SamProject/sam-api
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
63d8eb5a717b28c7f1308afe165100ba4cb6eefe
sam-api/app/Services/MenuService.php
hskwon da44168464 fix: API 메뉴 권한 로직을 mng와 동일하게 수정 
- MenuService, MemberService 권한 조회 로직 재작성
- 부서 권한: permission_overrides 테이블 사용 (Department 타입)
- 개인 권한: permission_overrides 테이블 사용 (User 타입)
- 권한 계산: (역할 ∪ 부서 ∪ 개인ALLOW) - 개인DENY
- User model_type을 'App\Models\User'로 하드코딩 (mng 호환)
2025-12-09 20:18:32 +09:00

430 lines
15 KiB
PHP
Raw Blame History

<?php
namespace App\Services;
use App\Models\Commons\Menu;
use App\Models\Members\User;
use App\Models\Tenants\Department;
use Illuminate\Support\Arr;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Validator;
class MenuService
{
protected static function tenantId(): ?int
{
return app('tenant_id');
}
protected static function actorId(): ?int
{
$uid = app('api_user');
return $uid ? (int) $uid : null;
}
/**
* 메뉴 목록 조회 (사용자 권한 기반 필터링)
*/
public static function index(array $params)
{
$tenantId = self::tenantId();
$userId = self::actorId();
// 권한이 있는 메뉴 ID 목록 조회
$allowedMenuIds = self::getAllowedMenuIds($userId, $tenantId);
$q = Menu::query()->withShared($tenantId);
// 권한 기반 필터링 적용
if (! empty($allowedMenuIds)) {
$q->whereIn('id', $allowedMenuIds);
} else {
// 권한이 없으면 빈 결과 반환
$q->whereRaw('1 = 0');
}
if (array_key_exists('parent_id', $params)) {
$q->where('parent_id', $params['parent_id']);
}
if (array_key_exists('is_active', $params)) {
$q->where('is_active', (int) $params['is_active']);
}
if (array_key_exists('hidden', $params)) {
$q->where('hidden', (int) $params['hidden']);
}
$q->orderBy('parent_id')->orderBy('sort_order');
// Builder 그대로 전달해야 쿼리로그/표준응답 형식 유지
return $q->get();
}
/**
* 사용자가 접근 가능한 메뉴 ID 목록 조회 (mng UserPermissionService와 동일한 로직)
*/
protected static function getAllowedMenuIds(?int $userId, ?int $tenantId): array
{
if (! $userId || ! $tenantId) {
return [];
}
$now = now();
// 1. 역할 권한 (user_roles 테이블)
$rolePermissions = DB::table('user_roles')
->join('role_has_permissions', 'user_roles.role_id', '=', 'role_has_permissions.role_id')
->join('permissions', 'role_has_permissions.permission_id', '=', 'permissions.id')
->where('user_roles.user_id', $userId)
->where('user_roles.tenant_id', $tenantId)
->whereNull('user_roles.deleted_at')
->where('permissions.name', 'like', 'menu:%.view')
->pluck('permissions.name')
->toArray();
// 2. 부서 권한 (permission_overrides에서 Department 타입, effect=1)
$deptPermissions = DB::table('department_user')
->join('permission_overrides', function ($join) use ($now) {
$join->on('permission_overrides.model_id', '=', 'department_user.department_id')
->where('permission_overrides.model_type', '=', Department::class)
->whereNull('permission_overrides.deleted_at')
->where('permission_overrides.effect', 1)
->where(function ($q) use ($now) {
$q->whereNull('permission_overrides.effective_from')
->orWhere('permission_overrides.effective_from', '<=', $now);
})
->where(function ($q) use ($now) {
$q->whereNull('permission_overrides.effective_to')
->orWhere('permission_overrides.effective_to', '>=', $now);
});
})
->join('permissions', 'permissions.id', '=', 'permission_overrides.permission_id')
->whereNull('department_user.deleted_at')
->where('department_user.user_id', $userId)
->where('department_user.tenant_id', $tenantId)
->where('permission_overrides.tenant_id', $tenantId)
->where('permissions.name', 'like', 'menu:%.view')
->pluck('permissions.name')
->toArray();
// 3. 개인 ALLOW 권한 (permission_overrides에서 User 타입, effect=1)
// Note: mng는 App\Models\User를 사용하므로 하드코딩
$personalAllows = DB::table('permission_overrides')
->join('permissions', 'permissions.id', '=', 'permission_overrides.permission_id')
->where('permission_overrides.model_type', 'App\\Models\\User')
->where('permission_overrides.model_id', $userId)
->where('permission_overrides.tenant_id', $tenantId)
