forked from baron/baron-sso
개발자 권한을 페이지별로 선택/부여 가능하도록 개선
This commit is contained in:
@@ -274,6 +274,56 @@ func isDevConsoleViewerRole(role string) bool {
|
||||
return r == domain.RoleSuperAdmin || r == domain.RoleUser
|
||||
}
|
||||
|
||||
func normalizeDeveloperAccessPagesForHandler(pages []string) []string {
|
||||
seen := make(map[string]struct{})
|
||||
normalized := make([]string, 0, len(pages))
|
||||
add := func(page string) {
|
||||
page = strings.ToLower(strings.TrimSpace(page))
|
||||
if page == "" {
|
||||
return
|
||||
}
|
||||
if page == domain.DeveloperAccessPageAll {
|
||||
normalized = []string{domain.DeveloperAccessPageAll}
|
||||
seen = map[string]struct{}{domain.DeveloperAccessPageAll: struct{}{}}
|
||||
return
|
||||
}
|
||||
for _, allowed := range domain.DeveloperAccessPageOrder {
|
||||
if page == allowed {
|
||||
if _, exists := seen[page]; exists {
|
||||
return
|
||||
}
|
||||
seen[page] = struct{}{}
|
||||
normalized = append(normalized, page)
|
||||
return
|
||||
}
|
||||
}
|
||||
}
|
||||
for _, page := range pages {
|
||||
add(page)
|
||||
if len(normalized) == 1 && normalized[0] == domain.DeveloperAccessPageAll {
|
||||
return normalized
|
||||
}
|
||||
}
|
||||
if len(normalized) == 0 {
|
||||
return []string{domain.DeveloperAccessPageAll}
|
||||
}
|
||||
return normalized
|
||||
}
|
||||
|
||||
func developerAccessPagesEqual(left, right []string) bool {
|
||||
leftNormalized := normalizeDeveloperAccessPagesForHandler(left)
|
||||
rightNormalized := normalizeDeveloperAccessPagesForHandler(right)
|
||||
if len(leftNormalized) != len(rightNormalized) {
|
||||
return false
|
||||
}
|
||||
for i := range leftNormalized {
|
||||
if leftNormalized[i] != rightNormalized[i] {
|
||||
return false
|
||||
}
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
||||
func setCurrentProfileContext(c *fiber.Ctx, profile *domain.UserProfileResponse) {
|
||||
if profile == nil {
|
||||
return
|
||||
@@ -3871,10 +3921,11 @@ func (h *DevHandler) RequestDeveloperAccess(c *fiber.Ctx) error {
|
||||
}
|
||||
|
||||
var req struct {
|
||||
Name string `json:"name"`
|
||||
Organization string `json:"organization"`
|
||||
Reason string `json:"reason"`
|
||||
TenantID string `json:"tenantId"`
|
||||
Name string `json:"name"`
|
||||
Organization string `json:"organization"`
|
||||
Reason string `json:"reason"`
|
||||
TenantID string `json:"tenantId"`
|
||||
AccessPages []string `json:"accessPages"`
|
||||
}
|
||||
if err := c.BodyParser(&req); err != nil {
|
||||
return errorJSON(c, fiber.StatusBadRequest, "invalid request body")
|
||||
@@ -3907,6 +3958,7 @@ func (h *DevHandler) RequestDeveloperAccess(c *fiber.Ctx) error {
|
||||
Phone: profile.Phone,
|
||||
Role: normalizeUserRole(profile.Role),
|
||||
Reason: req.Reason,
|
||||
AccessPages: req.AccessPages,
|
||||
Status: domain.DeveloperRequestStatusPending,
|
||||
}
|
||||
|
||||
@@ -3934,10 +3986,10 @@ func (h *DevHandler) GetDeveloperRequestStatus(c *fiber.Ctx) error {
|
||||
}
|
||||
|
||||
if status == nil {
|
||||
return c.JSON(fiber.Map{"status": "none"})
|
||||
return c.JSON(domain.DeveloperAccessStatus{Status: "none"})
|
||||
}
|
||||
if status.Status == domain.DeveloperRequestStatusApproved {
|
||||
h.ensureDeveloperGrantRelation(c, status.UserID, status.TenantID)
|
||||
h.ensureDeveloperGrantRelation(c, profile.ID, tenantID)
|
||||
}
|
||||
|
||||
return c.JSON(status)
|
||||
@@ -4082,10 +4134,11 @@ func (h *DevHandler) CreateDeveloperGrant(c *fiber.Ctx) error {
|
||||
}
|
||||
|
||||
var reqBody struct {
|
||||
UserID string `json:"userId"`
|
||||
TenantID string `json:"tenantId"`
|
||||
Reason string `json:"reason"`
|
||||
AdminNotes string `json:"adminNotes"`
|
||||
UserID string `json:"userId"`
|
||||
TenantID string `json:"tenantId"`
|
||||
Reason string `json:"reason"`
|
||||
AdminNotes string `json:"adminNotes"`
|
||||
AccessPages []string `json:"accessPages"`
|
||||
}
|
||||
if err := c.BodyParser(&reqBody); err != nil {
|
||||
return errorJSON(c, fiber.StatusBadRequest, "invalid request body")
|
||||
@@ -4132,11 +4185,15 @@ func (h *DevHandler) CreateDeveloperGrant(c *fiber.Ctx) error {
|
||||
reason = "직접 부여"
|
||||
}
|
||||
|
||||
existing, err := h.DeveloperSvc.GetRequestStatus(c.Context(), userID, tenantID)
|
||||
existingRequests, err := h.DeveloperSvc.ListRequests(c.Context(), userID, "", tenantID)
|
||||
if err != nil {
|
||||
return errorJSON(c, fiber.StatusInternalServerError, err.Error())
|
||||
}
|
||||
if existing != nil {
|
||||
for _, existing := range existingRequests {
|
||||
if !developerAccessPagesEqual(existing.AccessPages, reqBody.AccessPages) {
|
||||
continue
|
||||
}
|
||||
|
||||
switch existing.Status {
|
||||
case domain.DeveloperRequestStatusApproved:
|
||||
h.ensureDeveloperGrantRelation(c, userID, tenantID)
|
||||
@@ -4161,6 +4218,7 @@ func (h *DevHandler) CreateDeveloperGrant(c *fiber.Ctx) error {
|
||||
Phone: phone,
|
||||
Role: role,
|
||||
Reason: reason,
|
||||
AccessPages: reqBody.AccessPages,
|
||||
Status: domain.DeveloperRequestStatusApproved,
|
||||
AdminNotes: strings.TrimSpace(reqBody.AdminNotes),
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user