diff --git a/app/Http/Controllers/Api/Admin/TenantController.php b/app/Http/Controllers/Api/Admin/TenantController.php index 84ea1c8c..3ca3abbb 100644 --- a/app/Http/Controllers/Api/Admin/TenantController.php +++ b/app/Http/Controllers/Api/Admin/TenantController.php @@ -27,8 +27,10 @@ public function index(Request $request): JsonResponse // HTMX 요청 시 HTML 반환 if ($request->header('HX-Request')) { + $html = view('tenants.partials.table', compact('tenants'))->render(); + return response()->json([ - 'html' => view('tenants.partials.table', compact('tenants'))->render(), + 'html' => $html, ]); } diff --git a/app/Models/Scopes/TenantScope.php b/app/Models/Scopes/TenantScope.php new file mode 100644 index 00000000..68eb57e5 --- /dev/null +++ b/app/Models/Scopes/TenantScope.php @@ -0,0 +1,54 @@ +runningInConsole()) { + return; + } + + // 캐시된 tenant_id가 없으면 조회 (요청당 1회만) + if (! self::$cacheInitialized) { + $request = app(Request::class); + + self::$cachedTenantId = $request->attributes->get('tenant_id') + ?? $request->header('X-TENANT-ID') + ?? auth()->user()?->tenant_id; + + self::$cacheInitialized = true; + } + + if (self::$cachedTenantId !== null) { + $builder->where($model->getTable().'.tenant_id', self::$cachedTenantId); + } + } + + /** + * 캐시 초기화 (테스트 또는 장기 실행 프로세스에서 필요 시) + */ + public static function clearCache(): void + { + self::$cachedTenantId = null; + self::$cacheInitialized = false; + } +} diff --git a/app/Models/Tenants/Tenant.php b/app/Models/Tenants/Tenant.php index fbb79c00..c1e902b4 100644 --- a/app/Models/Tenants/Tenant.php +++ b/app/Models/Tenants/Tenant.php @@ -4,6 +4,7 @@ use App\Models\User; use Illuminate\Database\Eloquent\Model; +use Illuminate\Database\Eloquent\Relations\BelongsToMany; use Illuminate\Database\Eloquent\Relations\HasMany; use Illuminate\Database\Eloquent\SoftDeletes; @@ -56,11 +57,11 @@ public function scopeActive($query) } /** - * 관계: 사용자 + * 관계: 사용자 (Many-to-Many via user_tenants) */ - public function users(): HasMany + public function users(): BelongsToMany { - return $this->hasMany(User::class, 'tenant_id'); + return $this->belongsToMany(User::class, 'user_tenants'); } /** @@ -110,7 +111,7 @@ public function getStatusLabelAttribute(): string 'active' => '활성', 'suspended' => '정지', 'expired' => '만료', - default => $this->tenant_st_code, + default => $this->tenant_st_code ?? '미설정', }; } diff --git a/app/Providers/ViewServiceProvider.php b/app/Providers/ViewServiceProvider.php index b5e023d4..8b8f2aaf 100644 --- a/app/Providers/ViewServiceProvider.php +++ b/app/Providers/ViewServiceProvider.php @@ -21,14 +21,14 @@ public function register(): void */ public function boot(): void { - // 모든 뷰에 테넌트 목록 공유 + // 모든 뷰에 테넌트 목록 공유 (전역용) View::composer('*', function ($view) { if (auth()->check()) { - $tenants = Tenant::active() + $globalTenants = Tenant::active() ->orderBy('company_name') ->get(['id', 'company_name', 'code']); - $view->with('tenants', $tenants); + $view->with('globalTenants', $globalTenants); } }); } diff --git a/app/Traits/BelongsToTenant.php b/app/Traits/BelongsToTenant.php new file mode 100644 index 00000000..51be7928 --- /dev/null +++ b/app/Traits/BelongsToTenant.php @@ -0,0 +1,13 @@ +when(TenantHelper::hasTenantSelected(), function (Builder $query) { + return TenantHelper::applyTenantFilter($query); + }, function (Builder $query) { + // 테넌트가 선택되지 않으면 빈 결과 + return $query->whereRaw('1 = 0'); + }); + } + + protected function mutateFormDataBeforeCreate(array $data): array + { + return TenantHelper::setTenantId($data); + } + + protected function mutateFormDataBeforeSave(array $data): array + { + return