From ec99c7d1f53a492a6cf9d53a40ea8cdd00fe41f1 Mon Sep 17 00:00:00 2001
From: Yeaeun411 <yeaeun411@naver.com>
Date: Tue, 9 Jan 2024 00:03:17 +0900
Subject: [PATCH] Feat: Apply @PreAuthorize on noice&inquiry func

---
 .../com/umc/StudyFlexBE/controller/InquiryController.java   | 6 ++++--
 .../StudyFlexBE/controller/StudyFlexNoticeController.java   | 2 ++
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/main/java/com/umc/StudyFlexBE/controller/InquiryController.java b/src/main/java/com/umc/StudyFlexBE/controller/InquiryController.java
index 824648e..9b0a6fd 100644
--- a/src/main/java/com/umc/StudyFlexBE/controller/InquiryController.java
+++ b/src/main/java/com/umc/StudyFlexBE/controller/InquiryController.java
@@ -12,6 +12,7 @@
 import com.umc.StudyFlexBE.service.InquiryService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -23,7 +24,7 @@
 import org.springframework.web.bind.annotation.RestController;
 
 @RestController
-@RequestMapping("/app/inquiry")
+@RequestMapping("/app/inquiries")
 public class InquiryController {
     private final InquiryService inquiryService;
 
@@ -32,7 +33,7 @@ public InquiryController(InquiryService inquiryService) {
         this.inquiryService = inquiryService;
     }
 
-    @PostMapping("/postNotice")
+    @PostMapping
     public ResponseEntity<BaseResponse<InquiryUploadResponseDto>> postInquiry(
             @RequestBody InquiryUploadRequestDto request) {
         try {
@@ -77,6 +78,7 @@ public ResponseEntity<BaseResponse<InquiryListResponseDto>> searchInquiries(
     }
 
     @PostMapping("/{inquiryId}/answer")
+    @PreAuthorize("hasAnyRole('ADMIN')")
     public ResponseEntity<BaseResponse<InquiryAnswerResponseDto>> postAnswer(
             @PathVariable Long inquiryId,
             @RequestBody InquiryAnswerRequestDto request) {
diff --git a/src/main/java/com/umc/StudyFlexBE/controller/StudyFlexNoticeController.java b/src/main/java/com/umc/StudyFlexBE/controller/StudyFlexNoticeController.java
index 8a9c3ab..d38312a 100644
--- a/src/main/java/com/umc/StudyFlexBE/controller/StudyFlexNoticeController.java
+++ b/src/main/java/com/umc/StudyFlexBE/controller/StudyFlexNoticeController.java
@@ -8,6 +8,7 @@
 import com.umc.StudyFlexBE.service.StudyFlexNoticeService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 @RestController
@@ -21,6 +22,7 @@ public StudyFlexNoticeController(StudyFlexNoticeService StudyFlexNoticeService)
     }
 
     @PostMapping
+    @PreAuthorize("hasAnyRole('ADMIN')")
     public ResponseEntity<BaseResponse<String>> createNotice(@RequestBody StudyFlexNoticeUploadDto request) {
         try {
             Notice notice = StudyFlexNoticeService.createNotice(request);