->where('permission_overrides.effect', 1)
->whereNull('permission_overrides.deleted_at')
->where(function ($q) use ($now) {
$q->whereNull('permission_overrides.effective_from')
->orWhere('permission_overrides.effective_from', '<=', $now);
})
->where(function ($q) use ($now) {
$q->whereNull('permission_overrides.effective_to')
->orWhere('permission_overrides.effective_to', '>=', $now);
})
->where('permissions.name', 'like', 'menu:%.view')
->pluck('permissions.name')
->toArray();
// 4. 개인 DENY 권한 (permission_overrides에서 User 타입, effect=0)
// Note: mng는 App\Models\User를 사용하므로 하드코딩
$personalDenies = DB::table('permission_overrides')
->join('permissions', 'permissions.id', '=', 'permission_overrides.permission_id')
->where('permission_overrides.model_type', 'App\\Models\\User')
->where('permission_overrides.model_id', $userId)
->where('permission_overrides.tenant_id', $tenantId)
->where('permission_overrides.effect', 0)
->whereNull('permission_overrides.deleted_at')
->where(function ($q) use ($now) {
$q->whereNull('permission_overrides.effective_from')
->orWhere('permission_overrides.effective_from', '<=', $now);
})
->where(function ($q) use ($now) {
$q->whereNull('permission_overrides.effective_to')
->orWhere('permission_overrides.effective_to', '>=', $now);
})
->where('permissions.name', 'like', 'menu:%.view')
->pluck('permissions.name')
->toArray();
// 5. 최종 권한 계산: (역할 OR 부서 OR 개인ALLOW) - 개인DENY
$allAllowed = array_unique(array_merge($rolePermissions, $deptPermissions, $personalAllows));
$effectivePermissions = array_diff($allAllowed, $personalDenies);
// 메뉴 ID 추출
$allowedMenuIds = [];
foreach ($effectivePermissions as $permName) {
if (preg_match('/^menu:(\d+)\.view$/', $permName, $matches)) {
$allowedMenuIds[] = (int) $matches[1];
}
}
return $allowedMenuIds;
}
/**
* 메뉴 단건 조회
*/
public static function show(array $params)
{
$id = (int) ($params['id'] ?? 0);
$tenantId = self::tenantId();
if (! $id) {
return ['error' => 'id가 필요합니다.', 'code' => 400];
}
$res = Menu::withShared($tenantId)->find($id);
if (empty($res['data'])) {
return ['error' => 'Menu not found', 'code' => 404];
}
return $res;
}
/**
* 메뉴 생성
*/
public static function store(array $params)
{
$tenantId = self::tenantId();
$userId = self::actorId();
$v = Validator::make($params, [
'parent_id' => ['nullable', 'integer'],
'name' => ['required', 'string', 'max:100'],
'url' => ['nullable', 'string', 'max:255'],
'is_active' => ['nullable', 'boolean'],
'sort_order' => ['nullable', 'integer'],
'hidden' => ['nullable', 'boolean'],
'is_external' => ['nullable', 'boolean'],
'external_url' => ['nullable', 'string', 'max:255'],
'icon' => ['nullable', 'string', 'max:50'],
]);
if ($v->fails()) {
return ['error' => $v->errors()->first(), 'code' => 422];
}
$data = $v->validated();
$menu = new Menu;
$menu->tenant_id = $tenantId;
$menu->parent_id = $data['parent_id'] ?? null;
$menu->name = $data['name'];
$menu->url = $data['url'] ?? null;
$menu->is_active = (int) ($data['is_active'] ?? 1);
$menu->sort_order = (int) ($data['sort_order'] ?? 0);
$menu->hidden = (int) ($data['hidden'] ?? 0);
$menu->is_external = (int) ($data['is_external'] ?? 0);
$menu->external_url = $data['external_url'] ?? null;
$menu->icon = $data['icon'] ?? null;
$menu->created_by = $userId;
$menu->updated_by = $userId;
$menu->save();
// 생성 결과를 그대로 전달
return $menu->fresh();
}
/**
* 메뉴 수정
* - global_menu_id가 있는 테넌트 메뉴 수정 시 is_customized = true 자동 설정
*/
public static function update(array $params)
{
$id = (int) ($params['id'] ?? 0);
$tenantId = self::tenantId();
$userId = self::actorId();
if (! $id) {
return ['error' => 'id가 필요합니다.', 'code' => 400];
}
$v = Validator::make($params, [
'parent_id' => ['nullable', 'integer'],
'name' => ['nullable', 'string', 'max:100'],
'url' => ['nullable', 'string', 'max:255'],
'is_active' => ['nullable', 'boolean'],
