diff --git a/src/main/java/gg/agit/konect/domain/club/controller/ClubApi.java b/src/main/java/gg/agit/konect/domain/club/controller/ClubApi.java index 90a0bf82..ca911992 100644 --- a/src/main/java/gg/agit/konect/domain/club/controller/ClubApi.java +++ b/src/main/java/gg/agit/konect/domain/club/controller/ClubApi.java @@ -35,7 +35,8 @@ ResponseEntity getClubs( @RequestParam(name = "page", defaultValue = "1") Integer page, @RequestParam(name = "limit", defaultValue = "10", required = false) Integer limit, @RequestParam(name = "query", defaultValue = "", required = false) String query, - @RequestParam(name = "isRecruiting", defaultValue = "false", required = false) Boolean isRecruiting + @RequestParam(name = "isRecruiting", defaultValue = "false", required = false) Boolean isRecruiting, + @UserId Integer userId ); @Operation(summary = "동아리의 상세 정보를 조회한다.", description = """ @@ -56,7 +57,8 @@ ResponseEntity getClubDetail( @Operation(summary = "동아리 멤버 리스트를 조회한다.") @GetMapping("/{clubId}/members") ResponseEntity getClubMembers( - @PathVariable(name = "clubId") Integer clubId + @PathVariable(name = "clubId") Integer clubId, + @UserId Integer userId ); @Operation(summary = "동아리 가입 신청을 한다.", description = """ @@ -90,7 +92,8 @@ ResponseEntity getFeeInfo( @Operation(summary = "동아리 가입 문항을 조회한다.") @GetMapping("/{clubId}/questions") ResponseEntity getApplyQuestions( - @PathVariable(name = "clubId") Integer clubId + @PathVariable(name = "clubId") Integer clubId, + @UserId Integer userId ); @Operation(summary = "동아리 모집 정보를 조회한다.", description = """ diff --git a/src/main/java/gg/agit/konect/domain/club/controller/ClubController.java b/src/main/java/gg/agit/konect/domain/club/controller/ClubController.java index e40db9c0..5c4d39b3 100644 --- a/src/main/java/gg/agit/konect/domain/club/controller/ClubController.java +++ b/src/main/java/gg/agit/konect/domain/club/controller/ClubController.java @@ -33,9 +33,10 @@ public ResponseEntity getClubs( @RequestParam(name = "page", defaultValue = "1") Integer page, @RequestParam(name = "limit", defaultValue = "10", required = false) Integer limit, @RequestParam(name = "query", defaultValue = "", required = false) String query, - @RequestParam(name = "isRecruiting", defaultValue = "false", required = false) Boolean isRecruiting + @RequestParam(name = "isRecruiting", defaultValue = "false", required = false) Boolean isRecruiting, + @UserId Integer userId ) { - ClubsResponse response = clubService.getClubs(page, limit, query, isRecruiting); + ClubsResponse response = clubService.getClubs(page, limit, query, isRecruiting, userId); return ResponseEntity.ok(response); } @@ -56,9 +57,10 @@ public ResponseEntity getJoinedClubs(@UserId Integer userId @GetMapping("/{clubId}/members") public ResponseEntity getClubMembers( - @PathVariable(name = "clubId") Integer clubId + @PathVariable(name = "clubId") Integer clubId, + @UserId Integer userId ) { - ClubMembersResponse response = clubService.getClubMembers(clubId); + ClubMembersResponse response = clubService.getClubMembers(clubId, userId); return ResponseEntity.ok(response); } @@ -83,9 +85,10 @@ public ResponseEntity getFeeInfo( @Override public ResponseEntity getApplyQuestions( - @PathVariable(name = "clubId") Integer clubId + @PathVariable(name = "clubId") Integer clubId, + @UserId Integer userId ) { - ClubApplyQuestionsResponse response = clubService.getApplyQuestions(clubId); + ClubApplyQuestionsResponse response = clubService.getApplyQuestions(clubId, userId); return ResponseEntity.ok(response); } diff --git a/src/main/java/gg/agit/konect/domain/club/repository/ClubQueryRepository.java b/src/main/java/gg/agit/konect/domain/club/repository/ClubQueryRepository.java index 23950995..dfd955f5 100644 --- a/src/main/java/gg/agit/konect/domain/club/repository/ClubQueryRepository.java +++ b/src/main/java/gg/agit/konect/domain/club/repository/ClubQueryRepository.java @@ -33,8 +33,8 @@ public class ClubQueryRepository { private final JPAQueryFactory jpaQueryFactory; - public Page findAllByFilter(PageRequest pageable, String query, Boolean isRecruiting) { - BooleanBuilder filter = clubSearchFilter(query, isRecruiting); + public Page findAllByFilter(PageRequest pageable, String query, Boolean isRecruiting, Integer universityId) { + BooleanBuilder filter = clubSearchFilter(query, isRecruiting, universityId); OrderSpecifier sort = clubSort(isRecruiting); List clubData = fetchClubs(pageable, filter, sort); @@ -112,8 +112,9 @@ private Long countClubs(BooleanBuilder filter) { .fetchOne(); } - private BooleanBuilder clubSearchFilter(String query, Boolean isRecruiting) { + private BooleanBuilder clubSearchFilter(String query, Boolean isRecruiting, Integer universityId) { BooleanBuilder builder = new BooleanBuilder(); + builder.and(club.university.id.eq(universityId)); if (!StringUtils.isEmpty(query)) { String normalizedQuery = query.trim().toLowerCase(); diff --git a/src/main/java/gg/agit/konect/domain/club/service/ClubService.java b/src/main/java/gg/agit/konect/domain/club/service/ClubService.java index 2e86360c..d608e28e 100644 --- a/src/main/java/gg/agit/konect/domain/club/service/ClubService.java +++ b/src/main/java/gg/agit/konect/domain/club/service/ClubService.java @@ -1,5 +1,6 @@ package gg.agit.konect.domain.club.service; +import static gg.agit.konect.global.code.ApiResponseCode.FORBIDDEN_CLUB_MEMBER_ACCESS; import static java.lang.Boolean.TRUE; import java.util.HashSet; @@ -14,28 +15,28 @@ import org.springframework.transaction.annotation.Transactional; import org.springframework.util.StringUtils; +import gg.agit.konect.domain.club.dto.ClubApplyQuestionsResponse; import gg.agit.konect.domain.club.dto.ClubApplyRequest; import gg.agit.konect.domain.club.dto.ClubDetailResponse; import gg.agit.konect.domain.club.dto.ClubFeeInfoResponse; import gg.agit.konect.domain.club.dto.ClubMembersResponse; -import gg.agit.konect.domain.club.dto.ClubsResponse; -import gg.agit.konect.domain.club.dto.ClubApplyQuestionsResponse; import gg.agit.konect.domain.club.dto.ClubRecruitmentResponse; +import gg.agit.konect.domain.club.dto.ClubsResponse; import gg.agit.konect.domain.club.dto.JoinedClubsResponse; import gg.agit.konect.domain.club.model.Club; import gg.agit.konect.domain.club.model.ClubApply; import gg.agit.konect.domain.club.model.ClubApplyAnswer; +import gg.agit.konect.domain.club.model.ClubApplyQuestion; import gg.agit.konect.domain.club.model.ClubMember; import gg.agit.konect.domain.club.model.ClubRecruitment; import gg.agit.konect.domain.club.model.ClubSummaryInfo; -import gg.agit.konect.domain.club.model.ClubApplyQuestion; import gg.agit.konect.domain.club.repository.ClubApplyAnswerRepository; +import gg.agit.konect.domain.club.repository.ClubApplyQuestionRepository; import gg.agit.konect.domain.club.repository.ClubApplyRepository; import gg.agit.konect.domain.club.repository.ClubMemberRepository; import gg.agit.konect.domain.club.repository.ClubQueryRepository; import gg.agit.konect.domain.club.repository.ClubRecruitmentRepository; import gg.agit.konect.domain.club.repository.ClubRepository; -import gg.agit.konect.domain.club.repository.ClubApplyQuestionRepository; import gg.agit.konect.domain.user.model.User; import gg.agit.konect.domain.user.repository.UserRepository; import gg.agit.konect.global.code.ApiResponseCode; @@ -56,9 +57,10 @@ public class ClubService { private final ClubApplyAnswerRepository clubApplyAnswerRepository; private final UserRepository userRepository; - public ClubsResponse