diff --git a/backend/src/main/java/harustudy/backend/content/service/ContentService.java b/backend/src/main/java/harustudy/backend/content/service/ContentService.java index 9c3cc1bd..2c6af045 100644 --- a/backend/src/main/java/harustudy/backend/content/service/ContentService.java +++ b/backend/src/main/java/harustudy/backend/content/service/ContentService.java @@ -1,6 +1,7 @@ package harustudy.backend.content.service; import harustudy.backend.auth.dto.AuthMember; +import harustudy.backend.auth.exception.AuthorizationException; import harustudy.backend.content.domain.Content; import harustudy.backend.content.dto.ContentResponse; import harustudy.backend.content.dto.ContentsResponse; @@ -11,6 +12,7 @@ import harustudy.backend.member.domain.Member; import harustudy.backend.member.repository.MemberRepository; import harustudy.backend.participant.domain.Participant; +import harustudy.backend.participant.exception.ParticipantNotFoundException; import harustudy.backend.participant.repository.ParticipantRepository; import harustudy.backend.study.domain.Study; import harustudy.backend.study.repository.StudyRepository; @@ -33,16 +35,34 @@ public class ContentService { @Transactional(readOnly = true) public ContentsResponse findContentsWithFilter(AuthMember authMember, Long studyId, Long participantId, Integer cycle) { - Participant participant = participantRepository.findByIdIfExists(participantId); Study study = studyRepository.findByIdIfExists(studyId); + List participants = participantRepository.findByStudy(study); Member member = memberRepository.findByIdIfExists(authMember.id()); - participant.validateIsCreatedByMember(member); - participant.validateIsBelongsTo(study); + validateMemberIncludedIn(participants, member); + Participant participant = findParticipantById(participants, participantId); return getContentsResponseByCycleFilter(cycle, participant); } + private void validateMemberIncludedIn(List participants, Member member) { + if (isMemberNotIncludedInParticipants(member, participants)) { + throw new AuthorizationException(); + } + } + + private boolean isMemberNotIncludedInParticipants(Member member, List participants) { + return participants.stream() + .noneMatch(participant -> participant.isCreatedBy(member)); + } + + private Participant findParticipantById(List participants, Long participantId) { + return participants.stream() + .filter(participant -> participant.isSameId(participantId)) + .findFirst() + .orElseThrow(ParticipantNotFoundException::new); + } + private ContentsResponse getContentsResponseByCycleFilter(Integer cycle, Participant participant) { List contents = participant.getContents(); if (Objects.isNull(cycle)) { diff --git a/backend/src/main/java/harustudy/backend/participant/domain/Participant.java b/backend/src/main/java/harustudy/backend/participant/domain/Participant.java index 12cbd01f..e13c8a99 100644 --- a/backend/src/main/java/harustudy/backend/participant/domain/Participant.java +++ b/backend/src/main/java/harustudy/backend/participant/domain/Participant.java @@ -76,22 +76,22 @@ public void generateContents(int totalCycle) { } } + public boolean isSameId(Long id) { + return this.id.equals(id); + } + public boolean isParticipantOf(Study study) { return this.study.getId().equals(study.getId()); } - public boolean isNotCreatedBy(Member member) { - return !this.member.getId().equals(member.getId()); + public boolean isCreatedBy(Member member) { + return this.member.getId().equals(member.getId()); } public boolean hasSameNicknameWith(Participant participant) { return this.nickname.equals(participant.nickname); } - public boolean isNotIncludedIn(Study other) { - return !study.getId().equals(other.getId()); - } - public void validateIsHost() { if (!isHost) { throw new ParticipantIsNotHostException(); @@ -105,7 +105,7 @@ public void validateIsBelongsTo(Study study) { } public void validateIsCreatedByMember(Member member) { - if (isNotCreatedBy(member)) { + if (!isCreatedBy(member)) { throw new AuthorizationException(); } } diff --git a/backend/src/test/java/harustudy/backend/content/service/ContentServiceTest.java b/backend/src/test/java/harustudy/backend/content/service/ContentServiceTest.java index 57ab8044..3c559059 100644 --- a/backend/src/test/java/harustudy/backend/content/service/ContentServiceTest.java +++ b/backend/src/test/java/harustudy/backend/content/service/ContentServiceTest.java @@ -6,6 +6,7 @@ import static org.junit.jupiter.api.Assertions.assertDoesNotThrow; import harustudy.backend.auth.dto.AuthMember; +import harustudy.backend.auth.exception.AuthorizationException; import harustudy.backend.content.domain.Content; import harustudy.backend.content.dto.ContentResponse; import harustudy.backend.content.dto.ContentsResponse; @@ -45,6 +46,7 @@ class ContentServiceTest { private Study study; private Member member; + private Member member2; private Participant participant; private Content content; @@ -52,12 +54,13 @@ class ContentServiceTest { void setUp() { study = new Study("studyName", 1, 20); member = new Member("nickname", "email", "imageUrl", LoginType.GUEST); + member2 = new Member("nickname2", "email2", "imageUrl2", LoginType.GUEST); participant = Participant.createParticipantOfStudy(study, member, "nickname"); - content = new Content(participant, 1); entityManager.persist(study); entityManager.persist(member); + entityManager.persist(member2); entityManager.persist(participant); entityManager.persist(content); @@ -224,6 +227,26 @@ void setUp() { assertThat(content).isEqualTo(expectedContentResponses); } + @Test + void 스터디원은_같은_스터디_내_다른_멤버의_콘텐츠를_조회할_수_있다() { + // given + AuthMember authMember = new AuthMember(member.getId()); + Participant participant2 = Participant.createParticipantOfStudy(study, member2, "nickname2"); + Content contentOfMember2 = new Content(participant2, 1); + + entityManager.persist(participant2); + entityManager.persist(contentOfMember2); + + EntityManagerUtil.flushAndClearContext(entityManager); + + // when + ContentsResponse contentsWithFilter = contentService.findContentsWithFilter(authMember, + study.getId(), participant2.getId(), null); + + // then + assertThat(contentsWithFilter.content().size()).isEqualTo(1); + } + @Test void 스터디에_참여한_특정_스터디원의_콘텐츠를_조회시_스터디가_없으면_예외를_던진다() { // given @@ -247,4 +270,14 @@ void setUp() { study.getId(), 999L, null)) .isInstanceOf(ParticipantNotFoundException.class); } + + @Test + void 같은_스터디에_참여하지_않은_멤버가_다른_스터디_멤버의_콘텐츠를_조회하면_예외를_던진다() { + // given + AuthMember authMember = new AuthMember(member2.getId()); + + // when, then + assertThatThrownBy(() -> contentService.findContentsWithFilter(authMember, + study.getId(), participant.getId(), null)).isInstanceOf(AuthorizationException.class); + } }