TenantHelper::setTenantId($data); + } +} diff --git a/app/Traits/ModelTrait.php b/app/Traits/ModelTrait.php new file mode 100644 index 00000000..55ee57f5 --- /dev/null +++ b/app/Traits/ModelTrait.php @@ -0,0 +1,24 @@ +format('Y-m-d H:i:s'); + } + + /** + * Active 상태 조회 + */ + public function scopeActive($query) + { + return $query->where('is_active', 1); + } +} diff --git a/app/Traits/UppercaseAttributes.php b/app/Traits/UppercaseAttributes.php new file mode 100644 index 00000000..a3ebbca2 --- /dev/null +++ b/app/Traits/UppercaseAttributes.php @@ -0,0 +1,27 @@ +withRouting( web: __DIR__.'/../routes/web.php', + api: __DIR__.'/../routes/api.php', + apiPrefix: 'api', commands: __DIR__.'/../routes/console.php', health: '/up', ) diff --git a/composer.json b/composer.json index 1a1200e8..b40b15ef 100644 --- a/composer.json +++ b/composer.json @@ -10,7 +10,8 @@ "darkaonline/l5-swagger": "^9.0", "laravel/framework": "^12.0", "laravel/sanctum": "^4.2", - "laravel/tinker": "^2.10.1" + "laravel/tinker": "^2.10.1", + "spatie/laravel-permission": "^6.23" }, "require-dev": { "fakerphp/faker": "^1.23", diff --git a/composer.lock b/composer.lock index 52c05f77..d600514c 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "f8e363f5a1017fcab82aa616ebbde9d7", + "content-hash": "c2faf899d8caff5078bf8fea2f6b6691", "packages": [ { "name": "brick/math", @@ -3605,6 +3605,89 @@ }, "time": "2025-09-04T20:59:21+00:00" }, + { + "name": "spatie/laravel-permission", + "version": "6.23.0", + "source": { + "type": "git", + "url": "https://github.com/spatie/laravel-permission.git", + "reference": "9e41247bd512b1e6c229afbc1eb528f7565ae3bb" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/spatie/laravel-permission/zipball/9e41247bd512b1e6c229afbc1eb528f7565ae3bb", + "reference": "9e41247bd512b1e6c229afbc1eb528f7565ae3bb", + "shasum": "" + }, + "require": { + "illuminate/auth": "^8.12|^9.0|^10.0|^11.0|^12.0", + "illuminate/container": "^8.12|^9.0|^10.0|^11.0|^12.0", + "illuminate/contracts": "^8.12|^9.0|^10.0|^11.0|^12.0", + "illuminate/database": "^8.12|^9.0|^10.0|^11.0|^12.0", + "php": "^8.0" + }, + "require-dev": { + "laravel/passport": "^11.0|^12.0", + "laravel/pint": "^1.0", + "orchestra/testbench": "^6.23|^7.0|^8.0|^9.0|^10.0", + "phpunit/phpunit": "^9.4|^10.1|^11.5" + }, + "type": "library", + "extra": { + "laravel": { + "providers": [ + "Spatie\\Permission\\PermissionServiceProvider" + ] + }, + "branch-alias": { + "dev-main": "6.x-dev", + "dev-master": "6.x-dev" + } + }, + "autoload": { + "files": [ + "src/helpers.php" + ], + "psr-4": { + "Spatie\\Permission\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Freek Van der Herten", + "email": "freek@spatie.be", + "homepage": "https://spatie.be", + "role": "Developer" + } + ], + "description": "Permission handling for Laravel 8.0 and up", + "homepage": "https://github.com/spatie/laravel-permission", + "keywords": [ + "acl", + "laravel", + "permission", + "permissions", + "rbac", + "roles", + "security", + "spatie" + ], + "support": { + "issues": "https://github.com/spatie/laravel-permission/issues", + "source": "https://github.com/spatie/laravel-permission/tree/6.23.0" + }, + "funding": [ + { + "url": "https://github.com/spatie", + "type": "github" + } + ], + "time": "2025-11-03T20:16:13+00:00" + }, { "name": "swagger-api/swagger-ui", "version": "v5.30.2", diff --git a/config/permission.php b/config/permission.php new file mode 100644 index 00000000..f39f6b5b --- /dev/null +++ b/config/permission.php @@ -0,0 +1,202 @@ + [ + + /* + * When using the "HasPermissions" trait from this package, we need to know which + * Eloquent model