Allow user role management for admins

2018-01-17 22:40:15 +01:00 · 2018-01-17 22:40:15 +01:00 · c5553591d9
parent c2f56bc23b
commit c5553591d9
1 changed files with 4 additions and 0 deletions
--- a/users/src/main/java/ba/steleks/security/SecurityConfig.java
+++ b/users/src/main/java/ba/steleks/security/SecurityConfig.java
@ -46,6 +46,10 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
        http.csrf().disable().authorizeRequests()
                .antMatchers("/accesstoken", "/accesstoken/**", "/").permitAll()
                .antMatchers(HttpMethod.POST, "/users").permitAll()
+                .antMatchers(HttpMethod.GET, "/users/**/userRoles").hasRole("ADMIN")
+                .antMatchers(HttpMethod.POST, "/users/**/userRoles").hasRole("ADMIN")
+                .antMatchers(HttpMethod.PUT, "/users/**/userRoles").hasRole("ADMIN")
+                .antMatchers(HttpMethod.DELETE, "/users/**/userRoles/*").hasRole("ADMIN")
                .anyRequest().authenticated()
                .and()
                .addFilterBefore(new AuthenticationFilter(tokenStore, usersJpaRepository), CustomUrlUsernamePasswordAuthenticationFilter.class);