Fix: Fix Diary Authorization

src/main/java/com/khureturn/community/controller/DiaryCommentController.java

@@ -8,6 +8,7 @@
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import java.security.Principal;
@@ -20,32 +21,36 @@ public class DiaryCommentController {
 
     private final DiaryCommentService diaryCommentService;
 
+    @PreAuthorize("isAuthenticated()")
     @PostMapping("/diary/{postId}/comment")
     public ResponseEntity<DiaryCommentResponseDto.CreateDiaryCommentDto> createComment(Principal principal, @PathVariable(name = "postId")Long postId, @RequestBody DiaryCommentRequestDto.CreateCommentDto request){
         DiaryComment diaryComment = diaryCommentService.create(postId, request, principal);
         return ResponseEntity.ok(DiaryCommentResponseDto.CreateDiaryCommentDto.builder().commentId(diaryComment.getId()).build());
     }
 
+    @PreAuthorize("isAuthenticated()")
     @PatchMapping("/diary/{postId}/comment/{commentId}")
     public ResponseEntity<DiaryCommentResponseDto.UpdateDiaryCommentDto> updateComment(@PathVariable(name = "postId")Long postId, @PathVariable(name = "commentId")Long commentId, @RequestBody DiaryCommentRequestDto.UpdateCommentDto request){
         DiaryComment diaryComment = diaryCommentService.update(postId, commentId, request);
         return ResponseEntity.ok(DiaryCommentResponseDto.UpdateDiaryCommentDto.builder().commentId(diaryComment.getId()).build());
     }
 
-    // 댓글 조회
+    @PreAuthorize("isAuthenticated()")
     @GetMapping("/diary/{postId}/comment")
     public ResponseEntity<List<DiaryCommentResponseDto.CommentDto>> getComment(@PathVariable(name = "postId")Long postId){
         List<DiaryComment> commentList = diaryCommentService.findAllByDiary(postId);
         return ResponseEntity.ok(DiaryConverter.toCommentListDto(commentList));
     }
 
+    @PreAuthorize("isAuthenticated()")
     @DeleteMapping("/diary/{postId}/comment/{commentId}")
     public ResponseEntity<Void> deleteComment(@PathVariable(name = "postId")Long postId, @PathVariable(name = "commentId")Long commentId){
         diaryCommentService.delete(postId,commentId);
         return ResponseEntity.ok().build();
     }
 
     // 대댓글 작성
+    @PreAuthorize("isAuthenticated()")
     @PostMapping("/diary/{postId}/comment/{commentId}/recomment")
     public ResponseEntity<DiaryCommentResponseDto.CreateDiaryCommentDto> createReComment(Principal principal, @PathVariable(name = "postId")Long postId,
                                                                                          @PathVariable(name = "commentId")Long commentId,
@@ -56,14 +61,15 @@ public ResponseEntity<DiaryCommentResponseDto.CreateDiaryCommentDto> createReCom
     }
 
     // 대댓글 조회
+    @PreAuthorize("isAuthenticated()")
     @GetMapping("/diary/{postId}/comment/{commentId}/recomment")
     public ResponseEntity<List<DiaryCommentResponseDto.CommentDto>> getRecomment(@PathVariable(name = "postId")Long postId,
                                                                                  @PathVariable(name = "commentId")Long commentId){
         List<DiaryComment> commentList = diaryCommentService.findAllByDiaryAndComment(postId, commentId);
         return ResponseEntity.ok(DiaryConverter.toCommentListDto(commentList));
     }
 
-
+    @PreAuthorize("isAuthenticated()")
     @PatchMapping("/diary/{postId}/comment/{commentId}/recomment/{recommentId}")
     public ResponseEntity<DiaryCommentResponseDto.UpdateDiaryCommentDto> updateRecomment(@PathVariable(name = "postId")Long postId,
                                                                                          @PathVariable(name = "commentId")Long commentId,
@@ -73,6 +79,7 @@ public ResponseEntity<DiaryCommentResponseDto.UpdateDiaryCommentDto> updateRecom
         return ResponseEntity.ok(DiaryCommentResponseDto.UpdateDiaryCommentDto.builder().commentId(diaryComment.getId()).build());
     }
 
