refactor: Security 권한 설정 수정 (#111)

Author: dongcarry96

src/main/java/com/iitp/domains/cart/controller/command/CartCommandController.java

@@ -8,12 +8,14 @@
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.RequiredArgsConstructor;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 @RequiredArgsConstructor
 @RequestMapping("/api/carts")
 @RestController
 @Tag(name = "장바구니 Command API", description = "장바구니 Command API")
+@PreAuthorize("hasRole('USER')")
 public class CartCommandController {
     private final CartCommandService cartCommandService;
 

src/main/java/com/iitp/domains/cart/controller/query/CartQueryController.java

@@ -9,12 +9,14 @@
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.RequiredArgsConstructor;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 @RequiredArgsConstructor
 @RequestMapping("/api/carts")
 @RestController
 @Tag(name = "카트 Query API", description = "카트 Query API")
+@PreAuthorize("hasRole('USER')")
 public class CartQueryController {
     private final CartQueryService cartQueryService;
 

src/main/java/com/iitp/domains/favorite/controller/FavoriteController.java

@@ -8,6 +8,7 @@
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.RequiredArgsConstructor;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.web.bind.annotation.PatchMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -18,6 +19,7 @@
 @RequestMapping("/api/stores")
 @RequiredArgsConstructor
 @Tag(name = "찜", description = "가게에 대한 찜 API")
+@PreAuthorize("hasRole('USER')")
 public class FavoriteController {
     private final FavoriteCommandService favoriteCommandService;
 

src/main/java/com/iitp/domains/map/controller/command/MapCommandController.java

@@ -6,6 +6,7 @@
 import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;

src/main/java/com/iitp/domains/map/controller/query/MapQueryController.java

@@ -19,12 +19,12 @@
 @RequestMapping("/api/maps")
 @RequiredArgsConstructor
 @Tag(name = "지도 API", description = "지도 관련 API")
+@PreAuthorize("isAuthenticated()")
 public class MapQueryController {
     private final MapQueryService mapQueryService;
 
     @Operation(summary = "근처 가게 마커 조회")
     @GetMapping("/markers")
-    @PreAuthorize("isAuthenticated()")
     public ApiResponse<List<MapMarkerResponseDto>> getNearbyStoreMarkers(
             @RequestParam Double latitude,
             @RequestParam Double longitude,
@@ -37,7 +37,6 @@ public ApiResponse<List<MapMarkerResponseDto>> getNearbyStoreMarkers(
 
     @Operation(summary = "가게 지도 요약 조회")
     @GetMapping("/{storeId}/summary")
-    @PreAuthorize("isAuthenticated()")
     public ApiResponse<MapSummaryResponseDto> getStoreSummary(
             @PathVariable Long storeId,
             @RequestParam Double latitude,
@@ -50,7 +49,6 @@ public ApiResponse<MapSummaryResponseDto> getStoreSummary(
 
     @Operation(summary = "가게 지도 목록 조회")
     @GetMapping("/lists")
-    @PreAuthorize("isAuthenticated()")
     public ApiResponse<MapListScrollResponseDto> getNearbyStoreList(
             @RequestParam Double latitude,
             @RequestParam Double longitude,

src/main/java/com/iitp/domains/member/controller/command/BusinessCommandController.java

@@ -10,6 +10,7 @@
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -20,6 +21,7 @@
 @RequestMapping("/api/members/business")
 @Slf4j
 @Tag(name="사업자번호 승인 관리", description = "사업자 등록 승인 관련 API")
+@PreAuthorize("permitAll()")
 public class BusinessCommandController {
     private final EmailCreateService emailCreateService;
     private final MemberCommandService memberCommandService;

src/main/java/com/iitp/domains/member/controller/command/LocationCommandController.java

@@ -40,6 +40,7 @@ public ApiResponse<LocationResponseDto> addAddress(
     @Operation(summary = "기본 주소 변경",
             description = "특정 주소를 기본 주소로 설정합니다.")
     @PatchMapping("/{addressId}/setDefault")
+    @PreAuthorize("isAuthenticated()")
     public ApiResponse<LocationResponseDto> setDefaultAddress(
             @Parameter(description = "기본 주소로 설정할 주소 ID", required = true)
             @PathVariable Long addressId) {

src/main/java/com/iitp/domains/member/controller/command/MemberCommandController.java

