Merge pull request #539 from woowacourse-teams/hotfix/#537,#538

[BE] Hotfix/#537,#538 회원 정보 관련 이슈 해결

backend/src/main/java/com/mapbefine/mapbefine/auth/domain/AuthMember.java

@@ -1,8 +1,8 @@
 package com.mapbefine.mapbefine.auth.domain;
 
-import com.mapbefine.mapbefine.member.domain.Role;
 import com.mapbefine.mapbefine.topic.domain.Topic;
 import java.util.List;
+import java.util.Objects;
 
 public abstract class AuthMember {
 
@@ -27,11 +27,13 @@ protected AuthMember(
     public abstract boolean canTopicUpdate(Topic topic);
 
     public abstract boolean canPinCreateOrUpdate(Topic topic);
-
-    public abstract boolean isRole(Role role);
-
+
     public Long getMemberId() {
         return memberId;
     }
 
+    public boolean isSameMember(Long memberId) {
+        return Objects.equals(memberId, this.memberId);
+    }
+
 }

backend/src/main/java/com/mapbefine/mapbefine/auth/domain/member/Admin.java

@@ -1,7 +1,6 @@
 package com.mapbefine.mapbefine.auth.domain.member;
 
 import com.mapbefine.mapbefine.auth.domain.AuthMember;
-import com.mapbefine.mapbefine.member.domain.Role;
 import com.mapbefine.mapbefine.topic.domain.Topic;
 import java.util.Collections;
 
@@ -35,9 +34,4 @@ public boolean canPinCreateOrUpdate(Topic topic) {
         return true;
     }
 
-    @Override
-    public boolean isRole(Role role) {
-        return Role.ADMIN == role;
-    }
-
 }

backend/src/main/java/com/mapbefine/mapbefine/auth/domain/member/Guest.java

@@ -1,7 +1,6 @@
 package com.mapbefine.mapbefine.auth.domain.member;
 
 import com.mapbefine.mapbefine.auth.domain.AuthMember;
-import com.mapbefine.mapbefine.member.domain.Role;
 import com.mapbefine.mapbefine.topic.domain.Topic;
 import com.mapbefine.mapbefine.topic.domain.TopicStatus;
 import java.util.Collections;
@@ -37,8 +36,4 @@ public boolean canPinCreateOrUpdate(Topic topic) {
         return false;
     }
 
-    @Override
-    public boolean isRole(Role role) {
-        return Role.GUEST == role;
-    }
 }

backend/src/main/java/com/mapbefine/mapbefine/auth/domain/member/User.java

@@ -1,7 +1,6 @@
 package com.mapbefine.mapbefine.auth.domain.member;
 
 import com.mapbefine.mapbefine.auth.domain.AuthMember;
-import com.mapbefine.mapbefine.member.domain.Role;
 import com.mapbefine.mapbefine.topic.domain.Topic;
 import com.mapbefine.mapbefine.topic.domain.TopicStatus;
 import java.util.List;
@@ -55,9 +54,4 @@ private boolean hasPermission(Long topicId) {
         return createdTopic.contains(topicId) || topicsWithPermission.contains(topicId);
     }
 
-    @Override
-    public boolean isRole(Role role) {
-        return Role.USER == role;
-    }
-
 }

backend/src/main/java/com/mapbefine/mapbefine/common/interceptor/AuthInterceptor.java

@@ -40,7 +40,7 @@ public boolean preHandle(
         if (!(handler instanceof HandlerMethod handlerMethod)) {
             return true;
         }
-        if (isAuthMemberNotRequired(handlerMethod)) {
+        if (isAuthMemberNotRequired(handlerMethod) && isLoginNotRequired(handlerMethod)) {
             return true;
         }
 
@@ -60,6 +60,10 @@ private boolean isAuthMemberNotRequired(HandlerMethod handlerMethod) {
                 .noneMatch(parameter -> parameter.getParameterType().equals(AuthMember.class));
     }
 
