feat: reply power delete

Author: wlgh1553

apps/server/src/replies/replies.controller.ts

@@ -7,6 +7,7 @@ import {
   Patch,
   Post,
   Query,
+  Req,
   UseGuards,
   UseInterceptors,
 } from '@nestjs/common';
@@ -68,10 +69,10 @@ export class RepliesController {
 
   @Delete(':replyId')
   @DeleteReplySwagger()
-  @UseGuards(SessionTokenValidationGuard, ReplyExistenceGuard, ReplyOwnershipGuard)
-  async delete(@Param('replyId', ParseIntPipe) replyId: number, @Query() data: BaseDto) {
-    const { questionId } = await this.repliesService.deleteReply(replyId);
+  @UseGuards(SessionTokenValidationGuard, ReplyExistenceGuard)
+  async delete(@Param('replyId', ParseIntPipe) replyId: number, @Query() data: BaseDto, @Req() request: Request) {
     const { sessionId, token } = data;
+    const { questionId } = await this.repliesService.deleteReply(replyId, token, request['reply']);
     const resultForOther = { replyId, questionId };
     this.socketGateway.broadcastReplyDelete(sessionId, token, resultForOther);
     return {};

apps/server/src/replies/replies.service.ts

@@ -1,6 +1,5 @@
-import { create } from 'node:domain';
-
-import { Injectable } from '@nestjs/common';
+import { ForbiddenException, Injectable } from '@nestjs/common';
+import { Reply } from '@prisma/client';
 
 import { CreateReplyDto } from './dto/create-reply.dto';
 import { UpdateReplyBodyDto } from './dto/update-reply.dto';
@@ -39,7 +38,11 @@ export class RepliesService {
     return await this.repliesRepository.updateBody(replyId, body);
   }
 
-  async deleteReply(replyId: number) {
+  async deleteReply(replyId: number, token: string, reply: Reply) {
+    const { isHost } = await this.sessionAuthRepository.findByToken(token);
+
+    if (!isHost && reply.createUserToken !== token) throw new ForbiddenException('권한이 없습니다.');
+
     return await this.repliesRepository.deleteReply(replyId);
   }