@@ -23,13 +23,13 @@
 @RequiredArgsConstructor
 @Slf4j
 @Tag(name = "인증 관리", description = "회원가입, 로그인,닉네임 수정, 로그아웃 API")
+@PreAuthorize("hasRole('USER')")
 public class MemberCommandController {
     private final MemberCommandService memberCommandService;
 
     // 회원 탈퇴
     @Operation(summary = "회원 탈퇴", description = "현재 로그인한 회원을 탈퇴 처리합니다.")
     @PatchMapping("/delete")
-    @PreAuthorize("isAuthenticated()")
     public ApiResponse<String> deleteMember() {
         Long memberId = SecurityUtil.getCurrentMemberId();
         memberCommandService.deleteMember(memberId);
@@ -38,7 +38,6 @@ public ApiResponse<String> deleteMember() {
 
     @Operation(summary = "닉네임 수정", description = "현재 로그인한 회원의 닉네임을 수정합니다.")
     @PatchMapping("/nickname")
-    @PreAuthorize("isAuthenticated()")
     public ApiResponse<MemberUpdateNicknameResponseDto> updateNickname(
             @Valid @RequestBody MemberUpdateNicknameRequestDto request) {
 
@@ -51,7 +50,6 @@ public ApiResponse<MemberUpdateNicknameResponseDto> updateNickname(
     @Operation(summary = "새 위치 추가",
             description = "현재 로그인한 회원의 새로운 위치를 추가합니다.")
     @PostMapping("/location")
-    @PreAuthorize("isAuthenticated()")
     public ApiResponse<LocationResponseDto> addLocation(
             @Valid @RequestBody LocationCreateRequestDto request) {
         Long memberId = SecurityUtil.getCurrentMemberId();

src/main/java/com/iitp/domains/member/controller/query/EnvironmentQueryController.java

@@ -21,13 +21,13 @@
 @RequiredArgsConstructor
 @Slf4j
 @Tag(name = "환경 데이터", description = "환경 조회 API")
+@PreAuthorize("isAuthenticated()")
 public class EnvironmentQueryController {
     private final EnvironmentQueryService environmentQueryService;
 
     @Operation(summary = "환경 정보 조회",
             description = "현재 로그인한 회원의 환경 레벨, 환경점수, 주문횟수, 다회용기 이용횟수를 조회합니다.")
     @GetMapping("/me")
-    @PreAuthorize("isAuthenticated()")
     public ApiResponse<EnvironmentResponseDto> getCurrentEnvironmentLevel() {
         Long memberId = SecurityUtil.getCurrentMemberId();
         log.info("현재 환경 레벨 조회 - memberId: {}", memberId);

src/main/java/com/iitp/domains/member/controller/query/LocationQueryController.java

@@ -20,13 +20,13 @@
 @RequestMapping("/api/addresses")
 @RestController
 @Slf4j
+@PreAuthorize("hasRole('USER')")
 public class LocationQueryController {
     private final LocationQueryService locationQueryService;
 
     @Operation(summary = "주소 목록 조회",
             description = "현재 로그인한 회원의 모든 주소를 조회합니다.")
     @GetMapping("")
-    @PreAuthorize("isAuthenticated()")
     public ApiResponse<List<LocationResponseDto>> getMyAddresses() {
         Long memberId = SecurityUtil.getCurrentMemberId();
         log.info("주소 목록 조회 - memberId: {}", memberId);
@@ -39,7 +39,6 @@ public ApiResponse<List<LocationResponseDto>> getMyAddresses() {
     @Operation(summary = "현재 기본 주소 조회",
             description = "현재 설정된 기본 주소만 조회합니다.")
     @GetMapping("/default")
-    @PreAuthorize("isAuthenticated()")
     public ApiResponse<LocationResponseDto> getDefaultAddress() {
         Long memberId = SecurityUtil.getCurrentMemberId();
         log.info("기본 주소 조회 - memberId: {}", memberId);