refactor: 서비스가 아닌 컨트롤러에서 권한 검증하도록

backend/src/main/java/reviewme/highlight/controller/HighlightController.java

@@ -6,10 +6,9 @@
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RestController;
+import reviewme.global.authorization.RequireReviewGroupAccess;
 import reviewme.highlight.service.HighlightService;
 import reviewme.highlight.service.dto.HighlightsRequest;
-import reviewme.reviewgroup.controller.ReviewGroupSession;
-import reviewme.reviewgroup.domain.ReviewGroup;
 
 @RestController
 @RequiredArgsConstructor
@@ -18,6 +17,7 @@ public class HighlightController {
     private final HighlightService highlightService;
 
     @PostMapping("/v2/highlight")
+    @RequireReviewGroupAccess(target = "#request.reviewGroupId()")
     public ResponseEntity<Void> highlight(
             @Valid @RequestBody HighlightsRequest request
     ) {

backend/src/main/java/reviewme/highlight/service/HighlightService.java

@@ -4,7 +4,6 @@
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
-import reviewme.global.authorization.RequireReviewGroupAccess;
 import reviewme.highlight.domain.Highlight;
 import reviewme.highlight.repository.HighlightRepository;
 import reviewme.highlight.service.dto.HighlightsRequest;
@@ -24,7 +23,6 @@ public class HighlightService {
     private final HighlightMapper highlightMapper;
     private final AnswerValidator answerValidator;
 
-    @RequireReviewGroupAccess(target = "#highlightsRequest.reviewGroupId()")
     @Transactional
     public void editHighlight(HighlightsRequest highlightsRequest) {
         ReviewGroup reviewGroup = reviewGroupRepository.findById(highlightsRequest.reviewGroupId())

backend/src/main/java/reviewme/review/controller/ReviewController.java

@@ -10,6 +10,8 @@
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
+import reviewme.global.authorization.RequireReviewAccess;
+import reviewme.global.authorization.RequireReviewGroupAccess;
 import reviewme.review.service.ReviewDetailLookupService;
 import reviewme.review.service.ReviewGatheredLookupService;
 import reviewme.review.service.ReviewListLookupService;
@@ -49,6 +51,7 @@ public ResponseEntity<Void> createReview(
     }
 
     @GetMapping("/v2/groups/{reviewGroupId}/reviews/received")
+    @RequireReviewGroupAccess(target = "#reviewGroupId")
     public ResponseEntity<ReceivedReviewPageResponse> findReceivedReviews(
             @PathVariable long reviewGroupId,
             @RequestParam(required = false) Long lastReviewId,
@@ -59,6 +62,7 @@ public ResponseEntity<ReceivedReviewPageResponse> findReceivedReviews(
     }
 
     @GetMapping("/v2/reviews/{id}")
+    @RequireReviewAccess(target = "#id")
     public ResponseEntity<ReviewDetailResponse> findReceivedReviewDetail(
             @PathVariable long id
     ) {
@@ -67,6 +71,7 @@ public ResponseEntity<ReviewDetailResponse> findReceivedReviewDetail(
     }
 
     @GetMapping("/v2/groups/{reviewGroupId}/reviews/summary")
+    @RequireReviewGroupAccess(target = "#reviewGroupId")
     public ResponseEntity<ReceivedReviewsSummaryResponse> findReceivedReviewOverview(
             @PathVariable long reviewGroupId
     ) {
@@ -75,6 +80,7 @@ public ResponseEntity<ReceivedReviewsSummaryResponse> findReceivedReviewOverview
     }
 
     @GetMapping("/v2/groups/{reviewGroupId}/reviews/gather")
+    @RequireReviewGroupAccess(target = "#reviewGroupId")
     public ResponseEntity<ReviewsGatheredBySectionResponse> getReceivedReviewsBySectionId(
             @PathVariable long reviewGroupId,
             @RequestParam("sectionId") long sectionId

backend/src/main/java/reviewme/review/service/ReviewDetailLookupService.java

@@ -3,7 +3,6 @@
 import lombok.AllArgsConstructor;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
-import reviewme.global.authorization.RequireReviewAccess;
 import reviewme.review.domain.Review;
 import reviewme.review.repository.ReviewRepository;
 import reviewme.review.service.dto.response.detail.ReviewDetailResponse;
@@ -22,7 +21,6 @@ public class ReviewDetailLookupService {
     private final ReviewGroupRepository reviewGroupRepository;
     private final ReviewDetailMapper reviewDetailMapper;
 
-    @RequireReviewAccess
     @Transactional(readOnly = true)
     public ReviewDetailResponse getReviewDetail(long reviewId) {
         Review review = reviewRepository.findById(reviewId)

backend/src/main/java/reviewme/review/service/ReviewGatheredLookupService.java

@@ -7,7 +7,6 @@
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
-import reviewme.global.authorization.RequireReviewGroupAccess;
 import reviewme.highlight.domain.Highlight;
 import reviewme.highlight.repository.HighlightRepository;
 import reviewme.review.domain.Answer;
@@ -37,7 +36,6 @@ public class ReviewGatheredLookupService {
     private final ReviewGatherMapper reviewGatherMapper;
     private final ReviewGroupRepository reviewGroupRepository;
 
-    @RequireReviewGroupAccess
     @Transactional(readOnly = true)
     public ReviewsGatheredBySectionResponse getReceivedReviewsBySectionId(long reviewGroupId, long sectionId) {
         ReviewGroup reviewGroup = reviewGroupRepository.findById(reviewGroupId)

backend/src/main/java/reviewme/review/service/ReviewListLookupService.java

@@ -4,11 +4,10 @@
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
-import reviewme.global.authorization.RequireReviewGroupAccess;
 import reviewme.review.repository.ReviewRepository;
 import reviewme.review.service.dto.response.list.AuthoredReviewsResponse;
-import reviewme.review.service.dto.response.list.ReceivedReviewPageResponse;
 import reviewme.review.service.dto.response.list.ReceivedReviewPageElementResponse;
+import reviewme.review.service.dto.response.list.ReceivedReviewPageResponse;
 import reviewme.review.service.mapper.ReviewListMapper;
 import reviewme.reviewgroup.domain.ReviewGroup;
 import reviewme.reviewgroup.domain.exception.ReviewGroupNotFoundException;
@@ -22,7 +21,6 @@ public class ReviewListLookupService {
     private final ReviewListMapper reviewListMapper;
     private final ReviewGroupRepository reviewGroupRepository;
 
-    @RequireReviewGroupAccess
     @Transactional(readOnly = true)
     public ReceivedReviewPageResponse getReceivedReviews(long reviewGroupId, Long lastReviewId, Integer size) {
         ReviewGroup reviewGroup = reviewGroupRepository.findById(reviewGroupId)

backend/src/main/java/reviewme/review/service/ReviewSummaryService.java

@@ -3,7 +3,6 @@
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
-import reviewme.global.authorization.RequireReviewGroupAccess;
 import reviewme.review.repository.ReviewRepository;
 import reviewme.review.service.dto.response.list.ReceivedReviewsSummaryResponse;
 import reviewme.reviewgroup.domain.ReviewGroup;
@@ -17,7 +16,6 @@ public class ReviewSummaryService {
     private final ReviewRepository reviewRepository;
     private final ReviewGroupRepository reviewGroupRepository;
 
-    @RequireReviewGroupAccess
     @Transactional(readOnly = true)
     public ReceivedReviewsSummaryResponse getReviewSummary(long reviewGroupId) {
         ReviewGroup reviewGroup = reviewGroupRepository.findById(reviewGroupId)