From 752ea4d3e25ea72b670a446110c34c922bd1e12e Mon Sep 17 00:00:00 2001 From: haerong22 Date: Wed, 24 Aug 2022 03:11:55 +0900 Subject: [PATCH] #16 board : apply security - article comments --- .../controller/ArticleCommentController.java | 27 +++++++++---------- .../repository/ArticleCommentRepository.java | 2 ++ .../board/service/ArticleCommentService.java | 4 +-- .../ArticleCommentControllerTest.java | 14 ++++++---- .../service/ArticleCommentServiceTest.java | 7 ++--- 5 files changed, 29 insertions(+), 25 deletions(-) diff --git a/board/src/main/java/com/example/board/controller/ArticleCommentController.java b/board/src/main/java/com/example/board/controller/ArticleCommentController.java index 00fa9e05..30749880 100644 --- a/board/src/main/java/com/example/board/controller/ArticleCommentController.java +++ b/board/src/main/java/com/example/board/controller/ArticleCommentController.java @@ -2,8 +2,10 @@ package com.example.board.controller; import com.example.board.dto.UserAccountDto; import com.example.board.dto.request.ArticleCommentRequest; +import com.example.board.dto.security.BoardPrincipal; import com.example.board.service.ArticleCommentService; import lombok.RequiredArgsConstructor; +import org.springframework.security.core.annotation.AuthenticationPrincipal; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.PostMapping; @@ -17,27 +19,22 @@ public class ArticleCommentController { private final ArticleCommentService articleCommentService; @PostMapping("/new") - public String postNewArticleComment(ArticleCommentRequest articleCommentRequest) { - - // TODO: 인증 정보 필요 - articleCommentService.saveArticleComment(articleCommentRequest.toDto( - UserAccountDto.of( - "bobby", - "1234", - "bobby@email.com", - null, - null - ) - )); + public String postNewArticleComment( + @AuthenticationPrincipal BoardPrincipal boardPrincipal, + ArticleCommentRequest articleCommentRequest + ) { + articleCommentService.saveArticleComment(articleCommentRequest.toDto(boardPrincipal.toDto())); return "redirect:/articles/" + articleCommentRequest.articleId(); } @PostMapping("/{commentId}/delete") - public String deleteArticleComment(@PathVariable Long commentId, - Long articleId) { + public String deleteArticleComment( + @PathVariable Long commentId, + @AuthenticationPrincipal BoardPrincipal boardPrincipal, + Long articleId) { - articleCommentService.deleteArticleComment(commentId); + articleCommentService.deleteArticleComment(commentId, boardPrincipal.getUsername()); return "redirect:/articles/" + articleId; } diff --git a/board/src/main/java/com/example/board/repository/ArticleCommentRepository.java b/board/src/main/java/com/example/board/repository/ArticleCommentRepository.java index ac9f2388..8564de80 100644 --- a/board/src/main/java/com/example/board/repository/ArticleCommentRepository.java +++ b/board/src/main/java/com/example/board/repository/ArticleCommentRepository.java @@ -21,6 +21,8 @@ public interface ArticleCommentRepository extends List findByArticle_Id(Long articleId); + void deleteByIdAndUserAccount_UserId(Long articleCommentId, String userId); + @Override default void customize(QuerydslBindings bindings, QArticleComment root) { bindings.excludeUnlistedProperties(true); diff --git a/board/src/main/java/com/example/board/service/ArticleCommentService.java b/board/src/main/java/com/example/board/service/ArticleCommentService.java index 27b90719..da0e2cdb 100644 --- a/board/src/main/java/com/example/board/service/ArticleCommentService.java +++ b/board/src/main/java/com/example/board/service/ArticleCommentService.java @@ -52,7 +52,7 @@ public class ArticleCommentService { } } - public void deleteArticleComment(Long articleCommentId) { - articleCommentRepository.deleteById(articleCommentId); + public void deleteArticleComment(Long articleCommentId, String userId) { + articleCommentRepository.deleteByIdAndUserAccount_UserId(articleCommentId, userId); } } diff --git