Merge pull request #16 from StudyFlexUMC5th/yeeun2

Feat: Apply @PreAuthorize on noice&inquiry func
StudyFlexUMC5th · Jan 8, 2024 · d70d4ce · d70d4ce
2 parents 22f7a07 + ec99c7d
commit d70d4ce
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 2 deletions.
diff --git a/src/main/java/com/umc/StudyFlexBE/controller/InquiryController.java b/src/main/java/com/umc/StudyFlexBE/controller/InquiryController.java
@@ -12,6 +12,7 @@
 import com.umc.StudyFlexBE.service.InquiryService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -23,7 +24,7 @@
 import org.springframework.web.bind.annotation.RestController;
 
 @RestController
-@RequestMapping("/app/inquiry")
+@RequestMapping("/app/inquiries")
 public class InquiryController {
     private final InquiryService inquiryService;
 
@@ -32,7 +33,7 @@ public InquiryController(InquiryService inquiryService) {
         this.inquiryService = inquiryService;
     }
 
-    @PostMapping("/postNotice")
+    @PostMapping
     public ResponseEntity<BaseResponse<InquiryUploadResponseDto>> postInquiry(
             @RequestBody InquiryUploadRequestDto request) {
         try {
@@ -77,6 +78,7 @@ public ResponseEntity<BaseResponse<InquiryListResponseDto>> searchInquiries(
     }
 
     @PostMapping("/{inquiryId}/answer")
+    @PreAuthorize("hasAnyRole('ADMIN')")
     public ResponseEntity<BaseResponse<InquiryAnswerResponseDto>> postAnswer(
             @PathVariable Long inquiryId,
             @RequestBody InquiryAnswerRequestDto request) {

diff --git a/src/main/java/com/umc/StudyFlexBE/controller/StudyFlexNoticeController.java b/src/main/java/com/umc/StudyFlexBE/controller/StudyFlexNoticeController.java
@@ -8,6 +8,7 @@
 import com.umc.StudyFlexBE.service.StudyFlexNoticeService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 @RestController
@@ -21,6 +22,7 @@ public StudyFlexNoticeController(StudyFlexNoticeService StudyFlexNoticeService)
     }
 
     @PostMapping
+    @PreAuthorize("hasAnyRole('ADMIN')")
     public ResponseEntity<BaseResponse<String>> createNotice(@RequestBody StudyFlexNoticeUploadDto request) {
         try {
             Notice notice = StudyFlexNoticeService.createNotice(request);