Revize 7bf2464a
Přidáno uživatelem Jakub Šmíd před asi 2 roky(ů)
| backend/src/main/java/cz/zcu/kiv/backendapi/security/SecurityConfig.java | ||
|---|---|---|
| 62 | 62 |
PERMITTED_ENDPOINTS.put("/v3/api-docs/swagger-config", HttpMethod.GET);
|
| 63 | 63 |
PERMITTED_ENDPOINTS.put("/catalog-items", HttpMethod.GET);
|
| 64 | 64 |
PERMITTED_ENDPOINTS.put("/catalog-items/**", HttpMethod.GET);
|
| 65 |
PERMITTED_ENDPOINTS.put("/external-catalog-items", HttpMethod.POST); //TODO delete
|
|
| 65 |
PERMITTED_ENDPOINTS.put("/title-page", HttpMethod.GET);
|
|
| 66 | 66 |
} |
| 67 | 67 |
|
| 68 | 68 |
/** |
| ... | ... | |
| 84 | 84 |
.authorizeRequests() |
| 85 | 85 |
.antMatchers(HttpMethod.GET, PERMITTED_ENDPOINTS.keySet().stream().filter(k -> PERMITTED_ENDPOINTS.get(k).equals(HttpMethod.GET)).toArray(String[]::new)).permitAll() |
| 86 | 86 |
.antMatchers(HttpMethod.POST, "/login").permitAll() |
| 87 |
.antMatchers(HttpMethod.POST, "/external-catalog-items").permitAll() //TODO delete
|
|
| 87 |
.antMatchers("/external-catalog-items").hasRole(Role.ADMIN.name())
|
|
| 88 | 88 |
.antMatchers(HttpMethod.PATCH, "/users/*/permissions", "/users/*/password").hasRole(Role.ADMIN.name()) |
| 89 | 89 |
.antMatchers(HttpMethod.DELETE, "/users/**").hasRole(Role.ADMIN.name()) |
| 90 | 90 |
.antMatchers(HttpMethod.GET, "/users").hasRole(Role.ADMIN.name()) |
Také k dispozici: Unified diff
Added controller and some tests for external catalog
re #9624