diff --git a/system1-factory/api/controllers/authController.js b/system1-factory/api/controllers/authController.js index adb2047..ee6c9ee 100644 --- a/system1-factory/api/controllers/authController.js +++ b/system1-factory/api/controllers/authController.js @@ -33,7 +33,7 @@ const login = asyncHandler(async (req, res) => { // ✅ 사용자 등록 기능 추가 const register = async (req, res) => { try { - const { username, password, name, access_level, worker_id } = req.body; + const { username, password, name, access_level } = req.body; const db = await getDb(); // 필수 필드 검증 @@ -72,9 +72,9 @@ const register = async (req, res) => { // 사용자 등록 const [result] = await db.query( - `INSERT INTO users (username, password, name, role, access_level, worker_id) - VALUES (?, ?, ?, ?, ?, ?)`, - [username, hashedPassword, name, role, access_level, worker_id] + `INSERT INTO users (username, password, name, role, access_level) + VALUES (?, ?, ?, ?, ?)`, + [username, hashedPassword, name, role, access_level] ); console.log('[사용자 등록 성공]', username); @@ -141,8 +141,8 @@ const getAllUsers = async (req, res) => { // 비밀번호 제외하고 조회 const [rows] = await db.query( - `SELECT user_id, username, name, role, access_level, worker_id, created_at - FROM users + `SELECT user_id, username, name, role, access_level, created_at + FROM users ORDER BY created_at DESC` ); diff --git a/system1-factory/api/controllers/systemController.js b/system1-factory/api/controllers/systemController.js index d03da90..017b2a0 100644 --- a/system1-factory/api/controllers/systemController.js +++ b/system1-factory/api/controllers/systemController.js @@ -243,21 +243,20 @@ exports.getAllUsers = asyncHandler(async (req, res) => { const db = await getDb(); const [users] = await db.query(` - SELECT + SELECT user_id, username, name, email, role, access_level, - worker_id, is_active, last_login_at, failed_login_attempts, locked_until, created_at, updated_at - FROM users + FROM users ORDER BY created_at DESC `); @@ -272,20 +271,20 @@ exports.getAllUsers = asyncHandler(async (req, res) => { * 사용자 생성 */ exports.createUser = asyncHandler(async (req, res) => { - const { username, password, name, email, role, access_level, worker_id } = req.body; - + const { username, password, name, email, role, access_level } = req.body; + // 스키마 기반 유효성 검사 validateSchema(req.body, schemas.createUser); - + try { const db = await getDb(); - + // 사용자명 중복 확인 const [existing] = await db.query('SELECT user_id FROM users WHERE username = ?', [username]); if (existing.length > 0) { throw new ApiError('이미 존재하는 사용자명입니다.', 409); } - + // 이메일 중복 확인 (이메일이 제공된 경우) if (email) { const [existingEmail] = await db.query('SELECT user_id FROM users WHERE email = ?', [email]); @@ -293,15 +292,15 @@ exports.createUser = asyncHandler(async (req, res) => { throw new ApiError('이미 사용 중인 이메일입니다.', 409); } } - + // 비밀번호 해시화 const hashedPassword = await bcrypt.hash(password, 10); - + // 사용자 생성 const [result] = await db.query(` - INSERT INTO users (username, password, name, email, role, access_level, worker_id, is_active, created_at, password_changed_at) - VALUES (?, ?, ?, ?, ?, ?, ?, 1, NOW(), NOW()) - `, [username, hashedPassword, name, email || null, role, access_level || role, worker_id || null]); + INSERT INTO users (username, password, name, email, role, access_level, is_active, created_at, password_changed_at) + VALUES (?, ?, ?, ?, ?, ?, 1, NOW(), NOW()) + `, [username, hashedPassword, name, email || null, role, access_level || role]); // 비밀번호 변경 로그 기록 await db.query(` @@ -322,9 +321,9 @@ exports.createUser = asyncHandler(async (req, res) => { exports.updateUser = async (req, res) => { try { const { id } = req.params; - const { name, email, role, access_level, is_active, worker_id } = req.body; + const { name, email, role, access_level, is_active } = req.body; const db = await getDb(); - + // 사용자 