Changeset 08f82ec for jobvista-backend/src/main/java/mk/ukim/finki/predmeti/internettehnologii/jobvistabackend/config

Timestamp:

06/20/24 11:57:13 (2 weeks ago)

Author:

223021 <daniel.ilievski.2@…>

Branches:

main

Children:

0f0add0

Parents:

befb988

Message:

Did more refactoring

File:

• jobvista-backend/src/main/java/mk/ukim/finki/predmeti/internettehnologii/jobvistabackend/config/SecurityConfiguration.java (modified) (1 diff)

jobvista-backend/src/main/java/mk/ukim/finki/predmeti/internettehnologii/jobvistabackend/config/SecurityConfiguration.java

@@ -31 +31 @@
         http.csrf(AbstractHttpConfigurer::disable)
                 .authorizeHttpRequests(request -> request
-                        // TO DO: FIX PERMISSIONS
-                        .requestMatchers("/api/job-advertisements/**",
-                                "/api/job-advertisements/view/**",
+                        .requestMatchers(
+                                "/api/auth/**",
+                                "/api/job-advertisements/**",
+                                "/api/applications/**",
                                 "/api/recruiter/**",
-                                "/api/job-seeker/**",
-                                "/api/recruiter/{id}/info",
-                                "/api/recruiter/{id}/edit-info",
-                                "/api/job-advertisements/apply/**",
-                                "/api/auth/**",
-                                "/api/resume/**",
-                                "/api/my-applications/**",
-                                "/api/applications/{id}/update",
-                                "/api/admin/**").permitAll()
-//                        .requestMatchers("/api/recruiter").hasAnyAuthority(Role.ROLE_RECRUITER.name())
+                                "/api/job-seeker/**"
+                        ).permitAll()
+                        .requestMatchers("/api/admin/**").hasAnyAuthority(Role.ROLE_ADMIN.name())
+                        .requestMatchers("/api/recruiter/{id}/edit-info").hasAnyAuthority(Role.ROLE_RECRUITER.name())
+                        .requestMatchers("/api/recruiter/submit-logo").hasAnyAuthority(Role.ROLE_RECRUITER.name())
+                        .requestMatchers("/api/job-seeker/{id}/edit-info").hasAnyAuthority(Role.ROLE_RECRUITER.name())
+                        .requestMatchers("/api/job-seeker/submit-profile-pic").hasAnyAuthority(Role.ROLE_JOBSEEKER.name())
+                        .requestMatchers("/api/job-advertisements/add").hasAnyAuthority(Role.ROLE_RECRUITER.name())
+                        .requestMatchers("/api/job-advertisements/edit/{id}").hasAnyAuthority(Role.ROLE_RECRUITER.name())
+                        .requestMatchers("/api/job-advertisements/delete/{id}").hasAnyAuthority(Role.ROLE_RECRUITER.name())
+                        .requestMatchers("/api/applications/{id}/update").hasAnyAuthority(Role.ROLE_RECRUITER.name())
+                        .requestMatchers("/api/job-advertisements/{advertisement_id}/applications").hasAnyAuthority(Role.ROLE_RECRUITER.name())
+                        .requestMatchers("/api/applications/submit").hasAnyAuthority(Role.ROLE_JOBSEEKER.name())
+                        .requestMatchers("/api/my-applications/{id}").hasAnyAuthority(Role.ROLE_JOBSEEKER.name())
                         .anyRequest().authenticated())
                 .sessionManagement(manager -> manager.sessionCreationPolicy(SessionCreationPolicy.STATELESS))