motaju/msgapp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

2.2 권한 enum/매핑 정의(리소스/액션), 마이그레이션

Browse Source
This commit is contained in:
koreacomp5
2025-10-09 14:37:42 +09:00
parent f9e4617391
commit c34a814d28
4 changed files with 94 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
prisma/migrations/20251009053500_rbac_permissions/migration.sql Normal file
View File

@@ -0,0 +1,16 @@
-- CreateTable
CREATE TABLE "role_permissions" (
"id" TEXT NOT NULL PRIMARY KEY,
"roleId" TEXT NOT NULL,
"resource" TEXT NOT NULL,
"action" TEXT NOT NULL,
"allowed" BOOLEAN NOT NULL DEFAULT true,
"createdAt" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
CONSTRAINT "role_permissions_roleId_fkey" FOREIGN KEY ("roleId") REFERENCES "roles" ("roleId") ON DELETE CASCADE ON UPDATE CASCADE
);
-- CreateIndex
CREATE INDEX "role_permissions_resource_action_idx" ON "role_permissions"("resource", "action");
-- CreateIndex
CREATE UNIQUE INDEX "role_permissions_roleId_resource_action_key" ON "role_permissions"("roleId", "resource", "action");

35
prisma/schema.prisma
View File

@@ -81,6 +81,24 @@ enum TargetType {
SYSTEM SYSTEM
} }
// RBAC 리소스/액션 정의
enum Resource {
BOARD
POST
COMMENT
USER
ADMIN
}
enum Action {
READ
CREATE
UPDATE
DELETE
MODERATE
ADMINISTER
}
// ==== Models ==== // ==== Models ====
// 게시판 정의(관리자 생성/정렬) // 게시판 정의(관리자 생성/정렬)
@@ -215,12 +233,29 @@ model Role {
description String? description String?
userRoles UserRole[] userRoles UserRole[]
permissions RolePermission[]
createdAt DateTime @default(now()) createdAt DateTime @default(now())
@@map("roles") @@map("roles")
} }
// 역할별 권한 매핑 (리소스×액션)
model RolePermission {
id String @id @default(cuid())
roleId String
resource Resource
action Action
allowed Boolean @default(true)
createdAt DateTime @default(now())
role Role @relation(fields: [roleId], references: [roleId], onDelete: Cascade)
@@unique([roleId, resource, action])
@@index([resource, action])
@@map("role_permissions")
}
// 사용자-역할 매핑 (다대다) // 사용자-역할 매핑 (다대다)
model UserRole { model UserRole {
id String @id @default(cuid()) id String @id @default(cuid())

41
prisma/seed.js
View File

@@ -15,6 +15,47 @@ async function upsertRoles() {
create: r, create: r,
}); });
} }
// 기본 권한 매핑
const roleMap = {
admin: [
["ADMIN", "ADMINISTER"],
["BOARD", "MODERATE"],
["POST", "CREATE"],
["POST", "UPDATE"],
["POST", "DELETE"],
["COMMENT", "DELETE"],
["USER", "UPDATE"],
],
editor: [
["BOARD", "MODERATE"],
["POST", "UPDATE"],
["POST", "DELETE"],
["COMMENT", "DELETE"],
],
user: [
["POST", "CREATE"],
["COMMENT", "CREATE"],
["POST", "READ"],
["COMMENT", "READ"],
],
};
for (const [roleName, perms] of Object.entries(roleMap)) {
const role = await prisma.role.findUnique({ where: { name: roleName } });
if (!role) continue;
for (const [resource, action] of perms) {
await prisma.rolePermission.upsert({
where: {
roleId_resource_action: {
roleId: role.roleId,
resource,
action,
},
},
update: { allowed: true },
create: { roleId: role.roleId, resource, action, allowed: true },
});
}
}
} }
async function upsertAdmin() { async function upsertAdmin() {

2
public/erd.svg
View File

File diff suppressed because one or more lines are too long
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 601 KiB

After

Width:  |  Height:  |  Size: 649 KiB