jskim/vexplor_dev
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enhance user management with SUPER_ADMIN access control

Browse Source 
- Updated the user list retrieval logic to ensure proper filtering based on company codes, enhancing security for user data access.
- Implemented checks to restrict access to company management APIs, allowing only SUPER_ADMIN users to perform actions related to company data.
- Adjusted the user interface to reflect access restrictions for non-SUPER_ADMIN users, providing clear feedback when access is denied.

These changes strengthen the integrity of user management and ensure that sensitive company information is only accessible to authorized personnel.
This commit is contained in:
kjs
2026-04-01 15:49:49 +09:00
parent 369a201832
commit 2ff01456dc
11 changed files with 346 additions and 149 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
backend-node/src/routes/adminRoutes.ts
View File

@@ -33,6 +33,7 @@ import {
getTableSchema, // 테이블 스키마 조회
} from "../controllers/adminController";
import { authenticateToken } from "../middleware/authMiddleware";
import { requireSuperAdmin } from "../middleware/permissionMiddleware";
const router = Router();
@@ -68,13 +69,13 @@ router.delete("/users/:userId", deleteUser); // 사용자 삭제 (soft delete)
// 부서 관리 API
router.get("/departments", getDepartmentList); // 부서 목록 조회
// 회사 관리 API
router.get("/companies", getCompanyList);
router.get("/companies/db", getCompanyListFromDB); // 실제 DB에서 회사 목록 조회
router.get("/companies/:companyCode", getCompanyByCode); // 회사 단건 조회
router.post("/companies", createCompany); // 회사 등록
router.put("/companies/:companyCode", updateCompany); // 회사 수정
router.delete("/companies/:companyCode", deleteCompany); // 회사 삭제
// 회사 관리 API (최고관리자 전용)
router.get("/companies", requireSuperAdmin, getCompanyList);
router.get("/companies/db", requireSuperAdmin, getCompanyListFromDB);
router.get("/companies/:companyCode", requireSuperAdmin, getCompanyByCode);
router.post("/companies", requireSuperAdmin, createCompany);
router.put("/companies/:companyCode", requireSuperAdmin, updateCompany);
router.delete("/companies/:companyCode", requireSuperAdmin, deleteCompany);
// 사용자 로케일 API
router.get("/user-locale", getUserLocale);

4
backend-node/src/routes/companyManagementRoutes.ts
View File

@@ -1,5 +1,6 @@
import express from "express";
import { authenticateToken } from "../middleware/authMiddleware";
import { requireSuperAdmin } from "../middleware/permissionMiddleware";
import { AuthenticatedRequest } from "../types/auth";
import { logger } from "../utils/logger";
import { FileSystemManager } from "../utils/fileSystemManager";
@@ -7,8 +8,9 @@ import { query, queryOne } from "../database/db";
const router = express.Router();
// 모든 라우트에 인증 미들웨어 적용
// 모든 라우트에 인증 + 최고관리자 권한 필수
router.use(authenticateToken);
router.use(requireSuperAdmin);
/**
* DELETE /api/company-management/:companyCode