fix(nav): 사이드바 메뉴를 DB 권한(accessibleKeys) 기반으로 필터링

기존: non-admin 페이지는 무조건 표시 (publicPageKeys 개념) 변경: accessibleKeys에 포함된 페이지만 표시 (대시보드 그리드와 동일 기준) - publicPageKeys 로직 제거, accessibleKeys 단일 기준 통합 - external 링크(부적합, 휴가 신청 등)는 항상 표시 - dashboard, profile.* 페이지는 전체 공개 유지 - tkfb-core.js 캐시 버스팅 v=2026040103 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-01 14:14:53 +09:00
parent 4063eba5bb
commit 3f870b247d
35 changed files with 40 additions and 44 deletions
--- a/system1-factory/web/pages/admin/attendance-report.html
+++ b/system1-factory/web/pages/admin/attendance-report.html
@@ -190,7 +190,7 @@
        </div>
    </div>

-  <script src="/static/js/tkfb-core.js?v=2026040102"></script>
+  <script src="/static/js/tkfb-core.js?v=2026040103"></script>
  <script src="/js/api-base.js?v=2026031401"></script>
  <script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script>
  <script type="module">
--- a/system1-factory/web/pages/admin/equipment-detail.html
+++ b/system1-factory/web/pages/admin/equipment-detail.html
@@ -314,7 +314,7 @@
    </div>
  </div>

-  <script src="/static/js/tkfb-core.js?v=2026040102"></script>
+  <script src="/static/js/tkfb-core.js?v=2026040103"></script>
  <script src="/js/api-base.js?v=2026031401"></script>
  <script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script>
  <script type="module">
--- a/system1-factory/web/pages/admin/equipments.html
+++ b/system1-factory/web/pages/admin/equipments.html
@@ -190,7 +190,7 @@
    </div>
  </div>

-  <script src="/static/js/tkfb-core.js?v=2026040102"></script>
+  <script src="/static/js/tkfb-core.js?v=2026040103"></script>
  <script src="/js/api-base.js?v=2026031401"></script>
  <script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script>
  <script type="module">
--- a/system1-factory/web/pages/admin/repair-management.html
+++ b/system1-factory/web/pages/admin/repair-management.html
@@ -507,7 +507,7 @@
        </div>
    </div>

-    <script src="/static/js/tkfb-core.js?v=2026040102"></script>
+    <script src="/static/js/tkfb-core.js?v=2026040103"></script>
    <script src="/js/api-base.js?v=2026031401"></script>
    <script>
        let currentReportId = null;
--- a/system1-factory/web/pages/attendance/annual-overview.html
+++ b/system1-factory/web/pages/attendance/annual-overview.html
@@ -390,7 +390,7 @@
    </div>
  </div>

-  <script src="/static/js/tkfb-core.js?v=2026040102"></script>
+  <script src="/static/js/tkfb-core.js?v=2026040103"></script>
  <script src="/js/api-base.js?v=2026031401"></script>
  <script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script>
  <script>
--- a/system1-factory/web/pages/attendance/checkin.html
+++ b/system1-factory/web/pages/attendance/checkin.html
@@ -234,7 +234,7 @@
        </div>
    </div>

-  <script src="/static/js/tkfb-core.js?v=2026040102"></script>
+  <script src="/static/js/tkfb-core.js?v=2026040103"></script>
  <script src="/js/api-base.js?v=2026031401"></script>
  <script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script>
  <script>
--- a/system1-factory/web/pages/attendance/daily.html
+++ b/system1-factory/web/pages/attendance/daily.html
@@ -70,7 +70,7 @@
        </div>
    </div>

-  <script src="/static/js/tkfb-core.js?v=2026040102"></script>
+  <script src="/static/js/tkfb-core.js?v=2026040103"></script>
  <script src="/js/api-base.js?v=2026031401"></script>
  <script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script>
  <script>
--- a/system1-factory/web/pages/attendance/monthly-comparison.html
+++ b/system1-factory/web/pages/attendance/monthly-comparison.html
@@ -162,7 +162,7 @@
    <!-- Toast -->
    <div id="toastContainer" class="toast-container"></div>

