Dev

[hyuuuun]

개요

관련 BackLog

Resolves: (Backlog Number, ...)

PR 유형

• [] 새로운 기능 추가
• 버그 수정
• CSS 등 사용자 UI 디자인 변경
• 코드에 영향을 주지 않는 변경사항(오타 수정, 탭 사이즈 변경, 변수명 변경)
• 코드 리팩토링
• 주석 추가 및 수정
• 문서 수정
• 테스트 추가, 테스트 리팩토링
• 빌드 부분 혹은 패키지 매니저 수정
• 파일 혹은 폴더명 수정
• 파일 혹은 폴더 삭제

PR Checklist

• 커밋 메시지 컨벤션에 맞게 작성했습니다.
• 변경 사항에 대한 테스트를 했습니다.(버그 수정/기능에 대한 테스트).

Summary by CodeRabbit

Release Notes

• Improvements
  • Enhanced role transfer functionality with role-based permission validation
  • Automatic session authority updates for non-administrator users following role transfers
  • Strengthened request validation for role transfer operations

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 9aa7ff5f-5005-486b-aa87-f20fc3cb9f67

📥 Commits

Reviewing files that changed from the base of the PR and between 501ba1e and 5d54d25.

📒 Files selected for processing (4)

• src/main/java/com/pooli/permission/controller/RoleController.java
• src/main/java/com/pooli/permission/service/RoleService.java
• src/main/java/com/pooli/permission/service/RoleServiceImpl.java
• src/test/java/com/pooli/permission/service/RoleServiceImplTest.java

---

📝 Walkthrough

Walkthrough

This PR enhances representative role transfer functionality by introducing user role-based differentiation. ADMIN users must provide currentLineId, while OWNER users' supplied value is ignored. Non-ADMIN users undergo session authority updates post-transfer, replacing ROLE_FAMILY_OWNER with ROLE_FAMILY_MEMBER. The implementation spans controller, service, and test layers.

Changes

Cohort / File(s)	Summary
Role Transfer Authorization Logic src/main/java/com/pooli/permission/controller/RoleController.java, src/main/java/com/pooli/permission/service/RoleService.java, src/main/java/com/pooli/permission/service/RoleServiceImpl.java	Added user role-based differentiation for representative role transfer. RoleController now conditionally updates session authorities for non-ADMIN users via SecurityContext. RoleServiceImpl introduces resolveCurrentLineId helper to enforce ADMIN-required currentLineId validation and log warnings when OWNER-provided values are ignored. Service signature updated to accept AuthUserDetails for role checking.
Test Coverage Expansion src/test/java/com/pooli/permission/service/RoleServiceImplTest.java	Extended test suite with ownerUser and adminUser fixtures. Added ADMIN-specific scenarios validating MISSING_REQUEST_PARAM error when currentLineId is absent, successful role transfers with updates, and self-transfer permission denial. Updated existing tests to pass user context and verify interaction patterns with mappers and alarm services.

Sequence Diagrams

sequenceDiagram
    participant Client
    participant RoleController
    participant RoleServiceImpl
    participant SecurityContext
    participant RoleDAO
    participant AlarmService

    Client->>RoleController: POST transferRepresentativeRole(changeLineId, currentLineId?)
    RoleController->>RoleServiceImpl: transferRepresentativeRole(currentLineId, changeLineId, userDetails)
    RoleServiceImpl->>RoleServiceImpl: resolveCurrentLineId(userDetails)
    alt User is ADMIN
        RoleServiceImpl->>RoleServiceImpl: Validate currentLineId is not null
        RoleServiceImpl->>RoleDAO: Fetch and update roles
        RoleServiceImpl->>AlarmService: Broadcast role transfer alarm
    else User is OWNER
        RoleServiceImpl->>RoleServiceImpl: Log warning, use session lineId
        RoleServiceImpl->>RoleDAO: Fetch and update roles
        RoleServiceImpl->>AlarmService: Broadcast role transfer alarm
    end
    RoleServiceImpl-->>RoleController: Transfer result
    alt User is not ADMIN
        RoleController->>RoleController: Replace ROLE_FAMILY_OWNER with ROLE_FAMILY_MEMBER
        RoleController->>SecurityContext: Update Authentication token with new authorities
        RoleController->>SecurityContext: Persist context
    else User is ADMIN
        RoleController->>SecurityContext: Preserve existing authorities
    end
    RoleController-->>Client: ResponseEntity with transfer result

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~50 minutes

Suggested reviewers

• pjh813

Poem

🐰 A rabbit hops through roles with care,
ADMIN claims the lineId there,
While OWNER's choice the code ignores,
Session gates now lock the doors. ✨
Transfer flows both safe and clear—
Spring's security holds us near!

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dev

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}