fix: resolve merge conflicts from role-based permissions + audit trail branches

Combines auth context keys (user role, IP, user-agent), tenant resolver (GetUserRole-based access verification), middleware (deferred tenant resolution + request info capture), and router (audit log + notifications + assignments).
2026-03-30 11:24:43 +02:00
parent 8e65463130
commit 34dcbb74fe
6 changed files with 32 additions and 135 deletions
--- a/backend/internal/router/router.go
+++ b/backend/internal/router/router.go
@@ -29,14 +29,8 @@ func New(db *sqlx.DB, authMW *auth.Middleware, cfg *config.Config, calDAVSvc *se
 	deadlineRuleSvc := services.NewDeadlineRuleService(db)
 	calculator := services.NewDeadlineCalculator(holidaySvc)
 	storageCli := services.NewStorageClient(cfg.SupabaseURL, cfg.SupabaseServiceKey)
-<<<<<<< HEAD
 	documentSvc := services.NewDocumentService(db, storageCli, auditSvc)
-||||||| 82878df
-	documentSvc := services.NewDocumentService(db, storageCli)
-=======
-	documentSvc := services.NewDocumentService(db, storageCli)
 	assignmentSvc := services.NewCaseAssignmentService(db)
->>>>>>> mai/pike/p0-role-based

 	// AI service (optional — only if API key is configured)
 	var aiH *handlers.AIHandler
@@ -79,6 +73,7 @@ func New(db *sqlx.DB, authMW *auth.Middleware, cfg *config.Config, calDAVSvc *se
 	api := http.NewServeMux()

 	// Tenant management (no tenant resolver — these operate across tenants)
+	api.HandleFunc("POST /api/tenants/auto-assign", tenantH.AutoAssign)
 	api.HandleFunc("POST /api/tenants", tenantH.CreateTenant)
 	api.HandleFunc("GET /api/tenants", tenantH.ListTenants)
 	api.HandleFunc("GET /api/tenants/{id}", tenantH.GetTenant)
@@ -162,16 +157,10 @@ func New(db *sqlx.DB, authMW *auth.Middleware, cfg *config.Config, calDAVSvc *se
 	// Dashboard — all can view
 	scoped.HandleFunc("GET /api/dashboard", dashboardH.Get)

-<<<<<<< HEAD
 	// Audit log
-	scoped.HandleFunc("GET /api/audit-log", auditH.List)
+	scoped.HandleFunc("GET /api/audit-log", perm(auth.PermViewAuditLog, auditH.List))

-	// Documents
-||||||| 82878df
-	// Documents
-=======
 	// Documents — all can upload, delete checked in handler (own vs all)
->>>>>>> mai/pike/p0-role-based
 	scoped.HandleFunc("GET /api/cases/{id}/documents", docH.ListByCase)
 	scoped.HandleFunc("POST /api/cases/{id}/documents", perm(auth.PermUploadDocuments, docH.Upload))
 	scoped.HandleFunc("GET /api/documents/{docId}", docH.Download)
@@ -185,7 +174,6 @@ func New(db *sqlx.DB, authMW *auth.Middleware, cfg *config.Config, calDAVSvc *se
 		scoped.HandleFunc("POST /api/ai/summarize-case", perm(auth.PermAIExtraction, aiLimiter.LimitFunc(aiH.SummarizeCase)))
 	}

-<<<<<<< HEAD
 	// Notifications
 	if notifH != nil {
 		scoped.HandleFunc("GET /api/notifications", notifH.List)
@@ -196,12 +184,7 @@ func New(db *sqlx.DB, authMW *auth.Middleware, cfg *config.Config, calDAVSvc *se
 		scoped.HandleFunc("PUT /api/notification-preferences", notifH.UpdatePreferences)
 	}

-	// CalDAV sync endpoints
-||||||| 82878df
-	// CalDAV sync endpoints
-=======
 	// CalDAV sync endpoints — settings permission required
->>>>>>> mai/pike/p0-role-based
 	if calDAVSvc != nil {
 		calDAVH := handlers.NewCalDAVHandler(calDAVSvc)
 		scoped.HandleFunc("POST /api/caldav/sync", perm(auth.PermManageSettings, calDAVH.TriggerSync))