fix: user delete method

KERT-core · Nov 6, 2024 · fa4a947 · fa4a947
1 parent 2c7be6d
commit fa4a947
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 5 deletions.
diff --git a/src/main/java/com/kert/config/SecurityConfig.java b/src/main/java/com/kert/config/SecurityConfig.java
@@ -42,7 +42,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
                         .requestMatchers("/admin/**").hasRole("ADMIN")
                         .requestMatchers(HttpMethod.POST, "/posts/**", "/histories/**").hasRole("ADMIN")
                         .requestMatchers(HttpMethod.PUT, "/posts/**", "/histories/**").hasRole("ADMIN")
-                        .requestMatchers(HttpMethod.DELETE, "/users/**", "/posts/**", "/histories/**").hasRole("ADMIN")
+                        .requestMatchers(HttpMethod.DELETE, "/posts/**", "/histories/**").hasRole("ADMIN")
                         .requestMatchers(HttpMethod.GET, "/posts/**", "/histories/**").permitAll()
                         .anyRequest().authenticated()
                 )

diff --git a/src/main/java/com/kert/controller/UserController.java b/src/main/java/com/kert/controller/UserController.java
@@ -101,8 +101,20 @@ public ResponseEntity<User> updateUser(@PathVariable Long studentId, @RequestHea
     }
 
     @DeleteMapping("/{studentId}")
-    public ResponseEntity<Void> deleteUser(@PathVariable Long studentId) {
-        userService.deleteUser(studentId);
-        return ResponseEntity.noContent().build();
+    public ResponseEntity<Void> deleteUser(@PathVariable Long studentId, @RequestHeader("Authorization") String authHeader) {
+        String token = authHeader.replace("Bearer ", "");
+
+        User user = userService.getUserById(studentId);
+        Long currentUserId = jwtTokenProvider.getUserIdFromJWT(token);
+        if (user == null) {
+            return ResponseEntity.notFound().build();
+        }
+        boolean isAdmin = adminService.getAdminByStudentId(currentUserId) != null;
+        if (isAdmin || currentUserId.equals(studentId)) {
+            userService.deleteUser(studentId);
+            return ResponseEntity.noContent().build();
+        } else {
+            return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+        }
     }
-}
+}