Skip to content

Commit

Permalink
Added @PreAuthorize to all relevant endpoints
Browse files Browse the repository at this point in the history
  • Loading branch information
@nklimovych
nklimovych committed May 15, 2024
1 parent 00635f0 commit 0d14de8
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 0 deletions.
3 changes: 3 additions & 0 deletions src/main/java/mate/academy/bookstore/controller/BookController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,13 +29,15 @@
public class BookController {
private final BookService bookService;

@PreAuthorize("hasAnyRole('USER', 'ADMIN')")
@GetMapping
@ResponseStatus(HttpStatus.OK)
@Operation(summary = "Get all books", description = "Get a list of all available books")
public List<BookDto> getAll(Pageable pageable) {
return bookService.findAll(pageable);
}

@PreAuthorize("hasAnyRole('USER', 'ADMIN')")
@GetMapping("/{id}")
@ResponseStatus(HttpStatus.OK)
@Operation(summary = "Get a book by ID", description = "Get a book by ID, if there is one")
Expand Down Expand Up @@ -68,6 +70,7 @@ public void deleteBook(@PathVariable Long id) {
bookService.delete(id);
}

@PreAuthorize("hasAnyRole('USER', 'ADMIN')")
@GetMapping("/search")
@ResponseStatus(HttpStatus.OK)
@Operation(summary = "Get a list of books by search parameters",
Expand Down
3 changes: 3 additions & 0 deletions src/main/java/mate/academy/bookstore/controller/CategoryController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,12 +35,14 @@ public CategoryDto createCategory(@RequestBody @Valid CategoryDto categoryDto) {
return categoryService.save(categoryDto);
}

@PreAuthorize("hasAnyRole('USER', 'ADMIN')")
@GetMapping
@Operation(summary = "Get all categories", description = "Get a list of existing categories")
public List<CategoryDto> getAll(Pageable pageable) {
return categoryService.findAll(pageable);
}

@PreAuthorize("hasAnyRole('USER', 'ADMIN')")
@GetMapping("/{id}")
@Operation(summary = "Get category by ID", description = "Get category by ID, if there is one")
public CategoryDto getCategoryById(@PathVariable Long id) {
Expand All @@ -62,6 +64,7 @@ public void deleteCategory(@PathVariable Long id) {
categoryService.delete(id);
}

@PreAuthorize("hasAnyRole('USER', 'ADMIN')")
@GetMapping("/{id}/books")
@Operation(summary = "Get books by category ID",
description = "Get a list of books by category ID")
Expand Down

0 comments on commit 0d14de8

Please sign in to comment.