Revize e21b7441
Přidáno uživatelem Jakub Šmíd před asi 2 roky(ů)
backend/src/main/java/cz/zcu/kiv/backendapi/security/SecurityConfig.java | ||
---|---|---|
62 | 62 |
PERMITTED_ENDPOINTS.put("/v3/api-docs/swagger-config", HttpMethod.GET); |
63 | 63 |
PERMITTED_ENDPOINTS.put("/catalog-items", HttpMethod.GET); |
64 | 64 |
PERMITTED_ENDPOINTS.put("/catalog-items/**", HttpMethod.GET); |
65 |
PERMITTED_ENDPOINTS.put("/external-catalog-items", HttpMethod.POST); //TODO delete |
|
65 | 66 |
} |
66 | 67 |
|
67 | 68 |
/** |
... | ... | |
83 | 84 |
.authorizeRequests() |
84 | 85 |
.antMatchers(HttpMethod.GET, PERMITTED_ENDPOINTS.keySet().stream().filter(k -> PERMITTED_ENDPOINTS.get(k).equals(HttpMethod.GET)).toArray(String[]::new)).permitAll() |
85 | 86 |
.antMatchers(HttpMethod.POST, "/login").permitAll() |
87 |
.antMatchers(HttpMethod.POST, "/external-catalog-items").permitAll() //TODO delete |
|
86 | 88 |
.antMatchers(HttpMethod.PATCH, "/users/*/permissions", "/users/*/password").hasRole(Role.ADMIN.name()) |
87 | 89 |
.antMatchers(HttpMethod.DELETE, "/users/**").hasRole(Role.ADMIN.name()) |
88 | 90 |
.antMatchers(HttpMethod.GET, "/users").hasRole(Role.ADMIN.name()) |
Také k dispozici: Unified diff
Added loading of external catalog items
re #9624