fix(tkfb): 페이지 접근 권한에 부서 권한(department_page_permissions) 반영

- department_page_permissions JOIN 추가 (s1. 접두사 자동 매칭)
- 부서/개인 명시적 권한 있으면 is_admin_only 제한 해제
- 우선순위: 개인 권한 > 부서 권한 > is_default_accessible

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

system1-factory/api/routes/pageAccessRoutes.js

@@ -68,7 +68,16 @@ router.get('/users/:userId/page-access', requireAuth, async (req, res) => {
       return res.json({ success: true, data: { user, pageAccess } });
     }
 
+    // 사용자의 부서 조회
+    const [workerRows] = await db.query(`
+      SELECT w.department_id FROM sso_users su
+      LEFT JOIN workers w ON su.user_id = w.user_id
+      WHERE su.user_id = ?
+    `, [userId]);
+    const departmentId = workerRows[0]?.department_id || 0;
+
     // 일반 사용자의 페이지 접근 권한 조회
+    // department_page_permissions.page_name은 's1.' 접두사 사용, pages.page_key는 접두사 없음
     const [pageAccess] = await db.query(`
       SELECT
         p.id as page_id,
@@ -77,15 +86,20 @@ router.get('/users/:userId/page-access', requireAuth, async (req, res) => {
         p.page_path,
         p.category,
         p.is_admin_only,
-        COALESCE(upa.can_access, p.is_default_accessible, 0) as can_access,
+        COALESCE(upa.can_access, dpp.can_access, p.is_default_accessible, 0) as can_access,
         upa.granted_at,
         u2.username as granted_by_username
       FROM pages p
       LEFT JOIN user_page_access upa ON p.id = upa.page_id AND upa.user_id = ?
+      LEFT JOIN department_page_permissions dpp
+        ON dpp.department_id = ?
+        AND (dpp.page_name = CONCAT('s1.', p.page_key) OR dpp.page_name = p.page_key)
       LEFT JOIN users u2 ON upa.granted_by = u2.user_id
       WHERE p.is_admin_only = 0
+         OR upa.can_access = 1
+         OR dpp.can_access = 1
       ORDER BY p.display_order, p.page_name
-    `, [userId]);
+    `, [userId, departmentId]);
 
     res.json({ success: true, data: { user, pageAccess } });
   } catch (error) {