feat: update 권한이 없는 admin이 updateObject view에 접근할 경우 경로 추가

twentiethcenturygangsta · Jul 2, 2023 · 0bb36f3 · 0bb36f3
1 parent d0f2685
commit 0bb36f3
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/...ain/java/com/github/twentiethcenturygangsta/adminboard/view/AdminBoardViewController.java b/...ain/java/com/github/twentiethcenturygangsta/adminboard/view/AdminBoardViewController.java
@@ -130,6 +130,11 @@ public String TaskView( Model model, HttpServletRequest request) {
     public String createObjectView(Model model, HttpServletRequest request, @PathVariable("entityName") String entityName) {
         getSideBarModel(model);
         getNavBarModel(model, request);
+        HttpSession session = request.getSession();
+        Boolean createAuthority = (Boolean) session.getAttribute("createAuthority");
+        if(!createAuthority) {
+            return "redirect:/admin-board/" + entityName;
+        }
         model.addAttribute("entity", adminBoardFactory.getEntity(entityName));
         model.addAttribute("entityName", entityName);
         model.addAttribute("entities", adminBoardFactory.getEntities());
@@ -146,6 +151,11 @@ public String updateObjectView(
     ) {
         getSideBarModel(model);
         getNavBarModel(model, request);
+        HttpSession session = request.getSession();
+        Boolean updateAuthority = (Boolean) session.getAttribute("updateAuthority");
+        if(!updateAuthority) {
+            return "redirect:/admin-board/" + entityName +"/object/" + id;
+        }
         model.addAttribute("entity", adminBoardFactory.getEntity(entityName));
         model.addAttribute("entityName", entityName);
         model.addAttribute("entities", adminBoardFactory.getEntities());