✨: feat 나만 보기 답변에 대해 답변 소유권 검증 로직 추가 #28

Team-Plu · Mar 9, 2024 · 1a5b5a9 · 1a5b5a9
1 parent f2140ce
commit 1a5b5a9
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 4 deletions.
diff --git a/plu-api/src/main/kotlin/com/th/plu/api/controller/answer/AnswerController.kt b/plu-api/src/main/kotlin/com/th/plu/api/controller/answer/AnswerController.kt
@@ -1,6 +1,7 @@
 package com.th.plu.api.controller.answer
 
 import com.th.plu.api.config.interceptor.Auth
+import com.th.plu.api.config.resolver.MemberId
 import com.th.plu.api.controller.answer.dto.response.AnswerInfoResponse
 import com.th.plu.api.service.answer.AnswerService
 import com.th.plu.common.dto.response.ApiResponse
@@ -20,7 +21,7 @@ class AnswerController(
     @Auth
     @Operation(summary = "답변 조회")
     @GetMapping("/v1/answer/{answerId}")
-    fun findAnswerById(@PathVariable answerId: Long): ApiResponse<AnswerInfoResponse> {
-        return ApiResponse.success(answerService.findAnswerInfoById(answerId))
+    fun findAnswerById(@PathVariable answerId: Long, @MemberId memberId: Long): ApiResponse<AnswerInfoResponse> {
+        return ApiResponse.success(answerService.findAnswerInfoById(answerId, memberId))
     }
 }
diff --git a/plu-api/src/main/kotlin/com/th/plu/api/service/answer/AnswerService.kt b/plu-api/src/main/kotlin/com/th/plu/api/service/answer/AnswerService.kt
@@ -10,10 +10,14 @@ import org.springframework.transaction.annotation.Transactional
 class AnswerService(
         private val questionExplorer: QuestionExplorer,
         private val answerExplorer: AnswerExplorer,
+        private val answerValidator: AnswerValidator
 ) {
     @Transactional(readOnly = true)
-    fun findAnswerInfoById(id: Long): AnswerInfoResponse {
-        val answer = answerExplorer.findAnswerById(id)
+    fun findAnswerInfoById(answerId: Long, memberId: Long): AnswerInfoResponse {
+        val answer = answerExplorer.findAnswerById(answerId)
+        if (!answer.isPublic) {
+            answerValidator.validateIsMemberOwnerOfAnswer(answerId, memberId)
+        }
         val question = questionExplorer.findQuestionById(answer.getQuestionId())
 
         return AnswerInfoResponse.of(question, answer)

diff --git a/plu-api/src/main/kotlin/com/th/plu/api/service/answer/AnswerValidator.kt b/plu-api/src/main/kotlin/com/th/plu/api/service/answer/AnswerValidator.kt
@@ -0,0 +1,21 @@
+package com.th.plu.api.service.answer
+
+import com.th.plu.common.exception.code.ErrorCode
+import com.th.plu.common.exception.model.ValidationException
+import com.th.plu.domain.domain.answer.explorer.AnswerExplorer
+import com.th.plu.domain.domain.answer.repository.AnswerRepository
+import org.springframework.stereotype.Component
+
+@Component
+class AnswerValidator(
+        private val answerExplorer: AnswerExplorer,
+        private val answerRepository: AnswerRepository
+) {
+    fun validateIsMemberOwnerOfAnswer(answerId: Long, memberId: Long) {
+        val answer = answerExplorer.findAnswerById(answerId)
+        if (answer.member.id != memberId) {
+            throw ValidationException(ErrorCode.INVALID_ANSWER_OWNER,
+                    "멤버 (ID: ${memberId})는 답변 (ID: ${answerId})의 답변자가 아니기 때문에 답변 정보에 접근할 수 없습니다.")
+        }
+    }
+}
diff --git a/plu-common/src/main/kotlin/com/th/plu/common/exception/code/ErrorCode.kt b/plu-common/src/main/kotlin/com/th/plu/common/exception/code/ErrorCode.kt
@@ -10,6 +10,7 @@ enum class ErrorCode(val code: String, val message: String) {
     BIND_EXCEPTION("V005", "요청 값을 바인딩하는 과정에서 오류가 발생하였습니다."),
     METHOD_ARGUMENT_NOT_VALID_EXCEPTION("V006", "요청 값이 검증되지 않은 값 입니다."),
     INVALID_FORMAT_EXCEPTION("V007", "요청 값이 유효하지 않은 데이터입니다."),
+    INVALID_ANSWER_OWNER("V008", "질문의 소유자가 아닙니다."),
 
     // Unauthorized Exception
     UNAUTHORIZED_EXCEPTION("U001", "토큰이 만료되었습니다. 다시 로그인 해주세요."),