정합성 위반사항 확인 및 조치기능 추가

2026-05-14 09:04:33 +09:00
parent 9ca73e8774
commit df543d6203
17 changed files with 988 additions and 78 deletions
--- a/backend/internal/handler/admin_integrity_test.go
+++ b/backend/internal/handler/admin_integrity_test.go
@@ -6,6 +6,7 @@ import (
 	"encoding/json"
 	"net/http"
 	"net/http/httptest"
+	"strings"
 	"testing"
 	"time"

@@ -14,9 +15,14 @@ import (
 )

 type fakeDataIntegrityChecker struct {
-	calls  int
-	report domain.DataIntegrityReport
-	err    error
+	calls        int
+	listCalls    int
+	deleteCalls  int
+	deletedIDs   []string
+	report       domain.DataIntegrityReport
+	orphans      []domain.OrphanUserLoginID
+	deleteResult domain.DeleteOrphanUserLoginIDsResult
+	err          error
 }

 func (f *fakeDataIntegrityChecker) CheckDataIntegrity(ctx context.Context) (domain.DataIntegrityReport, error) {
@@ -24,6 +30,17 @@ func (f *fakeDataIntegrityChecker) CheckDataIntegrity(ctx context.Context) (doma
 	return f.report, f.err
 }

+func (f *fakeDataIntegrityChecker) ListOrphanUserLoginIDs(ctx context.Context) ([]domain.OrphanUserLoginID, error) {
+	f.listCalls++
+	return f.orphans, f.err
+}
+
+func (f *fakeDataIntegrityChecker) DeleteOrphanUserLoginIDs(ctx context.Context, ids []string) (domain.DeleteOrphanUserLoginIDsResult, error) {
+	f.deleteCalls++
+	f.deletedIDs = append([]string(nil), ids...)
+	return f.deleteResult, f.err
+}
+
 func TestAdminHandler_GetDataIntegrityRequiresSuperAdmin(t *testing.T) {
 	checker := &fakeDataIntegrityChecker{}
 	h := &AdminHandler{IntegrityChecker: checker}
@@ -90,3 +107,90 @@ func TestAdminHandler_GetDataIntegrityReturnsReportForSuperAdmin(t *testing.T) {
 	require.Len(t, body.Sections, 1)
 	require.Equal(t, "tenant_integrity", body.Sections[0].Key)
 }
+
+func TestAdminHandler_ListOrphanUserLoginIDsReturnsTargetsForSuperAdmin(t *testing.T) {
+	checker := &fakeDataIntegrityChecker{
+		orphans: []domain.OrphanUserLoginID{
+			{
+				ID:       "login-id-1",
+				UserID:   "user-1",
+				TenantID: "tenant-1",
+				FieldKey: "emp_id",
+				LoginID:  "EMP001",
+				Reasons:  []string{"missing_tenant"},
+			},
+		},
+	}
+	h := &AdminHandler{IntegrityChecker: checker}
+	app := fiber.New()
+	app.Use(func(c *fiber.Ctx) error {
+		c.Locals("user_profile", &domain.UserProfileResponse{ID: "super", Role: domain.RoleSuperAdmin})
+		return c.Next()
+	})
+	app.Get("/api/v1/admin/integrity/orphan-user-login-ids", h.ListOrphanUserLoginIDs)
+
+	req := httptest.NewRequest(http.MethodGet, "/api/v1/admin/integrity/orphan-user-login-ids", nil)
+	resp, err := app.Test(req)
+	require.NoError(t, err)
+	require.Equal(t, http.StatusOK, resp.StatusCode)
+	require.Equal(t, 1, checker.listCalls)
+
+	var body struct {
+		Items []domain.OrphanUserLoginID `json:"items"`
+		Total int                        `json:"total"`
+	}
+	require.NoError(t, json.NewDecoder(resp.Body).Decode(&body))
+	require.Equal(t, 1, body.Total)
+	require.Equal(t, "login-id-1", body.Items[0].ID)
+	require.Equal(t, []string{"missing_tenant"}, body.Items[0].Reasons)
+}
+
+func TestAdminHandler_DeleteOrphanUserLoginIDsRequiresSuperAdminAndDeletesSelectedTargets(t *testing.T) {
+	checker := &fakeDataIntegrityChecker{
+		deleteResult: domain.DeleteOrphanUserLoginIDsResult{
+			DeletedCount: 1,
+			Deleted: []domain.OrphanUserLoginID{
+				{ID: "login-id-1", LoginID: "EMP001", Reasons: []string{"missing_user"}},
+			},
+			SkippedIDs: []string{"valid-login-id"},
+		},
+	}
+	h := &AdminHandler{IntegrityChecker: checker}
+	app := fiber.New()
+	app.Use(func(c *fiber.Ctx) error {
+		c.Locals("user_profile", &domain.UserProfileResponse{ID: "super", Role: domain.RoleSuperAdmin})
+		return c.Next()
+	})
+	app.Delete("/api/v1/admin/integrity/orphan-user-login-ids", h.DeleteOrphanUserLoginIDs)
+
+	req := httptest.NewRequest(http.MethodDelete, "/api/v1/admin/integrity/orphan-user-login-ids", strings.NewReader(`{"ids":["login-id-1","valid-login-id"]}`))
+	req.Header.Set("Content-Type", "application/json")
+	resp, err := app.Test(req)
+	require.NoError(t, err)
+	require.Equal(t, http.StatusOK, resp.StatusCode)
+	require.Equal(t, 1, checker.deleteCalls)
+	require.Equal(t, []string{"login-id-1", "valid-login-id"}, checker.deletedIDs)
+
+	var body domain.DeleteOrphanUserLoginIDsResult
+	require.NoError(t, json.NewDecoder(resp.Body).Decode(&body))
+	require.Equal(t, int64(1), body.DeletedCount)
+	require.Equal(t, []string{"valid-login-id"}, body.SkippedIDs)
+}
+
+func TestAdminHandler_DeleteOrphanUserLoginIDsRejectsTenantAdmin(t *testing.T) {
+	checker := &fakeDataIntegrityChecker{}
+	h := &AdminHandler{IntegrityChecker: checker}
+	app := fiber.New()
+	app.Use(func(c *fiber.Ctx) error {
+		c.Locals("user_profile", &domain.UserProfileResponse{ID: "tenant-admin", Role: domain.RoleTenantAdmin})
+		return c.Next()
+	})
+	app.Delete("/api/v1/admin/integrity/orphan-user-login-ids", h.DeleteOrphanUserLoginIDs)
+
+	req := httptest.NewRequest(http.MethodDelete, "/api/v1/admin/integrity/orphan-user-login-ids", strings.NewReader(`{"ids":["login-id-1"]}`))
+	req.Header.Set("Content-Type", "application/json")
+	resp, err := app.Test(req)
+	require.NoError(t, err)
+	require.Equal(t, http.StatusForbidden, resp.StatusCode)
+	require.Equal(t, 0, checker.deleteCalls)
+}