feat: 출금신청 브랜드 관리자만 접근가능하도록(#346)

TrandPick · Jul 9, 2023 · ba17b07 · ba17b07
1 parent bb3f813
commit ba17b07
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/src/main/java/project/trendpick_pro/domain/rebate/controller/AdmRebateController.java b/src/main/java/project/trendpick_pro/domain/rebate/controller/AdmRebateController.java
@@ -29,9 +29,13 @@
 public class AdmRebateController {
         private final RebateService rebateService;
         private final Rq rq;
+
         @GetMapping("/makeData")
         @PreAuthorize("hasAuthority({'BRAND_ADMIN'})")
         public String showMakeData() {
+                if(!rq.getRollMember().getRole().getValue().equals("BRAND_ADMIN")){
+                        return rq.historyBack("브랜드 관리자만 접근할 수 있습니다.");
+                }
                 return "trendpick/admin/makeData";
         }
 
@@ -49,6 +53,10 @@ public String makeData(String yearMonth) {
         @GetMapping("/rebateOrderItemList")
         @PreAuthorize("hasAuthority({'BRAND_ADMIN'})")
         public String showRebateOrderItemList(String yearMonth, Model model) {
+                if(!rq.getRollMember().getRole().getValue().equals("BRAND_ADMIN")){
+                        return rq.historyBack("브랜드 관리자만 접근할 수 있습니다.");
+                }
+
                 if (!StringUtils.hasText(yearMonth)) {
                         yearMonth = Ut.date.getCurrentYearMonth();
                 }
@@ -75,7 +83,6 @@ public String rebateOne(@PathVariable long orderItemId, HttpServletRequest req)
         @PostMapping("/rebate")
         @PreAuthorize("hasAuthority({'BRAND_ADMIN'})")
         public String rebate(String ids, HttpServletRequest req) {
-
                 String[] idsArr = ids.split(",");
 
                 Arrays.stream(idsArr)

diff --git a/src/main/java/project/trendpick_pro/domain/withdraw/controller/WithdrawController.java b/src/main/java/project/trendpick_pro/domain/withdraw/controller/WithdrawController.java
@@ -10,6 +10,7 @@
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import project.trendpick_pro.domain.common.base.rq.Rq;
+import project.trendpick_pro.domain.member.entity.Member;
 import project.trendpick_pro.domain.member.service.MemberService;
 import project.trendpick_pro.domain.withdraw.entity.WithdrawApply;
 import project.trendpick_pro.domain.withdraw.entity.dto.WithDrawApplyForm;
@@ -27,6 +28,9 @@ public class WithdrawController {
 
     @GetMapping("/withDraw")
     public String showApply(Model model) {
+        if(!rq.getRollMember().getRole().getValue().equals("BRAND_ADMIN")){
+            return rq.historyBack("브랜드 관리자만 접근할 수 있습니다.");
+        }
         long actorRestCash = memberService.getRestCash(rq.getBrandMember());
         model.addAttribute("actorRestCash", actorRestCash);