diff --git a/src/main/java/umc/spring/post/controller/PostController.java b/src/main/java/umc/spring/post/controller/PostController.java index b5332b63af7dae65c623dd604b57e49f14b02489..6a06b5c996e9cc194aab1eaf4852b6f87b0ec448 100644 --- a/src/main/java/umc/spring/post/controller/PostController.java +++ b/src/main/java/umc/spring/post/controller/PostController.java @@ -74,7 +74,13 @@ public class PostController { @PostMapping("/post/comments") @ResponseStatus(HttpStatus.OK) public void addComment(@RequestBody CommentDto commentDto){ - postService.addComment(commentDto); + try{ + postService.addComment(commentDto); + } + catch(Exception e){ + throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "token not found"); + + } } @DeleteMapping("/post/comments") diff --git a/src/main/java/umc/spring/post/data/dto/CommentDto.java b/src/main/java/umc/spring/post/data/dto/CommentDto.java index 23567b60bb30a3f338bcc2b20e9a5d0d2e9658c0..3499c67839ae7e8b763d3ca06f19f10d6d3b844c 100644 --- a/src/main/java/umc/spring/post/data/dto/CommentDto.java +++ b/src/main/java/umc/spring/post/data/dto/CommentDto.java @@ -6,7 +6,6 @@ import lombok.Data; public class CommentDto { private Long postId; - private Long userId; private String author; private String text; diff --git a/src/main/java/umc/spring/post/service/PostServiceImpl.java b/src/main/java/umc/spring/post/service/PostServiceImpl.java index 74be361c24b8fc3c93445317f39d333db8f99943..4e8a47f4222685353e602647e1c497deac09cbfe 100644 --- a/src/main/java/umc/spring/post/service/PostServiceImpl.java +++ b/src/main/java/umc/spring/post/service/PostServiceImpl.java @@ -2,8 +2,9 @@ package umc.spring.post.service; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.HttpStatus; import org.springframework.stereotype.Service; -import umc.spring.post.config.security.SecurityUtil; +import org.springframework.web.server.ResponseStatusException; import umc.spring.post.data.dto.CommentDto; import umc.spring.post.data.dto.PostDto; import umc.spring.post.data.dto.PostResDto; @@ -39,9 +40,7 @@ public class PostServiceImpl implements PostService{ @Override public void upload(PostDto postDto){ - UserInfoDto userInfoDto = getCurrentMemberId(); - Post post = new Post(); setPost(postDto, post); post.setAuthor(userInfoDto.getUserName()); @@ -70,7 +69,54 @@ public class PostServiceImpl implements PostService{ Post post = postRepository.findById(id).orElseThrow(() -> new RuntimeException("id가 존재하지 않습니다."));; return PostResDto.toDTO(post); } + @Override + public boolean deletePost(Long id) { + // 토큰 받은 유저의 post인지 확인하기.. + Optional<Post> byId = postRepository.findById(id); + if(byId.isPresent()){ + UserInfoDto userInfoDto; + try { + userInfoDto = getCurrentMemberId(); + } + catch(Exception e){ + throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "token not found"); + } + if(Objects.equals(byId.get().getUserId(), userInfoDto.getUserId())){ + postRepository.deleteById(id); + return true; + } + throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "Unauthorized: You do not have permission to delete this post."); + } + else return false; + } + @Override + public boolean editPost(PostDto postDto, Long id) { + // 토큰 받은 유저의 post인지 + Optional<Post> byId = postRepository.findById(id); + + if(byId.isPresent()){ + UserInfoDto userInfoDto; + try { + userInfoDto = getCurrentMemberId(); + } + catch(Exception e){ + throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "token not found"); + } + Post post = byId.get(); + if(Objects.equals(post.getUserId(), userInfoDto.getUserId())){ + post.setTitle(postDto.getTitle() != null ? postDto.getTitle() : post.getTitle()); + post.setBody(postDto.getBody() != null ? postDto.getBody() : post.getBody()); + post.setImage(postDto.getImage() != null ? postDto.getImage() : post.getImage()); + post.setModifiedTime(new Date()); + postRepository.save(post); + return true; + } + throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "Unauthorized: You do not have permission to edit this post."); + } + else return false; + + } @Override public void likeCrew(Long id) { UserInfoDto userInfoDto = getCurrentMemberId(); @@ -91,28 +137,7 @@ public class PostServiceImpl implements PostService{ } } - @Override - public boolean deletePost(Long id) { - if(postRepository.findById(id).isPresent()){ - postRepository.deleteById(id); - return true; - } - else return false; - } - - @Override - public boolean editPost(PostDto postDto, Long id) { - Post post = postRepository.findById(id).orElseThrow(() -> new RuntimeException("id가 존재하지 않습니다."));; - if(post!=null){ - post.setTitle(postDto.getTitle() != null ? postDto.getTitle() : post.getTitle()); - post.setBody(postDto.getBody() != null ? postDto.getBody() : post.getBody()); - post.setImage(postDto.getImage() != null ? postDto.getImage() : post.getImage()); - post.setModifiedTime(new Date()); - postRepository.save(post); - return true; - } - else return false; - } + @Override public List<PostResDto> search(String title) { @@ -129,7 +154,11 @@ public class PostServiceImpl implements PostService{ @Override public void addComment(CommentDto commentDto){ + // 토큰 받은 유저가 우리 회원인지 + + UserInfoDto userInfoDto = getCurrentMemberId(); Comment comment = setComment(commentDto); + comment.setUserId(userInfoDto.getUserId()); commentRepository.save(comment); } @@ -137,34 +166,41 @@ public class PostServiceImpl implements PostService{ public boolean deleteComment(Long id) { Optional<Comment> option = commentRepository.findById(id); if(option.isPresent()){ + UserInfoDto userInfoDto; + try { + userInfoDto = getCurrentMemberId(); + } + catch(Exception e){ + throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "token not found"); + } Comment comment = option.get(); - Post post = comment.getPost(); - if(post!=null){ - post.getComments().removeIf(data -> - data.getId().equals(id) - ); - postRepository.save(post); + if(Objects.equals(userInfoDto.getUserId(), comment.getUserId())){ + Post post = comment.getPost(); + if(post!=null){ + post.getComments().removeIf(data -> + data.getId().equals(id) + ); + postRepository.save(post); + } + return true; } - return true; + throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "Unauthorized: You do not have permission to delete this comment."); } else return false; } private Comment setComment(CommentDto commentDto) { + Comment comment = new Comment(); Post post = postRepository.findById(commentDto.getPostId()).orElseThrow(() -> new RuntimeException("id가 존재하지 않습니다.")); - post.getComments().add(comment); - comment.setPost(post); - post.setAuthor(userInfoDto.getUserName()); - - comment.setUserId(commentDto.getUserId()); - comment.setTimestamp(new Date()); - comment.setText(commentDto.getText()); - comment.setAuthor(commentDto.getAuthor()); comment.setPostId(commentDto.getPostId()); + comment.setAuthor(commentDto.getAuthor()); + comment.setText(commentDto.getText()); + comment.setTimestamp(new Date()); return comment; + } private static void setPost(PostDto postDto, Post post) {