Merge pull request #76 from sesac-mini2/hwakyung

3000포트 설정 삭제, 관리자 댓글 삭제/수정 권한 부여, 일부 버그 수정
sesac-mini2 · Jan 5, 2025 · 083473e · 083473e
2 parents ede77fc + c2bbeee
commit 083473e
Show file tree

Hide file tree

Showing 5 changed files with 21 additions and 15 deletions.
diff --git a/src/main/java/com/trace/jachuiplan/reply/ReplyController.java b/src/main/java/com/trace/jachuiplan/reply/ReplyController.java
@@ -1,20 +1,21 @@
 package com.trace.jachuiplan.reply;
 
-import com.trace.jachuiplan.DataNotFoundException;
+import com.trace.jachuiplan.user.UserRole;
 import com.trace.jachuiplan.user.UserService;
 import com.trace.jachuiplan.user.Users;
 import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
-import org.springframework.beans.factory.annotation.Autowired;
+import lombok.extern.log4j.Log4j2;
 import org.springframework.data.domain.Page;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.validation.BindingResult;
 import org.springframework.web.bind.annotation.*;
-import org.springframework.web.server.ResponseStatusException;
 
 import java.security.Principal;
 import java.util.ArrayList;
@@ -24,6 +25,7 @@
 @RequestMapping("/reply")
 @RequiredArgsConstructor
 @Controller
+@Log4j2
 public class ReplyController {
 
     private final ReplyService replyService;
@@ -66,7 +68,7 @@ public ResponseEntity<?> create(@PathVariable("bno") Long bno, @Valid @RequestBo
 
     // 댓글 수정
     @PutMapping("/{rno}")
-    public ResponseEntity<?> modify(@PathVariable("rno") Long rno, @Valid @RequestBody ReplyRequest replyRequest, BindingResult bindingResult, Principal principal){
+    public ResponseEntity<?> modify(@PathVariable("rno") Long rno, @Valid @RequestBody ReplyRequest replyRequest, BindingResult bindingResult, @AuthenticationPrincipal UserDetails userDetails){
         if (bindingResult.hasErrors()) {
             List<String> errorMessages = new ArrayList<>();
             bindingResult.getAllErrors().forEach(error -> {
@@ -76,15 +78,15 @@ public ResponseEntity<?> modify(@PathVariable("rno") Long rno, @Valid @RequestBo
         }
         // Reply Entity 가져오기
         Reply reply = replyService.getReply(rno);
-        if (!reply.getUsers().getUsername().equals(principal.getName())) {
+        if (!reply.getUsers().getUsername().equals(userDetails.getUsername()) && !userDetails.getAuthorities().toString().contains(UserRole.ADMIN.getValue())) {
             List<String> errorMessages = new ArrayList<>();
             errorMessages.add("수정권한이 없습니다.");
             return ResponseEntity.badRequest().body(errorMessages);
         }
 
-        Users users = this.userService.findByUsername(principal.getName()).get();
+        Users users = this.userService.findByUsername(userDetails.getUsername()).get();
 
-        ReplyResponse replyResponse = new ReplyResponse(replyService.modify(reply, replyRequest, users));
+        ReplyResponse replyResponse = new ReplyResponse(replyService.modify(reply, replyRequest));
 
         return ResponseEntity
                 .status(HttpStatus.CREATED)
@@ -93,10 +95,10 @@ public ResponseEntity<?> modify(@PathVariable("rno") Long rno, @Valid @RequestBo
 
