#16 board : apply security - article comments

2022-08-24 03:11:55 +09:00
parent 118f8b06e5
commit 752ea4d3e2
5 changed files with 29 additions and 25 deletions
--- a/board/src/main/java/com/example/board/controller/ArticleCommentController.java
+++ b/board/src/main/java/com/example/board/controller/ArticleCommentController.java
@@ -2,8 +2,10 @@ package com.example.board.controller;

 import com.example.board.dto.UserAccountDto;
 import com.example.board.dto.request.ArticleCommentRequest;
+import com.example.board.dto.security.BoardPrincipal;
 import com.example.board.service.ArticleCommentService;
 import lombok.RequiredArgsConstructor;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -17,27 +19,22 @@ public class ArticleCommentController {
    private final ArticleCommentService articleCommentService;

    @PostMapping("/new")
-    public String postNewArticleComment(ArticleCommentRequest articleCommentRequest) {
-
-        // TODO: 인증 정보 필요
-        articleCommentService.saveArticleComment(articleCommentRequest.toDto(
-                UserAccountDto.of(
-                        "bobby",
-                        "1234",
-                        "bobby@email.com",
-                        null,
-                        null
-                )
-        ));
+    public String postNewArticleComment(
+            @AuthenticationPrincipal BoardPrincipal boardPrincipal,
+            ArticleCommentRequest articleCommentRequest
+    ) {
+        articleCommentService.saveArticleComment(articleCommentRequest.toDto(boardPrincipal.toDto()));

        return "redirect:/articles/" + articleCommentRequest.articleId();
    }

    @PostMapping("/{commentId}/delete")
-    public String deleteArticleComment(@PathVariable Long commentId,
-                                       Long articleId) {
+    public String deleteArticleComment(
+            @PathVariable Long commentId,
+            @AuthenticationPrincipal BoardPrincipal boardPrincipal,
+            Long articleId) {

-        articleCommentService.deleteArticleComment(commentId);
+        articleCommentService.deleteArticleComment(commentId, boardPrincipal.getUsername());

        return "redirect:/articles/" + articleId;
    }
--- a/board/src/main/java/com/example/board/repository/ArticleCommentRepository.java
+++ b/board/src/main/java/com/example/board/repository/ArticleCommentRepository.java
@@ -21,6 +21,8 @@ public interface ArticleCommentRepository extends

    List<ArticleComment> findByArticle_Id(Long articleId);

+    void deleteByIdAndUserAccount_UserId(Long articleCommentId, String userId);
+
    @Override
    default void customize(QuerydslBindings bindings, QArticleComment root) {
        bindings.excludeUnlistedProperties(true);
--- a/board/src/main/java/com/example/board/service/ArticleCommentService.java
+++ b/board/src/main/java/com/example/board/service/ArticleCommentService.java
@@ -52,7 +52,7 @@ public class ArticleCommentService {
        }
    }

-    public void deleteArticleComment(Long articleCommentId) {
-        articleCommentRepository.deleteById(articleCommentId);
+    public void deleteArticleComment(Long articleCommentId, String userId) {
+        articleCommentRepository.deleteByIdAndUserAccount_UserId(articleCommentId, userId);
    }
 }
--- a/board/src/test/java/com/example/board/controller/ArticleCommentControllerTest.java
+++ b/board/src/test/java/com/example/board/controller/ArticleCommentControllerTest.java
@@ -1,6 +1,7 @@
 package com.example.board.controller;

 import com.example.board.config.SecurityConfig;
+import com.example.board.config.TestSecurityConfig;
 import com.example.board.dto.ArticleCommentDto;
 import com.example.board.dto.request.ArticleCommentRequest;
 import com.example.board.service.ArticleCommentService;
@@ -12,6 +13,8 @@ import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
 import org.springframework.boot.test.mock.mockito.MockBean;
 import org.springframework.context.annotation.Import;
 import org.springframework.http.MediaType;
+import org.springframework.security.test.context.support.TestExecutionEvent;
+import org.springframework.security.test.context.support.WithUserDetails;
 import org.springframework.test.web.servlet.MockMvc;

 import java.util.Map;
@@ -24,7 +27,7 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;

@DisplayName("View 컨트롤러 - 댓글")
-@Import({SecurityConfig.class, FormDataEncoder.class})
+@Import({TestSecurityConfig.class, FormDataEncoder.class})
@WebMvcTest(ArticleCommentController.class)
 class ArticleCommentControllerTest {

@@ -41,7 +44,7 @@ class ArticleCommentControllerTest {
        this.mockMvc = mockMvc;
        this.formDataEncoder = formDataEncoder;
    }
-
+    @WithUserDetails(value = "testId", setupBefore = TestExecutionEvent.TEST_EXECUTION)
    @DisplayName("[view][POST] 댓글 등록 - 정상 호출")
    @Test
    void givenArticleCommentInfo_whenRequesting_thenSavesNewArticleComment() throws Exception {
@@ -64,14 +67,15 @@ class ArticleCommentControllerTest {
        then(articleCommentService).should().saveArticleComment(any(ArticleCommentDto.class));
    }

+    @WithUserDetails(value = "testId", setupBefore = TestExecutionEvent.TEST_EXECUTION)
    @DisplayName("[view][POST] 댓글 삭제 - 정상 호출")
    @Test
    void givenArticleCommentIdToDelete_whenRequesting_thenDeletesArticleComment() throws Exception {
        // Given
        long articleId = 1L;
        long articleCommentId = 1L;
-        String userId = "unoTest";
-        willDoNothing().given(articleCommentService).deleteArticleComment(articleCommentId);
+        String userId = "testId";
+        willDoNothing().given(articleCommentService).deleteArticleComment(articleCommentId, userId);

        // When & Then
        mockMvc.perform(
@@ -84,6 +88,6 @@ class ArticleCommentControllerTest {
                .andExpect(view().name("redirect:/articles/" + articleId))
                .andExpect(redirectedUrl("/articles/" + articleId));

-        then(articleCommentService).should().deleteArticleComment(articleCommentId);
+        then(articleCommentService).should().deleteArticleComment(articleCommentId, userId);
    }
 }
--- a/board/src/test/java/com/example/board/service/ArticleCommentServiceTest.java
+++ b/board/src/test/java/com/example/board/service/ArticleCommentServiceTest.java
@@ -131,13 +131,14 @@ class ArticleCommentServiceTest {
    void givenArticleCommentId_whenDeletingArticleComment_thenDeletesArticleComment() {
        // Given
        Long articleCommentId = 1L;
-        willDoNothing().given(articleCommentRepository).deleteById(articleCommentId);
+        String userId = "uno";
+        willDoNothing().given(articleCommentRepository).deleteByIdAndUserAccount_UserId(articleCommentId, userId);

        // When
-        sut.deleteArticleComment(articleCommentId);
+        sut.deleteArticleComment(articleCommentId, userId);

        // Then
-        then(articleCommentRepository).should().deleteById(articleCommentId);
+        then(articleCommentRepository).should().deleteByIdAndUserAccount_UserId(articleCommentId, userId);
    }