feat(rfa-ai): Complete RFA Approval Refactor and AI Model Revision

backend/src/modules/delegation/delegation.controller.ts

@@ -9,13 +9,16 @@ import {
   UseGuards,
 } from '@nestjs/common';
 import { JwtAuthGuard } from '../../common/guards/jwt-auth.guard';
+import { PermissionsGuard } from '../../common/auth/guards/permissions.guard';
+import { RequirePermission } from '../../common/decorators/require-permission.decorator';
+import { Audit } from '../../common/decorators/audit.decorator';
 import { CurrentUser } from '../../common/decorators/current-user.decorator';
 import { User } from '../user/entities/user.entity';
 import { DelegationService } from './delegation.service';
 import { CreateDelegationDto } from './dto/create-delegation.dto';
 
 @Controller('delegations')
-@UseGuards(JwtAuthGuard)
+@UseGuards(JwtAuthGuard, PermissionsGuard)
 export class DelegationController {
   constructor(private readonly delegationService: DelegationService) {}
 
@@ -24,6 +27,7 @@ export class DelegationController {
    * ดึง Delegations ของ User ที่ login อยู่
    */
   @Get()
+  @RequirePermission('document.view')
   findMyDelegations(@CurrentUser() user: User) {
     return this.delegationService.findByDelegator(user.publicId);
   }
@@ -33,6 +37,8 @@ export class DelegationController {
    * สร้าง Delegation ใหม่ (FR-011)
    */
   @Post()
+  @RequirePermission('document.view')
+  @Audit('delegation.create', 'delegation')
   create(@CurrentUser() user: User, @Body() dto: CreateDelegationDto) {
     return this.delegationService.create(user.publicId, dto);
   }
@@ -42,7 +48,9 @@ export class DelegationController {
    * Revoke delegation
    */
   @Delete(':publicId')
-  revoke(@Param('publicId') publicId: string, @CurrentUser() user: User) {
+  @RequirePermission('document.view')
+  @Audit('delegation.revoke', 'delegation')
+  async revoke(@Param('publicId') publicId: string, @CurrentUser() user: User) {
     return this.delegationService.revoke(publicId, user.publicId);
   }
 }