Skip to content

Commit

Permalink
WebSecurityConfig changed so only admin can post to /shelters/**
Browse files Browse the repository at this point in the history
  • Loading branch information
SebastianJitaru29 committed Mar 26, 2024
1 parent 051ccbc commit c138612
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 14 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -30,11 +30,13 @@ protected SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exce
.requestMatchers(HttpMethod.GET, "/identity").authenticated()
.requestMatchers(HttpMethod.POST, "/users").anonymous()
.requestMatchers(HttpMethod.POST, "/users/*").denyAll()
.requestMatchers(HttpMethod.POST, "/**/*").authenticated()
.requestMatchers(HttpMethod.PUT, "/**/*").authenticated()
.requestMatchers(HttpMethod.PATCH, "/**/*").authenticated()
.requestMatchers(HttpMethod.DELETE, "/**/*").authenticated()
.anyRequest().permitAll())
.requestMatchers("/shelters/**").hasAuthority("ROLE_ADMIN")
.requestMatchers(HttpMethod.POST, "/**/*").authenticated()

.anyRequest().permitAll())
.csrf((csrf) -> csrf.disable())
.sessionManagement((session) -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.cors((cors) -> cors.configurationSource(corsConfigurationSource()))
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -85,12 +85,12 @@ public void thereIsNoShelterRegisteredWithTheName(String name) {
@Given("^There is a registered volunteer with name \"([^\"]*)\" and password \"([^\"]*)\" and email \"([^\"]*)\"$")
public void thereIsARegisteredVolunteerWithNameAndPasswordAndEmail(String name, String password, String email) {
if(!ShelterVolunteerRepository.existsById(name)) {
ShelterVolunteer user = new ShelterVolunteer();
user.setEmail(email);
user.setId(name);
user.setPassword(password);
user.encodePassword();
ShelterVolunteerRepository.save(user);
ShelterVolunteer volunteer = new ShelterVolunteer();
volunteer.setEmail(email);
volunteer.setId(name);
volunteer.setPassword(password);
volunteer.encodePassword();
ShelterVolunteerRepository.save(volunteer);
}
}
}
12 changes: 6 additions & 6 deletions src/test/resources/features/CreateShelter.feature
Original file line number Diff line number Diff line change
Expand Up @@ -21,12 +21,12 @@ Feature: Create Shelter
When I create a shelter with a name "name", email "[email protected]" and phone "123123123" and location "location"
Then The response code is 201

#Scenario: Create shelter as Volunteer
# Given I login as "volunteer" with password "password"
# When I create a shelter with a name "name", email "[email protected]" and phone "123123123" and location "location"
# Then The response code is 401
# And The error message is "Unauthorized"
# And There is 0 Shelter created
Scenario: Create shelter as Volunteer
Given I login as "volunteer" with password "password"
When I create a shelter with a name "name", email "[email protected]" and phone "123123123" and location "location"
Then The response code is 403
And The error message is "Forbidden"
And There is 0 Shelter created

Scenario: Create shelter as Client
Given I login as "client" with password "password"
Expand Down

0 comments on commit c138612

Please sign in to comment.