a6724b2a20
- 9개 라우트 파일의 쓰기 작업을 requireAdminOrPermission으로 전환 - 권한 관리에서 tkuser.* 권한 부여 시 일반 사용자도 해당 탭 접근 가능 - GET(참조 데이터)은 requireAuth 유지, permissionRoutes는 admin 전용 유지 - 기존 partnerRoutes.js 패턴과 동일한 방식 적용 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
31 lines
1.3 KiB
JavaScript
31 lines
1.3 KiB
JavaScript
/**
|
|
* Workplace Routes
|
|
*/
|
|
|
|
const express = require('express');
|
|
const router = express.Router();
|
|
const workplaceController = require('../controllers/workplaceController');
|
|
const { requireAuth, requireAdminOrPermission } = require('../middleware/auth');
|
|
const upload = require('../middleware/upload');
|
|
|
|
const wpPerm = requireAdminOrPermission('tkuser.workplaces');
|
|
|
|
router.get('/categories', requireAuth, workplaceController.getCategories);
|
|
|
|
// 구역지도 (/:id 보다 먼저 등록)
|
|
router.post('/categories/:id/layout-image', wpPerm, upload.single('image'), workplaceController.uploadCategoryLayoutImage);
|
|
router.get('/categories/:categoryId/map-regions', requireAuth, workplaceController.getMapRegionsByCategory);
|
|
router.post('/map-regions', wpPerm, workplaceController.createMapRegion);
|
|
router.put('/map-regions/:id', wpPerm, workplaceController.updateMapRegion);
|
|
router.delete('/map-regions/:id', wpPerm, workplaceController.deleteMapRegion);
|
|
|
|
router.post('/:id/layout-image', wpPerm, upload.single('image'), workplaceController.uploadWorkplaceLayoutImage);
|
|
|
|
router.get('/', requireAuth, workplaceController.getAll);
|
|
router.get('/:id', requireAuth, workplaceController.getById);
|
|
router.post('/', wpPerm, workplaceController.create);
|
|
router.put('/:id', wpPerm, workplaceController.update);
|
|
router.delete('/:id', wpPerm, workplaceController.remove);
|
|
|
|
module.exports = router;
|