Merge pull request Tuwaiq-Team-4#92 from Tuwaiq-Team-4/saud

added security chain / roles permission Tuwaiq-Team-4#20
W2AlharbiMe · Sep 11, 2023 · 94f9241 · 94f9241
2 parents eb4c9de + 7244857
commit 94f9241
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 17 deletions.
diff --git a/src/main/java/com/example/wayz/Configuration/ConfigurationSecurity.java b/src/main/java/com/example/wayz/Configuration/ConfigurationSecurity.java
@@ -39,28 +39,31 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
                 .authenticationProvider(daoAuthenticationProvider())
                 .authorizeHttpRequests()
 
-//                .requestMatchers("/api/v1/auth/register/**").permitAll()
-//                .requestMatchers("/api/v1/driver/**").hasAuthority("DRIVER")
-//                .requestMatchers("/api/v1/car/**").hasAuthority("DRIVER")
-//                .requestMatchers("/api/v1/driver-trips/**").hasAuthority("DRIVER")
-//                .requestMatchers("/api/v1/user-trips/**").hasAuthority("DRIVER")
-//                .requestMatchers("/api/v1/student**").hasAuthority("STUDENT")
-//                .requestMatchers("/api/v1/student-trips**").hasAuthority("STUDENT")
-//                .requestMatchers(HttpMethod.POST, "/api/v1/report/add-report/**").hasAuthority("STUDENT")
-//                .requestMatchers("/api/v1/report/**").hasAuthority("ADMIN")
-//                .requestMatchers("/api/v1/student").hasAuthority("ADMIN")
-
-                .requestMatchers(HttpMethod.POST, "/api/v1/auth/register/**").permitAll()
+                .requestMatchers("/api/v1/auth/register/**").permitAll()
+                .requestMatchers("/api/v1/driver//get-top").permitAll()
+                .requestMatchers("/api/v1/driver/update/{updatedName}").hasAuthority("DRIVER")
+                .requestMatchers("/api/v1/driver/**").hasAuthority("ADMIN")
+                .requestMatchers("/api/v1/car/**").hasAuthority("ADMIN")
+                .requestMatchers("/api/v1/driver-trips/get").hasAuthority("ADMIN")
+                .requestMatchers("/api/v1/driver-trips/**").hasAuthority("DRIVER")
+                .requestMatchers("/api/v1/files/get-allowed").permitAll()
+                .requestMatchers("/api/v1/files/**").hasAuthority("ADMIN")
+                .requestMatchers("/api/v1/orders/add").hasAuthority("STUDENT")
+                .requestMatchers("/api/v1/orders/update/{id}").hasAuthority("STUDENT")
+                .requestMatchers("/api/v1/orders/**").hasAuthority("ADMIN")
+                .requestMatchers("api/v1/report/add-report/{id}").hasAuthority("STUDENT")
+                .requestMatchers("api/v1/report/delete-report/{id}").hasAuthority("STUDENT")
+                .requestMatchers("api/v1/report/**").hasAuthority("ADMIN")
+                .requestMatchers("api/v1/student/update/{id}").hasAuthority("STUDENT")
+                .requestMatchers("api/v1/student/**").hasAuthority("ADMIN")
+                //// TODO add student trip & user trip
                 .anyRequest().permitAll()
-
                 .and()
                 .logout().logoutUrl("/api/v1/auth/logout")
                 .deleteCookies("JSESSIONID")
                 .invalidateHttpSession(true)
                 .and()
                 .httpBasic();
-
-
         return http.build();
 
     }

diff --git a/src/main/java/com/example/wayz/Controller/DriverController.java b/src/main/java/com/example/wayz/Controller/DriverController.java
@@ -32,9 +32,9 @@ public ResponseEntity getTopThreeDrivers() {
     }
 
     @GetMapping("/get-by-id/{id}")
-    public ResponseEntity getDriverById() {
+    public ResponseEntity getDriverById(@PathVariable Integer id) {
 
-        return ResponseEntity.status(200).body(driverService.getAllDrivers());
+        return ResponseEntity.status(200).body(driverService.getDriver(id));
     }