Auto commit: 2026-02-28T19:40:37.520Z

backend/src/db/migrations/1772306633139.js

@@ -0,0 +1,38 @@
+
+module.exports = {
+  async up(queryInterface) {
+    const createdAt = new Date();
+    const updatedAt = new Date();
+
+    const [roles] = await queryInterface.sequelize.query(
+      `SELECT id FROM roles WHERE name = 'Public' LIMIT 1;`
+    );
+    const publicRoleId = roles[0]?.id;
+
+    if (!publicRoleId) return;
+
+    const [permissions] = await queryInterface.sequelize.query(
+      `SELECT id FROM permissions WHERE name IN ('CREATE_ORDERS', 'READ_ORDERS', 'CREATE_ORDER_ITEMS', 'READ_ORDER_ITEMS');`
+    );
+
+    if (permissions.length === 0) return;
+
+    const rolePermissions = permissions.map(p => ({
+      roles_permissionsId: publicRoleId,
+      permissionId: p.id,
+      createdAt,
+      updatedAt
+    }));
+
+    for (const rp of rolePermissions) {
+        try {
+            await queryInterface.bulkInsert('rolesPermissionsPermissions', [rp]);
+        } catch (e) {
+            console.log(`Permission ${rp.permissionId} already exists for role ${rp.roles_permissionsId}`);
+        }
+    }
+  },
+
+  async down(queryInterface) {
+  }
+};

backend/src/index.js

@@ -132,9 +132,9 @@ app.use('/api/shopping_carts', passport.authenticate('jwt', {session: false}), s
 
 app.use('/api/cart_items', passport.authenticate('jwt', {session: false}), cart_itemsRoutes);
 
-app.use('/api/orders', passport.authenticate('jwt', {session: false}), ordersRoutes);
+app.use('/api/orders', ordersRoutes);
 
-app.use('/api/order_items', passport.authenticate('jwt', {session: false}), order_itemsRoutes);
+app.use('/api/order_items', order_itemsRoutes);
 
 app.use('/api/payments', passport.authenticate('jwt', {session: false}), paymentsRoutes);