Fix jwt-token

server/middleware/ip-restriction.js

@@ -180,8 +180,11 @@ class IPRestrictionMiddleware {
 
       console.log('🔍 IP Restriction Check - Path:', req.path, 'Method:', req.method);
 
-      // Determine tenant
+      // Determine tenant (check req.tenant first for test contexts)
-      const tenantId = await this.multiAuth.determineTenant(req);
+      let tenantId = req.tenant;
+      if (!tenantId) {
+        tenantId = await this.multiAuth.determineTenant(req);
+      }
       console.log('🔍 IP Restriction - Determined tenant:', tenantId);
       
       if (!tenantId) {

server/middleware/rbac.js

@@ -58,6 +58,7 @@ const ROLES = {
   'user_admin': [
     'tenant.view',
     'users.view', 'users.create', 'users.edit', 'users.delete', 'users.manage_roles',
+    'roles.read',
     'dashboard.view',
     'devices.view',
     'detections.view',
@@ -81,6 +82,8 @@ const ROLES = {
   'branding_admin': [
     'tenant.view',
     'branding.view', 'branding.edit', 'branding.create',
+    'ui_customization.create',
+    'logo.upload',
     'dashboard.view',
     'devices.view',
     'detections.view',
@@ -91,7 +94,7 @@ const ROLES = {
   'operator': [
     'tenant.view',
     'dashboard.view',
-    'devices.view', 'devices.manage',
+    'devices.view', 'devices.manage', 'devices.update',
     'detections.view', 'detections.create',
     'alerts.view', 'alerts.manage'
   ],
@@ -169,7 +172,14 @@ const checkPermission = (userRole, resource, action) => {
  */
 const requirePermission = (resource, action) => {
   return (req, res, next) => {
-    if (!req.user || !req.user.role) {
+    if (!req.user) {
+      return res.status(401).json({
+        success: false,
+        message: 'User not authenticated'
+      });
+    }
+    
+    if (!req.user.role) {
       return res.status(403).json({
         success: false,
         message: 'Insufficient permissions'