From efdd11a2a7295f4347232ffaf62b39cd3ff9753d Mon Sep 17 00:00:00 2001
From: M_Kececi <you@example.com>
Date: Mon, 23 Mar 2026 18:12:39 +0300
Subject: [PATCH] Merge remote-tracking branch 'origin/master'

---
 svc/main.go                                  |  2 +-
 ui/src/stores/RoleDeptPermissionListStore.js | 33 +++++++++++++++++---
 2 files changed, 29 insertions(+), 6 deletions(-)

diff --git a/svc/main.go b/svc/main.go
index 371e379..da1aa89 100644
--- a/svc/main.go
+++ b/svc/main.go
@@ -527,7 +527,7 @@ func InitRoutes(pgDB *sql.DB, mssql *sql.DB, ml *mailer.GraphMailer) *mux.Router
 		{"/api/order/check/{id}", "GET", "view", routes.OrderExistsHandler(mssql)},
 		{"/api/order/validate", "POST", "insert", routes.ValidateOrderHandler(mssql)},
 		{"/api/order/pdf/{id}", "GET", "export", routes.OrderPDFHandler(mssql)},
-		{"/api/order/send-market-mail", "POST", "update", routes.SendOrderMarketMailHandler(pgDB, mssql, ml)},
+		{"/api/order/send-market-mail", "POST", "view", routes.SendOrderMarketMailHandler(pgDB, mssql, ml)},
 		{"/api/order-inventory", "GET", "view", http.HandlerFunc(routes.GetOrderInventoryHandler)},
 		{"/api/orderpricelistb2b", "GET", "view", routes.GetOrderPriceListB2BHandler(pgDB, mssql)},
 		{"/api/min-price", "GET", "view", routes.GetOrderPriceListB2BHandler(pgDB, mssql)},
diff --git a/ui/src/stores/RoleDeptPermissionListStore.js b/ui/src/stores/RoleDeptPermissionListStore.js
index 820c3d9..5a6ff43 100644
--- a/ui/src/stores/RoleDeptPermissionListStore.js
+++ b/ui/src/stores/RoleDeptPermissionListStore.js
@@ -3,6 +3,20 @@ import api from 'src/services/api'
 
 let lastRequestId = 0
 
+const ACTION_CANONICAL = {
+  view: 'read',
+  insert: 'write'
+}
+
+function normalizeToken(v) {
+  return String(v || '').toLowerCase().trim()
+}
+
+function canonicalAction(v) {
+  const key = normalizeToken(v)
+  return ACTION_CANONICAL[key] || key
+}
+
 export const useRoleDeptPermissionListStore = defineStore('roleDeptPermissionList', {
   state: () => ({
     modules: [],
@@ -47,10 +61,15 @@ export const useRoleDeptPermissionListStore = defineStore('roleDeptPermissionLis
           : []
 
         this.moduleActions = Array.isArray(payload?.module_actions)
-          ? payload.module_actions.map((a) => ({
-            module_code: String(a.module_code || '').toLowerCase().trim(),
-            action: String(a.action || '').toLowerCase().trim()
-          })).filter((a) => a.module_code && a.action)
+          ? payload.module_actions
+            .map((a) => ({
+              module_code: normalizeToken(a.module_code),
+              action: canonicalAction(a.action)
+            }))
+            .filter((a) => a.module_code && a.action)
+            .filter((a, idx, arr) =>
+              arr.findIndex((x) => x.module_code === a.module_code && x.action === a.action) === idx
+            )
           : []
 
         const rawRows = Array.isArray(payload?.rows)
@@ -63,7 +82,11 @@ export const useRoleDeptPermissionListStore = defineStore('roleDeptPermissionLis
             : {}
           const flags = {}
           Object.keys(rawFlags).forEach((k) => {
-            flags[String(k).toLowerCase().trim()] = Boolean(rawFlags[k])
+            const [moduleRaw, actionRaw] = normalizeToken(k).split('|')
+            if (!moduleRaw || !actionRaw) return
+            const action = canonicalAction(actionRaw)
+            const key = `${moduleRaw}|${action}`
+            flags[key] = Boolean(flags[key]) || Boolean(rawFlags[k])
           })
 
           return {