Fix: Notice 비밀글 표시 안되도록 수정 (#216)

* Feat: Add FindByIdAndIsPrivateFalse

* Fix: Change totalSearchNotice to get isStaff and hide private when not a staff.

* Fix: Change searchTotalNotice and readNotice to consider isStaff.

* Fix: Change totalSearchNotice and readNotice to check authentication and get staff info.

src/main/kotlin/com/wafflestudio/csereal/core/notice/api/NoticeController.kt

@@ -58,16 +58,42 @@ class NoticeController(
         @NotBlank
         keyword: String,
         @RequestParam(required = true) @Positive number: Int,
-        @RequestParam(required = false, defaultValue = "200") @Positive stringLength: Int
-    ) = ResponseEntity.ok(
-        noticeService.searchTotalNotice(keyword, number, stringLength)
-    )
+        @RequestParam(required = false, defaultValue = "200") @Positive stringLength: Int,
+        authentication: Authentication?
+    ): NoticeTotalSearchResponse {
+        val principal = authentication?.principal
+
+        val isStaff = principal?.let {
+            val username = when (principal) {
+                is OidcUser -> principal.idToken.getClaim("username")
+                is CustomPrincipal -> principal.userEntity.username
+                else -> throw CserealException.Csereal401("Unsupported principal type")
+            }
+            val user = userRepository.findByUsername(username)
+            user?.role == Role.ROLE_STAFF
+        } ?: false
+
+        return noticeService.searchTotalNotice(keyword, number, stringLength, isStaff)
+    }
 
     @GetMapping("/{noticeId}")
     fun readNotice(
-        @PathVariable noticeId: Long
-    ): ResponseEntity<NoticeDto> {
-        return ResponseEntity.ok(noticeService.readNotice(noticeId))
+        @PathVariable noticeId: Long,
+        authentication: Authentication?
+    ): NoticeDto {
+        val principal = authentication?.principal
+
+        val isStaff = principal?.let {
+            val username = when (principal) {
+                is OidcUser -> principal.idToken.getClaim("username")
+                is CustomPrincipal -> principal.userEntity.username
+                else -> throw CserealException.Csereal401("Unsupported principal type")
+            }
+            val user = userRepository.findByUsername(username)
+            user?.role == Role.ROLE_STAFF
+        } ?: false
+
+        return noticeService.readNotice(noticeId, isStaff)
     }
 
     @AuthenticatedStaff

src/main/kotlin/com/wafflestudio/csereal/core/notice/database/NoticeRepository.kt

@@ -17,6 +17,7 @@ import org.springframework.stereotype.Component
 import java.time.LocalDateTime
 
 interface NoticeRepository : JpaRepository<NoticeEntity, Long>, CustomNoticeRepository {
+    fun findByIdAndIsPrivateFalse(id: Long): NoticeEntity?
     fun findAllByIsPrivateFalseAndIsImportantTrueAndIsDeletedFalse(): List<NoticeEntity>
     fun findAllByIsImportantTrueAndIsDeletedFalse(): List<NoticeEntity>
     fun findFirstByIsDeletedFalseAndIsPrivateFalseAndCreatedAtLessThanOrderByCreatedAtDesc(
@@ -37,7 +38,7 @@ interface CustomNoticeRepository {
         isStaff: Boolean
     ): NoticeSearchResponse
 
-    fun totalSearchNotice(keyword: String, number: Int, stringLength: Int): NoticeTotalSearchResponse
+    fun totalSearchNotice(keyword: String, number: Int, stringLength: Int, isStaff: Boolean): NoticeTotalSearchResponse
 }
 
 @Component
@@ -48,21 +49,24 @@ class NoticeRepositoryImpl(
     override fun totalSearchNotice(
         keyword: String,
         number: Int,
-        stringLength: Int
+        stringLength: Int,
+        isStaff: Boolean
     ): NoticeTotalSearchResponse {
         val doubleTemplate = commonRepository.searchFullDoubleTextTemplate(
             keyword,
             noticeEntity.title,
             noticeEntity.plainTextDescription
         )
 
+        val privateBoolean = noticeEntity.isPrivate.eq(false).takeUnless { isStaff }
+
         val query = queryFactory.select(
             noticeEntity.id,
             noticeEntity.title,
             noticeEntity.createdAt,
             noticeEntity.plainTextDescription
         ).from(noticeEntity)
-            .where(doubleTemplate.gt(0.0))
+            .where(doubleTemplate.gt(0.0), privateBoolean)
 
         val total = query.clone().select(noticeEntity.countDistinct()).fetchOne()!!
 

src/main/kotlin/com/wafflestudio/csereal/core/notice/service/NoticeService.kt

@@ -23,9 +23,9 @@ interface NoticeService {
         isStaff: Boolean
     ): NoticeSearchResponse
 
-    fun searchTotalNotice(keyword: String, number: Int, stringLength: Int): NoticeTotalSearchResponse
+    fun searchTotalNotice(keyword: String, number: Int, stringLength: Int, isStaff: Boolean): NoticeTotalSearchResponse
 
-    fun readNotice(noticeId: Long): NoticeDto
+    fun readNotice(noticeId: Long, isStaff: Boolean): NoticeDto
     fun createNotice(request: NoticeDto, attachments: List<MultipartFile>?): NoticeDto
     fun updateNotice(
         noticeId: Long,
@@ -62,13 +62,17 @@ class NoticeServiceImpl(
     override fun searchTotalNotice(
         keyword: String,
         number: Int,
-        stringLength: Int
-    ) = noticeRepository.totalSearchNotice(keyword, number, stringLength)
+        stringLength: Int,
+        isStaff: Boolean
+    ) = noticeRepository.totalSearchNotice(keyword, number, stringLength, isStaff)
 
     @Transactional(readOnly = true)
-    override fun readNotice(noticeId: Long): NoticeDto {
-        val notice = noticeRepository.findByIdOrNull(noticeId)
-            ?: throw CserealException.Csereal404("존재하지 않는 공지사항입니다.(noticeId: $noticeId)")
+    override fun readNotice(noticeId: Long, isStaff: Boolean): NoticeDto {
+        val notice = if (isStaff) {
+            noticeRepository.findByIdOrNull(noticeId)
+        } else {
+            noticeRepository.findByIdAndIsPrivateFalse(noticeId)
+        } ?: throw CserealException.Csereal404("존재하지 않는 공지사항입니다.(noticeId: $noticeId)")
 
         if (notice.isDeleted) throw CserealException.Csereal404("삭제된 공지사항입니다.(noticeId: $noticeId)")