LearningTDD · gyuwon · Mar 5, 2025
diff --git a/README.md b/README.md
@@ -334,7 +334,7 @@
 - [x] 올바르게 요청하면 200 OK 상태코드를 반환한다
 - [x] 판매자가 아닌 사용자의 접근 토큰을 사용하면 403 Forbidden 상태코드를 반환한다
 - [x] 존재하지 않는 상품 식별자를 사용하면 404 Not Found 상태코드를 반환한다
-- [ ] 다른 판매자가 등록한 상품 식별자를 사용하면 404 Not Found 상태코드를 반환한다
+- [x] 다른 판매자가 등록한 상품 식별자를 사용하면 404 Not Found 상태코드를 반환한다
 - [ ] 상품 식별자를 올바르게 반환한다
 - [ ] 상품 정보를 올바르게 반환한다
 - [ ] 상품 등록 시각을 올바르게 반환한다
diff --git a/src/main/java/commerce/Product.java b/src/main/java/commerce/Product.java
@@ -21,4 +21,6 @@ public class Product {
 
     @Column(unique = true)
     private UUID id;
+
+    private UUID sellerId;
 }
diff --git a/src/main/java/commerce/api/controller/SellerProductsController.java b/src/main/java/commerce/api/controller/SellerProductsController.java
@@ -1,6 +1,7 @@
 package commerce.api.controller;
 
 import java.net.URI;
+import java.security.Principal;
 import java.util.UUID;
 
 import commerce.Product;
@@ -18,7 +19,8 @@ public record SellerProductsController(ProductRepository repository) {
 
     @PostMapping("/seller/products")
     ResponseEntity<?> registerProduct(
-        @RequestBody RegisterProductCommand command
+        @RequestBody RegisterProductCommand command,
+        Principal user
     ) {
         if (isValidUri(command.imageUri()) == false) {
             return ResponseEntity.badRequest().build();
@@ -27,6 +29,7 @@ ResponseEntity<?> registerProduct(
         UUID id = UUID.randomUUID();
         var product = new Product();
         product.setId(id);
+        product.setSellerId(UUID.fromString(user.getName()));
         repository.save(product);
         URI location = URI.create("/seller/products/" + id);
         return ResponseEntity.created(location).build();
@@ -42,9 +45,11 @@ private boolean isValidUri(String value) {
     }
 
     @GetMapping("/seller/products/{id}")
-    ResponseEntity<?> findProduct(@PathVariable UUID id) {
+    ResponseEntity<?> findProduct(@PathVariable UUID id, Principal user) {
+        UUID sellerId = UUID.fromString(user.getName());
         return repository
             .findById(id)
+            .filter(product -> product.getSellerId().equals(sellerId))
             .map(product -> ResponseEntity.ok().build())
             .orElseGet(() -> ResponseEntity.notFound().build());
     }

diff --git a/src/test/java/test/commerce/api/seller/products/id/GET_specs.java b/src/test/java/test/commerce/api/seller/products/id/GET_specs.java
@@ -71,4 +71,24 @@ public class GET_specs {
         // Assert
         assertThat(response.getStatusCode().value()).isEqualTo(404);
     }
+
+    @Test
+    void 다른_판매자가_등록한_상품_식별자를_사용하면_404_Not_Found_상태코드를_반환한다(
+        @Autowired TestFixture fixture
+    ) {
+        // Arrange
+        fixture.createSellerThenSetAsDefaultUser();
+        UUID id = fixture.registerProduct();
+
+        fixture.createSellerThenSetAsDefaultUser();
+
+        // Act
+        ResponseEntity<?> response = fixture.client().getForEntity(
+            "/seller/products/" + id,
+            SellerProductView.class
+        );
+
+        // Assert
+        assertThat(response.getStatusCode().value()).isEqualTo(404);
+    }
 }