a6724b2a20
- 9개 라우트 파일의 쓰기 작업을 requireAdminOrPermission으로 전환 - 권한 관리에서 tkuser.* 권한 부여 시 일반 사용자도 해당 탭 접근 가능 - GET(참조 데이터)은 requireAuth 유지, permissionRoutes는 admin 전용 유지 - 기존 partnerRoutes.js 패턴과 동일한 방식 적용 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
29 lines
1.0 KiB
JavaScript
29 lines
1.0 KiB
JavaScript
/**
|
|
* Task Routes
|
|
*
|
|
* 공정(work-types) + 작업(tasks) 라우팅
|
|
*/
|
|
|
|
const express = require('express');
|
|
const router = express.Router();
|
|
const taskController = require('../controllers/taskController');
|
|
const { requireAuth, requireAdminOrPermission } = require('../middleware/auth');
|
|
|
|
const taskPerm = requireAdminOrPermission('tkuser.tasks');
|
|
|
|
// Work Types (공정)
|
|
router.get('/work-types', requireAuth, taskController.getWorkTypes);
|
|
router.post('/work-types', taskPerm, taskController.createWorkType);
|
|
router.put('/work-types/:id', taskPerm, taskController.updateWorkType);
|
|
router.delete('/work-types/:id', taskPerm, taskController.deleteWorkType);
|
|
|
|
// Tasks (작업)
|
|
router.get('/', requireAuth, taskController.getTasks);
|
|
router.get('/active', requireAuth, taskController.getActiveTasks);
|
|
router.get('/:id', requireAuth, taskController.getTaskById);
|
|
router.post('/', taskPerm, taskController.createTask);
|
|
router.put('/:id', taskPerm, taskController.updateTask);
|
|
router.delete('/:id', taskPerm, taskController.deleteTask);
|
|
|
|
module.exports = router;
|