should be used to retrieve your permissions. Of course, it + * is often just the "Permission" model but you may use whatever you like. + * + * The model you want to use as a Permission model needs to implement the + * `Spatie\Permission\Contracts\Permission` contract. + */ + + 'permission' => Spatie\Permission\Models\Permission::class, + + /* + * When using the "HasRoles" trait from this package, we need to know which + * Eloquent model should be used to retrieve your roles. Of course, it + * is often just the "Role" model but you may use whatever you like. + * + * The model you want to use as a Role model needs to implement the + * `Spatie\Permission\Contracts\Role` contract. + */ + + 'role' => Spatie\Permission\Models\Role::class, + + ], + + 'table_names' => [ + + /* + * When using the "HasRoles" trait from this package, we need to know which + * table should be used to retrieve your roles. We have chosen a basic + * default value but you may easily change it to any table you like. + */ + + 'roles' => 'roles', + + /* + * When using the "HasPermissions" trait from this package, we need to know which + * table should be used to retrieve your permissions. We have chosen a basic + * default value but you may easily change it to any table you like. + */ + + 'permissions' => 'permissions', + + /* + * When using the "HasPermissions" trait from this package, we need to know which + * table should be used to retrieve your models permissions. We have chosen a + * basic default value but you may easily change it to any table you like. + */ + + 'model_has_permissions' => 'model_has_permissions', + + /* + * When using the "HasRoles" trait from this package, we need to know which + * table should be used to retrieve your models roles. We have chosen a + * basic default value but you may easily change it to any table you like. + */ + + 'model_has_roles' => 'model_has_roles', + + /* + * When using the "HasRoles" trait from this package, we need to know which + * table should be used to retrieve your roles permissions. We have chosen a + * basic default value but you may easily change it to any table you like. + */ + + 'role_has_permissions' => 'role_has_permissions', + ], + + 'column_names' => [ + /* + * Change this if you want to name the related pivots other than defaults + */ + 'role_pivot_key' => null, // default 'role_id', + 'permission_pivot_key' => null, // default 'permission_id', + + /* + * Change this if you want to name the related model primary key other than + * `model_id`. + * + * For example, this would be nice if your primary keys are all UUIDs. In + * that case, name this `model_uuid`. + */ + + 'model_morph_key' => 'model_id', + + /* + * Change this if you want to use the teams feature and your related model's + * foreign key is other than `team_id`. + */ + + 'team_foreign_key' => 'team_id', + ], + + /* + * When set to true, the method for checking permissions will be registered on the gate. + * Set this to false if you want to implement custom logic for checking permissions. + */ + + 'register_permission_check_method' => true, + + /* + * When set to true, Laravel\Octane\Events\OperationTerminated event listener will be registered + * this will refresh permissions on every TickTerminated, TaskTerminated and RequestTerminated + * NOTE: This should not be needed in most cases, but an Octane/Vapor combination benefited from it. + */ + 'register_octane_reset_listener' => false, + + /* + * Events will fire when a role or permission is assigned/unassigned: + * \Spatie\Permission\Events\RoleAttached + * \Spatie\Permission\Events\RoleDetached + * \Spatie\Permission\Events\PermissionAttached + * \Spatie\Permission\Events\PermissionDetached + * + * To enable, set to true, and then create listeners to watch these events. + */ + 'events_enabled' => false, + + /* + * Teams Feature. + * When set to true the package implements teams using the 'team_foreign_key'. + * If you want the migrations to register the 'team_foreign_key', you must + * set this to true before doing the migration. + * If you already did the migration then you must make a new migration to also + * add 'team_foreign_key' to 'roles', 'model_has_roles', and 'model_has_permissions' + * (view the latest version of this package's migration file) + */ + + 'teams' => false, + + /* + * The class to use to resolve the permissions team id + */ + 'team_resolver' => \Spatie\Permission\DefaultTeamResolver::class, + + /* + * Passport Client Credentials Grant + * When set to true the package will use Passports Client to check permissions + */ + + 'use_passport_client_credentials' => false, + + /* + * When set to true, the required permission names are added to exception messages. + * This could be considered an information leak in some contexts, so the default + * setting is false here for optimum safety. + */ + + 'display_permission_in_exception' => false, + + /* + * When set to true, the required role names are added to exception messages. + * This could be considered an information leak in some contexts, so the default + * setting is false here for optimum safety. + */ + + 'display_role_in_exception' => false, + + /* + * By default wildcard permission lookups are disabled. + * See documentation to understand supported syntax. + */ + + 'enable_wildcard_permission' => false, + + /* + * The class to use for interpreting wildcard permissions. + * If you need to modify delimiters, override the class and specify its name here. + */ + // 'wildcard_permission' => Spatie\Permission\WildcardPermission::class, + + /* Cache-specific settings */ + + 'cache' => [ + + /* + * By default all permissions are cached for 24 hours to speed up performance. + * When permissions or roles are updated the cache is flushed automatically. + */ + + 'expiration_time' => \DateInterval::createFromDateString('24 hours'), + + /* + * The cache key used to store all permissions. + */ + + 'key' => 'spatie.permission.cache', + + /* + * You may optionally indicate a specific cache driver to use for permission and + * role caching using any of the `store` drivers listed in the cache.php config + * file. Using 'default' here means to use the `default` set in cache.php. + */ + + 'store' => 'default', + ], +]; diff --git a/database/migrations/2025_11_24_002336_create_permission_tables.php b/database/migrations/2025_11_24_002336_create_permission_tables.php new file mode 100644 index 00000000..66ce1f97 --- /dev/null +++ b/database/migrations/2025_11_24_002336_create_permission_tables.php @@ -0,0 +1,134 @@ +engine('InnoDB'); + $table->bigIncrements('id'); // permission id + $table->string('name'); // For MyISAM use string('name', 225); // (or 166 for InnoDB with Redundant/Compact row format) + $table->string('guard_name'); // For MyISAM use string('guard_name', 25); + $table->timestamps(); + + $table->unique(['name', 'guard_name']); + }); + + Schema::create($tableNames['roles'], static function (Blueprint $table) use ($teams, $columnNames) { + // $table->engine('InnoDB'); + $table->bigIncrements('id'); // role id + if ($teams || config('permission.testing')) { // permission.testing is a fix for sqlite testing + $table->unsignedBigInteger($columnNames['team_foreign_key'])->nullable(); + $table->index($columnNames['team_foreign_key'], 