Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: 사용자는 REST API를 통해서 거래 내역 상세 조회 기능을 사용할 수 있다 #225

Merged
merged 7 commits into from
Aug 18, 2024
Merged

feat: 사용자는 REST API를 통해서 거래 내역 상세 조회 기능을 사용할 수 있다 #225

merged 7 commits into from
Aug 18, 2024

Conversation

minseok-oh
Copy link
Collaborator

@minseok-oh minseok-oh commented Aug 18, 2024
edited by HiiWee
Loading

📄 Summary

  • 변경사항

    • [기존] BidHistoryServicegetBidHistoryInfo는 사용자 객체를 인자로 받았습니다
    • [현재] 추후 인증 객체를 위하여 소유자 권한 부분을 삭제했습니다 (이유 : Session에서 받아올 시 테스트 꺠짐)

  • REST Docs

    • dev 브랜치에 경로가 제대로 명시되어지지 않은 테스트가 있어 수정했습니다

🙋🏻 More

이상한 부분에 신경을 쓰니 작은 업무인데 속도가 너무 느리네요..
더 열심히 하겠슴돠!!! 👍

close #118

@minseok-oh minseok-oh added the FEATURE 새로운 기능 또는 변경 label Aug 18, 2024
@minseok-oh minseok-oh requested a review from a team August 18, 2024 08:18
@minseok-oh minseok-oh self-assigned this Aug 18, 2024
yudonggeun
yudonggeun reviewed Aug 18, 2024
View reviewed changes
Copy link
Contributor

@yudonggeun yudonggeun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

짧은 리뷰 남겨드려요! 코드 잘 봤어요!!

src/main/java/com/wootecam/luckyvickyauction/core/payment/service/BidHistoryService.java
Comment on lines -29 to -35
if (!bidHistory.isOwnedBy(member)) {
throw new UnauthorizedException(
"해당 거래 내역에 접근 권한이 없는 사용자입니다. 회원ID: " + (member == null ? "없음" : member.getSignInId()),
ErrorCode.B001);
}

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ReceiptController에서도 자신의 거래 내역인지를 확인하는 로직이 없는 것 같아요.
외부의 다른 로그인 사용자가 다른 사람의 거래 내역 id를 알 수 있다면 정보를 노출 시킬 위험이 있어서 제거된 부분의 검증은 구현해야한다고 생각합니다!

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

이 부분이 인증 객체로 따로 구현중이라서 인증 부분을 제거했습니다!

...java/com/wootecam/luckyvickyauction/core/auction/controller/SellerAuctionControllerTest.java
.apply(document("/auctions/post/constant_policy/success",
.apply(document("auctions/post/constant_policy/success",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

세심하게 코드 스타일 챙겨주는 습관 부럽네요!

yudonggeun
yudonggeun previously approved these changes Aug 18, 2024
View reviewed changes
Copy link
Contributor

@yudonggeun yudonggeun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@minseok-oh minseok-oh requested a review from a team August 18, 2024 11:29
HiiWee
HiiWee approved these changes Aug 18, 2024
View reviewed changes
Copy link
Member

@HiiWee HiiWee left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!!

@minseok-oh minseok-oh merged commit bafd408 into dev Aug 18, 2024
@chhs2131 chhs2131 deleted the feat/118 branch August 31, 2024 13:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@HiiWee HiiWee HiiWee approved these changes

@yudonggeun yudonggeun yudonggeun left review comments

Assignees

@minseok-oh minseok-oh

Labels
FEATURE 새로운 기능 또는 변경
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[FEATURE] 사용자는 REST API를 통해서 거래 내역 상세 조회 기능을 사용할 수 있다.
3 participants
@minseok-oh @HiiWee @yudonggeun