feat: added security info to OpenAPI annotations

66c65cf5 · Petr Kabelka · 308f89a5 · 66c65cf5 · 66c65cf5 · 66c65cf5
Commit 66c65cf5 authored 10 months ago by Petr Kabelka
--- a/common/src/main/java/com/example/pa165_project_movies/common/config/SecurityConst.java
+++ b/common/src/main/java/com/example/pa165_project_movies/common/config/SecurityConst.java
+package com.example.pa165_project_movies.common.config;
+public final class SecurityConst {
+    public static final String UUID5_NAMESPACE_EMAIL = "f59e7f8d-1a56-4126-9e30-39ec5749819a";
+    public static final String SECURITY_SCHEME_NAME = "MUNI";
+}
--- a/movie/src/main/java/com/example/pa165_project_movies/movie/rest/MovieCategoryController.java
+++ b/movie/src/main/java/com/example/pa165_project_movies/movie/rest/MovieCategoryController.java
 package com.example.pa165_project_movies.movie.rest;
+import com.example.pa165_project_movies.common.config.Oauth2Scope;
+import com.example.pa165_project_movies.common.config.SecurityConst;
 import com.example.pa165_project_movies.common.dto.MovieCategoryCreateDto;
 import com.example.pa165_project_movies.common.dto.MovieCategoryDto;
 import com.example.pa165_project_movies.movie.facade.MovieCategoryFacade;
 import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import jakarta.validation.Valid;
 import org.springdoc.core.annotations.ParameterObject;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -34,30 +38,63 @@ public class MovieCategoryController {
        this.movieCategoryFacade = movieCategoryFacade;
    }
+    @Operation(summary = "Paged movie categories")
    @GetMapping
    public ResponseEntity<Page<MovieCategoryDto>> getMovieCategories(@ParameterObject Pageable pageable) {
        return ResponseEntity.ok(movieCategoryFacade.findAll(pageable));
    }
-    @Operation(summary = "Get movie category by id")
+    @Operation(
+            summary = "Get movie category by id",
+            responses = {
+                    @ApiResponse(responseCode = "200"),
+                    @ApiResponse(responseCode = "404", description = "entity not found"),
+            }
+    )
    @GetMapping(path = "/{id:^[0-9a-fA-F]{8}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{12}$}")
    public ResponseEntity<MovieCategoryDto> getMovieCategoryById(@PathVariable UUID id) {
        return ResponseEntity.ok(movieCategoryFacade.findById(id));
    }
-    @Operation(summary = "Create new movie category")
+    @Operation(
+            summary = "Create new movie category",
+            responses = {
+                    @ApiResponse(responseCode = "201"),
+                    @ApiResponse(responseCode = "400", description = "wrong DTO data passed"),
+                    @ApiResponse(responseCode = "403", description = "access token does not have scope '" + Oauth2Scope.ADMIN + "'"),
+            },
+            security = @SecurityRequirement(name = SecurityConst.SECURITY_SCHEME_NAME, scopes = {Oauth2Scope.ADMIN})
+    )
    @PostMapping
    public ResponseEntity<MovieCategoryDto> createMovieCategory(@Valid @RequestBody MovieCategoryCreateDto movieCategoryCreateDto) {
        return new ResponseEntity<>(movieCategoryFacade.create(movieCategoryCreateDto), HttpStatus.CREATED);
    }
-    @Operation(summary = "Update movie category")
+    @Operation(
+            summary = "Update movie category",
+            responses = {
+                    @ApiResponse(responseCode = "200"),
+                    @ApiResponse(responseCode = "400", description = "wrong DTO data passed"),
+                    @ApiResponse(responseCode = "404", description = "entity for update not found"),
+                    @ApiResponse(responseCode = "403", description = "access token does not have scope '" + Oauth2Scope.ADMIN + "'"),
+            },
+            security = @SecurityRequirement(name = SecurityConst.SECURITY_SCHEME_NAME, scopes = {Oauth2Scope.ADMIN})
+    )
    @PutMapping(path = "/{id:^[0-9a-fA-F]{8}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{12}$}")
