diff --git a/src/main/java/com/susanghan_guys/server/personalwork/application/DcaBriefEvaluationService.java b/src/main/java/com/susanghan_guys/server/personalwork/application/DcaBriefEvaluationService.java index 19f8632..7e0b96e 100644 --- a/src/main/java/com/susanghan_guys/server/personalwork/application/DcaBriefEvaluationService.java +++ b/src/main/java/com/susanghan_guys/server/personalwork/application/DcaBriefEvaluationService.java @@ -24,7 +24,6 @@ @RequiredArgsConstructor public class DcaBriefEvaluationService { - private final CurrentUserProvider currentUserProvider; private final OpenAiPort openAiPort; private final OpenAiFactory openAiFactory; @@ -42,8 +41,7 @@ public DcaBriefEvaluationResponse createDcaBriefEvaluation(Long workId) { @Transactional(readOnly = true) public DcaBriefEvaluationResponse getDcaBriefEvaluation(Long workId) { - User user = currentUserProvider.getCurrentUser(); - personalWorkValidator.validatePersonalWorkOwner(workId, user); + personalWorkValidator.validatePersonalWorkAccessible(workId, currentUserProvider.getCurrentUser()); BriefAnalysis briefAnalysis = briefAnalysisRepository.findByWorkId(workId) .orElseThrow(() -> new PersonalWorkException(PersonalWorkErrorCode.BRIEF_ANALYSIS_NOT_FOUND)); diff --git a/src/main/java/com/susanghan_guys/server/personalwork/application/DcaWorkEvaluationService.java b/src/main/java/com/susanghan_guys/server/personalwork/application/DcaWorkEvaluationService.java index e610707..a2134b9 100644 --- a/src/main/java/com/susanghan_guys/server/personalwork/application/DcaWorkEvaluationService.java +++ b/src/main/java/com/susanghan_guys/server/personalwork/application/DcaWorkEvaluationService.java @@ -64,8 +64,7 @@ public DetailEvaluationResponse createDcaDetailEvaluation(Long workId, Evaluatio @Transactional(readOnly = true) public DcaWorkEvaluationResponse getDcaWorkEvaluation(Long workId) { - - personalWorkValidator.validatePersonalWorkOwner(workId, currentUserProvider.getCurrentUser()); + personalWorkValidator.validatePersonalWorkAccessible(workId, currentUserProvider.getCurrentUser()); List dcaEvals = evaluationRepository .findAllByWorkIdAndTypeIn(workId, EvaluationType.dcaTypes()); diff --git a/src/main/java/com/susanghan_guys/server/personalwork/application/StrengthWeaknessService.java b/src/main/java/com/susanghan_guys/server/personalwork/application/StrengthWeaknessService.java index ba6d06b..73bb18c 100644 --- a/src/main/java/com/susanghan_guys/server/personalwork/application/StrengthWeaknessService.java +++ b/src/main/java/com/susanghan_guys/server/personalwork/application/StrengthWeaknessService.java @@ -24,8 +24,7 @@ public class StrengthWeaknessService { @Transactional(readOnly = true) public List getStrengths(Long workId) { - User user = currentUserProvider.getCurrentUser(); - personalWorkValidator.validatePersonalWorkOwner(workId, user); + personalWorkValidator.validatePersonalWorkAccessible(workId, currentUserProvider.getCurrentUser()); personalWorkValidator.validateEvaluationExists(workId); List strengths = detailEvalRepository.findTopStrengths(workId, PageRequest.of(0, 3)); @@ -36,8 +35,7 @@ public List getStrengths(Long workId) @Transactional(readOnly = true) public List getWeaknesses(Long workId) { - User currentUser = currentUserProvider.getCurrentUser(); - personalWorkValidator.validatePersonalWorkOwner(workId, currentUser); + personalWorkValidator.validatePersonalWorkAccessible(workId, currentUserProvider.getCurrentUser()); personalWorkValidator.validateEvaluationExists(workId); List weaknesses = detailEvalRepository.findBottomWeaknesses(workId, PageRequest.of(0, 3)); diff --git a/src/main/java/com/susanghan_guys/server/personalwork/application/WorkReadService.java b/src/main/java/com/susanghan_guys/server/personalwork/application/WorkReadService.java index 75b94d0..8b47fa4 100644 --- a/src/main/java/com/susanghan_guys/server/personalwork/application/WorkReadService.java +++ b/src/main/java/com/susanghan_guys/server/personalwork/application/WorkReadService.java @@ -25,7 +25,7 @@ public class WorkReadService { @Transactional(readOnly = true) public