From 5b5b3ea70d71ea22e7a3da0f33dc3f23957cf31e Mon Sep 17 00:00:00 2001
From: hailin <hailin.zhao@gdzx.xyz>
Date: Sat, 7 Mar 2026 05:51:14 -0800
Subject: [PATCH] fix(auth): allow platform_admin to access settings endpoints

SettingsController was restricted to 'admin' only, blocking platform_admin
from the dashboard settings page (403 on general/api-keys/theme/account).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .../src/interfaces/rest/controllers/settings.controller.ts      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/services/auth-service/src/interfaces/rest/controllers/settings.controller.ts b/packages/services/auth-service/src/interfaces/rest/controllers/settings.controller.ts
index 0673196..17f282b 100644
--- a/packages/services/auth-service/src/interfaces/rest/controllers/settings.controller.ts
+++ b/packages/services/auth-service/src/interfaces/rest/controllers/settings.controller.ts
@@ -20,7 +20,7 @@ import * as crypto from 'crypto';
 
 @Controller('api/v1/admin/settings')
 @UseGuards(RolesGuard)
-@Roles('admin')
+@Roles('admin', 'platform_admin', 'platform_super_admin')
 export class SettingsController {
   // In-memory store for platform settings (would be a DB table in production)
   private generalSettings: Record<string, any> = {