From 1ac46ca7e320566c9dea6388195e8f9c360f15bd Mon Sep 17 00:00:00 2001 From: arp137 <154314080+arp137@users.noreply.github.com> Date: Tue, 5 May 2026 15:35:24 +0200 Subject: [PATCH] access control for non-administrator users in tag endpoints --- .../cat/udl/eps/softarch/demo/config/WebSecurityConfig.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/main/java/cat/udl/eps/softarch/demo/config/WebSecurityConfig.java b/src/main/java/cat/udl/eps/softarch/demo/config/WebSecurityConfig.java index 64114139..dfcd2d5a 100644 --- a/src/main/java/cat/udl/eps/softarch/demo/config/WebSecurityConfig.java +++ b/src/main/java/cat/udl/eps/softarch/demo/config/WebSecurityConfig.java @@ -60,6 +60,9 @@ protected SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exce .requestMatchers(HttpMethod.GET, "/portfolios/search/findByVisibility").permitAll() .requestMatchers(HttpMethod.GET, "/portfolios/*/owner").permitAll() .requestMatchers(HttpMethod.GET, "/portfolios/**").authenticated() + // Tags + .requestMatchers(HttpMethod.POST, "/tags").hasRole("ADMIN") + .requestMatchers(HttpMethod.DELETE, "/tags/*").hasRole("ADMIN") // Profile .requestMatchers(HttpMethod.POST, "/profiles").hasRole("CREATOR") // Default