✨ feat : 관리자 퀴즈 수정, 삭제 로직 추가 + User 하드코딩 삭제

Author: silver-eunjoo

backend/src/main/java/io/f1/backend/domain/question/app/QuestionService.java

@@ -10,8 +10,12 @@
 import io.f1.backend.domain.question.entity.TextQuestion;
 import io.f1.backend.domain.quiz.entity.Quiz;
 import io.f1.backend.global.exception.CustomException;
+import io.f1.backend.global.exception.errorcode.AuthErrorCode;
 import io.f1.backend.global.exception.errorcode.QuestionErrorCode;
 
+import io.f1.backend.global.security.enums.Role;
+import io.f1.backend.global.util.SecurityUtils;
+import java.util.Objects;
 import lombok.RequiredArgsConstructor;
 
 import org.springframework.stereotype.Service;
@@ -47,10 +51,25 @@ public void updateQuestionContent(Long questionId, String content) {
                         .orElseThrow(
                                 () -> new CustomException(QuestionErrorCode.QUESTION_NOT_FOUND));
 
+
+        verifyUserAuthority(question.getQuiz());
+
         TextQuestion textQuestion = question.getTextQuestion();
         textQuestion.changeContent(content);
     }
 
+    private static void verifyUserAuthority(Quiz quiz) {
+        if(SecurityUtils.getCurrentUserRole() == Role.USER) {
+            validateOwner(quiz.getCreator().getId());
+        }
+    }
+
+    private static void validateOwner(Long creatorId) {
+        if (!Objects.equals(SecurityUtils.getCurrentUserId(), creatorId)) {
+            throw new CustomException(AuthErrorCode.FORBIDDEN);
+        }
+    }
+
     @Transactional
     public void updateQuestionAnswer(Long questionId, String answer) {
 
@@ -62,6 +81,8 @@ public void updateQuestionAnswer(Long questionId, String answer) {
                         .orElseThrow(
                                 () -> new CustomException(QuestionErrorCode.QUESTION_NOT_FOUND));
 
+        verifyUserAuthority(question.getQuiz());
+
         question.changeAnswer(answer);
     }
 
@@ -74,6 +95,8 @@ public void deleteQuestion(Long questionId) {
                         .orElseThrow(
                                 () -> new CustomException(QuestionErrorCode.QUESTION_NOT_FOUND));
 
+        verifyUserAuthority(question.getQuiz());
+
         questionRepository.delete(question);
     }
 

backend/src/main/java/io/f1/backend/domain/quiz/app/QuizService.java

@@ -20,6 +20,10 @@
 import io.f1.backend.global.exception.errorcode.AuthErrorCode;
 import io.f1.backend.global.exception.errorcode.QuizErrorCode;
 
+import io.f1.backend.global.exception.errorcode.UserErrorCode;
+import io.f1.backend.global.security.enums.Role;
+import io.f1.backend.global.util.SecurityUtils;
+import java.util.Objects;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 
@@ -52,7 +56,6 @@ public class QuizService {
     private final String DEFAULT = "default";
     private static final long MAX_FILE_SIZE = 5 * 1024 * 1024; // 5MB
 
-    // TODO : 시큐리티 구현 이후 삭제해도 되는 의존성 주입
     private final UserRepository userRepository;
     private final QuestionService questionService;
     private final QuizRepository quizRepository;
@@ -66,10 +69,11 @@ public QuizCreateResponse saveQuiz(MultipartFile thumbnailFile, QuizCreateReques
             thumbnailPath = convertToThumbnailPath(thumbnailFile);
         }
 
-        // TODO : 시큐리티 구현 이후 삭제 (data.sql로 초기 저장해둔 유저 get), 나중엔 현재 로그인한 유저의 아이디를 받아오도록 수정
-        User user = userRepository.findById(1L).orElseThrow(RuntimeException::new);
+        Long creatorId = SecurityUtils.getCurrentUserId();
+        User creator = userRepository.findById(creatorId)
+            .orElseThrow(() -> new CustomException(UserErrorCode.USER_NOT_FOUND));
 
-        Quiz quiz = quizCreateRequestToQuiz(request, thumbnailPath, user);
+        Quiz quiz = quizCreateRequestToQuiz(request, thumbnailPath, creator);
 
         Quiz savedQuiz = quizRepository.save(quiz);
 
@@ -125,22 +129,33 @@ public void deleteQuiz(Long quizId) {
                         .findById(quizId)
                         .orElseThrow(() -> new CustomException(QuizErrorCode.QUIZ_NOT_FOUND));
 
