summaryrefslogtreecommitdiff
path: root/lib/permissions/permission-assignment-actions.ts
blob: 75181c40c5e60f5c00d6cd89e99e2504203a6ffe (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

// app/actions/permission-assignment-actions.ts

"use server";

import db from "@/db/db";
import { eq, and ,sql} from "drizzle-orm";
import { 
  permissions,
  roles,
  rolePermissions,
  users,
  userPermissions,
  userRoles
} from "@/db/schema";

// 권한별 할당 정보 조회
export async function getPermissionAssignments(permissionId?: number) {
  if (!permissionId) {
    // 모든 권한 목록
    const allPermissions = await db.select().from(permissions)
      .where(eq(permissions.isActive, true))
      .orderBy(permissions.resource, permissions.name);

    return { permissions: allPermissions, roles: [], users: [] };
  }

  // 특정 권한의 할당 정보
  const assignedRoles = await db
    .select({
      id: roles.id,
      name: roles.name,
      domain: roles.domain,
      userCount: sql<number>`count(distinct ${userRoles.userId})`.mapWith(Number),
    })
    .from(rolePermissions)
    .innerJoin(roles, eq(roles.id, rolePermissions.roleId))
    .leftJoin(userRoles, eq(userRoles.roleId, roles.id))
    .where(eq(rolePermissions.permissionId, permissionId))
    .groupBy(roles.id);

  const assignedUsers = await db
    .select({
      id: users.id,
      name: users.name,
      email: users.email,
      imageUrl: users.imageUrl,
      domain: users.domain,
      isGrant: userPermissions.isGrant,
      reason: userPermissions.reason,
    })
    .from(userPermissions)
    .innerJoin(users, eq(users.id, userPermissions.userId))
    .where(eq(userPermissions.permissionId, permissionId));

  return {
    permissions: [],
    roles: assignedRoles,
    users: assignedUsers,
  };
}

// 역할에서 권한 제거
export async function removePermissionFromRole(permissionId: number, roleId: number) {
  await db.delete(rolePermissions)
    .where(
      and(
        eq(rolePermissions.permissionId, permissionId),
        eq(rolePermissions.roleId, roleId)
      )
    );
}

// 사용자에서 권한 제거
export async function removePermissionFromUser(permissionId: number, userId: number) {
  await db.update(userPermissions)
    .set({ isActive: false })
    .where(
      and(
        eq(userPermissions.permissionId, permissionId),
        eq(userPermissions.userId, userId)
      )
    );
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-07 14:07:43 +0000