+    private boolean isLoginNotRequired(HandlerMethod handlerMethod) {
+        return !isLoginRequired(handlerMethod);
+    }
+
     private boolean isLoginRequired(HandlerMethod handlerMethod) {
         LoginRequired loginRequired = handlerMethod.getMethodAnnotation(LoginRequired.class);
 

backend/src/main/java/com/mapbefine/mapbefine/member/application/MemberQueryService.java

@@ -9,16 +9,16 @@
 import com.mapbefine.mapbefine.member.dto.response.MemberDetailResponse;
 import com.mapbefine.mapbefine.member.dto.response.MemberResponse;
 import com.mapbefine.mapbefine.member.exception.MemberErrorCode;
+import com.mapbefine.mapbefine.member.exception.MemberException.MemberForbiddenException;
 import com.mapbefine.mapbefine.member.exception.MemberException.MemberNotFoundException;
 import com.mapbefine.mapbefine.pin.dto.response.PinResponse;
 import com.mapbefine.mapbefine.topic.domain.Topic;
 import com.mapbefine.mapbefine.topic.domain.TopicRepository;
 import com.mapbefine.mapbefine.topic.dto.response.TopicResponse;
+import java.util.List;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
-import java.util.List;
-
 @Service
 @Transactional(readOnly = true)
 public class MemberQueryService {
@@ -41,29 +41,33 @@ public MemberQueryService(
         this.topicRepository = topicRepository;
     }
 
-    public MemberDetailResponse findById(Long id) {
-        Member member = findMemberById(id);
-
-        return MemberDetailResponse.from(member);
+    public MemberDetailResponse findById(AuthMember authMember, Long id) {
+        if (authMember.isSameMember(id)) {
+            Member member = findMemberById(id);
+            return MemberDetailResponse.from(member);
+        }
+        throw new MemberForbiddenException(MemberErrorCode.FORBIDDEN_ACCESS, id);
     }
 
     private Member findMemberById(Long id) {
         return memberRepository.findById(id)
+                .filter(Member::isNormalStatus)
                 .orElseThrow(() -> new MemberNotFoundException(MemberErrorCode.MEMBER_NOT_FOUND, id));
     }
 
-    // TODO: 2023/09/13 차단된 or 탈퇴한 사용자 필터링 필요
     public List<MemberResponse> findAll() {
         return memberRepository.findAll()
                 .stream()
+                .filter(Member::isNormalStatus)
                 .map(MemberResponse::from)
                 .toList();
     }
 
     public List<TopicResponse> findAllTopicsInBookmark(AuthMember authMember) {
         Member member = findMemberById(authMember.getMemberId());
 
-        List<Topic> bookMarkedTopics = topicRepository.findTopicsByBookmarksMemberIdAndIsDeletedFalse(authMember.getMemberId());
+        List<Topic> bookMarkedTopics = topicRepository.findTopicsByBookmarksMemberIdAndIsDeletedFalse(
+                authMember.getMemberId());
         return bookMarkedTopics.stream()
                 .map(topic -> TopicResponse.from(
                         topic,

backend/src/main/java/com/mapbefine/mapbefine/member/dto/response/MemberResponse.java

@@ -3,19 +3,17 @@
 import com.mapbefine.mapbefine.member.domain.Member;
 import com.mapbefine.mapbefine.member.domain.MemberInfo;
 
-public record MemberResponse (
+public record MemberResponse(
         Long id,
-        String nickName,
-        String email
+        String nickName
 ) {
 
     public static MemberResponse from(Member member) {
         MemberInfo memberInfo = member.getMemberInfo();
 
         return new MemberResponse(
                 member.getId(),
-                memberInfo.getNickName(),
-                memberInfo.getEmail()
+                memberInfo.getNickName()
         );
     }
 

backend/src/main/java/com/mapbefine/mapbefine/member/exception/MemberErrorCode.java

