From 822bf6380455a7fc7eeb81dc8e25222916144d67 Mon Sep 17 00:00:00 2001
From: Flatlogic Bot <support@flatlogic.com>
Date: Sat, 28 Feb 2026 19:40:37 +0000
Subject: [PATCH] Auto commit: 2026-02-28T19:40:37.520Z

---
 backend/src/db/migrations/1772306633139.js | 38 ++++++++++++++++++++++
 backend/src/index.js                       |  4 +--
 2 files changed, 40 insertions(+), 2 deletions(-)
 create mode 100644 backend/src/db/migrations/1772306633139.js

diff --git a/backend/src/db/migrations/1772306633139.js b/backend/src/db/migrations/1772306633139.js
new file mode 100644
index 0000000..567c871
--- /dev/null
+++ b/backend/src/db/migrations/1772306633139.js
@@ -0,0 +1,38 @@
+
+module.exports = {
+  async up(queryInterface) {
+    const createdAt = new Date();
+    const updatedAt = new Date();
+
+    const [roles] = await queryInterface.sequelize.query(
+      `SELECT id FROM roles WHERE name = 'Public' LIMIT 1;`
+    );
+    const publicRoleId = roles[0]?.id;
+
+    if (!publicRoleId) return;
+
+    const [permissions] = await queryInterface.sequelize.query(
+      `SELECT id FROM permissions WHERE name IN ('CREATE_ORDERS', 'READ_ORDERS', 'CREATE_ORDER_ITEMS', 'READ_ORDER_ITEMS');`
+    );
+
+    if (permissions.length === 0) return;
+
+    const rolePermissions = permissions.map(p => ({
+      roles_permissionsId: publicRoleId,
+      permissionId: p.id,
+      createdAt,
+      updatedAt
+    }));
+
+    for (const rp of rolePermissions) {
+        try {
+            await queryInterface.bulkInsert('rolesPermissionsPermissions', [rp]);
+        } catch (e) {
+            console.log(`Permission ${rp.permissionId} already exists for role ${rp.roles_permissionsId}`);
+        }
+    }
+  },
+
+  async down(queryInterface) {
+  }
+};
diff --git a/backend/src/index.js b/backend/src/index.js
index 6166e26..c17af2a 100644
--- a/backend/src/index.js
+++ b/backend/src/index.js
@@ -132,9 +132,9 @@ app.use('/api/shopping_carts', passport.authenticate('jwt', {session: false}), s
 
 app.use('/api/cart_items', passport.authenticate('jwt', {session: false}), cart_itemsRoutes);
 
-app.use('/api/orders', passport.authenticate('jwt', {session: false}), ordersRoutes);
+app.use('/api/orders', ordersRoutes);
 
-app.use('/api/order_items', passport.authenticate('jwt', {session: false}), order_itemsRoutes);
+app.use('/api/order_items', order_itemsRoutes);
 
 app.use('/api/payments', passport.authenticate('jwt', {session: false}), paymentsRoutes);