SamProject/sam-api
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: [authz] 역할/권한 API 품질 개선

Browse Source 
- Validator::make를 FormRequest로 분리 (6개 생성)
- 하드코딩 한글 문자열을 i18n 키로 교체
- RoleMenuPermission 데드코드 제거
- Role 모델 SpatieRole 상속으로 일원화
- 권한 변경 후 캐시 무효화 추가 (AccessService::bumpVersion)
- 미문서화 8개 Swagger 엔드포인트 추가
- 역할/권한 라우트에 perm.map+permission 미들웨어 추가
This commit is contained in:
김보곤
2026-02-20 21:59:26 +09:00
parent 555fd196f5
commit 1dd9057540
21 changed files with 1400 additions and 271 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
app/Http/Controllers/Api/V1/RoleController.php
View File

@@ -4,28 +4,30 @@
use App\Helpers\ApiResponse;
use App\Http\Controllers\Controller;
use App\Http\Requests\Authz\RoleIndexRequest;
use App\Http\Requests\Authz\RoleStoreRequest;
use App\Http\Requests\Authz\RoleUpdateRequest;
use App\Services\Authz\RoleService;
use Illuminate\Http\Request;
class RoleController extends Controller
{
/**
* 역할 목록 조회
*/
public function index(Request $request)
public function index(RoleIndexRequest $request)
{
return ApiResponse::handle(function () use ($request) {
return RoleService::index($request->all());
return RoleService::index($request->validated());
}, __('message.fetched'));
}
/**
* 역할 생성
*/
public function store(Request $request)
public function store(RoleStoreRequest $request)
{
return ApiResponse::handle(function () use ($request) {
return RoleService::store($request->all());
return RoleService::store($request->validated());
}, __('message.created'));
}
@@ -42,10 +44,10 @@ public function show($id)
/**
* 역할 수정
*/
public function update(Request $request, $id)
public function update(RoleUpdateRequest $request, $id)
{
return ApiResponse::handle(function () use ($request, $id) {
return RoleService::update((int) $id, $request->all());
return RoleService::update((int) $id, $request->validated());
}, __('message.updated'));
}

29
app/Http/Controllers/Api/V1/RolePermissionController.php
View File

@@ -4,37 +4,38 @@
use App\Helpers\ApiResponse;
use App\Http\Controllers\Controller;
use App\Http\Requests\Authz\RolePermissionGrantRequest;
use App\Http\Requests\Authz\RolePermissionToggleRequest;
use App\Services\Authz\RolePermissionService;
use Illuminate\Http\Request;
class RolePermissionController extends Controller
{
public function index($id, Request $request)
public function index($id)
{
return ApiResponse::handle(function () use ($id) {
return RolePermissionService::list((int) $id);
}, '역할 퍼미션 목록 조회');
}, __('message.fetched'));
}
public function grant($id, Request $request)
public function grant($id, RolePermissionGrantRequest $request)
{
return ApiResponse::handle(function () use ($id, $request) {
return RolePermissionService::grant((int) $id, $request->all());
}, '역할 퍼미션 부여');
return RolePermissionService::grant((int) $id, $request->validated());
}, __('message.updated'));
}
public function revoke($id, Request $request)
public function revoke($id, RolePermissionGrantRequest $request)
{
return ApiResponse::handle(function () use ($id, $request) {
return RolePermissionService::revoke((int) $id, $request->all());
}, '역할 퍼미션 회수');
return RolePermissionService::revoke((int) $id, $request->validated());
}, __('message.updated'));
}
public function sync($id, Request $request)
public function sync($id, RolePermissionGrantRequest $request)
{
return ApiResponse::handle(function () use ($id, $request) {
return RolePermissionService::sync((int) $id, $request->all());
}, '역할 퍼미션 동기화');
return RolePermissionService::sync((int) $id, $request->validated());
}, __('message.updated'));
}
/**
@@ -60,10 +61,10 @@ public function matrix($id)
/**
* 특정 메뉴의 특정 권한 토글
*/
public function toggle($id, Request $request)
public function toggle($id, RolePermissionToggleRequest $request)
{
return ApiResponse::handle(function () use ($id, $request) {
return RolePermissionService::toggle((int) $id, $request->all());
return RolePermissionService::toggle((int) $id, $request->validated());
}, __('message.updated'));
}

22
app/Http/Controllers/Api/V1/UserRoleController.php
View File

@@ -4,8 +4,8 @@
use App\Helpers\ApiResponse;
use App\Http\Controllers\Controller;
use App\Http\Requests\Authz\UserRoleGrantRequest;
use App\Services\Authz\UserRoleService;
use Illuminate\Http\Request;
class UserRoleController extends Controller
{
@@ -13,27 +13,27 @@ public function index($id)
{
return ApiResponse::handle(function () use ($id) {
return UserRoleService::list((int) $id);
}, '사용자의 역할 목록 조회');
}, __('message.fetched'));
}
public function grant($id, Request $request)
public function grant($id, UserRoleGrantRequest $request)
{
return ApiResponse::handle(function () use ($id, $request) {
return UserRoleService::grant((int) $id, $request->all());
}, '사용자에게 역할 부여');
return UserRoleService::grant((int) $id, $request->validated());
}, __('message.updated'));
}
public function revoke($id, Request $request)
public function revoke($id, UserRoleGrantRequest $request)
{
return ApiResponse::handle(function () use ($id, $request) {
return UserRoleService::revoke((int) $id, $request->all());
}, '사용자의 역할 회수');
return UserRoleService::revoke((int) $id, $request->validated());
}, __('message.updated'));
}
public function sync($id, Request $request)
public function sync($id, UserRoleGrantRequest $request)
{
return ApiResponse::handle(function () use ($id, $request) {
return UserRoleService::sync((int) $id, $request->all());
}, '사용자의 역할 동기화');
return UserRoleService::sync((int) $id, $request->validated());
}, __('message.updated'));
}
}

