33 lines
744 B
JavaScript
33 lines
744 B
JavaScript
// middlewares/accessMiddleware.js
|
|
|
|
// 권한 레벨 정의
|
|
const ACCESS_LEVELS = {
|
|
worker: 1,
|
|
group_leader: 2,
|
|
support_team: 3,
|
|
admin: 4,
|
|
system: 5
|
|
};
|
|
|
|
const requireAccess = (requiredLevel) => {
|
|
return (req, res, next) => {
|
|
if (!req.user) {
|
|
return res.status(401).json({ error: '인증이 필요합니다.' });
|
|
}
|
|
|
|
const userLevel = ACCESS_LEVELS[req.user.access_level] || 0;
|
|
const required = ACCESS_LEVELS[requiredLevel] || 999;
|
|
|
|
if (userLevel < required) {
|
|
return res.status(403).json({
|
|
error: '접근 권한이 없습니다.',
|
|
required: requiredLevel,
|
|
current: req.user.access_level
|
|
});
|
|
}
|
|
|
|
next();
|
|
};
|
|
};
|
|
|
|
module.exports = { requireAccess, ACCESS_LEVELS }; |