From 083188332cb676521f562f9cd6462111699ca9bd Mon Sep 17 00:00:00 2001
From: chpark <chpark@wace.me>
Date: Wed, 13 May 2026 11:08:02 +0900
Subject: [PATCH] =?UTF-8?q?feat(orders):=20=EA=B4=80=EB=A6=AC=EC=9E=90?=
 =?UTF-8?q?=EA=B0=80=20=EC=B6=9C=EA=B3=A0=EC=99=84=EB=A3=8C(SHIPPED)=20?=
 =?UTF-8?q?=EA=B1=B4=EB=8F=84=20=EC=88=98=EC=A0=95=20=EA=B0=80=EB=8A=A5?=
 =?UTF-8?q?=ED=95=98=EB=8F=84=EB=A1=9D=20=EA=B6=8C=ED=95=9C=20=ED=99=95?=
 =?UTF-8?q?=EC=9E=A5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

기존: REQUESTED 상태만 수정 가능 (admin/user 동일)
변경:
- USER: REQUESTED 만 (기존 그대로)
- ADMIN: PAID/CANCELED 가 아니면 모두 (REQUESTED / SHIPPED 등 입금완료 전까지)

items/update, lines/save 두 API 동일 적용. 입금완료(PAID) 이후나 취소건은 admin 도 수정 불가.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 src/app/api/m/orders/items/update/route.ts | 14 +++++++++++---
 src/app/api/m/orders/lines/save/route.ts   |  8 +++++++-
 2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/src/app/api/m/orders/items/update/route.ts b/src/app/api/m/orders/items/update/route.ts
index bbcf62c..f99cbfc 100644
--- a/src/app/api/m/orders/items/update/route.ts
+++ b/src/app/api/m/orders/items/update/route.ts
@@ -39,9 +39,17 @@ export async function POST(req: NextRequest) {
       await client.query("ROLLBACK");
       return NextResponse.json({ success: false, message: "권한이 없습니다." }, { status: 403 });
     }
-    if (order.status !== "REQUESTED") {
-      await client.query("ROLLBACK");
-      return NextResponse.json({ success: false, message: "출고요청 상태에서만 수정할 수 있습니다." }, { status: 400 });
+    // USER: REQUESTED 만, ADMIN: 입금완료(PAID)/취소 전까지 모두 (REQUESTED / SHIPPED 등)
+    if (isAdmin) {
+      if (order.status === "PAID" || order.status === "CANCELED") {
+        await client.query("ROLLBACK");
+        return NextResponse.json({ success: false, message: "입금완료 또는 취소된 발주는 수정할 수 없습니다." }, { status: 400 });
+      }
+    } else {
+      if (order.status !== "REQUESTED") {
+        await client.query("ROLLBACK");
+        return NextResponse.json({ success: false, message: "출고요청 상태에서만 수정할 수 있습니다." }, { status: 400 });
+      }
     }
 
     for (const ln of lines) {
diff --git a/src/app/api/m/orders/lines/save/route.ts b/src/app/api/m/orders/lines/save/route.ts
index a40c8aa..d7217f2 100644
--- a/src/app/api/m/orders/lines/save/route.ts
+++ b/src/app/api/m/orders/lines/save/route.ts
@@ -44,7 +44,13 @@ export async function POST(req: NextRequest) {
       await client.query("ROLLBACK");
       return NextResponse.json({ success: false, message: "권한이 없습니다." }, { status: 403 });
     }
-    if (order.status !== "REQUESTED") {
+    // USER: REQUESTED 만, ADMIN: 입금완료(PAID)/취소 전까지 모두
+    if (isAdmin) {
+      if (order.status === "PAID" || order.status === "CANCELED") {
+        await client.query("ROLLBACK");
+        return NextResponse.json({ success: false, message: "입금완료 또는 취소된 발주는 수정할 수 없습니다." }, { status: 400 });
+      }
+    } else if (order.status !== "REQUESTED") {
       await client.query("ROLLBACK");
       return NextResponse.json({ success: false, message: "출고 요청 상태에서만 수정할 수 있습니다." }, { status: 400 });
     }