SamProject/sam-api
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix : 권한관리 기능 추가 (각 기능 확인 필요)

Browse Source 
- 메뉴관리
- 역할관리
- 부서관리
- 메뉴, 부서, 역할, 유저 - 권한 연동
This commit is contained in:
권혁성
2025-08-16 03:25:06 +09:00
parent 68d97c166f
commit 73d06e03b0
34 changed files with 3656 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files

107
app/Http/Controllers/Api/V1/DepartmentController.php Normal file
View File

@@ -0,0 +1,107 @@
<?php
namespace App\Http\Controllers\Api\V1;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
use App\Services\DepartmentService;
use App\Helpers\ApiResponse;
class DepartmentController extends Controller
{
// GET /v1/departments
public function index(Request $request)
{
return ApiResponse::handle(function () use ($request) {
return DepartmentService::index($request->all());
}, '부서 목록 조회');
}
// POST /v1/departments
public function store(Request $request)
{
return ApiResponse::handle(function () use ($request) {
return DepartmentService::store($request->all());
}, '부서 생성');
}
// GET /v1/departments/{id}
public function show($id, Request $request)
{
return ApiResponse::handle(function () use ($id, $request) {
return DepartmentService::show((int)$id, $request->all());
}, '부서 단건 조회');
}
// PATCH /v1/departments/{id}
public function update($id, Request $request)
{
return ApiResponse::handle(function () use ($id, $request) {
return DepartmentService::update((int)$id, $request->all());
}, '부서 수정');
}
// DELETE /v1/departments/{id}
public function destroy($id, Request $request)
{
return ApiResponse::handle(function () use ($id, $request) {
return DepartmentService::destroy((int)$id, $request->all());
}, '부서 삭제');
}
// GET /v1/departments/{id}/users
public function listUsers($id, Request $request)
{
return ApiResponse::handle(function () use ($id, $request) {
return DepartmentService::listUsers((int)$id, $request->all());
}, '부서 사용자 목록');
}
// POST /v1/departments/{id}/users
public function attachUser($id, Request $request)
{
return ApiResponse::handle(function () use ($id, $request) {
return DepartmentService::attachUser((int)$id, $request->all());
}, '부서 사용자 배정');
}
// DELETE /v1/departments/{id}/users/{user}
public function detachUser($id, $user, Request $request)
{
return ApiResponse::handle(function () use ($id, $user, $request) {
return DepartmentService::detachUser((int)$id, (int)$user, $request->all());
}, '부서 사용자 제거');
}
// PATCH /v1/departments/{id}/users/{user}/primary
public function setPrimary($id, $user, Request $request)
{
return ApiResponse::handle(function () use ($id, $user, $request) {
return DepartmentService::setPrimary((int)$id, (int)$user, $request->all());
}, '주 부서 설정/해제');
}
// GET /v1/departments/{id}/permissions
public function listPermissions($id, Request $request)
{
return ApiResponse::handle(function () use ($id, $request) {
return DepartmentService::listPermissions((int)$id, $request->all());
}, '부서 권한 목록');
}
// POST /v1/departments/{id}/permissions
public function upsertPermission($id, Request $request)
{
return ApiResponse::handle(function () use ($id, $request) {
return DepartmentService::upsertPermission((int)$id, $request->all());
}, '부서 권한 부여/차단');
}
// DELETE /v1/departments/{id}/permissions/{permission}
public function revokePermission($id, $permission, Request $request)
{
return ApiResponse::handle(function () use ($id, $permission, $request) {
return DepartmentService::revokePermission((int)$id, (int)$permission, $request->all());
}, '부서 권한 제거');
}
}