    public ResponseEntity<MovieCategoryDto> updateMovieCategory(@PathVariable UUID id, @RequestBody MovieCategoryDto movieCategory) {
        return ResponseEntity.ok(movieCategoryFacade.update(id, movieCategory));
    }
-    @Operation(summary = "Delete movie category")
+    @Operation(
+            summary = "Delete movie category",
+            responses = {
+                    @ApiResponse(responseCode = "204"),
+                    @ApiResponse(responseCode = "400", description = "wrong id format passed"),
+                    @ApiResponse(responseCode = "404", description = "entity for deletion not found"),
+                    @ApiResponse(responseCode = "403", description = "access token does not have scope '" + Oauth2Scope.ADMIN + "'"),
+            },
+            security = @SecurityRequirement(name = SecurityConst.SECURITY_SCHEME_NAME, scopes = {Oauth2Scope.ADMIN})
+    )
    @DeleteMapping(path = "/{id:^[0-9a-fA-F]{8}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{12}$}")
    @ResponseStatus(HttpStatus.NO_CONTENT)
    public ResponseEntity<Void> deleteMovieCategory(@PathVariable UUID id) {

--- a/movie/src/main/java/com/example/pa165_project_movies/movie/rest/MovieController.java
+++ b/movie/src/main/java/com/example/pa165_project_movies/movie/rest/MovieController.java
 package com.example.pa165_project_movies.movie.rest;
+import com.example.pa165_project_movies.common.config.Oauth2Scope;
+import com.example.pa165_project_movies.common.config.SecurityConst;
 import com.example.pa165_project_movies.common.dto.MovieDetailDto;
 import com.example.pa165_project_movies.common.dto.MovieNewDto;
 import com.example.pa165_project_movies.common.dto.filterDto.MovieFilterDto;
 import com.example.pa165_project_movies.movie.facade.MovieFacade;
 import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import jakarta.validation.Valid;
 import org.springdoc.core.annotations.ParameterObject;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -48,7 +52,11 @@ public class MovieController {
    @Operation(
-            summary = "Get movie by id"
+            summary = "Get movie by id",
+            responses = {
+                    @ApiResponse(responseCode = "200"),
+                    @ApiResponse(responseCode = "404", description = "entity not found"),
+            }
    )
    @GetMapping(path = "/{id:^[0-9a-fA-F]{8}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{12}$}")
    public ResponseEntity<MovieDetailDto> getMovieById(@PathVariable UUID id) {
@@ -56,7 +64,13 @@ public class MovieController {
    }
    @Operation(
-            summary = "Create new movie"
+            summary = "Create new movie",
+            responses = {
+                    @ApiResponse(responseCode = "201"),
+                    @ApiResponse(responseCode = "400", description = "wrong DTO data passed"),
+                    @ApiResponse(responseCode = "403", description = "access token does not have scope '" + Oauth2Scope.ADMIN + "'"),
+            },
+            security = @SecurityRequirement(name = SecurityConst.SECURITY_SCHEME_NAME, scopes = {Oauth2Scope.ADMIN})
    )
    @PostMapping
    public ResponseEntity<MovieDetailDto> createMovie(
@@ -66,7 +80,14 @@ public class MovieController {
    }
    @Operation(
-            summary = "Update movie"
+            summary = "Update movie",
+            responses = {
+                    @ApiResponse(responseCode = "200"),
+                    @ApiResponse(responseCode = "400", description = "wrong DTO data passed"),
+                    @ApiResponse(responseCode = "404", description = "entity for update not found"),
+                    @ApiResponse(responseCode = "403", description = "access token does not have scope '" + Oauth2Scope.ADMIN + "'"),
+            },
+            security = @SecurityRequirement(name = SecurityConst.SECURITY_SCHEME_NAME, scopes = {Oauth2Scope.ADMIN})
    )
    @PutMapping(path = "/{id:^[0-9a-fA-F]{8}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{12}$}")
