05.1 ปรบปรง backend ทงหมด และ frontend/login

backend/src/routes/permissions.js

@@ -1,27 +1,16 @@
-// FILE: src/routes/permissions.js
-// 03.2 12) เพิ่ม routes/permissions.js (ใหม่)
-// - ใช้ร่วมกับ requirePerm()
-// - สำหรับดูรายชื่อสิทธิ์ทั้งหมด
-// Permissions route
-// - GET /api/permissions to list all permissions (permission_id, permission_code, description)
-// - Requires global permission.read permission via requirePerm middleware
-
+// FILE: backend/src/routes/permissions.js
 import { Router } from "express";
 import sql from "../db/index.js";
 import { requirePerm } from "../middleware/requirePerm.js";
-import PERM from "../config/permissions.js";
 
 const r = Router();
 
-r.get(
-  "/",
-  requirePerm("permission.read", { scope: "global" }),
-  async (req, res) => {
-    const [rows] = await sql.query(
-      "SELECT permission_id, permission_code, description FROM permissions ORDER BY permission_code"
-    );
-    res.json(rows);
-  }
-);
+// GLOBAL: settings.manage จึงเห็นได้ทั้งหมด
+r.get("/", requirePerm("settings.manage"), async (_req, res) => {
+  const [rows] = await sql.query(
+    "SELECT permission_id, perm_code AS permission_code, scope_level, description FROM permissions ORDER BY perm_code"
+  );
+  res.json(rows);
+});
 
 export default r;