feat(menu-permissions): 메뉴 API 연동으로 사이드바 권한 정비

- .env.development.example과 lib/core/config/environment.dart, lib/core/permissions/permission_manager.dart에서 PERMISSION__ 폴백을 view 전용으로 좁히고 기본 정책을 명시적으로 거부하도록 재정비했다 - lib/core/navigation/*, lib/core/routing/app_router.dart, lib/widgets/app_shell.dart, lib/main.dart에서 메뉴 매니페스트·카탈로그를 도입해 /menus 응답을 캐싱하고 라우터·사이드바·Breadcrumb가 동일 menu_code/route_path를 쓰도록 리팩터링했다 - lib/core/permissions/permission_resources.dart와 그룹 권한/메뉴 마스터 모듈을 menu_code 기반 CRUD 및 Catalog 경로 정합성 검사로 전환하고 PermissionSynchronizer·PermissionBootstrapper를 확장했다 - test/helpers/test_permissions.dart, test/widgets/app_shell_test.dart 등 신규 구조를 반영하는 테스트·골든과 doc/frontend_menu_permission_tasks.md 문서를 보강했다
2025-11-12 18:29:03 +09:00
parent f767c44573
commit 753f76e952
72 changed files with 1914 additions and 704 deletions
--- a/lib/features/masters/group_permission/application/permission_synchronizer.dart
+++ b/lib/features/masters/group_permission/application/permission_synchronizer.dart
@@ -1,4 +1,6 @@
+import 'package:superport_v2/core/navigation/menu_catalog.dart';
 import 'package:superport_v2/core/permissions/permission_manager.dart';
+import 'package:superport_v2/core/permissions/permission_resources.dart';

 import '../domain/entities/group_permission.dart';
 import '../domain/mappers/group_permission_mapper.dart';
@@ -9,12 +11,15 @@ class PermissionSynchronizer {
  PermissionSynchronizer({
    required GroupPermissionRepository repository,
    required PermissionManager manager,
+    MenuCatalog? menuCatalog,
    this.pageSize = 200,
  }) : _repository = repository,
-       _manager = manager;
+       _manager = manager,
+       _menuCatalog = menuCatalog;

  final GroupPermissionRepository _repository;
  final PermissionManager _manager;
+  final MenuCatalog? _menuCatalog;
  final int pageSize;

  /// 지정한 [groupId]의 메뉴 권한을 조회해 [PermissionManager]에 적용한다.
@@ -31,7 +36,8 @@ class PermissionSynchronizer {
    if (collected.isEmpty) {
      return const {};
    }
-    return buildPermissionMap(collected);
+    final synchronized = await _alignMenuRoutes(collected);
+    return buildPermissionMap(synchronized);
  }

  Future<List<GroupPermission>> _collectPermissions(int groupId) async {
@@ -63,4 +69,85 @@ class PermissionSynchronizer {

    return collected;
  }
+
+  Future<List<GroupPermission>> _alignMenuRoutes(
+    List<GroupPermission> permissions,
+  ) async {
+    final catalog = _menuCatalog;
+    if (catalog == null || permissions.isEmpty) {
+      return permissions;
+    }
+    final codeToRoute = await _buildMenuRouteMap(catalog);
+    if (codeToRoute.isEmpty) {
+      return permissions;
+    }
+    var mutated = false;
+    final adjusted = <GroupPermission>[];
+    for (final permission in permissions) {
+      final resolvedPath = _resolveRouteForPermission(
+        permission.menu.menuCode,
+        permission.menu.path,
+        codeToRoute,
+      );
+      if (resolvedPath == null) {
+        adjusted.add(permission);
+        continue;
+      }
+      final normalizedCurrent = PermissionResources.normalize(
+        permission.menu.path ?? '',
+      );
+      final normalizedResolved = PermissionResources.normalize(resolvedPath);
+      if (normalizedCurrent == normalizedResolved) {
+        adjusted.add(permission);
+        continue;
+      }
+      final updatedMenu = GroupPermissionMenu(
+        id: permission.menu.id,
+        menuCode: permission.menu.menuCode,
+        menuName: permission.menu.menuName,
+        path: resolvedPath,
+      );
+      adjusted.add(permission.copyWith(menu: updatedMenu));
+      mutated = true;
+    }
+    return mutated ? adjusted : permissions;
+  }
+
+  Future<Map<String, String>> _buildMenuRouteMap(MenuCatalog catalog) async {
+    try {
+      final menus = await catalog.ensureLoaded();
+      final map = <String, String>{};
+      for (final menu in menus) {
+        final code = menu.menuCode;
+        final path = menu.path;
+        if (code.isEmpty || path == null || path.isEmpty) {
+          continue;
+        }
+        map[code] = path;
+      }
+      return map;
+    } catch (_) {
+      return const {};
+    }
+  }
+
+  String? _resolveRouteForPermission(
+    String menuCode,
+    String? currentPath,
+    Map<String, String> codeToRoute,
+  ) {
+    final expectedRaw = codeToRoute[menuCode];
+    final normalizedCurrent = PermissionResources.normalize(currentPath ?? '');
+    if (normalizedCurrent.isNotEmpty) {
+      if (expectedRaw == null || expectedRaw.isEmpty) {
+        return null;
+      }
+      final normalizedExpected = PermissionResources.normalize(expectedRaw);
+      return normalizedCurrent == normalizedExpected ? null : expectedRaw;
+    }
+    if (expectedRaw == null || expectedRaw.isEmpty) {
+      return null;
+    }
+    return expectedRaw;
+  }
 }