-    <script src="/static/js/tkfb-core.js?v=2026040102"></script>
+    <script src="/static/js/tkfb-core.js?v=2026040103"></script>
    <script src="/js/api-base.js?v=2026031701"></script>
    <script src="/js/monthly-comparison.js?v=2026040109"></script>
    <script>initAuth();</script>
--- a/system1-factory/web/pages/attendance/monthly.html
+++ b/system1-factory/web/pages/attendance/monthly.html
@@ -489,7 +489,7 @@
    </div>
  </div>

-  <script src="/static/js/tkfb-core.js?v=2026040102"></script>
+  <script src="/static/js/tkfb-core.js?v=2026040103"></script>
  <script src="/js/api-base.js?v=2026031401"></script>
  <script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script>
  <script>
--- a/system1-factory/web/pages/attendance/my-monthly-confirm.html
+++ b/system1-factory/web/pages/attendance/my-monthly-confirm.html
@@ -104,7 +104,7 @@
    <!-- Toast -->
    <div id="toastContainer" class="toast-container"></div>

-    <script src="/static/js/tkfb-core.js?v=2026040102"></script>
+    <script src="/static/js/tkfb-core.js?v=2026040103"></script>
    <script src="/js/api-base.js?v=2026031701"></script>
    <script src="/js/my-monthly-confirm.js?v=2026040106"></script>
    <script>initAuth();</script>
--- a/system1-factory/web/pages/attendance/my-vacation-info.html
+++ b/system1-factory/web/pages/attendance/my-vacation-info.html
@@ -267,7 +267,7 @@
        </div>
    </div>

-  <script src="/static/js/tkfb-core.js?v=2026040102"></script>
+  <script src="/static/js/tkfb-core.js?v=2026040103"></script>
  <script src="/js/api-base.js?v=2026031401"></script>
  <script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script>
  <script>
--- a/system1-factory/web/pages/attendance/vacation-allocation.html
+++ b/system1-factory/web/pages/attendance/vacation-allocation.html
@@ -353,7 +353,7 @@
    </div>
  </div>

-  <script src="/static/js/tkfb-core.js?v=2026040102"></script>
+  <script src="/static/js/tkfb-core.js?v=2026040103"></script>
  <script src="/js/api-base.js?v=2026031401"></script>
  <script type="module" src="/js/vacation-allocation.js" defer></script>
  <script>initAuth();</script>
--- a/system1-factory/web/pages/attendance/vacation-approval.html
+++ b/system1-factory/web/pages/attendance/vacation-approval.html
@@ -130,7 +130,7 @@
        </div>
    </div>

-  <script src="/static/js/tkfb-core.js?v=2026040102"></script>
+  <script src="/static/js/tkfb-core.js?v=2026040103"></script>
  <script src="/js/api-base.js?v=2026031401"></script>
  <script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script>
  <script src="/js/vacation-common.js"></script>
--- a/system1-factory/web/pages/attendance/vacation-input.html
+++ b/system1-factory/web/pages/attendance/vacation-input.html
@@ -123,7 +123,7 @@
        </div>
    </div>

-  <script src="/static/js/tkfb-core.js?v=2026040102"></script>
+  <script src="/static/js/tkfb-core.js?v=2026040103"></script>
  <script src="/js/api-base.js?v=2026031401"></script>
  <script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script>
  <script src="/js/vacation-common.js"></script>
--- a/system1-factory/web/pages/attendance/vacation-management.html
+++ b/system1-factory/web/pages/attendance/vacation-management.html
@@ -215,7 +215,7 @@
        </div>
    </div>

