fix(tkuser): Sprint 001 리뷰 권장 개선 3건 — 방어 코딩 및 일관성 보완

- setLongServiceExclusion: affectedRows 체크 추가 (존재하지 않는 user_id → 404) - ACCESS_LEVELS: user: 1 키 추가 (role='user' 사용자 레벨 0 방지) - escapeHtml → escHtml 통일 (tkuser-vacations.js 라인 381) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-23 08:27:54 +09:00
parent 19e668a56a
commit 36cf9d553d
3 changed files with 6 additions and 3 deletions
--- a/user-management/api/middleware/auth.js
+++ b/user-management/api/middleware/auth.js
@@ -80,7 +80,7 @@ function requireAdminOrPermission(pageName) {
 * 최소 권한 레벨 체크 미들웨어
 * worker(1) < group_leader(2) < support_team(3) < admin(4) < system(5)
 */
-const ACCESS_LEVELS = { worker: 1, group_leader: 2, support_team: 3, admin: 4, system: 5 };
+const ACCESS_LEVELS = { user: 1, worker: 1, group_leader: 2, support_team: 3, admin: 4, system: 5 };

 function requireMinLevel(minLevel) {
  return (req, res, next) => {