Allow public viewing of pets and sales

2026-03-08 09:39:37 -06:00
parent 3a93fea34f
commit ad81bd031d
5 changed files with 43 additions and 3 deletions
--- a/src/main/java/com/petshop/backend/controller/PetController.java
+++ b/src/main/java/com/petshop/backend/controller/PetController.java
@@ -14,7 +14,6 @@ import org.springframework.web.bind.annotation.*;

@RestController
@RequestMapping("/api/v1/pets")
-@PreAuthorize("hasAnyRole('STAFF', 'ADMIN')")
 public class PetController {

    private final PetService petService;
@@ -36,11 +35,13 @@ public class PetController {
    }

    @PostMapping
+    @PreAuthorize("hasAnyRole('STAFF', 'ADMIN')")
    public ResponseEntity<PetResponse> createPet(@Valid @RequestBody PetRequest request) {
        return ResponseEntity.status(HttpStatus.CREATED).body(petService.createPet(request));
    }

    @PutMapping("/{id}")
+    @PreAuthorize("hasAnyRole('STAFF', 'ADMIN')")
    public ResponseEntity<PetResponse> updatePet(
            @PathVariable Long id,
            @Valid @RequestBody PetRequest request) {
@@ -48,12 +49,14 @@ public class PetController {
    }

    @DeleteMapping("/{id}")
+    @PreAuthorize("hasAnyRole('STAFF', 'ADMIN')")
    public ResponseEntity<Void> deletePet(@PathVariable Long id) {
        petService.deletePet(id);
        return ResponseEntity.noContent().build();
    }

    @DeleteMapping
+    @PreAuthorize("hasAnyRole('STAFF', 'ADMIN')")
    public ResponseEntity<Void> bulkDeletePets(@Valid @RequestBody BulkDeleteRequest request) {
        petService.bulkDeletePets(request);
        return ResponseEntity.noContent().build();
--- a/src/main/java/com/petshop/backend/controller/SaleController.java
+++ b/src/main/java/com/petshop/backend/controller/SaleController.java
@@ -13,7 +13,6 @@ import org.springframework.web.bind.annotation.*;

@RestController
@RequestMapping("/api/v1/sales")
-@PreAuthorize("hasAnyRole('STAFF', 'ADMIN')")
 public class SaleController {

    private final SaleService saleService;
@@ -35,6 +34,7 @@ public class SaleController {
    }

    @PostMapping
+    @PreAuthorize("hasAnyRole('STAFF', 'ADMIN')")
    public ResponseEntity<SaleResponse> createSale(@Valid @RequestBody SaleRequest request) {
        return ResponseEntity.status(HttpStatus.CREATED).body(saleService.createSale(request));
    }
--- a/src/main/java/com/petshop/backend/security/SecurityConfig.java
+++ b/src/main/java/com/petshop/backend/security/SecurityConfig.java
@@ -39,6 +39,8 @@ public class SecurityConfig {
                        .requestMatchers("/api/v1/auth/login").permitAll()
                        .requestMatchers("/api/v1/health").permitAll()
                        .requestMatchers("/swagger-ui/**", "/v3/api-docs/**", "/swagger-ui.html").permitAll()
+                        .requestMatchers(HttpMethod.GET, "/api/v1/pets/**").permitAll()
+                        .requestMatchers(HttpMethod.GET, "/api/v1/sales/**").permitAll()
                        .requestMatchers(HttpMethod.GET, "/api/v1/dropdowns/suppliers").hasRole("ADMIN")
                        .requestMatchers("/api/v1/inventory/**").hasRole("ADMIN")
                        .requestMatchers("/api/v1/suppliers/**").hasRole("ADMIN")