adminfront: 탭별 세부 권한 격리 부여를 위한 독자적인 5번째 탭(세부 권한) 추가 및 연동 완료

2026-06-10 15:44:07 +09:00
parent 85707500ef
commit 6ebcb43b16
11 changed files with 1081 additions and 1 deletions
--- a/docker/ory/keto/namespaces.ts
+++ b/docker/ory/keto/namespaces.ts
@@ -22,9 +22,63 @@ class Tenant implements Namespace {
    parents: Tenant[]
    developer_console_viewer: (User | SubjectSet<System, "super_admins">)[]
    developer_console_grant_manager: (User | SubjectSet<System, "super_admins">)[]
+
+    // 🌟 신규 직접 관계 (Direct Relations) 정의
+    profile_viewers: (User | SubjectSet<System, "super_admins">)[]
+    profile_managers: (User | SubjectSet<System, "super_admins">)[]
+
+    permissions_viewers: (User | SubjectSet<System, "super_admins">)[]
+    permissions_managers: (User | SubjectSet<System, "super_admins">)[]
+
+    organization_viewers: (User | SubjectSet<System, "super_admins">)[]
+    organization_managers: (User | SubjectSet<System, "super_admins">)[]
+
+    schema_viewers: (User | SubjectSet<System, "super_admins">)[]
+    schema_managers: (User | SubjectSet<System, "super_admins">)[]
  }

  permits = {
+    // 1. 프로필 (Profile) 탭 허가 규칙
+    view_profile: (ctx: Context): boolean =>
+      this.related.profile_viewers.includes(ctx.subject) ||
+      this.permits.manage_profile(ctx) ||
+      this.permits.view(ctx), // 멤버/관리자/소유자는 기본 조회 가능
+
+    manage_profile: (ctx: Context): boolean =>
+      this.related.profile_managers.includes(ctx.subject) ||
+      this.permits.manage(ctx), // 관리자/소유자는 기본 수정 가능
+
+    // 2. 권한 관리 (Permissions) 탭 허가 규칙
+    view_permissions: (ctx: Context): boolean =>
+      this.related.permissions_viewers.includes(ctx.subject) ||
+      this.permits.manage_permissions(ctx) ||
+      this.permits.view(ctx),
+
+    manage_permissions: (ctx: Context): boolean =>
+      this.related.permissions_managers.includes(ctx.subject) ||
+      this.permits.manage_admins(ctx), // 소유자는 기본 관리 가능
+
+    // 3. 조직 관리 (Organization) 탭 허가 규칙
+    view_organization: (ctx: Context): boolean =>
+      this.related.organization_viewers.includes(ctx.subject) ||
+      this.permits.manage_organization(ctx) ||
+      this.permits.view(ctx),
+
+    manage_organization: (ctx: Context): boolean =>
+      this.related.organization_managers.includes(ctx.subject) ||
+      this.permits.manage(ctx),
+
+    // 4. 사용자 스키마 (Schema) 탭 허가 규칙
+    view_schema: (ctx: Context): boolean =>
+      this.related.schema_viewers.includes(ctx.subject) ||
+      this.permits.manage_schema(ctx) ||
+      this.permits.view(ctx),
+
+    manage_schema: (ctx: Context): boolean =>
+      this.related.schema_managers.includes(ctx.subject) ||
+      this.permits.manage(ctx),
+
+    // --- 기존 마스터 및 상속 규칙 보존 ---
    view: (ctx: Context): boolean =>
      this.related.members.includes(ctx.subject) ||
      this.related.admins.includes(ctx.subject) ||