테넌트 목록 조회 API 추가

2026-03-19 13:05:13 +09:00
parent 77c6610e70
commit 07f4c1258c
2 changed files with 48 additions and 2 deletions
--- a/backend/cmd/server/main.go
+++ b/backend/cmd/server/main.go
@@ -277,7 +277,7 @@ func main() {
 	auditHandler := handler.NewAuditHandler(auditRepo)
 	authHandler := handler.NewAuthHandler(redisService, idpProvider, auditRepo, oathkeeperRepo, tenantService, ketoService, ketoOutboxRepo, userRepo, consentRepo, kratosAdminService)
 	adminHandler := handler.NewAdminHandler(ketoService)
-	devHandler := handler.NewDevHandler(redisService, secretRepo, consentRepo, relyingPartyService, ketoService, authHandler)
+	devHandler := handler.NewDevHandler(redisService, secretRepo, consentRepo, relyingPartyService, ketoService, tenantService, authHandler)
 	devHandler.AuditRepo = auditRepo
 	tenantHandler := handler.NewTenantHandler(db, tenantService, userRepo, ketoService, ketoOutboxRepo, kratosAdminService)
 	userGroupHandler := handler.NewUserGroupHandler(userGroupService)
@@ -660,6 +660,7 @@ func main() {
 	// 개발자 포털 라우트 (RP/Consent 관리 및 IdP 설정)
 	dev := api.Group("/dev")
 	dev.Get("/stats", devHandler.GetStats)
+	dev.Get("/my-tenants", devHandler.ListMyTenants)
 	dev.Get("/clients", devHandler.ListClients)
 	dev.Post("/clients", devHandler.CreateClient)
 	dev.Get("/clients/:id", devHandler.GetClient)
--- a/backend/internal/handler/dev_handler.go
+++ b/backend/internal/handler/dev_handler.go
@@ -30,6 +30,7 @@ type DevHandler struct {
 	ConsentRepo repository.ClientConsentRepository
 	Keto        service.KetoService
 	RPSvc       service.RelyingPartyService
+	TenantSvc   service.TenantService
 	Auth        interface {
 		GetEnrichedProfile(c *fiber.Ctx) (*domain.UserProfileResponse, error)
 	}
@@ -40,7 +41,7 @@ func NewDevHandler(
 	secretRepo domain.ClientSecretRepository,
 	consentRepo repository.ClientConsentRepository,
 	rpSvc service.RelyingPartyService,
-	keto service.KetoService,
+	keto service.KetoService, tenantSvc service.TenantService,
 	auth ...interface {
 		GetEnrichedProfile(c *fiber.Ctx) (*domain.UserProfileResponse, error)
 	},
@@ -61,6 +62,7 @@ func NewDevHandler(
 		ConsentRepo: consentRepo,
 		Keto:        keto,
 		RPSvc:       rpSvc,
+		TenantSvc:   tenantSvc,
 		Auth:        authProvider,
 	}
 }
@@ -1746,3 +1748,46 @@ func (h *DevHandler) resolveDevTenantScope(c *fiber.Ctx) string {
 	}
 	return ""
 }
+
+// ListMyTenants returns the list of tenants the current user manages or belongs to.
+func (h *DevHandler) ListMyTenants(c *fiber.Ctx) error {
+	profile, err := h.Auth.GetEnrichedProfile(c)
+	if err != nil || profile == nil {
+		return errorJSON(c, fiber.StatusUnauthorized, "unauthorized")
+	}
+
+	role := normalizeUserRole(profile.Role)
+	if role == domain.RoleUser {
+		return errorJSON(c, fiber.StatusForbidden, "access denied")
+	}
+
+	if role == domain.RoleSuperAdmin {
+		tenants, _, err := h.TenantSvc.ListTenants(c.Context(), 100, 0, "")
+		if err != nil {
+			return errorJSON(c, fiber.StatusInternalServerError, "failed to list tenants")
+		}
+		return c.JSON(tenants)
+	}
+
+	tenants, err := h.TenantSvc.ListManageableTenants(c.Context(), profile.ID)
+	if err != nil {
+		return errorJSON(c, fiber.StatusInternalServerError, "failed to list manageable tenants: "+err.Error())
+	}
+
+	if profile.TenantID != nil && *profile.TenantID != "" {
+		found := false
+		for _, t := range tenants {
+			if t.ID == *profile.TenantID {
+				found = true
+				break
+			}
+		}
+		if !found {
+			if primary, err := h.TenantSvc.GetTenant(c.Context(), *profile.TenantID); err == nil && primary != nil {
+				tenants = append(tenants, *primary)
+			}
+		}
+	}
+
+	return c.JSON(tenants)
+}