[BE] 비회원 댓글 비밀번호만 체크하는 API 만들기 / 관리자 댓글 삭제 기능 (#217)

.gitignore

@@ -1,2 +1,3 @@
 .idea/
+/db
 db/

backend/.gitignore

@@ -42,11 +42,14 @@ out/
 
 ## RestDocs 파일
 /src/main/resources/static/docs/
+
+## BOOT-INF
+/BOOT-INF
 BOOT-INF/
 
 ## 로그 파일
 data/
 
 ## 기타
 /2021-darass/
-db/
+db/

backend/src/docs/asciidoc/api/v1/comments.adoc

@@ -107,11 +107,23 @@ include::{snippets}/api/v1/comments/delete/success-login-user/http-response.adoc
 
 include::{snippets}/api/v1/comments/delete/success-guest-user/http-request.adoc[]
 include::{snippets}/api/v1/comments/delete/success-guest-user/path-parameters.adoc[]
+include::{snippets}/api/v1/comments/delete/success-guest-user/request-parameters.adoc[]
 
 ==== Response
 
 include::{snippets}/api/v1/comments/delete/success-guest-user/http-response.adoc[]
 
+==== (성공) 관리자가 남의 댓글 삭제
+
+==== Request
+
+include::{snippets}/api/v1/comments/delete/success-admin-user/http-request.adoc[]
+include::{snippets}/api/v1/comments/delete/success-admin-user/request-headers.adoc[]
+
+==== Response
+
+include::{snippets}/api/v1/comments/delete/success-admin-user/http-response.adoc[]
+
 ==== (실패) 남의 댓글을 삭제하는 경우
 
 ==== Response

backend/src/docs/asciidoc/api/v1/users.adoc

@@ -48,3 +48,21 @@ include::{snippets}/api/v1/users/delete/success/http-response.adoc[]
 
 include::{snippets}/api/v1/users/delete/fail/http-response.adoc[]
 include::{snippets}/api/v1/users/delete/fail/response-fields.adoc[]
+
+=== 비로그인 유저 비밀번호 일치여부 조회 (GET /api/v1/users/check-password)
+
+==== Request
+
+include::{snippets}/api/v1/users/get/password-check-correct/http-request.adoc[]
+include::{snippets}/api/v1/users/get/password-check-correct/request-parameters.adoc[]
+
+==== Response (성공 - 비밀번호 일치하는 경우)
+
+include::{snippets}/api/v1/users/get/password-check-correct/http-response.adoc[]
+include::{snippets}/api/v1/users/get/password-check-correct/response-fields.adoc[]
+
+
+==== Response (성공 - 비밀번호 일치하지 않는 경우)
+
+include::{snippets}/api/v1/users/get/password-check-incorrect/http-response.adoc[]
+include::{snippets}/api/v1/users/get/password-check-incorrect/response-fields.adoc[]

backend/src/main/java/com/darass/darass/comment/controller/CommentController.java

@@ -7,21 +7,13 @@
 import com.darass.darass.comment.controller.dto.CommentUpdateRequest;
 import com.darass.darass.comment.service.CommentService;
 import com.darass.darass.user.domain.User;
-import java.util.List;
-import javax.validation.Valid;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.DeleteMapping;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.ModelAttribute;
-import org.springframework.web.bind.annotation.PatchMapping;
-import org.springframework.web.bind.annotation.PathVariable;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestParam;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.*;
+
+import javax.validation.Valid;
+import java.util.List;
 
 @RestController
 @RequestMapping("/api/v1/comments")

backend/src/main/java/com/darass/darass/comment/service/CommentService.java

@@ -82,22 +82,41 @@ public List<CommentResponse> findAllCommentsByUrlAndProjectKey(String url, Strin
 
     public void updateContent(Long id, User user, CommentUpdateRequest request) {
         user = findRegisteredUser(user, request.getGuestUserId(), request.getGuestUserPassword());
-        Comment comment = returnValidatedComment(id, user);
+        Comment comment = findCommentById(id);
+
+        validateCommentUpdatableByUser(user, comment);
+
         comment.changeContent(request.getContent());
         commentRepository.save(comment);
     }
 
     public void delete(Long id, User user, CommentDeleteRequest request) {
         user = findRegisteredUser(user, request.getGuestUserId(), request.getGuestUserPassword());
-        returnValidatedComment(id, user);
+        Comment comment = findCommentById(id);
+        User adminUser = comment.getProject().getUser();
+
+        validateCommentDeletableByUser(user, adminUser, comment);
+
         commentRepository.deleteById(id);
     }
 