-  <script src="/static/js/tkfb-core.js?v=2026040102"></script>
+  <script src="/static/js/tkfb-core.js?v=2026040103"></script>
  <script src="/js/api-base.js?v=2026031401"></script>
  <script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script>
  <script src="/js/vacation-common.js"></script>
--- a/system1-factory/web/pages/attendance/vacation-request.html
+++ b/system1-factory/web/pages/attendance/vacation-request.html
@@ -117,7 +117,7 @@
        </div>
    </div>

-  <script src="/static/js/tkfb-core.js?v=2026040102"></script>
+  <script src="/static/js/tkfb-core.js?v=2026040103"></script>
  <script src="/js/api-base.js?v=2026031401"></script>
  <script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script>
  <script src="/js/vacation-common.js"></script>
--- a/system1-factory/web/pages/attendance/work-status.html
+++ b/system1-factory/web/pages/attendance/work-status.html
@@ -286,7 +286,7 @@
        </div>
    </div>

-  <script src="/static/js/tkfb-core.js?v=2026040102"></script>
+  <script src="/static/js/tkfb-core.js?v=2026040103"></script>
  <script src="/js/api-base.js?v=2026031401"></script>
  <script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script>
  <script>
--- a/system1-factory/web/pages/dashboard-new.html
+++ b/system1-factory/web/pages/dashboard-new.html
@@ -47,7 +47,7 @@
        </div>
    </div>

-    <script src="/static/js/tkfb-core.js?v=2026040102"></script>
+    <script src="/static/js/tkfb-core.js?v=2026040103"></script>
    <script src="/js/production-dashboard.js?v=2026040103"></script>
    <script src="/static/js/shared-bottom-nav.js?v=2026040102"></script>
 </body>
--- a/system1-factory/web/pages/dashboard.html
+++ b/system1-factory/web/pages/dashboard.html
@@ -324,7 +324,7 @@
        </div>
    </div>

-    <script src="/static/js/tkfb-core.js?v=2026040102"></script>
+    <script src="/static/js/tkfb-core.js?v=2026040103"></script>
    <script src="/js/api-base.js?v=2026031401"></script>
    <script type="module" src="/js/modern-dashboard.js?v=2026031401"></script>
    <script type="module" src="/js/group-leader-dashboard.js?v=2026031401"></script>
--- a/system1-factory/web/pages/inspection/daily-patrol.html
+++ b/system1-factory/web/pages/inspection/daily-patrol.html
@@ -209,7 +209,7 @@
      }, 50);
    })();
  </script>
-  <script src="/static/js/tkfb-core.js?v=2026040102"></script>
+  <script src="/static/js/tkfb-core.js?v=2026040103"></script>
  <script src="/js/api-base.js?v=2026031401"></script>
  <script src="/js/daily-patrol.js?v=2026031401"></script>
  <script>initAuth();</script>
--- a/system1-factory/web/pages/inspection/zone-detail.html
+++ b/system1-factory/web/pages/inspection/zone-detail.html
@@ -304,7 +304,7 @@
      }, 50);
    })();
  </script>
-  <script src="/static/js/tkfb-core.js?v=2026040102"></script>
+  <script src="/static/js/tkfb-core.js?v=2026040103"></script>
  <script src="/js/api-base.js?v=2026031401"></script>
  <script src="/js/zone-detail.js?v=2026031401"></script>
  <script>initAuth();</script>
--- a/system1-factory/web/pages/profile/info.html
+++ b/system1-factory/web/pages/profile/info.html
@@ -320,7 +320,7 @@
        </div>
    </div>

-  <script src="/static/js/tkfb-core.js?v=2026040102"></script>
+  <script src="/static/js/tkfb-core.js?v=2026040103"></script>
  <script src="/js/api-base.js?v=2026031401"></script>
  <script type="module" src="/js/my-profile.js"></script>
  <script>initAuth();</script>
--- a/system1-factory/web/pages/profile/password.html
+++ b/system1-factory/web/pages/profile/password.html
@@ -390,7 +390,7 @@
        </div>
    </div>

