refactor : Modify conditional statement which check permission & Add failure cases

update/delete의 경우에도 대상 스케쥴의 생성자가 맞는지 검사하도록 했습니다.
- post/put 요청에 대한 body mapping 요소에 `name`을 추가했습니다.
- 객체 not found에 대해서만 분리된 함수에서 error render 하도록 했습니다.

* 주석을 삭제했습니다.
* `exceeds_capacity` 메서드 이름을 더 직관적으로 `exceeds_personnel`로 변경했습니다.
* `target_month_start_date` 메서드 이름을 더 간결하고 직관적인 `target_start_date`으로 변경했습니다.

Author: yummygyudon

app/controllers/code/failure.rb

@@ -5,6 +5,8 @@ module Failure
   NO_TOKEN_IN_HEADER = FailureData.new(status_code: 400, message: "인증 토큰이 없습니다.")
   INVALID_PARAMETER = FailureData.new(status_code: 400, message: "잘못된 파라미터 값입니다.")
   IMPOSSIBLE_CREATE_TOO_LATE = FailureData.new(status_code: 400, message: "시작 전 3일 이내에는 예약이 불가능합니다.")
+  IMPOSSIBLE_UPDATE_NOT_OWNER = FailureData.new(status_code: 400, message: "다른 사용자의 예약 수정은 불가능합니다.")
+  IMPOSSIBLE_DELETE_NOT_OWNER = FailureData.new(status_code: 400, message: "다른 사용자의 예약 삭제는 불가능합니다.")
   IMPOSSIBLE_UPDATE_ALREADY_CONFIRM = FailureData.new(status_code: 400, message: "이미 확정된 예약은 수정이 불가능합니다.")
   IMPOSSIBLE_DELETE_ALREADY_CONFIRM = FailureData.new(status_code: 400, message: "이미 확정된 예약은 삭제가 불가능합니다.")
   OVER_PERSONNEL_TO_RESERVE = FailureData.new(status_code: 400, message: "최대 인원 초과로 예약이 불가능합니다.")

app/controllers/schedules_controller.rb

@@ -9,8 +9,6 @@ class SchedulesController < ApplicationController
 
   # 예약 상세 조회
   def show
-    return render json: BaseResponse.of_failure(Failure::NO_PERMISSION_SHOW).to_json,
-                  status: Failure::NO_PERMISSION_SHOW.status_code unless admin? || @current_user.eql?(@schedule.user)
     render json: BaseResponse.of_success(Success::GET_RESERVATION_DETAIL, ScheduleDetail.new(@schedule)).to_json,
            status: Success::GET_RESERVATION_DETAIL.status_code
   end
@@ -24,8 +22,8 @@ def index
 
   # 예약 신청 가능 시간 및 인원 조회
   def available
-    start_date = target_month_start_date
-    end_date = target_month_start_date.end_of_month
+    start_date = target_start_date
+    end_date = target_start_date.end_of_month
 
     confirmed_schedules = Schedule.confirmed.where(start_datetime: start_date..end_date)
 
@@ -43,36 +41,40 @@ def create
     return render json: BaseResponse.of_failure(Failure::IMPOSSIBLE_CREATE_TOO_LATE).to_json,
                   status: Failure::IMPOSSIBLE_CREATE_TOO_LATE.status_code if too_late?
     return render json: BaseResponse.of_failure(Failure::OVER_PERSONNEL_TO_RESERVE).to_json,
-                  status: Failure::OVER_PERSONNEL_TO_RESERVE.status_code if exceeds_capacity?
+                  status: Failure::OVER_PERSONNEL_TO_RESERVE.status_code if exceeds_personnel?
 
-    schedule = @current_user.schedules.create!(create_schedule_body)
+    schedule = @current_user.schedules.create!(schedule_content)
     render json: BaseResponse.of_success(Success::CREATE_RESERVATION, schedule).to_json,
            status: Success::CREATE_RESERVATION.status_code
   end
 
   # 예약 확정 (Admin only)
   def confirm
     return render json: BaseResponse.of_failure(Failure::OVER_PERSONNEL_TO_CONFIRM).to_json,
-                  status: Failure::OVER_PERSONNEL_TO_CONFIRM.status_code if exceeds_capacity?(true)
+                  status: Failure::OVER_PERSONNEL_TO_CONFIRM.status_code if exceeds_personnel?(true)
     return render json: BaseResponse.of_failure(Failure::NO_PERMISSION_CONFIRM).to_json,
-                  status: Failure::NO_PERMISSION_CONFIRM.status_code unless admin? || @schedule.user(@current_user)
+                  status: Failure::NO_PERMISSION_CONFIRM.status_code unless admin?
 
