Revize 16b96e8f
Přidáno uživatelem Jakub Šmíd před asi 2 roky(ů)
backend/src/main/java/cz/zcu/kiv/backendapi/security/SecurityConfig.java | ||
---|---|---|
85 | 85 |
.authorizeRequests() |
86 | 86 |
.antMatchers(HttpMethod.GET, PERMITTED_ENDPOINTS.keySet().stream().filter(k -> PERMITTED_ENDPOINTS.get(k).equals(HttpMethod.GET)).toArray(String[]::new)).permitAll() |
87 | 87 |
.antMatchers(HttpMethod.POST, "/login").permitAll() |
88 |
.antMatchers("/external-catalog-items").hasRole(Role.ADMIN.name()) |
|
88 |
.antMatchers(HttpMethod.POST, "/external-catalog-items").hasRole(Role.ADMIN.name())
|
|
89 | 89 |
.antMatchers(HttpMethod.PATCH, "/users/*/permissions", "/users/*/password").hasRole(Role.ADMIN.name()) |
90 | 90 |
.antMatchers(HttpMethod.DELETE, "/users/**").hasRole(Role.ADMIN.name()) |
91 | 91 |
.antMatchers(HttpMethod.GET, "/users").hasRole(Role.ADMIN.name()) |
92 |
.antMatchers(HttpMethod.GET, "/path").hasAuthority(Permission.READ.name()) |
|
92 |
.antMatchers(HttpMethod.GET, "/path", "/external-catalog-items").hasAuthority(Permission.READ.name())
|
|
93 | 93 |
.antMatchers(HttpMethod.POST, "/catalog-items").hasAuthority(Permission.WRITE.name()) |
94 | 94 |
.antMatchers(HttpMethod.PUT, "/catalog-items/*").hasAuthority(Permission.WRITE.name()) |
95 | 95 |
.antMatchers(HttpMethod.DELETE, "/catalog-items/*").hasAuthority(Permission.DELETE.name()) |
Také k dispozici: Unified diff
Rights fixed (for external catalog, others are OK)
re #9744