From 412f4a0d5e2682b627d1727aa05e3a8b95ec36ff Mon Sep 17 00:00:00 2001 From: teddy Date: Tue, 30 Dec 2025 11:28:52 +0900 Subject: [PATCH 1/2] =?UTF-8?q?=EB=A9=94=EB=89=B4=20=EA=B6=8C=ED=95=9C=20?= =?UTF-8?q?=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../auth/MenuAuthorizationManager.java | 37 +++++++++++++++++-- .../cd/kamcoback/config/SecurityConfig.java | 5 ++- .../repository/menu/MenuRepositoryCustom.java | 8 ++++ .../repository/menu/MenuRepositoryImpl.java | 17 +++++++++ 4 files changed, 62 insertions(+), 5 deletions(-) diff --git a/src/main/java/com/kamco/cd/kamcoback/auth/MenuAuthorizationManager.java b/src/main/java/com/kamco/cd/kamcoback/auth/MenuAuthorizationManager.java index 0cc3db39..021332e9 100644 --- a/src/main/java/com/kamco/cd/kamcoback/auth/MenuAuthorizationManager.java +++ b/src/main/java/com/kamco/cd/kamcoback/auth/MenuAuthorizationManager.java @@ -45,19 +45,50 @@ public class MenuAuthorizationManager implements AuthorizationManager allowedMenus = menuAuthQueryRepository.findAllowedMenuUrlsByRole(role); + boolean isAdmin = "ADMIN".equalsIgnoreCase(role); + // URL별 권한 조회 + List matchedMenus = menuAuthQueryRepository.findMenusByRequestPath(requestPath); + + boolean isProtectedUrl = matchedMenus != null && !matchedMenus.isEmpty(); + + // URL별 권한에 라벨러, 검수자 권한이 있으면 , ADMIN도 false + if (isProtectedUrl) { + List allowedMenus = menuAuthQueryRepository.findAllowedMenuUrlsByRole(role); + if (allowedMenus == null || allowedMenus.isEmpty()) { + return new AuthorizationDecision(false); + } + + for (MenuEntity menu : allowedMenus) { + String baseUri = menu.getMenuUrl(); + if (baseUri == null || baseUri.isBlank()) { + continue; + } + + if (matchUri(baseUri, requestPath)) { + return new AuthorizationDecision(true); + } + } + return new AuthorizationDecision(false); + } + + // ✅ 3) 보호 URL이 아니면 ADMIN은 전부 허용 + if (isAdmin) { + return new AuthorizationDecision(true); + } + + // ✅ 4) 일반 role은 기존대로 매핑 기반 + List allowedMenus = menuAuthQueryRepository.findAllowedMenuUrlsByRole(role); if (allowedMenus == null || allowedMenus.isEmpty()) { return new AuthorizationDecision(false); } - // menu_url(prefix) 기반 접근 허용 판단 for (MenuEntity menu : allowedMenus) { String baseUri = menu.getMenuUrl(); if (baseUri == null || baseUri.isBlank()) { continue; } + if (matchUri(baseUri, requestPath)) { return new AuthorizationDecision(true); } diff --git a/src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java b/src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java index 1acaf5f4..dca50109 100644 --- a/src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java +++ b/src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java @@ -83,9 +83,10 @@ public class SecurityConfig { .requestMatchers("/api/user/**") .authenticated() .anyRequest() - // .access(redisAuthorizationManager) + .access(menuAuthorizationManager) - .authenticated()) + // .authenticated() + ) .addFilterBefore( jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter diff --git a/src/main/java/com/kamco/cd/kamcoback/postgres/repository/menu/MenuRepositoryCustom.java b/src/main/java/com/kamco/cd/kamcoback/postgres/repository/menu/MenuRepositoryCustom.java index 775ff647..c1e7db63 100644 --- a/src/main/java/com/kamco/cd/kamcoback/postgres/repository/menu/MenuRepositoryCustom.java +++ b/src/main/java/com/kamco/cd/kamcoback/postgres/repository/menu/MenuRepositoryCustom.java @@ -22,4 +22,12 @@ public interface MenuRepositoryCustom { * @return */ List findAllowedMenuUrlsByRole(String role); + + /** + * url별 역할 + * + * @param requestPath + * @return + */ + List findMenusByRequestPath(String requestPath); } diff --git a/src/main/java/com/kamco/cd/kamcoback/postgres/repository/menu/MenuRepositoryImpl.java b/src/main/java/com/kamco/cd/kamcoback/postgres/repository/menu/MenuRepositoryImpl.java index 62a91213..b4919fd4 100644 --- a/src/main/java/com/kamco/cd/kamcoback/postgres/repository/menu/MenuRepositoryImpl.java +++ b/src/main/java/com/kamco/cd/kamcoback/postgres/repository/menu/MenuRepositoryImpl.java @@ -79,4 +79,21 @@ public class MenuRepositoryImpl implements MenuRepositoryCustom { .orderBy(menuEntity.menuOrder.asc().nullsLast()) .fetch(); } + + @Override + public List findMenusByRequestPath(String requestPath) { + return queryFactory + .selectDistinct(menuEntity) + .from(menuMappEntity) + .join(menuMappEntity.menuUid, menuEntity) + .where( + menuMappEntity.deleted.isFalse(), + menuEntity.deleted.isFalse(), + menuEntity.isUse.isTrue(), + menuEntity.menuUrl.isNotNull(), + menuEntity.menuUrl.isNotEmpty(), + menuEntity.menuUrl.eq(requestPath)) + .orderBy(menuEntity.menuOrder.asc().nullsLast()) + .fetch(); + } } From 03231775fddf8dae5dea6cfc4ca1ff5cf3840efa Mon Sep 17 00:00:00 2001 From: teddy Date: Tue, 30 Dec 2025 15:12:10 +0900 Subject: [PATCH 2/2] =?UTF-8?q?shp=20=ED=8C=8C=EC=9D=BC=EC=83=9D=EC=84=B1?= =?UTF-8?q?=20baseurl=20=EC=84=A4=EC=A0=95=20=EC=B6=94=EA=B0=80,=20?= =?UTF-8?q?=EC=B6=94=EB=A1=A0=EB=8D=B0=EC=9D=B4=ED=84=B0=20=ED=85=8C?= =?UTF-8?q?=EC=9D=B4=EB=B8=94=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../cd/kamcoback/auth/MenuAuthorizationManager.java | 11 ++++------- .../inference/service/InferenceResultShpService.java | 7 ++++--- .../entity/MapSheetAnalDataInferenceGeomEntity.java | 6 ++++++ src/main/resources/application-dev.yml | 2 ++ src/main/resources/application-local.yml | 6 ++++++ src/main/resources/application-prod.yml | 6 +++++- 6 files changed, 27 insertions(+), 11 deletions(-) diff --git a/src/main/java/com/kamco/cd/kamcoback/auth/MenuAuthorizationManager.java b/src/main/java/com/kamco/cd/kamcoback/auth/MenuAuthorizationManager.java index 021332e9..a9e8b11c 100644 --- a/src/main/java/com/kamco/cd/kamcoback/auth/MenuAuthorizationManager.java +++ b/src/main/java/com/kamco/cd/kamcoback/auth/MenuAuthorizationManager.java @@ -1,13 +1,12 @@ package com.kamco.cd.kamcoback.auth; +import com.kamco.cd.kamcoback.common.enums.RoleType; import com.kamco.cd.kamcoback.postgres.entity.MenuEntity; import com.kamco.cd.kamcoback.postgres.repository.menu.MenuRepository; import jakarta.servlet.http.HttpServletRequest; import java.util.List; import java.util.function.Supplier; import lombok.RequiredArgsConstructor; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; import org.springframework.security.authorization.AuthorizationDecision; import org.springframework.security.authorization.AuthorizationManager; import org.springframework.security.core.Authentication; @@ -24,8 +23,6 @@ import org.springframework.stereotype.Component; @RequiredArgsConstructor public class MenuAuthorizationManager implements AuthorizationManager { - private static final Logger log = LogManager.getLogger(MenuAuthorizationManager.class); - private final MenuRepository menuAuthQueryRepository; @Override @@ -45,7 +42,7 @@ public class MenuAuthorizationManager implements AuthorizationManager matchedMenus = menuAuthQueryRepository.findMenusByRequestPath(requestPath); @@ -72,12 +69,12 @@ public class MenuAuthorizationManager implements AuthorizationManager allowedMenus = menuAuthQueryRepository.findAllowedMenuUrlsByRole(role); if (allowedMenus == null || allowedMenus.isEmpty()) { return new AuthorizationDecision(false); diff --git a/src/main/java/com/kamco/cd/kamcoback/inference/service/InferenceResultShpService.java b/src/main/java/com/kamco/cd/kamcoback/inference/service/InferenceResultShpService.java index 6a578e32..980a5a22 100644 --- a/src/main/java/com/kamco/cd/kamcoback/inference/service/InferenceResultShpService.java +++ b/src/main/java/com/kamco/cd/kamcoback/inference/service/InferenceResultShpService.java @@ -5,6 +5,7 @@ import com.kamco.cd.kamcoback.inference.dto.WriteCnt; import com.kamco.cd.kamcoback.postgres.core.InferenceResultShpCoreService; import java.util.List; import lombok.RequiredArgsConstructor; +import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; @@ -16,6 +17,9 @@ public class InferenceResultShpService { private final InferenceResultShpCoreService coreService; private final ShpWriter shpWriter; + @Value("${mapsheet.shp.baseurl}") + private String baseDir; + /** inference_results 테이블을 기준으로 분석 결과 테이블과 도형 테이블을 최신 상태로 반영한다. */ @Transactional public InferenceResultShpDto.InferenceCntDto saveInferenceResultData() { @@ -33,9 +37,6 @@ public class InferenceResultShpService { @Transactional public InferenceResultShpDto.FileCntDto createShpFile() { - // TODO 파일 경로는 정해지면 수정, properties 사용 - String baseDir = "/app/detect/result"; - // TODO 배치 실행으로 변경 필요 int batchSize = 100; int geomLimit = 500_000; diff --git a/src/main/java/com/kamco/cd/kamcoback/postgres/entity/MapSheetAnalDataInferenceGeomEntity.java b/src/main/java/com/kamco/cd/kamcoback/postgres/entity/MapSheetAnalDataInferenceGeomEntity.java index 7ce986d6..f41d8191 100644 --- a/src/main/java/com/kamco/cd/kamcoback/postgres/entity/MapSheetAnalDataInferenceGeomEntity.java +++ b/src/main/java/com/kamco/cd/kamcoback/postgres/entity/MapSheetAnalDataInferenceGeomEntity.java @@ -146,4 +146,10 @@ public class MapSheetAnalDataInferenceGeomEntity { @Column(name = "file_created_dttm") private ZonedDateTime fileCreatedDttm; + + @Column(name = "pass_yn") + private Boolean passYn; + + @Column(name = "pass_yn_dttm") + private ZonedDateTime passYnDttm; } diff --git a/src/main/resources/application-dev.yml b/src/main/resources/application-dev.yml index 6c7b17f0..4a00ed71 100644 --- a/src/main/resources/application-dev.yml +++ b/src/main/resources/application-dev.yml @@ -73,4 +73,6 @@ logging: mapsheet: upload: skipGdalValidation: true + shp: + baseurl: /app/detect/result diff --git a/src/main/resources/application-local.yml b/src/main/resources/application-local.yml index 0889d7ff..37250f1e 100644 --- a/src/main/resources/application-local.yml +++ b/src/main/resources/application-local.yml @@ -53,3 +53,9 @@ token: springdoc: swagger-ui: persist-authorization: true # 스웨거 새로고침해도 토큰 유지, 로컬스토리지에 저장 + +mapsheet: + upload: + skipGdalValidation: true + shp: + baseurl: /Users/bokmin/detect/result diff --git a/src/main/resources/application-prod.yml b/src/main/resources/application-prod.yml index e989c2b4..7c633ecd 100644 --- a/src/main/resources/application-prod.yml +++ b/src/main/resources/application-prod.yml @@ -30,5 +30,9 @@ token: refresh-cookie-name: kamco # 개발용 쿠키 이름 refresh-cookie-secure: true # 로컬 http 테스트면 false - +mapsheet: + upload: + skipGdalValidation: true + shp: + baseurl: /app/detect/result