존재 확인 const [user] = await db.query('SELECT user_id FROM users WHERE user_id = ?', [id]); if (user.length === 0) { @@ -333,11 +332,11 @@ exports.updateUser = async (req, res) => { error: '해당 사용자를 찾을 수 없습니다.' }); } - + // 이메일 중복 확인 (다른 사용자가 사용 중인지) if (email) { const [existingEmail] = await db.query( - 'SELECT user_id FROM users WHERE email = ? AND user_id != ?', + 'SELECT user_id FROM users WHERE email = ? AND user_id != ?', [email, id] ); if (existingEmail.length > 0) { @@ -347,13 +346,13 @@ exports.updateUser = async (req, res) => { }); } } - + // 사용자 정보 업데이트 await db.query(` - UPDATE users - SET name = ?, email = ?, role = ?, access_level = ?, is_active = ?, worker_id = ?, updated_at = NOW() + UPDATE users + SET name = ?, email = ?, role = ?, access_level = ?, is_active = ?, updated_at = NOW() WHERE user_id = ? - `, [name, email || null, role, access_level || role, is_active ? 1 : 0, worker_id || null, id]); + `, [name, email || null, role, access_level || role, is_active ? 1 : 0, id]); res.json({ success: true, diff --git a/system1-factory/api/controllers/userController.js b/system1-factory/api/controllers/userController.js index 92684a2..2772976 100644 --- a/system1-factory/api/controllers/userController.js +++ b/system1-factory/api/controllers/userController.js @@ -43,7 +43,6 @@ const getAllUsers = asyncHandler(async (req, res) => { r.name as role, u._access_level_old as access_level, u.is_active, - u.worker_id, w.worker_name, w.department_id, d.department_name, @@ -52,7 +51,7 @@ const getAllUsers = asyncHandler(async (req, res) => { u.last_login_at as last_login FROM users u LEFT JOIN roles r ON u.role_id = r.id - LEFT JOIN workers w ON u.worker_id = w.worker_id + LEFT JOIN workers w ON w.user_id = u.user_id LEFT JOIN departments d ON w.department_id = d.department_id ORDER BY u.created_at DESC `; @@ -224,7 +223,7 @@ const updateUser = asyncHandler(async (req, res) => { checkAdminPermission(req.user); const { id } = req.params; - const { username, name, email, role, role_id, password, worker_id } = req.body; + const { username, name, email, role, role_id, password } = req.body; if (!id || isNaN(id)) { throw new ValidationError('유효하지 않은 사용자 ID입니다'); @@ -233,7 +232,7 @@ const updateUser = asyncHandler(async (req, res) => { logger.info('사용자 수정 요청', { userId: id, body: req.body }); // 최소 하나의 수정 필드가 필요 - if (!username && !name && email === undefined && !role && !role_id && !password && worker_id === undefined) { + if (!username && !name && email === undefined && !role && !role_id && !password) { throw new ValidationError('수정할 필드가 없습니다'); } @@ -324,22 +323,6 @@ const updateUser = asyncHandler(async (req, res) => { values.push(hashedPassword); } - // worker_id 업데이트 (null도 허용 - 연결 해제) - if (worker_id !== undefined) { - if (worker_id !== null) { - // worker_id가 유효한지 확인 - const [workerCheck] = await db.execute('SELECT worker_id, worker_name FROM workers WHERE worker_id = ?', [worker_id]); - if (workerCheck.length === 0) { - throw new ValidationError('유효하지 않은 작업자 ID입니다'); - } - logger.info('작업자 연결', { userId: id, worker_id, worker_name: workerCheck[0].worker_name }); - } else { - logger.info('작업자 연결 해제', { userId: id }); - } - updates.push('worker_id = ?'); - values.push(worker_id); - } - updates.push('updated_at = NOW()'); values.push(id); diff --git a/system1-factory/api/controllers/workerController.js b/system1-factory/api/controllers/workerController.js index 18c745f..2693664 100644 --- a/system1-factory/api/controllers/workerController.js +++ b/system1-factory/api/controllers/workerController.js @@ -28,7 +28,7 @@ exports.createWorker = asyncHandler(async (req, res) => { const lastID = await workerModel.create(workerData); - // 계정 생성 요청이 있으면 users 테이블에 계정 생성 + // 계정 생성 요청이 있으면 users 테이블에 계정 생성 + workers.user_id 연결 if (createAccount && workerData.worker_name) { try { const db = await getDb(); @@ -39,13 +39,17 @@ exports.createWorker = asyncHandler(async (req, res) => { const [userRole] = await db.query('SELECT id FROM roles WHERE name = ?', ['User']); if (userRole && userRole.length > 0) { - await db.query( - `INSERT INTO users (username, password, name, worker_id, role_id, created_at, updated_at) - VALUES (?, ?, ?, ?, ?, NOW(), NOW())`, - [username, hashedPassword, workerData.worker_name, lastID, userRole[0].id] + const [insertResult] = await db.query( + `INSERT INTO users (username, password, name, role_id, created_at, updated_at) + VALUES (?, ?, ?, ?, NOW(), NOW())`, + [username, hashedPassword, workerData.worker_name, userRole[0].id] ); - logger.info('작업자 계정 자동 생성 성공', { worker_id: lastID, username }); + // workers.user_id 연결 + const newUserId = insertResult.insertId; + await db.query('UPDATE workers SET user_id = ? WHERE worker_id = ?', [newUserId, lastID]); + + logger.info('작업자 계정 자동 생성 성공', { worker_id: lastID, user_id: newUserId, username }); } } catch (accountError) { logger.error('계정 생성 실패 (작업자는 생성됨)', { worker_id: lastID, error: accountError.message }); @@ -109,7 +113,7 @@ exports.getWorkerById = asyncHandler(async (req, res) => { throw new ValidationError('유효하지 않은 작업자 ID입니다'); } - const row = await workerModel.getById(id); + const row = await workerModel.getByUserId(id); if (!row) { throw new NotFoundError('작업자를 찾을 수 없습니다'); @@ -132,18 +136,18 @@ exports.updateWorker = asyncHandler(async (req, res) => { throw new ValidationError('유효하지 않은 작업자 ID입니다'); } - const workerData = { ...req.body, worker_id: id }; + const workerData = { ...req.body, user_id: id }; const createAccount = req.body.create_account; console.log('🔧 작업자 수정 요청:', { - worker_id: id, + user_id: id, 받은데이터: req.body, 처리할데이터: workerData, create_account: createAccount }); - // 먼저 현재 작업자 정보 조회 (계정 여부 확인용) - const currentWorker = await workerModel.getById(id); + // 먼저 현재 작업자 정보 조회 (계정 여부 확인용, user_id 기준) + const currentWorker = await workerModel.getByUserId(id); if (!currentWorker) { throw new NotFoundError('작업자를 찾을 수 없습니다'); @@ -158,61 +162,43 @@ exports.updateWorker = asyncHandler(async (req, res) => { let accountAction = null; let accountUsername = null; - console.log('🔍 계정 생성 체크:', { - createAccount, - hasAccount, - currentWorker_user_id: currentWorker.user_id, - worker_name: workerData.worker_name - }); - if (createAccount && !hasAccount && workerData.worker_name) { // 계정 생성 - console.log('✅ 계정 생성 로직 시작'); try { - console.log('🔑 사용자명 생성 중...'); const username = await generateUniqueUsername(workerData.worker_name, db); - console.log('🔑 생성된 사용자명:', username); - const hashedPassword = await bcrypt.hash('1234', 10); - console.log('🔒 비밀번호 해싱 완료'); - // User 역할 조회 - console.log('👤 User 역할 조회 중...'); const [userRole] = await db.query('SELECT id FROM roles WHERE name = ?', ['User']); - console.log('👤 User 역할 조회 결과:', userRole); if (userRole && userRole.length > 0) { - console.log('💾 계정 DB 삽입 시작...'); - await db.query( - `INSERT INTO users (username, password, name, worker_id, role_id, created_at, updated_at) - VALUES (?, ?, ?, ?, ?, NOW(), NOW())`, - [username, hashedPassword, workerData.worker_name, id, userRole[0].id] + const [insertResult] = await db.query( + `INSERT INTO users (username, password, name, role_id, created_at, updated_at) + VALUES (?, ?, ?, ?, NOW(), NOW())`, + [username, hashedPassword, workerData.worker_name, userRole[0].id] ); - console.log('✅ 계정 DB 삽입 완료'); + + // workers.user_id 연결 + const newUserId = insertResult.insertId; + await db.query('UPDATE workers SET user_id = ? WHERE user_id = ?', [newUserId, id]); accountAction = 'created'; accountUsername = username; - logger.info('작업자 계정 생성 성공', { worker_id: id, username }); - } else { - console.log('❌ User 역할을 찾을 수 없음'); + logger.info('작업자 계정 생성 성공', { user_id: id, new_user_id: newUserId, username }); } } catch (accountError) { - console.error('❌ 계정 생성 오류:', accountError); - logger.error('계정 생성 실패', { worker_id: id, error: accountError.message }); + logger.error('계정 생성 실패', { user_id: id, error: accountError.message }); accountAction = 'failed'; } - } else { - console.log('⏭️ 계정 생성 조건 불만족:', { createAccount, hasAccount, hasWorkerName: !!workerData.worker_name }); } if (!createAccount && hasAccount) { - // 계정 연동 해제 (users.worker_id = NULL) + // 계정 연동 해제 (workers.user_id = NULL) try { - await db.query('UPDATE users SET worker_id = NULL WHERE worker_id = ?', [id]); + await db.query('UPDATE workers SET user_id = NULL WHERE user_id = ?', [id]); accountAction = 'unlinked'; - logger.info('작업자 계정 연동 해제 성공', { worker_id: id }); + logger.info('작업자 계정 연동 해제 성공', { user_id: id }); } catch (unlinkError) { - logger.error('계정 연동 해제 실패', { worker_id: id, error: unlinkError.message }); + logger.error('계정 연동 해제 실패', { user_id: id, error: unlinkError.message }); accountAction = 'unlink_failed'; } } else if (createAccount && hasAccount) { @@ -220,10 +206,10 @@ exports.updateWorker = asyncHandler(async (req, res) => { } // 작업자 관련 캐시 무효화 - logger.info('작업자 수정 후 캐시 무효화', { worker_id: id }); + logger.info('작업자 수정 후 캐시 무효화', { user_id: id }); await cache.invalidateCache.worker(); - logger.info('작업자 수정 성공', { worker_id: id }); + logger.info('작업자 수정 성공', { user_id: id }); // 응답 메시지 구성 let message = '작업자 정보가 성공적으로 수정되었습니다'; @@ -265,11 +251,11 @@ exports.removeWorker = asyncHandler(async (req, res) => { } // 작업자 관련 캐시 무효화 - logger.info('작업자 삭제 후 캐시 무효화 시작', { worker_id: id }); + logger.info('작업자 삭제 후 캐시 무효화 시작', { user_id: id }); await cache.invalidateCache.worker(); await cache.delPattern('workers:*'); await cache.flush(); - logger.info('작업자 삭제 후 캐시 무효화 완료', { worker_id: id }); + logger.info('작업자 삭제 후 캐시 무효화 완료', { user_id: id }); res.json({ success: true, diff --git a/system1-factory/api/models/workerModel.js b/system1-factory/api/models/workerModel.js index bb1315b..9612825 100644 --- a/system1-factory/api/models/workerModel.js +++ b/system1-factory/api/models/workerModel.js @@ -166,32 +166,34 @@ const update = async (worker) => { return result.affectedRows; }; -// 5. 삭제 (외래키 제약조건 처리) -const remove = async (worker_id) => { +// 5. 삭제 (user_id 기반 - 외래키 제약조건 처리) +const remove = async (userId) => { const db = await getDb(); const conn = await db.getConnection(); try { await conn.beginTransaction(); - console.log(`🗑️ 작업자 삭제 시작: worker_id=${worker_id}`); + console.log(`🗑️ 작업자 삭제 시작: user_id=${userId}`); // 안전한 삭제: 각 테이블을 개별적으로 처리하고 오류가 발생해도 계속 진행 const tables = [ - { name: 'users', query: 'UPDATE users SET worker_id = NULL WHERE worker_id = ?', action: '업데이트' }, - { name: 'Users', query: 'UPDATE Users SET worker_id = NULL WHERE worker_id = ?', action: '업데이트' }, - { name: 'daily_issue_reports', query: 'DELETE FROM daily_issue_reports WHERE worker_id = ?', action: '삭제' }, - { name: 'DailyIssueReports', query: 'DELETE FROM DailyIssueReports WHERE worker_id = ?', action: '삭제' }, - { name: 'work_reports', query: 'DELETE FROM work_reports WHERE worker_id = ?', action: '삭제' }, - { name: 'WorkReports', query: 'DELETE FROM WorkReports WHERE worker_id = ?', action: '삭제' }, - { name: 'daily_work_reports', query: 'DELETE FROM daily_work_reports WHERE worker_id = ?', action: '삭제' }, - { name: 'monthly_worker_status', query: 'DELETE FROM monthly_worker_status WHERE worker_id = ?', action: '삭제' }, - { name: 'worker_groups', query: 'DELETE FROM worker_groups WHERE worker_id = ?', action: '삭제' } + { name: 'DailyIssueReports', query: 'DELETE FROM DailyIssueReports WHERE user_id = ?', action: '삭제' }, + { name: 'WorkReports', query: 'DELETE FROM WorkReports WHERE user_id = ?', action: '삭제' }, + { name: 'daily_work_reports', query: 'DELETE FROM daily_work_reports WHERE user_id = ?', action: '삭제' }, + { name: 