feat: 인증/인가 기능 추가 후, 채널 API 수정

- 이전에는 더미 유저를 바탕으로 채널 API가 동작했더라면, - 실제로 인증/인가 절차 이후 동작할 수 있도록 수정
Dev-TeamOne · Jun 1, 2023 · cf330a5 · cf330a5
1 parent de72d33
commit cf330a5
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 14 deletions.
diff --git a/classmate/src/main/java/devteamOne/classmate/channel/controller/ChannelController.java b/classmate/src/main/java/devteamOne/classmate/channel/controller/ChannelController.java
@@ -28,29 +28,30 @@ public class ChannelController {
     @GetMapping("/channels")
     public ResponseEntity<DataResponse<List<ChannelDto>>> getChannels(@RequestParam ChannelType type, Principal principal) {
 
-//        String socialId = principal.getName();
+        String email = principal.getName();
 
         return ResponseEntity.ok(
-                DataResponse.from("S-00", "채널 조회 성공", channelService.getChannels("socialId", type))
+                DataResponse.from("S-00", "채널 조회 성공", channelService.getChannels(email, type))
         );
     }
 
 
     @PostMapping("/channels")
     public ResponseEntity<BasicResponse> create(@RequestBody ChannelCreateRequest request, Principal principal) {
-        // get User
-//        String socialId = principal.getName();
-        channelService.save("socialId", request);
+
+        String email = principal.getName();
+        channelService.save(email, request);
 
         return ResponseEntity.ok(
                 BasicResponse.from("S-00", "채널 생성 성공")
         );
     }
 
     @DeleteMapping("/channels/{channel_id}")
-    public ResponseEntity<BasicResponse> delete(@PathVariable("channel_id") Long id) {
+    public ResponseEntity<BasicResponse> delete(@PathVariable("channel_id") Long id, Principal principal) {
 
-        channelService.delete(id);
+        String email = principal.getName();
+        channelService.delete(email, id);
 
         return ResponseEntity.ok(
                 BasicResponse.from("S-00", "채널 삭제 성공")

diff --git a/classmate/src/main/java/devteamOne/classmate/channel/service/ChannelService.java b/classmate/src/main/java/devteamOne/classmate/channel/service/ChannelService.java
@@ -9,6 +9,7 @@
 import devteamOne.classmate.channel.repository.ChannelRepository;
 import devteamOne.classmate.participant.repository.ParticipantRepository;
 import devteamOne.classmate.user.domain.User;
+import devteamOne.classmate.user.exception.UserHasNotPermission;
 import devteamOne.classmate.user.exception.UserNotFoundException;
 import devteamOne.classmate.user.repository.UserRepository;
 import lombok.RequiredArgsConstructor;
@@ -27,10 +28,9 @@ public class ChannelService {
     private final ParticipantRepository participantRepository;
 
     @Transactional(readOnly = true)
-    public List<ChannelDto> getChannels(String socialId, ChannelType type) {
+    public List<ChannelDto> getChannels(String email, ChannelType type) {
 
-        // userService.findBySocialId(socialId);
-        User user = userRepository.findById(1L).orElseThrow(UserNotFoundException::new);
+        User user = userRepository.findByEmail(email).orElseThrow(UserNotFoundException::new);
 
         if (type.equals(ChannelType.ME)) {
             return channelRepository.findAllByUser(user).stream()
@@ -45,19 +45,24 @@ public List<ChannelDto> getChannels(String socialId, ChannelType type) {
         throw new IllegalStateException();
     }
 
-    public void save(String socialId, ChannelCreateRequest request) {
-        // userService.findBySocialId(socialId);
-        User user = userRepository.findById(1L).orElseThrow(UserNotFoundException::new);
+    public void save(String email, ChannelCreateRequest request) {
+
+        User user = userRepository.findByEmail(email).orElseThrow(UserNotFoundException::new);
 
         Channel channel = ChannelMapper.INSTANCE.createDtoToEntity(request);
         channel.assignCreator(user);
 
         channelRepository.save(channel);
     }
 
-    public void delete(Long id) {
+    public void delete(String email, Long id) {
+
         Channel channel = channelRepository.findById(id).orElseThrow(ChannelNotFoundException::new);
 
+        if (!channel.getUser().getEmail().equals(email)) {
+            throw new UserHasNotPermission();
+        }
+
         // User 권한 체크
         channelRepository.delete(channel);
     }

diff --git a/classmate/src/main/java/devteamOne/classmate/user/exception/UserHasNotPermission.java b/classmate/src/main/java/devteamOne/classmate/user/exception/UserHasNotPermission.java
@@ -0,0 +1,13 @@
+package devteamOne.classmate.user.exception;
+
+import devteamOne.classmate.global.handler.exception.ApplicationException;
+
+public class UserHasNotPermission extends ApplicationException {
+
+    private static final String STATUS = "U-03";
+    private static final String MESSAGE = "해당 유저에는 권한이 없습니다.";
+
+    public UserHasNotPermission() {
+        super(STATUS, MESSAGE);
+    }
+}