Skip to content

Commit d8fc591

Browse files
thingineeerthingineeer
committed
feat: 관리자 삭제 권한 최소 변경 (isAdmin 체크만)
- EntityManager 및 FK 처리 제거, 순수 권한 로직만 추가 - userId 280 관리자 소유권 검증 우회
1 parent b29b09f commit d8fc591

1 file changed

Lines changed: 4 additions & 1 deletion

File tree

src/main/java/org/runnect/server/publicCourse/service/PublicCourseService.java

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,7 @@
4848
public class PublicCourseService {
4949
private static final Integer PAGE_SIZE = 10;
5050
private static List<Long> MARATHON_PUBLIC_COURSE_IDS;
51+
private static final Long ADMIN_USER_ID = 280L;
5152

5253
private final PublicCourseRepository publicCourseRepository;
5354
private final UserRepository userRepository;
@@ -350,8 +351,10 @@ public DeletePublicCoursesResponseDto deletePublicCourses(
350351
throw new NotFoundException(ErrorStatus.NOT_FOUND_PUBLICCOURSE_EXCEPTION, ErrorStatus.NOT_FOUND_PUBLICCOURSE_EXCEPTION.getMessage());
351352
}
352353

354+
boolean isAdmin = userId.equals(ADMIN_USER_ID);
355+
353356
publicCourses.stream()
354-
.filter(pc -> !pc.getCourse().getRunnectUser().equals(user))
357+
.filter(pc -> !isAdmin && !pc.getCourse().getRunnectUser().equals(user))
355358
.findAny()
356359
.ifPresent(pc -> {
357360
throw new PermissionDeniedException(

0 commit comments

Comments
 (0)