From 42d818596d5a75c96485065e00cf3452fa93a6b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EA=B6=8C=ED=98=81=EC=84=B1?= Date: Fri, 13 Mar 2026 00:30:33 +0900 Subject: [PATCH] =?UTF-8?q?fix:=20[employee]=20=EC=82=AC=EC=9A=A9=EC=9E=90?= =?UTF-8?q?-=EC=82=AC=EC=9B=90=20=EC=82=AD=EC=A0=9C=20=EB=8F=99=EA=B8=B0?= =?UTF-8?q?=ED=99=94=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - destroy/bulkDelete 퇴직처리 시 user_tenants.is_active = false 추가 - update에서 employee_status 변경 시 is_active 자동 동기화 (퇴직/복직) - SwitchTenantRequest에 user_tenants.is_active 검증 추가 (비활성 테넌트 전환 차단) - tenant_access_denied i18n 메시지 추가 (ko/en) --- .../Requests/User/SwitchTenantRequest.php | 18 +++++++++++- app/Services/EmployeeService.php | 29 +++++++++++++++++++ lang/en/error.php | 1 + lang/ko/error.php | 1 + 4 files changed, 48 insertions(+), 1 deletion(-) diff --git a/app/Http/Requests/User/SwitchTenantRequest.php b/app/Http/Requests/User/SwitchTenantRequest.php index 7a6c845..4cb111e 100644 --- a/app/Http/Requests/User/SwitchTenantRequest.php +++ b/app/Http/Requests/User/SwitchTenantRequest.php @@ -3,6 +3,7 @@ namespace App\Http\Requests\User; use Illuminate\Foundation\Http\FormRequest; +use Illuminate\Validation\Rule; class SwitchTenantRequest extends FormRequest { @@ -13,8 +14,23 @@ public function authorize(): bool public function rules(): array { + $userId = app('api_user'); + return [ - 'tenant_id' => 'required|integer|exists:tenants,id', + 'tenant_id' => [ + 'required', + 'integer', + Rule::exists('user_tenants', 'tenant_id') + ->where('user_id', $userId) + ->where('is_active', 1), + ], + ]; + } + + public function messages(): array + { + return [ + 'tenant_id.exists' => __('error.tenant_access_denied'), ]; } } diff --git a/app/Services/EmployeeService.php b/app/Services/EmployeeService.php index 8baddd9..d5d0b67 100644 --- a/app/Services/EmployeeService.php +++ b/app/Services/EmployeeService.php @@ -224,6 +224,15 @@ public function update(int $id, array $data): TenantUserProfile if (! empty($profileUpdates)) { $profile->update($profileUpdates); + + // 퇴직/복직 시 user_tenants.is_active 동기화 + if (isset($profileUpdates['employee_status'])) { + $isActive = $profileUpdates['employee_status'] !== 'resigned'; + DB::table('user_tenants') + ->where('user_id', $profile->user_id) + ->where('tenant_id', $profile->tenant_id) + ->update(['is_active' => $isActive]); + } } // 3. json_extra 사원 정보 업데이트 @@ -275,6 +284,12 @@ public function destroy(int $id): array // 또는 employee_status를 resigned로 변경 $profile->update(['employee_status' => 'resigned']); + // 해당 테넌트 접근 차단 (다른 테넌트는 영향 없음) + DB::table('user_tenants') + ->where('user_id', $profile->user_id) + ->where('tenant_id', $tenantId) + ->update(['is_active' => false]); + return [ 'id' => $id, 'deleted_at' => now()->toDateTimeString(), @@ -288,11 +303,25 @@ public function bulkDelete(array $ids): array { $tenantId = $this->tenantId(); + // 퇴직 처리 대상의 user_id 추출 + $userIds = TenantUserProfile::query() + ->where('tenant_id', $tenantId) + ->whereIn('id', $ids) + ->pluck('user_id'); + $updated = TenantUserProfile::query() ->where('tenant_id', $tenantId) ->whereIn('id', $ids) ->update(['employee_status' => 'resigned']); + // 해당 테넌트 접근 일괄 차단 + if ($userIds->isNotEmpty()) { + DB::table('user_tenants') + ->whereIn('user_id', $userIds) + ->where('tenant_id', $tenantId) + ->update(['is_active' => false]); + } + return [ 'processed' => count($ids), 'updated' => $updated, diff --git a/lang/en/error.php b/lang/en/error.php index 576ec04..cea9ee2 100644 --- a/lang/en/error.php +++ b/lang/en/error.php @@ -125,4 +125,5 @@ 'invalid_transition' => "Cannot transition status from ':from' to ':to'. Allowed statuses: :allowed", ], + 'tenant_access_denied' => 'Access denied for this tenant.', ]; diff --git a/lang/ko/error.php b/lang/ko/error.php index b9ba29a..a7ad36b 100644 --- a/lang/ko/error.php +++ b/lang/ko/error.php @@ -526,4 +526,5 @@ 'duplicate_code' => '이미 존재하는 계정과목 코드입니다.', 'in_use' => '전표에서 사용 중인 계정과목은 삭제할 수 없습니다.', ], + 'tenant_access_denied' => '해당 테넌트에 대한 접근 권한이 없습니다.', ];