diff --git a/backend/src/main/java/com/petshop/backend/controller/AppointmentController.java b/backend/src/main/java/com/petshop/backend/controller/AppointmentController.java index 4c9d402b..0dc828a1 100644 --- a/backend/src/main/java/com/petshop/backend/controller/AppointmentController.java +++ b/backend/src/main/java/com/petshop/backend/controller/AppointmentController.java @@ -50,7 +50,7 @@ public class AppointmentController { .orElse(null); Long effectiveCustomerId = customerId; - if (role != null && (role.equals("CUSTOMER") || role.equals("ADMIN"))) { + if ("CUSTOMER".equals(role)) { User user = AuthenticationHelper.getAuthenticatedUser(userRepository); effectiveCustomerId = user.getId(); } @@ -88,7 +88,7 @@ public class AppointmentController { .map(authority -> authority.getAuthority().replace("ROLE_", "")) .orElse(null); - if (role != null && (role.equals("CUSTOMER") || role.equals("ADMIN"))) { + if ("CUSTOMER".equals(role)) { User user = AuthenticationHelper.getAuthenticatedUser(userRepository); if (!request.getCustomerId().equals(user.getId())) { throw new org.springframework.security.access.AccessDeniedException("You can only create appointments for yourself"); diff --git a/backend/src/main/java/com/petshop/backend/service/PetService.java b/backend/src/main/java/com/petshop/backend/service/PetService.java index bbd39085..e35deb7d 100644 --- a/backend/src/main/java/com/petshop/backend/service/PetService.java +++ b/backend/src/main/java/com/petshop/backend/service/PetService.java @@ -247,7 +247,13 @@ public class PetService { if (principal instanceof AppPrincipal appPrincipal) { return new CurrentViewer(appPrincipal.getUserId(), appPrincipal.getRole()); } - return null; + String username = authentication.getName(); + if (username == null || username.isBlank() || "anonymousUser".equalsIgnoreCase(username)) { + return null; + } + return userRepository.findByUsername(username) + .map(user -> new CurrentViewer(user.getId(), user.getRole())) + .orElse(null); } private Pet findPet(Long id) {