Show DFC catalog to authorised platform

app/models/enterprise.rb

@@ -75,6 +75,7 @@ class Enterprise < ApplicationRecord
   has_one :stripe_account, dependent: :destroy
   has_many :vouchers, dependent: :restrict_with_exception
   has_many :connected_apps, dependent: :destroy
+  has_many :dfc_permissions, dependent: :destroy
   has_one :custom_tab, dependent: :destroy
 
   delegate :latitude, :longitude, :city, :state_name, to: :address

engines/dfc_provider/app/services/api_user.rb

@@ -19,6 +19,7 @@ class ApiUser
   end
 
   def enterprises
-    Enterprise.none
+    permissions = DfcPermission.where(grantee: id, scope: "ReadProducts")
+    Enterprise.where(dfc_permissions: permissions)
   end
 end

engines/dfc_provider/spec/requests/catalog_items_spec.rb

@@ -69,6 +69,26 @@ RSpec.describe "CatalogItems", swagger_doc: "dfc.yaml" do
       response "200", "success" do
         before { product }
 
+        context "as platform user" do
+          let(:enterprise_id) { 10_000 }
+          let(:sib_token) { file_fixture("startinblox_access_token.jwt").read }
+          let(:Authorization) { "Bearer #{sib_token}" }
+
+          before {
+            login_as nil
+            DfcPermission.create!(
+              user:, enterprise_id:,
+              scope: "ReadProducts", grantee: "cqcm-dev",
+            )
+          }
+
+          around do |example|
+            Timecop.travel(Date.parse("2025-06-13")) { example.run }
+          end
+
+          run_test!
+        end
+
         context "with default enterprise id" do
           let(:enterprise_id) { "default" }