'roles_team_foreign_key_index'); + } + $table->string('name'); // For MyISAM use string('name', 225); // (or 166 for InnoDB with Redundant/Compact row format) + $table->string('guard_name'); // For MyISAM use string('guard_name', 25); + $table->timestamps(); + if ($teams || config('permission.testing')) { + $table->unique([$columnNames['team_foreign_key'], 'name', 'guard_name']); + } else { + $table->unique(['name', 'guard_name']); + } + }); + + Schema::create($tableNames['model_has_permissions'], static function (Blueprint $table) use ($tableNames, $columnNames, $pivotPermission, $teams) { + $table->unsignedBigInteger($pivotPermission); + + $table->string('model_type'); + $table->unsignedBigInteger($columnNames['model_morph_key']); + $table->index([$columnNames['model_morph_key'], 'model_type'], 'model_has_permissions_model_id_model_type_index'); + + $table->foreign($pivotPermission) + ->references('id') // permission id + ->on($tableNames['permissions']) + ->onDelete('cascade'); + if ($teams) { + $table->unsignedBigInteger($columnNames['team_foreign_key']); + $table->index($columnNames['team_foreign_key'], 'model_has_permissions_team_foreign_key_index'); + + $table->primary([$columnNames['team_foreign_key'], $pivotPermission, $columnNames['model_morph_key'], 'model_type'], + 'model_has_permissions_permission_model_type_primary'); + } else { + $table->primary([$pivotPermission, $columnNames['model_morph_key'], 'model_type'], + 'model_has_permissions_permission_model_type_primary'); + } + + }); + + Schema::create($tableNames['model_has_roles'], static function (Blueprint $table) use ($tableNames, $columnNames, $pivotRole, $teams) { + $table->unsignedBigInteger($pivotRole); + + $table->string('model_type'); + $table->unsignedBigInteger($columnNames['model_morph_key']); + $table->index([$columnNames['model_morph_key'], 'model_type'], 'model_has_roles_model_id_model_type_index'); + + $table->foreign($pivotRole) + ->references('id') // role id + ->on($tableNames['roles']) + ->onDelete('cascade'); + if ($teams) { + $table->unsignedBigInteger($columnNames['team_foreign_key']); + $table->index($columnNames['team_foreign_key'], 'model_has_roles_team_foreign_key_index'); + + $table->primary([$columnNames['team_foreign_key'], $pivotRole, $columnNames['model_morph_key'], 'model_type'], + 'model_has_roles_role_model_type_primary'); + } else { + $table->primary([$pivotRole, $columnNames['model_morph_key'], 'model_type'], + 'model_has_roles_role_model_type_primary'); + } + }); + + Schema::create($tableNames['role_has_permissions'], static function (Blueprint $table) use ($tableNames, $pivotRole, $pivotPermission) { + $table->unsignedBigInteger($pivotPermission); + $table->unsignedBigInteger($pivotRole); + + $table->foreign($pivotPermission) + ->references('id') // permission id + ->on($tableNames['permissions']) + ->onDelete('cascade'); + + $table->foreign($pivotRole) + ->references('id') // role id + ->on($tableNames['roles']) + ->onDelete('cascade'); + + $table->primary([$pivotPermission, $pivotRole], 'role_has_permissions_permission_id_role_id_primary'); + }); + + app('cache') + ->store(config('permission.cache.store') != 'default' ? config('permission.cache.store') : null) + ->forget(config('permission.cache.key')); + } + + /** + * Reverse the migrations. + */ + public function down(): void + { + $tableNames = config('permission.table_names'); + + throw_if(empty($tableNames), Exception::class, 'Error: config/permission.php not found and defaults could not be merged. Please publish the package configuration before proceeding, or