    public ResponseEntity<MovieDetailDto> updateMovie(
@@ -77,7 +98,14 @@ public class MovieController {
    }
    @Operation(
-            summary = "Delete movie"
+            summary = "Delete movie",
+            responses = {
+                    @ApiResponse(responseCode = "204"),
+                    @ApiResponse(responseCode = "400", description = "wrong id format passed"),
+                    @ApiResponse(responseCode = "404", description = "entity for deletion not found"),
+                    @ApiResponse(responseCode = "403", description = "access token does not have scope '" + Oauth2Scope.ADMIN + "'"),
+            },
+            security = @SecurityRequirement(name = SecurityConst.SECURITY_SCHEME_NAME, scopes = {Oauth2Scope.ADMIN})
    )
    @DeleteMapping(path = "/{id:^[0-9a-fA-F]{8}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{12}$}")
    public ResponseEntity<Void> deleteMovie(@PathVariable UUID id) {

--- a/movie/src/main/java/com/example/pa165_project_movies/movie/rest/PictureController.java
+++ b/movie/src/main/java/com/example/pa165_project_movies/movie/rest/PictureController.java
 package com.example.pa165_project_movies.movie.rest;
+import com.example.pa165_project_movies.common.config.Oauth2Scope;
+import com.example.pa165_project_movies.common.config.SecurityConst;
 import com.example.pa165_project_movies.common.dto.PictureCreateDto;
 import com.example.pa165_project_movies.common.dto.PictureDto;
 import com.example.pa165_project_movies.movie.facade.PictureFacade;
 import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import jakarta.validation.Valid;
 import org.springdoc.core.annotations.ParameterObject;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -38,25 +42,57 @@ public class PictureController {
        return ResponseEntity.ok(pictureFacade.findAll(pageable));
    }
-    @Operation(summary = "Get movie picture by id")
+    @Operation(
+            summary = "Get movie picture by id",
+            responses = {
+                    @ApiResponse(responseCode = "200"),
+                    @ApiResponse(responseCode = "404", description = "entity not found"),
+            }
+    )
    @GetMapping(path = "/{id:^[0-9a-fA-F]{8}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{12}$}")
    public ResponseEntity<PictureDto> getPictureById(@PathVariable UUID id) {
        return ResponseEntity.ok(pictureFacade.findById(id));
    }
-    @Operation(summary = "Create new movie picture")
+    @Operation(
+            summary = "Create new movie picture",
+            responses = {
+                    @ApiResponse(responseCode = "201"),
+                    @ApiResponse(responseCode = "400", description = "wrong DTO data passed"),
+                    @ApiResponse(responseCode = "403", description = "access token does not have scope '" + Oauth2Scope.ADMIN + "'"),
+            },
+            security = @SecurityRequirement(name = SecurityConst.SECURITY_SCHEME_NAME, scopes = {Oauth2Scope.ADMIN})
+    )
    @PostMapping
    public ResponseEntity<PictureDto> createPicture(@Valid @RequestBody PictureCreateDto pictureCreateDto) {
        return new ResponseEntity<>(pictureFacade.create(pictureCreateDto), HttpStatus.CREATED);
    }
-    @Operation(summary = "Update movie picture")
+    @Operation(
+            summary = "Update movie picture",
+            responses = {
+                    @ApiResponse(responseCode = "200"),
+                    @ApiResponse(responseCode = "400", description = "wrong DTO data passed"),
+                    @ApiResponse(responseCode = "404", description = "entity for update not found"),
+                    @ApiResponse(responseCode = "403", description = "access token does not have scope '" + Oauth2Scope.ADMIN + "'"),
+            },
+            security = @SecurityRequirement(name = SecurityConst.SECURITY_SCHEME_NAME, scopes = {Oauth2Scope.ADMIN})
+    )
    @PutMapping(path = "/{id:^[0-9a-fA-F]{8}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{12}$}")
