update

2025-04-24 11:23:19 +09:00
parent 681db7047c
commit 81d09b7a5b
3 changed files with 32 additions and 7 deletions
--- a/blog/views.py
+++ b/blog/views.py
@ -1,25 +1,48 @@
 # blog/views.py

 from rest_framework import generics, permissions
+from rest_framework.exceptions import PermissionDenied
 from .models import Post
 from .serializers import PostSerializer
-from .utils import verify_token_with_auth_server  # ✅ 추가
-
+from .utils import verify_token_with_auth_server

 class PostListView(generics.ListAPIView):
    queryset = Post.objects.all().order_by('-created_at')
    serializer_class = PostSerializer
-    # permission_classes = [permissions.IsAuthenticated]
    permission_classes = [permissions.AllowAny]
-    
+
 class PostListCreateView(generics.ListCreateAPIView):
    queryset = Post.objects.all().order_by('-created_at')
    serializer_class = PostSerializer
    permission_classes = [permissions.IsAuthenticated]

    def perform_create(self, serializer):
-        # ✅ 토큰 추출 및 유효성 2차 검증
+        token = self.request.headers.get("Authorization", "").replace("Bearer ", "")
+        verify_token_with_auth_server(token)
+        serializer.save(author_name=self.request.user.username)
+
+# ✅ 조회, 수정, 삭제 전부 처리
+class PostDetailView(generics.RetrieveUpdateDestroyAPIView):
+    queryset = Post.objects.all()
+    serializer_class = PostSerializer
+
+    def get_permissions(self):
+        if self.request.method in ["PUT", "PATCH", "DELETE"]:
+            return [permissions.IsAuthenticated()]
+        return [permissions.AllowAny()]
+
+    def perform_update(self, serializer):
        token = self.request.headers.get("Authorization", "").replace("Bearer ", "")
        verify_token_with_auth_server(token)

-        serializer.save(author_name=self.request.user.username)
+        if serializer.instance.author_name != self.request.user.username:
+            raise PermissionDenied("작성자만 수정할 수 있습니다.")
+        serializer.save()
+
+    def perform_destroy(self, instance):
+        token = self.request.headers.get("Authorization", "").replace("Bearer ", "")
+        verify_token_with_auth_server(token)
+
+        if instance.author_name != self.request.user.username:
+            raise PermissionDenied("작성자만 삭제할 수 있습니다.")
+        instance.delete()