admin 1a68840805 fix(auth)!: implement proper RBAC with role-permission checking ...

BREAKING CHANGE: Authorization now requires role_permissions table

Previously checked only if permission existed, now verifies user's
role has been granted the permission. Closes critical security gap
allowing any user to access any resource.

- feat: add role_permissions table schema
- feat: add GetPermissionByResourceActionAndRole repository method
- fix: update Authorize to check user role before granting access
- fix: update cache keys to include roleID
- test: update all tests for new authorization flow

2026-01-22 14:09:37 +08:00

db

added more comprehensive unit test cases

2025-12-16 11:18:35 +08:00

docs

removed username

2026-01-16 10:50:50 +08:00

handlers

removed username

2026-01-16 10:50:50 +08:00

helper

fixed sonarqube issues

2025-12-17 09:42:18 +08:00

middleware

removed username

2026-01-16 10:50:50 +08:00

models

fix(auth)!: implement proper RBAC with role-permission checking

2026-01-22 14:09:37 +08:00

redisclient

fixed sonarqube issues

2025-12-17 10:01:58 +08:00

repository

fix(auth)!: implement proper RBAC with role-permission checking

2026-01-22 14:09:37 +08:00

routes

added a simple check route

2026-01-05 14:03:51 +08:00

services

fix(auth)!: implement proper RBAC with role-permission checking

2026-01-22 14:09:37 +08:00

.gitignore

ignored .pem

2026-01-05 10:30:54 +08:00

constants.go

init

2025-12-04 10:55:25 +08:00

go.mod

added unit testing

2025-12-16 10:57:26 +08:00

go.sum

added unit testing

2025-12-16 10:57:26 +08:00

main.go

fixed

2026-01-05 14:06:43 +08:00

S

Description

No description provided

417 KiB

Languages

Go 100%