    public ResponseEntity<PictureDto> updatePicture(@PathVariable UUID id, @RequestBody PictureDto picture) {
        return ResponseEntity.ok(pictureFacade.update(id, picture));
    }
-    @Operation(summary = "Delete movie picture")
+    @Operation(
+            summary = "Delete movie picture",
+            responses = {
+                    @ApiResponse(responseCode = "204"),
+                    @ApiResponse(responseCode = "400", description = "wrong id format passed"),
+                    @ApiResponse(responseCode = "404", description = "entity for deletion not found"),
+                    @ApiResponse(responseCode = "403", description = "access token does not have scope '" + Oauth2Scope.ADMIN + "'"),
+            },
+            security = @SecurityRequirement(name = SecurityConst.SECURITY_SCHEME_NAME, scopes = {Oauth2Scope.ADMIN})
+    )
    @DeleteMapping(path = "/{id:^[0-9a-fA-F]{8}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{12}$}")
    public ResponseEntity<Void> deletePicture(@PathVariable UUID id) {
        pictureFacade.delete(id);

--- a/personnel/src/main/java/com/example/pa165_project_movies/personnel/rest/MovieRoleRestController.java
+++ b/personnel/src/main/java/com/example/pa165_project_movies/personnel/rest/MovieRoleRestController.java
 package com.example.pa165_project_movies.personnel.rest;
+import com.example.pa165_project_movies.common.config.Oauth2Scope;
+import com.example.pa165_project_movies.common.config.SecurityConst;
 import com.example.pa165_project_movies.common.dto.MovieRoleCreateDto;
 import com.example.pa165_project_movies.common.dto.MovieRoleDto;
 import com.example.pa165_project_movies.personnel.facade.MovieRoleFacade;
@@ -7,6 +9,7 @@ import io.swagger.v3.oas.annotations.OpenAPIDefinition;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.info.Info;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import io.swagger.v3.oas.annotations.servers.Server;
 import io.swagger.v3.oas.annotations.servers.ServerVariable;
 import jakarta.validation.Valid;
@@ -56,7 +59,9 @@ public class MovieRoleRestController {
            responses = {
                    @ApiResponse(responseCode = "201"),
                    @ApiResponse(responseCode = "400", description = "wrong DTO data passed"),
-            }
+                    @ApiResponse(responseCode = "403", description = "access token does not have scope '" + Oauth2Scope.ADMIN + "'"),
+            },
+            security = @SecurityRequirement(name = SecurityConst.SECURITY_SCHEME_NAME, scopes = {Oauth2Scope.ADMIN})
    )
    @PostMapping
    public ResponseEntity<MovieRoleDto> createMovieRole(@Valid @RequestBody MovieRoleCreateDto movieRoleCreateDto) {
@@ -70,7 +75,9 @@ public class MovieRoleRestController {
                    @ApiResponse(responseCode = "200"),
                    @ApiResponse(responseCode = "400", description = "wrong DTO data passed"),
                    @ApiResponse(responseCode = "404", description = "entity for update not found"),
-            }
+                    @ApiResponse(responseCode = "403", description = "access token does not have scope '" + Oauth2Scope.ADMIN + "'"),
+            },
+            security = @SecurityRequirement(name = SecurityConst.SECURITY_SCHEME_NAME, scopes = {Oauth2Scope.ADMIN})
    )
    @PutMapping(path = "/{id}")
    public ResponseEntity<MovieRoleDto> updateMovieRole(@PathVariable UUID id, @Valid @RequestBody MovieRoleDto movieRoleDto) {
@@ -84,7 +91,9 @@ public class MovieRoleRestController {
                    @ApiResponse(responseCode = "204"),
                    @ApiResponse(responseCode = "400", description = "wrong id format passed"),
                    @ApiResponse(responseCode = "404", description = "entity for deletion not found"),
-            }
+                    @ApiResponse(responseCode = "403", description = "access token does not have scope '" + Oauth2Scope.ADMIN + "'"),
+            },
