fix: 세션 소유자 검증 시 존재 여부와 권한을 분리하여 처리#59
Merged
Boyeon-Shin merged 1 commit intomainfrom Apr 24, 2026
Merged
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request refactors the session ownership validation logic by introducing a specific SESSION_NOT_FOUND error code and updating QuestionService to fetch the session entity directly. The reviewer suggested improving the validateSessionOwner method by adding @transactional(readOnly = true) for consistency and returning the InterviewSession object to allow callers to reuse the fetched data and avoid redundant database lookups.
Comment on lines
82
to
87
| public void validateSessionOwner(UUID sessionId, UUID memberId) { | ||
| if(!sessionRepository.existsByIdAndMemberId(sessionId, memberId)) { | ||
| InterviewSession session = sessionRepository.findById(sessionId) | ||
| .orElseThrow(() -> new BusinessException(ErrorCode.SESSION_NOT_FOUND)); | ||
| if (!session.getMemberId().equals(memberId)) { | ||
| throw new BusinessException(ErrorCode.FORBIDDEN); | ||
| } |
There was a problem hiding this comment.
해당 메서드는 데이터베이스 조회 작업을 수행하므로, 다른 조회 메서드들과의 일관성을 위해 @Transactional(readOnly = true) 어노테이션을 추가하는 것이 좋습니다. 또한, 검증된 세션 객체를 호출부에서 다시 사용할 가능성이 높으므로, void 대신 InterviewSession을 반환하도록 개선하면 중복 조회를 방지할 수 있습니다.
@Transactional(readOnly = true)
public InterviewSession validateSessionOwner(UUID sessionId, UUID memberId) {
InterviewSession session = sessionRepository.findById(sessionId)
.orElseThrow(() -> new BusinessException(ErrorCode.SESSION_NOT_FOUND));
if (!session.getMemberId().equals(memberId)) {
throw new BusinessException(ErrorCode.FORBIDDEN);
}
return session;
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
📌 관련 이슈 (Related Issue)
📝 작업 내용 (Description)
세션 소유자 검증 시 존재 여부와 권한을 분리
🔄 변경 유형 (Type of Change)
✅ 체크리스트 (Checklist)