-        // TODO : util 메서드에서 사용자 ID 꺼내쓰는 식으로 수정하기
-        if (1L != quiz.getCreator().getId()) {
-            throw new CustomException(AuthErrorCode.FORBIDDEN);
-        }
+        verifyUserAuthority(quiz);
 
         deleteThumbnailFile(quiz.getThumbnailUrl());
         quizRepository.deleteById(quizId);
     }
 
+    private static void verifyUserAuthority(Quiz quiz) {
+        if(SecurityUtils.getCurrentUserRole() == Role.USER) {
+            validateOwner(quiz.getCreator().getId());
+        }
+    }
+
+    private static void validateOwner(Long creatorId) {
+        if (!Objects.equals(SecurityUtils.getCurrentUserId(), creatorId)) {
+            throw new CustomException(AuthErrorCode.FORBIDDEN);
+        }
+    }
+
     @Transactional
     public void updateQuizTitle(Long quizId, String title) {
         Quiz quiz =
                 quizRepository
                         .findById(quizId)
                         .orElseThrow(() -> new CustomException(QuizErrorCode.QUIZ_NOT_FOUND));
 
+        verifyUserAuthority(quiz);
+
         validateTitle(title);
         quiz.changeTitle(title);
     }
@@ -153,6 +168,8 @@ public void updateQuizDesc(Long quizId, String description) {
                         .findById(quizId)
                         .orElseThrow(() -> new CustomException(QuizErrorCode.QUIZ_NOT_FOUND));
 
+        verifyUserAuthority(quiz);
+
         validateDesc(description);
         quiz.changeDescription(description);
     }
@@ -165,6 +182,8 @@ public void updateThumbnail(Long quizId, MultipartFile thumbnailFile) {
                         .findById(quizId)
                         .orElseThrow(() -> new CustomException(QuizErrorCode.QUIZ_NOT_FOUND));
 
+        verifyUserAuthority(quiz);
+
         validateImageFile(thumbnailFile);
         String newThumbnailPath = convertToThumbnailPath(thumbnailFile);
 
@@ -256,8 +275,6 @@ public List<Question> getRandomQuestionsWithoutAnswer(Long quizId, Integer round
                 .findById(quizId)
                 .orElseThrow(() -> new NoSuchElementException("존재하지 않는 퀴즈입니다."));
 
-        List<Question> randomQuestions = quizRepository.findRandQuestionsByQuizId(quizId, round);
-
-        return randomQuestions;
+        return quizRepository.findRandQuestionsByQuizId(quizId, round);
     }
 }

backend/src/main/java/io/f1/backend/domain/quiz/mapper/QuizMapper.java

@@ -18,21 +18,19 @@
 
 public class QuizMapper {
 
-    // TODO : 이후 파라미터에서 user 삭제하기
     public static Quiz quizCreateRequestToQuiz(
-            QuizCreateRequest quizCreateRequest, String imgUrl, User user) {
+            QuizCreateRequest quizCreateRequest, String imgUrl, User creator) {
 
         return new Quiz(
                 quizCreateRequest.getTitle(),
                 quizCreateRequest.getDescription(),
                 quizCreateRequest.getQuizType(),
                 imgUrl,
-                user // TODO : 이후 creator에 들어갈 User은 현재 로그인 중인 유저를 가져오도록 변경
+                creator
                 );
     }
 
     public static QuizCreateResponse quizToQuizCreateResponse(Quiz quiz) {
-        // TODO : creatorId 넣어주는 부분에서 Getter를 안 쓰고, 현재 로그인한 유저의 id를 담는 식으로 바꿔도 될 듯
         return new QuizCreateResponse(
                 quiz.getId(),
                 quiz.getTitle(),

backend/src/main/java/io/f1/backend/global/util/SecurityUtils.java

@@ -6,6 +6,7 @@
 import io.f1.backend.global.exception.CustomException;
 import io.f1.backend.global.exception.errorcode.AuthErrorCode;
 
+import io.f1.backend.global.security.enums.Role;
 import jakarta.servlet.http.HttpSession;
 
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@@ -43,6 +44,15 @@ public static String getCurrentUserNickname() {
         return getCurrentUserPrincipal().getUserNickname();
     }
 
+    public static Role getCurrentUserRole() {
+        Authentication authentication = getAuthentication();
+        if (authentication != null
+                && authentication.getPrincipal() instanceof UserPrincipal userPrincipal) {
+            return Role.USER;
+        }
+        return Role.ADMIN;
+    }
+
     public static void logout(HttpSession session) {
         if (session != null) {
             session.invalidate();