hyungi/tk-factory-services
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(tkuser): 협력업체 CRUD 권한을 permission 시스템으로 확장

Browse Source 
tkuser.partners 권한이 부여된 일반 사용자도 업체/작업자 등록·수정·비활성화 가능.
완전삭제는 admin 전용 유지.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Hyungi Ahn
2026-03-16 11:23:17 +09:00
parent 5a911f1d4b
commit f711a721ec
3 changed files with 48 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
user-management/api/routes/partnerRoutes.js
View File

@@ -1,7 +1,8 @@
const express = require('express');
const router = express.Router();
const { requireAuth, requireAdmin } = require('../middleware/auth');
const { requireAuth, requireAdmin, requireAdminOrPermission } = require('../middleware/auth');
const ctrl = require('../controllers/partnerController');
const partnerPerm = requireAdminOrPermission('tkuser.partners');
router.use(requireAuth);
@@ -9,13 +10,13 @@ router.get('/', ctrl.list);
router.get('/:id/delete-info', requireAdmin, ctrl.getDeleteInfo);
router.delete('/:id/permanent', requireAdmin, ctrl.permanentDelete);
router.get('/:id', ctrl.getById);
router.post('/', requireAdmin, ctrl.create);
router.put('/:id', requireAdmin, ctrl.update);
router.delete('/:id', requireAdmin, ctrl.deactivate);
router.post('/', partnerPerm, ctrl.create);
router.put('/:id', partnerPerm, ctrl.update);
router.delete('/:id', partnerPerm, ctrl.deactivate);
router.get('/:id/workers', ctrl.listWorkers);
router.post('/:id/workers', requireAdmin, ctrl.createWorker);
router.put('/workers/:id', requireAdmin, ctrl.updateWorker);
router.delete('/workers/:id', requireAdmin, ctrl.deactivateWorker);
router.post('/:id/workers', partnerPerm, ctrl.createWorker);
router.put('/workers/:id', partnerPerm, ctrl.updateWorker);
router.delete('/workers/:id', partnerPerm, ctrl.deactivateWorker);
module.exports = router;