From 73f83bba09858b46f7084d7caaf546f9aa01da99 Mon Sep 17 00:00:00 2001
From: leebj <leebj91@xit.co.kr>
Date: Tue, 31 Dec 2024 13:04:14 +0900
Subject: [PATCH] =?UTF-8?q?=EC=82=AC=EC=9A=A9=EC=9E=90=EC=A0=95=EB=B3=B4?=
 =?UTF-8?q?=20=EC=88=98=EC=A0=95=EC=8B=9C=20=ED=98=84=EC=9E=AC=20=EB=A1=9C?=
 =?UTF-8?q?=EA=B7=B8=EC=9D=B8=ED=95=9C=20=EC=82=AC=EC=9A=A9=EC=9E=90?=
 =?UTF-8?q?=EC=9D=98=20=EA=B6=8C=ED=95=9C=EA=B3=BC=20=EC=88=98=EC=A0=95=20?=
 =?UTF-8?q?=EB=8C=80=EC=83=81=EC=9D=98=20=EA=B6=8C=ED=95=9C=EC=9D=84=20?=
 =?UTF-8?q?=EB=B9=84=EA=B5=90=ED=95=98=EB=8A=94=20=ED=94=84=EB=A1=9C?=
 =?UTF-8?q?=EC=84=B8=EC=8A=A4=20=EC=B6=94=EA=B0=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../xit/fims/base/web/UserController.java     | 56 +++++++++++++++++++
 1 file changed, 56 insertions(+)

diff --git a/src/main/java/cokr/xit/fims/base/web/UserController.java b/src/main/java/cokr/xit/fims/base/web/UserController.java
index 6d9d6dbc..094774b8 100644
--- a/src/main/java/cokr/xit/fims/base/web/UserController.java
+++ b/src/main/java/cokr/xit/fims/base/web/UserController.java
@@ -17,6 +17,7 @@ import cokr.xit.base.code.service.bean.CodeBean;
 import cokr.xit.base.security.Authority;
 import cokr.xit.base.security.SecuredUserInfo;
 import cokr.xit.base.security.access.service.AuthorityService;
+import cokr.xit.base.security.access.service.bean.AuthorityBean;
 import cokr.xit.base.user.UserQuery;
 import cokr.xit.base.user.service.UserService;
 import cokr.xit.fims.base.FimsUser;
@@ -45,6 +46,9 @@ public class UserController extends cokr.xit.base.user.web.UserController<FimsUs
 	@Resource(name = "stngBean")
 	private StngBean stngBean;
 
+	@Resource(name = "authorityBean")
+	private AuthorityBean authorityBean;
+
 	@Override
 	public ModelAndView main() {
 		ModelAndView mav = super.main();
@@ -87,6 +91,37 @@ public class UserController extends cokr.xit.base.user.web.UserController<FimsUs
 		return super.create(user);
 	}
 
+	@Override
+	public ModelAndView update(FimsUser user) {
+
+		int myGrade = getUserGrade(currentUser());
+		int targetGrade = getUserGrade(user.getId());
+
+		if(myGrade <= targetGrade) {
+			return super.update(user);
+		} else {
+			return new ModelAndView("jsonView")
+					.addObject("failed", true)
+					.addObject("description", "해당 계정보다 권한이 낮아 계정을 수정할 수 없습니다.");
+		}
+	}
+
+	@Override
+	public ModelAndView remove(String... userIDs) {
+
+		int myGrade = getUserGrade(currentUser());
+		for(String userID : userIDs) {
+			int targetGrade = getUserGrade(userID);
+			if(myGrade > targetGrade) {
+				return new ModelAndView("jsonView")
+						.addObject("failed", true)
+						.addObject("description", "삭제 대상 중 현재 계정보다 권한이 높아 삭제할 수 없는 계정이 있습니다.");
+			}
+		}
+
+		return super.remove(userIDs);
+	}
+
 	@Override
 	public ModelAndView isDuplicate(String account, String institute) {
 		account = account.toUpperCase();
@@ -249,4 +284,25 @@ public class UserController extends cokr.xit.base.user.web.UserController<FimsUs
 			.addObject("affected", affected)
 			.addObject("saved", affected > 0);
 	}
+
+	private int getUserGrade(SecuredUserInfo userInfo) {
+		if(userInfo.isAdmin()) {
+			return 0;
+		}
+		if(userInfo.hasAuthorities("ROLE_TASK_ADMIN")) {
+			return 1;
+		}
+		return 99;
+	}
+
+	private int getUserGrade(String userId) {
+		List<String> auths = authorityBean.getUserAuths(userId);
+		if(auths.contains("ROLE_ADMIN")) {
+			return 0;
+		}
+		if(auths.contains("ROLE_TASK_ADMIN")) {
+			return 1;
+		}
+		return 99;
+	}
 }