     @schedule.update!(is_confirm: true)
     render status: Success::CONFIRM_RESERVATION.status_code
   end
 
   # 예약 수정
   def update
+    return render json: BaseResponse.of_failure(Failure::IMPOSSIBLE_UPDATE_NOT_OWNER).to_json,
+                  status: Failure::IMPOSSIBLE_UPDATE_NOT_OWNER.status_code unless admin? || owner?
     return render json: BaseResponse.of_failure(Failure::IMPOSSIBLE_UPDATE_ALREADY_CONFIRM).to_json,
                   status: Failure::IMPOSSIBLE_UPDATE_ALREADY_CONFIRM.status_code  if !admin? && @schedule.is_confirm
     return render json: BaseResponse.of_failure(Failure::OVER_PERSONNEL_TO_CONFIRM).to_json,
-                  status: Failure::OVER_PERSONNEL_TO_CONFIRM.status_code if exceeds_capacity?
-    @schedule.update!(create_schedule_body)
+                  status: Failure::OVER_PERSONNEL_TO_CONFIRM.status_code if exceeds_personnel?
+    @schedule.update!(schedule_content)
     render status: Success::MODIFY_RESERVATION.status_code
   end
 
   # 예약 삭제
   def destroy
+    return render json: BaseResponse.of_failure(Failure::IMPOSSIBLE_DELETE_NOT_OWNER).to_json,
+                  status: Failure::IMPOSSIBLE_DELETE_NOT_OWNER.status_code unless admin? || owner?
     return render json: BaseResponse.of_failure(Failure::IMPOSSIBLE_DELETE_ALREADY_CONFIRM).to_json,
                   status: Failure::IMPOSSIBLE_DELETE_ALREADY_CONFIRM.status_code  if !admin? && @schedule.is_confirm
     @schedule.destroy
@@ -81,46 +83,58 @@ def destroy
 
   private
   def authenticate_user
-    @current_user = User.find_by(id: request.env["user_id"])
-    render json: BaseResponse.of_failure(Failure::NOT_FOUND_USER).to_json,
-           status: Failure::NOT_FOUND_USER.status_code unless @current_user
+    begin
+      @current_user = User.find_by(id: request.env["user_id"])
+    rescue ActiveRecord::RecordNotFound
+      render json: BaseResponse.of_failure(Failure::NOT_FOUND_USER).to_json,
+             status: Failure::NOT_FOUND_USER.status_code
+    end
   end
 
   def admin?
     @current_user&.admin?
   end
 
-  def target_month_start_date
-    params[:target_month].present? ? Date.strptime(params[:target_month].to_s, "%Y-%m") : Date.today
+  def owner?
+    @schedule.is_owner?(@current_user.id)
   end
 
-  def find_schedule
-    @schedule = admin? ? Schedule.find(params[:id]) : @current_user.schedules.find(params[:id])
-    render json: BaseResponse.of_failure(Failure::NOT_FOUND_SCHEDULE).to_json,
-           status: Failure::NOT_FOUND_SCHEDULE.status_code unless @schedule
+  def too_late?
+    params[:start_datetime].to_date <= 3.days.from_now.to_date
   end
 
-  def find_all_schedules
-    @schedules = admin? ? Schedule.all : Schedule.where(user_id: request.env["user_id"])
+  def target_start_date
+    params[:target_month].present? ? Date.strptime(params[:target_month].to_s, "%Y-%m") : Date.today
   end
 
-  def create_schedule_body
-    params.require(:schedule).permit(:start_datetime, :end_datetime, :personnel)
+  def schedule_content
+    params.require(:schedule).permit(:name, :start_datetime, :end_datetime, :personnel)
   end
 
-  def too_late?
-    params[:start_datetime].to_date <= 3.days.from_now.to_date
+  def exceeds_personnel?(is_confirm = false)
+    current_personnel = Schedule.confirmed.where(start_datetime: params[:start_datetime]).sum(:personnel)
+    additional_personnel = is_confirm ? @schedule.personnel : params[:personnel].to_i
+    (current_personnel + additional_personnel) > 50_000
   end
 
-  def exceeds_capacity?(confirming = false)
-    current_count = Schedule.confirmed.where(start_datetime: params[:start_datetime]).sum(:personnel)
-    new_count = confirming ? @schedule.personnel : params[:personnel].to_i
-    (current_count + new_count) > 50_000
+  def find_schedule
+    begin
+      @schedule = Schedule.find(params[:id])
+      render json: BaseResponse.of_failure(Failure::NO_PERMISSION_SHOW).to_json,
+             status: Failure::NO_PERMISSION_SHOW.status_code if !admin? && !owner?
+    rescue ActiveRecord::RecordNotFound
+      render json: BaseResponse.of_failure(Failure::NOT_FOUND_SCHEDULE).to_json,
+             status: Failure::NOT_FOUND_SCHEDULE.status_code
+    end
+  end
+
+  def find_all_schedules
+    @schedules = admin? ? Schedule.all : Schedule.where(user_id: request.env["user_id"])
   end
 
   def calculate_available_times(schedules, start_date, end_date)
     available_slots = {}
-    # 해당 월의 각 날짜를 순회하며 기본 값(50,000명 가능) 설정
+
     (start_date..end_date).each do |date|
       datetime = date.to_datetime
       if datetime >= Date.today + 3.days
@@ -130,7 +144,7 @@ def calculate_available_times(schedules, start_date, end_date)
       end
     end
 
-    # 예약된 일정 반영하여 예약 가능 인원 조정
+
     schedules.each do |schedule|
       (schedule.start_datetime.hour..schedule.end_datetime.hour - 1).each do |hour|
         datetime = schedule.start_datetime.to_datetime.change(hour: hour)