-  <script src="/static/js/tkfb-core.js?v=2026040102"></script>
+  <script src="/static/js/tkfb-core.js?v=2026040103"></script>
  <script>initAuth();</script>
  <script src="/js/change-password.js?v=2026040101"></script>
 </body>
--- a/system1-factory/web/pages/work/analysis.html
+++ b/system1-factory/web/pages/work/analysis.html
@@ -277,7 +277,7 @@
        </div>
    </div>

-    <script src="/static/js/tkfb-core.js?v=2026040102"></script>
+    <script src="/static/js/tkfb-core.js?v=2026040103"></script>
    <script src="/js/api-base.js?v=2026031401"></script>
    <script type="module" src="/js/work-analysis.js?v=2026031401"></script>

--- a/system1-factory/web/pages/work/daily-status.html
+++ b/system1-factory/web/pages/work/daily-status.html
@@ -163,7 +163,7 @@
        </div>
    </div>

-    <script src="/static/js/tkfb-core.js?v=2026040102"></script>
+    <script src="/static/js/tkfb-core.js?v=2026040103"></script>
    <script src="/js/api-base.js?v=2026031701"></script>
    <script src="/js/daily-status.js?v=2026033001"></script>
 </body>
--- a/system1-factory/web/pages/work/meeting-detail.html
+++ b/system1-factory/web/pages/work/meeting-detail.html
@@ -193,7 +193,7 @@
        </div>
    </div>

-    <script src="/static/js/tkfb-core.js?v=2026040102"></script>
+    <script src="/static/js/tkfb-core.js?v=2026040103"></script>
    <script src="/js/meeting-detail.js?v=2026031701"></script>
 </body>
 </html>
--- a/system1-factory/web/pages/work/meetings.html
+++ b/system1-factory/web/pages/work/meetings.html
@@ -80,7 +80,7 @@
        </div>
    </div>

-    <script src="/static/js/tkfb-core.js?v=2026040102"></script>
+    <script src="/static/js/tkfb-core.js?v=2026040103"></script>
    <script src="/js/meetings.js?v=2026031701"></script>
 </body>
 </html>
--- a/system1-factory/web/pages/work/proxy-input.html
+++ b/system1-factory/web/pages/work/proxy-input.html
@@ -114,7 +114,7 @@
        </div>
    </div>

-    <script src="/static/js/tkfb-core.js?v=2026040102"></script>
+    <script src="/static/js/tkfb-core.js?v=2026040103"></script>
    <script src="/js/api-base.js?v=2026031701"></script>
    <script src="/js/proxy-input.js?v=2026033202"></script>
    <script>initAuth();</script>
--- a/system1-factory/web/pages/work/report-create-mobile.html
+++ b/system1-factory/web/pages/work/report-create-mobile.html
@@ -190,7 +190,7 @@
  </div>

  <!-- 공통 모듈 -->
-  <script src="/static/js/tkfb-core.js?v=2026040102"></script>
+  <script src="/static/js/tkfb-core.js?v=2026040103"></script>
  <script src="/js/api-base.js?v=2026031401"></script>
  <script src="/js/common/utils.js?v=2026031401"></script>
  <script src="/js/common/base-state.js?v=2026031401"></script>
--- a/system1-factory/web/pages/work/report-create.html
+++ b/system1-factory/web/pages/work/report-create.html
@@ -149,7 +149,7 @@
        </div>
    </div>

-    <script src="/static/js/tkfb-core.js?v=2026040102"></script>
+    <script src="/static/js/tkfb-core.js?v=2026040103"></script>
    <script src="/js/api-base.js?v=2026031401"></script>
    <script src="/js/common/utils.js?v=2026031401"></script>
    <script src="/js/common/base-state.js?v=2026031401"></script>
--- a/system1-factory/web/pages/work/schedule.html
+++ b/system1-factory/web/pages/work/schedule.html
@@ -347,7 +347,7 @@
        </div>
    </div>

