diff --git a/backend/src/main/java/reviewme/highlight/controller/HighlightController.java b/backend/src/main/java/reviewme/highlight/controller/HighlightController.java index fa4aa380e..e01893791 100644 --- a/backend/src/main/java/reviewme/highlight/controller/HighlightController.java +++ b/backend/src/main/java/reviewme/highlight/controller/HighlightController.java @@ -6,10 +6,9 @@ import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RestController; +import reviewme.global.authorization.RequireReviewGroupAccess; import reviewme.highlight.service.HighlightService; import reviewme.highlight.service.dto.HighlightsRequest; -import reviewme.reviewgroup.controller.ReviewGroupSession; -import reviewme.reviewgroup.domain.ReviewGroup; @RestController @RequiredArgsConstructor @@ -18,6 +17,7 @@ public class HighlightController { private final HighlightService highlightService; @PostMapping("/v2/highlight") + @RequireReviewGroupAccess(target = "#request.reviewGroupId()") public ResponseEntity highlight( @Valid @RequestBody HighlightsRequest request ) { diff --git a/backend/src/main/java/reviewme/highlight/service/HighlightService.java b/backend/src/main/java/reviewme/highlight/service/HighlightService.java index 9c1e2654e..d88589f0d 100644 --- a/backend/src/main/java/reviewme/highlight/service/HighlightService.java +++ b/backend/src/main/java/reviewme/highlight/service/HighlightService.java @@ -4,7 +4,6 @@ import lombok.RequiredArgsConstructor; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; -import reviewme.global.authorization.RequireReviewGroupAccess; import reviewme.highlight.domain.Highlight; import reviewme.highlight.repository.HighlightRepository; import reviewme.highlight.service.dto.HighlightsRequest; @@ -24,7 +23,6 @@ public class HighlightService { private final HighlightMapper highlightMapper; private final AnswerValidator answerValidator; - @RequireReviewGroupAccess(target = "#highlightsRequest.reviewGroupId()") @Transactional public void editHighlight(HighlightsRequest highlightsRequest) { ReviewGroup reviewGroup = reviewGroupRepository.findById(highlightsRequest.reviewGroupId()) diff --git a/backend/src/main/java/reviewme/review/controller/ReviewController.java b/backend/src/main/java/reviewme/review/controller/ReviewController.java index 8f50a5f8d..b399e028a 100644 --- a/backend/src/main/java/reviewme/review/controller/ReviewController.java +++ b/backend/src/main/java/reviewme/review/controller/ReviewController.java @@ -10,6 +10,8 @@ import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RestController; +import reviewme.global.authorization.RequireReviewAccess; +import reviewme.global.authorization.RequireReviewGroupAccess; import reviewme.review.service.ReviewDetailLookupService; import reviewme.review.service.ReviewGatheredLookupService; import reviewme.review.service.ReviewListLookupService; @@ -49,6 +51,7 @@ public ResponseEntity createReview( } @GetMapping("/v2/groups/{reviewGroupId}/reviews/received") + @RequireReviewGroupAccess(target = "#reviewGroupId") public ResponseEntity findReceivedReviews( @PathVariable long reviewGroupId, @RequestParam(required = false) Long lastReviewId, @@ -59,6 +62,7 @@ public ResponseEntity findReceivedReviews( } @GetMapping("/v2/reviews/{id}") + @RequireReviewAccess(target = "#id") public ResponseEntity findReceivedReviewDetail( @PathVariable long id ) { @@ -67,6 +71,7 @@ public ResponseEntity findReceivedReviewDetail( } @GetMapping("/v2/groups/{reviewGroupId}/reviews/summary") + @RequireReviewGroupAccess(target = "#reviewGroupId") public ResponseEntity findReceivedReviewOverview( @PathVariable long reviewGroupId ) { @@ -75,6 +80,7 @@ public ResponseEntity findReceivedReviewOverview } @GetMapping("/v2/groups/{reviewGroupId}/reviews/gather") + @RequireReviewGroupAccess(target = "#reviewGroupId") public ResponseEntity getReceivedReviewsBySectionId( @PathVariable long reviewGroupId, @RequestParam("sectionId") long sectionId diff --git a/backend/src/main/java/reviewme/review/service/ReviewDetailLookupService.java b/backend/src/main/java/reviewme/review/service/ReviewDetailLookupService.java index e82f48a9e..1ffe11cc0 100644 --- a/backend/src/main/java/reviewme/review/service/ReviewDetailLookupService.java +++ b/backend/src/main/java/reviewme/review/service/ReviewDetailLookupService.java @@ -3,7 +3,6 @@ import lombok.AllArgsConstructor; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; -import reviewme.global.authorization.RequireReviewAccess; import reviewme.review.domain.Review; import reviewme.review.repository.ReviewRepository; import reviewme.review.service.dto.response.detail.ReviewDetailResponse; @@ -22,7 +21,6 @@ public class ReviewDetailLookupService { private final ReviewGroupRepository reviewGroupRepository; private final ReviewDetailMapper reviewDetailMapper; - @RequireReviewAccess @Transactional(readOnly = true) public ReviewDetailResponse getReviewDetail(long reviewId) { Review review = reviewRepository.findById(reviewId) diff --git a/backend/src/main/java/reviewme/review/service/ReviewGatheredLookupService.java b/backend/src/main/java/reviewme/review/service/ReviewGatheredLookupService.java index 3d90b7aff..783fb0851 100644 --- a/backend/src/main/java/reviewme/review/service/ReviewGatheredLookupService.java +++ b/backend/src/main/java/reviewme/review/service/ReviewGatheredLookupService.java @@ -7,7 +7,6 @@ import lombok.RequiredArgsConstructor; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; -import reviewme.global.authorization.RequireReviewGroupAccess; import reviewme.highlight.domain.Highlight; import reviewme.highlight.repository.HighlightRepository; import reviewme.review.domain.Answer; @@ -37,7 +36,6 @@ public class ReviewGatheredLookupService { private final ReviewGatherMapper reviewGatherMapper; private final ReviewGroupRepository reviewGroupRepository; - @RequireReviewGroupAccess @Transactional(readOnly = true) public ReviewsGatheredBySectionResponse getReceivedReviewsBySectionId(long reviewGroupId, long sectionId) { ReviewGroup reviewGroup = reviewGroupRepository.findById(reviewGroupId) diff --git a/backend/src/main/java/reviewme/review/service/ReviewListLookupService.java b/backend/src/main/java/reviewme/review/service/ReviewListLookupService.java index 97573cef5..08a346d94 100644 --- a/backend/src/main/java/reviewme/review/service/ReviewListLookupService.java +++ b/backend/src/main/java/reviewme/review/service/ReviewListLookupService.java @@ -4,11 +4,10 @@ import lombok.RequiredArgsConstructor; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; -import reviewme.global.authorization.RequireReviewGroupAccess; import reviewme.review.repository.ReviewRepository; import reviewme.review.service.dto.response.list.AuthoredReviewsResponse; -import reviewme.review.service.dto.response.list.ReceivedReviewPageResponse; import reviewme.review.service.dto.response.list.ReceivedReviewPageElementResponse; +import reviewme.review.service.dto.response.list.ReceivedReviewPageResponse; import reviewme.review.service.mapper.ReviewListMapper; import reviewme.reviewgroup.domain.ReviewGroup; import reviewme.reviewgroup.domain.exception.ReviewGroupNotFoundException; @@ -22,7 +21,6 @@ public class ReviewListLookupService { private final ReviewListMapper reviewListMapper; private final ReviewGroupRepository reviewGroupRepository; - @RequireReviewGroupAccess @Transactional(readOnly = true) public ReceivedReviewPageResponse getReceivedReviews(long reviewGroupId, Long lastReviewId, Integer size) { ReviewGroup reviewGroup = reviewGroupRepository.findById(reviewGroupId) diff --git a/backend/src/main/java/reviewme/review/service/ReviewSummaryService.java b/backend/src/main/java/reviewme/review/service/ReviewSummaryService.java index c7847f5b1..4526682ff 100644 --- a/backend/src/main/java/reviewme/review/service/ReviewSummaryService.java +++ b/backend/src/main/java/reviewme/review/service/ReviewSummaryService.java @@ -3,7 +3,6 @@ import lombok.RequiredArgsConstructor; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; -import reviewme.global.authorization.RequireReviewGroupAccess; import reviewme.review.repository.ReviewRepository; import reviewme.review.service.dto.response.list.ReceivedReviewsSummaryResponse; import reviewme.reviewgroup.domain.ReviewGroup; @@ -17,7 +16,6 @@ public class ReviewSummaryService { private final ReviewRepository reviewRepository; private final ReviewGroupRepository reviewGroupRepository; - @RequireReviewGroupAccess @Transactional(readOnly = true) public ReceivedReviewsSummaryResponse getReviewSummary(long reviewGroupId) { ReviewGroup reviewGroup = reviewGroupRepository.findById(reviewGroupId)