From c5553591d9befe31eabbb29a02e3e746cb2fd391 Mon Sep 17 00:00:00 2001
From: esensar <es.ensar@gmail.com>
Date: Wed, 17 Jan 2018 22:40:15 +0100
Subject: [PATCH] Allow user role management for admins

---
 users/src/main/java/ba/steleks/security/SecurityConfig.java | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/users/src/main/java/ba/steleks/security/SecurityConfig.java b/users/src/main/java/ba/steleks/security/SecurityConfig.java
index 4ceec80..587d426 100644
--- a/users/src/main/java/ba/steleks/security/SecurityConfig.java
+++ b/users/src/main/java/ba/steleks/security/SecurityConfig.java
@@ -46,6 +46,10 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
         http.csrf().disable().authorizeRequests()
                 .antMatchers("/accesstoken", "/accesstoken/**", "/").permitAll()
                 .antMatchers(HttpMethod.POST, "/users").permitAll()
+                .antMatchers(HttpMethod.GET, "/users/**/userRoles").hasRole("ADMIN")
+                .antMatchers(HttpMethod.POST, "/users/**/userRoles").hasRole("ADMIN")
+                .antMatchers(HttpMethod.PUT, "/users/**/userRoles").hasRole("ADMIN")
+                .antMatchers(HttpMethod.DELETE, "/users/**/userRoles/*").hasRole("ADMIN")
                 .anyRequest().authenticated()
                 .and()
                 .addFilterBefore(new AuthenticationFilter(tokenStore, usersJpaRepository), CustomUrlUsernamePasswordAuthenticationFilter.class);