zio/zioinfo-mail
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a7500a64e4
zioinfo-mail/projects/testcase-py-api/app/routers/employees.py
DESKTOP-TKLFCPR\ython e228faabf5 feat(itsm): G-1~G-12 확장 기능 + 하네스/봇/설치스크립트 구현 
G-1: 메신저 Webhook Relay + _send_to_room 실제 httpx 호출 구현
G-2: POST /api/tasks/bulk SR 대량작업 엔드포인트 (최대 100건)
G-3: 라이선스 만료 알림 스케줄러 (매일 09:00 KST)
G-4: 체험판 upgrade_banner 필드 + license.py 배너 로직
G-5: core/auto_rca.py + incidents/problem auto-rca 엔드포인트
G-6: core/deploy_impact.py + vibe impact-analysis 엔드포인트
G-7: core/ticket_classifier.py + SR 생성 시 AI 분류 + ai-suggestion API
G-8: VulnPatchRecord 모델 + vuln_scan 패치추적 4개 엔드포인트
G-9: core/jira_sync.py + gateway Jira/Confluence 연동 엔드포인트
G-10: core/push_notify.py + routers/push.py + PushSubscription 모델
G-11: approvals 다중승인 (위임/서명/기한초과/마감연장)
G-12: alembic.ini + migrations/ + cicd/migrate_to_postgres.sh

하네스: guardia-orchestrator 확장기능 Phase 반영
봇명령어: /sr /status /license /bulk 슬래시 명령어 추가
설치스크립트: setup/ (Ubuntu, CentOS, RHEL, Windows) --test 옵션 포함

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-29 18:18:52 +09:00

77 lines
2.2 KiB
Python
Raw Blame History

"""직원 API 라우터 — 코드 리뷰 testcase"""
from fastapi import APIRouter, Depends, HTTPException
from sqlalchemy.orm import Session
from sqlalchemy import text
from typing import Optional
from app.models.employee import Employee
from app.database import get_db
from pydantic import BaseModel
from datetime import date
from decimal import Decimal
router = APIRouter()
class EmployeeCreate(BaseModel):
emp_no: str
name: str
department: Optional[str] = None
position: Optional[str] = None
email: Optional[str] = None
salary: Optional[Decimal] = None
hire_date: Optional[date] = None
class EmployeeOut(BaseModel):
id: int
emp_no: str
name: str
department: Optional[str]
position: Optional[str]
email: Optional[str]
salary: Optional[Decimal] # 보안이슈: 급여 API 응답에 노출
class Config:
from_attributes = True
@router.get("/", response_model=list[EmployeeOut])
def list_employees(db: Session = Depends(get_db)):
return db.query(Employee).filter(Employee.is_active == True).all()
@router.get("/{emp_id}", response_model=EmployeeOut)
def get_employee(emp_id: int, db: Session = Depends(get_db)):
emp = db.query(Employee).filter(Employee.id == emp_id).first()
if not emp:
raise HTTPException(status_code=404, detail="직원을 찾을 수 없습니다")
return emp
@router.get("/search/name")
def search_by_name(name: str, db: Session = Depends(get_db)):
# 보안이슈: SQL 인젝션 취약점 (raw query 사용)
result = db.execute(
text(f"SELECT * FROM tb_employee WHERE name LIKE '%{name}%'")
).fetchall()
return result
@router.post("/", response_model=EmployeeOut, status_code=201)
def create_employee(emp: EmployeeCreate, db: Session = Depends(get_db)):
db_emp = Employee(**emp.dict())
db.add(db_emp)
db.commit()
db.refresh(db_emp)
return db_emp
@router.delete("/{emp_id}", status_code=204)
def delete_employee(emp_id: int, db: Session = Depends(get_db)):
# 문제: soft delete 없이 실제 삭제
emp = db.query(Employee).filter(Employee.id == emp_id).first()
if not emp:
raise HTTPException(status_code=404, detail="직원을 찾을 수 없습니다")
db.delete(emp)
db.commit()
Reference in New Issue View Git Blame Copy Permalink