adminfront 및 백엔드: ReBAC 기반 각 탭별 읽기/쓰기 권한 제어 구현

2026-06-10 10:01:30 +09:00
parent c880b3c333
commit 85707500ef
13 changed files with 485 additions and 40 deletions
--- a/adminfront/src/features/tenants/hooks/useTenantPermission.ts
+++ b/adminfront/src/features/tenants/hooks/useTenantPermission.ts
@@ -0,0 +1,26 @@
+import { useQuery } from "@tanstack/react-query";
+import { fetchTenant, fetchMe } from "../../../lib/adminApi";
+import { normalizeAdminRole } from "../../../lib/roles";
+
+export function useTenantPermission(tenantId: string) {
+  const { data: profile } = useQuery({
+    queryKey: ["me"],
+    queryFn: fetchMe,
+  });
+
+  const { data: tenant } = useQuery({
+    queryKey: ["tenant", tenantId],
+    queryFn: () => fetchTenant(tenantId),
+    enabled: !!tenantId,
+  });
+
+  const hasPermission = (requiredRelation: "view" | "manage" | "manage_admins"): boolean => {
+    // Super Admin always has full bypass access
+    if (normalizeAdminRole(profile?.role) === "super_admin") {
+      return true;
+    }
+    return !!tenant?.userPermissions?.[requiredRelation];
+  };
+
+  return { hasPermission, isLoading: !tenant };
+}