Revize 7bf2464a
Přidáno uživatelem Jakub Šmíd před asi 2 roky(ů)
backend/src/main/java/cz/zcu/kiv/backendapi/security/SecurityConfig.java | ||
---|---|---|
62 | 62 |
PERMITTED_ENDPOINTS.put("/v3/api-docs/swagger-config", HttpMethod.GET); |
63 | 63 |
PERMITTED_ENDPOINTS.put("/catalog-items", HttpMethod.GET); |
64 | 64 |
PERMITTED_ENDPOINTS.put("/catalog-items/**", HttpMethod.GET); |
65 |
PERMITTED_ENDPOINTS.put("/external-catalog-items", HttpMethod.POST); //TODO delete
|
|
65 |
PERMITTED_ENDPOINTS.put("/title-page", HttpMethod.GET);
|
|
66 | 66 |
} |
67 | 67 |
|
68 | 68 |
/** |
... | ... | |
84 | 84 |
.authorizeRequests() |
85 | 85 |
.antMatchers(HttpMethod.GET, PERMITTED_ENDPOINTS.keySet().stream().filter(k -> PERMITTED_ENDPOINTS.get(k).equals(HttpMethod.GET)).toArray(String[]::new)).permitAll() |
86 | 86 |
.antMatchers(HttpMethod.POST, "/login").permitAll() |
87 |
.antMatchers(HttpMethod.POST, "/external-catalog-items").permitAll() //TODO delete
|
|
87 |
.antMatchers("/external-catalog-items").hasRole(Role.ADMIN.name())
|
|
88 | 88 |
.antMatchers(HttpMethod.PATCH, "/users/*/permissions", "/users/*/password").hasRole(Role.ADMIN.name()) |
89 | 89 |
.antMatchers(HttpMethod.DELETE, "/users/**").hasRole(Role.ADMIN.name()) |
90 | 90 |
.antMatchers(HttpMethod.GET, "/users").hasRole(Role.ADMIN.name()) |
Také k dispozici: Unified diff
Added controller and some tests for external catalog
re #9624