a6724b2a20
- 9개 라우트 파일의 쓰기 작업을 requireAdminOrPermission으로 전환 - 권한 관리에서 tkuser.* 권한 부여 시 일반 사용자도 해당 탭 접근 가능 - GET(참조 데이터)은 requireAuth 유지, permissionRoutes는 admin 전용 유지 - 기존 partnerRoutes.js 패턴과 동일한 방식 적용 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
35 lines
1.4 KiB
JavaScript
35 lines
1.4 KiB
JavaScript
/**
|
|
* Vacation Routes
|
|
*
|
|
* 휴가 유형 + 연차 배정 라우팅
|
|
* Sprint 001: worker → user 전환 + 장기근속
|
|
*/
|
|
|
|
const express = require('express');
|
|
const router = express.Router();
|
|
const vc = require('../controllers/vacationController');
|
|
const { requireAuth, requireAdminOrPermission, requireMinLevel } = require('../middleware/auth');
|
|
|
|
const vacPerm = requireAdminOrPermission('tkuser.vacations');
|
|
|
|
// Vacation Types (휴가 유형)
|
|
router.get('/types', requireAuth, vc.getVacationTypes);
|
|
router.post('/types', vacPerm, vc.createVacationType);
|
|
router.put('/types/priorities', vacPerm, vc.updatePriorities);
|
|
router.put('/types/:id', vacPerm, vc.updateVacationType);
|
|
router.delete('/types/:id', vacPerm, vc.deleteVacationType);
|
|
|
|
// Vacation Balances (연차 배정)
|
|
router.get('/balances/year/:year', vacPerm, vc.getBalancesByYear);
|
|
router.get('/balances/user/:userId/year/:year', requireAuth, vc.getBalancesByUserYear);
|
|
router.post('/balances', vacPerm, vc.createBalance);
|
|
router.post('/balances/bulk-upsert', vacPerm, vc.bulkUpsertBalances);
|
|
router.post('/balances/auto-calculate', vacPerm, vc.autoCalculate);
|
|
router.put('/balances/:id', vacPerm, vc.updateBalance);
|
|
router.delete('/balances/:id', vacPerm, vc.deleteBalance);
|
|
|
|
// 장기근속 제외 설정
|
|
router.put('/long-service-exclusion', requireMinLevel('support_team'), vc.setLongServiceExclusion);
|
|
|
|
module.exports = router;
|