Merge remote-tracking branch 'origin/dev-server' into dev-server

Taekgil99 · Dec 2, 2022 · 650d6db · 650d6db
2 parents b98251d + 9fe0dac
commit 650d6db
Show file tree

Hide file tree

Showing 8 changed files with 72 additions and 38 deletions.
diff --git a/backend/src/main/java/com/backend/domain/product/api/ProductController.java b/backend/src/main/java/com/backend/domain/product/api/ProductController.java
@@ -33,49 +33,49 @@ public class ProductController {
     public ResponseEntity create(@CurrentUser CustomUserDetails authUser, @PathVariable Long categoryId,
                                  @RequestParam("price") int price, @RequestParam("productName") String productName,
                                  @RequestParam("tag") String tag,
-                                 TitleImg titleImg, DetailImg detailImg){
+                                 TitleImg titleImg, DetailImg detailImg) {
         log.info("post 맵핑 실행 ");
         Long userId = authUser.getUser().getUserId();
         log.info("user 조회 완료 ");
-        Product response = productService.create(userId,price,productName,titleImg,detailImg,tag,categoryId);
+        Product response = productService.create(userId, price, productName, titleImg, detailImg, tag, categoryId);
 
         return new ResponseEntity(new SingleResponseDto<>(productMapper.productToProductResponseDto(response)), HttpStatus.CREATED);
     }
 
     @PatchMapping("/products/{categoryId}/{productsId}")
-    public ResponseEntity update(@PathVariable Long productsId,@CurrentUser CustomUserDetails authUser,
+    public ResponseEntity update(@PathVariable Long productsId, @CurrentUser CustomUserDetails authUser,
                                  @RequestParam("price") int price, @RequestParam("productName") String productName,
-                                 TitleImg titleImg,DetailImg detailImg,@PathVariable Long categoryId){
+                                 TitleImg titleImg, DetailImg detailImg, @PathVariable Long categoryId) {
         log.info(" 수정 실행 ");
 
-        Product response = productService.update(productsId,categoryId,price,productName,titleImg,detailImg);
+        Product response = productService.update(productsId, categoryId, price, productName, titleImg, detailImg, authUser.getUser());
         ProductResponseDto productResponseDto = productMapper.productToProductResponseDto(response);
         productResponseDto.setCategoryId(response.getCategory().getCategoryId());
         log.info(" 수정 된 상품 출력 ");
         return new ResponseEntity(new SingleResponseDto<>(productResponseDto), HttpStatus.OK);
     }
 
     @DeleteMapping("/products/{productsId}")
-    public ResponseEntity<Long> delete(@PathVariable Long productsId){
+    public ResponseEntity<Long> delete(@PathVariable Long productsId, @CurrentUser CustomUserDetails authUser) {
         log.info("삭제 맵핑 실행");
-        return ResponseEntity.ok(productService.delete(productsId));
+        return ResponseEntity.ok(productService.delete(productsId, authUser.getUser()));
     }
 
     // 상품 조회 (필터링)
     @GetMapping("/products/filter/{filterId}")
-    public ResponseEntity getLists(@RequestParam int page,@PathVariable int filterId){
-        int size= 12;
+    public ResponseEntity getLists(@RequestParam int page, @PathVariable int filterId) {
+        int size = 12;
         log.info("getLists 실행 ");
-        Page<Product> pageProduct = productService.getLists(page-1, size,filterId);
+        Page<Product> pageProduct = productService.getLists(page - 1, size, filterId);
         log.info(" 페이징 리스트로 변환 ");
         List<Product> response = pageProduct.getContent();
         log.info(" 상품 목록 조회 완료 ");
-        return new ResponseEntity<>(new MultiResponse<>(productMapper.productsToProductResponseDto(response),pageProduct), HttpStatus.OK);
+        return new ResponseEntity<>(new MultiResponse<>(productMapper.productsToProductResponseDto(response), pageProduct), HttpStatus.OK);
     }
 
