orgfront 버그 픽스

2026-06-10 09:36:57 +09:00
parent 28478309fa
commit c880b3c333
33 changed files with 853 additions and 130 deletions
--- a/backend/internal/handler/dev_handler.go
+++ b/backend/internal/handler/dev_handler.go
@@ -39,7 +39,7 @@ type DevHandler struct {
 	KetoOutbox         repository.KetoOutboxRepository
 	RPSvc              service.RelyingPartyService
 	TenantSvc          service.TenantService
-	DeveloperSvc       *service.DeveloperService
+	DeveloperSvc       developerRequestService
 	RPUserMetadataRepo repository.RPUserMetadataRepository
 	RPUsageQueries     domain.RPUsageQueryRepository
 	Auth               interface {
@@ -47,6 +47,16 @@ type DevHandler struct {
 	}
 }

+type developerRequestService interface {
+	RequestAccess(ctx context.Context, req domain.DeveloperRequest) error
+	GetRequestStatus(ctx context.Context, userID, tenantID string) (*domain.DeveloperRequest, error)
+	GetRequestByID(ctx context.Context, id uint) (*domain.DeveloperRequest, error)
+	ListRequests(ctx context.Context, userID, status string) ([]domain.DeveloperRequest, error)
+	ApproveRequest(ctx context.Context, id uint, adminNotes string) error
+	RejectRequest(ctx context.Context, id uint, adminNotes string) error
+	CancelApprovedRequest(ctx context.Context, id uint, adminNotes string) error
+}
+
 func NewDevHandler(
 	redis domain.RedisRepository,
 	secretRepo domain.ClientSecretRepository,
@@ -426,7 +436,28 @@ func (h *DevHandler) canManageTenantClientsByPermit(c *fiber.Ctx, profile *domai
 		return false
 	}
 	allowed, err := h.checkProfileKetoPermission(c, profile, "Tenant", tenantID, "grant_dev_permissions")
-	return err == nil && allowed
+	if err == nil && allowed {
+		return true
+	}
+	return h.hasApprovedDeveloperRequest(c, profile, tenantID)
+}
+
+func (h *DevHandler) hasApprovedDeveloperRequest(c *fiber.Ctx, profile *domain.UserProfileResponse, tenantID string) bool {
+	if h.DeveloperSvc == nil || profile == nil {
+		return false
+	}
+	userID := strings.TrimSpace(profile.ID)
+	tenantID = strings.TrimSpace(tenantID)
+	if userID == "" || tenantID == "" {
+		return false
+	}
+	status, err := h.DeveloperSvc.GetRequestStatus(c.Context(), userID, tenantID)
+	if err != nil || status == nil {
+		return false
+	}
+	return status.Status == domain.DeveloperRequestStatusApproved &&
+		strings.TrimSpace(status.UserID) == userID &&
+		strings.TrimSpace(status.TenantID) == tenantID
 }

 func (h *DevHandler) canOperateClientByPermit(c *fiber.Ctx, profile *domain.UserProfileResponse, summary clientSummary, relation string) bool {