Merge pull request #53 from FlouD-2024/mypage

feat: 권한 확인 로직 추가
FlouD-2024 · Mar 14, 2024 · a9a656f · a9a656f
2 parents def2ad8 + 36c5107
commit a9a656f
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 3 deletions.
diff --git a/src/main/java/floud/demo/common/response/Error.java b/src/main/java/floud/demo/common/response/Error.java
@@ -17,6 +17,7 @@ public enum Error {
 
     //403 Forbidden
     NO_PERMISSION_TO_POST(HttpStatus.FORBIDDEN, "게시글을 수정하거나 삭제할 권한이 없습니다."),
+    NO_PERMISSION_TO_MEMOIR(HttpStatus.FORBIDDEN, "본인의 회고가 아니기 때문에 수정할 권한이 없습니다."),
 
 
     // 404 NOT FOUND

diff --git a/src/main/java/floud/demo/service/CommunityService.java b/src/main/java/floud/demo/service/CommunityService.java
@@ -86,7 +86,7 @@ public ApiResponse<?> updatePost(String authorizationHeader, UpdatePostRequestDt
         Community community = communityRepository.findById(requestDto.getCommunity_id()).orElseThrow(() -> new NotFoundException("해당 게시글을 찾을 수 없습니다."){});
 
         if(!checkMyPost(users, community))
-            ApiResponse.failure(Error.NO_PERMISSION_TO_POST);
+            return ApiResponse.failure(Error.NO_PERMISSION_TO_POST);
 
         community.update(requestDto.getTitle(), requestDto.getContent());
         communityRepository.flush();
@@ -103,15 +103,15 @@ public ApiResponse<?> deletePost(String authorizationHeader, Long community_id){
         Community community = communityRepository.findById(community_id).orElseThrow(() -> new NotFoundException("해당 게시글을 찾을 수 없습니다."){});
 
         if(!checkMyPost(users, community))
-            ApiResponse.failure(Error.NO_PERMISSION_TO_POST);
+            return ApiResponse.failure(Error.NO_PERMISSION_TO_POST);
 
         communityRepository.delete(community);
 
         return ApiResponse.success(Success.DELETE_COMMUNITY_POST_SUCCESS, Map.of("community_id", community_id));
     }
 
 
-    private Boolean checkMyPost(Users users, Community community){
+    private boolean checkMyPost(Users users, Community community){
         return users.equals(community.getUsers());
     }
 

diff --git a/src/main/java/floud/demo/service/MemoirService.java b/src/main/java/floud/demo/service/MemoirService.java
@@ -64,6 +64,9 @@ public ApiResponse<?> updateMemoir(String authorizationHeader, Long memoir_id, M
             return ApiResponse.failure(Error.MEMOIR_NOT_FOUND);
         Memoir memoir = optionalMemoir.get();
 
+        if(!checkMyMemoir(users, memoir))
+            return ApiResponse.failure(Error.NO_PERMISSION_TO_MEMOIR);
+
         //Update Memoir
         memoir.update(memoirUpdateRequestDto);
 
@@ -125,6 +128,10 @@ public ApiResponse<?> getWeekMemoir(String authorizationHeader, LocalDate startD
 
     }
 
+    private boolean checkMyMemoir(Users users, Memoir memoir){
+        return  users.equals(memoir.getUsers());
+    }
+
     private void createAlarm(Users user){
         List<Users> friendList = findMyFriendList(user);
         for (Users friend : friendList) {