@@ -10,6 +10,7 @@ public enum MemberErrorCode {
     ILLEGAL_EMAIL_NULL("05002", "이메일은 필수로 입력해야합니다."),
     ILLEGAL_EMAIL_PATTERN("05003", "올바르지 않은 이메일 형식입니다."),
     FORBIDDEN_MEMBER_STATUS("05100", "탈퇴 혹은 차단된 회원입니다."),
+    FORBIDDEN_ACCESS("05101", "해당 회원 정보에 대한 접근 권한이 없습니다."),
     MEMBER_NOT_FOUND("05400", "존재하지 않는 회원입니다."),
     ILLEGAL_NICKNAME_ALREADY_EXISTS("05900", "이미 존재하는 닉네임입니다."),
     ;

backend/src/main/java/com/mapbefine/mapbefine/member/presentation/MemberController.java

@@ -40,8 +40,8 @@ public ResponseEntity<List<MemberResponse>> findAllMember() {
 
     @LoginRequired
     @GetMapping("/{memberId}")
-    public ResponseEntity<MemberDetailResponse> findMemberById(@PathVariable Long memberId) {
-        MemberDetailResponse response = memberQueryService.findById(memberId);
+    public ResponseEntity<MemberDetailResponse> findMemberById(AuthMember authMember, @PathVariable Long memberId) {
+        MemberDetailResponse response = memberQueryService.findById(authMember, memberId);
 
         return ResponseEntity.ok(response);
     }

backend/src/main/resources/data-default.sql

@@ -5,7 +5,7 @@ VALUES ('dummyMember', 'dummy@gmail.com', 'https://map-befine-official.github.io
         1L, 'KAKAO',
         now(), now());
 
-INSERT INTO topic (name, image_url, description,가
+INSERT INTO topic (name, image_url, description,
                    permission_type, publicity,
                    member_id,
                    created_at, updated_at, last_pin_updated_at)

backend/src/test/java/com/mapbefine/mapbefine/member/application/MemberQueryServiceTest.java

@@ -1,5 +1,6 @@
 package com.mapbefine.mapbefine.member.application;
 
+import static com.mapbefine.mapbefine.member.domain.Role.USER;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
@@ -19,7 +20,7 @@
 import com.mapbefine.mapbefine.member.domain.Role;
 import com.mapbefine.mapbefine.member.dto.response.MemberDetailResponse;
 import com.mapbefine.mapbefine.member.dto.response.MemberResponse;
-import com.mapbefine.mapbefine.member.exception.MemberException.MemberNotFoundException;
+import com.mapbefine.mapbefine.member.exception.MemberException.MemberForbiddenException;
 import com.mapbefine.mapbefine.pin.PinFixture;
 import com.mapbefine.mapbefine.pin.domain.Pin;
 import com.mapbefine.mapbefine.pin.domain.PinRepository;
@@ -81,10 +82,10 @@ private void createTopics(Member member) {
     void findAllMember() {
         // given
         Member member2 = memberRepository.save(
-                MemberFixture.create("member2", "member2@member.com", Role.USER)
+                MemberFixture.create("member2", "member2@member.com", USER)
         );
         Member member3 = memberRepository.save(
-                MemberFixture.create("member3", "member3@member.com", Role.USER)
+                MemberFixture.create("member3", "member3@member.com", USER)
         );
 
         // when
@@ -103,26 +104,29 @@ void findAllMember() {
     @DisplayName("회원을 단일 조회한다.")
     void findMemberById() {
         // given
-        Member member = memberRepository.save(
-                MemberFixture.create("member", "member@naver.com", Role.USER)
-        );
-
         // when
-        MemberDetailResponse response = memberQueryService.findById(member.getId());
+        MemberDetailResponse response = memberQueryService.findById(authMember, member.getId());
 
         // then
         assertThat(response).usingRecursiveComparison()
                 .isEqualTo(MemberDetailResponse.from(member));
     }
 
