정합성 위반사항 확인 및 조치기능 추가

2026-05-14 09:04:33 +09:00
parent 9ca73e8774
commit df543d6203
17 changed files with 988 additions and 78 deletions
--- a/adminfront/tests/bulk_actions.spec.ts
+++ b/adminfront/tests/bulk_actions.spec.ts
@@ -235,6 +235,135 @@ test.describe("Bulk Actions and Tree Search", () => {
    await expect(selectionBar).not.toBeVisible({ timeout: 10000 });
  });

+  test("should only expose super admin grant and revoke options in bulk permission select", async ({
+    page,
+  }) => {
+    await page.goto("/users");
+    await expect(page.locator("table")).toContainText("User One", {
+      timeout: 20000,
+    });
+
+    await page.locator('table input[type="checkbox"]').nth(1).click();
+    await expect(page.getByTestId("bulk-action-bar")).toBeVisible({
+      timeout: 15000,
+    });
+
+    await page.getByTestId("bulk-permission-select").click();
+    await expect(
+      page.getByRole("option", { name: /시스템 관리자|Super Admin/i }),
+    ).toBeVisible();
+    await expect(
+      page.getByRole("option", { name: /일반 사용자|User/i }),
+    ).toBeVisible();
+    await expect(
+      page.getByRole("option", { name: /테넌트 관리자|Tenant Admin/i }),
+    ).toHaveCount(0);
+    await expect(
+      page.getByRole("option", {
+        name: /서비스 관리자|RP Admin|Service Admin/i,
+      }),
+    ).toHaveCount(0);
+  });
+
+  test("should let super admins revoke selected super admin permission", async ({
+    page,
+  }) => {
+    let capturedPayload: unknown = null;
+    await page.route("**/api/v1/admin/users/bulk", async (route) => {
+      if (route.request().method() === "PUT") {
+        capturedPayload = route.request().postDataJSON();
+        return route.fulfill({
+          json: { results: [{ id: "u-1", success: true }] },
+          headers: { "Access-Control-Allow-Origin": "*" },
+        });
+      }
+      return route.fallback();
+    });
+
+    await page.goto("/users");
+    await expect(page.locator("table")).toContainText("User One", {
+      timeout: 20000,
+    });
+
+    await page.locator('table input[type="checkbox"]').nth(1).click();
+    await expect(page.getByTestId("bulk-action-bar")).toBeVisible({
+      timeout: 15000,
+    });
+
+    await page.getByTestId("bulk-permission-select").click();
+    await page.getByRole("option", { name: /일반 사용자|User/i }).click();
+    await page.getByTestId("bulk-apply-permission-btn").click();
+
+    await expect
+      .poll(() => capturedPayload)
+      .toEqual({
+        userIds: ["u-1"],
+        role: "user",
+      });
+  });
+
+  test("should not render role field on user detail page", async ({ page }) => {
+    await page.unroute("**/api/v1/**");
+    await page.route("**/api/v1/**", async (route) => {
+      const url = route.request().url();
+      const headers = { "Access-Control-Allow-Origin": "*" };
+
+      if (url.includes("/user/me")) {
+        return route.fulfill({
+          json: {
+            id: "admin",
+            role: "super_admin",
+            name: "Admin",
+            manageableTenants: [],
+          },
+          headers,
+        });
+      }
+      if (url.includes("/auth/password/policy")) {
+        return route.fulfill({ json: { minLength: 12 }, headers });
+      }
+      if (url.includes("/admin/users/u-1/rp-history")) {
+        return route.fulfill({ json: [], headers });
+      }
+      if (url.includes("/admin/users/u-1")) {
+        return route.fulfill({
+          json: {
+            id: "u-1",
+            name: "User One",
+            email: "u1@test.com",
+            phone: "",
+            status: "active",
+            role: "user",
+            tenantSlug: "main",
+            createdAt: new Date().toISOString(),
+            metadata: {},
+          },
+          headers,
+        });
+      }
+      if (url.includes("/admin/tenants")) {
+        return route.fulfill({
+          json: {
+            items: [
+              { id: "t-1", name: "Main Tenant", slug: "main", type: "COMPANY" },
+            ],
+            total: 1,
+          },
+          headers,
+        });
+      }
+
+      return route.fulfill({ json: { items: [], total: 0 }, headers });
+    });
+
+    await page.goto("/users/u-1");
+    await expect(page.getByRole("heading", { name: "User One" })).toBeVisible({
+      timeout: 20000,
+    });
+    await expect(page.locator("#role")).toHaveCount(0);
+    await expect(page.getByLabel("역할")).toHaveCount(0);
+  });
+
  test("should let canonical super admin aliases promote selected users", async ({
    page,
  }) => {
--- a/adminfront/tests/data_integrity.spec.ts
+++ b/adminfront/tests/data_integrity.spec.ts
@@ -2,9 +2,12 @@ import { expect, test } from "@playwright/test";

