feat: 피드 컨트롤러 메소드 권한 설정

피드 수정 및 삭제 메소드를 실행하기 전에 권한을 확인하도록 설정한다. Related to: #95
prgrms-be-devcourse · Oct 7, 2024 · 168dca5 · 168dca5
1 parent 4b30314
commit 168dca5
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 7 deletions.
diff --git a/src/main/java/com/prgrms2/java/bitta/feed/controller/FeedController.java b/src/main/java/com/prgrms2/java/bitta/feed/controller/FeedController.java
@@ -2,7 +2,11 @@
 
 import com.prgrms2.java.bitta.feed.dto.FeedDTO;
 import com.prgrms2.java.bitta.feed.service.FeedService;
+import com.prgrms2.java.bitta.global.exception.AuthenticationException;
+import com.prgrms2.java.bitta.global.util.AuthenticationProvider;
 import com.prgrms2.java.bitta.media.dto.MediaDto;
+import com.prgrms2.java.bitta.member.entity.Role;
+import com.prgrms2.java.bitta.member.service.MemberProvider;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.Parameters;
@@ -230,6 +234,10 @@ public ResponseEntity<?> createFeed(@RequestPart(value = "feed") @Valid FeedDTO
     @PutMapping(value = "/{id}", consumes = {MediaType.APPLICATION_JSON_VALUE, MediaType.MULTIPART_FORM_DATA_VALUE})
     public ResponseEntity<?> modifyFeed(@PathVariable("id") @Min(1) Long id, @RequestPart("feed") @Valid FeedDTO feedDTO
             , @RequestPart("filesToUpload") List<MultipartFile> filesToUpload, @RequestPart("filesToDelete") List<MediaDto> filesToDelete) {
+        if (!checkPermission(id)) {
+            throw AuthenticationException.CANNOT_ACCESS.get();
+        }
+
         feedDTO.setId(id);
 
         feedService.update(feedDTO, filesToUpload, filesToDelete);
@@ -276,9 +284,21 @@ public ResponseEntity<?> modifyFeed(@PathVariable("id") @Min(1) Long id, @Reques
     )
     @DeleteMapping("/{id}")
     public ResponseEntity<?> deleteFeed(@PathVariable("id") @Min(1) Long id) {
+        if (!checkPermission(id)) {
+            throw AuthenticationException.CANNOT_ACCESS.get();
+        }
+
         feedService.delete(id);
 
         return ResponseEntity.ok().body(Map.of("message", "피드가 삭제되었습니다."));
     }
+
+    private boolean checkPermission(Long id) {
+        if (AuthenticationProvider.getRoles() == Role.ADMIN) {
+            return true;
+        }
+
+        return feedService.checkAuthority(id, AuthenticationProvider.getUsername());
+    }
 }
 
diff --git a/src/main/java/com/prgrms2/java/bitta/feed/repository/FeedRepository.java b/src/main/java/com/prgrms2/java/bitta/feed/repository/FeedRepository.java
@@ -32,4 +32,6 @@ public interface FeedRepository extends JpaRepository<Feed, Long> {
     //////////////////////////
     @Query(value = "SELECT * FROM feed ORDER BY RAND() LIMIT :limit", nativeQuery = true)
     List<Feed> findRandomFeeds(@Param("limit") int limit);
+
+    boolean existsByIdAndMember_Username(Long feedId, String username);
 }
diff --git a/src/main/java/com/prgrms2/java/bitta/feed/service/FeedService.java b/src/main/java/com/prgrms2/java/bitta/feed/service/FeedService.java
@@ -19,6 +19,7 @@ public interface FeedService {
 
     void delete(Long id);
 
-
     List<FeedDTO> readRandomFeeds(int limit);
+
+    boolean checkAuthority(Long feedId, String memberId);
 }
diff --git a/src/main/java/com/prgrms2/java/bitta/feed/service/FeedServiceImpl.java b/src/main/java/com/prgrms2/java/bitta/feed/service/FeedServiceImpl.java
@@ -6,7 +6,7 @@
 import com.prgrms2.java.bitta.feed.repository.FeedRepository;
 import com.prgrms2.java.bitta.media.dto.MediaDto;
 import com.prgrms2.java.bitta.media.service.MediaService;
-import com.prgrms2.java.bitta.member.dto.MemberProvider;
+import com.prgrms2.java.bitta.member.service.MemberProvider;
 import lombok.RequiredArgsConstructor;
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.Pageable;
@@ -67,7 +67,7 @@ public void insert(FeedDTO feedDTO, List<MultipartFile> files) {
 
         Feed feed = dtoToEntity(feedDTO);
 
-        mediaService.upload(files, feedDTO.getId());
+        mediaService.uploads(files, feed.getId());
 
         feedRepository.save(feed);
     }
@@ -85,7 +85,7 @@ public void update(FeedDTO feedDTO, List<MultipartFile> filesToUpload, List<Medi
 
         feed.clearMedias();
 
-        mediaService.upload(filesToUpload, feedDTO.getId());
+        mediaService.uploads(filesToUpload, feedDTO.getId());
 
         feedRepository.save(feed);
     }
@@ -100,7 +100,6 @@ public void delete(Long id) {
         }
     }
 
-    ///////////////////////////////////////
     @Override
     @Transactional(readOnly = true)
     public List<FeedDTO> readRandomFeeds(int limit) {
@@ -110,7 +109,10 @@ public List<FeedDTO> readRandomFeeds(int limit) {
                 .collect(Collectors.toList());
     }
 
-    ///////////////////////////////////////
+    @Override
+    public boolean checkAuthority(Long feedId, String username) {
+        return feedRepository.existsByIdAndMember_Username(feedId, username);
+    }
 
     private Feed dtoToEntity(FeedDTO feedDto) {
         return Feed.builder()

diff --git a/src/test/java/com/prgrms2/java/bitta/service/FeedServiceTests.java b/src/test/java/com/prgrms2/java/bitta/service/FeedServiceTests.java
@@ -6,7 +6,6 @@
 import com.prgrms2.java.bitta.feed.exception.FeedTaskException;
 import com.prgrms2.java.bitta.feed.repository.FeedRepository;
 import com.prgrms2.java.bitta.feed.service.FeedServiceImpl;
-import com.prgrms2.java.bitta.member.dto.MemberProvider;
 import com.prgrms2.java.bitta.member.entity.Member;
 import com.prgrms2.java.bitta.photo.entity.Photo;
 import com.prgrms2.java.bitta.photo.service.PhotoService;