From bde1289433092424ad5d14327edec2d78660979c Mon Sep 17 00:00:00 2001
From: silver <silver36c@gmail.com>
Date: Fri, 30 Jun 2023 16:47:03 +0900
Subject: [PATCH] =?UTF-8?q?[fix]=20=EC=8A=B9=EC=9D=B8=EB=90=9C=20=EC=9C=A0?=
 =?UTF-8?q?=EC=A0=80=EB=A7=8C=20=EB=A1=9C=EA=B7=B8=EC=9D=B8=20=ED=97=88?=
 =?UTF-8?q?=EC=9A=A9=20#188?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../java/kr/co/wingle/common/constants/ErrorCode.java     | 1 +
 .../java/kr/co/wingle/member/service/AuthService.java     | 8 ++++++++
 2 files changed, 9 insertions(+)

diff --git a/wingle/src/main/java/kr/co/wingle/common/constants/ErrorCode.java b/wingle/src/main/java/kr/co/wingle/common/constants/ErrorCode.java
index 716b228..8248d14 100644
--- a/wingle/src/main/java/kr/co/wingle/common/constants/ErrorCode.java
+++ b/wingle/src/main/java/kr/co/wingle/common/constants/ErrorCode.java
@@ -32,6 +32,7 @@ public enum ErrorCode {
 	ALREADY_DENY(BAD_REQUEST, "이미 가입 거절한 유저입니다."),
 	ALREADY_WITHDRAWN(BAD_REQUEST, "이미 탈퇴한 유저입니다."),
 	NOT_ACCEPTED(BAD_REQUEST, "승인되지 않은 유저입니다."),
+	DENYED_USER(BAD_REQUEST, "가입 거절된 유저입니다"),
 	// 메일
 	EMAIL_BAD_REQUEST(BAD_REQUEST, "이메일 형식이 유효하지 않습니다."),
 	EMAIL_SEND_FAIL(BAD_REQUEST, "이메일을 전송할 수 없습니다."),
diff --git a/wingle/src/main/java/kr/co/wingle/member/service/AuthService.java b/wingle/src/main/java/kr/co/wingle/member/service/AuthService.java
index da6c911..ee8af67 100644
--- a/wingle/src/main/java/kr/co/wingle/member/service/AuthService.java
+++ b/wingle/src/main/java/kr/co/wingle/member/service/AuthService.java
@@ -106,6 +106,14 @@ public LoginResponseDto login(LoginRequestDto loginRequestDto) {
 		Member member = memberRepository.findByEmail(email)
 			.orElseThrow(() -> new NotFoundException(ErrorCode.USER_NOT_FOUND));
 
+		// 승인된 유저만 허용
+		if (member.getPermission() == Permission.WAIT.getStatus()) {
+			throw new ForbiddenException(ErrorCode.NOT_ACCEPTED);
+		}
+		if (member.getPermission() == Permission.DENY.getStatus()) {
+			throw new ForbiddenException(ErrorCode.DENYED_USER);
+		}
+
 		UsernamePasswordAuthenticationToken authenticationToken = loginRequestDto.toAuthentication();
 		Authentication authentication = authenticationManagerBuilder.getObject().authenticate(authenticationToken);
 		TokenDto tokenDto = getRedisTokenKey(authentication);