Feat: 게시글 수정/삭제 권한 확인

src/main/java/treehouse/server/api/member/implementation/MemberQueryAdapter.java

@@ -5,6 +5,7 @@
 import treehouse.server.global.annotations.Adapter;
 import treehouse.server.global.entity.User.User;
 import treehouse.server.global.entity.member.Member;
+import treehouse.server.global.entity.treeHouse.TreeHouse;
 import treehouse.server.global.exception.GlobalErrorCode;
 import treehouse.server.global.exception.ThrowClass.MemberException;
 
@@ -16,6 +17,10 @@ public class MemberQueryAdapter {
 
     public Member getMember(User user){
 
-        return memberRepository.findByUser(user).orElseThrow(()-> new MemberException(GlobalErrorCode.MEMBER_NOT_FOUND));
+        return memberRepository.findByUser(user).orElseThrow(()-> new MemberException(GlobalErrorCode.USER_NOT_FOUND));
+    }
+
+    public Member findByUserAndTreehouse(User user, TreeHouse treehouse) {
+        return memberRepository.findByUserAndTreeHouse(user, treehouse).orElseThrow(() -> new MemberException(GlobalErrorCode.USER_NOT_FOUND));
     }
 }

src/main/java/treehouse/server/api/member/persistence/MemberRepository.java

@@ -3,10 +3,13 @@
 import org.springframework.data.jpa.repository.JpaRepository;
 import treehouse.server.global.entity.User.User;
 import treehouse.server.global.entity.member.Member;
+import treehouse.server.global.entity.treeHouse.TreeHouse;
 
 import java.util.Optional;
 
 public interface MemberRepository extends JpaRepository<Member, Long> {
 
     public Optional<Member> findByUser(User user);
+
+    Optional<Member> findByUserAndTreeHouse(User user, TreeHouse treehouse);
 }

src/main/java/treehouse/server/api/post/business/PostService.java

@@ -100,7 +100,7 @@ public PostResponseDTO.createPresignedUrlResult createPresignedUrl(PostRequestDT
      * @return List<PostResponseDTO.getPostDetails>
      */
     @Transactional(readOnly = true)
-    public List<PostResponseDTO.getPostDetails> getPosts (User user, Long treehouseId,int page){
+    public List<PostResponseDTO.getPostDetails> getPosts (User user, Long treehouseId, int page){
         // TODO 신고한 게시물과 탈퇴 및 차단한 작성자의 게시물은 제외하는 로직 추가
 
         TreeHouse treehouse = treehouseQueryAdapter.getTreehouseById(treehouseId);
@@ -121,17 +121,36 @@ public List<PostResponseDTO.getPostDetails> getPosts (User user, Long treehouseI
     }
 
     @Transactional
-    public PostResponseDTO.updatePostResult updatePost(User user, Long postId, PostRequestDTO.updatePost request) {
+    public PostResponseDTO.updatePostResult updatePost(User user, Long treehouseId, Long postId, PostRequestDTO.updatePost request) {
+        //TODO 현재 로그인 한 사용자가 게시글 작성자인지 확인하는 로직 개선
+        TreeHouse treehouse = treehouseQueryAdapter.getTreehouseById(treehouseId);
+        Member member = memberQueryAdapter.findByUserAndTreehouse(user, treehouse);
+
         Post post = postQueryAdapter.findById(postId);
-        //TODO 게시글 작성자와 현재 로그인 한 사용자가 같은지 확인하는 로직 추가
+        Member writer = post.getWriter();
+
+        if (!member.equals(writer)) {
+            throw new PostException(GlobalErrorCode.POST_UNAUTHORIZED);
+        }
+
         post.update(request.getContext());
         return PostMapper.toUpdatePostResult(postCommandAdapter.savePost(post));
     }
 
