From f718bfdb82537674029e1507b47b2b2ea713872e Mon Sep 17 00:00:00 2001 From: JM Kim <106949557+CSE-Shaco@users.noreply.github.com> Date: Thu, 12 Mar 2026 15:56:57 +0900 Subject: [PATCH] feat: allow leads to access core application admin APIs --- .../controller/RecruitCoreAdminController.java | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/src/main/java/inha/gdgoc/domain/admin/recruit/core/controller/RecruitCoreAdminController.java b/src/main/java/inha/gdgoc/domain/admin/recruit/core/controller/RecruitCoreAdminController.java index b1e4657..9ece5c9 100644 --- a/src/main/java/inha/gdgoc/domain/admin/recruit/core/controller/RecruitCoreAdminController.java +++ b/src/main/java/inha/gdgoc/domain/admin/recruit/core/controller/RecruitCoreAdminController.java @@ -32,17 +32,14 @@ @RequiredArgsConstructor public class RecruitCoreAdminController { - private static final String ORGANIZER_OR_HR_LEAD_RULE = + private static final String LEAD_OR_HIGHER_RULE = "@accessGuard.check(authentication," + " T(inha.gdgoc.global.security.AccessGuard$AccessCondition).atLeast(" - + "T(inha.gdgoc.domain.user.enums.UserRole).ORGANIZER)," - + " T(inha.gdgoc.global.security.AccessGuard$AccessCondition).of(" - + "T(inha.gdgoc.domain.user.enums.UserRole).LEAD," - + " T(inha.gdgoc.domain.user.enums.TeamType).HR))"; + + "T(inha.gdgoc.domain.user.enums.UserRole).LEAD))"; private final RecruitCoreAdminService adminService; - @PreAuthorize("hasAnyRole('ADMIN','ORGANIZER')") + @PreAuthorize(LEAD_OR_HIGHER_RULE) @GetMapping public RecruitCoreApplicationPageResponse list( @RequestParam String session, @@ -66,13 +63,13 @@ public RecruitCoreApplicationPageResponse list( ); } - @PreAuthorize(ORGANIZER_OR_HR_LEAD_RULE) + @PreAuthorize(LEAD_OR_HIGHER_RULE) @GetMapping("/{applicationId}") public ResponseEntity detail(@PathVariable Long applicationId) { return ResponseEntity.ok(adminService.getApplicationDetail(applicationId)); } - @PreAuthorize(ORGANIZER_OR_HR_LEAD_RULE) + @PreAuthorize(LEAD_OR_HIGHER_RULE) @PostMapping("/{applicationId}/accept") public ResponseEntity accept( @AuthenticationPrincipal CustomUserDetails reviewer, @@ -84,7 +81,7 @@ public ResponseEntity accept( return ResponseEntity.ok(response); } - @PreAuthorize(ORGANIZER_OR_HR_LEAD_RULE) + @PreAuthorize(LEAD_OR_HIGHER_RULE) @PostMapping("/{applicationId}/reject") public ResponseEntity reject( @AuthenticationPrincipal CustomUserDetails reviewer,