fix: resolve merge conflicts from P0 role-based + audit trail branches

Combine role-based permissions (VerifyAccess/GetUserRole) with audit trail (IP/user-agent context capture) in auth middleware and tenant resolver.
2026-03-30 11:25:41 +02:00
parent 8e65463130
commit bfd5e354ad
6 changed files with 32 additions and 127 deletions
--- a/backend/internal/auth/tenant_resolver_test.go
+++ b/backend/internal/auth/tenant_resolver_test.go
@@ -10,49 +10,35 @@ import (
 )

 type mockTenantLookup struct {
-<<<<<<< HEAD
 	tenantID  *uuid.UUID
 	err       error
 	hasAccess bool
 	accessErr error
-||||||| 82878df
-	tenantID *uuid.UUID
-	err      error
-=======
-	tenantID *uuid.UUID
-	role     string
-	err      error
->>>>>>> mai/pike/p0-role-based
+	role      string
+	noAccess  bool // when true, GetUserRole returns ""
 }

 func (m *mockTenantLookup) FirstTenantForUser(ctx context.Context, userID uuid.UUID) (*uuid.UUID, error) {
 	return m.tenantID, m.err
 }

-<<<<<<< HEAD
 func (m *mockTenantLookup) VerifyAccess(ctx context.Context, userID, tenantID uuid.UUID) (bool, error) {
 	return m.hasAccess, m.accessErr
 }

-||||||| 82878df
-=======
 func (m *mockTenantLookup) GetUserRole(ctx context.Context, userID, tenantID uuid.UUID) (string, error) {
+	if m.noAccess {
+		return "", m.err
+	}
 	if m.role != "" {
 		return m.role, m.err
 	}
 	return "associate", m.err
 }

->>>>>>> mai/pike/p0-role-based
 func TestTenantResolver_FromHeader(t *testing.T) {
 	tenantID := uuid.New()
-<<<<<<< HEAD
-	tr := NewTenantResolver(&mockTenantLookup{hasAccess: true})
-||||||| 82878df
-	tr := NewTenantResolver(&mockTenantLookup{})
-=======
-	tr := NewTenantResolver(&mockTenantLookup{role: "partner"})
->>>>>>> mai/pike/p0-role-based
+	tr := NewTenantResolver(&mockTenantLookup{role: "partner", hasAccess: true})

 	var gotTenantID uuid.UUID
 	next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@@ -81,7 +67,7 @@ func TestTenantResolver_FromHeader(t *testing.T) {

 func TestTenantResolver_FromHeader_NoAccess(t *testing.T) {
 	tenantID := uuid.New()
-	tr := NewTenantResolver(&mockTenantLookup{hasAccess: false})
+	tr := NewTenantResolver(&mockTenantLookup{noAccess: true})

 	next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		t.Fatal("next should not be called")