From 1849bf6654e074864c12e65c5f30cdd67c0fa107 Mon Sep 17 00:00:00 2001
From: dohyeons <ddhhss0603@gmail.com>
Date: Mon, 1 Dec 2025 10:14:41 +0900
Subject: [PATCH] =?UTF-8?q?=EB=8C=80=EC=8B=9C=EB=B3=B4=EB=93=9C=20?=
 =?UTF-8?q?=EC=A1=B0=ED=9A=8C=20=EC=8B=9C=20company=5Fcode=20=EA=B8=B0?=
 =?UTF-8?q?=EB=B0=98=20=EC=A0=91=EA=B7=BC=20=EA=B6=8C=ED=95=9C=EC=9C=BC?=
 =?UTF-8?q?=EB=A1=9C=20=EB=B3=80=EA=B2=BD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 backend-node/src/services/DashboardService.ts | 63 ++++++++++---------
 1 file changed, 32 insertions(+), 31 deletions(-)

diff --git a/backend-node/src/services/DashboardService.ts b/backend-node/src/services/DashboardService.ts
index b75034c2..4b13d6b8 100644
--- a/backend-node/src/services/DashboardService.ts
+++ b/backend-node/src/services/DashboardService.ts
@@ -299,6 +299,8 @@ export class DashboardService {
 
   /**
    * 대시보드 상세 조회
+   * - company_code가 일치하면 해당 회사 사용자는 모두 조회 가능
+   * - company_code가 '*'인 경우 최고 관리자만 조회 가능
    */
   static async getDashboardById(
     dashboardId: string,
@@ -310,44 +312,43 @@ export class DashboardService {
       let dashboardQuery: string;
       let dashboardParams: any[];
 
-      if (userId) {
-        if (companyCode) {
+      if (companyCode) {
+        // 회사 코드가 있으면 해당 회사 대시보드 또는 공개 대시보드 조회 가능
+        // 최고 관리자(companyCode = '*')는 모든 대시보드 조회 가능
+        if (companyCode === '*') {
           dashboardQuery = `
             SELECT d.*
             FROM dashboards d
             WHERE d.id = $1 AND d.deleted_at IS NULL
-            AND d.company_code = $2
-            AND (d.created_by = $3 OR d.is_public = true)
-          `;
-          dashboardParams = [dashboardId, companyCode, userId];
-        } else {
-          dashboardQuery = `
-            SELECT d.*
-            FROM dashboards d
-            WHERE d.id = $1 AND d.deleted_at IS NULL
-            AND (d.created_by = $2 OR d.is_public = true)
-          `;
-          dashboardParams = [dashboardId, userId];
-        }
-      } else {
-        if (companyCode) {
-          dashboardQuery = `
-            SELECT d.*
-            FROM dashboards d
-            WHERE d.id = $1 AND d.deleted_at IS NULL
-            AND d.company_code = $2
-            AND d.is_public = true
-          `;
-          dashboardParams = [dashboardId, companyCode];
-        } else {
-          dashboardQuery = `
-            SELECT d.*
-            FROM dashboards d
-            WHERE d.id = $1 AND d.deleted_at IS NULL
-            AND d.is_public = true
           `;
           dashboardParams = [dashboardId];
+        } else {
+          dashboardQuery = `
+            SELECT d.*
+            FROM dashboards d
+            WHERE d.id = $1 AND d.deleted_at IS NULL
+            AND d.company_code = $2
+          `;
+          dashboardParams = [dashboardId, companyCode];
         }
+      } else if (userId) {
+        // 회사 코드 없이 userId만 있는 경우 (본인 생성 또는 공개)
+        dashboardQuery = `
+          SELECT d.*
+          FROM dashboards d
+          WHERE d.id = $1 AND d.deleted_at IS NULL
+          AND (d.created_by = $2 OR d.is_public = true)
+        `;
+        dashboardParams = [dashboardId, userId];
+      } else {
+        // 비로그인 사용자는 공개 대시보드만
+        dashboardQuery = `
+          SELECT d.*
+          FROM dashboards d
+          WHERE d.id = $1 AND d.deleted_at IS NULL
+          AND d.is_public = true
+        `;
+        dashboardParams = [dashboardId];
       }
 
       const dashboardResult = await PostgreSQLService.query(