osolit-research/weeklyreport
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

권한, 사용자, 메뉴 등에 대한 기능 업데이트

Browse Source
This commit is contained in:
Hyoseong Jo
2026-01-10 16:54:06 +09:00
parent 134a68d9db
commit ef7914d5c6
34 changed files with 2678 additions and 650 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
backend/api/employee/[id]/delete.delete.ts
View File

@@ -1,25 +1,13 @@
import { query, execute } from '../../../utils/db'
const ADMIN_EMAIL = 'coziny@gmail.com'
import { requireAdmin } from '../../../utils/session'
/**
* 직원 삭제
* DELETE /api/employee/[id]
* DELETE /api/employee/[id]/delete
*/
export default defineEventHandler(async (event) => {
const userId = getCookie(event, 'user_id')
if (!userId) {
throw createError({ statusCode: 401, message: '로그인이 필요합니다.' })
}
// 관리자 권한 체크
const currentUser = await query<any>(`
SELECT employee_email FROM wr_employee_info WHERE employee_id = $1
`, [userId])
if (!currentUser[0] || currentUser[0].employee_email !== ADMIN_EMAIL) {
throw createError({ statusCode: 403, message: '관리자만 삭제할 수 있습니다.' })
}
// 관리자 권한 체크 (role 기반)
const currentUserId = await requireAdmin(event)
const employeeId = getRouterParam(event, 'id')
if (!employeeId) {
@@ -27,7 +15,7 @@ export default defineEventHandler(async (event) => {
}
// 본인 삭제 방지
if (employeeId === userId) {
if (parseInt(employeeId) === currentUserId) {
throw createError({ statusCode: 400, message: '본인은 삭제할 수 없습니다.' })
}
@@ -61,7 +49,9 @@ export default defineEventHandler(async (event) => {
message: `${employee[0].employee_name}님이 비활성화되었습니다. (주간보고 ${reportCount}건 보존)`
}
} else {
// 주간보고가 없으면 완전 삭제 (로그인 이력 포함)
// 주간보고가 없으면 완전 삭제 (관련 데이터 포함)
await execute(`DELETE FROM wr_employee_role WHERE employee_id = $1`, [employeeId])
await execute(`DELETE FROM wr_session WHERE employee_id = $1`, [employeeId])
await execute(`DELETE FROM wr_login_history WHERE employee_id = $1`, [employeeId])
await execute(`DELETE FROM wr_employee_info WHERE employee_id = $1`, [employeeId])

4
backend/api/employee/[id]/detail.get.ts
View File

@@ -41,7 +41,9 @@ export default defineEventHandler(async (event) => {
joinDate: employee.join_date,
isActive: employee.is_active,
createdAt: employee.created_at,
updatedAt: employee.updated_at
createdIp: employee.created_ip,
updatedAt: employee.updated_at,
updatedIp: employee.updated_ip
},
loginHistory: loginHistory.map(h => ({
historyId: h.history_id,