fix(purchase): 작업일정 삭제 시 관련 데이터 캐스케이드 삭제 (admin 전용)

- 삭제 권한을 admin 전용으로 변경 (requireAdmin) - 트랜잭션으로 reports → checkins → safety_education → schedule 순서 삭제 - 프론트엔드: admin만 삭제 버튼 표시, 종속 데이터 삭제 경고 추가 - 404 처리 및 한국어 에러 메시지 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-13 21:03:27 +09:00
parent 3e50639914
commit e8076a8550
4 changed files with 30 additions and 9 deletions
--- a/tkpurchase/api/controllers/scheduleController.js
+++ b/tkpurchase/api/controllers/scheduleController.js
@@ -198,14 +198,17 @@ async function updateStatus(req, res) {
  }
 }

-// 일정 삭제
+// 일정 삭제 (admin 전용, 관련 데이터 캐스케이드 삭제)
 async function deleteSchedule(req, res) {
  try {
-    await scheduleModel.deleteSchedule(req.params.id);
+    const result = await scheduleModel.deleteSchedule(req.params.id);
+    if (result === null) {
+      return res.status(404).json({ success: false, error: '일정을 찾을 수 없습니다' });
+    }
    res.json({ success: true, message: '삭제 완료' });
  } catch (err) {
    console.error('Schedule delete error:', err);
-    res.status(500).json({ success: false, error: err.message });
+    res.status(500).json({ success: false, error: '일정 삭제 중 오류가 발생했습니다' });
  }
 }

--- a/tkpurchase/api/models/scheduleModel.js
+++ b/tkpurchase/api/models/scheduleModel.js
@@ -113,8 +113,25 @@ async function updateStatus(id, status) {
 }

 async function deleteSchedule(id) {
+  const schedule = await findById(id);
+  if (!schedule) return null;
+
  const db = getPool();
-  await db.query('DELETE FROM partner_schedules WHERE id = ?', [id]);
+  const conn = await db.getConnection();
+  try {
+    await conn.beginTransaction();
+    await conn.query('DELETE FROM partner_work_reports WHERE schedule_id = ?', [id]);
+    await conn.query('DELETE FROM partner_work_checkins WHERE schedule_id = ?', [id]);
+    await conn.query("DELETE FROM safety_education_reports WHERE target_type = 'partner_schedule' AND target_id = ?", [id]);
+    await conn.query('DELETE FROM partner_schedules WHERE id = ?', [id]);
+    await conn.commit();
+    return true;
+  } catch (err) {
+    await conn.rollback();
+    throw err;
+  } finally {
+    conn.release();
+  }
 }

 async function findActiveByCompany(companyId) {
--- a/tkpurchase/api/routes/scheduleRoutes.js
+++ b/tkpurchase/api/routes/scheduleRoutes.js
@@ -1,6 +1,6 @@
 const express = require('express');
 const router = express.Router();
-const { requireAuth, requirePage } = require('../middleware/auth');
+const { requireAuth, requireAdmin, requirePage } = require('../middleware/auth');
 const ctrl = require('../controllers/scheduleController');

 router.use(requireAuth);
@@ -14,6 +14,6 @@ router.put('/:id', requirePage('purchasing_schedule'), ctrl.update);
 router.put('/:id/status', requirePage('purchasing_schedule'), ctrl.updateStatus);
 router.put('/:id/approve', requirePage('purchasing_schedule'), ctrl.approveRequest);
 router.put('/:id/reject', requirePage('purchasing_schedule'), ctrl.rejectRequest);
-router.delete('/:id', requirePage('purchasing_schedule'), ctrl.deleteSchedule);
+router.delete('/:id', requireAdmin, ctrl.deleteSchedule);

 module.exports = router;