diff --git a/src/main/kotlin/net/halfbinary/scavengerhuntapi/config/SecurityConfig.kt b/src/main/kotlin/net/halfbinary/scavengerhuntapi/config/SecurityConfig.kt index 18660a0..8a590e9 100644 --- a/src/main/kotlin/net/halfbinary/scavengerhuntapi/config/SecurityConfig.kt +++ b/src/main/kotlin/net/halfbinary/scavengerhuntapi/config/SecurityConfig.kt @@ -4,6 +4,7 @@ import org.springframework.context.annotation.Bean import org.springframework.context.annotation.Configuration import org.springframework.security.authentication.AuthenticationManager import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration +import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.configurers.CorsConfigurer import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer @@ -17,7 +18,7 @@ import org.springframework.security.web.authentication.UsernamePasswordAuthentic @Configuration -//@EnableWebSecurity +@EnableMethodSecurity class SecurityConfig(private val authEntrypointJwt: AuthEntrypointJwt, private val authTokenFilter: AuthTokenFilter) { diff --git a/src/main/kotlin/net/halfbinary/scavengerhuntapi/controller/HuntController.kt b/src/main/kotlin/net/halfbinary/scavengerhuntapi/controller/HuntController.kt index 7314ecd..20a915c 100644 --- a/src/main/kotlin/net/halfbinary/scavengerhuntapi/controller/HuntController.kt +++ b/src/main/kotlin/net/halfbinary/scavengerhuntapi/controller/HuntController.kt @@ -10,6 +10,7 @@ import net.halfbinary.scavengerhuntapi.model.request.HuntStatus import net.halfbinary.scavengerhuntapi.model.response.HuntResponse import net.halfbinary.scavengerhuntapi.service.HuntService import org.springframework.http.ResponseEntity +import org.springframework.security.access.prepost.PreAuthorize import org.springframework.web.bind.annotation.* @RestController @@ -21,6 +22,7 @@ class HuntController(private val huntService: HuntService) { return ResponseEntity.ok(huntService.getHunt(huntId).toResponse()) } + @PreAuthorize("hasRole('ADMIN')") @GetMapping() fun getAllHunts(@RequestParam status: HuntStatus?): ResponseEntity> { return ResponseEntity.ok(huntService.getAllHunts(status).map { it.toResponse() })