fix/GH-148-voucher-read-access-right (#43)

SWM-REPL · Jul 28, 2023 · 8fa2b2a · 8fa2b2a
2 parents 0e52ba5 + 5b6410a
commit 8fa2b2a
Show file tree

Hide file tree

Showing 3 changed files with 70 additions and 36 deletions.
diff --git a/src/main/java/org/swmaestro/repl/gifthub/vouchers/controller/VoucherController.java b/src/main/java/org/swmaestro/repl/gifthub/vouchers/controller/VoucherController.java
@@ -1,19 +1,33 @@
 package org.swmaestro.repl.gifthub.vouchers.controller;
 
-import io.swagger.v3.oas.annotations.Operation;
-import io.swagger.v3.oas.annotations.tags.Tag;
-import jakarta.servlet.http.HttpServletRequest;
-import lombok.RequiredArgsConstructor;
+import java.io.IOException;
+import java.util.List;
+
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PatchMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestPart;
+import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.multipart.MultipartFile;
 import org.swmaestro.repl.gifthub.util.JwtProvider;
-import org.swmaestro.repl.gifthub.vouchers.dto.*;
+import org.swmaestro.repl.gifthub.vouchers.dto.S3FileDto;
+import org.swmaestro.repl.gifthub.vouchers.dto.VoucherReadResponseDto;
+import org.swmaestro.repl.gifthub.vouchers.dto.VoucherSaveRequestDto;
+import org.swmaestro.repl.gifthub.vouchers.dto.VoucherSaveResponseDto;
+import org.swmaestro.repl.gifthub.vouchers.dto.VoucherUpdateRequestDto;
+import org.swmaestro.repl.gifthub.vouchers.dto.VoucherUseRequestDto;
+import org.swmaestro.repl.gifthub.vouchers.dto.VoucherUseResponseDto;
 import org.swmaestro.repl.gifthub.vouchers.service.StorageService;
 import org.swmaestro.repl.gifthub.vouchers.service.VoucherService;
 
-import java.io.IOException;
-import java.util.List;
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.servlet.http.HttpServletRequest;
+import lombok.RequiredArgsConstructor;
 
 @RestController
 @RequestMapping("/vouchers")
@@ -35,16 +49,18 @@ public S3FileDto saveVoucherImage(@RequestPart("image_file") MultipartFile image
 	@PostMapping
 	@Operation(summary = "Voucher 등록 메서드", description = "클라이언트에서 요청한 기프티콘 정보를 저장하기 위한 메서드입니다.")
 	public VoucherSaveResponseDto saveVoucher(HttpServletRequest request,
-	                                          @RequestBody VoucherSaveRequestDto voucherSaveRequestDto) throws
+			@RequestBody VoucherSaveRequestDto voucherSaveRequestDto) throws
 			IOException {
 		String username = jwtProvider.getUsername(jwtProvider.resolveToken(request).substring(7));
 		return voucherService.save(username, voucherSaveRequestDto);
 	}
 
 	@GetMapping("/{voucherId}")
 	@Operation(summary = "Voucher 상세 조회 메서드", description = "클라이언트에서 요청한 기프티콘 상세 정보를 조회하기 위한 메서드입니다.")
-	public VoucherReadResponseDto readVoucher(@PathVariable Long voucherId) throws IOException {
-		return voucherService.read(voucherId);
+	public VoucherReadResponseDto readVoucher(HttpServletRequest request, @PathVariable Long voucherId) throws
+			IOException {
+		String username = jwtProvider.getUsername(jwtProvider.resolveToken(request).substring(7));
+		return voucherService.read(voucherId, username);
 	}
 
 	@GetMapping
@@ -57,14 +73,14 @@ public List<VoucherReadResponseDto> listVoucher(HttpServletRequest request) {
 	@PatchMapping("/{voucherId}")
 	@Operation(summary = "Voucher 수정 메서드", description = "클라이언트에서 요청한 기프티콘 정보를 수정하기 위한 메서드입니다.")
 	public VoucherSaveResponseDto updateVoucher(@PathVariable Long voucherId,
-	                                            @RequestBody VoucherUpdateRequestDto voucherUpdateRequestDto) throws IOException {
+			@RequestBody VoucherUpdateRequestDto voucherUpdateRequestDto) throws IOException {
 		return voucherService.update(voucherId, voucherUpdateRequestDto);
 	}
 
