Encapsulated methods that are allowed only for admins. Removed ability to add new user, new user must be registered using auth.

2023-10-07 10:18:02 +03:00
parent 128a1fabc1
commit 19ac92f268
6 changed files with 31 additions and 21 deletions
--- a/src/main/java/com/faf223/expensetrackerfaf/controller/ExpenseController.java
+++ b/src/main/java/com/faf223/expensetrackerfaf/controller/ExpenseController.java
@@ -6,8 +6,8 @@ import com.faf223.expensetrackerfaf.dto.mappers.ExpenseMapper;
 import com.faf223.expensetrackerfaf.model.Expense;
 import com.faf223.expensetrackerfaf.service.ExpenseService;
 import lombok.RequiredArgsConstructor;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.BindingResult;
 import org.springframework.web.bind.annotation.*;

@@ -23,6 +23,7 @@ public class ExpenseController {
    private final ExpenseMapper expenseMapper;

    @GetMapping()
+    @PreAuthorize("hasRole('ADMIN')")
    public ResponseEntity<List<ExpenseDTO>> getAllExpenses() {
        List<ExpenseDTO> expenses = expenseService.getExpenses().stream().map(expenseMapper::toDto).collect(Collectors.toList());
        if (!expenses.isEmpty()) return ResponseEntity.ok(expenses);