     // 제품 상세 조회
     @GetMapping("/products/{productsId}")
-    public ResponseEntity getListReview(@PathVariable Long productsId){
+    public ResponseEntity getListReview(@PathVariable Long productsId) {
         log.info("getListReview 실행");
         Product product = productService.getList(productsId);
         String average = productService.calculateReviewAverage(productsId);
@@ -84,24 +84,25 @@ public ResponseEntity getListReview(@PathVariable Long productsId){
         proResponseDto.setAverage(average);
         proResponseDto.setCategoryId(product.getCategory().getCategoryId());
         log.info(" getListReview 완료 ");
-        return new ResponseEntity(new SingleResponseDto<>(proResponseDto),HttpStatus.OK);
+        return new ResponseEntity(new SingleResponseDto<>(proResponseDto), HttpStatus.OK);
     }
+
     // 카테고리 필터 출력
     @GetMapping("/products/category/{categoryId}/{filterId}")
-    public ResponseEntity getListCategory(@PathVariable Long categoryId,@RequestParam int page,@PathVariable int filterId){
-        int size= 12;
+    public ResponseEntity getListCategory(@PathVariable Long categoryId, @RequestParam int page, @PathVariable int filterId) {
+        int size = 12;
         log.info(" getListCategory 실행 ");
-        Page<Product> pageProduct = productService.getCategory(categoryId,filterId, page-1, size);
+        Page<Product> pageProduct = productService.getCategory(categoryId, filterId, page - 1, size);
         log.info(" getcategory 리스트로 변환 ");
         List<Product> content = pageProduct.getContent();
         log.info(" getListCategory 완료 ");
-        return new ResponseEntity<>(new MultiResponse<>(productMapper.productsToProductResponseDto(content),pageProduct), HttpStatus.OK);
+        return new ResponseEntity<>(new MultiResponse<>(productMapper.productsToProductResponseDto(content), pageProduct), HttpStatus.OK);
     }
 
     // 랜덤 추천
     @GetMapping("/products/random")
-    public ResponseEntity getRandomList(){
+    public ResponseEntity getRandomList() {
         List<Product> random = productService.random();
-        return new ResponseEntity<>(new SingleResponseDto<>(productMapper.productsToProductResponseDto(random)),HttpStatus.OK);
+        return new ResponseEntity<>(new SingleResponseDto<>(productMapper.productsToProductResponseDto(random)), HttpStatus.OK);
     }
-}
+}
diff --git a/backend/src/main/java/com/backend/domain/product/application/ProductService.java b/backend/src/main/java/com/backend/domain/product/application/ProductService.java
@@ -14,6 +14,8 @@
 import com.backend.domain.user.dao.UserRepository;
 import com.backend.domain.user.domain.User;
 import com.backend.domain.user.exception.MemberNotFound;
+import com.backend.global.error.BusinessLogicException;
+import com.backend.global.error.ExceptionCode;
 import lombok.RequiredArgsConstructor;
 import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
@@ -76,8 +78,9 @@ public Product create(Long userId, int price, String productName,TitleImg titleI
     // 상품 수정
     @SneakyThrows
     @Transactional
-    public Product update(Long productId, Long categoryId, int price , String productName, TitleImg titleImg, DetailImg detailImg) {
+    public Product update(Long productId, Long categoryId, int price , String productName, TitleImg titleImg, DetailImg detailImg, User user) {
         Product findProduct = productRepository.findById(productId).orElseThrow(ProductNotFound::new);
+        checkPermission(productId, user);
         log.info(" findProduct : ",findProduct);
         Category category = categoryRepository.findById(categoryId).orElseThrow(CategoryNotFound::new);
         log.info(" category : ", category);
@@ -111,13 +114,13 @@ public Product update(Long productId, Long categoryId, int price , String produc
     }
 
     @Transactional
-    public Long delete(Long productsId) {
-
-        Product product = productRepository.findById(productsId).orElseThrow(ProductNotFound::new);
+    public Long delete(Long productId, User user) {
+        Product product = productRepository.findById(productId).orElseThrow(ProductNotFound::new);
+        checkPermission(productId, user);
         log.info(" product : ", product);
         productRepository.delete(product);
         log.info(" 상품 삭제 ");
-        return  productsId;
+        return  productId;
     }
 
