Revize ee8749f9
Přidáno uživatelem Jakub Šmíd před asi 2 roky(ů)
| backend/src/main/java/cz/zcu/kiv/backendapi/security/SecurityConfig.java | ||
|---|---|---|
| 85 | 85 |
.authorizeRequests() |
| 86 | 86 |
.antMatchers(HttpMethod.GET, PERMITTED_ENDPOINTS.keySet().stream().filter(k -> PERMITTED_ENDPOINTS.get(k).equals(HttpMethod.GET)).toArray(String[]::new)).permitAll() |
| 87 | 87 |
.antMatchers(HttpMethod.POST, "/login").permitAll() |
| 88 |
.antMatchers("/external-catalog-items").hasRole(Role.ADMIN.name())
|
|
| 88 |
.antMatchers(HttpMethod.POST, "/external-catalog-items").hasRole(Role.ADMIN.name())
|
|
| 89 | 89 |
.antMatchers(HttpMethod.PATCH, "/users/*/permissions", "/users/*/password").hasRole(Role.ADMIN.name()) |
| 90 | 90 |
.antMatchers(HttpMethod.DELETE, "/users/**").hasRole(Role.ADMIN.name()) |
| 91 | 91 |
.antMatchers(HttpMethod.GET, "/users").hasRole(Role.ADMIN.name()) |
| 92 |
.antMatchers(HttpMethod.GET, "/path").hasAuthority(Permission.READ.name()) |
|
| 92 |
.antMatchers(HttpMethod.GET, "/path", "/external-catalog-items").hasAuthority(Permission.READ.name())
|
|
| 93 | 93 |
.antMatchers(HttpMethod.POST, "/catalog-items").hasAuthority(Permission.WRITE.name()) |
| 94 | 94 |
.antMatchers(HttpMethod.PUT, "/catalog-items/*").hasAuthority(Permission.WRITE.name()) |
| 95 | 95 |
.antMatchers(HttpMethod.DELETE, "/catalog-items/*").hasAuthority(Permission.DELETE.name()) |
Také k dispozici: Unified diff
Rights fixed (for external catalog, others are OK)
re #9744