Merge remote-tracking branch 'origin/master'

2026-03-03 13:29:17 +03:00
parent 4805216808
commit d355ef7acd
21 changed files with 279 additions and 227 deletions
--- a/svc/middlewares/authz_v2.go
+++ b/svc/middlewares/authz_v2.go
@@ -537,9 +537,15 @@ func cachedPiyasaIntersectionAny(pg *sql.DB, c *ttlCache, userID, roleID int64,
 	err := pg.QueryRow(`
        SELECT 1
        FROM dfusr_piyasa up
+        LEFT JOIN mk_sales_piy p_code
+          ON UPPER(translate(TRIM(p_code.code),  'çğıöşüÇĞİÖŞÜ', 'CGIOSUCGIOSU'))
+           = UPPER(translate(TRIM(up.piyasa_code), 'çğıöşüÇĞİÖŞÜ', 'CGIOSUCGIOSU'))
+        LEFT JOIN mk_sales_piy p_title
+          ON UPPER(translate(TRIM(p_title.title), 'çğıöşüÇĞİÖŞÜ', 'CGIOSUCGIOSU'))
+           = UPPER(translate(TRIM(up.piyasa_code), 'çğıöşüÇĞİÖŞÜ', 'CGIOSUCGIOSU'))
        WHERE up.dfusr_id = $1
          AND up.is_allowed = true
-          AND up.piyasa_code = ANY($2)
+          AND UPPER(TRIM(COALESCE(p_code.code, p_title.code, up.piyasa_code))) = ANY($2)
        LIMIT 1
    `, userID, pqArray(piyasaCodes)).Scan(&dummy)

@@ -988,7 +994,23 @@ func AuthzGuardByRoute(pg *sql.DB) func(http.Handler) http.Handler {
 			}

 			// =====================================================
-			// 5️⃣ PASS
+			// 5️⃣ SCOPE CONTEXT ENRICH (for MSSQL piyasa filters)
+			// =====================================================
+			if !claims.IsAdmin() {
+				userPiy, err := authz.GetUserPiyasaCodes(pg, int(claims.ID))
+				if err != nil {
+					log.Printf("❌ AUTHZ: user piyasa resolve error user=%d err=%v", claims.ID, err)
+					http.Error(w, "forbidden", http.StatusForbidden)
+					return
+				}
+
+				if len(userPiy) > 0 {
+					r = r.WithContext(authz.WithPiyasaCodes(r.Context(), normalizeCodes(userPiy)))
+				}
+			}
+
+			// =====================================================
+			// 6️⃣ PASS
 			// =====================================================
 			next.ServeHTTP(w, r)
 		})