From 46f7d39f7b569f9d87efad51d24687954fd7f451 Mon Sep 17 00:00:00 2001
From: tommy <tommy.lu@2fi-solutions.com.hk>
Date: Tue, 23 Jun 2026 15:40:51 +0800
Subject: [PATCH] =?UTF-8?q?=E8=AA=BF=E6=95=B4=E5=BA=AB=E5=AD=98=E6=AC=8A?=
 =?UTF-8?q?=E9=99=90?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../com/ffii/fpsms/config/security/SecurityConfig.java   | 2 ++
 .../01_inventory_adjust_authority.sql                    | 9 +++++++++
 2 files changed, 11 insertions(+)
 create mode 100644 src/main/resources/db/changelog/changes/20260617_inventory_adjust/01_inventory_adjust_authority.sql

diff --git a/src/main/java/com/ffii/fpsms/config/security/SecurityConfig.java b/src/main/java/com/ffii/fpsms/config/security/SecurityConfig.java
index c82ca67..d97ca32 100644
--- a/src/main/java/com/ffii/fpsms/config/security/SecurityConfig.java
+++ b/src/main/java/com/ffii/fpsms/config/security/SecurityConfig.java
@@ -109,6 +109,8 @@ public class SecurityConfig {
                                         .hasAnyAuthority("TESTING", "ADMIN")
                                 .requestMatchers(HttpMethod.GET, "/label-printer-monitor/label-stats")
                                         .hasAnyAuthority("TESTING", "ADMIN")
+                                .requestMatchers(HttpMethod.POST, "/stockAdjustment/submit")
+                                        .hasAnyAuthority("ADMIN", "INVENTORY_ADJUST")
                                 .anyRequest().authenticated())
                 .httpBasic(httpBasic -> httpBasic.authenticationEntryPoint(
                         (request, response, authException) -> sendUnauthorizedJson(response, "Unauthorized", "UNAUTHORIZED")))
diff --git a/src/main/resources/db/changelog/changes/20260617_inventory_adjust/01_inventory_adjust_authority.sql b/src/main/resources/db/changelog/changes/20260617_inventory_adjust/01_inventory_adjust_authority.sql
new file mode 100644
index 0000000..3c5e74e
--- /dev/null
+++ b/src/main/resources/db/changelog/changes/20260617_inventory_adjust/01_inventory_adjust_authority.sql
@@ -0,0 +1,9 @@
+--liquibase formatted sql
+
+--changeset fpsms:inventory_adjust_authority
+--preconditions onFail:MARK_RAN
+--precondition-sql-check expectedResult:0 SELECT COUNT(*) FROM authority WHERE authority = 'INVENTORY_ADJUST'
+--comment: Add independent permission for stock adjustment (inventory adjustment)
+INSERT IGNORE INTO `authority` (`authority`, `name`, `module`, `description`)
+VALUES ('INVENTORY_ADJUST', '庫存調整', 'INVENTORY', 'Allow submitting stock adjustments (POST /stockAdjustment/submit)');
+