+    @PreAuthorize("isAuthenticated()")
     @DeleteMapping("/diary/{postId}/comment/{commentId}/recomment/{recommentId}")
     public ResponseEntity<Void> deleteRecomment(@PathVariable(name = "postId")Long postId,
                                                 @PathVariable(name = "commentId")Long commentId,

src/main/java/com/khureturn/community/controller/DiaryController.java

@@ -14,6 +14,7 @@
 import lombok.extern.slf4j.Slf4j;
 import org.hibernate.validator.constraints.ModCheck;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
 
@@ -33,20 +34,24 @@ public class DiaryController {
 
     private final MemberService memberService;
 
+    @PreAuthorize("isAuthenticated()")
     @PostMapping("")
     public ResponseEntity<DiaryResponseDto.CreateDiaryDto> createDiary(Principal principal, @RequestPart(value = "mediaList", required= false)List<MultipartFile> mediaList,
                                                                        @RequestPart(value = "data")DiaryRequestDto.CreateDiaryDto data) throws IOException {
         Diary diary = diaryService.create(mediaList, data, principal);
         return ResponseEntity.ok(DiaryResponseDto.CreateDiaryDto.builder().postId(diary.getId()).build());
     }
 
+    @PreAuthorize("isAuthenticated()")
     @PutMapping("/{postId}")
     public ResponseEntity<DiaryResponseDto.UpdateDiaryDto> updateDiary(@PathVariable(name = "postId")Long postId, @RequestBody DiaryRequestDto.UpdateDiaryDto data){
         Diary diary = diaryService.update(postId, data);
         return ResponseEntity.ok(DiaryResponseDto.UpdateDiaryDto.builder().postId(diary.getId()).build());
     }
 
+
     // 일기장 상세조회
+    @PreAuthorize("isAuthenticated()")
     @GetMapping("/{postId}")
     public ResponseEntity<DiaryResponseDto.DiaryDto> getDiary(@PathVariable(name = "postId") Long postId){
         Diary diary = diaryService.findById(postId);
@@ -81,7 +86,7 @@ public ResponseEntity<List<DiaryResponseDto.DiarySortDto>> getDiaryListByView(@R
         return ResponseEntity.ok(DiaryConverter.toDiarySortDto(diaryList));
 
     }
-
+    @PreAuthorize("isAuthenticated()")
     @DeleteMapping("/{postId}")
     public ResponseEntity<Void> deleteDiary(@PathVariable(name = "postId")Long postId){
         diaryService.delete(postId);

src/main/java/com/khureturn/community/controller/DiaryLikeController.java

@@ -7,6 +7,7 @@
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import java.security.Principal;
@@ -20,6 +21,7 @@ public class DiaryLikeController {
     private final DiaryLikeService diaryLikeService;
     private final MemberService memberService;
 
+    @PreAuthorize("isAuthenticated()")
     @PostMapping("/{postId}/like")
     public ResponseEntity<Void> createLike(Principal principal, @PathVariable(name = "postId")Long postId){
         String name = principal.getName();
@@ -28,6 +30,7 @@ public ResponseEntity<Void> createLike(Principal principal, @PathVariable(name =
         return ResponseEntity.ok().build();
     }
 
+    @PreAuthorize("isAuthenticated()")
     @DeleteMapping("/{postId}/like")
     public ResponseEntity<Void> deleteLike(Principal principal, @PathVariable(name = "postId")Long postId){
         String name = principal.getName();

src/main/java/com/khureturn/community/controller/DiaryScrapController.java

@@ -6,6 +6,7 @@
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import java.security.Principal;
@@ -19,6 +20,7 @@ public class DiaryScrapController {
     private final DiaryScrapService diaryScrapService;
     private final MemberService memberService;
 
+    @PreAuthorize("isAuthenticated()")
     @PostMapping("/{postId}/bookmark")
     public ResponseEntity<Void> createLike(Principal principal, @PathVariable(name = "postId")Long postId){
         String name = principal.getName();
@@ -27,6 +29,7 @@ public ResponseEntity<Void> createLike(Principal principal, @PathVariable(name =
         return ResponseEntity.ok().build();
     }
 
+    @PreAuthorize("isAuthenticated()")
     @DeleteMapping("/{postId}/bookmark")
     public ResponseEntity<Void> deleteLike(Principal principal, @PathVariable(name = "postId")Long postId){
         String name = principal.getName();