drop the tables manually.'); + + Schema::drop($tableNames['role_has_permissions']); + Schema::drop($tableNames['model_has_roles']); + Schema::drop($tableNames['model_has_permissions']); + Schema::drop($tableNames['roles']); + Schema::drop($tableNames['permissions']); + } +}; diff --git a/resources/views/layouts/app.blade.php b/resources/views/layouts/app.blade.php index 3f7e4c92..e181c860 100644 --- a/resources/views/layouts/app.blade.php +++ b/resources/views/layouts/app.blade.php @@ -6,6 +6,7 @@ @yield('title', 'Dashboard') - {{ config('app.name') }} @vite(['resources/css/app.css', 'resources/js/app.js']) + @stack('styles') diff --git a/resources/views/partials/sidebar.blade.php b/resources/views/partials/sidebar.blade.php index 4e443a4c..1032d4b4 100644 --- a/resources/views/partials/sidebar.blade.php +++ b/resources/views/partials/sidebar.blade.php @@ -20,6 +20,17 @@ class="flex items-center gap-3 px-4 py-3 rounded-lg text-gray-700 hover:bg-gray- + +
  • + + + + + 테넌트 관리 + +
    • +
  • 전체 보기 - @if($tenants->isNotEmpty()) + @if($globalTenants->isNotEmpty()) @endif - @foreach($tenants as $tenant) + @foreach($globalTenants as $tenant) @@ -38,7 +38,7 @@ class="border-gray-300 rounded-lg text-sm focus:ring-primary focus:border-primar
    @if(session('selected_tenant_id')) @php - $currentTenant = $tenants->firstWhere('id', session('selected_tenant_id')); + $currentTenant = $globalTenants->firstWhere('id', session('selected_tenant_id')); @endphp @if($currentTenant) diff --git a/resources/views/tenants/index.blade.php b/resources/views/tenants/index.blade.php index eebf8b97..2cf364db 100644 --- a/resources/views/tenants/index.blade.php +++ b/resources/views/tenants/index.blade.php @@ -3,10 +3,11 @@ @section('title', '테넌트 관리') @section('content') +
    -

    테넌트 관리

    +

    🏢 테넌트 관리

     + 새 테넌트 @@ -55,6 +56,7 @@ class="w-full px-4 py-2 border border-gray-300 rounded-lg focus:outline-none foc hx-get="/api/admin/tenants" hx-trigger="load, filterSubmit from:body" hx-include="#filterForm" + hx-headers='{"X-CSRF-TOKEN": "{{ csrf_token() }}"}' class="bg-white rounded-lg shadow-sm overflow-hidden">
    diff --git a/resources/views/tenants/partials/table.blade.php b/resources/views/tenants/partials/table.blade.php index b844aec7..b3928889 100644 --- a/resources/views/tenants/partials/table.blade.php +++ b/resources/views/tenants/partials/table.blade.php @@ -58,7 +58,7 @@ {{ $tenant->roles_count ?? 0 }} - {{ $tenant->created_at->format('Y-m-d') }} + {{ $tenant->created_at?->format('Y-m-d') ?? '-' }} @if($tenant->deleted_at) diff --git a/routes/api.php b/routes/api.php index 80f7813e..bb83405f 100644 --- a/routes/api.php +++ b/routes/api.php @@ -12,10 +12,14 @@ | */ -Route::middleware('auth:sanctum')->prefix('admin')->name('api.admin.')->group(function () { +Route::middleware(['web', 'auth'])->prefix('admin')->name('api.admin.')->group(function () { // 테넌트 관리 API Route::prefix('tenants')->name('tenants.')->group(function () { + // 고정 경로는 먼저 정의 + Route::get('/stats', [TenantController::class, 'stats'])->name('stats'); + + // 동적 경로는 나중에 정의 Route::get('/', [TenantController::class, 'index'])->name('index'); Route::post('/', [TenantController::class, 'store'])->name('store'); Route::get('/{id}', [TenantController::class, 'show'])->name('show'); @@ -25,6 +29,5 @@ // 추가 액션 Route::post('/{id}/restore', [TenantController::class, 'restore'])->name('restore'); Route::delete('/{id}/force', [TenantController::class, 'forceDestroy'])->name('forceDestroy'); - Route::get('/stats', [TenantController::class, 'stats'])->name('stats'); }); }); \ No newline at end of file