71 lines
1.9 KiB
TypeScript
71 lines
1.9 KiB
TypeScript
import { queryOne, execute } from '../../../../utils/db'
|
|
import { requireAdmin } from '../../../../utils/session'
|
|
|
|
/**
|
|
* 사용자 개별 권한 토글 (추가/제거)
|
|
* POST /api/admin/user/[id]/toggle-role
|
|
*
|
|
* Body: { roleId: number }
|
|
*/
|
|
export default defineEventHandler(async (event) => {
|
|
await requireAdmin(event)
|
|
|
|
const employeeId = getRouterParam(event, 'id')
|
|
if (!employeeId) {
|
|
throw createError({ statusCode: 400, message: '사용자 ID가 필요합니다.' })
|
|
}
|
|
|
|
const body = await readBody<{ roleId: number }>(event)
|
|
if (!body.roleId) {
|
|
throw createError({ statusCode: 400, message: '권한 ID가 필요합니다.' })
|
|
}
|
|
|
|
// 사용자 존재 확인
|
|
const user = await queryOne<any>(`
|
|
SELECT employee_id FROM wr_employee_info WHERE employee_id = $1
|
|
`, [employeeId])
|
|
|
|
if (!user) {
|
|
throw createError({ statusCode: 404, message: '사용자를 찾을 수 없습니다.' })
|
|
}
|
|
|
|
// 권한 존재 확인
|
|
const role = await queryOne<any>(`
|
|
SELECT role_id, role_code FROM wr_role WHERE role_id = $1
|
|
`, [body.roleId])
|
|
|
|
if (!role) {
|
|
throw createError({ statusCode: 404, message: '권한을 찾을 수 없습니다.' })
|
|
}
|
|
|
|
// 현재 권한 보유 여부 확인
|
|
const existing = await queryOne<any>(`
|
|
SELECT employee_role_id FROM wr_employee_role
|
|
WHERE employee_id = $1 AND role_id = $2
|
|
`, [employeeId, body.roleId])
|
|
|
|
let added: boolean
|
|
|
|
if (existing) {
|
|
// 권한 제거
|
|
await execute(`
|
|
DELETE FROM wr_employee_role WHERE employee_id = $1 AND role_id = $2
|
|
`, [employeeId, body.roleId])
|
|
added = false
|
|
} else {
|
|
// 권한 추가
|
|
await execute(`
|
|
INSERT INTO wr_employee_role (employee_id, role_id) VALUES ($1, $2)
|
|
`, [employeeId, body.roleId])
|
|
added = true
|
|
}
|
|
|
|
return {
|
|
success: true,
|
|
employeeId: parseInt(employeeId as string),
|
|
roleId: body.roleId,
|
|
roleCode: role.role_code,
|
|
added
|
|
}
|
|
})
|