hyungi/tk-factory-services
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(tkuser): requireAdmin → requireAdminOrPermission 전환 — 권한 기반 접근 제어

Browse Source 
- 9개 라우트 파일의 쓰기 작업을 requireAdminOrPermission으로 전환
- 권한 관리에서 tkuser.* 권한 부여 시 일반 사용자도 해당 탭 접근 가능
- GET(참조 데이터)은 requireAuth 유지, permissionRoutes는 admin 전용 유지
- 기존 partnerRoutes.js 패턴과 동일한 방식 적용

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Hyungi Ahn
2026-03-25 14:29:28 +09:00
parent d663b9bfa6
commit a6724b2a20
9 changed files with 66 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
user-management/api/routes/projectRoutes.js
View File

@@ -5,13 +5,15 @@
const express = require('express');
const router = express.Router();
const projectController = require('../controllers/projectController');
const { requireAuth, requireAdmin } = require('../middleware/auth');
const { requireAuth, requireAdminOrPermission } = require('../middleware/auth');
const projectPerm = requireAdminOrPermission('tkuser.projects');
router.get('/', requireAuth, projectController.getAll);
router.get('/active', requireAuth, projectController.getActive);
router.get('/:id', requireAuth, projectController.getById);
router.post('/', requireAdmin, projectController.create);
router.put('/:id', requireAdmin, projectController.update);
router.delete('/:id', requireAdmin, projectController.remove);
router.post('/', projectPerm, projectController.create);
router.put('/:id', projectPerm, projectController.update);
router.delete('/:id', projectPerm, projectController.remove);
module.exports = router;