// app/actions/permission-assignment-actions.ts "use server"; import db from "@/db/db"; import { eq, and ,sql} from "drizzle-orm"; import { permissions, roles, rolePermissions, users, userPermissions, userRoles } from "@/db/schema"; // 권한별 할당 정보 조회 export async function getPermissionAssignments(permissionId?: number) { if (!permissionId) { // 모든 권한 목록 const allPermissions = await db.select().from(permissions) .where(eq(permissions.isActive, true)) .orderBy(permissions.resource, permissions.name); return { permissions: allPermissions, roles: [], users: [] }; } // 특정 권한의 할당 정보 const assignedRoles = await db .select({ id: roles.id, name: roles.name, domain: roles.domain, userCount: sql`count(distinct ${userRoles.userId})`.mapWith(Number), }) .from(rolePermissions) .innerJoin(roles, eq(roles.id, rolePermissions.roleId)) .leftJoin(userRoles, eq(userRoles.roleId, roles.id)) .where(eq(rolePermissions.permissionId, permissionId)) .groupBy(roles.id); const assignedUsers = await db .select({ id: users.id, name: users.name, email: users.email, imageUrl: users.imageUrl, domain: users.domain, isGrant: userPermissions.isGrant, reason: userPermissions.reason, }) .from(userPermissions) .innerJoin(users, eq(users.id, userPermissions.userId)) .where(eq(userPermissions.permissionId, permissionId)); return { permissions: [], roles: assignedRoles, users: assignedUsers, }; } // 역할에서 권한 제거 export async function removePermissionFromRole(permissionId: number, roleId: number) { await db.delete(rolePermissions) .where( and( eq(rolePermissions.permissionId, permissionId), eq(rolePermissions.roleId, roleId) ) ); } // 사용자에서 권한 제거 export async function removePermissionFromUser(permissionId: number, userId: number) { await db.update(userPermissions) .set({ isActive: false }) .where( and( eq(userPermissions.permissionId, permissionId), eq(userPermissions.userId, userId) ) ); }