'daily_attendance_records', query: 'DELETE FROM daily_attendance_records WHERE user_id = ?', action: '삭제' }, + { name: 'daily_worker_summary', query: 'DELETE FROM daily_worker_summary WHERE user_id = ?', action: '삭제' }, + { name: 'tbm_team_assignments', query: 'DELETE FROM tbm_team_assignments WHERE user_id = ?', action: '삭제' }, + { name: 'tbm_transfers', query: 'DELETE FROM tbm_transfers WHERE user_id = ?', action: '삭제' }, + { name: 'vacation_requests', query: 'DELETE FROM vacation_requests WHERE user_id = ?', action: '삭제' }, + { name: 'vacation_balance_details', query: 'DELETE FROM vacation_balance_details WHERE user_id = ?', action: '삭제' }, + { name: 'worker_vacation_balance', query: 'DELETE FROM worker_vacation_balance WHERE user_id = ?', action: '삭제' }, + { name: 'worker_groups', query: 'DELETE FROM worker_groups WHERE user_id = ?', action: '삭제' } ]; for (const table of tables) { try { - const [result] = await conn.query(table.query, [worker_id]); + const [result] = await conn.query(table.query, [userId]); if (result.affectedRows > 0) { console.log(`✅ ${table.name} 테이블 ${table.action}: ${result.affectedRows}건`); } @@ -202,8 +204,8 @@ const remove = async (worker_id) => { // 마지막으로 작업자 삭제 const [result] = await conn.query( - `DELETE FROM workers WHERE worker_id = ?`, - [worker_id] + `DELETE FROM workers WHERE user_id = ?`, + [userId] ); console.log(`✅ 작업자 삭제 완료: ${result.affectedRows}건`); @@ -212,7 +214,7 @@ const remove = async (worker_id) => { } catch (err) { await conn.rollback(); - console.error(`❌ 작업자 삭제 오류 (worker_id: ${worker_id}):`, err); + console.error(`❌ 작업자 삭제 오류 (user_id: ${userId}):`, err); throw new Error(`작업자 삭제 중 오류가 발생했습니다: ${err.message}`); } finally { conn.release(); diff --git a/system1-factory/api/routes/authRoutes.js b/system1-factory/api/routes/authRoutes.js index 9a92881..03c6a31 100644 --- a/system1-factory/api/routes/authRoutes.js +++ b/system1-factory/api/routes/authRoutes.js @@ -161,11 +161,10 @@ router.post('/refresh-token', async (req, res) => { // 새 토큰 발급 const newToken = jwt.sign( - { + { user_id: user.user_id, username: user.username, access_level: user.access_level, - worker_id: user.worker_id, name: user.name || user.username }, process.env.JWT_SECRET || 'your-secret-key', @@ -456,10 +455,10 @@ router.get('/me', verifyToken, async (req, res) => { connection = await mysql.createConnection(dbConfig); const [rows] = await connection.execute( - 'SELECT user_id, username, name, email, access_level, worker_id, last_login_at, created_at FROM users WHERE user_id = ?', + 'SELECT user_id, username, name, email, access_level, last_login_at, created_at FROM users WHERE user_id = ?', [userId] ); - + if (rows.length === 0) { return res.status(404).json({ error: '사용자를 찾을 수 없습니다.' }); } @@ -471,7 +470,6 @@ router.get('/me', verifyToken, async (req, res) => { name: user.name || user.username, email: user.email, access_level: user.access_level, - worker_id: user.worker_id, last_login_at: user.last_login_at, created_at: user.created_at }); @@ -493,43 +491,43 @@ router.post('/register', verifyToken, async (req, res) => { let connection; try { - const { username, password, name, email, access_level, worker_id } = req.body; + const { username, password, name, email, access_level } = req.body; // 권한 확인 (admin 이상만 사용자 등록 가능) if (!