'sort_order' => ['nullable', 'integer'],
'hidden' => ['nullable', 'boolean'],
'is_external' => ['nullable', 'boolean'],
'external_url' => ['nullable', 'string', 'max:255'],
'icon' => ['nullable', 'string', 'max:50'],
]);
if ($v->fails()) {
return ['error' => $v->errors()->first(), 'code' => 422];
}
$data = $v->validated();
$menu = Menu::withShared($tenantId)->where('id', $id)->first();
if (! $menu) {
return ['error' => 'Menu not found', 'code' => 404];
}
$update = Arr::only($data, [
'parent_id', 'name', 'url', 'is_active', 'sort_order', 'hidden', 'is_external', 'external_url', 'icon',
]);
$update = array_filter($update, fn ($v) => ! is_null($v));
if (empty($update)) {
return ['error' => '수정할 데이터가 없습니다.', 'code' => 400];
}
// 글로벌 메뉴에서 복제된 테넌트 메뉴 수정 시 커스터마이징 플래그 설정
if ($menu->global_menu_id && ! $menu->is_customized) {
$update['is_customized'] = true;
}
$update['updated_by'] = $userId;
$menu->fill($update)->save();
return $menu->fresh();
}
/**
* 메뉴 삭제(소프트)
*/
public static function destroy(array $params)
{
$id = (int) ($params['id'] ?? 0);
$tenantId = self::tenantId();
$userId = self::actorId();
if (! $id) {
return ['error' => 'id가 필요합니다.', 'code' => 400];
}
$menu = Menu::withShared($tenantId)->where('id', $id)->first();
if (! $menu) {
return ['error' => 'Menu not found', 'code' => 404];
}
$menu->deleted_by = $userId;
$menu->save();
$menu->delete();
return 'success';
}
/**
* 정렬 일괄 변경
* $params = [ ['id'=>10, 'sort_order'=>1], ... ]
*/
public static function reorder(array $params)
{
if (! is_array($params) || empty($params)) {
return ['error' => '유효한 정렬 목록이 필요합니다.', 'code' => 422];
}
$tenantId = self::tenantId();
DB::transaction(function () use ($params, $tenantId) {
foreach ($params as $it) {
if (! isset($it['id'], $it['sort_order'])) {
continue;
}
$menu = Menu::withShared($tenantId)->find((int) $it['id']);
if ($menu) {
$menu->sort_order = (int) $it['sort_order'];
$menu->save();
}
}
});
return 'success';
}
/**
* 상태 토글: is_active / hidden / is_external
*/
public static function toggle(array $params)
{
$id = (int) ($params['id'] ?? 0);
$tenantId = self::tenantId();
$userId = self::actorId();
if (! $id) {
return ['error' => 'id가 필요합니다.', 'code' => 400];
}
$payload = array_filter([
'is_active' => array_key_exists('is_active', $params) ? (int) $params['is_active'] : null,
'hidden' => array_key_exists('hidden', $params) ? (int) $params['hidden'] : null,
'is_external' => array_key_exists('is_external', $params) ? (int) $params['is_external'] : null,
], fn ($v) => ! is_null($v));
if (empty($payload)) {
return ['error' => '변경할 필드가 없습니다.', 'code' => 422];
}
$menu = Menu::withShared($tenantId)->find($id);
if (! $menu) {
return ['error' => 'Menu not found', 'code' => 404];
}
$payload['updated_by'] = $userId;
$menu->fill($payload)->save();
return $menu->fresh();
}
/**
* 삭제된 메뉴 복원
*/
public static function restore(array $params)
{
$id = (int) ($params['id'] ?? 0);
$tenantId = self::tenantId();
$userId = self::actorId();
if (! $id) {
return ['error' => 'id가 필요합니다.', 'code' => 400];
}
// 삭제된 메뉴 포함하여 조회
$menu = Menu::withTrashed()
->withoutGlobalScopes()
->where(function ($q) use ($tenantId) {
$q->whereNull('tenant_id')
->orWhere('tenant_id', $tenantId);
})
->where('id', $id)
->first();
if (! $menu) {
return ['error' => 'Menu not found', 'code' => 404];
}
if (! $menu->trashed()) {
return ['error' => '삭제되지 않은 메뉴입니다.', 'code' => 400];
}
$menu->restore();
$menu->deleted_by = null;
$menu->updated_by = $userId;
$menu->save();
return $menu->fresh();
}
/**
* 삭제된 메뉴 목록 조회
*/
public static function trashedList(array $params = [])
{
$tenantId = self::tenantId();
return Menu::onlyTrashed()
->withoutGlobalScopes()
->where(function ($q) use ($tenantId) {
$q->whereNull('tenant_id')
->orWhere('tenant_id', $tenantId);
})
->orderBy('deleted_at', 'desc')
->get();
}
}
Reference in New Issue View Git Blame Copy Permalink