68 lines
3.0 KiB
JavaScript
68 lines
3.0 KiB
JavaScript
const express = require('express');
|
|
const router = express.Router();
|
|
const adminController = require('../../controllers/admin/adminController');
|
|
const { isLoggedIn, deserializeUser } = require('../../oauth/oauthController');
|
|
|
|
// 어드민 여부 확인 미들웨어
|
|
const isAdmin = (req, res, next) => {
|
|
const userGroup = req.user?.group;
|
|
// 로컬 우회(test_user) 계정의 group이 'dev'일 때도 개발/어드민 권한으로 인정
|
|
if (req.user && (userGroup === 'USER_GROUP_super' || userGroup === 'dev' || userGroup === 'super')) {
|
|
return next();
|
|
}
|
|
return res.status(403).json({ error: "어드민(super) 권한이 필요합니다." });
|
|
};
|
|
|
|
// 모든 어드민 API는 로그인 및 어드민 세션 검증 필수
|
|
router.use(isLoggedIn, deserializeUser, isAdmin);
|
|
|
|
// 1. Projects
|
|
router.get('/projects', adminController.getProjects);
|
|
router.post('/projects', adminController.createProject);
|
|
router.put('/projects/:id', adminController.updateProject);
|
|
router.delete('/projects/:id', adminController.deleteProject);
|
|
|
|
// 2. Permissions
|
|
router.get('/permissions/project/:projectId', adminController.getProjectPermissions);
|
|
router.post('/permissions/assign', adminController.assignPermissions);
|
|
router.put('/permissions/update', adminController.updatePermission);
|
|
router.delete('/permissions/remove', adminController.removePermission);
|
|
|
|
// 2-1. Folder-Level Permissions
|
|
router.get('/permissions/folders/:projectId', adminController.getFolderPermissions);
|
|
router.post('/permissions/folders/assign', adminController.assignFolderPermissions);
|
|
router.delete('/permissions/folders/remove', adminController.removeFolderPermission);
|
|
|
|
// 3. Banners
|
|
router.get('/banners', adminController.getBanners);
|
|
router.post('/banners', adminController.createBanner);
|
|
router.put('/banners/stop/:id', adminController.stopBanner);
|
|
|
|
// 4. Users
|
|
router.get('/users', adminController.getUsers);
|
|
router.get('/users/:id/permissions', adminController.getUserPermissions);
|
|
router.post('/users', adminController.createUser);
|
|
router.put('/users/:id', adminController.updateUser);
|
|
router.delete('/users/:id', adminController.deleteUser);
|
|
|
|
// 5. Audit Logs
|
|
router.get('/audit-logs', adminController.getAuditLogs);
|
|
|
|
// 6. System Policy
|
|
router.get('/system-policy', adminController.getSystemPolicy);
|
|
router.post('/system-policy/update', adminController.updateSystemPolicy);
|
|
router.get('/system-policy/logs', adminController.getAutoCleanLogs);
|
|
|
|
// 7. Common Codes
|
|
router.get('/common-codes/masters', adminController.getCodeMasters);
|
|
router.post('/common-codes/masters', adminController.createCodeMaster);
|
|
router.put('/common-codes/masters/:code', adminController.updateCodeMaster);
|
|
router.delete('/common-codes/masters/:code', adminController.deleteCodeMaster);
|
|
|
|
router.get('/common-codes/details/:mainCode', adminController.getCodeDetails);
|
|
router.post('/common-codes/details', adminController.createCodeDetail);
|
|
router.put('/common-codes/details/:mainCode/:subCode', adminController.updateCodeDetail);
|
|
router.delete('/common-codes/details/:mainCode/:subCode', adminController.deleteCodeDetail);
|
|
|
|
module.exports = router;
|