diff --git a/api/agencyservice.yaml b/api/agencyservice.yaml index 12b718d8..2a32b221 100644 --- a/api/agencyservice.yaml +++ b/api/agencyservice.yaml @@ -75,12 +75,13 @@ paths: description: FORBIDDEN - no/invalid CSRF token 500: description: INTERNAL SERVER ERROR - server encountered unexpected condition - /agencies/private: + /agencies/by-tenant: get: tags: - agency-controller - summary: 'Returns a list of agencies from a specific tenant. If no agency is found No Content - is being returned. [Authorization: none]' + summary: 'Returns a list of agencies from a specific tenant (retrieved from the security context). + The security context is retrieved from the bearer token, so it is not passed as a request parameter. + If no agency is found No Content is being returned. [Authorization: none]' operationId: getTenantAgencies parameters: - name: postcode diff --git a/src/main/java/de/caritas/cob/agencyservice/api/authorization/Authority.java b/src/main/java/de/caritas/cob/agencyservice/api/authorization/Authority.java index fb11c718..b349d1b7 100644 --- a/src/main/java/de/caritas/cob/agencyservice/api/authorization/Authority.java +++ b/src/main/java/de/caritas/cob/agencyservice/api/authorization/Authority.java @@ -17,7 +17,9 @@ public enum Authority { TENANT_ADMIN("tenant-admin", AuthorityValue.TENANT_ADMIN), RESTRICTED_AGENCY_ADMIN("restricted-agency-admin", AuthorityValue.RESTRICTED_AGENCY_ADMIN, AuthorityValue.SEARCH_AGENCIES), - RESTRICTED_CONSULTANT_ADMIN("restricted-consultant-admin", AuthorityValue.SEARCH_AGENCIES); + RESTRICTED_CONSULTANT_ADMIN("restricted-consultant-admin", AuthorityValue.SEARCH_AGENCIES), + + ADVICE_SEEKER("user", AuthorityValue.SEARCH_AGENCIES_WITHIN_TENANT); private final String roleName; private final List authorities; @@ -55,6 +57,7 @@ private AuthorityValue() {} public static final String SEARCH_AGENCIES = PREFIX + "SEARCH_AGENCIES"; public static final String TENANT_ADMIN = PREFIX + "TENANT_ADMIN"; public static final String RESTRICTED_AGENCY_ADMIN = PREFIX + "RESTRICTED_AGENCY_ADMIN"; + public static final String SEARCH_AGENCIES_WITHIN_TENANT = PREFIX + "SEARCH_AGENCIES_WITHIN_TENANT"; } diff --git a/src/main/java/de/caritas/cob/agencyservice/config/SecurityConfig.java b/src/main/java/de/caritas/cob/agencyservice/config/SecurityConfig.java index c5b0e17e..460e9e3c 100644 --- a/src/main/java/de/caritas/cob/agencyservice/config/SecurityConfig.java +++ b/src/main/java/de/caritas/cob/agencyservice/config/SecurityConfig.java @@ -84,6 +84,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { .requestMatchers("/agencies").permitAll() .requestMatchers(HttpMethod.GET, "/agencyadmin/agencies") .hasAuthority(AuthorityValue.SEARCH_AGENCIES) + .requestMatchers("/agencies/by-tenant").hasAuthority(AuthorityValue.SEARCH_AGENCIES_WITHIN_TENANT) .requestMatchers("/agencyadmin/agencies/tenant/*") .access("hasAuthority('" + AuthorityValue.AGENCY_ADMIN + "') and hasAuthority('" + AuthorityValue.TENANT_ADMIN + "')")