Add store selection to API permissions

- Add store_id and store_name columns to wp_dutchie_api_permissions - Backend: Add /stores endpoint, require store_id when creating permissions - Frontend: Add store selector dropdown to API Permissions form - WordPress plugin v1.3.0: Remove store_id from shortcodes (store is tied to token) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-01 13:59:01 -07:00
parent d2635ed123
commit e345707db2
6 changed files with 109 additions and 10 deletions
--- a/backend/src/routes/api-permissions.ts
+++ b/backend/src/routes/api-permissions.ts
@@ -27,6 +27,21 @@ router.get('/', requireRole('superadmin', 'admin'), async (req, res) => {
  }
 });

+// Get all stores for dropdown (must be before /:id to avoid route conflict)
+router.get('/stores', requireRole('superadmin', 'admin'), async (req, res) => {
+  try {
+    const result = await pool.query(`
+      SELECT id, name
+      FROM stores
+      ORDER BY name
+    `);
+    res.json({ stores: result.rows });
+  } catch (error) {
+    console.error('Error fetching stores:', error);
+    res.status(500).json({ error: 'Failed to fetch stores' });
+  }
+});
+
 // Get single API permission
 router.get('/:id', requireRole('superadmin', 'admin'), async (req, res) => {
  try {
@@ -52,12 +67,23 @@ router.get('/:id', requireRole('superadmin', 'admin'), async (req, res) => {
 // Create new API permission
 router.post('/', requireRole('superadmin', 'admin'), async (req, res) => {
  try {
-    const { user_name, allowed_ips, allowed_domains } = req.body;
+    const { user_name, allowed_ips, allowed_domains, store_id } = req.body;

    if (!user_name) {
      return res.status(400).json({ error: 'User name is required' });
    }

+    if (!store_id) {
+      return res.status(400).json({ error: 'Store is required' });
+    }
+
+    // Get store name for display
+    const storeResult = await pool.query('SELECT name FROM stores WHERE id = $1', [store_id]);
+    if (storeResult.rows.length === 0) {
+      return res.status(400).json({ error: 'Invalid store ID' });
+    }
+    const storeName = storeResult.rows[0].name;
+
    const apiKey = generateApiKey();

    const result = await pool.query(`
@@ -66,15 +92,19 @@ router.post('/', requireRole('superadmin', 'admin'), async (req, res) => {
        api_key,
        allowed_ips,
        allowed_domains,
-        is_active
+        is_active,
+        store_id,
+        store_name
      )
-      VALUES ($1, $2, $3, $4, 1)
+      VALUES ($1, $2, $3, $4, 1, $5, $6)
      RETURNING *
    `, [
      user_name,
      apiKey,
      allowed_ips || null,
-      allowed_domains || null
+      allowed_domains || null,
+      store_id,
+      storeName
    ]);

    res.status(201).json({