+            security = @SecurityRequirement(name = SecurityConst.SECURITY_SCHEME_NAME, scopes = {Oauth2Scope.ADMIN})
    )
    @DeleteMapping(path = "/{id}")
    public ResponseEntity<Void> deleteMovieRole(@PathVariable UUID id) {
@@ -106,7 +115,6 @@ public class MovieRoleRestController {
            description = "Finds a role by id and returns its information.",
            responses = {
                    @ApiResponse(responseCode = "200"),
-                    @ApiResponse(responseCode = "400", description = "wrong DTO data passed"),
                    @ApiResponse(responseCode = "404", description = "entity for update not found"),
            }
    )

--- a/personnel/src/main/java/com/example/pa165_project_movies/personnel/rest/PersonMovieRoleRestController.java
+++ b/personnel/src/main/java/com/example/pa165_project_movies/personnel/rest/PersonMovieRoleRestController.java
 package com.example.pa165_project_movies.personnel.rest;
+import com.example.pa165_project_movies.common.config.Oauth2Scope;
+import com.example.pa165_project_movies.common.config.SecurityConst;
 import com.example.pa165_project_movies.common.dto.PersonRoleCreateDto;
 import com.example.pa165_project_movies.common.dto.PersonRoleDto;
 import com.example.pa165_project_movies.personnel.facade.PersonMovieRoleFacade;
@@ -7,6 +9,7 @@ import io.swagger.v3.oas.annotations.OpenAPIDefinition;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.info.Info;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import io.swagger.v3.oas.annotations.servers.Server;
 import io.swagger.v3.oas.annotations.servers.ServerVariable;
 import jakarta.validation.Valid;
@@ -58,7 +61,9 @@ public class PersonMovieRoleRestController {
            responses = {
                    @ApiResponse(responseCode = "201"),
                    @ApiResponse(responseCode = "400", description = "wrong DTO data passed"),
-            }
+                    @ApiResponse(responseCode = "403", description = "access token does not have scope '" + Oauth2Scope.ADMIN + "'"),
+            },
+            security = @SecurityRequirement(name = SecurityConst.SECURITY_SCHEME_NAME, scopes = {Oauth2Scope.ADMIN})
    )
    @PostMapping
    public ResponseEntity<PersonRoleDto> createMovieRole(@Valid @RequestBody PersonRoleCreateDto personRoleCreateDto) {
@@ -72,7 +77,9 @@ public class PersonMovieRoleRestController {
                    @ApiResponse(responseCode = "200"),
                    @ApiResponse(responseCode = "400", description = "wrong DTO data passed"),
                    @ApiResponse(responseCode = "404", description = "entity for update not found"),
-            }
+                    @ApiResponse(responseCode = "403", description = "access token does not have scope '" + Oauth2Scope.ADMIN + "'"),
+            },
+            security = @SecurityRequirement(name = SecurityConst.SECURITY_SCHEME_NAME, scopes = {Oauth2Scope.ADMIN})
    )
    @PutMapping
    public ResponseEntity<PersonRoleDto> updateMovieRole(@PathVariable UUID id, @Valid @RequestBody PersonRoleDto personDto) {
@@ -86,7 +93,9 @@ public class PersonMovieRoleRestController {
                    @ApiResponse(responseCode = "204"),
                    @ApiResponse(responseCode = "400", description = "wrong id format passed"),
                    @ApiResponse(responseCode = "404", description = "entity for deletion not found"),
-            }
+                    @ApiResponse(responseCode = "403", description = "access token does not have scope '" + Oauth2Scope.ADMIN + "'"),
+            },
+            security = @SecurityRequirement(name = SecurityConst.SECURITY_SCHEME_NAME, scopes = {Oauth2Scope.ADMIN})
    )
    @DeleteMapping(path = "/{id}")
    public ResponseEntity<Void> deleteMovieRole(@PathVariable UUID id) {

--- a/personnel/src/main/java/com/example/pa165_project_movies/personnel/rest/PersonRestController.java
+++ b/personnel/src/main/java/com/example/pa165_project_movies/personnel/rest/PersonRestController.java