getClubs(Integer page, Integer limit, String query, Boolean isRecruiting) { + public ClubsResponse getClubs(Integer page, Integer limit, String query, Boolean isRecruiting, Integer userId) { + User user = userRepository.getById(userId); PageRequest pageable = PageRequest.of(page - 1, limit); - Page clubSummaryInfoPage = clubQueryRepository.findAllByFilter(pageable, query, isRecruiting); + Page clubSummaryInfoPage = clubQueryRepository.findAllByFilter(pageable, query, isRecruiting, user.getUniversity().getId()); return ClubsResponse.of(clubSummaryInfoPage); } @@ -83,7 +85,12 @@ public JoinedClubsResponse getJoinedClubs(Integer userId) { return JoinedClubsResponse.of(clubMembers); } - public ClubMembersResponse getClubMembers(Integer clubId) { + public ClubMembersResponse getClubMembers(Integer clubId, Integer userId) { + boolean isMember = clubMemberRepository.existsByClubIdAndUserId(clubId, userId); + if (!isMember) { + throw CustomException.of(FORBIDDEN_CLUB_MEMBER_ACCESS); + } + List clubMembers = clubMemberRepository.findAllByClubId(clubId); return ClubMembersResponse.from(clubMembers); } @@ -98,7 +105,8 @@ public ClubFeeInfoResponse getFeeInfo(Integer clubId, Integer userId) { return ClubFeeInfoResponse.from(club); } - public ClubApplyQuestionsResponse getApplyQuestions(Integer clubId) { + public ClubApplyQuestionsResponse getApplyQuestions(Integer clubId, Integer userId) { + User user = userRepository.getById(userId); List questions = clubApplyQuestionRepository.findAllByClubId(clubId); return ClubApplyQuestionsResponse.from(questions); } diff --git a/src/main/java/gg/agit/konect/domain/notice/repository/CouncilNoticeRepository.java b/src/main/java/gg/agit/konect/domain/notice/repository/CouncilNoticeRepository.java index f4259b7b..744b8811 100644 --- a/src/main/java/gg/agit/konect/domain/notice/repository/CouncilNoticeRepository.java +++ b/src/main/java/gg/agit/konect/domain/notice/repository/CouncilNoticeRepository.java @@ -13,7 +13,7 @@ public interface CouncilNoticeRepository extends Repository { - Page findAll(Pageable pageable); + Page findByCouncilId(Integer councilId, Pageable pageable); Optional findById(Integer id); diff --git a/src/main/java/gg/agit/konect/domain/notice/service/NoticeService.java b/src/main/java/gg/agit/konect/domain/notice/service/NoticeService.java index 6772f6d6..f096f670 100644 --- a/src/main/java/gg/agit/konect/domain/notice/service/NoticeService.java +++ b/src/main/java/gg/agit/konect/domain/notice/service/NoticeService.java @@ -1,5 +1,7 @@ package gg.agit.konect.domain.notice.service; +import static gg.agit.konect.global.code.ApiResponseCode.FORBIDDEN_COUNCIL_NOTICE_ACCESS; + import java.util.List; import java.util.Map; import java.util.Set; @@ -23,6 +25,7 @@ import gg.agit.konect.domain.notice.repository.CouncilNoticeRepository; import gg.agit.konect.domain.user.model.User; import gg.agit.konect.domain.user.repository.UserRepository; +import gg.agit.konect.global.exception.CustomException; import lombok.RequiredArgsConstructor; @Service @@ -36,15 +39,16 @@ public class NoticeService { private final UserRepository userRepository; public CouncilNoticesResponse getNotices(Integer page, Integer limit, Integer userId) { + User user = userRepository.getById(userId); + Council council = councilRepository.getByUniversity(user.getUniversity()); PageRequest pageable = PageRequest.of(page - 1, limit, Sort.by(Sort.Direction.DESC, "createdAt")); - Page councilNoticePage = councilNoticeRepository.findAll(pageable); - Map councilNoticeReadMap = getCouncilNoticeReadMap(userId, councilNoticePage.getContent()); + Page councilNoticePage = councilNoticeRepository.findByCouncilId(council.getId(), pageable); + Map councilNoticeReadMap = getCouncilNoticeReadMap(user.getId(), councilNoticePage.getContent()); return CouncilNoticesResponse.from(councilNoticePage, councilNoticeReadMap); } private Map getCouncilNoticeReadMap(Integer userId, List councilNotices) { - User user = userRepository.getById(userId); - Set readNoticeIds = getReadNoticeIds(user.getId(), councilNotices); + Set readNoticeIds = getReadNoticeIds(userId, councilNotices); return councilNotices.stream() .collect(Collectors.toMap( @@ -71,6 +75,10 @@ public CouncilNoticeResponse getNotice(Integer id, Integer userId) { CouncilNotice councilNotice = councilNoticeRepository.getById(id); User user = userRepository.getById(userId); + if (!councilNotice.getCouncil().getUniversity().equals(user.getUniversity())) { + throw CustomException.of(FORBIDDEN_COUNCIL_NOTICE_ACCESS); + } + if (!councilNoticeReadRepository.existsByUserIdAndCouncilNoticeId(userId, id)) { councilNoticeReadRepository.save(CouncilNoticeReadHistory.of(user, councilNotice)); } diff --git a/src/main/java/gg/agit/konect/domain/schedule/controller/ScheduleApi.java b/src/main/java/gg/agit/konect/domain/schedule/controller/ScheduleApi.java index ab99a804..6d7f6ae8 100644 --- a/src/main/java/gg/agit/konect/domain/schedule/controller/ScheduleApi.java +++ b/src/main/java/gg/agit/konect/domain/schedule/controller/ScheduleApi.java @@ -4,6 +4,7 @@ import org.springframework.web.bind.annotation.GetMapping; import gg.agit.konect.domain.schedule.dto.SchedulesResponse; +import gg.agit.konect.global.auth.annotation.UserId; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; import jakarta.servlet.http.HttpSession; @@ -32,5 +33,5 @@ public interface ScheduleApi { - 시간이 정해진 경우 : 정해진 시간 """) @GetMapping("/schedules") - ResponseEntity getSchedules(HttpSession session); + ResponseEntity getSchedules(@UserId Integer userId); } diff --git a/src/main/java/gg/agit/konect/domain/schedule/controller/ScheduleController.java b/src/main/java/gg/agit/konect/domain/schedule/controller/ScheduleController.java index d62c6b38..d20c1abc 100644 --- a/src/main/java/gg/agit/konect/domain/schedule/controller/ScheduleController.java +++ b/src/main/java/gg/agit/konect/domain/schedule/controller/ScheduleController.java @@ -6,6 +6,7 @@ import gg.agit.konect.domain.schedule.dto.SchedulesResponse; import gg.agit.konect.domain.schedule.service.ScheduleService; +import gg.agit.konect.global.auth.annotation.UserId; import jakarta.servlet.http.HttpSession; import lombok.RequiredArgsConstructor; @@ -16,9 +17,8 @@ public class ScheduleController implements ScheduleApi { private final ScheduleService scheduleService; @GetMapping("/schedules") - public ResponseEntity getSchedules(HttpSession session) { - // Integer userId = (Integer) session.getAttribute("userId"); - SchedulesResponse response = scheduleService.getSchedules(1); + public ResponseEntity getSchedules(@UserId Integer userId) { + SchedulesResponse response = scheduleService.getSchedules(userId); return ResponseEntity.ok(response); } } diff --git a/src/main/java/gg/agit/konect/global/code/ApiResponseCode.java b/src/main/java/gg/agit/konect/global/code/ApiResponseCode.java index 6b8f3090..fba53da4 100644 --- a/src/main/java/gg/agit/konect/global/code/ApiResponseCode.java +++ b/src/main/java/gg/agit/konect/global/code/ApiResponseCode.java @@ -28,6 +28,8 @@ public enum ApiResponseCode { // 403 Forbidden (접근 권한 없음) FORBIDDEN_CHAT_ROOM_ACCESS(HttpStatus.FORBIDDEN, "채팅방에 접근할 권한이 없습니다."), FORBIDDEN_CLUB_FEE_INFO(HttpStatus.FORBIDDEN, "회비 정보 조회 권한이 없습니다."), + FORBIDDEN_CLUB_MEMBER_ACCESS(HttpStatus.FORBIDDEN, "동아리 멤버 조회 권한이 없습니다."), + FORBIDDEN_COUNCIL_NOTICE_ACCESS(HttpStatus.FORBIDDEN, "총동아리연합회 공지사항 조회 권한이 없습니다."), // 404 Not Found (리소스를 찾을 수 없음) NO_HANDLER_FOUND(HttpStatus.NOT_FOUND, "유효하지 않은 API 경로입니다."),