4단계 역할 정규화 및 dev 권한 스코프 검증 강화

2026-03-04 13:16:34 +09:00
parent 0f8b19a9b1
commit eac16cfcd9
11 changed files with 521 additions and 177 deletions
--- a/backend/internal/domain/user.go
+++ b/backend/internal/domain/user.go
@@ -1,6 +1,7 @@
 package domain

 import (
+	"strings"
 	"time"

 	"github.com/google/uuid"
@@ -15,6 +16,20 @@ const (
 	RoleUser        = "user"         // 일반 사용자
 )

+// NormalizeRole maps legacy/synonym role values to canonical role keys.
+func NormalizeRole(role string) string {
+	normalized := strings.ToLower(strings.TrimSpace(role))
+	switch normalized {
+	case "tenant_member":
+		return RoleUser
+	case "admin":
+		// Legacy admin is treated as tenant admin for least-privilege compatibility.
+		return RoleTenantAdmin
+	default:
+		return normalized
+	}
+}
+
 // User represents the user model stored in PostgreSQL
 type User struct {
 	ID              string         `gorm:"primaryKey;type:uuid;default:gen_random_uuid()" json:"id"`