     // 댓글 삭제
     @DeleteMapping("/{rno}")
-    public ResponseEntity<?> delete(@PathVariable("rno") Long rno, Principal principal){
+    public ResponseEntity<?> delete(@PathVariable("rno") Long rno, @AuthenticationPrincipal UserDetails userDetails){
         // Reply Entity 가져오기
         Reply reply = replyService.getReply(rno);
-        if (!reply.getUsers().getUsername().equals(principal.getName())) {
+        if (!reply.getUsers().getUsername().equals(userDetails.getUsername()) && !userDetails.getAuthorities().toString().contains(UserRole.ADMIN.getValue())) {
             List<String> errorMessages = new ArrayList<>();
             errorMessages.add("삭제권한이 없습니다.");
             return ResponseEntity.badRequest().body(errorMessages);

diff --git a/src/main/java/com/trace/jachuiplan/reply/ReplyService.java b/src/main/java/com/trace/jachuiplan/reply/ReplyService.java
@@ -91,7 +91,7 @@ public Reply create(ReplyRequest request, Long bno, Users users){
     }
 
     // 댓글 수정
-    public Reply modify(Reply reply, ReplyRequest replyRequest, Users users){
+    public Reply modify(Reply reply, ReplyRequest replyRequest){
         reply.setReply(replyRequest.getReply());
 
         return replyRepository.save(reply);

diff --git a/src/main/resources/static/css/style.css b/src/main/resources/static/css/style.css
@@ -84,6 +84,10 @@ main {
     padding: 1rem;
 }
 
+.reply-textarea {
+    height: 140px !important;
+}
+
 textarea {
     resize: none;
 }

diff --git a/src/main/resources/static/js/reply.js b/src/main/resources/static/js/reply.js
@@ -2,6 +2,7 @@ const replyFragment = $("#replyFragment");
 
 //const csrfToken = $("#csrfToken").val();
 axios.defaults.baseURL = 'http://localhost';
+axios.defaults.withCredentials = true;
 const path = window.location.pathname;
 const bno = path.split("/").pop();
 
@@ -108,7 +109,6 @@ function clickModifyReplyBtn(e) {
     if ($(e).text() === '수정') {
         // p 태그 내용을 textarea로 복사
         const currentContent = replyContent.text();
-        card.find('.reply-textarea').val(currentContent);
 
         // replyContent 숨기고 textarea 표시
         replyContent.addClass('d-none');
@@ -139,7 +139,7 @@ function clickModifyReplyBtn(e) {
         $(e).text('수정');
 
         // 취소 버튼을 '삭제'로 변경
-        cancelBtn.text('취소');
+        cancelBtn.text('삭제');
     }
 }
 

diff --git a/src/main/resources/templates/reply/reply_list.html b/src/main/resources/templates/reply/reply_list.html
@@ -19,17 +19,17 @@ <h4 class="d-inline me-3">댓글</h4><span class="h5 text-muted" th:text="${pagi
         <div class="reply-card mb-4" th:each="reply : ${paging}" th:data-reply-id="${reply.rno}">
             <div class="card-body">
                 <p th:text="${reply.nickname}"></p>
-                <p class="reply-content text-muted" th:utext="${@commonUtil.markdown(reply.reply)}"></p>
+                <p class="reply-content text-muted" th:text="${reply.reply}"></p>
                 <p class="text-muted small m-0" th:text="${#temporals.format(reply.replydate, 'yyyy-MM-dd HH:mm')}"></p>
                 <div class="reply-err"></div>
                 <div class="text-end">
                     <button class="btn btn-primary btn-sm reply-modify"
                             sec:authorize="isAuthenticated()"
-                            th:if="${reply.username != null and #authentication.getPrincipal().getUsername() == reply.username}"
+                            th:if="${reply.username != null and #authentication.getPrincipal().getUsername() == reply.username or #authentication.getPrincipal().getAuthorities().toString().contains('ROLE_ADMIN')}"
                             th:text="수정"></button>
                     <button class="btn btn-outline-primary btn-sm reply-delete"
                             sec:authorize="isAuthenticated()"
-                            th:if="${reply.username != null and #authentication.getPrincipal().getUsername() == reply.username}"
+                            th:if="${(reply.username != null and #authentication.getPrincipal().getUsername() == reply.username) or #authentication.getPrincipal().getAuthorities().toString().contains('ROLE_ADMIN')}"
                             th:text="삭제"></button>
                 </div>
             </div>