feat: 테넌트/RP 관리자 할당 UI 및 ReBAC 권한 검증 도구 구현 #244

2026-02-11 13:26:26 +09:00
parent 8856485265
commit 68df43f3a8
24 changed files with 1547 additions and 48 deletions
--- a/backend/internal/handler/tenant_handler.go
+++ b/backend/internal/handler/tenant_handler.go
@@ -15,10 +15,11 @@ type TenantHandler struct {
 	DB      *gorm.DB
 	Service service.TenantService
 	Keto    service.KetoService
+	UserSvc *service.KratosAdminService
 }

-func NewTenantHandler(db *gorm.DB, svc service.TenantService, keto service.KetoService) *TenantHandler {
-	return &TenantHandler{DB: db, Service: svc, Keto: keto}
+func NewTenantHandler(db *gorm.DB, svc service.TenantService, keto service.KetoService, userSvc *service.KratosAdminService) *TenantHandler {
+	return &TenantHandler{DB: db, Service: svc, Keto: keto, UserSvc: userSvc}
 }

 type tenantSummary struct {
@@ -327,6 +328,58 @@ func (h *TenantHandler) DeleteTenant(c *fiber.Ctx) error {
 	return c.SendStatus(fiber.StatusNoContent)
 }

+func (h *TenantHandler) ListAdmins(c *fiber.Ctx) error {
+	tenantID := c.Params("id")
+	userIDs, err := h.Service.ListTenantAdmins(c.Context(), tenantID)
+	if err != nil {
+		return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": err.Error()})
+	}
+
+	type adminInfo struct {
+		ID    string `json:"id"`
+		Name  string `json:"name"`
+		Email string `json:"email"`
+	}
+
+	admins := make([]adminInfo, 0, len(userIDs))
+	for _, uid := range userIDs {
+		identity, err := h.UserSvc.GetIdentity(c.Context(), uid)
+		if err == nil && identity != nil {
+			name, _ := identity.Traits["name"].(string)
+			email, _ := identity.Traits["email"].(string)
+			admins = append(admins, adminInfo{
+				ID:    uid,
+				Name:  name,
+				Email: email,
+			})
+		} else {
+			admins = append(admins, adminInfo{ID: uid})
+		}
+	}
+
+	return c.JSON(admins)
+}
+
+func (h *TenantHandler) AddAdmin(c *fiber.Ctx) error {
+	tenantID := c.Params("id")
+	userID := c.Params("userId")
+
+	if err := h.Service.AddTenantAdmin(c.Context(), tenantID, userID); err != nil {
+		return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": err.Error()})
+	}
+	return c.JSON(fiber.Map{"message": "admin added to tenant"})
+}
+
+func (h *TenantHandler) RemoveAdmin(c *fiber.Ctx) error {
+	tenantID := c.Params("id")
+	userID := c.Params("userId")
+
+	if err := h.Service.RemoveTenantAdmin(c.Context(), tenantID, userID); err != nil {
+		return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": err.Error()})
+	}
+	return c.JSON(fiber.Map{"message": "admin removed from tenant"})
+}
+
 func mapTenantSummary(t domain.Tenant) tenantSummary {
 	domains := make([]string, 0, len(t.Domains))
 	for _, d := range t.Domains {