     @Transactional
-    public void deletePost(User user, Long postId) {
+    public void deletePost(User user, Long treehouseId, Long postId) {
+
+        //TODO 현재 로그인 한 사용자가 게시글 작성자인지 확인하는 로직 개선
+        TreeHouse treehouse = treehouseQueryAdapter.getTreehouseById(treehouseId);
+        Member member = memberQueryAdapter.findByUserAndTreehouse(user, treehouse);
+
         Post post = postQueryAdapter.findById(postId);
-        //TODO 게시글 작성자와 현재 로그인 한 사용자가 같은지 확인하는 로직 추가
+        Member writer = post.getWriter();
+
+        if (!member.equals(writer)) {
+            throw new PostException(GlobalErrorCode.POST_UNAUTHORIZED);
+        }
+
         postCommandAdapter.deletePost(post);
     }
 }

src/main/java/treehouse/server/api/post/presentation/PostApi.java

@@ -75,7 +75,7 @@ public CommonResponse<PostResponseDTO.updatePostResult> updatePost(
             @RequestBody @Valid PostRequestDTO.updatePost request,
             @AuthMember @Parameter(hidden = true) User user
     ){
-        return CommonResponse.onSuccess(postService.updatePost(user, postId, request));
+        return CommonResponse.onSuccess(postService.updatePost(user, treehouseId, postId, request));
     }
 
     @DeleteMapping("/posts/{postId}")
@@ -85,7 +85,7 @@ public CommonResponse deletePost(
             @PathVariable Long postId,
             @AuthMember @Parameter(hidden = true) User user
     ){
-        postService.deletePost(user, postId);
+        postService.deletePost(user, treehouseId, postId);
         return CommonResponse.onSuccess(null);
     }
 }

src/main/java/treehouse/server/api/user/business/UserService.java

@@ -9,7 +9,6 @@
 import treehouse.server.api.user.presentation.dto.UserRequestDTO;
 import treehouse.server.api.user.presentation.dto.UserResponseDTO;
 import treehouse.server.global.entity.User.User;
-import treehouse.server.global.entity.member.Member;
 import treehouse.server.global.entity.redis.RefreshToken;
 import treehouse.server.global.exception.GlobalErrorCode;
 import treehouse.server.global.exception.ThrowClass.AuthException;
@@ -54,7 +53,7 @@ public UserResponseDTO.registerUser register(UserRequestDTO.registerUser request
     @Transactional
     public UserResponseDTO.registerUser login(UserRequestDTO.loginMember request){
         User user = userQueryAdapter.findByPhoneNumber(request.getPhoneNumber())
-                .orElseThrow(() -> new GeneralException(GlobalErrorCode.MEMBER_NOT_FOUND));
+                .orElseThrow(() -> new GeneralException(GlobalErrorCode.USER_NOT_FOUND));
         TokenDTO loginResult = userCommandAdapter.login(user);
 
         return UserMapper.toRegister(user,loginResult.getAccessToken(), loginResult.getRefreshToken());

src/main/java/treehouse/server/api/user/implement/UserQueryAdapter.java

@@ -31,7 +31,7 @@ public Optional<User> findByPhoneNumber(String phone){
     }
 
     public User findById(Long id){
-        return userRepository.findById(id).orElseThrow(()->new UserException(GlobalErrorCode.MEMBER_NOT_FOUND));
+        return userRepository.findById(id).orElseThrow(()->new UserException(GlobalErrorCode.USER_NOT_FOUND));
     }
 
     public Optional<User> optionalUserFindById(Long id){

src/main/java/treehouse/server/global/entity/post/Post.java

@@ -29,10 +29,10 @@ public class Post extends BaseDateTimeEntity {
 
     private String content;
 
-    @OneToMany(mappedBy = "post")
+    @OneToMany(mappedBy = "post", cascade = CascadeType.REMOVE, orphanRemoval = true)
     private List<Comment> commentList;
 
-    @OneToMany(mappedBy = "post")
+    @OneToMany(mappedBy = "post", cascade = CascadeType.REMOVE, orphanRemoval = true)
     private List<PostImage> postImageList;
 
     public void update(String context) {

src/main/java/treehouse/server/global/exception/GeneralExceptionHandler.java

@@ -19,8 +19,6 @@
 import treehouse.server.global.exception.ThrowClass.GeneralException;
 import treehouse.server.global.exception.dto.ErrorResponseDTO;
 
-import java.io.PrintWriter;
-import java.io.StringWriter;
 import java.util.LinkedHashMap;
 import java.util.Map;
 import java.util.Optional;
@@ -29,11 +27,11 @@
 @RestControllerAdvice(annotations = {RestController.class})
 public class GeneralExceptionHandler extends ResponseEntityExceptionHandler {
 
