aarbit/scavengerhunt-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Secures get all hunts by admin role

Browse Source
This commit is contained in:
aarbit
2026-04-09 16:24:14 -05:00
parent 9633d95e75
commit 69e874c9f2
2 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/main/kotlin/net/halfbinary/scavengerhuntapi/config/SecurityConfig.kt
View File

@@ -4,6 +4,7 @@ import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration import org.springframework.context.annotation.Configuration
import org.springframework.security.authentication.AuthenticationManager import org.springframework.security.authentication.AuthenticationManager
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configurers.CorsConfigurer import org.springframework.security.config.annotation.web.configurers.CorsConfigurer
import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer
@@ -17,7 +18,7 @@ import org.springframework.security.web.authentication.UsernamePasswordAuthentic
@Configuration @Configuration
//@EnableWebSecurity @EnableMethodSecurity
class SecurityConfig(private val authEntrypointJwt: AuthEntrypointJwt, class SecurityConfig(private val authEntrypointJwt: AuthEntrypointJwt,
private val authTokenFilter: AuthTokenFilter) { private val authTokenFilter: AuthTokenFilter) {

2
src/main/kotlin/net/halfbinary/scavengerhuntapi/controller/HuntController.kt
View File

@@ -10,6 +10,7 @@ import net.halfbinary.scavengerhuntapi.model.request.HuntStatus
import net.halfbinary.scavengerhuntapi.model.response.HuntResponse import net.halfbinary.scavengerhuntapi.model.response.HuntResponse
import net.halfbinary.scavengerhuntapi.service.HuntService import net.halfbinary.scavengerhuntapi.service.HuntService
import org.springframework.http.ResponseEntity import org.springframework.http.ResponseEntity
import org.springframework.security.access.prepost.PreAuthorize
import org.springframework.web.bind.annotation.* import org.springframework.web.bind.annotation.*
@RestController @RestController
@@ -21,6 +22,7 @@ class HuntController(private val huntService: HuntService) {
return ResponseEntity.ok(huntService.getHunt(huntId).toResponse()) return ResponseEntity.ok(huntService.getHunt(huntId).toResponse())
} }
@PreAuthorize("hasRole('ADMIN')")
@GetMapping() @GetMapping()
fun getAllHunts(@RequestParam status: HuntStatus?): ResponseEntity<List<HuntResponse>> { fun getAllHunts(@RequestParam status: HuntStatus?): ResponseEntity<List<HuntResponse>> {
return ResponseEntity.ok(huntService.getAllHunts(status).map { it.toResponse() }) return ResponseEntity.ok(huntService.getAllHunts(status).map { it.toResponse() })