fix: resolve merge conflicts from role-based permissions + audit trail branches

Combines auth context keys (user role, IP, user-agent), tenant resolver (GetUserRole-based access verification), middleware (deferred tenant resolution + request info capture), and router (audit log + notifications + assignments).
2026-03-30 11:24:43 +02:00
parent 8e65463130
commit 34dcbb74fe
6 changed files with 32 additions and 135 deletions
--- a/backend/internal/auth/tenant_resolver_test.go
+++ b/backend/internal/auth/tenant_resolver_test.go
@@ -10,49 +10,26 @@ import (
 )

 type mockTenantLookup struct {
-<<<<<<< HEAD
-	tenantID  *uuid.UUID
-	err       error
-	hasAccess bool
-	accessErr error
-||||||| 82878df
-	tenantID *uuid.UUID
-	err      error
-=======
 	tenantID *uuid.UUID
 	role     string
+	roleSet  bool // true means role was explicitly set (even if empty)
 	err      error
->>>>>>> mai/pike/p0-role-based
 }

 func (m *mockTenantLookup) FirstTenantForUser(ctx context.Context, userID uuid.UUID) (*uuid.UUID, error) {
 	return m.tenantID, m.err
 }

-<<<<<<< HEAD
-func (m *mockTenantLookup) VerifyAccess(ctx context.Context, userID, tenantID uuid.UUID) (bool, error) {
-	return m.hasAccess, m.accessErr
-}
-
-||||||| 82878df
-=======
 func (m *mockTenantLookup) GetUserRole(ctx context.Context, userID, tenantID uuid.UUID) (string, error) {
-	if m.role != "" {
+	if m.roleSet {
 		return m.role, m.err
 	}
 	return "associate", m.err
 }

->>>>>>> mai/pike/p0-role-based
 func TestTenantResolver_FromHeader(t *testing.T) {
 	tenantID := uuid.New()
-<<<<<<< HEAD
-	tr := NewTenantResolver(&mockTenantLookup{hasAccess: true})
-||||||| 82878df
-	tr := NewTenantResolver(&mockTenantLookup{})
-=======
 	tr := NewTenantResolver(&mockTenantLookup{role: "partner"})
->>>>>>> mai/pike/p0-role-based

 	var gotTenantID uuid.UUID
 	next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@@ -81,7 +58,7 @@ func TestTenantResolver_FromHeader(t *testing.T) {

 func TestTenantResolver_FromHeader_NoAccess(t *testing.T) {
 	tenantID := uuid.New()
-	tr := NewTenantResolver(&mockTenantLookup{hasAccess: false})
+	tr := NewTenantResolver(&mockTenantLookup{role: "", roleSet: true})

 	next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		t.Fatal("next should not be called")
@@ -101,7 +78,7 @@ func TestTenantResolver_FromHeader_NoAccess(t *testing.T) {

 func TestTenantResolver_DefaultsToFirst(t *testing.T) {
 	tenantID := uuid.New()
-	tr := NewTenantResolver(&mockTenantLookup{tenantID: &tenantID})
+	tr := NewTenantResolver(&mockTenantLookup{tenantID: &tenantID, role: "owner"})

 	var gotTenantID uuid.UUID
 	next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {