feat: 権限チェック等を追加

hideout-mastodon/src/main/kotlin/dev/usbharu/hideout/mastodon/application/accounts/GetAccountApplicationService.kt

@@ -16,9 +16,9 @@
 
 package dev.usbharu.hideout.mastodon.application.accounts
 
-import dev.usbharu.hideout.core.application.shared.AbstractApplicationService
+import dev.usbharu.hideout.core.application.shared.LocalUserAbstractApplicationService
 import dev.usbharu.hideout.core.application.shared.Transaction
-import dev.usbharu.hideout.core.domain.model.support.principal.Principal
+import dev.usbharu.hideout.core.domain.model.support.principal.FromApi
 import dev.usbharu.hideout.mastodon.interfaces.api.generated.model.Account
 import dev.usbharu.hideout.mastodon.query.AccountQueryService
 import org.slf4j.LoggerFactory
@@ -26,11 +26,11 @@ import org.springframework.stereotype.Service
 
 @Service
 class GetAccountApplicationService(private val accountQueryService: AccountQueryService, transaction: Transaction) :
-    AbstractApplicationService<GetAccount, Account>(
+    LocalUserAbstractApplicationService<GetAccount, Account>(
         transaction,
         logger
     ) {
-    override suspend fun internalExecute(command: GetAccount, principal: Principal): Account {
+    override suspend fun internalExecute(command: GetAccount, principal: FromApi): Account {
         return accountQueryService.findById(command.accountId.toLong()) ?: throw Exception("Account not found")
     }
 

hideout-mastodon/src/main/kotlin/dev/usbharu/hideout/mastodon/application/filter/DeleteFilterV1ApplicationService.kt

@@ -16,26 +16,30 @@
 
 package dev.usbharu.hideout.mastodon.application.filter
 
-import dev.usbharu.hideout.core.application.shared.AbstractApplicationService
+import dev.usbharu.hideout.core.application.exception.PermissionDeniedException
+import dev.usbharu.hideout.core.application.shared.LocalUserAbstractApplicationService
 import dev.usbharu.hideout.core.application.shared.Transaction
 import dev.usbharu.hideout.core.domain.model.filter.FilterKeywordId
 import dev.usbharu.hideout.core.domain.model.filter.FilterRepository
-import dev.usbharu.hideout.core.domain.model.support.principal.Principal
+import dev.usbharu.hideout.core.domain.model.support.principal.FromApi
 import org.slf4j.LoggerFactory
 import org.springframework.stereotype.Service
 
 @Service
 class DeleteFilterV1ApplicationService(private val filterRepository: FilterRepository, transaction: Transaction) :
-    AbstractApplicationService<DeleteFilterV1, Unit>(
+    LocalUserAbstractApplicationService<DeleteFilterV1, Unit>(
         transaction, logger
     ) {
+    override suspend fun internalExecute(command: DeleteFilterV1, principal: FromApi) {
+        val filter = filterRepository.findByFilterKeywordId(FilterKeywordId(command.filterKeywordId))
+            ?: throw IllegalArgumentException("Filter ${command.filterKeywordId} not found")
+        if (principal.userDetailId != filter.userDetailId) {
+            throw PermissionDeniedException()
+        }
+        filterRepository.delete(filter)
+    }
+
     companion object {
         private val logger = LoggerFactory.getLogger(DeleteFilterV1ApplicationService::class.java)
     }
-
-    override suspend fun internalExecute(command: DeleteFilterV1, principal: Principal) {
-        val filter = filterRepository.findByFilterKeywordId(FilterKeywordId(command.filterKeywordId))
-            ?: throw Exception("Not Found")
-        filterRepository.delete(filter)
-    }
 }

hideout-mastodon/src/main/kotlin/dev/usbharu/hideout/mastodon/application/filter/GetFilterV1ApplicationService.kt

@@ -16,6 +16,7 @@
 
 package dev.usbharu.hideout.mastodon.application.filter
 
+import dev.usbharu.hideout.core.application.exception.PermissionDeniedException
 import dev.usbharu.hideout.core.application.shared.AbstractApplicationService
 import dev.usbharu.hideout.core.application.shared.Transaction
 import dev.usbharu.hideout.core.domain.model.filter.FilterContext.*
@@ -34,7 +35,11 @@ class GetFilterV1ApplicationService(private val filterRepository: FilterReposito
     ) {
     override suspend fun internalExecute(command: GetFilterV1, principal: Principal): V1Filter {
         val filter = filterRepository.findByFilterKeywordId(FilterKeywordId(command.filterKeywordId))
-            ?: throw Exception("Not Found")
+            ?: throw IllegalArgumentException("Filter ${command.filterKeywordId} not found")
+
+        if (filter.userDetailId != principal.userDetailId) {
+            throw PermissionDeniedException()
+        }
 
         val filterKeyword = filter.filterKeywords.find { it.id.id == command.filterKeywordId }
         return V1Filter(

hideout-mastodon/src/main/kotlin/dev/usbharu/hideout/mastodon/application/status/GetStatusApplicationService.kt

@@ -16,9 +16,9 @@
 
 package dev.usbharu.hideout.mastodon.application.status
 
-import dev.usbharu.hideout.core.application.shared.AbstractApplicationService
+import dev.usbharu.hideout.core.application.shared.LocalUserAbstractApplicationService
 import dev.usbharu.hideout.core.application.shared.Transaction
-import dev.usbharu.hideout.core.domain.model.support.principal.Principal
+import dev.usbharu.hideout.core.domain.model.support.principal.FromApi
 import dev.usbharu.hideout.mastodon.interfaces.api.generated.model.Status
 import dev.usbharu.hideout.mastodon.query.StatusQueryService
 import org.slf4j.LoggerFactory
@@ -28,7 +28,7 @@ import org.springframework.stereotype.Service
 class GetStatusApplicationService(
     private val statusQueryService: StatusQueryService,
     transaction: Transaction,
-) : AbstractApplicationService<GetStatus, Status>(
+) : LocalUserAbstractApplicationService<GetStatus, Status>(
     transaction,
     logger
 ) {
@@ -36,7 +36,9 @@ class GetStatusApplicationService(
         val logger = LoggerFactory.getLogger(GetStatusApplicationService::class.java)!!
     }
 
-    override suspend fun internalExecute(command: GetStatus, principal: Principal): Status {
+    override suspend fun internalExecute(command: GetStatus, principal: FromApi): Status {
-        return statusQueryService.findByPostId(command.id.toLong()) ?: throw Exception("Not fount")
+        return statusQueryService.findByPostId(command.id.toLong())
+            ?: throw IllegalArgumentException("Post ${command.id} not found.")
+
     }
 }

hideout-mastodon/src/main/kotlin/dev/usbharu/hideout/mastodon/infrastructure/exposedquery/ExposedStatusQueryService.kt

@@ -19,6 +19,7 @@ package dev.usbharu.hideout.mastodon.infrastructure.exposedquery
 import dev.usbharu.hideout.core.domain.model.emoji.CustomEmoji
 import dev.usbharu.hideout.core.domain.model.media.*
 import dev.usbharu.hideout.core.domain.model.post.Visibility
+import dev.usbharu.hideout.core.domain.model.support.principal.Principal
 import dev.usbharu.hideout.core.infrastructure.exposedrepository.*
 import dev.usbharu.hideout.mastodon.interfaces.api.generated.model.Account
 import dev.usbharu.hideout.mastodon.interfaces.api.generated.model.MediaAttachment
@@ -117,7 +118,7 @@ class StatusQueryServiceImpl : StatusQueryService {
         return statuses
     }
 
-    override suspend fun findByPostId(id: Long): Status? {
+    override suspend fun findByPostId(id: Long, principal: Principal?): Status? {
         val map = Posts
             .leftJoin(PostsMedia)
             .leftJoin(Actors)

hideout-mastodon/src/main/kotlin/dev/usbharu/hideout/mastodon/query/StatusQueryService.kt

@@ -16,6 +16,7 @@
 
 package dev.usbharu.hideout.mastodon.query
 
+import dev.usbharu.hideout.core.domain.model.support.principal.Principal
 import dev.usbharu.hideout.mastodon.interfaces.api.generated.model.Status
 
 interface StatusQueryService {
@@ -33,7 +34,7 @@ interface StatusQueryService {
         includeFollowers: Boolean = false,
     ): List<Status>
 
-    suspend fun findByPostId(id: Long): Status?
+    suspend fun findByPostId(id: Long, principal: Principal? = null): Status?
 }
 
 data class StatusQuery(