From c4a62b7e358b1263b71c12955e179f2a29c23caa Mon Sep 17 00:00:00 2001 From: johngreen Date: Tue, 12 May 2026 17:02:15 +0900 Subject: [PATCH] =?UTF-8?q?fix(=EB=8C=80=EB=AC=B4=EC=9E=90):=20COMPANY=5FA?= =?UTF-8?q?DMIN=20=EA=B6=8C=ED=95=9C=20=ED=97=88=EC=9A=A9=20+=20=EA=B2=B0?= =?UTF-8?q?=EC=9E=AC=ED=95=A8=20SQL=20=EC=BB=AC=EB=9F=BC=20=EC=98=A4?= =?UTF-8?q?=ED=83=80=20fix=20+=20UI=20=EC=85=80=EB=A0=89=ED=8A=B8=20?= =?UTF-8?q?=EA=B0=9C=EC=84=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 운영 QA 에서 발견된 3가지 결함을 한 번에 수정. 1. SubstituteController.java:56 / SubstituteService.java:242 (requireAdmin) - role 비교에서 "COMPANY_ADMIN" 누락 → 운영 admin 이 대무자 지정 시 항상 403. - 운영 회사 admin 의 user_type 은 COMPANY_ADMIN 이 표준 (AdminAccountCreator 가 그렇게 생성). - "ADMIN" / "SUPER_ADMIN" 외 "COMPANY_ADMIN" 도 허용. 2. mapper/approval.xml (selectMyRequests, selectMyPendingLines) - ORDER BY / SELECT 의 R.CREATED_DATE 가 잘못된 컬럼명 (APPROVAL_REQUESTS 실제: created_at). - 결재함 /api/approval/my-pending, /api/approval/requests 가 항상 500. - 3군데 R.CREATED_DATE → R.CREATED_AT. 3. SubstituteSection.tsx - 대무자 ID 를 직접 타이핑하던 input 을 Select 로 교체. - getUserList 로 같은 회사 활성 사용자 목록 로드, 본인 + SUPER_ADMIN + 비활성 자동 제외. - 다이얼로그 열 때 한 번만 load (openDialog 시 loadCandidates). - 빈 결과/로딩 placeholder 처리. --- .../erp/controller/SubstituteController.java | 2 +- .../com/erp/service/SubstituteService.java | 2 +- .../src/main/resources/mapper/approval.xml | 6 +- .../components/admin/SubstituteSection.tsx | 67 ++++++++++++++++--- 4 files changed, 64 insertions(+), 13 deletions(-) diff --git a/backend-spring/src/main/java/com/erp/controller/SubstituteController.java b/backend-spring/src/main/java/com/erp/controller/SubstituteController.java index e0ef5e32..5f5d8844 100644 --- a/backend-spring/src/main/java/com/erp/controller/SubstituteController.java +++ b/backend-spring/src/main/java/com/erp/controller/SubstituteController.java @@ -53,7 +53,7 @@ public class SubstituteController { @PathVariable("id") Long substituteId, @RequestAttribute("company_code") String companyCode, @RequestAttribute("role") String role) { - if (!"ADMIN".equals(role) && !"SUPER_ADMIN".equals(role)) { + if (!"ADMIN".equals(role) && !"COMPANY_ADMIN".equals(role) && !"SUPER_ADMIN".equals(role)) { return ResponseEntity.status(HttpStatus.FORBIDDEN) .body(ApiResponse.error("관리자만 조회할 수 있습니다.")); } diff --git a/backend-spring/src/main/java/com/erp/service/SubstituteService.java b/backend-spring/src/main/java/com/erp/service/SubstituteService.java index 6e69e81a..91dd408f 100644 --- a/backend-spring/src/main/java/com/erp/service/SubstituteService.java +++ b/backend-spring/src/main/java/com/erp/service/SubstituteService.java @@ -239,7 +239,7 @@ public class SubstituteService extends BaseService { private void requireAdmin(Map params) { String role = (String) params.get("role"); - if (!"ADMIN".equals(role) && !"SUPER_ADMIN".equals(role)) { + if (!"ADMIN".equals(role) && !"COMPANY_ADMIN".equals(role) && !"SUPER_ADMIN".equals(role)) { throw new AccessDeniedException("관리자만 대무자를 지정/수정/해지할 수 있습니다."); } } diff --git a/backend-spring/src/main/resources/mapper/approval.xml b/backend-spring/src/main/resources/mapper/approval.xml index 91005bb9..aad08c1e 100644 --- a/backend-spring/src/main/resources/mapper/approval.xml +++ b/backend-spring/src/main/resources/mapper/approval.xml @@ -222,7 +222,7 @@ AND L.COMPANY_CODE = R.COMPANY_CODE ) - ORDER BY R.CREATED_DATE DESC + ORDER BY R.CREATED_AT DESC LIMIT #{page_limit} OFFSET #{page_offset} @@ -465,7 +465,7 @@ SELECT L.*, R.TITLE, R.TARGET_TABLE, R.TARGET_RECORD_ID, R.REQUESTER_NAME, R.REQUESTER_DEPT, - R.CREATED_DATE AS REQUEST_CREATED_DATE + R.CREATED_AT AS REQUEST_CREATED_DATE FROM APPROVAL_LINES L JOIN APPROVAL_REQUESTS R ON L.REQUEST_ID = R.REQUEST_ID AND L.COMPANY_CODE = R.COMPANY_CODE @@ -475,7 +475,7 @@ AND L.STATUS = 'pending' AND (L.COMPANY_CODE = #{company_code} OR L.COMPANY_CODE = '*') - ORDER BY R.CREATED_DATE ASC + ORDER BY R.CREATED_AT ASC