-    <script src="/static/js/tkfb-core.js?v=2026040102"></script>
+    <script src="/static/js/tkfb-core.js?v=2026040103"></script>
    <script src="/js/schedule.js?v=2026031701"></script>
    <script>
    // 표준공정 생성 모달
--- a/system1-factory/web/pages/work/tbm-create.html
+++ b/system1-factory/web/pages/work/tbm-create.html
@@ -843,7 +843,7 @@
    </div>

    <!-- Scripts -->
-    <script src="/static/js/tkfb-core.js?v=2026040102"></script>
+    <script src="/static/js/tkfb-core.js?v=2026040103"></script>
    <script src="/js/api-base.js?v=2026040101"></script>
    <!-- 공통 모듈 -->
    <script src="/js/common/utils.js?v=2026040101"></script>
--- a/system1-factory/web/pages/work/tbm-mobile.html
+++ b/system1-factory/web/pages/work/tbm-mobile.html
@@ -264,7 +264,7 @@
    </div>

    <!-- 공통 모듈 -->
-    <script src="/static/js/tkfb-core.js?v=2026040102"></script>
+    <script src="/static/js/tkfb-core.js?v=2026040103"></script>
    <script src="/js/api-base.js?v=2026040101"></script>
    <script src="/js/common/utils.js?v=2026040101"></script>
    <script src="/js/common/base-state.js?v=2026040101"></script>
--- a/system1-factory/web/pages/work/tbm.html
+++ b/system1-factory/web/pages/work/tbm.html
@@ -573,7 +573,7 @@
    <!-- 토스트 -->
    <div class="toast-container" id="toastContainer"></div>

-    <script src="/static/js/tkfb-core.js?v=2026040102"></script>
+    <script src="/static/js/tkfb-core.js?v=2026040103"></script>
    <script src="/js/api-base.js?v=2026031602"></script>
    <script src="/js/common/utils.js?v=2026031602"></script>
    <script src="/js/common/base-state.js?v=2026031602"></script>
--- a/system1-factory/web/static/js/tkfb-core.js
+++ b/system1-factory/web/static/js/tkfb-core.js
@@ -202,8 +202,7 @@ function renderNavbar(accessibleKeys) {
        const visibleItems = entry.items.filter(item => {
            if (item.admin && !isAdmin) return false;
            if (isAdmin) return true;
-            // NAV_MENU에 admin 아닌 항목은 공개 (publicPageKeys 대응)
-            if (!item.admin) return true;
+            if (item.external) return true;
            return accessibleKeys.includes(item.key);
        });

@@ -283,16 +282,13 @@ async function initAuth() {
    let accessibleKeys = [];
    if (!isAdmin) {
        accessibleKeys = await _fetchPageAccess(currentUser.id);
-        // NAV_MENU에서 admin/restricted가 아닌 페이지는 모든 인증 사용자에게 공개
-        const publicPageKeys = NAV_MENU.flatMap(entry => {
-            if (!entry.items) return entry.key ? [entry.key] : [];
-            if (entry.admin) return [];
-            return entry.items.filter(item => !item.admin && !item.restricted).map(item => item.key);
-        });
-        // 현재 페이지 접근 권한 확인
+        if (accessibleKeys.length === 0) {
+            console.warn('[PageAccess] 접근 가능 페이지가 없거나 권한 조회 실패');
+        }
+        // 현재 페이지 접근 권한 확인 (dashboard, profile은 전체 공개)
        const pageKey = _getCurrentPageKey();
        if (pageKey && pageKey !== 'dashboard' && !pageKey.startsWith('profile.')) {
-            if (!publicPageKeys.includes(pageKey) && !accessibleKeys.includes(pageKey)) {
+            if (!accessibleKeys.includes(pageKey)) {
                alert('이 페이지에 접근할 권한이 없습니다.');
                location.href = '/pages/dashboard-new.html';
                return false;