a/board/src/test/java/com/example/board/controller/ArticleCommentControllerTest.java b/board/src/test/java/com/example/board/controller/ArticleCommentControllerTest.java index 8f09ad56..c7cf2ab9 100644 --- a/board/src/test/java/com/example/board/controller/ArticleCommentControllerTest.java +++ b/board/src/test/java/com/example/board/controller/ArticleCommentControllerTest.java @@ -1,6 +1,7 @@ package com.example.board.controller; import com.example.board.config.SecurityConfig; +import com.example.board.config.TestSecurityConfig; import com.example.board.dto.ArticleCommentDto; import com.example.board.dto.request.ArticleCommentRequest; import com.example.board.service.ArticleCommentService; @@ -12,6 +13,8 @@ import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest; import org.springframework.boot.test.mock.mockito.MockBean; import org.springframework.context.annotation.Import; import org.springframework.http.MediaType; +import org.springframework.security.test.context.support.TestExecutionEvent; +import org.springframework.security.test.context.support.WithUserDetails; import org.springframework.test.web.servlet.MockMvc; import java.util.Map; @@ -24,7 +27,7 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*; @DisplayName("View 컨트롤러 - 댓글") -@Import({SecurityConfig.class, FormDataEncoder.class}) +@Import({TestSecurityConfig.class, FormDataEncoder.class}) @WebMvcTest(ArticleCommentController.class) class ArticleCommentControllerTest { @@ -41,7 +44,7 @@ class ArticleCommentControllerTest { this.mockMvc = mockMvc; this.formDataEncoder = formDataEncoder; } - + @WithUserDetails(value = "testId", setupBefore = TestExecutionEvent.TEST_EXECUTION) @DisplayName("[view][POST] 댓글 등록 - 정상 호출") @Test void givenArticleCommentInfo_whenRequesting_thenSavesNewArticleComment() throws Exception { @@ -64,14 +67,15 @@ class ArticleCommentControllerTest { then(articleCommentService).should().saveArticleComment(any(ArticleCommentDto.class)); } + @WithUserDetails(value = "testId", setupBefore = TestExecutionEvent.TEST_EXECUTION) @DisplayName("[view][POST] 댓글 삭제 - 정상 호출") @Test void givenArticleCommentIdToDelete_whenRequesting_thenDeletesArticleComment() throws Exception { // Given long articleId = 1L; long articleCommentId = 1L; - String userId = "unoTest"; - willDoNothing().given(articleCommentService).deleteArticleComment(articleCommentId); + String userId = "testId"; + willDoNothing().given(articleCommentService).deleteArticleComment(articleCommentId, userId); // When & Then mockMvc.perform( @@ -84,6 +88,6 @@ class ArticleCommentControllerTest { .andExpect(view().name("redirect:/articles/" + articleId)) .andExpect(redirectedUrl("/articles/" + articleId)); - then(articleCommentService).should().deleteArticleComment(articleCommentId); + then(articleCommentService).should().deleteArticleComment(articleCommentId, userId); } } \ No newline at end of file diff --git a/board/src/test/java/com/example/board/service/ArticleCommentServiceTest.java b/board/src/test/java/com/example/board/service/ArticleCommentServiceTest.java index ee7238c4..a2300cee 100644 --- a/board/src/test/java/com/example/board/service/ArticleCommentServiceTest.java +++ b/board/src/test/java/com/example/board/service/ArticleCommentServiceTest.java @@ -131,13 +131,14 @@ class ArticleCommentServiceTest { void givenArticleCommentId_whenDeletingArticleComment_thenDeletesArticleComment() { // Given Long articleCommentId = 1L; - willDoNothing().given(articleCommentRepository).deleteById(articleCommentId); + String userId = "uno"; + willDoNothing().given(articleCommentRepository).deleteByIdAndUserAccount_UserId(articleCommentId, userId); // When - sut.deleteArticleComment(articleCommentId); + sut.deleteArticleComment(articleCommentId, userId); // Then - then(articleCommentRepository).should().deleteById(articleCommentId); + then(articleCommentRepository).should().deleteByIdAndUserAccount_UserId(articleCommentId, userId); }