Merge pull request #96 from studio-recoding/fix-everything

[🚀feat] 카테고리에 대한 권한 없는 접근 에러 처리

src/main/java/Ness/Backend/domain/category/CategoryService.java

@@ -11,12 +11,14 @@
 import Ness.Backend.domain.schedule.entity.Schedule;
 import Ness.Backend.global.error.exception.DefaultCategoryException;
 import Ness.Backend.global.error.exception.DuplicateCategoryException;
+import Ness.Backend.global.error.exception.UnauthorizedAccessException;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
 import java.util.List;
+import java.util.Objects;
 
 @Service
 @RequiredArgsConstructor
@@ -63,12 +65,15 @@ public void postUserCategory(Long memberId, PostCategoryDto postCategoryDto){
 
     /* 카테고리 수정하기 */
     public void putUserCategory(Long memberId, PutCategoryDto putCategoryDto){
+        Category changeCategory = categoryRepository.findCategoryById(putCategoryDto.getId());
+        checkCategoryAuth(memberId, changeCategory);
+
         List<Category> categoryList = categoryRepository.findCategoriesByMember_idAndNameExcludeId(memberId, putCategoryDto.getName(), putCategoryDto.getId());
 
         if(categoryList.isEmpty()){
             //중복되지 않은 카테고리일 경우는 변경사항 저장 가능
-            Category category = categoryRepository.findCategoryById(putCategoryDto.getId());
-            category.changeCategory(putCategoryDto.getName(), putCategoryDto.getColor());
+            log.info(putCategoryDto.getId() + "번 카테고리 " + changeCategory.getName() + " 수정");
+            changeCategory.changeCategory(putCategoryDto.getName(), putCategoryDto.getColor());
         }
         else {
             throw new DuplicateCategoryException();
@@ -79,6 +84,7 @@ public void putUserCategory(Long memberId, PutCategoryDto putCategoryDto){
     @Transactional
     public void deleteUserCategory(Long memberId, Long categoryId){
         Category deleteCategory = categoryRepository.findCategoryById(categoryId);
+        checkCategoryAuth(memberId,deleteCategory);
 
         if(deleteCategory.isDefaultNone()){
             //디폴트 미분류 카테고리는 삭제 불가
@@ -98,4 +104,11 @@ public void deleteUserCategory(Long memberId, Long categoryId){
             categoryRepository.delete(deleteCategory);
         }
     }
+
+    //자기 자신의 리소스를 접근하고 있는지 확인
+    private void checkCategoryAuth(Long memberId, Category category){
+        if(!Objects.equals(memberId, category.getMember().getId())){
+            throw new UnauthorizedAccessException("권한이 없습니다. 해당 카테고리는 다른 유저가 권한을 가지고 있습니다.");
+        }
+    }
 }

src/main/java/Ness/Backend/global/error/ErrorResponse.java

@@ -44,4 +44,12 @@ public static ErrorResponse onFailure(ErrorCode errorCode) {
                 .message(errorCode.getMessage())
                 .build();
     }
+
+    public static ErrorResponse onFailure(ErrorCode errorCode, String message) {
+        return ErrorResponse.builder()
+                .status(errorCode.getHttpStatus().value())
+                .code(errorCode.getCode())
+                .message(message)
+                .build();
+    }
 }

src/main/java/Ness/Backend/global/error/GlobalExceptionHandler.java

@@ -16,6 +16,6 @@ public class GlobalExceptionHandler {
     protected ResponseEntity<ErrorResponse> handleBusinessException(final BaseException baseException, HttpServletRequest httpServletRequest) {
         log.error("handleBusinessException", baseException);
         final ContentCachingRequestWrapper contentCachingRequestWrapper = new ContentCachingRequestWrapper(httpServletRequest);
-        return new ResponseEntity<>(ErrorResponse.onFailure(baseException.getErrorCode()),null, baseException.getErrorCode().getHttpStatus());
+        return new ResponseEntity<>(ErrorResponse.onFailure(baseException.getErrorCode(), baseException.getMessage()),null, baseException.getErrorCode().getHttpStatus());
     }
 }