From c6297514fd643420aaaf36c9fddf51df9707d12f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=EC=9C=A0=EB=B3=91=EC=B2=A0?= <zomking@gmail.com>
Date: Fri, 20 Mar 2026 15:00:26 +0900
Subject: [PATCH] =?UTF-8?q?fix:=20[auth]=20=EA=B6=8C=ED=95=9C=20=EA=B2=8C?=
 =?UTF-8?q?=EC=9D=B4=ED=8A=B8=20=EA=B0=95=ED=99=94=20=E2=80=94=20=EB=B0=94?=
 =?UTF-8?q?=EC=9D=B4=ED=8C=A8=EC=8A=A4=20=EA=B2=BD=EB=A1=9C=20=EC=B6=94?=
 =?UTF-8?q?=EA=B0=80=20+=20=EB=AF=B8=EB=93=B1=EB=A1=9D=20=EB=A9=94?=
 =?UTF-8?q?=EB=89=B4=20=EC=A0=91=EA=B7=BC=20=EC=B0=A8=EB=8B=A8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/contexts/PermissionContext.tsx | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/src/contexts/PermissionContext.tsx b/src/contexts/PermissionContext.tsx
index 1e8ad959..5d89f3b4 100644
--- a/src/contexts/PermissionContext.tsx
+++ b/src/contexts/PermissionContext.tsx
@@ -25,9 +25,20 @@ export function PermissionProvider({ children }: { children: React.ReactNode })
 }
 
 /**
- * 자기 잠금(self-lockout) 방지: 권한 설정 페이지는 항상 접근 허용
+ * 화이트리스트 바이패스: 메뉴 권한 등록 없이도 항상 접근 허용하는 경로
+ *
+ * - 권한 설정 (자기 잠금 방지)
+ * - 대시보드 (모든 유저 필수 접근)
+ * - 시스템 페이지 (메뉴 등록 대상 아님)
  */
-const BYPASS_PATHS = ['/settings/permissions'];
+const BYPASS_PATHS = [
+  '/settings/permissions',
+  '/settings/account-info',
+  '/dashboard',
+  '/company-info',
+  '/subscription',
+  ...(process.env.NODE_ENV === 'development' ? ['/dev', '/test'] : []),
+];
 
 function isGateBypassed(pathname: string): boolean {
   const pathWithoutLocale = stripLocalePrefix(pathname);
@@ -52,11 +63,11 @@ export function PermissionGate({ children }: { children: React.ReactNode }) {
   const matchedUrl = findMatchingUrl(pathname, permissionMap);
 
   if (!matchedUrl) {
-    return <>{children}</>;
+    return <AccessDenied />;
   }
 
   const perms = permissionMap[matchedUrl];
-  const canView = perms?.view ?? true;
+  const canView = perms?.view ?? false;
 
   if (!canView) {
     return <AccessDenied />;