hyungi/tk-factory-services
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(tkuser): requireAdmin → requireAdminOrPermission 전환 — 권한 기반 접근 제어

Browse Source 
- 9개 라우트 파일의 쓰기 작업을 requireAdminOrPermission으로 전환
- 권한 관리에서 tkuser.* 권한 부여 시 일반 사용자도 해당 탭 접근 가능
- GET(참조 데이터)은 requireAuth 유지, permissionRoutes는 admin 전용 유지
- 기존 partnerRoutes.js 패턴과 동일한 방식 적용

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Hyungi Ahn
2026-03-25 14:29:28 +09:00
parent d663b9bfa6
commit a6724b2a20
9 changed files with 66 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
user-management/api/routes/vacationSettingsRoutes.js
View File

@@ -7,9 +7,9 @@
const express = require('express');
const router = express.Router();
const vsc = require('../controllers/vacationSettingsController');
const { requireAuth, requireAdmin } = require('../middleware/auth');
const { requireAuth, requireAdminOrPermission } = require('../middleware/auth');
router.get('/', requireAuth, vsc.getSettings);
router.put('/', requireAdmin, vsc.updateSettings);
router.put('/', requireAdminOrPermission('tkuser.vacation_settings'), vsc.updateSettings);
module.exports = router;