From 0850d6d356cd19c8bef77bc50a2bcb687b602c26 Mon Sep 17 00:00:00 2001 From: nevermoregb Date: Thu, 10 Apr 2025 15:22:11 +0900 Subject: [PATCH] =?UTF-8?q?=EC=82=AC=EC=9B=90=20=EB=93=B1=EB=A1=9D?= =?UTF-8?q?=EC=97=90=EC=84=9C=20=EB=A1=9C=EA=B7=B8=EC=9D=B8=20=EC=84=B8?= =?UTF-8?q?=EC=85=98=EC=9C=BC=EB=A1=9C=20=EB=93=B1=EB=A1=9D/=EB=B0=98?= =?UTF-8?q?=EB=A0=A4=EA=B0=80=20=EC=95=84=EB=8B=8C=20DB=EC=9D=98=20?= =?UTF-8?q?=EA=B6=8C=ED=95=9C=EC=9D=84=20=EA=B0=80=EC=A0=B8=EC=99=80?= =?UTF-8?q?=EC=84=9C=20=EC=B2=98=EB=A6=AC=ED=95=98=EB=8A=94=20=EB=B0=A9?= =?UTF-8?q?=ED=96=A5=EC=9C=BC=EB=A1=9C=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../controller/api/MainController.java | 2 +- .../company/localhost/service/MainService.java | 18 +++++++++++++----- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/src/main/java/io/company/localhost/controller/api/MainController.java b/src/main/java/io/company/localhost/controller/api/MainController.java index ee58698..013321b 100644 --- a/src/main/java/io/company/localhost/controller/api/MainController.java +++ b/src/main/java/io/company/localhost/controller/api/MainController.java @@ -4,7 +4,6 @@ import java.util.List; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PostMapping; -import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; @@ -25,6 +24,7 @@ import lombok.extern.slf4j.Slf4j; public class MainController { private final MainService mainService; + @Member @ParameterCheck diff --git a/src/main/java/io/company/localhost/service/MainService.java b/src/main/java/io/company/localhost/service/MainService.java index c562fc6..c816052 100644 --- a/src/main/java/io/company/localhost/service/MainService.java +++ b/src/main/java/io/company/localhost/service/MainService.java @@ -21,6 +21,7 @@ import org.springframework.stereotype.Service; import io.company.localhost.common.dto.ApiResponse; import io.company.localhost.common.dto.MapDto; +import io.company.localhost.vo.MemberVo; import lombok.RequiredArgsConstructor; @Service @@ -28,11 +29,8 @@ import lombok.RequiredArgsConstructor; public class MainService { private final commoncodService commoncodService; - private final NetmemberService netmemberService; - private final localvacaService localvacaService; - private final LocalevntService localevntService; @@ -106,8 +104,13 @@ public class MainService { * @return */ public ApiResponse registerMember(long memberSeq) { - int result = netmemberService.registerMember(memberSeq); + MemberVo user = netmemberService.getUserInfoById(memberSeq); + if(user.getId() != memberSeq || !"ROLE_ADMIN".equals(user.getRole())) { + return ApiResponse.error(HttpStatus.FORBIDDEN, "사용 권한 없음"); + } + + int result = netmemberService.registerMember(memberSeq); return result == 1 ? ApiResponse.ok("사원 등록 성공") : ApiResponse.ok("사원 등록 실패"); } @@ -118,8 +121,13 @@ public class MainService { * @return */ public ApiResponse rejectMember(long memberSeq) { - int result = netmemberService.rejectMember(memberSeq); + MemberVo user = netmemberService.getUserInfoById(memberSeq); + if(user.getId() != memberSeq || !"ROLE_ADMIN".equals(user.getRole())) { + return ApiResponse.error(HttpStatus.UNAUTHORIZED, "사용 권한 없음"); + } + + int result = netmemberService.rejectMember(memberSeq); return result == 1 ? ApiResponse.ok("미승인 대상자 등록") : ApiResponse.ok("미승인 대상자 등록 실패"); }