 	@PostMapping("/{voucherId}/usage")
 	@Operation(summary = "Voucher 사용 메서드", description = "클라이언트에서 요청한 기프티콘 사용 정보를 저장하기 위한 메서드입니다.")
 	public VoucherUseResponseDto useVoucher(HttpServletRequest request, @PathVariable Long voucherId,
-	                                        @RequestBody VoucherUseRequestDto voucherUseRequestDto) throws IOException {
+			@RequestBody VoucherUseRequestDto voucherUseRequestDto) throws IOException {
 		String username = jwtProvider.getUsername(jwtProvider.resolveToken(request).substring(7));
 		return voucherService.use(username, voucherId, voucherUseRequestDto);
 	}

diff --git a/src/main/java/org/swmaestro/repl/gifthub/vouchers/service/VoucherService.java b/src/main/java/org/swmaestro/repl/gifthub/vouchers/service/VoucherService.java
@@ -1,24 +1,30 @@
 package org.swmaestro.repl.gifthub.vouchers.service;
 
-import lombok.RequiredArgsConstructor;
+import java.io.IOException;
+import java.time.LocalDate;
+import java.time.LocalDateTime;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Optional;
+
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
 import org.swmaestro.repl.gifthub.auth.service.MemberService;
 import org.swmaestro.repl.gifthub.exception.BusinessException;
 import org.swmaestro.repl.gifthub.exception.ErrorCode;
 import org.swmaestro.repl.gifthub.util.DateConverter;
-import org.swmaestro.repl.gifthub.vouchers.dto.*;
+import org.swmaestro.repl.gifthub.vouchers.dto.VoucherReadResponseDto;
+import org.swmaestro.repl.gifthub.vouchers.dto.VoucherSaveRequestDto;
+import org.swmaestro.repl.gifthub.vouchers.dto.VoucherSaveResponseDto;
+import org.swmaestro.repl.gifthub.vouchers.dto.VoucherUpdateRequestDto;
+import org.swmaestro.repl.gifthub.vouchers.dto.VoucherUseRequestDto;
+import org.swmaestro.repl.gifthub.vouchers.dto.VoucherUseResponseDto;
 import org.swmaestro.repl.gifthub.vouchers.entity.Voucher;
 import org.swmaestro.repl.gifthub.vouchers.entity.VoucherUsageHistory;
 import org.swmaestro.repl.gifthub.vouchers.repository.VoucherRepository;
 import org.swmaestro.repl.gifthub.vouchers.repository.VoucherUsageHistoryRepository;
 
-import java.io.IOException;
-import java.time.LocalDate;
-import java.time.LocalDateTime;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Optional;
+import lombok.RequiredArgsConstructor;
 
 @Service
 @RequiredArgsConstructor
@@ -54,12 +60,17 @@ public VoucherSaveResponseDto save(String username, VoucherSaveRequestDto vouche
 	/*
 	기프티콘 상세 조회 메서드
 	 */
-	public VoucherReadResponseDto read(Long id) {
+	public VoucherReadResponseDto read(Long id, String username) {
 		Optional<Voucher> voucher = voucherRepository.findById(id);
+		List<Voucher> vouchers = voucherRepository.findAllByMemberUsername(username);
 