 test.describe("Data integrity management", () => {
  test.beforeEach(async ({ page }) => {
+    let orphanLoginIDDeleted = false;
+
    await page.addInitScript(() => {
      window.localStorage.setItem("locale", "ko");
      window.localStorage.setItem("admin_session", "fake-token");
+      window.localStorage.setItem("RoleSwitcher-Collapsed", "true");
      (
        window as Window & typeof globalThis & { _IS_TEST_MODE?: boolean }
      )._IS_TEST_MODE = true;
@@ -87,6 +90,48 @@ test.describe("Data integrity management", () => {
        });
        return;
      }
+      if (url.includes("/api/v1/admin/integrity/orphan-user-login-ids")) {
+        if (route.request().method() === "DELETE") {
+          orphanLoginIDDeleted = true;
+          await route.fulfill({
+            json: {
+              deletedCount: 1,
+              deleted: [
+                {
+                  id: "login-id-1",
+                  userId: "user-1",
+                  tenantId: "tenant-1",
+                  fieldKey: "emp_id",
+                  loginId: "EMP001",
+                  reasons: ["deleted_tenant"],
+                },
+              ],
+              skippedIds: [],
+            },
+          });
+          return;
+        }
+        await route.fulfill({
+          json: orphanLoginIDDeleted
+            ? { items: [], total: 0 }
+            : {
+                items: [
+                  {
+                    id: "login-id-1",
+                    userId: "user-1",
+                    userEmail: "missing@example.com",
+                    tenantId: "tenant-1",
+                    tenantSlug: "deleted-tenant",
+                    fieldKey: "emp_id",
+                    loginId: "EMP001",
+                    reasons: ["deleted_tenant"],
+                  },
+                ],
+                total: 1,
+              },
+        });
+        return;
+      }
      if (url.includes("/api/v1/admin/integrity")) {
        await route.fulfill({
          json: {
@@ -139,6 +184,28 @@ test.describe("Data integrity management", () => {
    await expect(page.getByRole("button", { name: "다시 검사" })).toBeVisible();
  });

+  test("deletes selected orphan login ID targets after confirmation", async ({
+    page,
+  }) => {
+    page.on("dialog", async (dialog) => {
+      await dialog.accept();
+    });
+
+    await page.goto("/system/data-integrity");
+
+    await expect(page.getByText("EMP001")).toBeVisible();
+    await expect(page.getByText("삭제된 테넌트")).toBeVisible();
+    await page.getByRole("checkbox", { name: "EMP001 선택" }).check();
+    await page.getByRole("button", { name: "선택 삭제" }).click();
+
+    await expect(
+      page.getByText("1개의 유령 로그인 ID를 삭제했습니다."),
+    ).toBeVisible();
+    await expect(
+      page.getByText("삭제할 유령 로그인 ID가 없습니다."),
+    ).toBeVisible();
+  });
+
  test("shows the latest integrity summary on the overview page", async ({
    page,
  }) => {