Merge branch 'main' of http://39.117.244.52:3000/kjs/ERP-node into lhj

; Please enter a commit message to explain why this merge is necessary, ; especially if it merges an updated upstream into a topic branch. ; ; Lines starting with ';' will be ignored, and an empty message aborts ; the commit.
2025-10-28 13:40:37 +09:00
parent 1291f9287c 9eed3eb710
commit fb73ee2878
19 changed files with 1124 additions and 1071 deletions
--- a/backend-node/src/services/externalRestApiConnectionService.ts
+++ b/backend-node/src/services/externalRestApiConnectionService.ts
@@ -23,7 +23,8 @@ export class ExternalRestApiConnectionService {
   * REST API 연결 목록 조회
   */
  static async getConnections(
-    filter: ExternalRestApiConnectionFilter = {}
+    filter: ExternalRestApiConnectionFilter = {},
+    userCompanyCode?: string
  ): Promise<ApiResponse<ExternalRestApiConnection[]>> {
    try {
      let query = `
@@ -39,11 +40,27 @@ export class ExternalRestApiConnectionService {
      const params: any[] = [];
      let paramIndex = 1;

-      // 회사 코드 필터
-      if (filter.company_code) {
+      // 회사별 필터링 (최고 관리자가 아닌 경우 필수)
+      if (userCompanyCode && userCompanyCode !== "*") {
        query += ` AND company_code = $${paramIndex}`;
-        params.push(filter.company_code);
+        params.push(userCompanyCode);
        paramIndex++;
+        logger.info(`회사별 REST API 연결 필터링: ${userCompanyCode}`);
+      } else if (userCompanyCode === "*") {
+        logger.info(`최고 관리자: 모든 REST API 연결 조회`);
+        // 필터가 있으면 적용
+        if (filter.company_code) {
+          query += ` AND company_code = $${paramIndex}`;
+          params.push(filter.company_code);
+          paramIndex++;
+        }
+      } else {
+        // userCompanyCode가 없는 경우 (하위 호환성)
+        if (filter.company_code) {
+          query += ` AND company_code = $${paramIndex}`;
+          params.push(filter.company_code);
+          paramIndex++;
+        }
      }

      // 활성 상태 필터
@@ -105,10 +122,11 @@ export class ExternalRestApiConnectionService {
   * REST API 연결 상세 조회
   */
  static async getConnectionById(
-    id: number
+    id: number,
+    userCompanyCode?: string
  ): Promise<ApiResponse<ExternalRestApiConnection>> {
    try {
-      const query = `
+      let query = `
        SELECT 
          id, connection_name, description, base_url, endpoint_path, default_headers,
          auth_type, auth_config, timeout, retry_count, retry_delay,
@@ -118,12 +136,20 @@ export class ExternalRestApiConnectionService {
        WHERE id = $1
      `;

-      const result: QueryResult<any> = await pool.query(query, [id]);
+      const params: any[] = [id];
+
+      // 회사별 필터링 (최고 관리자가 아닌 경우)
+      if (userCompanyCode && userCompanyCode !== "*") {
+        query += ` AND company_code = $2`;
+        params.push(userCompanyCode);
+      }
+
+      const result: QueryResult<any> = await pool.query(query, params);

      if (result.rows.length === 0) {
        return {
          success: false,
-          message: "연결을 찾을 수 없습니다.",
+          message: "연결을 찾을 수 없거나 권한이 없습니다.",
        };
      }

@@ -226,11 +252,12 @@ export class ExternalRestApiConnectionService {
   */
  static async updateConnection(
    id: number,
-    data: Partial<ExternalRestApiConnection>
+    data: Partial<ExternalRestApiConnection>,
+    userCompanyCode?: string
  ): Promise<ApiResponse<ExternalRestApiConnection>> {
    try {
-      // 기존 연결 확인
-      const existing = await this.getConnectionById(id);
+      // 기존 연결 확인 (회사 코드로 권한 체크)
+      const existing = await this.getConnectionById(id, userCompanyCode);
      if (!existing.success) {
        return existing;
      }
@@ -360,24 +387,38 @@ export class ExternalRestApiConnectionService {
  /**
   * REST API 연결 삭제
   */
-  static async deleteConnection(id: number): Promise<ApiResponse<void>> {
+  static async deleteConnection(
+    id: number,
+    userCompanyCode?: string
+  ): Promise<ApiResponse<void>> {
    try {
-      const query = `
+      let query = `
        DELETE FROM external_rest_api_connections
        WHERE id = $1
-        RETURNING connection_name
      `;

-      const result: QueryResult<any> = await pool.query(query, [id]);
+      const params: any[] = [id];
+
+      // 회사별 필터링 (최고 관리자가 아닌 경우)
+      if (userCompanyCode && userCompanyCode !== "*") {
+        query += ` AND company_code = $2`;
+        params.push(userCompanyCode);
+      }
+
+      query += ` RETURNING connection_name`;
+
+      const result: QueryResult<any> = await pool.query(query, params);

      if (result.rows.length === 0) {
        return {
          success: false,
-          message: "연결을 찾을 수 없습니다.",
+          message: "연결을 찾을 수 없거나 권한이 없습니다.",
        };
      }

-      logger.info(`REST API 연결 삭제 성공: ${result.rows[0].connection_name}`);
+      logger.info(
+        `REST API 연결 삭제 성공: ${result.rows[0].connection_name} (회사: ${userCompanyCode || "전체"})`
+      );

      return {
        success: true,