fix(auth): allow platform_admin to access all web-admin endpoints

Systematically add platform_admin and platform_super_admin to all controllers that were restricted to 'admin' only: - audit-service: queryLogs, exportLogs - inventory-service: decryptCredential - auth-service: RoleController, PermissionController Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-07 05:54:05 -08:00 · 2026-03-07 05:54:05 -08:00 · b5d1f11104
parent 5b5b3ea70d
commit b5d1f11104
4 changed files with 5 additions and 5 deletions
--- a/packages/services/audit-service/src/interfaces/rest/controllers/audit.controller.ts
+++ b/packages/services/audit-service/src/interfaces/rest/controllers/audit.controller.ts
@ -8,7 +8,7 @@ export class AuditController {

  @Get('logs')
  @UseGuards(RolesGuard)
-  @Roles('admin')
+  @Roles('admin', 'platform_admin', 'platform_super_admin')
  async queryLogs(
    @Query('actionType') actionType?: string,
    @Query('actorType') actorType?: string,
@ -36,7 +36,7 @@ export class AuditController {

  @Get('logs/export')
  @UseGuards(RolesGuard)
-  @Roles('admin')
+  @Roles('admin', 'platform_admin', 'platform_super_admin')
  async exportLogs(@Query('format') format: 'json' | 'csv' = 'json') {
    return this.auditLogRepository.exportLogs(format);
  }
--- a/packages/services/auth-service/src/interfaces/rest/controllers/permission.controller.ts
+++ b/packages/services/auth-service/src/interfaces/rest/controllers/permission.controller.ts
@ -48,7 +48,7 @@ const ALL_PERMISSIONS = [

@Controller('api/v1/auth/permissions')
@UseGuards(RolesGuard)
-@Roles('admin')
+@Roles('admin', 'platform_admin', 'platform_super_admin')
 export class PermissionController {
  constructor(
    @InjectRepository(Role)
--- a/packages/services/auth-service/src/interfaces/rest/controllers/role.controller.ts
+++ b/packages/services/auth-service/src/interfaces/rest/controllers/role.controller.ts
@ -18,7 +18,7 @@ import * as crypto from 'crypto';

@Controller('api/v1/auth/roles')
@UseGuards(RolesGuard)
-@Roles('admin')
+@Roles('admin', 'platform_admin', 'platform_super_admin')
 export class RoleController {
  constructor(
    @InjectRepository(Role)
--- a/packages/services/inventory-service/src/interfaces/rest/controllers/credential.controller.ts
+++ b/packages/services/inventory-service/src/interfaces/rest/controllers/credential.controller.ts
@ -60,7 +60,7 @@ export class CredentialController {

  @Post(':id/decrypt')
  @UseGuards(RolesGuard)
-  @Roles('admin')
+  @Roles('admin', 'platform_admin', 'platform_super_admin')
  async decryptCredential(@Param('id') id: string) {
    const credential = await this.credentialRepository.findById(id);
    if (!credential) {