[feat] 작곡가 삭제 API 추가

[k3vin7]

Summary

• DELETE /composers/{composerId} 엔드포인트 추가 (204 No Content)
• 어드민(id=5)만 호출 가능, 그 외 403

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

이 PR은 시스템 관리자가 작곡가 데이터를 효율적으로 관리할 수 있도록 작곡가 삭제 기능을 도입합니다. 특정 작곡가를 안전하게 제거할 수 있는 RESTful API 엔드포인트를 제공하며, 데이터 무결성을 위해 관리자 권한을 엄격하게 확인합니다.

Highlights

• 작곡가 삭제 API 추가: DELETE /composers/{composerId} 엔드포인트를 추가하여 특정 작곡가를 삭제할 수 있도록 했습니다.
• 관리자 권한 확인: 작곡가 삭제 기능은 사용자 ID가 5인 관리자만 호출할 수 있도록 권한 검증 로직을 추가했습니다.
• 응답 상태 코드: 삭제 성공 시 HTTP 204 No Content 상태 코드를 반환하도록 설정했습니다.
• 테스트 코드 추가: 새로 추가된 작곡가 삭제 API에 대한 통합 테스트 코드를 작성했습니다.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• src/main/java/com/daramg/server/composer/application/ComposerService.java
  • deleteComposer 메서드를 추가하여 특정 작곡가를 삭제하고, 관리자(ID 5)만 접근 가능하도록 권한 검사를 구현했습니다.
• src/main/java/com/daramg/server/composer/presentation/ComposerController.java
  • DELETE /composers/{composerId} 엔드포인트를 추가하고, deleteComposer 서비스 메서드를 호출하도록 연결했습니다.
  • 성공 시 HttpStatus.NO_CONTENT를 반환하도록 설정했습니다.
• src/test/java/com/daramg/server/composer/presentation/ComposerControllerTest.java
  • 작곡가를_삭제한다라는 이름의 테스트 케이스를 추가하여 DELETE /composers/{composerId} 엔드포인트의 동작을 검증했습니다.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a new API endpoint for deleting composers (DELETE /composers/{composerId}). However, a significant security concern has been identified regarding the authorization logic. The use of a hardcoded user ID (5L) for administrator identification is an insecure approach that could lead to privilege escalation. Beyond this, the current implementation also raises maintainability concerns due to the hardcoded ID in ComposerService and lacks comprehensive test cases in ComposerControllerTest for unauthorized access scenarios. It is strongly recommended to transition to a robust role-based access control (RBAC) system and add the necessary tests.

[gemini-code-assist]

The authorization check relies on a hardcoded user ID (5L) to identify the administrator. This is a critical security vulnerability as user IDs are often predictable, potentially leading to privilege escalation if a regular user is assigned this ID. It also introduces maintainability issues, as this 'magic number' is difficult to understand and manage if admin policies change. It is strongly recommended to implement a proper Role-Based Access Control (RBAC) system. This involves adding a role field to the User entity and checking for an ADMIN role instead of a hardcoded ID. This will enhance both security and maintainability.

Suggested change

	if (user.getId() != 5L) {
	throw new BusinessException(CommonErrorStatus.FORBIDDEN);
	}
	if (!user.isAdmin()) {
	throw new BusinessException(CommonErrorStatus.FORBIDDEN);
	}

[gemini-code-assist]

현재 테스트는 작곡가 삭제 성공 케이스(204 No Content)만 검증하고 있습니다. 하지만 서비스 로직에는 관리자(ID=5)만 삭제를 수행할 수 있는 권한 검사 로직이 포함되어 있습니다.

권한이 없는 사용자가 삭제를 시도했을 때 예상대로 403 Forbidden 응답을 반환하는지에 대한 테스트 케이스를 추가하여 코드의 안정성을 높이는 것이 좋습니다.