-//    @ExceptionHandler(value = { GeneralException.class})
-//    protected ApiResponse handleCustomException(GeneralException e) {
-//        log.error("handleCustomException throw CustomException : {}", e.getErrorCode());
-//        return ApiResponse.onFailure(e.getErrorCode(), "");
-//    }
+    @ExceptionHandler(value = { GeneralException.class})
+    protected ResponseEntity<Object> handleCustomException(GeneralException e, HttpServletRequest request) {
+        log.error("handleCustomException throw CustomException : {}", e.getErrorCode());
+        return handleExceptionInternal(e, e.getErrorReasonHttpStatus(), HttpHeaders.EMPTY, request);
+    }
 
 
     @ExceptionHandler

src/main/java/treehouse/server/global/exception/GlobalErrorCode.java

@@ -41,7 +41,7 @@ public enum GlobalErrorCode implements BaseErrorCode{
     // USER + 403 Forbidden - 인증 거부
 
     // USER + 404 Not Found - 찾을 수 없음
-    MEMBER_NOT_FOUND(NOT_FOUND, "USER404_1", "등록된 사용자 정보가 없습니다."),
+    USER_NOT_FOUND(NOT_FOUND, "USER404_1", "등록된 사용자 정보가 없습니다."),
 
     // USER + 409 CONFLICT : Resource 를 찾을 수 없음
     DUPLICATE_PHONE_NUMBER(CONFLICT, "USER409_1", "중복된 전화번호가 존재합니다."),
@@ -56,6 +56,8 @@ public enum GlobalErrorCode implements BaseErrorCode{
     // INVITATION + 404 Not Found - 찾을 수 없음
     INVITATION_NOT_FOUND(NOT_FOUND, "INVITATION404_1", "존재하지 않는 초대장입니다."),
 
+    // POST + 401 Unauthorized - 권한 없음
+    POST_UNAUTHORIZED(UNAUTHORIZED, "POST401_1", "게시글 수정 및 삭제 권한이 없습니다."),
     // POST + 404 Not Found - 찾을 수 없음
     POST_NOT_FOUND(NOT_FOUND, "POST404_1", "존재하지 않는 게시글입니다."),
 

src/main/java/treehouse/server/global/redis/service/RedisService.java

@@ -33,7 +33,7 @@ public class RedisService {
      */
     public RefreshToken generateRefreshToken(User user) {
         if (!userQueryAdapter.existById(user.getId()))
-            throw new GeneralException(GlobalErrorCode.MEMBER_NOT_FOUND);
+            throw new GeneralException(GlobalErrorCode.USER_NOT_FOUND);
 
         String refreshToken = tokenProvider.createRefreshToken();
 

src/main/java/treehouse/server/global/security/handler/annotation/resolver/AuthMemberArgumentResolver.java

@@ -11,7 +11,6 @@
 import org.springframework.web.method.support.HandlerMethodArgumentResolver;
 import org.springframework.web.method.support.ModelAndViewContainer;
 import treehouse.server.api.user.business.UserMapper;
-import treehouse.server.api.user.business.UserService;
 import treehouse.server.global.entity.User.User;
 import treehouse.server.global.exception.GlobalErrorCode;
 import treehouse.server.global.exception.ThrowClass.GeneralException;
@@ -51,7 +50,7 @@ public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer m
             principal = authentication.getPrincipal();
         }
         if (principal == null || principal.getClass() == String.class) { //Authentication 객체가 null이거나, principal이 String 타입('anonymousUser')인 경우
-            throw new GeneralException(GlobalErrorCode.MEMBER_NOT_FOUND);
+            throw new GeneralException(GlobalErrorCode.USER_NOT_FOUND);
         }
 
         UsernamePasswordAuthenticationToken authenticationToken = (UsernamePasswordAuthenticationToken) authentication;

src/main/resources/application.yml

@@ -108,6 +108,12 @@ spring:
     password: ${aws.db.password}
     url: jdbc:mysql://${aws.db.url}/${aws.db.name}?autoReconnect=true&setTimezone=Asia/Seoul
     driver-class-name: com.mysql.cj.jdbc.Driver
+    hikari:
+      maximum-pool-size: 10
+      minimum-idle: 5
+      connection-timeout: 30000
+      idle-timeout: 600000
+      max-lifetime: 1800000
   sql:
     init:
       mode: never