From 34107ee25cea664e71fbcc437e3dca75ceb520fb Mon Sep 17 00:00:00 2001 From: chogahui Date: Tue, 5 Oct 2021 14:45:28 +0900 Subject: [PATCH] =?UTF-8?q?user=20=EA=B6=8C=ED=95=9C=20=EA=B2=80=EC=82=AC?= =?UTF-8?q?=20logic=20=EC=B6=94=EA=B0=80=20=EB=B0=8F=20reg=20=EC=A4=91?= =?UTF-8?q?=EB=B3=B5=20=EC=95=84=EC=9D=B4=EB=94=94=20=EC=B2=98=EB=A6=AC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 유저 권한 검사 logic 추가 및 reg user 중복 아이디 처리 --- .gitignore | 1 + .../library/controller/BorrowController.java | 26 +++++++++++++++++-- .../library/controller/UserController.java | 16 ++++++++---- .../com/example/library/filter/JwtFilter.java | 1 - .../java/com/example/library/model/User.java | 12 +++++++++ .../example/library/service/UserService.java | 7 ++++- 6 files changed, 54 insertions(+), 9 deletions(-) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..62c8935 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.idea/ \ No newline at end of file diff --git a/library/src/main/java/com/example/library/controller/BorrowController.java b/library/src/main/java/com/example/library/controller/BorrowController.java index 425aa63..9ccfd49 100644 --- a/library/src/main/java/com/example/library/controller/BorrowController.java +++ b/library/src/main/java/com/example/library/controller/BorrowController.java @@ -1,6 +1,7 @@ package com.example.library.controller; import com.example.library.model.Borrow; +import com.example.library.model.User; import com.example.library.service.BorrowService; import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiParam; @@ -8,9 +9,12 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.web.bind.annotation.*; -import java.util.List; +import java.util.*; @RestController public class BorrowController { @@ -25,7 +29,23 @@ public class BorrowController { } ) public ResponseEntity> viewBorrow(@ApiParam(value = "유저 id") @PathVariable("userId")Long userId){ - return new ResponseEntity<>(borrowservice.viewBorrow(userId), HttpStatus.OK); + Authentication authInfo = SecurityContextHolder.getContext().getAuthentication(); + Object principal = authInfo.getPrincipal(); + List emptyList = new ArrayList<>(); + if(principal instanceof User){ + User user = (User)principal; + + //admin 인 경우 + if(user.getUserRoleName().compareTo("ROLE_ADMIN") == 0) + return new ResponseEntity<>(borrowservice.viewBorrow(userId), HttpStatus.OK); + + //admin 이 아닌 경우 여기로 넘어온다. + if(user.getUserId().longValue() == userId.longValue()) + return new ResponseEntity<>(borrowservice.viewBorrow(userId), HttpStatus.OK); + } + + //user 가 다른 사람의 borrow 목록을 보는 요청은 거부한다. + return new ResponseEntity<>(emptyList, HttpStatus.FORBIDDEN); } @RequestMapping(value = "/borrow", method = RequestMethod.POST) @@ -35,6 +55,7 @@ public ResponseEntity> viewBorrow(@ApiParam(value = "유저 id") @P @Authorization(value="jwt_access_token") } ) + @PreAuthorize("hasRole('ROLE_ADMIN')") public ResponseEntity addBorrow(@ApiParam(value = "borrow 정보") @RequestBody Borrow borrow){ if(borrow.getUserId() == null) return new ResponseEntity<>(borrow, HttpStatus.BAD_REQUEST); @@ -51,6 +72,7 @@ public ResponseEntity addBorrow(@ApiParam(value = "borrow 정보") @Requ @Authorization(value="jwt_access_token") } ) + @PreAuthorize("hasRole('ROLE_ADMIN')") public ResponseEntity delBorrow(@ApiParam(value = "제거할 주문 id") @PathVariable("borrowId")Long borrowId){ if(borrowId == null) return new ResponseEntity<>("", HttpStatus.BAD_REQUEST); diff --git a/library/src/main/java/com/example/library/controller/UserController.java b/library/src/main/java/com/example/library/controller/UserController.java index 91ebbd2..d51f663 100644 --- a/library/src/main/java/com/example/library/controller/UserController.java +++ b/library/src/main/java/com/example/library/controller/UserController.java @@ -37,14 +37,20 @@ public ResponseEntity regUser(@RequestBody UserRegInfo regInfo){ user.setUserName(regInfo.getUserName()); user.setUserEmail(regInfo.getUserEmail()); user.setUserPw(newPw); - if(userService.regUser(user) > 0) + int retValue = userService.regUser(user); + if(retValue < 0) return new ResponseEntity<>( - "user " + user.getUserName() + " 추가 성공", - HttpStatus.OK + "id " + user.getUserName() + " 가 중복됩니다. 다른 id를 사용해 주세요.", + HttpStatus.FORBIDDEN + ); + if(retValue == 0) + return new ResponseEntity<>( + "user " + user.getUserName() + " 추가 실패", + HttpStatus.INTERNAL_SERVER_ERROR ); return new ResponseEntity<>( - "user " + user.getUserName() + " 추가 실패", - HttpStatus.CONFLICT + "user " + user.getUserName() + " 추가 성공", + HttpStatus.OK ); } diff --git a/library/src/main/java/com/example/library/filter/JwtFilter.java b/library/src/main/java/com/example/library/filter/JwtFilter.java index d874a48..eca9cb1 100644 --- a/library/src/main/java/com/example/library/filter/JwtFilter.java +++ b/library/src/main/java/com/example/library/filter/JwtFilter.java @@ -33,7 +33,6 @@ protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServl //실제로 User 가 있는지 check! //User 가 존재하면, 이 정보를 토대로 인증 정보를 넘겨줄 거임. if(user != null) { - System.out.println(user.getUserRoleName()); Authentication authInfo = convUserToAuthInfo(user); SecurityContextHolder.getContext().setAuthentication(authInfo); } diff --git a/library/src/main/java/com/example/library/model/User.java b/library/src/main/java/com/example/library/model/User.java index cbe164d..dda80d6 100644 --- a/library/src/main/java/com/example/library/model/User.java +++ b/library/src/main/java/com/example/library/model/User.java @@ -55,4 +55,16 @@ public Boolean getUserAuth() { public void setUserAuth(Boolean userAuth) { this.userAuth = userAuth; } + + @Override + public String toString() { + return "User{" + + "userId=" + userId + + ", userEmail='" + userEmail + '\'' + + ", userName='" + userName + '\'' + + ", userPw='" + userPw + '\'' + + ", userRoleName='" + userRoleName + '\'' + + ", userAuth=" + userAuth + + '}'; + } } \ No newline at end of file diff --git a/library/src/main/java/com/example/library/service/UserService.java b/library/src/main/java/com/example/library/service/UserService.java index fa3f0e2..0204c16 100644 --- a/library/src/main/java/com/example/library/service/UserService.java +++ b/library/src/main/java/com/example/library/service/UserService.java @@ -4,6 +4,7 @@ import com.example.library.model.User; import org.mybatis.spring.SqlSessionTemplate; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.dao.DuplicateKeyException; import org.springframework.stereotype.Service; @Service @@ -18,6 +19,10 @@ public User getUser(User user) { public int regUser(User user) { UserMapper userMapper = sqlSession.getMapper(UserMapper.class); - return userMapper.insert(user); + try{ + return userMapper.insert(user); + }catch(DuplicateKeyException e){ + return -1; + } } }