56 lines
1.5 KiB
TypeScript
56 lines
1.5 KiB
TypeScript
import { query, queryOne, execute } from '../../../../utils/db'
|
|
import { requireAdmin } from '../../../../utils/session'
|
|
|
|
/**
|
|
* 사용자 권한 변경
|
|
* PUT /api/admin/user/[id]/roles
|
|
*
|
|
* Body: { roleIds: number[] }
|
|
*/
|
|
export default defineEventHandler(async (event) => {
|
|
await requireAdmin(event)
|
|
|
|
const employeeId = getRouterParam(event, 'id')
|
|
if (!employeeId) {
|
|
throw createError({ statusCode: 400, message: '사용자 ID가 필요합니다.' })
|
|
}
|
|
|
|
const body = await readBody<{ roleIds: number[] }>(event)
|
|
const roleIds = body.roleIds || []
|
|
|
|
// 사용자 존재 확인
|
|
const user = await queryOne<any>(`
|
|
SELECT employee_id, employee_email FROM wr_employee_info WHERE employee_id = $1
|
|
`, [employeeId])
|
|
|
|
if (!user) {
|
|
throw createError({ statusCode: 404, message: '사용자를 찾을 수 없습니다.' })
|
|
}
|
|
|
|
// 기존 권한 모두 삭제
|
|
await execute(`DELETE FROM wr_employee_role WHERE employee_id = $1`, [employeeId])
|
|
|
|
// 새 권한 추가
|
|
for (const roleId of roleIds) {
|
|
await execute(`
|
|
INSERT INTO wr_employee_role (employee_id, role_id)
|
|
VALUES ($1, $2)
|
|
ON CONFLICT (employee_id, role_id) DO NOTHING
|
|
`, [employeeId, roleId])
|
|
}
|
|
|
|
// 변경된 권한 조회
|
|
const updatedRoles = await query<any>(`
|
|
SELECT r.role_id, r.role_code, r.role_name
|
|
FROM wr_employee_role er
|
|
JOIN wr_role r ON er.role_id = r.role_id
|
|
WHERE er.employee_id = $1
|
|
`, [employeeId])
|
|
|
|
return {
|
|
success: true,
|
|
employeeId: parseInt(employeeId as string),
|
|
roles: updatedRoles
|
|
}
|
|
})
|