     @Transactional
@@ -206,4 +209,9 @@ public List<Product> random() {
         }
         return list;
     }
+    private void checkPermission(Long productId, User user) {
+        if (productRepository.existsByProductIdAndUserUserId(productId, user.getUserId()) || user.getUserRole().equals("ROLE_ADMIN_TEST")) {
+            throw new BusinessLogicException(ExceptionCode.HANDLE_ACCESS_DENIED);
+        }
+    }
 }
diff --git a/backend/src/main/java/com/backend/domain/product/dao/ProductRepository.java b/backend/src/main/java/com/backend/domain/product/dao/ProductRepository.java
@@ -17,4 +17,5 @@ public interface ProductRepository extends JpaRepository<Product,Long> {
     List<Product> findByUserId(@Param("userId") long userId);
     @Query("select p from Product p where p.category.categoryId = :categoryId")
     Page<Product> findByCategory(@Param("categoryId")long categoryId , Pageable pageable);
-}
+    boolean existsByProductIdAndUserUserId(long productId,long userId);
+}
diff --git a/backend/src/main/java/com/backend/domain/review/dao/ReviewRepository.java b/backend/src/main/java/com/backend/domain/review/dao/ReviewRepository.java
@@ -22,4 +22,6 @@ public interface ReviewRepository extends JpaRepository<Review,Long> {
 
     @Query("select r from Review r join Product p on p.productId = r.proId where p.user.userId = :userId")
     Page<Review> findByUserId(@Param("userId") Long userId,Pageable pageable);
+
+    void deleteByUser_UserRoleOrUser_UserRole(String roleUserTest, String roleAdminTest);
 }
diff --git a/backend/src/main/java/com/backend/domain/user/application/UserService.java b/backend/src/main/java/com/backend/domain/user/application/UserService.java
@@ -5,6 +5,7 @@
 import com.backend.domain.point.domain.PointType;
 import com.backend.domain.refreshToken.dao.RefreshTokenRepository;
 import com.backend.domain.refreshToken.domain.RefreshToken;
+import com.backend.domain.review.dao.ReviewRepository;
 import com.backend.domain.user.dao.UserRepository;
 import com.backend.domain.user.domain.User;
 import com.backend.domain.user.dto.PasswordDto;
@@ -18,7 +19,6 @@
 import io.jsonwebtoken.ExpiredJwtException;
 import io.jsonwebtoken.JwtException;
 import io.jsonwebtoken.security.SignatureException;
-import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.crypto.password.PasswordEncoder;
@@ -31,7 +31,6 @@
 @Slf4j
 @Service
 @Transactional
-@RequiredArgsConstructor
 public class UserService {
 
     private final UserRepository userRepository;
@@ -40,9 +39,24 @@ public class UserService {
     private final RefreshTokenRepository refreshTokenRepository;
     private final PointHistoryRepository pointHistoryRepository;
     private final PointService pointService;
+    private final ReviewRepository reviewRepository;
+
+    private Long guestId;
+    private Long adminTestId;
+
+    public UserService(UserRepository userRepository, PasswordEncoder passwordEncoder, JwtTokenizer jwtTokenizer, RefreshTokenRepository refreshTokenRepository, PointHistoryRepository pointHistoryRepository, PointService pointService, ReviewRepository reviewRepository) {
+        this.userRepository = userRepository;
+        this.passwordEncoder = passwordEncoder;
+        this.jwtTokenizer = jwtTokenizer;
+        this.refreshTokenRepository = refreshTokenRepository;
+        this.pointHistoryRepository = pointHistoryRepository;
+        this.pointService = pointService;
+        this.reviewRepository = reviewRepository;
+
+        guestId = userRepository.countByUserRole("ROLE_USER_TEST") + 1L;
+        adminTestId = userRepository.countByUserRole("ROLE_ADMIN_TEST") + 1L;
+    }
 