23
app/Http/Requests/Authz/RoleIndexRequest.php Normal file
View File

@@ -0,0 +1,23 @@
<?php
namespace App\Http\Requests\Authz;
use Illuminate\Foundation\Http\FormRequest;
class RoleIndexRequest extends FormRequest
{
public function authorize(): bool
{
return true;
}
public function rules(): array
{
return [
'page' => 'sometimes|integer|min:1',
'size' => 'sometimes|integer|min:1|max:100',
'q' => 'sometimes|nullable|string|max:100',
'is_hidden' => 'sometimes|boolean',
];
}
}

38
app/Http/Requests/Authz/RolePermissionGrantRequest.php Normal file
View File

@@ -0,0 +1,38 @@
<?php
namespace App\Http\Requests\Authz;
use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Validation\Rule;
class RolePermissionGrantRequest extends FormRequest
{
public function authorize(): bool
{
return true;
}
public function rules(): array
{
return [
'permission_names' => 'sometimes|array',
'permission_names.*' => 'string|min:1',
'menus' => 'sometimes|array',
'menus.*' => 'integer|min:1',
'actions' => 'sometimes|array',
'actions.*' => [
'string', Rule::in(config('authz.menu_actions', ['view', 'create', 'update', 'delete', 'approve'])),
],
];
}
public function withValidator($validator): void
{
$validator->after(function ($validator) {
$data = $this->all();
if (empty($data['permission_names']) && (empty($data['menus']) || empty($data['actions']))) {
$validator->errors()->add('permission_names', __('error.role.permission_input_required'));
}
});
}
}

24
app/Http/Requests/Authz/RolePermissionToggleRequest.php Normal file
View File

@@ -0,0 +1,24 @@
<?php
namespace App\Http\Requests\Authz;
use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Validation\Rule;
class RolePermissionToggleRequest extends FormRequest
{
public function authorize(): bool
{
return true;
}
public function rules(): array
{
$permissionTypes = config('authz.menu_actions', ['view', 'create', 'update', 'delete', 'approve', 'export', 'manage']);
return [
'menu_id' => 'required|integer|min:1',
'permission_type' => ['required', 'string', Rule::in($permissionTypes)],
];
}
}

31
app/Http/Requests/Authz/RoleStoreRequest.php Normal file
View File

@@ -0,0 +1,31 @@
<?php
namespace App\Http\Requests\Authz;
use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Validation\Rule;
class RoleStoreRequest extends FormRequest
{
public function authorize(): bool
{
return true;
}
public function rules(): array
{
$tenantId = (int) app('tenant_id');
$guard = 'api';
return [
'name' => [
'required', 'string', 'max:100',
Rule::unique('roles', 'name')->where(fn ($q) => $q
->where('tenant_id', $tenantId)
->where('guard_name', $guard)),
],
'description' => 'nullable|string|max:255',
'is_hidden' => 'sometimes|boolean',
];
}
}

32
app/Http/Requests/Authz/RoleUpdateRequest.php Normal file
View File

@@ -0,0 +1,32 @@
<?php
namespace App\Http\Requests\Authz;
use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Validation\Rule;
class RoleUpdateRequest extends FormRequest
{
public function authorize(): bool
{
return true;
}
public function rules(): array
{
$tenantId = (int) app('tenant_id');
$guard = 'api';
$roleId = (int) $this->route('id');
return [
'name' => [
'sometimes', 'string', 'max:100',
Rule::unique('roles', 'name')
->where(fn ($q) => $q->where('tenant_id', $tenantId)->where('guard_name', $guard))
->ignore($roleId),
],
'description' => 'sometimes|nullable|string|max:255',
'is_hidden' => 'sometimes|boolean',
];
}
}

33
app/Http/Requests/Authz/UserRoleGrantRequest.php Normal file
View File

@@ -0,0 +1,33 @@
<?php
namespace App\Http\Requests\Authz;
use Illuminate\Foundation\Http\FormRequest;
class UserRoleGrantRequest extends FormRequest
{
public function authorize(): bool
{
return true;
}
public function rules(): array
{
return [
'role_names' => 'sometimes|array',
'role_names.*' => 'string|min:1',
'role_ids' => 'sometimes|array',
'role_ids.*' => 'integer|min:1',
];
}
public function withValidator($validator): void
{
$validator->after(function ($validator) {
$data = $this->all();
if (empty($data['role_names']) && empty($data['role_ids'])) {
$validator->errors()->add('role_names', __('error.role.role_input_required'));
}
});
}
}