err)
 		return
--- a/internal/repository/orders/order.go
+++ b/internal/repository/orders/order.go
@ -83,7 +83,7 @@ func (r *OrderRepository) Update(ctx context.Context, order *entity.Order) (*ent
 	return order, nil
 }

-func (b *OrderRepository) GetAllHystoryOrders(ctx context.Context, req entity.HistoryOrderSearch) (entity.HistoryOrderList, int, error) {
+func (b *OrderRepository) GetAllHystoryOrders(ctx context.Context, claims entity.JWTAuthClaims, req entity.HistoryOrderSearch) (entity.HistoryOrderList, int, error) {
 	var orders []*entity.HistoryOrderDB
 	var total int64

@ -92,8 +92,13 @@ func (b *OrderRepository) GetAllHystoryOrders(ctx context.Context, req entity.Hi
 		Joins("left join (SELECT items.order_id, products.name, SUM(items.qty) AS total_qty FROM order_items items LEFT JOIN products ON items.item_id = products.id GROUP BY items.order_id, products.name) AS ticket_summary ON orders.id = ticket_summary.order_id").
 		Joins("left join users on orders.created_by = users.id").
 		Joins("left join partners on orders.partner_id = partners.id").
-		Joins("left join sites on partners.id = sites.partner_id").
-		Group("orders.id, users.name, sites.name, orders.created_at, orders.payment_type, orders.status")
+		Joins("left join sites on partners.id = sites.partner_id")
+
+	if claims.Role == 3 {
+		query = query.Where("orders.partner_id = ?", claims.PartnerID)
+	}
+
+	query = query.Group("orders.id, users.name, sites.name, orders.created_at, orders.payment_type, orders.status")

 	if err := query.Count(&total).Error; err != nil {
 		logger.ContextLogger(ctx).Error("error when count history orders", zap.Error(err))
--- a/internal/repository/repository.go
+++ b/internal/repository/repository.go
@ -130,7 +130,7 @@ type Order interface {
 	FindByID(ctx context.Context, id int64) (*entity.Order, error)
 	Update(ctx context.Context, order *entity.Order) (*entity.Order, error)
 	SetOrderStatus(ctx context.Context, db *gorm.DB, orderID int64, status string) error
-	GetAllHystoryOrders(ctx context.Context, req entity.HistoryOrderSearch) (entity.HistoryOrderList, int, error)
+	GetAllHystoryOrders(ctx context.Context, claims entity.JWTAuthClaims, req entity.HistoryOrderSearch) (entity.HistoryOrderList, int, error)
 }

 type OSSRepository interface {
--- a/internal/services/order/order.go
+++ b/internal/services/order/order.go
@ -297,8 +297,15 @@ func (s *OrderService) updateWalletBalance(ctx context.Context, tx *gorm.DB, par
 	return err
 }

-func (s *OrderService) GetAllHistoryOrders(ctx context.Context, req entity.HistoryOrderSearch) ([]*entity.HistoryOrder, int, error) {
-	historyOrders, total, err := s.repo.GetAllHystoryOrders(ctx, req)
+func (s *OrderService) GetAllHistoryOrders(ctx context.Context, tokenString string, req entity.HistoryOrderSearch) ([]*entity.HistoryOrder, int, error) {
+	claims, err := s.crypt.ParseAndValidateJWT(tokenString)
+
+	if err != nil {
+		logger.ContextLogger(ctx).Error("error when get data token", zap.Error(err))
+		return nil, 0, err
+	}
+	
+	historyOrders, total, err := s.repo.GetAllHystoryOrders(ctx, *claims, req)
 	if err != nil {
 		logger.ContextLogger(ctx).Error("error when get all history orders", zap.Error(err))
 		return nil, 0, err
--- a/internal/services/service.go
+++ b/internal/services/service.go
@ -101,7 +101,7 @@ type Order interface {
 	CreateOrder(ctx context.Context, req *entity.OrderRequest) (*entity.OrderResponse, error)
 	Execute(ctx context.Context, req *entity.OrderExecuteRequest) (*entity.ExecuteOrderResponse, error)
 	ProcessCallback(ctx context.Context, req *entity.CallbackRequest) error
-	GetAllHistoryOrders(ctx context.Context, req entity.HistoryOrderSearch) ([]*entity.HistoryOrder, int, error)
+	GetAllHistoryOrders(ctx context.Context, tokenString string, req entity.HistoryOrderSearch) ([]*entity.HistoryOrder, int, error)
 }

 type OSSService interface {