fix(admin): 크리에이터 관리자 로그아웃 AGENT 권한을 허용한다

2026-05-08 16:50:42 +09:00
parent 85621cd107
commit 9278761c5b
3 changed files with 45 additions and 1 deletions
--- a/src/main/kotlin/kr/co/vividnext/sodalive/creator/admin/member/CreatorAdminMemberController.kt
+++ b/src/main/kotlin/kr/co/vividnext/sodalive/creator/admin/member/CreatorAdminMemberController.kt
@@ -19,7 +19,7 @@ class CreatorAdminMemberController(private val service: CreatorAdminMemberServic
    fun login(@RequestBody loginRequest: LoginRequest) = service.login(loginRequest)

    @PostMapping("/logout")
-    @PreAuthorize("hasRole('CREATOR')")
+    @PreAuthorize("hasAnyRole('CREATOR', 'AGENT')")
    fun logout(
        @RequestHeader("Authorization") token: String,
        @AuthenticationPrincipal(expression = "#this == 'anonymousUser' ? null : member") member: Member?
--- a/src/test/kotlin/kr/co/vividnext/sodalive/creator/admin/member/CreatorAdminMemberControllerTest.kt
+++ b/src/test/kotlin/kr/co/vividnext/sodalive/creator/admin/member/CreatorAdminMemberControllerTest.kt
@@ -0,0 +1,23 @@
+package kr.co.vividnext.sodalive.creator.admin.member
+
+import kr.co.vividnext.sodalive.member.Member
+import org.junit.jupiter.api.Assertions.assertEquals
+import org.junit.jupiter.api.DisplayName
+import org.junit.jupiter.api.Test
+import org.springframework.security.access.prepost.PreAuthorize
+
+class CreatorAdminMemberControllerTest {
+    @Test
+    @DisplayName("로그아웃은 크리에이터와 에이전트 권한을 허용한다")
+    fun shouldAllowCreatorAndAgentRolesForLogout() {
+        val logout = CreatorAdminMemberController::class.java.getDeclaredMethod(
+            "logout",
+            String::class.java,
+            Member::class.java
+        )
+
+        val preAuthorize = logout.getAnnotation(PreAuthorize::class.java)
+
+        assertEquals("hasAnyRole('CREATOR', 'AGENT')", preAuthorize.value)
+    }
+}