add: secured USER for ticket APIs

2022-07-15 04:33:48 +09:00
parent fa8fa6b923
commit 535f3d69c1
1 changed files with 5 additions and 0 deletions
--- a/server/src/main/java/com/ticketing/server/movie/application/TicketController.java
+++ b/server/src/main/java/com/ticketing/server/movie/application/TicketController.java
@@ -1,5 +1,7 @@
 package com.ticketing.server.movie.application;

+import static com.ticketing.server.user.domain.UserGrade.ROLES.USER;
+
 import com.ticketing.server.movie.application.response.TicketDetailsResponse;
 import com.ticketing.server.movie.application.response.TicketListResponse;
 import com.ticketing.server.movie.service.dto.TicketDetailsDTO;
@@ -10,6 +12,7 @@ import javax.validation.constraints.NotNull;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.annotation.Secured;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -26,6 +29,7 @@ public class TicketController {
 	private final TicketService ticketService;

 	@GetMapping
+	@Secured(USER)
 	public ResponseEntity<TicketListResponse> getTickets(
 		@ApiParam(value = "영화 시간표 ID", required = true) @RequestParam @NotNull Long movieTimeId) {
 		TicketListDTO ticketListDto = ticketService.getTickets(movieTimeId);
@@ -37,6 +41,7 @@ public class TicketController {
 	}

 	@GetMapping("payments/{paymentId}")
+	@Secured(USER)
 	public ResponseEntity<TicketDetailsResponse> findTicketsByPaymentId(
 		@PathVariable("paymentId") @NotNull Long paymentId) {
 		TicketDetailsDTO tickets = ticketService.findTicketsByPaymentId(paymentId);