Allow public viewing of pets and sales
This commit is contained in:
@@ -11,7 +11,6 @@ services:
|
|||||||
- "3306:3306"
|
- "3306:3306"
|
||||||
volumes:
|
volumes:
|
||||||
- db_data:/var/lib/mysql
|
- db_data:/var/lib/mysql
|
||||||
- ./sql:/docker-entrypoint-initdb.d
|
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: ["CMD", "mysqladmin", "ping", "-h", "127.0.0.1", "-uroot", "-proot"]
|
test: ["CMD", "mysqladmin", "ping", "-h", "127.0.0.1", "-uroot", "-proot"]
|
||||||
interval: 5s
|
interval: 5s
|
||||||
|
|||||||
@@ -137,6 +137,42 @@
|
|||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"name": "Login (Staff) -> sets staffToken",
|
||||||
|
"request": {
|
||||||
|
"method": "POST",
|
||||||
|
"url": "{{baseUrl}}/api/v1/auth/login",
|
||||||
|
"header": [
|
||||||
|
{
|
||||||
|
"key": "Content-Type",
|
||||||
|
"value": "application/json"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"body": {
|
||||||
|
"mode": "raw",
|
||||||
|
"raw": "{\n \"username\": \"staff\",\n \"password\": \"staff123\"\n}",
|
||||||
|
"options": {
|
||||||
|
"raw": {
|
||||||
|
"language": "json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"event": [
|
||||||
|
{
|
||||||
|
"listen": "test",
|
||||||
|
"script": {
|
||||||
|
"type": "text/javascript",
|
||||||
|
"exec": [
|
||||||
|
"try {",
|
||||||
|
" const json = pm.response.json();",
|
||||||
|
" if (json && json.token) pm.collectionVariables.set('staffToken', json.token);",
|
||||||
|
"} catch (e) {}"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"name": "Login (Customer) -> sets customerToken",
|
"name": "Login (Customer) -> sets customerToken",
|
||||||
"request": {
|
"request": {
|
||||||
|
|||||||
@@ -14,7 +14,6 @@ import org.springframework.web.bind.annotation.*;
|
|||||||
|
|
||||||
@RestController
|
@RestController
|
||||||
@RequestMapping("/api/v1/pets")
|
@RequestMapping("/api/v1/pets")
|
||||||
@PreAuthorize("hasAnyRole('STAFF', 'ADMIN')")
|
|
||||||
public class PetController {
|
public class PetController {
|
||||||
|
|
||||||
private final PetService petService;
|
private final PetService petService;
|
||||||
@@ -36,11 +35,13 @@ public class PetController {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@PostMapping
|
@PostMapping
|
||||||
|
@PreAuthorize("hasAnyRole('STAFF', 'ADMIN')")
|
||||||
public ResponseEntity<PetResponse> createPet(@Valid @RequestBody PetRequest request) {
|
public ResponseEntity<PetResponse> createPet(@Valid @RequestBody PetRequest request) {
|
||||||
return ResponseEntity.status(HttpStatus.CREATED).body(petService.createPet(request));
|
return ResponseEntity.status(HttpStatus.CREATED).body(petService.createPet(request));
|
||||||
}
|
}
|
||||||
|
|
||||||
@PutMapping("/{id}")
|
@PutMapping("/{id}")
|
||||||
|
@PreAuthorize("hasAnyRole('STAFF', 'ADMIN')")
|
||||||
public ResponseEntity<PetResponse> updatePet(
|
public ResponseEntity<PetResponse> updatePet(
|
||||||
@PathVariable Long id,
|
@PathVariable Long id,
|
||||||
@Valid @RequestBody PetRequest request) {
|
@Valid @RequestBody PetRequest request) {
|
||||||
@@ -48,12 +49,14 @@ public class PetController {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@DeleteMapping("/{id}")
|
@DeleteMapping("/{id}")
|
||||||
|
@PreAuthorize("hasAnyRole('STAFF', 'ADMIN')")
|
||||||
public ResponseEntity<Void> deletePet(@PathVariable Long id) {
|
public ResponseEntity<Void> deletePet(@PathVariable Long id) {
|
||||||
petService.deletePet(id);
|
petService.deletePet(id);
|
||||||
return ResponseEntity.noContent().build();
|
return ResponseEntity.noContent().build();
|
||||||
}
|
}
|
||||||
|
|
||||||
@DeleteMapping
|
@DeleteMapping
|
||||||
|
@PreAuthorize("hasAnyRole('STAFF', 'ADMIN')")
|
||||||
public ResponseEntity<Void> bulkDeletePets(@Valid @RequestBody BulkDeleteRequest request) {
|
public ResponseEntity<Void> bulkDeletePets(@Valid @RequestBody BulkDeleteRequest request) {
|
||||||
petService.bulkDeletePets(request);
|
petService.bulkDeletePets(request);
|
||||||
return ResponseEntity.noContent().build();
|
return ResponseEntity.noContent().build();
|
||||||
|
|||||||
@@ -13,7 +13,6 @@ import org.springframework.web.bind.annotation.*;
|
|||||||
|
|
||||||
@RestController
|
@RestController
|
||||||
@RequestMapping("/api/v1/sales")
|
@RequestMapping("/api/v1/sales")
|
||||||
@PreAuthorize("hasAnyRole('STAFF', 'ADMIN')")
|
|
||||||
public class SaleController {
|
public class SaleController {
|
||||||
|
|
||||||
private final SaleService saleService;
|
private final SaleService saleService;
|
||||||
@@ -35,6 +34,7 @@ public class SaleController {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@PostMapping
|
@PostMapping
|
||||||
|
@PreAuthorize("hasAnyRole('STAFF', 'ADMIN')")
|
||||||
public ResponseEntity<SaleResponse> createSale(@Valid @RequestBody SaleRequest request) {
|
public ResponseEntity<SaleResponse> createSale(@Valid @RequestBody SaleRequest request) {
|
||||||
return ResponseEntity.status(HttpStatus.CREATED).body(saleService.createSale(request));
|
return ResponseEntity.status(HttpStatus.CREATED).body(saleService.createSale(request));
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -39,6 +39,8 @@ public class SecurityConfig {
|
|||||||
.requestMatchers("/api/v1/auth/login").permitAll()
|
.requestMatchers("/api/v1/auth/login").permitAll()
|
||||||
.requestMatchers("/api/v1/health").permitAll()
|
.requestMatchers("/api/v1/health").permitAll()
|
||||||
.requestMatchers("/swagger-ui/**", "/v3/api-docs/**", "/swagger-ui.html").permitAll()
|
.requestMatchers("/swagger-ui/**", "/v3/api-docs/**", "/swagger-ui.html").permitAll()
|
||||||
|
.requestMatchers(HttpMethod.GET, "/api/v1/pets/**").permitAll()
|
||||||
|
.requestMatchers(HttpMethod.GET, "/api/v1/sales/**").permitAll()
|
||||||
.requestMatchers(HttpMethod.GET, "/api/v1/dropdowns/suppliers").hasRole("ADMIN")
|
.requestMatchers(HttpMethod.GET, "/api/v1/dropdowns/suppliers").hasRole("ADMIN")
|
||||||
.requestMatchers("/api/v1/inventory/**").hasRole("ADMIN")
|
.requestMatchers("/api/v1/inventory/**").hasRole("ADMIN")
|
||||||
.requestMatchers("/api/v1/suppliers/**").hasRole("ADMIN")
|
.requestMatchers("/api/v1/suppliers/**").hasRole("ADMIN")
|
||||||
|
|||||||
Reference in New Issue
Block a user