감사로그 조회 에러 수정

2026-04-20 15:48:28 +09:00
parent ea387ff6f2
commit 1f464b60a4
5 changed files with 53 additions and 16 deletions
--- a/backend/internal/handler/dev_handler.go
+++ b/backend/internal/handler/dev_handler.go
@@ -437,7 +437,7 @@ func (h *DevHandler) auditClientIDsByPermit(c *fiber.Ctx, profile *domain.UserPr
 	clientFilter = strings.TrimSpace(clientFilter)
 	if clientFilter != "" {
 		summary, err := h.loadClientSummary(c.Context(), clientFilter)
-		if err == nil && h.canOperateClientByPermit(c, profile, summary, "view_audit_logs") {
+		if err == nil && h.canOperateClientByPermit(c, profile, summary, "audit_viewer") {
 			ids[summary.ID] = struct{}{}
 		}
 		return ids
@@ -453,7 +453,7 @@ func (h *DevHandler) auditClientIDsByPermit(c *fiber.Ctx, profile *domain.UserPr
 			continue
 		}
 		summary := h.mapClientSummary(client)
-		if h.canOperateClientByPermit(c, profile, summary, "view_audit_logs") {
+		if h.canOperateClientByPermit(c, profile, summary, "audit_viewer") {
 			ids[summary.ID] = struct{}{}
 		}
 	}
@@ -2243,6 +2243,9 @@ func (h *DevHandler) ListAuditLogs(c *fiber.Ctx) error {
 	if tenantFilter == "" {
 		tenantFilter = h.resolveDevTenantScope(c)
 	}
+	if role != domain.RoleSuperAdmin && len(allowedClientIDs) > 0 {
+		tenantFilter = ""
+	}
 	if role != domain.RoleSuperAdmin && tenantFilter == "" && len(allowedClientIDs) == 0 {
 		tenantFilter = tenantIDFromProfile(profile)
 	}
@@ -2641,6 +2644,34 @@ func normalizeAuditAction(eventType string, details map[string]any) string {
 	}
 }

+func devAuditClientIDFromEventType(eventType string) string {
+	parts := strings.Split(strings.TrimSpace(eventType), " ")
+	if len(parts) != 2 {
+		return ""
+	}
+	path := strings.Trim(parts[1], "/")
+	segments := strings.Split(path, "/")
+	for idx := 0; idx+1 < len(segments); idx++ {
+		if segments[idx] == "clients" {
+			return strings.TrimSpace(segments[idx+1])
+		}
+	}
+	return ""
+}
+
+func resolveDevAuditClientID(logItem domain.AuditLog, details map[string]any) string {
+	targetID, _ := details["target_id"].(string)
+	clientID, _ := details["client_id"].(string)
+	resolvedID := strings.TrimSpace(targetID)
+	if resolvedID == "" {
+		resolvedID = strings.TrimSpace(clientID)
+	}
+	if resolvedID == "" {
+		resolvedID = devAuditClientIDFromEventType(logItem.EventType)
+	}
+	return resolvedID
+}
+
 func resolveStatusFromMetadata(metadata map[string]interface{}) string {
 	if metadata != nil {
 		if value, ok := metadata["status"].(string); ok && strings.ToLower(strings.TrimSpace(value)) == "inactive" {
@@ -2676,19 +2707,12 @@ func (h *DevHandler) matchesDevAuditFilter(
 		}
 	}
 	if clientFilter != "" {
-		targetID, _ := details["target_id"].(string)
-		clientID, _ := details["client_id"].(string)
-		if strings.TrimSpace(targetID) != clientFilter && strings.TrimSpace(clientID) != clientFilter {
+		if resolveDevAuditClientID(logItem, details) != clientFilter {
 			return false
 		}
 	}
 	if len(allowedClientIDs) > 0 {
-		targetID, _ := details["target_id"].(string)
-		clientID, _ := details["client_id"].(string)
-		resolvedID := strings.TrimSpace(targetID)
-		if resolvedID == "" {
-			resolvedID = strings.TrimSpace(clientID)
-		}
+		resolvedID := resolveDevAuditClientID(logItem, details)
 		if resolvedID == "" {
 			return false
 		}