-    private Long guestId = 1L;
-    private Long adminId = 1L;
 
     public User getLoginUser() { //로그인된 유저가 옳바른 지 확인하고 정보 가져옴
         return findUser(getUserByToken());
@@ -258,7 +272,7 @@ public TestUserResponseDto signupTestAccount(String userRole) {
             hitGuest();
         } else {
             testRole = "admin";
-            testUserId = String.valueOf(adminId);
+            testUserId = String.valueOf(adminTestId);
             hitAdmin();
         }
 
@@ -323,7 +337,7 @@ private void hitGuest() {
     }
 
     private void hitAdmin() {
-        adminId++;
+        adminTestId++;
     }
 
     public String getLoginUserInfo(User user) {
@@ -382,6 +396,7 @@ public String findIdByPhoneNumber(String phoneNumber) {
 
     @Transactional
     public void deleteGustAccount() {
+        reviewRepository.deleteByUser_UserRoleOrUser_UserRole("ROLE_USER_TEST", "ROLE_ADMIN_TEST");
         pointHistoryRepository.deleteByUser_UserRoleOrUser_UserRole("ROLE_USER_TEST", "ROLE_ADMIN_TEST");
         userRepository.deleteAllByUserRoleOrUserRole("ROLE_USER_TEST", "ROLE_ADMIN_TEST");
     }

diff --git a/backend/src/main/java/com/backend/domain/user/dao/UserRepository.java b/backend/src/main/java/com/backend/domain/user/dao/UserRepository.java
@@ -7,12 +7,13 @@
 
 public interface UserRepository extends JpaRepository<User, Long> {
 
-    boolean existsByNickname(String nickname);
+//    boolean existsByNickname(String nickname);
 
     Optional<User> findByEmailAndUserStatusAndSocialLogin(String email,User.UserStatus userStatus,String socialLogin);
 
     Optional<User> findByNicknameAndUserStatusAndSocialLogin(String nickname, User.UserStatus userExist, String original);
     Optional<User> findByEmail(String email);
     Optional<User> findByPhone(String phoneNumber);
     void deleteAllByUserRoleOrUserRole(String guestUserRole, String guestAdminRole);
+    long countByUserRole(String userRole);
 }
diff --git a/backend/src/main/java/com/backend/global/config/SecurityConfig.java b/backend/src/main/java/com/backend/global/config/SecurityConfig.java
@@ -13,6 +13,7 @@
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -23,6 +24,8 @@
 import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
+import java.util.List;
+
 /**
  * Spring Security 설정
  */
@@ -73,9 +76,12 @@ public SecurityFilterChain filterChain(HttpSecurity http) {
                 .httpBasic().disable()
                 .apply(new CustomFilterConfigurer())
                 .and()
-                .authorizeRequests(authorize -> authorize
-                        // todo : 테스트용 추후 수정
-                        .anyRequest().permitAll())
+                .authorizeRequests(authorize -> {
+                    authorize
+                            .antMatchers(HttpMethod.DELETE, "/products/**").hasAnyRole("ADMIN", "ADMIN_TEST")
+                            .antMatchers(HttpMethod.PATCH, "/products/**").hasAnyRole("ADMIN", "ADMIN_TEST")
+                            .anyRequest().permitAll();
+                })
                 .oauth2Login(oauth2 -> {
                     oauth2.userInfoEndpoint().userService(customOAuth2UserService);
                     log.info("customOAuth2UserService 완료하고 다시 filterChain 진입");

diff --git a/backend/src/main/java/com/backend/global/config/auth/handler/OAuth2userSuccessHandler.java b/backend/src/main/java/com/backend/global/config/auth/handler/OAuth2userSuccessHandler.java
@@ -113,9 +113,9 @@ private URI createURI(String accessToken, String refreshToken, String registrati
 
         return UriComponentsBuilder
                 .newInstance()
-                .scheme("http")
+                .scheme("https")
                 .host("luxmeal.xyz")
-                .port(80)
+                .port(443)
                 .path("/oauth/" + registrationId)
                 .queryParams(queryParams)
                 .build()