feat: 생성, 수정, 삭제 어드민 권한 추가 (DASOMBE-14)

si-zero · si-zero · commit 019b074cac70 · 2025-08-26T19:52:48.000+09:00
diff --git a/src/main/java/dmu/dasom/api/domain/executive/controller/ExecutiveController.java b/src/main/java/dmu/dasom/api/domain/executive/controller/ExecutiveController.java
@@ -8,6 +8,7 @@
 import jakarta.validation.constraints.Min;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.List;
@@ -33,12 +34,14 @@ public ResponseEntity<List<ExecutiveListResponseDto>> getAllExecutives() {
     }
 
     @Operation(summary = "임원진 생성")
+    @PreAuthorize("hasRole('ADMIN')")
     @PostMapping
     public ResponseEntity<ExecutiveCreationResponseDto> createExecutive(@Valid @RequestBody ExecutiveRequestDto requestDto) {
         return ResponseEntity.status(201).body(executiveService.createExecutive(requestDto));
     }
 
     @Operation(summary = "임원진 삭제")
+    @PreAuthorize("hasRole('ADMIN')")
     @DeleteMapping("/{id}")
     // Void 사용 이유?
     // DELETE 요청 같이 성공/실패만 확인하면 되는 경우 사용
@@ -48,6 +51,7 @@ public ResponseEntity<Void> deleteExecutive(@PathVariable @Min(1) Long id) {
     }
 
     @Operation(summary = "임원진 수정")
+    @PreAuthorize("hasRole('ADMIN')")
     @PutMapping("/{id}")
     public ResponseEntity<ExecutiveResponseDto> updateExecutive(@PathVariable @Min(1) Long id,
                                                                 @Valid @RequestBody ExecutiveUpdateRequestDto requestDto) {
diff --git a/src/main/java/dmu/dasom/api/global/auth/config/SecurityConfig.java b/src/main/java/dmu/dasom/api/global/auth/config/SecurityConfig.java
@@ -12,6 +12,7 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
@@ -26,6 +27,7 @@
 
 @Configuration
 @EnableWebSecurity
+@EnableMethodSecurity(prePostEnabled = true) // 메소드 보안 활성화 (@PreAuthorize 사용)
 @RequiredArgsConstructor
 public class SecurityConfig {
 