-		if (voucher == null) {
+		if (voucher.isEmpty()) {
 			throw new BusinessException("존재하지 않는 상품권 입니다.", ErrorCode.NOT_FOUND_RESOURCE);
 		}
+		if (!vouchers.contains(voucher.get())) {
+			throw new BusinessException("상품권을 조회할 권한이 없습니다.", ErrorCode.ACCESS_DENIED);
+		}
+
 		VoucherReadResponseDto voucherReadResponseDto = mapToDto(voucher.get());
 		return voucherReadResponseDto;
 	}
@@ -87,7 +98,8 @@ public VoucherSaveResponseDto update(Long voucherId, VoucherUpdateRequestDto vou
 				.orElseThrow(() -> new BusinessException("존재하지 않는 상품권 입니다.", ErrorCode.NOT_FOUND_RESOURCE));
 
 		voucher.setBarcode(
-				voucherUpdateRequestDto.getBarcode() == null ? voucher.getBarcode() : voucherUpdateRequestDto.getBarcode());
+				voucherUpdateRequestDto.getBarcode() == null ? voucher.getBarcode() :
+						voucherUpdateRequestDto.getBarcode());
 		voucher.setBrand(voucherUpdateRequestDto.getBrandName() == null ? voucher.getBrand() :
 				brandService.read(voucherUpdateRequestDto.getBrandName()));
 		voucher.setProduct(voucherUpdateRequestDto.getProductName() == null ? voucher.getProduct() :
@@ -135,7 +147,6 @@ public VoucherUseResponseDto use(String username, Long voucherId, VoucherUseRequ
 			throw new BusinessException("유효기간이 만료된 상품권 입니다.", ErrorCode.EXIST_RESOURCE);
 		}
 
-
 		VoucherUsageHistory voucherUsageHistory = VoucherUsageHistory.builder()
 				.member(memberService.read(username))
 				.voucher(voucher.get())

diff --git a/src/test/java/org/swmaestro/repl/gifthub/vouchers/controller/VoucherControllerTest.java b/src/test/java/org/swmaestro/repl/gifthub/vouchers/controller/VoucherControllerTest.java
@@ -1,6 +1,13 @@
 package org.swmaestro.repl.gifthub.vouchers.controller;
 
-import com.fasterxml.jackson.databind.ObjectMapper;
+import static org.junit.jupiter.api.Assertions.*;
+import static org.mockito.Mockito.*;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
+
+import java.util.ArrayList;
+import java.util.List;
+
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
@@ -10,16 +17,15 @@
 import org.springframework.security.test.context.support.WithMockUser;
 import org.springframework.test.web.servlet.MockMvc;
 import org.swmaestro.repl.gifthub.util.JwtProvider;
-import org.swmaestro.repl.gifthub.vouchers.dto.*;
+import org.swmaestro.repl.gifthub.vouchers.dto.VoucherReadResponseDto;
+import org.swmaestro.repl.gifthub.vouchers.dto.VoucherSaveRequestDto;
+import org.swmaestro.repl.gifthub.vouchers.dto.VoucherSaveResponseDto;
+import org.swmaestro.repl.gifthub.vouchers.dto.VoucherUpdateRequestDto;
+import org.swmaestro.repl.gifthub.vouchers.dto.VoucherUseRequestDto;
+import org.swmaestro.repl.gifthub.vouchers.dto.VoucherUseResponseDto;
 import org.swmaestro.repl.gifthub.vouchers.service.VoucherService;
 
-import java.util.ArrayList;
-import java.util.List;
-
-import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.mockito.Mockito.*;
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+import com.fasterxml.jackson.databind.ObjectMapper;
 
 @SpringBootTest
 @AutoConfigureMockMvc
@@ -72,15 +78,16 @@ void saveVoucher() throws Exception {
 	void readVoucherTest() throws Exception {
 		// given
 		Long voucherId = 1L;
+		String username = "user11";
 		VoucherReadResponseDto voucherReadResponseDto = VoucherReadResponseDto.builder()
 				.id(1L)
 				.barcode("012345678910")
 				.expiresAt("2023-06-15")
 				.build();
 
-		when(voucherService.read(voucherId)).thenReturn(voucherReadResponseDto);
+		when(voucherService.read(voucherId, username)).thenReturn(voucherReadResponseDto);
 		//when
-		VoucherReadResponseDto result = voucherService.read(voucherId);
+		VoucherReadResponseDto result = voucherService.read(voucherId, username);
 
 		// then
 		assertEquals(voucherId, result.getId());