edit: 승인된 예약 조회 권한 로직 개선

- @RequiredAuthority의 authority를 배열로 변경
- 권한 검증 로직 수정:
  - authority 배열에 포함된 권한 중 하나라도 있으면 유효
  - 모든 권한이 없으면 유효하지 않음

- 테스트 코드 추가

dplanner/src/main/java/com/dp/dplanner/service/ReservationService.java

@@ -366,7 +366,7 @@ public ReservationDto.SliceResponse findAllReservationsRejected(Long managerId,
         return new ReservationDto.SliceResponse(ReservationDto.Response.ofList(reservations.getContent()), pageableAmin, reservations.hasNext());
     }
 
-    @RequiredAuthority(authority = RETURN_MSG_READ)
+    @RequiredAuthority(authority = {RETURN_MSG_READ,SCHEDULE_ALL})
     @Transactional(readOnly = true)
     public ReservationDto.SliceResponse findAllReservationsConfirmed(Long managerId, ReservationDto.Request requestDto, String status, Pageable pageable) {
         Pageable pageableAmin = PageRequest.of(pageable.getPageNumber(),100, Sort.by(Sort.Direction.DESC, "period.startDateTime"));

dplanner/src/main/java/com/dp/dplanner/service/aop/annotation/RequiredAuthority.java

@@ -18,7 +18,7 @@
 
     ClubRole role() default ClubRole.NONE;
 
-    ClubAuthorityType authority() default ClubAuthorityType.NONE;
+    ClubAuthorityType[] authority() default ClubAuthorityType.NONE;
 
 
 }

dplanner/src/main/java/com/dp/dplanner/service/aop/aspect/RequiredAuthorityAspect.java

@@ -12,6 +12,9 @@
 import org.aspectj.lang.annotation.Before;
 import org.springframework.stereotype.Component;
 
+import java.util.Arrays;
+import java.util.Optional;
+
 import static com.dp.dplanner.domain.club.ClubRole.ADMIN;
 import static com.dp.dplanner.exception.ErrorResult.*;
 
@@ -27,8 +30,10 @@ public class RequiredAuthorityAspect {
             "&& @annotation(requiredAuthority) " +
             "&& args(clubMemberId, ..)")
     public void checkAuthority(Long clubMemberId, RequiredAuthority requiredAuthority) throws Throwable {
-        if(!requiredAuthority.authority().equals(ClubAuthorityType.NONE) ){
-            if (!hasAuthority(clubMemberId, requiredAuthority.authority())) {
+        if (!requiredAuthority.authority().equals(ClubAuthorityType.NONE)) {
+            boolean hasRequiredAuthority = Arrays.stream(requiredAuthority.authority())
+                    .anyMatch(authorityType -> hasAuthority(clubMemberId, authorityType));
+            if (!hasRequiredAuthority) {
                 throw new ServiceException(AUTHORIZATION_DENIED);
             }
         } else if (!requiredAuthority.role().equals(ClubRole.NONE)) {

dplanner/src/test/java/com/dp/dplanner/integration/RequiredAuthorityAspectTests.java

@@ -9,13 +9,17 @@
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.DisplayName;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.Arguments;
+import org.junit.jupiter.params.provider.MethodSource;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.context.annotation.Import;
 import org.springframework.stereotype.Component;
 import org.springframework.transaction.annotation.Transactional;
 
 import java.util.List;
+import java.util.stream.Stream;
 
 import static org.assertj.core.api.Assertions.*;
 import static org.junit.jupiter.api.Assertions.*;
@@ -172,6 +176,52 @@ public void requestRoleByManagerUser() throws Exception
                 .isInstanceOf(ServiceException.class);
     }
 
+    @ParameterizedTest
+    @MethodSource("provideAuthorityTestCases")
+    @DisplayName("권한에 따른 매니저 요청 테스트")
+    void testManagerRequestWithDifferentAuthorities(List<ClubAuthorityType> authorities, boolean shouldThrowException) {
+        // given
+        ClubAuthority clubAuthority = createClubAuthority(club, "name", "description", authorities);
+        ClubMember manager = ClubMember.builder().club(club).member(member).build();
+        manager.changeRole(ClubRole.MANAGER);
+        manager.updateClubAuthority(clubAuthority);
+
+        entityManager.persist(clubAuthority);
+        entityManager.persist(manager);
+
+        // when & then
+        if (shouldThrowException) {
+            assertThatThrownBy(() -> targetClass.targetMethod2(manager.getId()))
+                    .isInstanceOf(ServiceException.class);
+        } else {
+            assertDoesNotThrow(() -> targetClass.targetMethod2(manager.getId()));
+        }
+    }
+
+    private static Stream<Arguments> provideAuthorityTestCases() {
+        return Stream.of(
+                Arguments.of(List.of(ClubAuthorityType.MEMBER_ALL), false),
+                Arguments.of(List.of(ClubAuthorityType.SCHEDULE_ALL), false),
+                Arguments.of(List.of(ClubAuthorityType.MEMBER_ALL, ClubAuthorityType.SCHEDULE_ALL), false),
+                Arguments.of(List.of(ClubAuthorityType.RESOURCE_ALL), true)
+        );
+    }
+
+    @Test
+    @DisplayName("일반 회원이 요청하면 ServiceException")
+    public void requestByUserThenException2() throws Exception {
+        //given
+        ClubMember clubMember = ClubMember.builder().club(club).member(member).build();
+        entityManager.persist(clubMember);
+
+        assert clubMember.getRole().equals(ClubRole.USER);
+
+        //when
+        //then
+        assertThatThrownBy(() -> targetClass.targetMethod2(clubMember.getId()))
+                .isInstanceOf(ServiceException.class);
+    }
+
     private static ClubAuthority createClubAuthority(Club club, String name, String description, List<ClubAuthorityType> clubAuthorityTypes) {
 
         return ClubAuthority.builder()
@@ -193,6 +243,11 @@ class TestAopTargetClass {
     public void targetMethod(Long clubMemberId) throws IllegalStateException {
 
     }
+
+    @RequiredAuthority(authority = {ClubAuthorityType.MEMBER_ALL,ClubAuthorityType.SCHEDULE_ALL})
+    public void targetMethod2(Long clubMemberId) throws IllegalStateException {
+
+    }
 }