diff --git a/server/middleware/ip-restriction.js b/server/middleware/ip-restriction.js index 0b923f0..c206a88 100644 --- a/server/middleware/ip-restriction.js +++ b/server/middleware/ip-restriction.js @@ -180,8 +180,11 @@ class IPRestrictionMiddleware { console.log('🔍 IP Restriction Check - Path:', req.path, 'Method:', req.method); - // Determine tenant - const tenantId = await this.multiAuth.determineTenant(req); + // Determine tenant (check req.tenant first for test contexts) + let tenantId = req.tenant; + if (!tenantId) { + tenantId = await this.multiAuth.determineTenant(req); + } console.log('🔍 IP Restriction - Determined tenant:', tenantId); if (!tenantId) { diff --git a/server/middleware/rbac.js b/server/middleware/rbac.js index 57e4e34..1d52016 100644 --- a/server/middleware/rbac.js +++ b/server/middleware/rbac.js @@ -58,6 +58,7 @@ const ROLES = { 'user_admin': [ 'tenant.view', 'users.view', 'users.create', 'users.edit', 'users.delete', 'users.manage_roles', + 'roles.read', 'dashboard.view', 'devices.view', 'detections.view', @@ -81,6 +82,8 @@ const ROLES = { 'branding_admin': [ 'tenant.view', 'branding.view', 'branding.edit', 'branding.create', + 'ui_customization.create', + 'logo.upload', 'dashboard.view', 'devices.view', 'detections.view', @@ -91,7 +94,7 @@ const ROLES = { 'operator': [ 'tenant.view', 'dashboard.view', - 'devices.view', 'devices.manage', + 'devices.view', 'devices.manage', 'devices.update', 'detections.view', 'detections.create', 'alerts.view', 'alerts.manage' ], @@ -169,7 +172,14 @@ const checkPermission = (userRole, resource, action) => { */ const requirePermission = (resource, action) => { return (req, res, next) => { - if (!req.user || !req.user.role) { + if (!req.user) { + return res.status(401).json({ + success: false, + message: 'User not authenticated' + }); + } + + if (!req.user.role) { return res.status(403).json({ success: false, message: 'Insufficient permissions'