From ccac9cde597b7b7401b1882e538be827bef33d86 Mon Sep 17 00:00:00 2001
From: Matej Hrica <492778@mail.muni.cz>
Date: Sun, 7 May 2023 21:48:35 +0200
Subject: [PATCH] Make report SecurityFilterChain more explicit

---
 .../cz/muni/fi/pa165/report/server/config/AppConfig.java     | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/report/src/main/java/cz/muni/fi/pa165/report/server/config/AppConfig.java b/report/src/main/java/cz/muni/fi/pa165/report/server/config/AppConfig.java
index 31261c2..e5c3a42 100644
--- a/report/src/main/java/cz/muni/fi/pa165/report/server/config/AppConfig.java
+++ b/report/src/main/java/cz/muni/fi/pa165/report/server/config/AppConfig.java
@@ -1,5 +1,6 @@
 package cz.muni.fi.pa165.report.server.config;
 
+import cz.muni.fi.pa165.user.client.Authorities;
 import cz.muni.fi.pa165.user.client.UserServiceInterceptionConfigurer;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -21,8 +22,8 @@ public class AppConfig {
                         .requestMatchers("/v3/api-docs/**").permitAll()
                         .requestMatchers(HttpMethod.GET, "/").permitAll()
                         .requestMatchers(HttpMethod.GET, "/swagger-ui.html").permitAll()
-                        // default
-                        .anyRequest().authenticated()
+                        // Manager has access to all reports
+                        .anyRequest().hasAuthority(Authorities.MANAGER)
                 )
                 .oauth2ResourceServer(OAuth2ResourceServerConfigurer::opaqueToken);
         return http.build();
-- 
GitLab