motaju/msgapp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(api): 카테고리 관리자 API에 RBAC 권한 체크 추가

Browse Source 
docs(todo): 체크리스트 2.4 완료 표시
This commit is contained in:
mota
2025-10-13 07:01:33 +09:00
parent 0ecf29bdfe
commit e56c8c47ff
3 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/app/api/admin/categories/route.ts
View File

@@ -1,6 +1,8 @@
import { NextResponse } from "next/server";
import prisma from "@/lib/prisma";
import { z } from "zod";
import { getUserIdFromRequest } from "@/lib/auth";
import { requirePermission } from "@/lib/rbac";
export async function GET() {
const categories = await prisma.boardCategory.findMany({
@@ -17,6 +19,8 @@ const createSchema = z.object({
});
export async function POST(req: Request) {
const userId = getUserIdFromRequest(req);
await requirePermission({ userId, resource: "ADMIN", action: "MODERATE" });
const body = await req.json().catch(() => ({}));
const parsed = createSchema.safeParse(body);
if (!parsed.success) return NextResponse.json({ error: parsed.error.flatten() }, { status: 400 });