fix(tksupport): 부서 페이지 권한 동작 수정 — requireAdmin/requireSupportTeam 제거, 네비게이션 권한 기반 렌더링

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

tksupport/web/static/js/tksupport-core.js

@@ -98,6 +98,8 @@ function toggleMobileMenu() {
 }
 
 /* ===== Navbar ===== */
+let currentUserPermissions = {};
+
 function renderNavbar() {
     const currentPage = location.pathname.replace(/\//g, '') || 'index.html';
     const isAdmin = currentUser && ['admin','system'].includes(currentUser.role);
@@ -105,16 +107,18 @@ function renderNavbar() {
         { href: '/', icon: 'fa-home', label: '대시보드', match: ['index.html'] },
         { href: '/vacation-request.html', icon: 'fa-paper-plane', label: '휴가 신청', match: ['vacation-request.html'] },
         { href: '/vacation-status.html', icon: 'fa-calendar-check', label: '내 휴가 현황', match: ['vacation-status.html'] },
-        { href: '/vacation-approval.html', icon: 'fa-clipboard-check', label: '휴가 승인', match: ['vacation-approval.html'], admin: true },
-        { href: '/company-holidays.html', icon: 'fa-calendar-day', label: '전사 휴가 관리', match: ['company-holidays.html'], roles: ['support_team','admin','system'] },
-        { href: '/vacation-dashboard.html', icon: 'fa-chart-bar', label: '전체 휴가관리', match: ['vacation-dashboard.html'], roles: ['support_team','admin','system'] },
-        { href: '/vacation-admin.html', icon: 'fa-user-edit', label: '휴가 보정', match: ['vacation-admin.html'], admin: true },
+        { href: '/vacation-approval.html', icon: 'fa-clipboard-check', label: '휴가 승인', match: ['vacation-approval.html'], page: 'support_vacation_approval' },
+        { href: '/company-holidays.html', icon: 'fa-calendar-day', label: '전사 휴가 관리', match: ['company-holidays.html'], page: 'support_company_holidays' },
+        { href: '/vacation-dashboard.html', icon: 'fa-chart-bar', label: '전체 휴가관리', match: ['vacation-dashboard.html'], page: 'support_vacation_dashboard' },
+        { href: '/vacation-admin.html', icon: 'fa-user-edit', label: '휴가 보정', match: ['vacation-admin.html'], page: 'support_vacation_admin' },
     ];
     const nav = document.getElementById('sideNav');
     if (!nav) return;
     nav.innerHTML = links.filter(l => {
-        if (l.roles) return currentUser && l.roles.includes(currentUser.role);
-        if (l.admin) return isAdmin;
+        if (l.page) {
+            if (isAdmin) return true;
+            return currentUserPermissions[l.page]?.can_access === true;
+        }
         return true;
     }).map(l => {
         const active = l.match.some(m => currentPage === m || currentPage.endsWith(m));
@@ -159,6 +163,12 @@ function initAuth() {
     const avatarEl = document.getElementById('headerUserAvatar');
     if (nameEl) nameEl.textContent = dn;
     if (avatarEl) avatarEl.textContent = dn.charAt(0).toUpperCase();
+
+    // 권한 로드 후 네비게이션 렌더링
+    const isAdmin = ['admin','system'].includes(currentUser.role);
+    if (!isAdmin) {
+        _loadPermissions(currentUser.id).then(() => renderNavbar());
+    }
     renderNavbar();
 
     // 알림 벨 로드
@@ -168,6 +178,23 @@ function initAuth() {
     return true;
 }
 
+/* ===== 권한 로드 (tkuser API) ===== */
+async function _loadPermissions(userId) {
+    try {
+        const tkuserBase = location.hostname.includes('technicalkorea.net')
+            ? 'https://tkuser.technicalkorea.net/api'
+            : location.protocol + '//' + location.hostname + ':30300/api';
+        const token = getToken();
+        const res = await fetch(`${tkuserBase}/permissions/users/${userId}/effective-permissions`, {
+            headers: { 'Authorization': `Bearer ${token}` }
+        });
+        if (res.ok) {
+            const data = await res.json();
+            currentUserPermissions = data.permissions || {};
+        }
+    } catch (e) { /* 실패 시 빈 객체 유지 — 권한 메뉴 안 보임 */ }
+}
+
 /* ===== 알림 벨 ===== */
 function _loadNotificationBell() {
     const s = document.createElement('script');