 package com.example.pa165_project_movies.personnel.rest;
+import com.example.pa165_project_movies.common.config.Oauth2Scope;
+import com.example.pa165_project_movies.common.config.SecurityConst;
 import com.example.pa165_project_movies.common.dto.PersonCreateDto;
 import com.example.pa165_project_movies.common.dto.PersonDto;
 import com.example.pa165_project_movies.personnel.facade.PersonFacade;
@@ -7,6 +9,7 @@ import io.swagger.v3.oas.annotations.OpenAPIDefinition;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.info.Info;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import io.swagger.v3.oas.annotations.servers.Server;
 import io.swagger.v3.oas.annotations.servers.ServerVariable;
 import jakarta.validation.Valid;
@@ -56,7 +59,9 @@ public class PersonRestController {
            responses = {
                    @ApiResponse(responseCode = "201"),
                    @ApiResponse(responseCode = "400", description = "wrong DTO data passed"),
-            }
+                    @ApiResponse(responseCode = "403", description = "access token does not have scope '" + Oauth2Scope.ADMIN + "'"),
+            },
+            security = @SecurityRequirement(name = SecurityConst.SECURITY_SCHEME_NAME, scopes = {Oauth2Scope.ADMIN})
    )
    @PostMapping
    public ResponseEntity<PersonDto> createPerson(@Valid @RequestBody PersonCreateDto personDto) {
@@ -70,7 +75,9 @@ public class PersonRestController {
                    @ApiResponse(responseCode = "200"),
                    @ApiResponse(responseCode = "400", description = "wrong DTO data passed"),
                    @ApiResponse(responseCode = "404", description = "entity for update not found"),
-            }
+                    @ApiResponse(responseCode = "403", description = "access token does not have scope '" + Oauth2Scope.ADMIN + "'"),
+            },
+            security = @SecurityRequirement(name = SecurityConst.SECURITY_SCHEME_NAME, scopes = {Oauth2Scope.ADMIN})
    )
    @PutMapping
    public ResponseEntity<PersonDto> updatePerson(@PathVariable UUID id, @Valid @RequestBody PersonDto personDto) {
@@ -84,7 +91,9 @@ public class PersonRestController {
                    @ApiResponse(responseCode = "204"),
                    @ApiResponse(responseCode = "400", description = "wrong id format passed"),
                    @ApiResponse(responseCode = "404", description = "entity for deletion not found"),
-            }
+                    @ApiResponse(responseCode = "403", description = "access token does not have scope '" + Oauth2Scope.ADMIN + "'"),
+            },
+            security = @SecurityRequirement(name = SecurityConst.SECURITY_SCHEME_NAME, scopes = {Oauth2Scope.ADMIN})
    )
    @DeleteMapping(path = "/{id}")
    public ResponseEntity<Void> deletePerson(@PathVariable UUID id) {

--- a/review/src/main/java/com/example/pa165_project_movies/review/config/SecurityConfig.java
+++ b/review/src/main/java/com/example/pa165_project_movies/review/config/SecurityConfig.java
@@ -35,8 +35,6 @@ public class SecurityConfig {
    @Value("${rest.path.movie-reviews}")
    private URI movieReviewsRestPath;
-    public static final String UUID5_NAMESPACE_EMAIL = "f59e7f8d-1a56-4126-9e30-39ec5749819a";
    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
        httpSecurity

--- a/review/src/main/java/com/example/pa165_project_movies/review/rest/ReviewRestController.java
+++ b/review/src/main/java/com/example/pa165_project_movies/review/rest/ReviewRestController.java
 package com.example.pa165_project_movies.review.rest;
+import com.example.pa165_project_movies.common.config.Oauth2Scope;
+import com.example.pa165_project_movies.common.config.SecurityConst;
 import com.example.pa165_project_movies.common.dto.ReviewCreateDto;
 import com.example.pa165_project_movies.common.dto.ReviewDto;
 import com.example.pa165_project_movies.review.facade.ReviewFacade;
@@ -8,6 +10,7 @@ import io.swagger.v3.oas.annotations.OpenAPIDefinition;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.info.Info;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import io.swagger.v3.oas.annotations.servers.Server;
