summaryrefslogtreecommitdiff
path: root/lib/permissions/permission-assignment-actions.ts
diff options
context:
space:
mode:
Diffstat (limited to 'lib/permissions/permission-assignment-actions.ts')
-rw-r--r--lib/permissions/permission-assignment-actions.ts83
1 files changed, 83 insertions, 0 deletions
diff --git a/lib/permissions/permission-assignment-actions.ts b/lib/permissions/permission-assignment-actions.ts
new file mode 100644
index 00000000..75181c40
--- /dev/null
+++ b/lib/permissions/permission-assignment-actions.ts
@@ -0,0 +1,83 @@
+// app/actions/permission-assignment-actions.ts
+
+"use server";
+
+import db from "@/db/db";
+import { eq, and ,sql} from "drizzle-orm";
+import {
+ permissions,
+ roles,
+ rolePermissions,
+ users,
+ userPermissions,
+ userRoles
+} from "@/db/schema";
+
+// 권한별 할당 정보 조회
+export async function getPermissionAssignments(permissionId?: number) {
+ if (!permissionId) {
+ // 모든 권한 목록
+ const allPermissions = await db.select().from(permissions)
+ .where(eq(permissions.isActive, true))
+ .orderBy(permissions.resource, permissions.name);
+
+ return { permissions: allPermissions, roles: [], users: [] };
+ }
+
+ // 특정 권한의 할당 정보
+ const assignedRoles = await db
+ .select({
+ id: roles.id,
+ name: roles.name,
+ domain: roles.domain,
+ userCount: sql<number>`count(distinct ${userRoles.userId})`.mapWith(Number),
+ })
+ .from(rolePermissions)
+ .innerJoin(roles, eq(roles.id, rolePermissions.roleId))
+ .leftJoin(userRoles, eq(userRoles.roleId, roles.id))
+ .where(eq(rolePermissions.permissionId, permissionId))
+ .groupBy(roles.id);
+
+ const assignedUsers = await db
+ .select({
+ id: users.id,
+ name: users.name,
+ email: users.email,
+ imageUrl: users.imageUrl,
+ domain: users.domain,
+ isGrant: userPermissions.isGrant,
+ reason: userPermissions.reason,
+ })
+ .from(userPermissions)
+ .innerJoin(users, eq(users.id, userPermissions.userId))
+ .where(eq(userPermissions.permissionId, permissionId));
+
+ return {
+ permissions: [],
+ roles: assignedRoles,
+ users: assignedUsers,
+ };
+}
+
+// 역할에서 권한 제거
+export async function removePermissionFromRole(permissionId: number, roleId: number) {
+ await db.delete(rolePermissions)
+ .where(
+ and(
+ eq(rolePermissions.permissionId, permissionId),
+ eq(rolePermissions.roleId, roleId)
+ )
+ );
+}
+
+// 사용자에서 권한 제거
+export async function removePermissionFromUser(permissionId: number, userId: number) {
+ await db.update(userPermissions)
+ .set({ isActive: false })
+ .where(
+ and(
+ eq(userPermissions.permissionId, permissionId),
+ eq(userPermissions.userId, userId)
+ )
+ );
+} \ No newline at end of file
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-07 08:27:08 +0000