diff --git a/app/Http/Controllers/Api/V1/ApiController.php b/app/Http/Controllers/Api/V1/ApiController.php index cfe4b82..20ceaaa 100644 --- a/app/Http/Controllers/Api/V1/ApiController.php +++ b/app/Http/Controllers/Api/V1/ApiController.php @@ -64,6 +64,7 @@ public function login(Request $request) 'user' => $loginInfo['user'], 'tenant' => $loginInfo['tenant'], 'menus' => $loginInfo['menus'], + 'roles' => $loginInfo['roles'], ]); } diff --git a/app/Services/MemberService.php b/app/Services/MemberService.php index 969b347..41a2b29 100644 --- a/app/Services/MemberService.php +++ b/app/Services/MemberService.php @@ -213,6 +213,7 @@ public static function getUserInfoForLogin(int $userId): array 'user' => $userInfo, 'tenant' => null, 'menus' => [], + 'roles' => [], ]; } @@ -236,14 +237,25 @@ public static function getUserInfoForLogin(int $userId): array ]; // 4. 메뉴 권한 체크 (menu:{menu_id}.view 패턴) - // 4-1. 기본 Role 권한 (model_has_permissions) - $rolePermissions = DB::table('model_has_permissions') - ->join('permissions', 'model_has_permissions.permission_id', '=', 'permissions.id') - ->where('model_has_permissions.model_type', User::class) - ->where('model_has_permissions.model_id', $userId) - ->where('model_has_permissions.tenant_id', $tenant->id) + // 4-1. 역할 기반 권한 + 직접 권한 조회 (하이브리드) + $rolePermissions = DB::table('model_has_roles') + ->join('role_has_permissions', 'model_has_roles.role_id', '=', 'role_has_permissions.role_id') + ->join('permissions', 'role_has_permissions.permission_id', '=', 'permissions.id') + ->where('model_has_roles.model_type', User::class) + ->where('model_has_roles.model_id', $userId) + ->where('model_has_roles.tenant_id', $tenant->id) ->where('permissions.name', 'like', 'menu:%.view') - ->pluck('permissions.name') + ->select('permissions.name') + ->union( + DB::table('model_has_permissions') + ->join('permissions', 'model_has_permissions.permission_id', '=', 'permissions.id') + ->where('model_has_permissions.model_type', User::class) + ->where('model_has_permissions.model_id', $userId) + ->where('model_has_permissions.tenant_id', $tenant->id) + ->where('permissions.name', 'like', 'menu:%.view') + ->select('permissions.name') + ) + ->pluck('name') ->toArray(); // 4-2. Override 권한 (명시적 허용/차단) @@ -303,10 +315,21 @@ public static function getUserInfoForLogin(int $userId): array ->toArray(); } + // 6. 역할(Role) 정보 조회 + $roles = DB::table('model_has_roles') + ->join('roles', 'model_has_roles.role_id', '=', 'roles.id') + ->where('model_has_roles.model_type', User::class) + ->where('model_has_roles.model_id', $userId) + ->where('model_has_roles.tenant_id', $tenant->id) + ->select('roles.id', 'roles.name', 'roles.description') + ->get() + ->toArray(); + return [ 'user' => $userInfo, 'tenant' => $tenantInfo, 'menus' => $menus, + 'roles' => $roles, ]; } } diff --git a/app/Services/RegisterService.php b/app/Services/RegisterService.php index e69c876..9c21e36 100644 --- a/app/Services/RegisterService.php +++ b/app/Services/RegisterService.php @@ -5,6 +5,7 @@ use App\Helpers\TenantCodeGenerator; use App\Models\Commons\Menu; use App\Models\Members\User; +use App\Models\Members\UserTenant; use App\Models\Tenants\Tenant; use App\Models\Tenants\TenantUserProfile; use Illuminate\Support\Facades\DB; @@ -65,7 +66,7 @@ public static function register(array $params): array ], ]); - // 5. Create TenantUserProfile (tenant-user mapping) + // 5. Create TenantUserProfile (tenant-user profile mapping) TenantUserProfile::create([ 'user_id' => $user->id, 'tenant_id' => $tenant->id, @@ -73,6 +74,15 @@ public static function register(array $params): array 'is_active' => 1, // 활성화 ]); + // 5-1. Create UserTenant (tenant-user access mapping) + UserTenant::create([ + 'user_id' => $user->id, + 'tenant_id' => $tenant->id, + 'is_default' => 1, // 기본 테넌트로 설정 + 'is_active' => 1, // 활성화 + 'joined_at' => now(), // 가입 시각 + ]); + // 6. Set tenant context for permissions app()->bind('tenant_id', fn () => $tenant->id); app(PermissionRegistrar::class)->setPermissionsTeamId($tenant->id); diff --git a/app/Swagger/v1/AuthApi.php b/app/Swagger/v1/AuthApi.php index 6e824e3..4ceb783 100644 --- a/app/Swagger/v1/AuthApi.php +++ b/app/Swagger/v1/AuthApi.php @@ -77,8 +77,8 @@ public function debugApiKey() {} * @OA\Post( * path="/api/v1/login", * tags={"Auth"}, - * summary="로그인 (토큰 + 사용자 정보 + 테넌트 + 메뉴)", - * description="로그인 성공 시 인증 토큰과 함께 사용자 정보, 활성 테넌트 정보, 접근 가능한 메뉴 목록을 반환합니다.", + * summary="로그인 (토큰 + 사용자 정보 + 테넌트 + 메뉴 + 역할)", + * description="로그인 성공 시 인증 토큰과 함께 사용자 정보, 활성 테넌트 정보, 접근 가능한 메뉴 목록, 역할 목록을 반환합니다.", * security={{"ApiKeyAuth": {}}}, * * @OA\RequestBody( @@ -156,6 +156,19 @@ public function debugApiKey() {} * @OA\Property(property="is_external", type="boolean", example=false, description="외부 링크 여부"), * @OA\Property(property="external_url", type="string", nullable=true, example="https://example.com", description="외부 링크 URL") * ) + * ), + * @OA\Property( + * property="roles", + * type="array", + * description="사용자가 가진 역할 목록", + * + * @OA\Items( + * type="object", + * + * @OA\Property(property="id", type="integer", example=1, description="역할 ID"), + * @OA\Property(property="name", type="string", example="system_manager", description="역할명"), + * @OA\Property(property="description", type="string", example="시스템 관리자", description="역할 설명") + * ) * ) * ) * ),