Merge remote-tracking branch 'origin/master'

2026-03-03 13:29:17 +03:00
parent 4805216808
commit d355ef7acd
21 changed files with 279 additions and 227 deletions
--- a/svc/internal/authz/mssql.go
+++ b/svc/internal/authz/mssql.go
@@ -1,6 +1,7 @@
 package authz

 import (
+	"bssapp-backend/auth"
 	"context"
 	"fmt"
 	"strings"
@@ -10,23 +11,53 @@ func BuildMSSQLPiyasaFilter(
 	ctx context.Context,
 	column string,
 ) string {
+	claims, ok := auth.GetClaimsFromContext(ctx)
+	if ok && claims != nil && claims.IsAdmin() {
+		return "1=1"
+	}

 	codes := GetPiyasaCodesFromCtx(ctx)

 	if len(codes) == 0 {
-		return "1=1"
+		return "1=0"

 	}
+	return BuildMSSQLPiyasaFilterWithCodes(column, codes)
+}

-	var quoted []string
+func BuildMSSQLPiyasaFilterWithCodes(column string, codes []string) string {
+	normalizedCol := fmt.Sprintf("UPPER(LTRIM(RTRIM(%s)))", column)
+
+	exact := BuildINClause(normalizedCol, codes)
+	prefixCodes := first3Codes(codes)
+	if len(prefixCodes) == 0 {
+		return exact
+	}
+
+	prefix := BuildINClause(
+		fmt.Sprintf("LEFT(%s, 3)", normalizedCol),
+		prefixCodes,
+	)
+
+	return fmt.Sprintf("(%s OR %s)", exact, prefix)
+}
+
+func first3Codes(codes []string) []string {
+	seen := make(map[string]struct{}, len(codes))
+	out := make([]string, 0, len(codes))

 	for _, c := range codes {
-		quoted = append(quoted, "'"+c+"'")
+		n := strings.ToUpper(strings.TrimSpace(c))
+		if len(n) < 3 {
+			continue
+		}
+		n = n[:3]
+		if _, ok := seen[n]; ok {
+			continue
+		}
+		seen[n] = struct{}{}
+		out = append(out, n)
 	}

-	return fmt.Sprintf(
-		"%s IN (%s)",
-		column,
-		strings.Join(quoted, ","),
-	)
+	return out
 }