feat: 구매/안전 시스템 전면 개편 — tkpurchase 개편 + tksafety 신규 + 권한 보강

Phase 1: tkuser 협력업체 CRUD 이관 (읽기전용 → 전체 CRUD)
Phase 2: tkpurchase 개편 — 일용공 신청/확정, 작업일정, 업무현황, 계정관리, 협력업체 포털
Phase 3: tksafety 신규 시스템 — 방문관리 + 안전교육 신고
Phase 4: SSO 인증 보강 (partner_company_id JWT, 만료일 체크), 권한 테이블 기반 접근 제어

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

tkpurchase/api/controllers/workReportController.js

@@ -0,0 +1,118 @@
+const workReportModel = require('../models/workReportModel');
+const checkinModel = require('../models/checkinModel');
+
+// 작업보고 목록
+async function list(req, res) {
+  try {
+    const { company_id, date_from, date_to, schedule_id, confirmed, page, limit } = req.query;
+    const rows = await workReportModel.findAll({
+      company_id: company_id ? parseInt(company_id) : undefined,
+      date_from,
+      date_to,
+      schedule_id: schedule_id ? parseInt(schedule_id) : undefined,
+      confirmed,
+      page: page ? parseInt(page) : 1,
+      limit: limit ? parseInt(limit) : 50
+    });
+    res.json({ success: true, data: rows });
+  } catch (err) {
+    console.error('WorkReport list error:', err);
+    res.status(500).json({ success: false, error: err.message });
+  }
+}
+
+// 작업보고 상세
+async function getById(req, res) {
+  try {
+    const row = await workReportModel.findById(req.params.id);
+    if (!row) return res.status(404).json({ success: false, error: '작업보고를 찾을 수 없습니다' });
+    res.json({ success: true, data: row });
+  } catch (err) {
+    console.error('WorkReport get error:', err);
+    res.status(500).json({ success: false, error: err.message });
+  }
+}
+
+// 내 작업보고 (협력업체 포탈)
+async function myReports(req, res) {
+  try {
+    const companyId = req.user.partner_company_id;
+    if (!companyId) {
+      return res.status(403).json({ success: false, error: '협력업체 계정이 아닙니다' });
+    }
+    const { date_from, date_to, page, limit } = req.query;
+    const rows = await workReportModel.findAll({
+      company_id: companyId,
+      date_from,
+      date_to,
+      page: page ? parseInt(page) : 1,
+      limit: limit ? parseInt(limit) : 50
+    });
+    res.json({ success: true, data: rows });
+  } catch (err) {
+    console.error('WorkReport myReports error:', err);
+    res.status(500).json({ success: false, error: err.message });
+  }
+}
+
+// 작업보고 등록
+async function create(req, res) {
+  try {
+    const { checkin_id, company_id, report_date } = req.body;
+
+    if (!report_date) {
+      return res.status(400).json({ success: false, error: '보고일은 필수입니다' });
+    }
+
+    // checkin_id가 있으면 유효성 검증
+    if (checkin_id) {
+      const checkin = await checkinModel.findById(checkin_id);
+      if (!checkin) {
+        return res.status(400).json({ success: false, error: '유효하지 않은 체크인 ID입니다' });
+      }
+    }
+
+    const resolvedCompanyId = company_id || req.user.partner_company_id;
+    if (!resolvedCompanyId) {
+      return res.status(400).json({ success: false, error: '업체 정보가 필요합니다' });
+    }
+
+    const data = {
+      ...req.body,
+      company_id: resolvedCompanyId,
+      reporter_id: req.user.user_id || req.user.id
+    };
+    const row = await workReportModel.create(data);
+    res.status(201).json({ success: true, data: row });
+  } catch (err) {
+    console.error('WorkReport create error:', err);
+    res.status(500).json({ success: false, error: err.message });
+  }
+}
+
+// 작업보고 수정
+async function update(req, res) {
+  try {
+    const row = await workReportModel.update(req.params.id, req.body);
+    if (!row) return res.status(404).json({ success: false, error: '작업보고를 찾을 수 없습니다' });
+    res.json({ success: true, data: row });
+  } catch (err) {
+    console.error('WorkReport update error:', err);
+    res.status(500).json({ success: false, error: err.message });
+  }
+}
+
+// 작업보고 확인
+async function confirm(req, res) {
+  try {
+    const confirmedBy = req.user.user_id || req.user.id;
+    const row = await workReportModel.confirm(req.params.id, confirmedBy);
+    if (!row) return res.status(404).json({ success: false, error: '작업보고를 찾을 수 없습니다' });
+    res.json({ success: true, data: row });
+  } catch (err) {
+    console.error('WorkReport confirm error:', err);
+    res.status(500).json({ success: false, error: err.message });
+  }
+}
+
+module.exports = { list, getById, myReports, create, update, confirm };