-    private Comment returnValidatedComment(Long id, User user) {
-        Comment comment = commentRepository.findById(id)
+    private void validateCommentUpdatableByUser(User user, Comment comment) {
+        if (comment.isCommentWriter(user)) {
+            return;
+        }
+        throw ExceptionWithMessageAndCode.UNAUTHORIZED_FOR_COMMENT.getException();
+    }
+
+    private void validateCommentDeletableByUser(User user, User adminUser, Comment comment) {
+        if (user.isSameUser(adminUser) || comment.isCommentWriter(user)) {
+            return;
+        }
+        throw ExceptionWithMessageAndCode.UNAUTHORIZED_FOR_COMMENT.getException();
+    }
+
+    private Comment findCommentById(Long id) {
+        return commentRepository.findById(id)
             .orElseThrow(ExceptionWithMessageAndCode.NOT_FOUND_COMMENT::getException);
-        matchUserWithComment(user, comment);
-        return comment;
     }
 
     private User findRegisteredUser(User user, Long guestUserId, String guestUserPassword) {
@@ -109,12 +128,6 @@ private User findRegisteredUser(User user, Long guestUserId, String guestUserPas
         return user;
     }
 
-    private void matchUserWithComment(User user, Comment comment) {
-        if (!comment.isCommentWriter(user)) {
-            throw ExceptionWithMessageAndCode.UNAUTHORIZED_FOR_COMMENT.getException();
-        }
-    }
-
     private void validateGuestUser(User user, String password) {
         if (!user.isValidGuestPassword(password)) {
             throw ExceptionWithMessageAndCode.INVALID_GUEST_PASSWORD.getException();

backend/src/main/java/com/darass/darass/user/controller/UserController.java

@@ -2,19 +2,16 @@
 
 import com.darass.darass.auth.oauth.domain.RequiredLogin;
 import com.darass.darass.comment.controller.dto.UserResponse;
+import com.darass.darass.user.controller.dto.PasswordCheckRequest;
+import com.darass.darass.user.controller.dto.PasswordCheckResponse;
 import com.darass.darass.user.controller.dto.UserUpdateRequest;
 import com.darass.darass.user.domain.User;
 import com.darass.darass.user.service.UserService;
 import javax.validation.Valid;
 import lombok.AllArgsConstructor;
 import org.springframework.http.ResponseEntity;
 import org.springframework.validation.annotation.Validated;
-import org.springframework.web.bind.annotation.DeleteMapping;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.PatchMapping;
-import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.*;
 
 @RestController
 @RequestMapping("/api/v1/users")
@@ -42,4 +39,9 @@ public ResponseEntity<Void> delete(@RequiredLogin User user) {
         return ResponseEntity.noContent().build();
     }
 
+    @GetMapping("/check-password")
+    public ResponseEntity<PasswordCheckResponse> checkGuestUserPassword(@ModelAttribute PasswordCheckRequest passwordCheckRequest) {
+        PasswordCheckResponse passwordCheckResponse = userService.checkGuestUserPassword(passwordCheckRequest);
+        return ResponseEntity.ok(passwordCheckResponse);
+    }
 }

backend/src/main/java/com/darass/darass/user/controller/dto/PasswordCheckRequest.java

@@ -0,0 +1,20 @@
+package com.darass.darass.user.controller.dto;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+
+import javax.validation.constraints.NotNull;
+
+@Getter
+@AllArgsConstructor
+public class PasswordCheckRequest {
+
+    @NotNull
+    private Long guestUserId;
+
+    @NotNull
+    private String guestUserPassword;
+
+}

backend/src/main/java/com/darass/darass/user/controller/dto/PasswordCheckResponse.java

@@ -0,0 +1,13 @@
+package com.darass.darass.user.controller.dto;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+
+@Getter
+@NoArgsConstructor
+@AllArgsConstructor
+public class PasswordCheckResponse {
+
+    private Boolean isCorrectPassword;
+}

backend/src/main/java/com/darass/darass/user/service/UserService.java

@@ -2,6 +2,8 @@
 
 import com.darass.darass.comment.controller.dto.UserResponse;
 import com.darass.darass.exception.ExceptionWithMessageAndCode;
+import com.darass.darass.user.controller.dto.PasswordCheckRequest;
+import com.darass.darass.user.controller.dto.PasswordCheckResponse;
 import com.darass.darass.user.controller.dto.UserUpdateRequest;
 import com.darass.darass.user.domain.User;
 import com.darass.darass.user.repository.UserRepository;
@@ -18,8 +20,8 @@ public class UserService {
     private final UserRepository users;
 
     public UserResponse findById(Long id) {
-        Optional<User> expectedUser = users.findById(id);
-        User user = expectedUser.orElseThrow(ExceptionWithMessageAndCode.NOT_FOUND_USER::getException);
+        Optional<User> possibleUser = users.findById(id);
+        User user = possibleUser.orElseThrow(ExceptionWithMessageAndCode.NOT_FOUND_USER::getException);
 
         return UserResponse.of(user, user.getUserType(), user.getProfileImageUrl());
     }
@@ -36,4 +38,13 @@ public void deleteById(Long id) {
         users.deleteById(id);
     }
 
+    public PasswordCheckResponse checkGuestUserPassword(PasswordCheckRequest passwordCheckRequest) {
+        Optional<User> expectedUser = users.findById(passwordCheckRequest.getGuestUserId());
+        User user = expectedUser.orElseThrow(ExceptionWithMessageAndCode.NOT_FOUND_USER::getException);
+
+        if (user.isValidGuestPassword(passwordCheckRequest.getGuestUserPassword())) {
+            return new PasswordCheckResponse(true);
+        }
+        return new PasswordCheckResponse(false);
+    }
 }