From 10c2cb766c11b21a733c21ee5fd536af145de9d1 Mon Sep 17 00:00:00 2001
From: TronoSfera <119615520+TronoSfera@users.noreply.github.com>
Date: Tue, 3 Mar 2026 14:24:11 +0300
Subject: [PATCH] fix user UI 7

---
 README.md                     | 21 +++++++++++++++++++++
 app/web/admin.js              |  2 +-
 app/web/admin/shared/utils.js |  2 +-
 3 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 13994d4..ea5556c 100644
--- a/README.md
+++ b/README.md
@@ -13,6 +13,27 @@ Swagger: http://localhost:8002/docs
 Chat service health (via nginx): http://localhost:8081/chat-health
 Email service health (via nginx): http://localhost:8081/email-health
 
+## Testing (containers only)
+Rule: backend tests must be executed only inside Docker containers. Do not run tests from host Python environment.
+
+Start local stack (if not started):
+```bash
+docker compose -f docker-compose.yml -f docker-compose.local.yml up -d
+```
+
+Run full backend suite via `unittest` (default project mode):
+```bash
+docker compose -f docker-compose.yml -f docker-compose.local.yml exec -T backend \
+  python -m unittest discover -s tests -p "test_*.py" -v
+```
+
+Run target tests via `pytest` inside one-off backend container:
+```bash
+docker compose -f docker-compose.yml -f docker-compose.local.yml run --rm --no-deps backend \
+  sh -lc 'pip install --no-cache-dir pytest >/tmp/pip_pytest.log && python -m pytest -q tests/test_public_requests.py tests/test_public_cabinet.py'
+```
+Use this command when targeted `pytest` checks are required and `pytest` is not preinstalled in the backend image.
+
 ## Production (ruakb.ru + ruakb.online, 80/443, TLS via Nginx + Certbot)
 Production stack uses dedicated edge nginx (`docker-compose.prod.nginx.yml`).
 
diff --git a/app/web/admin.js b/app/web/admin.js
index 10d72a0..252a6dc 100644
--- a/app/web/admin.js
+++ b/app/web/admin.js
@@ -2553,7 +2553,7 @@
       "availableTables"
     ]);
     if (!allowed.has(section)) return false;
-    if (section === "requests") return roleCode === "ADMIN";
+    if (section === "requests") return roleCode === "ADMIN" || roleCode === "LAWYER";
     if (section === "serviceRequests") return roleCode === "ADMIN" || roleCode === "CURATOR";
     if (section === "quotes" || section === "config" || section === "availableTables") return roleCode === "ADMIN";
     return true;
diff --git a/app/web/admin/shared/utils.js b/app/web/admin/shared/utils.js
index 37cd5ad..fc20738 100644
--- a/app/web/admin/shared/utils.js
+++ b/app/web/admin/shared/utils.js
@@ -283,7 +283,7 @@ export function canAccessSection(role, section) {
     "availableTables",
   ]);
   if (!allowed.has(section)) return false;
-  if (section === "requests") return roleCode === "ADMIN";
+  if (section === "requests") return roleCode === "ADMIN" || roleCode === "LAWYER";
   if (section === "serviceRequests") return roleCode === "ADMIN" || roleCode === "CURATOR";
   if (section === "quotes" || section === "config" || section === "availableTables") return roleCode === "ADMIN";
   return true;