[#7] FEAT: (common)본인 프로필 조회 API, (admin/agency)유저 프로필 조회 API 개발

[Hwan0518]

Issue ✨

• [Feature] User 도메인 기능개발 #7
• [Chore] Init #1

변경점 👍

• (common)본인 프로필 조회 API, (admin/agency)유저 프로필 조회 API 개발
• 기타 유저 기능 명세 생성
• gitignore 업데이트 (mcp 관련)

[Copilot]

Pull request overview

This PR implements user profile viewing functionality with role-based authorization, allowing users to view their own profiles and admin/agency users to view other users' profiles. It also adds specification stubs for future user management features and validation endpoints for partner registration.

• Adds authorization validation logic to the Users domain model to enforce access control rules (admin can view all, agency can view non-admin users, regular users/partners can only view themselves)
• Implements two new service methods: getUserByLoginId for login-based lookup and getUserByUuid for UUID-based lookup with authorization checks
• Creates profile viewing endpoints: a common endpoint for self-profile viewing and an admin/agency endpoint for viewing other users' profiles

Reviewed changes

Copilot reviewed 10 out of 11 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
Users.java	Adds new authorization validation method validateUserSearchAuthorizationOfRequestor to verify if a requestor can view a target user; renames existing method for clarity
GetUserDataService.java	Implements getUserByLoginId and getUserByUuid service methods with authorization checks
GetUserByUuidInDto.java	New DTO for UUID-based user lookup requests containing requestor and target information
GetUserByLoginIdInDto.java	New DTO for login-ID-based user lookup requests containing requestor information
UserProfileResponse.java	New response DTO containing user profile fields (name, phone, login ID, address, partner options)
GetUserDataController.java	Adds two endpoints: /profile/my for self-profile viewing and /profile/{userUuid} for admin/agency to view other users
UserTermsController.java	New controller stub with detailed specifications for future terms and consent management features
UserManagementController.java	New controller stub with detailed specifications for future profile management, password operations, and account deletion
PartnerAuthController.java	Adds validation endpoints for checking login ID and phone number duplicates during partner registration
BaseResponseStatus.java	Updates error message to be more generic (removes "타입의" to make it applicable to individual user searches)
.gitignore	Adds patterns for mcp and claude-related files

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review for a chance to win a $100 gift card. Take the survey.

[Copilot]

The authorization logic has a potential issue. For AGENCY requestors viewing non-ADMIN targets, the method currently allows the request to proceed without any further validation. However, based on the comment on line 136, agencies should only be able to view themselves and USER/PARTNER types. The current implementation doesn't verify that an AGENCY is viewing their own profile or a USER/PARTNER when the target is also AGENCY. This could allow one agency to view another agency's profile. Consider adding validation to ensure AGENCY can only view their own profile when the target type is AGENCY.