수정

src/app/api/auth/session/route.ts

@@ -35,17 +35,42 @@ export async function POST(req: Request) {
   if (!user || !user.passwordHash || !verifyPassword(password, user.passwordHash)) {
     return NextResponse.json({ error: "아이디 또는 비밀번호가 올바르지 않습니다" }, { status: 401 });
   }
+  // 사용자의 관리자 권한 여부 확인
+  let isAdmin = false;
+  const userRoles = await prisma.userRole.findMany({
+    where: { userId: user.userId },
+    select: { roleId: true },
+  });
+  if (userRoles.length > 0) {
+    const roleIds = userRoles.map((r) => r.roleId);
+    const hasAdmin = await prisma.rolePermission.findFirst({
+      where: {
+        roleId: { in: roleIds },
+        resource: "ADMIN",
+        action: "ADMINISTER",
+        allowed: true,
+      },
+      select: { id: true },
+    });
+    isAdmin = !!hasAdmin;
+  }
+
   const res = NextResponse.json({ ok: true, user: { userId: user.userId, nickname: user.nickname } });
   res.headers.append(
     "Set-Cookie",
     `uid=${encodeURIComponent(user.userId)}; Path=/; HttpOnly; SameSite=Lax`
   );
+  res.headers.append(
+    "Set-Cookie",
+    `isAdmin=${isAdmin ? "1" : "0"}; Path=/; HttpOnly; SameSite=Lax`
+  );
   return res;
 }
 
 export async function DELETE() {
   const res = NextResponse.json({ ok: true });
   res.headers.append("Set-Cookie", `uid=; Path=/; Max-Age=0; HttpOnly; SameSite=Lax`);
+  res.headers.append("Set-Cookie", `isAdmin=; Path=/; Max-Age=0; HttpOnly; SameSite=Lax`);
   return res;
 }