Skip to content

Commit

Permalink
user 권한 검사 logic 추가 및 reg 중복 아이디 처리
Browse files Browse the repository at this point in the history 
유저 권한 검사 logic 추가 및 reg user 중복 아이디 처리
  • Loading branch information
@cdog-gh
cdog-gh committed Oct 5, 2021
1 parent 26e3e8f commit 34107ee
Show file tree
Hide file tree
Showing 6 changed files with 54 additions and 9 deletions.
1 change: 1 addition & 0 deletions .gitignore
View file
@@ -0,0 +1 @@
.idea/
26 changes: 24 additions & 2 deletions library/src/main/java/com/example/library/controller/BorrowController.java
View file
@@ -1,16 +1,20 @@
package com.example.library.controller;

import com.example.library.model.Borrow;
import com.example.library.model.User;
import com.example.library.service.BorrowService;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import io.swagger.annotations.Authorization;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.*;

import java.util.List;
import java.util.*;

@RestController
public class BorrowController {
Expand All @@ -25,7 +29,23 @@ public class BorrowController {
}
)
public ResponseEntity<List<Borrow>> viewBorrow(@ApiParam(value = "유저 id") @PathVariable("userId")Long userId){
return new ResponseEntity<>(borrowservice.viewBorrow(userId), HttpStatus.OK);
Authentication authInfo = SecurityContextHolder.getContext().getAuthentication();
Object principal = authInfo.getPrincipal();
List<Borrow> emptyList = new ArrayList<>();
if(principal instanceof User){
User user = (User)principal;

//admin 인 경우
if(user.getUserRoleName().compareTo("ROLE_ADMIN") == 0)
return new ResponseEntity<>(borrowservice.viewBorrow(userId), HttpStatus.OK);

//admin 이 아닌 경우 여기로 넘어온다.
if(user.getUserId().longValue() == userId.longValue())
return new ResponseEntity<>(borrowservice.viewBorrow(userId), HttpStatus.OK);
}

//user 가 다른 사람의 borrow 목록을 보는 요청은 거부한다.
return new ResponseEntity<>(emptyList, HttpStatus.FORBIDDEN);
}

@RequestMapping(value = "/borrow", method = RequestMethod.POST)
Expand All @@ -35,6 +55,7 @@ public ResponseEntity<List<Borrow>> viewBorrow(@ApiParam(value = "유저 id") @P
@Authorization(value="jwt_access_token")
}
)
@PreAuthorize("hasRole('ROLE_ADMIN')")
public ResponseEntity<Borrow> addBorrow(@ApiParam(value = "borrow 정보") @RequestBody Borrow borrow){
if(borrow.getUserId() == null)
return new ResponseEntity<>(borrow, HttpStatus.BAD_REQUEST);
Expand All @@ -51,6 +72,7 @@ public ResponseEntity<Borrow> addBorrow(@ApiParam(value = "borrow 정보") @Requ
@Authorization(value="jwt_access_token")
}
)
@PreAuthorize("hasRole('ROLE_ADMIN')")
public ResponseEntity<String> delBorrow(@ApiParam(value = "제거할 주문 id") @PathVariable("borrowId")Long borrowId){
if(borrowId == null)
return new ResponseEntity<>("", HttpStatus.BAD_REQUEST);
Expand Down
16 changes: 11 additions & 5 deletions library/src/main/java/com/example/library/controller/UserController.java
View file
Expand Up @@ -37,14 +37,20 @@ public ResponseEntity<String> regUser(@RequestBody UserRegInfo regInfo){
user.setUserName(regInfo.getUserName());
user.setUserEmail(regInfo.getUserEmail());
user.setUserPw(newPw);
if(userService.regUser(user) > 0)
int retValue = userService.regUser(user);
if(retValue < 0)
return new ResponseEntity<>(
"user " + user.getUserName() + " 추가 성공",
HttpStatus.OK
"id " + user.getUserName() + " 가 중복됩니다. 다른 id를 사용해 주세요.",
HttpStatus.FORBIDDEN
);
if(retValue == 0)
return new ResponseEntity<>(
"user " + user.getUserName() + " 추가 실패",
HttpStatus.INTERNAL_SERVER_ERROR
);
return new ResponseEntity<>(
"user " + user.getUserName() + " 추가 실패",
HttpStatus.CONFLICT
"user " + user.getUserName() + " 추가 성공",
HttpStatus.OK
);
}

Expand Down
1 change: 0 additions & 1 deletion library/src/main/java/com/example/library/filter/JwtFilter.java
View file
Expand Up @@ -33,7 +33,6 @@ protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServl
//실제로 User 가 있는지 check!
//User 가 존재하면, 이 정보를 토대로 인증 정보를 넘겨줄 거임.
if(user != null) {
System.out.println(user.getUserRoleName());
Authentication authInfo = convUserToAuthInfo(user);
SecurityContextHolder.getContext().setAuthentication(authInfo);
}
Expand Down
12 changes: 12 additions & 0 deletions library/src/main/java/com/example/library/model/User.java
View file
Expand Up @@ -55,4 +55,16 @@ public Boolean getUserAuth() {
public void setUserAuth(Boolean userAuth) {
this.userAuth = userAuth;
}

@Override
public String toString() {
return "User{" +
"userId=" + userId +
", userEmail='" + userEmail + '\'' +
", userName='" + userName + '\'' +
", userPw='" + userPw + '\'' +
", userRoleName='" + userRoleName + '\'' +
", userAuth=" + userAuth +
'}';
}
}
7 changes: 6 additions & 1 deletion library/src/main/java/com/example/library/service/UserService.java
View file
Expand Up @@ -4,6 +4,7 @@
import com.example.library.model.User;
import org.mybatis.spring.SqlSessionTemplate;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.dao.DuplicateKeyException;
import org.springframework.stereotype.Service;

@Service
Expand All @@ -18,6 +19,10 @@ public User getUser(User user) {

public int regUser(User user) {
UserMapper userMapper = sqlSession.getMapper(UserMapper.class);
return userMapper.insert(user);
try{
return userMapper.insert(user);
}catch(DuplicateKeyException e){
return -1;
}
}
}

0 comments on commit 34107ee

Please sign in to comment.