DetailEvaluationResponse getDetailEvaluation(Long workId, EvaluationType type) { - personalWorkValidator.validatePersonalWorkOwner(workId, currentUserProvider.getCurrentUser()); + personalWorkValidator.validatePersonalWorkAccessible(workId, currentUserProvider.getCurrentUser()); personalWorkValidator.validateEvaluationExists(workId); List detailEvals = detailEvalRepository.findByWorkIdAndEvaluationType(workId, type); diff --git a/src/main/java/com/susanghan_guys/server/personalwork/application/YccWorkEvaluationService.java b/src/main/java/com/susanghan_guys/server/personalwork/application/YccWorkEvaluationService.java index 6b6efbc..422d994 100644 --- a/src/main/java/com/susanghan_guys/server/personalwork/application/YccWorkEvaluationService.java +++ b/src/main/java/com/susanghan_guys/server/personalwork/application/YccWorkEvaluationService.java @@ -74,8 +74,7 @@ public DetailEvaluationResponse createYccDetailEvaluation(Long workId, Evaluatio @Transactional(readOnly = true) public YccWorkEvaluationResponse getYccWorkEvaluation(Long workId) { - - personalWorkValidator.validatePersonalWorkOwner(workId, currentUserProvider.getCurrentUser()); + personalWorkValidator.validatePersonalWorkAccessible(workId, currentUserProvider.getCurrentUser()); List yccEvals = evaluationRepository .findAllByWorkIdAndTypeIn(workId, EvaluationType.yccTypes()); diff --git a/src/main/java/com/susanghan_guys/server/personalwork/application/validator/PersonalWorkValidator.java b/src/main/java/com/susanghan_guys/server/personalwork/application/validator/PersonalWorkValidator.java index c3f5e42..c11e2e7 100644 --- a/src/main/java/com/susanghan_guys/server/personalwork/application/validator/PersonalWorkValidator.java +++ b/src/main/java/com/susanghan_guys/server/personalwork/application/validator/PersonalWorkValidator.java @@ -6,6 +6,7 @@ import com.susanghan_guys.server.user.domain.User; import com.susanghan_guys.server.work.domain.Work; import com.susanghan_guys.server.work.infrastructure.persistence.WorkRepository; +import com.susanghan_guys.server.work.infrastructure.persistence.WorkVisibilityRepository; import lombok.RequiredArgsConstructor; import org.springframework.stereotype.Component; @@ -17,6 +18,7 @@ public class PersonalWorkValidator { private final WorkRepository workRepository; private final EvaluationRepository evaluationRepository; + private final WorkVisibilityRepository workVisibilityRepository; public boolean isOwner(Long workId, Long userId) { Work work = workRepository.findById(workId) @@ -34,6 +36,18 @@ public void validatePersonalWorkOwner(Long workId, User user) { } } + public void validatePersonalWorkAccessible(Long workId, User user) { + Work work = workRepository.findById(workId) + .orElseThrow(() -> new PersonalWorkException(PersonalWorkErrorCode.WORK_NOT_FOUND)); + + boolean isOwner = work.getUser().equals(user); + boolean isVerifiedCode = workVisibilityRepository.existsByWorkIdAndUserIdAndVisibleTrue(workId, user.getId()); + + if (!isOwner && !isVerifiedCode) { + throw new PersonalWorkException(PersonalWorkErrorCode.WORK_ACCESS_DENIED); + } + } + public void validatePersonalWork(List imageUrls) { if (imageUrls.isEmpty()) { throw new PersonalWorkException(PersonalWorkErrorCode.WORK_IMAGE_NOT_FOUND); diff --git a/src/main/java/com/susanghan_guys/server/personalwork/exception/code/PersonalWorkErrorCode.java b/src/main/java/com/susanghan_guys/server/personalwork/exception/code/PersonalWorkErrorCode.java index fec62df..fbd7b0e 100644 --- a/src/main/java/com/susanghan_guys/server/personalwork/exception/code/PersonalWorkErrorCode.java +++ b/src/main/java/com/susanghan_guys/server/personalwork/exception/code/PersonalWorkErrorCode.java @@ -17,6 +17,7 @@ public enum PersonalWorkErrorCode implements BaseCode { DETAIL_EVALUATION_TYPE_NOT_FOUND(HttpStatus.NOT_FOUND, 404, "해당 타입의 세부 총평을 찾을 수 없습니다."), BRIEF_ANALYSIS_NOT_FOUND(HttpStatus.NOT_FOUND, 404, "브리프 해석을 찾을 수 없습니다."), UNSUPPORTED_WORK_TYPE(HttpStatus.BAD_REQUEST, 400, "실행할 수 없는 타입의 출품작입니다."), + WORK_ACCESS_DENIED(HttpStatus.FORBIDDEN, 403, "작품 열람 권한이 없습니다."), ; private final HttpStatus httpStatus;