VIP 멤버십 공개 범위 적용 v1.5.5

2026-05-26 16:22:05 +09:00
parent 6333c4254f
commit 3843e16d9f
17 changed files with 169 additions and 48 deletions
--- a/server/repositories/content-repository.js
+++ b/server/repositories/content-repository.js
@@ -211,10 +211,10 @@ const syncPostTags = async (sql, postId, tags) => {

 /**
 * 공개 게시물 목록 조회
- * @param {{ includeMembers?: boolean }} [options] - 회원 전용 글 포함 여부
+ * @param {{ includeMembership?: boolean }} [options] - VIP 전용 글 포함 여부
 * @returns {Promise<Array>} 게시물 목록
 */
-export const listPosts = async ({ includeMembers = false } = {}) => {
+export const listPosts = async ({ includeMembership = false } = {}) => {
  const sql = getPostgresClient()

  if (!sql) {
@@ -236,7 +236,7 @@ export const listPosts = async ({ includeMembers = false } = {}) => {
    LEFT JOIN tags ON tags.id = post_tags.tag_id
    WHERE (
        posts.status = 'published'
-        OR (${includeMembers} = true AND posts.status = 'members')
+        OR (${includeMembership} = true AND posts.status = 'members')
      )
      AND (
        posts.status = 'members'
@@ -445,10 +445,10 @@ export const deleteAdminPost = async (id) => {
 /**
 * 공개 게시물 상세 조회
 * @param {string} slug - 게시물 슬러그
- * @param {{ includeMembers?: boolean }} [options] - 회원 전용 글 포함 여부
+ * @param {{ includeMembership?: boolean }} [options] - VIP 전용 글 포함 여부
 * @returns {Promise<Object | null>} 게시물 상세
 */
-export const getPostBySlug = async (slug, { includeMembers = false } = {}) => {
+export const getPostBySlug = async (slug, { includeMembership = false } = {}) => {
  const sql = getPostgresClient()

  if (!sql) {
@@ -471,7 +471,7 @@ export const getPostBySlug = async (slug, { includeMembers = false } = {}) => {
    WHERE posts.slug = ${slug}
      AND (
        posts.status = 'published'
-        OR (${includeMembers} = true AND posts.status = 'members')
+        OR (${includeMembership} = true AND posts.status = 'members')
      )
      AND (
        posts.status = 'members'
--- a/server/repositories/member-repository.js
+++ b/server/repositories/member-repository.js
@@ -4,10 +4,12 @@ import { getPostgresClient } from './postgres-client'
 export const MEMBER_ROLE = {
  OWNER: 'owner',
  ADMIN: 'admin',
+  VIP: 'vip',
  MEMBER: 'member'
 }

 const PRIVILEGED_ROLES = [MEMBER_ROLE.OWNER, MEMBER_ROLE.ADMIN]
+const MEMBERSHIP_ACCESS_ROLES = [MEMBER_ROLE.OWNER, MEMBER_ROLE.ADMIN, MEMBER_ROLE.VIP]

 /**
 * 회원 권한 표시 문자열을 반환한다.
@@ -18,7 +20,9 @@ const getMemberRoleLabel = (roleCode) => roleCode === MEMBER_ROLE.OWNER
  ? '소유자'
  : roleCode === MEMBER_ROLE.ADMIN
    ? '관리자'
-    : '멤버'
+    : roleCode === MEMBER_ROLE.VIP
+      ? 'VIP'
+      : '멤버'

 /**
 * 관리자 회원 행을 응답 객체로 변환한다.
@@ -62,7 +66,7 @@ const mapAdminMemberRow = (row) => {
 * @property {string} passwordHash - 비밀번호 해시
 * @property {string} avatarUrl - 아바타 URL
 * @property {boolean} isAdmin - 관리자 여부
- * @property {'owner' | 'admin' | 'member'} role - 권한 코드
+ * @property {'owner' | 'admin' | 'vip' | 'member'} role - 권한 코드
 * @property {string} createdAt - 생성 시각(ISO)
 * @property {string} updatedAt - 수정 시각(ISO)
 * @property {string | null} lastSeenAt - 최근 접속 시각(ISO)
@@ -769,15 +773,41 @@ export const isPrivilegedMember = async (userId) => {
  return Boolean(rows?.[0])
 }

+/**
+ * 회원 전용 콘텐츠 접근 권한이 있는지 확인한다.
+ * @param {string} userId - 사용자 ID
+ * @returns {Promise<boolean>} VIP 이상 권한 여부
+ */
+export const canAccessMembershipContent = async (userId) => {
+  if (!userId) {
+    return false
+  }
+
+  const sql = getPostgresClient()
+  if (!sql) {
+    return false
+  }
+
+  const rows = await sql`
+    SELECT id
+    FROM users
+    WHERE id = ${userId}
+      AND user_role = ANY(${MEMBERSHIP_ACCESS_ROLES})
+    LIMIT 1
+  `
+
+  return Boolean(rows?.[0])
+}
+
 /**
 * 관리자 화면에서 회원 권한을 변경한다.
- * @param {{ actorUserId: string, targetUserId: string, role: 'owner' | 'admin' | 'member' }} input - 변경 정보
+ * @param {{ actorUserId: string, targetUserId: string, role: 'owner' | 'admin' | 'vip' | 'member' }} input - 변경 정보
 * @returns {Promise<{ id: string, roleCode: string, role: string, isAdmin: boolean }>} 변경 결과
 */
 export const updateMemberRoleByAdmin = async (input) => {
  const sql = requireSql()
  const normalizedRole = String(input.role || '').trim()
-  const allowedRoles = [MEMBER_ROLE.OWNER, MEMBER_ROLE.ADMIN, MEMBER_ROLE.MEMBER]
+  const allowedRoles = [MEMBER_ROLE.OWNER, MEMBER_ROLE.ADMIN, MEMBER_ROLE.VIP, MEMBER_ROLE.MEMBER]

  if (!allowedRoles.includes(normalizedRole)) {
    throw createError({
@@ -809,10 +839,10 @@ export const updateMemberRoleByAdmin = async (input) => {
    })
  }

-  if (target.id === input.actorUserId && normalizedRole === MEMBER_ROLE.MEMBER) {
+  if (target.id === input.actorUserId && !PRIVILEGED_ROLES.includes(normalizedRole)) {
    throw createError({
      statusCode: 400,
-      message: '본인 계정을 멤버로 변경할 수 없습니다.'
+      message: '본인 계정을 관리자 권한 없는 등급으로 변경할 수 없습니다.'
    })
  }

@@ -855,11 +885,7 @@ export const updateMemberRoleByAdmin = async (input) => {
  return {
    id: updated.id,
    roleCode: updated.roleCode,
-    role: updated.roleCode === MEMBER_ROLE.OWNER
-      ? '소유자'
-      : updated.roleCode === MEMBER_ROLE.ADMIN
-        ? '관리자'
-        : '멤버',
+    role: getMemberRoleLabel(updated.roleCode),
    isAdmin: Boolean(updated.isAdmin)
  }
 }