org chart 자동로그인 보완. seed-tenant 삭제불가 조치

2026-04-30 17:02:24 +09:00
parent 6eb4c293ff
commit 3dcdd97882
13 changed files with 490 additions and 32 deletions
--- a/backend/internal/handler/tenant_handler.go
+++ b/backend/internal/handler/tenant_handler.go
@@ -1,6 +1,7 @@
 package handler

 import (
+	"baron-sso-backend/internal/bootstrap"
 	"baron-sso-backend/internal/domain"
 	"baron-sso-backend/internal/repository"
 	"baron-sso-backend/internal/service"
@@ -28,6 +29,23 @@ type TenantHandler struct {
 	SharedLink  service.SharedLinkService
 }

+func seedTenantDeleteError(c *fiber.Ctx) error {
+	return errorJSON(c, fiber.StatusConflict, "seed tenants cannot be deleted")
+}
+
+func seedTenantSlugsForDeleteGuard() []string {
+	slugs, err := bootstrap.SeedTenantSlugSet()
+	if err != nil {
+		return nil
+	}
+
+	result := make([]string, 0, len(slugs))
+	for slug := range slugs {
+		result = append(result, slug)
+	}
+	return result
+}
+
 func NewTenantHandler(db *gorm.DB, svc service.TenantService, userRepo repository.UserRepository, keto service.KetoService, outbox repository.KetoOutboxRepository, kratos service.KratosAdminService, sharedLink service.SharedLinkService) *TenantHandler {
 	return &TenantHandler{
 		DB:          db,
@@ -1045,7 +1063,6 @@ func (h *TenantHandler) UpdateTenant(c *fiber.Ctx) error {
 		}
 		return errorJSON(c, fiber.StatusInternalServerError, err.Error())
 	}
-
 	var req struct {
 		Name         *string        `json:"name"`
 		Type         *string        `json:"type"`
@@ -1192,6 +1209,9 @@ func (h *TenantHandler) DeleteTenant(c *fiber.Ctx) error {
 		}
 		return errorJSON(c, fiber.StatusInternalServerError, err.Error())
 	}
+	if bootstrap.IsSeedTenantSlug(tenant.Slug) {
+		return seedTenantDeleteError(c)
+	}

 	// Rename slug to release it for reuse before soft delete
 	deletedSlug := tenant.Slug + "-deleted-" + time.Now().Format("20060102150405")
@@ -1502,6 +1522,20 @@ func (h *TenantHandler) DeleteTenantsBulk(c *fiber.Ctx) error {
 		return errorJSON(c, fiber.StatusForbidden, "only super admin can perform bulk deletion")
 	}

+	protectedSlugs := seedTenantSlugsForDeleteGuard()
+	if len(protectedSlugs) > 0 {
+		var protectedCount int64
+		if err := h.DB.Model(&domain.Tenant{}).
+			Where("id IN ?", req.IDs).
+			Where("slug IN ?", protectedSlugs).
+			Count(&protectedCount).Error; err != nil {
+			return errorJSON(c, fiber.StatusInternalServerError, err.Error())
+		}
+		if protectedCount > 0 {
+			return seedTenantDeleteError(c)
+		}
+	}
+
 	if err := h.Service.DeleteTenantsBulk(c.Context(), req.IDs); err != nil {
 		return errorJSON(c, fiber.StatusInternalServerError, err.Error())
 	}