RecentRunner/group-2-threaded-project-petshop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow public viewing of pets and sales

Browse Source
This commit is contained in:
Harkamal Randhawa
2026-03-08 09:39:37 -06:00
parent 3a93fea34f
commit ad81bd031d
5 changed files with 43 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
docker-compose.yml
View File

@@ -11,7 +11,6 @@ services:
- "3306:3306"
volumes:
- db_data:/var/lib/mysql
- ./sql:/docker-entrypoint-initdb.d
healthcheck:
test: ["CMD", "mysqladmin", "ping", "-h", "127.0.0.1", "-uroot", "-proot"]
interval: 5s

36
petshop-api.postman_collection.json
View File

@@ -137,6 +137,42 @@
}
]
},
{
"name": "Login (Staff) -> sets staffToken",
"request": {
"method": "POST",
"url": "{{baseUrl}}/api/v1/auth/login",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"username\": \"staff\",\n \"password\": \"staff123\"\n}",
"options": {
"raw": {
"language": "json"
}
}
}
},
"event": [
{
"listen": "test",
"script": {
"type": "text/javascript",
"exec": [
"try {",
" const json = pm.response.json();",
" if (json && json.token) pm.collectionVariables.set('staffToken', json.token);",
"} catch (e) {}"
]
}
}
]
},
{
"name": "Login (Customer) -> sets customerToken",
"request": {

5
src/main/java/com/petshop/backend/controller/PetController.java
View File

@@ -14,7 +14,6 @@ import org.springframework.web.bind.annotation.*;
@RestController
@RequestMapping("/api/v1/pets")
@PreAuthorize("hasAnyRole('STAFF', 'ADMIN')")
public class PetController {
private final PetService petService;
@@ -36,11 +35,13 @@ public class PetController {
}
@PostMapping
@PreAuthorize("hasAnyRole('STAFF', 'ADMIN')")
public ResponseEntity<PetResponse> createPet(@Valid @RequestBody PetRequest request) {
return ResponseEntity.status(HttpStatus.CREATED).body(petService.createPet(request));
}
@PutMapping("/{id}")
@PreAuthorize("hasAnyRole('STAFF', 'ADMIN')")
public ResponseEntity<PetResponse> updatePet(
@PathVariable Long id,
@Valid @RequestBody PetRequest request) {
@@ -48,12 +49,14 @@ public class PetController {
}
@DeleteMapping("/{id}")
@PreAuthorize("hasAnyRole('STAFF', 'ADMIN')")
public ResponseEntity<Void> deletePet(@PathVariable Long id) {
petService.deletePet(id);
return ResponseEntity.noContent().build();
}
@DeleteMapping
@PreAuthorize("hasAnyRole('STAFF', 'ADMIN')")
public ResponseEntity<Void> bulkDeletePets(@Valid @RequestBody BulkDeleteRequest request) {
petService.bulkDeletePets(request);
return ResponseEntity.noContent().build();

2
src/main/java/com/petshop/backend/controller/SaleController.java
View File

@@ -13,7 +13,6 @@ import org.springframework.web.bind.annotation.*;
@RestController
@RequestMapping("/api/v1/sales")
@PreAuthorize("hasAnyRole('STAFF', 'ADMIN')")
public class SaleController {
private final SaleService saleService;
@@ -35,6 +34,7 @@ public class SaleController {
}
@PostMapping
@PreAuthorize("hasAnyRole('STAFF', 'ADMIN')")
public ResponseEntity<SaleResponse> createSale(@Valid @RequestBody SaleRequest request) {
return ResponseEntity.status(HttpStatus.CREATED).body(saleService.createSale(request));
}

2
src/main/java/com/petshop/backend/security/SecurityConfig.java
View File

@@ -39,6 +39,8 @@ public class SecurityConfig {
.requestMatchers("/api/v1/auth/login").permitAll()
.requestMatchers("/api/v1/health").permitAll()
.requestMatchers("/swagger-ui/**", "/v3/api-docs/**", "/swagger-ui.html").permitAll()
.requestMatchers(HttpMethod.GET, "/api/v1/pets/**").permitAll()
.requestMatchers(HttpMethod.GET, "/api/v1/sales/**").permitAll()
.requestMatchers(HttpMethod.GET, "/api/v1/dropdowns/suppliers").hasRole("ADMIN")
.requestMatchers("/api/v1/inventory/**").hasRole("ADMIN")
.requestMatchers("/api/v1/suppliers/**").hasRole("ADMIN")