#182 feat : 관리자 권한 검증 구현

Gongjakso · Aug 16, 2024 · 5a247bf · 5a247bf
1 parent 3c93340
commit 5a247bf
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 11 deletions.
diff --git a/src/main/java/com/gongjakso/server/domain/contest/controller/ContestController.java b/src/main/java/com/gongjakso/server/domain/contest/controller/ContestController.java
@@ -26,9 +26,9 @@ public class ContestController {
     private final ContestService contestService;
     @Operation(description = "공모전 생성 API - 관리자만")
     @PostMapping("")
-    public ApplicationResponse<Void> create(@RequestPart(name = "image",required = false) MultipartFile image,
+    public ApplicationResponse<Void> create(@AuthenticationPrincipal PrincipalDetails principalDetails,@RequestPart(name = "image",required = false) MultipartFile image,
                                             @Valid @RequestPart(name = "contestReq") ContestReq contestReq){
-        contestService.save(image,contestReq);
+        contestService.save(principalDetails.getMember(),image,contestReq);
         return ApplicationResponse.created();
     }
     @Operation(description = "공모전 정보 API")
@@ -46,13 +46,13 @@ public ApplicationResponse<ContestListRes> search(
     }
     @Operation(description = "공모전 수정 API - 관리자만")
     @PatchMapping("/{contest_id}")
-    public ApplicationResponse<ContestRes> update(@PathVariable Long contest_id,@RequestPart(required = false) MultipartFile image,@Valid @RequestPart UpdateContestDto contestReq){
-        return ApplicationResponse.ok(contestService.update(contest_id,image,contestReq));
+    public ApplicationResponse<ContestRes> update(@AuthenticationPrincipal PrincipalDetails principalDetails,@PathVariable Long contest_id,@RequestPart(required = false) MultipartFile image,@Valid @RequestPart UpdateContestDto contestReq){
+        return ApplicationResponse.ok(contestService.update(principalDetails.getMember(),contest_id,image,contestReq));
     }
     @Operation(description = "공모전 삭제 API - 관리자만")
     @DeleteMapping("/{contest_id}")
-    public ApplicationResponse<Void> delete(@PathVariable Long contest_id){
-        contestService.delete(contest_id);
+    public ApplicationResponse<Void> delete(@AuthenticationPrincipal PrincipalDetails principalDetails,@PathVariable Long contest_id){
+        contestService.delete(principalDetails.getMember(),contest_id);
         return ApplicationResponse.ok();
     }
 

diff --git a/src/main/java/com/gongjakso/server/domain/contest/service/ContestService.java b/src/main/java/com/gongjakso/server/domain/contest/service/ContestService.java
@@ -7,6 +7,8 @@
 import com.gongjakso.server.domain.contest.dto.response.ContestRes;
 import com.gongjakso.server.domain.contest.entity.Contest;
 import com.gongjakso.server.domain.contest.repository.ContestRepository;
+import com.gongjakso.server.domain.member.entity.Member;
+import com.gongjakso.server.domain.member.enumerate.MemberType;
 import com.gongjakso.server.global.exception.ApplicationException;
 import com.gongjakso.server.global.exception.ErrorCode;
 import com.gongjakso.server.global.util.s3.S3Client;
@@ -31,7 +33,11 @@ public class ContestService {
 
 
     @Transactional
-    public void save(MultipartFile image,ContestReq contestReq){
+    public void save(Member member, MultipartFile image,ContestReq contestReq){
+        // Validation
+        if(!member.getMemberType().equals(MemberType.ADMIN)) {
+            throw new ApplicationException(ErrorCode.UNAUTHORIZED_EXCEPTION);
+        }
         //Business
         //image s3에 올리기
         String s3Url = null;
@@ -60,8 +66,11 @@ public ContestRes find(Long id){
     }
 
     @Transactional
-    public ContestRes update(Long id,MultipartFile image,UpdateContestDto updateContestDto){
-        //Vaildation
+    public ContestRes update(Member member, Long id,MultipartFile image,UpdateContestDto updateContestDto){
+        // Validation
+        if(!member.getMemberType().equals(MemberType.ADMIN)) {
+            throw new ApplicationException(ErrorCode.UNAUTHORIZED_EXCEPTION);
+        }
         Contest contest = contestRepository.findById(id).orElseThrow(()-> new ApplicationException(ErrorCode.NOT_FOUND_EXCEPTION));
         //Business
         String imgUrl = null;
@@ -76,8 +85,11 @@ public ContestRes update(Long id,MultipartFile image,UpdateContestDto updateCont
     }
 
     @Transactional
-    public void delete(Long id){
-        //Vaildation
+    public void delete(Member member,Long id){
+        // Validation
+        if(!member.getMemberType().equals(MemberType.ADMIN)) {
+            throw new ApplicationException(ErrorCode.UNAUTHORIZED_EXCEPTION);
+        }
         Contest contest = contestRepository.findById(id).orElseThrow(()-> new ApplicationException(ErrorCode.NOT_FOUND_EXCEPTION));
         //Business
         s3Client.delete(contest.getImgUrl());