Fix jwt-token

server/middleware/auth.js

@@ -64,10 +64,17 @@ async function authenticateToken(req, res, next) {
       }]
     });
 
-    if (!user || !user.is_active) {
+    if (!user) {
       return res.status(401).json({
         success: false,
-        message: 'Invalid or inactive user'
+        message: 'User not found'
+      });
+    }
+
+    if (!user.is_active) {
+      return res.status(401).json({
+        success: false,
+        message: 'User account is inactive'
       });
     }
 
@@ -80,7 +87,8 @@ async function authenticateToken(req, res, next) {
       role: user.role,
       is_active: user.is_active,
       tenant_id: user.tenant_id,
-      tenant: user.tenant
+      tenant: user.tenant,
+      tenantId: tenantId || (user.tenant ? user.tenant.slug : undefined) // Include tenantId in user object
     };
     
     // Set tenant context - prefer JWT tenantId, fallback to user's tenant

server/middleware/rbac.js

@@ -32,7 +32,11 @@ const PERMISSIONS = {
   'dashboard.view': 'View dashboard',
   'devices.view': 'View devices',
   'devices.manage': 'Add, edit, delete devices',
+  'devices.create': 'Create new devices',
+  'devices.update': 'Update existing devices',
+  'devices.delete': 'Delete devices',
   'detections.view': 'View detections',
+  'detections.create': 'Create detections',
   'alerts.view': 'View alerts',
   'alerts.manage': 'Manage alert configurations',
   'debug.access': 'Access debug information'
@@ -48,8 +52,8 @@ const ROLES = {
     'users.view', 'users.create', 'users.edit', 'users.delete', 'users.manage_roles',
     'auth.view', 'auth.edit',
     'dashboard.view',
-    'devices.view', 'devices.manage',
-    'detections.view',
+    'devices.view', 'devices.create', 'devices.update', 'devices.delete',
+    'detections.view', 'detections.create',
     'alerts.view', 'alerts.manage',
     'debug.access'
   ],
@@ -73,7 +77,7 @@ const ROLES = {
     'dashboard.view',
     'devices.view',
     'detections.view',
-    'alerts.view'
+    'alerts.view', 'alerts.manage'
   ],
   
   // Branding/marketing specialist
@@ -90,8 +94,8 @@ const ROLES = {
   'operator': [
     'tenant.view',
     'dashboard.view',
-    'devices.view', 'devices.manage',
-    'detections.view',
+    'devices.view', 'devices.create', 'devices.update',
+    'detections.view', 'detections.create',
     'alerts.view', 'alerts.manage'
   ],
   
@@ -128,10 +132,10 @@ const checkPermission = (userRole, resource, action) => {
   // Map resource + action to permission strings
   const permissionMappings = {
     // Device permissions
-    'devices.create': 'devices.manage',
+    'devices.create': 'devices.create',
     'devices.read': 'devices.view',
-    'devices.update': 'devices.manage',
-    'devices.delete': 'devices.manage',
+    'devices.update': 'devices.update',
+    'devices.delete': 'devices.delete',
     
     // User permissions
     'users.create': 'users.create',
@@ -155,12 +159,13 @@ const checkPermission = (userRole, resource, action) => {
     'alerts.delete': 'alerts.manage',
     
     // Detection permissions
-    'detections.create': 'detections.view',
+    'detections.create': 'detections.create',
     'detections.read': 'detections.view',
     'detections.update': 'detections.view',
     'detections.delete': 'detections.view',
     
     // Security permissions
+    'ip_restrictions.read': 'security.view',
     'ip_restrictions.update': 'security.edit',
     'audit_logs.read': 'security.view',
     
@@ -220,6 +225,37 @@ const getRoles = () => {
   return Object.keys(ROLES);
 };
 
+/**
+ * Express middleware to check permissions based on resource and action
+ * @param {string} resource - The resource being accessed
+ * @param {string} action - The action being performed  
+ * @returns {Function} - Express middleware function
+ */
+const requirePermission = (resource, action) => {
+  return (req, res, next) => {
+    if (!req.user || !req.user.role) {
+      return res.status(401).json({
+        success: false,
+        message: 'Authentication required'
+      });
+    }
+
+    const userRole = req.user.role;
+    const hasRequiredPermission = checkPermission(userRole, resource, action);
+
+    if (!hasRequiredPermission) {
+      return res.status(403).json({
+        success: false,
+        message: 'Insufficient permissions',
+        required_permission: `${resource}.${action}`,
+        user_role: userRole
+      });
+    }
+
+    next();
+  };
+};
+
 /**
  * Express middleware to check permissions
  * @param {Array<string>} requiredPermissions - Required permissions
@@ -293,6 +329,7 @@ module.exports = {
   hasAllPermissions,
   getPermissions,
   getRoles,
+  requirePermission,
   requirePermissions,
   requireAnyPermission
 };