62
app/Http/Controllers/Api/V1/MenuController.php Normal file
View File

@@ -0,0 +1,62 @@
<?php
namespace App\Http\Controllers\Api\V1;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
use App\Services\MenuService;
use App\Helpers\ApiResponse;
class MenuController extends Controller
{
public function index(Request $request)
{
return ApiResponse::handle(function () use ($request) {
return MenuService::index($request->all());
}, '메뉴 목록 조회');
}
public function show($id)
{
return ApiResponse::handle(function () use ($id) {
return MenuService::show(['id' => (int)$id]);
}, '메뉴 단건 조회');
}
public function store(Request $request)
{
return ApiResponse::handle(function () use ($request) {
return MenuService::store($request->all());
}, '메뉴 등록');
}
public function update(Request $request, $id)
{
return ApiResponse::handle(function () use ($request, $id) {
$params = $request->all(); $params['id'] = (int)$id;
return MenuService::update($params);
}, '메뉴 수정');
}
public function destroy($id)
{
return ApiResponse::handle(function () use ($id) {
return MenuService::destroy(['id' => (int)$id]);
}, '메뉴 삭제');
}
public function reorder(Request $request)
{
return ApiResponse::handle(function () use ($request) {
return MenuService::reorder($request->all());
}, '메뉴 정렬 변경');
}
public function toggle(Request $request, $id)
{
return ApiResponse::handle(function () use ($request, $id) {
$params = $request->all(); $params['id'] = (int)$id;
return MenuService::toggle($params);
}, '메뉴 상태 토글');
}
}

46
app/Http/Controllers/Api/V1/RoleController.php Normal file
View File

@@ -0,0 +1,46 @@
<?php
namespace App\Http\Controllers\Api\V1;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
use App\Services\Authz\RoleService;
use App\Helpers\ApiResponse;
class RoleController extends Controller
{
public function index(Request $request)
{
return ApiResponse::handle(function () use ($request) {
return RoleService::index($request->all());
}, '역할 목록 조회');
}
public function store(Request $request)
{
return ApiResponse::handle(function () use ($request) {
return RoleService::store($request->all());
}, '역할 생성');
}
public function show($id)
{
return ApiResponse::handle(function () use ($id) {
return RoleService::show((int)$id);
}, '역할 상세 조회');
}
public function update(Request $request, $id)
{
return ApiResponse::handle(function () use ($request, $id) {
return RoleService::update((int)$id, $request->all());
}, '역할 수정');
}
public function destroy($id)
{
return ApiResponse::handle(function () use ($id) {
return RoleService::destroy((int)$id);
}, '역할 삭제');
}
}

39
app/Http/Controllers/Api/V1/RolePermissionController.php Normal file
View File

@@ -0,0 +1,39 @@
<?php
namespace App\Http\Controllers\Api\V1;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
use App\Services\Authz\RolePermissionService;
use App\Helpers\ApiResponse;
class RolePermissionController extends Controller
{
public function index($id, Request $request)
{
return ApiResponse::handle(function () use ($id) {
return RolePermissionService::list((int)$id);
}, '역할 퍼미션 목록 조회');
}
public function grant($id, Request $request)
{
return ApiResponse::handle(function () use ($id, $request) {
return RolePermissionService::grant((int)$id, $request->all());
}, '역할 퍼미션 부여');
}
public function revoke($id, Request $request)
{
return ApiResponse::handle(function () use ($id, $request) {
return RolePermissionService::revoke((int)$id, $request->all());
}, '역할 퍼미션 회수');
}
public function sync($id, Request $request)
{
return ApiResponse::handle(function () use ($id, $request) {
return RolePermissionService::sync((int)$id, $request->all());
}, '역할 퍼미션 동기화');
}
}

39
app/Http/Controllers/Api/V1/UserRoleController.php Normal file
View File

@@ -0,0 +1,39 @@
<?php
namespace App\Http\Controllers\Api\V1;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
use App\Services\Authz\UserRoleService;
use App\Helpers\ApiResponse;
class UserRoleController extends Controller
{
public function index($id)
{
return ApiResponse::handle(function () use ($id) {
return UserRoleService::list((int)$id);
}, '사용자의 역할 목록 조회');
}
public function grant($id, Request $request)
{
return ApiResponse::handle(function () use ($id, $request) {
return UserRoleService::grant((int)$id, $request->all());
}, '사용자에게 역할 부여');
}
public function revoke($id, Request $request)
{
return ApiResponse::handle(function () use ($id, $request) {
return UserRoleService::revoke((int)$id, $request->all());
}, '사용자의 역할 회수');
}
public function sync($id, Request $request)
{
return ApiResponse::handle(function () use ($id, $request) {
return UserRoleService::sync((int)$id, $request->all());
}, '사용자의 역할 동기화');
}
}

