Merge pull request #376 from mash-up-kr/develop

dev to master

mashup-admin/src/main/java/kr/mashup/branding/config/security/SecurityConfig.java

@@ -1,13 +1,18 @@
 package kr.mashup.branding.config.security;
 
-import java.util.Arrays;
-import java.util.stream.Collectors;
-
+import com.fasterxml.jackson.databind.ObjectMapper;
+import kr.mashup.branding.config.jwt.JwtService;
+import kr.mashup.branding.domain.ResultCode;
+import kr.mashup.branding.domain.adminmember.entity.Position;
+import kr.mashup.branding.service.adminmember.AdminMemberService;
+import kr.mashup.branding.ui.ApiResponse;
+import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.security.authentication.ProviderManager;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@@ -17,17 +22,12 @@
 import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
-import com.fasterxml.jackson.databind.ObjectMapper;
-
-import kr.mashup.branding.config.jwt.JwtService;
-import kr.mashup.branding.domain.ResultCode;
-import kr.mashup.branding.service.adminmember.AdminMemberService;
-import kr.mashup.branding.domain.adminmember.entity.Position;
-import kr.mashup.branding.ui.ApiResponse;
-import lombok.RequiredArgsConstructor;
+import java.util.Arrays;
+import java.util.stream.Collectors;
 
 @RequiredArgsConstructor
 @Configuration
+@EnableMethodSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
     public static final String[] AUTHORITY_NAMES = Arrays.stream(Position.values()).map(Enum::name)
         .collect(Collectors.toList()).toArray(new String[Position.values().length]);
@@ -111,4 +111,4 @@ public CorsConfigurationSource corsConfigurationSource() {
         source.registerCorsConfiguration("/**", configuration);
         return source;
     }
-}
+}

mashup-admin/src/main/java/kr/mashup/branding/facade/application/AdminApplicationFacadeService.java

@@ -7,12 +7,10 @@
 import kr.mashup.branding.domain.application.result.UpdateApplicationResultVo;
 import kr.mashup.branding.domain.email.EmailRequest;
 import kr.mashup.branding.domain.generation.Generation;
-import kr.mashup.branding.domain.notification.sms.SmsRequest;
 import kr.mashup.branding.service.adminmember.AdminMemberService;
 import kr.mashup.branding.service.application.ApplicationService;
 import kr.mashup.branding.service.email.EmailNotificationService;
 import kr.mashup.branding.service.generation.GenerationService;
-import kr.mashup.branding.service.notification.NotificationService;
 import kr.mashup.branding.ui.application.vo.ApplicationDetailResponse;
 import kr.mashup.branding.ui.application.vo.ApplicationSimpleResponse;
 import lombok.RequiredArgsConstructor;
@@ -34,7 +32,6 @@ public class AdminApplicationFacadeService {
     private final AdminMemberService adminMemberService;
     private final ApplicationService applicationService;
     private final GenerationService generationService;
-    private final NotificationService notificationService;
     private final EmailNotificationService emailNotificationService;
 
     public Page<ApplicationSimpleResponse> getApplications(Long adminMemberId, ApplicationQueryRequest applicationQueryRequest) {
@@ -52,13 +49,10 @@ public ApplicationDetailResponse getApplicationDetail(Long adminMemberId, Long a
         final AdminMember adminMember = adminMemberService.getByAdminMemberId(adminMemberId);
         final Application application = applicationService.getApplicationFromAdmin(adminMember, applicationId);
 
-        final List<SmsRequest> smsRequests
-            = notificationService.getSmsRequestsByApplicantId(application.getApplicant().getApplicantId());
-
         final List<EmailRequest> emailRequests =
             emailNotificationService.getEmailRequestsByApplicationId(application.getApplicationId());
 
-        return ApplicationDetailResponse.of(application, smsRequests, emailRequests);
+        return ApplicationDetailResponse.of(application, emailRequests);
     }
 
     @Transactional

mashup-admin/src/main/java/kr/mashup/branding/ui/AdminControllerAdvice.java

@@ -1,8 +1,10 @@
 package kr.mashup.branding.ui;
 
-import java.security.Principal;
-
+import kr.mashup.branding.domain.ResultCode;
+import kr.mashup.branding.domain.exception.*;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.HttpStatus;
+import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
 import org.springframework.web.HttpMediaTypeException;
 import org.springframework.web.bind.MethodArgumentNotValidException;
@@ -12,14 +14,7 @@
 import org.springframework.web.bind.annotation.RestControllerAdvice;
 import org.springframework.web.method.annotation.MethodArgumentTypeMismatchException;
 
-import kr.mashup.branding.domain.ResultCode;
-import kr.mashup.branding.domain.exception.BadRequestException;
-import kr.mashup.branding.domain.exception.ForbiddenException;
-import kr.mashup.branding.domain.exception.InternalServerErrorException;
-import kr.mashup.branding.domain.exception.NotFoundException;
-import kr.mashup.branding.domain.exception.ServiceUnavailableException;
-import kr.mashup.branding.domain.exception.UnauthorizedException;
-import lombok.extern.slf4j.Slf4j;
+import java.security.Principal;
 
 @Slf4j
 @RestControllerAdvice
@@ -107,6 +102,13 @@ public ApiResponse<?> handleIllegalArgumentException(Exception e) {
         return ApiResponse.failure(ResultCode.BAD_REQUEST, e.getMessage());
     }
 
