From 8b23b471638a155fd1bfa3a8c853b26d9315b272 Mon Sep 17 00:00:00 2001
From: dujinkim <dujin.kim@dtsolution.co.kr>
Date: Fri, 26 Sep 2025 09:57:24 +0000
Subject: (대표님) 권한관리, 문서업로드, rfq첨부, SWP문서룰 등 (최겸) 입찰
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 lib/permissions/permission-assignment-actions.ts | 83 ++++++++++++++++++++++++
 1 file changed, 83 insertions(+)
 create mode 100644 lib/permissions/permission-assignment-actions.ts

(limited to 'lib/permissions/permission-assignment-actions.ts')

diff --git a/lib/permissions/permission-assignment-actions.ts b/lib/permissions/permission-assignment-actions.ts
new file mode 100644
index 00000000..75181c40
--- /dev/null
+++ b/lib/permissions/permission-assignment-actions.ts
@@ -0,0 +1,83 @@
+// app/actions/permission-assignment-actions.ts
+
+"use server";
+
+import db from "@/db/db";
+import { eq, and ,sql} from "drizzle-orm";
+import { 
+  permissions,
+  roles,
+  rolePermissions,
+  users,
+  userPermissions,
+  userRoles
+} from "@/db/schema";
+
+// 권한별 할당 정보 조회
+export async function getPermissionAssignments(permissionId?: number) {
+  if (!permissionId) {
+    // 모든 권한 목록
+    const allPermissions = await db.select().from(permissions)
+      .where(eq(permissions.isActive, true))
+      .orderBy(permissions.resource, permissions.name);
+
+    return { permissions: allPermissions, roles: [], users: [] };
+  }
+
+  // 특정 권한의 할당 정보
+  const assignedRoles = await db
+    .select({
+      id: roles.id,
+      name: roles.name,
+      domain: roles.domain,
+      userCount: sql<number>`count(distinct ${userRoles.userId})`.mapWith(Number),
+    })
+    .from(rolePermissions)
+    .innerJoin(roles, eq(roles.id, rolePermissions.roleId))
+    .leftJoin(userRoles, eq(userRoles.roleId, roles.id))
+    .where(eq(rolePermissions.permissionId, permissionId))
+    .groupBy(roles.id);
+
+  const assignedUsers = await db
+    .select({
+      id: users.id,
+      name: users.name,
+      email: users.email,
+      imageUrl: users.imageUrl,
+      domain: users.domain,
+      isGrant: userPermissions.isGrant,
+      reason: userPermissions.reason,
+    })
+    .from(userPermissions)
+    .innerJoin(users, eq(users.id, userPermissions.userId))
+    .where(eq(userPermissions.permissionId, permissionId));
+
+  return {
+    permissions: [],
+    roles: assignedRoles,
+    users: assignedUsers,
+  };
+}
+
+// 역할에서 권한 제거
+export async function removePermissionFromRole(permissionId: number, roleId: number) {
+  await db.delete(rolePermissions)
+    .where(
+      and(
+        eq(rolePermissions.permissionId, permissionId),
+        eq(rolePermissions.roleId, roleId)
+      )
+    );
+}
+
+// 사용자에서 권한 제거
+export async function removePermissionFromUser(permissionId: number, userId: number) {
+  await db.update(userPermissions)
+    .set({ isActive: false })
+    .where(
+      and(
+        eq(userPermissions.permissionId, permissionId),
+        eq(userPermissions.userId, userId)
+      )
+    );
+}
\ No newline at end of file
-- 
cgit v1.2.3