Enhance user management with SUPER_ADMIN access control

- Updated the user list retrieval logic to ensure proper filtering based on company codes, enhancing security for user data access. - Implemented checks to restrict access to company management APIs, allowing only SUPER_ADMIN users to perform actions related to company data. - Adjusted the user interface to reflect access restrictions for non-SUPER_ADMIN users, providing clear feedback when access is denied. These changes strengthen the integrity of user management and ensure that sensitive company information is only accessible to authorized personnel.
2026-04-01 15:49:49 +09:00
parent 369a201832
commit 2ff01456dc
11 changed files with 346 additions and 149 deletions
--- a/frontend/components/admin/UserAuthTable.tsx
+++ b/frontend/components/admin/UserAuthTable.tsx
@@ -9,6 +9,7 @@ import { ResponsiveDataView, RDVColumn, RDVCardField } from "@/components/common
 interface UserAuthTableProps {
  users: any[];
  isLoading: boolean;
+  isSuperAdmin?: boolean;
  paginationInfo: {
    currentPage: number;
    pageSize: number;
@@ -24,7 +25,7 @@ interface UserAuthTableProps {
 *
 * 사용자 목록과 권한 정보를 표시하고 권한 변경 기능 제공
 */
-export function UserAuthTable({ users, isLoading, paginationInfo, onEditAuth, onPageChange }: UserAuthTableProps) {
+export function UserAuthTable({ users, isLoading, isSuperAdmin, paginationInfo, onEditAuth, onPageChange }: UserAuthTableProps) {
  // 권한 레벨 표시
  const getUserTypeInfo = (userType: string) => {
    switch (userType) {
@@ -90,12 +91,16 @@ export function UserAuthTable({ users, isLoading, paginationInfo, onEditAuth, on
      key: "userName",
      label: "사용자명",
    },
-    {
-      key: "companyName",
-      label: "회사",
-      hideOnMobile: true,
-      render: (_value, row) => <span>{row.companyName || row.companyCode}</span>,
-    },
+    ...(isSuperAdmin
+      ? [
+          {
+            key: "companyName",
+            label: "회사",
+            hideOnMobile: true,
+            render: (_value: any, row: any) => <span>{row.companyName || row.companyCode}</span>,
+          } as RDVColumn<any>,
+        ]
+      : []),
    {
      key: "deptName",
      label: "부서",
@@ -120,10 +125,14 @@ export function UserAuthTable({ users, isLoading, paginationInfo, onEditAuth, on

  // 모바일 카드 필드 정의
  const cardFields: RDVCardField<any>[] = [
-    {
-      label: "회사",
-      render: (user) => <span>{user.companyName || user.companyCode}</span>,
-    },
+    ...(isSuperAdmin
+      ? [
+          {
+            label: "회사",
+            render: (user: any) => <span>{user.companyName || user.companyCode}</span>,
+          } as RDVCardField<any>,
+        ]
+      : []),
    {
      label: "부서",
      render: (user) => <span>{user.deptName || "-"}</span>,