52
app/Http/Middleware/CheckPermission.php
View File

@@ -4,22 +4,54 @@
use Closure;
use Illuminate\Http\Request;
use App\Services\AdminPermissionService;
use Spatie\Permission\PermissionRegistrar;
use App\Services\Authz\AccessService;
use App\Models\Members\User as UserModel;
class CheckPermission
{
public function handle(Request $request, Closure $next, string $permissionCode)
public function handle(Request $request, Closure $next)
{
$userToken = $request->input('user_token');
if (!$userToken) {
$userToken = $request->header('X-API-KEY');
if (!$userToken) {
return response()->json(['error' => '토큰이 없습니다.'], 401);
}
// Perm 키 가져오기 (attributes 우선, 없으면 route defaults)
$perm = $request->attributes->get('perm')
?? ($request->route()?->defaults['perm'] ?? null);
// 다중 ANY-매칭
$permsAny = $request->attributes->get('perms_any');
// perm 미지정 라우트 처리 정책
// TODO :: 초기 도입 단계: 통과. (정책에 따라 403으로 바꿔도 됨)
if (!$perm && !$permsAny) {
return $next($request);
// return response()->json(['success'=>false,'message'=>'권한 설정 누락','data'=>null], 403);
}
if (!AdminPermissionService::hasPermission($userToken, $permissionCode)) {
return response()->json(['error' => '권한이 없습니다.'], 403);
// 컨텍스트 확보
$tenantId = (int) app('tenant_id');
$userId = (int) app('api_user');
if (!$tenantId || !$userId) {
return response()->json(['success'=>false,'message'=>'인증 또는 테넌트 정보가 없습니다.','data'=>null], 401);
}
$user = UserModel::find($userId);
if (!$user) {
return response()->json(['success'=>false,'message'=>'사용자 없음','data'=>null], 401);
}
// Spatie Teams 컨텍스트 고정
app(PermissionRegistrar::class)->setPermissionsTeamId($tenantId);
// 최종 판정(DENY 최우선/부서 ALLOW 포함)
if ($permsAny) {
foreach ($permsAny as $p) {
if (AccessService::allows($user, $p, $tenantId, 'api')) {
return $next($request);
}
}
return response()->json(['success'=>false,'message'=>'권한이 없습니다.','data'=>null], 403);
}
if (! AccessService::allows($user, $perm, $tenantId, 'api')) {
return response()->json(['success'=>false,'message'=>'권한이 없습니다.','data'=>null], 403);
}
return $next($request);

49
app/Http/Middleware/PermMapper.php Normal file
View File

@@ -0,0 +1,49 @@
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
class PermMapper
{
/** HTTP 메서드 → 액션 버킷 */
private array $actionMap = [
'GET' => 'view',
'HEAD' => 'view',
'POST' => 'create',
'PUT' => 'update',
'PATCH' => 'update',
'DELETE' => 'delete',
];
public function handle(Request $request, Closure $next)
{
$route = $request->route();
if (!$route) {
return $next($request);
}
// 1) 이미 perm이 attributes에 있으면 존중
if ($request->attributes->get('perm')) {
return $next($request);
}
// 2) 라우트 defaults로 강제 지정된 perm/permission 우선
$forced = $route->defaults['perm'] ?? $route->defaults['permission'] ?? null;
if ($forced) {
$request->attributes->set('perm', $forced);
return $next($request);
}
// 3) menu_id 가 지정된 경우: HTTP 메서드 → 액션으로 perm 생성
$menuId = $route->defaults['menu_id'] ?? null;
if ($menuId) {
$action = $this->actionMap[$request->method()] ?? 'view';
$request->attributes->set('perm', "menu:{$menuId}.{$action}");
}
// 4) menu_id/perm 둘 다 없으면 설정 안 함(체크 미들웨어 정책에 따름)
return $next($request);
}
}