['admin', 'system'].includes(req.user.access_level)) { - return res.status(403).json({ + return res.status(403).json({ success: false, - error: '사용자 등록 권한이 없습니다.' + error: '사용자 등록 권한이 없습니다.' }); } if (!username || !password || !name || !access_level) { - return res.status(400).json({ + return res.status(400).json({ success: false, - error: '필수 항목을 모두 입력해주세요.' + error: '필수 항목을 모두 입력해주세요.' }); } // 비밀번호 강도 검증 if (password.length < 6) { - return res.status(400).json({ + return res.status(400).json({ success: false, - error: '비밀번호는 최소 6자 이상이어야 합니다.' + error: '비밀번호는 최소 6자 이상이어야 합니다.' }); } connection = await mysql.createConnection(dbConfig); - + // 사용자명 중복 체크 const [existing] = await connection.execute( 'SELECT user_id FROM users WHERE username = ?', [username] ); - + if (existing.length > 0) { - return res.status(409).json({ + return res.status(409).json({ success: false, - error: '이미 존재하는 사용자명입니다.' + error: '이미 존재하는 사용자명입니다.' }); } @@ -539,11 +537,11 @@ router.post('/register', verifyToken, async (req, res) => { 'SELECT user_id FROM users WHERE email = ?', [email] ); - + if (existingEmail.length > 0) { - return res.status(409).json({ + return res.status(409).json({ success: false, - error: '이미 사용 중인 이메일입니다.' + error: '이미 사용 중인 이메일입니다.' }); } } @@ -553,9 +551,9 @@ router.post('/register', verifyToken, async (req, res) => { // 사용자 추가 const [result] = await connection.execute( - `INSERT INTO Users (username, password, name, email, access_level, worker_id, is_active, created_at, password_changed_at) - VALUES (?, ?, ?, ?, ?, ?, TRUE, NOW(), NOW())`, - [username, hashedPassword, name, email || null, access_level, worker_id || null] + `INSERT INTO Users (username, password, name, email, access_level, is_active, created_at, password_changed_at) + VALUES (?, ?, ?, ?, ?, TRUE, NOW(), NOW())`, + [username, hashedPassword, name, email || null, access_level] ); // 비밀번호 변경 로그 기록 (초기 설정) @@ -578,8 +576,7 @@ router.post('/register', verifyToken, async (req, res) => { username, name, email: email || null, - access_level, - worker_id: worker_id || null + access_level } }); @@ -615,7 +612,6 @@ router.get('/users', verifyToken, async (req, res) => { u.role_id, r.name as role_name, u._access_level_old as access_level, - u.worker_id, u.is_active, u.last_login_at, u.created_at @@ -649,8 +645,7 @@ router.get('/users', verifyToken, async (req, res) => { email: user.email, role_id: user.role_id, role_name: user.role_name, - access_level: user.access_level || user.role_name?.toLowerCase(), // 하위 호환성 - worker_id: user.worker_id, + access_level: user.access_level || user.role_name?.toLowerCase(), is_active: user.is_active, last_login_at: user.last_login_at, created_at: user.created_at @@ -676,22 +671,22 @@ router.put('/users/:id', verifyToken, async (req, res) => { try { const userId = parseInt(req.params.id); - const { name, email, access_level, worker_id, password, is_active } = req.body; + const { name, email, access_level, password, is_active } = req.body; // 권한 확인 if (!['admin', 'system'].includes(req.user.access_level)) { // 일반 사용자는 자신의 정보만 수정 가능 (이름, 이메일만) if (userId !== req.user.user_id) { - return res.status(403).json({ + return res.status(403).json({ success: false, - error: '다른 사용자의 정보를 수정할 권한이 없습니다.' + error: '다른 사용자의 정보를 수정할 권한이 없습니다.' }); } - - if (access_level || worker_id || is_active !== undefined) { - return res.status(403).json({ + + if (access_level || is_active !== undefined) { + return res.status(403).json({ success: false, - error: '권한, 작업자 ID, 활성화 상태는 관리자만 수정할 수 있습니다.' + error: '권한, 활성화 상태는 관리자만 수정할 수 있습니다.' }); } } @@ -744,11 +739,6 @@ router.put('/users/:id', verifyToken, async (req, res) => { updateValues.push(access_level); } - if (worker_id !== undefined && ['admin', 'system'].includes(req.user.access_level)) { - updateFields.push('worker_id = ?'); - updateValues.push(worker_id || null); - } - if (is_active !== undefined && ['admin', 'system'].includes(req.user.access_level)) { updateFields.push('is_active = ?'); updateValues.push(is_active); @@ -794,7 +784,7 @@ router.put('/users/:id', verifyToken, async (req, res) => { // 업데이트된 사용자 정보 조회 const [updated] = await connection.execute( - 'SELECT user_id, username, name, email, access_level, worker_id, is_active FROM users WHERE user_id = ?', + 'SELECT user_id, username, name, email, access_level, is_active FROM users WHERE user_id = ?', [userId] );