+    @ExceptionHandler(AccessDeniedException.class)
+    @ResponseStatus(HttpStatus.FORBIDDEN)
+    public ApiResponse<?> handleAccessDeniedException(AccessDeniedException e) {
+        log.error("handleAccessDeniedException", e);
+        return ApiResponse.failure(ResultCode.FORBIDDEN);
+    }
+
     @ExceptionHandler(Exception.class)
     @ResponseStatus(HttpStatus.INTERNAL_SERVER_ERROR)
     public ApiResponse<?> handleException(Exception e) {

mashup-admin/src/main/java/kr/mashup/branding/ui/adminmember/AdminMemberController.java

@@ -8,6 +8,7 @@
 import kr.mashup.branding.ui.adminmember.vo.AdminMemberResponse;
 import kr.mashup.branding.ui.adminmember.vo.LoginRequest;
 import kr.mashup.branding.ui.adminmember.vo.LoginResponse;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import kr.mashup.branding.facade.adminmember.AdminMemberFacadeService;
@@ -88,6 +89,7 @@ public ApiResponse<List<AdminMemberResponse>> readAdminMembers() {
 
     /** 어드민 멤버 생성 */
     @ApiOperation("어드민 멤버 생성")
+    @PreAuthorize("hasAnyAuthority('MASHUP_LEADER', 'MASHUP_SUBLEADER')")
     @PostMapping
     public ApiResponse<AdminMemberResponse> createAdminMember(@RequestBody AdminMemberSignUpCommand signUpCommand) {
         AdminMemberVo data = adminMemberFacadeService.createAdminMember(signUpCommand);

mashup-admin/src/main/java/kr/mashup/branding/ui/adminmember/vo/AdminMemberResponse.java

@@ -11,9 +11,8 @@ public class AdminMemberResponse {
     private Long adminMemberId;
     private String username;
     private Position position;
-    private String phoneNumber;
 
     public static AdminMemberResponse from(AdminMemberVo adminMemberVo){
-        return AdminMemberResponse.of(adminMemberVo.getAdminMemberId(), adminMemberVo.getUsername(), adminMemberVo.getPosition(), adminMemberVo.getPhoneNumber());
+        return AdminMemberResponse.of(adminMemberVo.getAdminMemberId(), adminMemberVo.getUsername(), adminMemberVo.getPosition());
     }
 }

mashup-admin/src/main/java/kr/mashup/branding/ui/application/vo/ApplicationDetailResponse.java

@@ -1,27 +1,24 @@
 package kr.mashup.branding.ui.application.vo;
 
-import java.time.LocalDateTime;
-import java.util.Comparator;
-import java.util.List;
-import java.util.stream.Collectors;
-
 import kr.mashup.branding.domain.applicant.Applicant;
 import kr.mashup.branding.domain.application.Application;
 import kr.mashup.branding.domain.application.confirmation.ApplicantConfirmationStatus;
 import kr.mashup.branding.domain.application.confirmation.Confirmation;
 import kr.mashup.branding.domain.application.form.ApplicationForm;
 import kr.mashup.branding.domain.application.form.Question;
 import kr.mashup.branding.domain.email.EmailRequest;
-import kr.mashup.branding.domain.notification.sms.SmsRequest;
 import kr.mashup.branding.domain.team.Team;
 import kr.mashup.branding.ui.applicant.ApplicantResponse;
 import kr.mashup.branding.ui.application.form.vo.QuestionResponse;
-import kr.mashup.branding.ui.emailnotification.vo.EmailRequestResponse;
-import kr.mashup.branding.ui.notification.vo.SmsRequestDetailResponse;
 import kr.mashup.branding.ui.team.vo.TeamResponse;
 import lombok.AllArgsConstructor;
 import lombok.Data;
 
+import java.time.LocalDateTime;
+import java.util.Comparator;
+import java.util.List;
+import java.util.stream.Collectors;
+
 @Data
 @AllArgsConstructor
 public class ApplicationDetailResponse {
@@ -36,12 +33,10 @@ public class ApplicationDetailResponse {
     private LocalDateTime submittedAt;
     private LocalDateTime createdAt;
     private LocalDateTime updatedAt;
-    private List<SmsRequestDetailResponse> smsRequests;
     private List<ApplicationEmailResponse> applicationEmailResponses;
 
     public static ApplicationDetailResponse of(
         Application application,
-        List<SmsRequest> smsRequests,
         List<EmailRequest> emailRequests){
 
         final Confirmation confirmation = application.getConfirmation();
@@ -50,12 +45,6 @@ public static ApplicationDetailResponse of(
         final Team team = applicationForm.getTeam();
         final List<Question> questions = applicationForm.getQuestions();
 
-        final List<SmsRequestDetailResponse> smsRequestDetailResponses = smsRequests
-            .stream()
-            .sorted(Comparator.comparing(SmsRequest::getCreatedAt).reversed())
-            .map(it -> SmsRequestDetailResponse.of(it, team))
-            .collect(Collectors.toList());
-
         final List<ApplicationEmailResponse> emailRequestResponses = emailRequests
             .stream()
             .sorted(Comparator.comparing(EmailRequest::getCreatedAt).reversed())
@@ -84,7 +73,6 @@ public static ApplicationDetailResponse of(
             application.getSubmittedAt(), // 제출 일시
             application.getCreatedAt(), // 생성 일시
             application.getUpdatedAt(), // 수정 일시
-            smsRequestDetailResponses, // sms 발송 내역
             emailRequestResponses // 이메일 발송 내역
         );
     }