hyungi/tk-factory-services
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(tkuser): 협력업체 CRUD 권한을 permission 시스템으로 확장

Browse Source 
tkuser.partners 권한이 부여된 일반 사용자도 업체/작업자 등록·수정·비활성화 가능.
완전삭제는 admin 전용 유지.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Hyungi Ahn
2026-03-16 11:23:17 +09:00
parent 5a911f1d4b
commit f711a721ec
3 changed files with 48 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
user-management/api/middleware/auth.js
View File

@@ -55,4 +55,25 @@ function requireAdmin(req, res, next) {
}
}
module.exports = { extractToken, requireAuth, requireAdmin };
/**
* 관리자 또는 특정 페이지 권한 보유자 미들웨어 팩토리
*/
function requireAdminOrPermission(pageName) {
return async (req, res, next) => {
const token = extractToken(req);
if (!token) return res.status(401).json({ success: false, error: '인증이 필요합니다' });
try {
const decoded = jwt.verify(token, JWT_SECRET);
req.user = decoded;
if (['admin', 'system'].includes((decoded.role || '').toLowerCase())) return next();
const { checkAccess } = require('../models/permissionModel');
const result = await checkAccess(decoded.user_id || decoded.id, pageName);
if (result.can_access) return next();
return res.status(403).json({ success: false, error: '권한이 없습니다' });
} catch {
return res.status(401).json({ success: false, error: '유효하지 않은 토큰입니다' });
}
};
}
module.exports = { extractToken, requireAuth, requireAdmin, requireAdminOrPermission };

15
user-management/api/routes/partnerRoutes.js
View File

@@ -1,7 +1,8 @@
const express = require('express');
const router = express.Router();
const { requireAuth, requireAdmin } = require('../middleware/auth');
const { requireAuth, requireAdmin, requireAdminOrPermission } = require('../middleware/auth');
const ctrl = require('../controllers/partnerController');
const partnerPerm = requireAdminOrPermission('tkuser.partners');
router.use(requireAuth);
@@ -9,13 +10,13 @@ router.get('/', ctrl.list);
router.get('/:id/delete-info', requireAdmin, ctrl.getDeleteInfo);
router.delete('/:id/permanent', requireAdmin, ctrl.permanentDelete);
router.get('/:id', ctrl.getById);
router.post('/', requireAdmin, ctrl.create);
router.put('/:id', requireAdmin, ctrl.update);
router.delete('/:id', requireAdmin, ctrl.deactivate);
router.post('/', partnerPerm, ctrl.create);
router.put('/:id', partnerPerm, ctrl.update);
router.delete('/:id', partnerPerm, ctrl.deactivate);
router.get('/:id/workers', ctrl.listWorkers);
router.post('/:id/workers', requireAdmin, ctrl.createWorker);
router.put('/workers/:id', requireAdmin, ctrl.updateWorker);
router.delete('/workers/:id', requireAdmin, ctrl.deactivateWorker);
router.post('/:id/workers', partnerPerm, ctrl.createWorker);
router.put('/workers/:id', partnerPerm, ctrl.updateWorker);
router.delete('/workers/:id', partnerPerm, ctrl.deactivateWorker);
module.exports = router;