     @Test
-    @DisplayName("조회하려는 회원이 없는 경우 예외를 반환한다.")
+    @DisplayName("조회하려는 회원이 없는 경우 본인이 아니므로 예외를 반환한다.")
     void findMemberById_whenNoneExists_thenFail() {
         // given when then
-        assertThatThrownBy(() -> memberQueryService.findById(Long.MAX_VALUE))
-                .isInstanceOf(MemberNotFoundException.class);
+        assertThatThrownBy(() -> memberQueryService.findById(authMember, Long.MAX_VALUE))
+                .isInstanceOf(MemberForbiddenException.class);
     }
 
+    @Test
+    @DisplayName("조회하려는 회원이 본인이 아닌 경우 예외를 반환한다.")
+    void findMemberById_whenNotSameMember_thenFail() {
+        // given when then
+        assertThatThrownBy(() -> memberQueryService.findById(authMember, Long.MAX_VALUE))
+                .isInstanceOf(MemberForbiddenException.class);
+    }
 
     @Test
     @DisplayName("즐겨찾기 목록에 추가 된 토픽을 조회할 수 있다")
@@ -158,7 +162,7 @@ void findAtlasByMember_Success() {
     }
 
     @Test
-    @DisplayName("")
+    @DisplayName("로그인한 회원의 모든 지도를 가져올 수 있다.")
     void findMyAllTopics_Success() {
         //when
         List<TopicResponse> myAllTopics = memberQueryService.findMyAllTopics(authMember);
@@ -198,5 +202,5 @@ void findMyAllPins_Success() {
                 .isEqualTo(pinIds);
 
     }
-    
+
 }

backend/src/test/java/com/mapbefine/mapbefine/member/domain/MemberResponseTest.java

@@ -25,8 +25,6 @@ void createMemberResponse_success() {
         // then
         assertThat(memberResponse.nickName())
                 .isEqualTo(member.getMemberInfo().getNickName());
-        assertThat(memberResponse.email())
-                .isEqualTo(member.getMemberInfo().getEmail());
     }
 
 }

backend/src/test/java/com/mapbefine/mapbefine/member/presentation/MemberControllerTest.java

@@ -31,13 +31,11 @@ void findAllMember() throws Exception {
         List<MemberResponse> memberResponses = List.of(
                 new MemberResponse(
                         1L,
-                        "member1",
-                        "member1@member.com"
+                        "member1"
                 ),
                 new MemberResponse(
                         2L,
-                        "member2",
-                        "member2@member.com"
+                        "member2"
                 )
         );
 
@@ -60,7 +58,7 @@ void findMemberById() throws Exception {
                 LocalDateTime.now()
         );
 
-        given(memberQueryService.findById(any())).willReturn(memberDetailResponse);
+        given(memberQueryService.findById(any(), any())).willReturn(memberDetailResponse);
 
         mockMvc.perform(
                 MockMvcRequestBuilders.get("/members/1")

backend/src/test/java/com/mapbefine/mapbefine/permission/presentation/PermissionControllerTest.java

@@ -52,8 +52,8 @@ void deletePermission() throws Exception {
     @DisplayName("특정 토픽 접근 정보 조회(권한 회원 목록, 공개 여부)")
     void findTopicAccessDetailByTopicId() throws Exception {
         List<PermissionedMemberResponse> permissionedMembers = List.of(
-                new PermissionedMemberResponse(1L, new MemberResponse(1L, "member", "member@naver.com")),
-                new PermissionedMemberResponse(1L, new MemberResponse(2L, "memberr", "memberr@naver.com"))
+                new PermissionedMemberResponse(1L, new MemberResponse(1L, "member")),
+                new PermissionedMemberResponse(1L, new MemberResponse(2L, "memberr"))
         );
         TopicAccessDetailResponse response = new TopicAccessDetailResponse(Publicity.PUBLIC, permissionedMembers);