 import io.swagger.v3.oas.annotations.servers.ServerVariable;
 import jakarta.validation.Valid;
@@ -84,9 +87,11 @@ public class ReviewRestController {
            responses = {
                    @ApiResponse(responseCode = "201"),
                    @ApiResponse(responseCode = "400", description = "wrong DTO data passed"),
-            }
+                    @ApiResponse(responseCode = "403", description = "access token does not have scope '" + Oauth2Scope.AUTH_WRITE + "' or 'userId' field does not match the caller's ID"),
+            },
+            security = @SecurityRequirement(name = SecurityConst.SECURITY_SCHEME_NAME, scopes = {Oauth2Scope.AUTH_WRITE})
    )
-    @PreAuthorize("hasAuthority(T(com.example.pa165_project_movies.common.config.Oauth2Scope).ADMIN) or #review.getUserId().equals(T(com.example.pa165_project_movies.common.util.UUID5).from(T(com.example.pa165_project_movies.review.config.SecurityConfig).UUID5_NAMESPACE_EMAIL, authentication.getName()))")
+    @PreAuthorize("hasAuthority(T(com.example.pa165_project_movies.common.config.Oauth2Scope).ADMIN) or #review.getUserId().equals(T(com.example.pa165_project_movies.common.util.UUID5).from(T(com.example.pa165_project_movies.common.config.SecurityConst).UUID5_NAMESPACE_EMAIL, authentication.getName()))")
    @PostMapping
    public ResponseEntity<ReviewDto> createReview(
            @Valid @RequestBody ReviewCreateDto review
@@ -101,9 +106,11 @@ public class ReviewRestController {
                    @ApiResponse(responseCode = "200"),
                    @ApiResponse(responseCode = "400", description = "wrong DTO data passed"),
                    @ApiResponse(responseCode = "404", description = "entity for update not found"),
-            }
+                    @ApiResponse(responseCode = "403", description = "access token does not have scope '" + Oauth2Scope.AUTH_WRITE + "' or 'userId' field does not match the caller's ID"),
+            },
+            security = @SecurityRequirement(name = SecurityConst.SECURITY_SCHEME_NAME, scopes = {Oauth2Scope.AUTH_WRITE})
    )
-    @PreAuthorize("hasAuthority(T(com.example.pa165_project_movies.common.config.Oauth2Scope).ADMIN) or #review.getUserId().equals(T(com.example.pa165_project_movies.common.util.UUID5).from(T(com.example.pa165_project_movies.review.config.SecurityConfig).UUID5_NAMESPACE_EMAIL, authentication.getName()))")
+    @PreAuthorize("hasAuthority(T(com.example.pa165_project_movies.common.config.Oauth2Scope).ADMIN) or #review.getUserId().equals(T(com.example.pa165_project_movies.common.util.UUID5).from(T(com.example.pa165_project_movies.common.config.SecurityConst).UUID5_NAMESPACE_EMAIL, authentication.getName()))")
    @PutMapping(path = "/{id}")
    public ResponseEntity<ReviewDto> updateReview(
            @PathVariable UUID id,
@@ -119,9 +126,11 @@ public class ReviewRestController {
                    @ApiResponse(responseCode = "204"),
                    @ApiResponse(responseCode = "400", description = "wrong id format passed"),
                    @ApiResponse(responseCode = "404", description = "entity for deletion not found"),
-            }
+                    @ApiResponse(responseCode = "403", description = "access token does not have scope '" + Oauth2Scope.AUTH_WRITE + "' or 'userId' field does not match the caller's ID"),
+            },
+            security = @SecurityRequirement(name = SecurityConst.SECURITY_SCHEME_NAME, scopes = {Oauth2Scope.AUTH_WRITE})
    )
-    @PreAuthorize("hasAuthority(T(com.example.pa165_project_movies.common.config.Oauth2Scope).ADMIN) or @reviewFacade.findById(#id).getUserId().equals(T(com.example.pa165_project_movies.common.util.UUID5).from(T(com.example.pa165_project_movies.review.config.SecurityConfig).UUID5_NAMESPACE_EMAIL, authentication.getName()))")
+    @PreAuthorize("hasAuthority(T(com.example.pa165_project_movies.common.config.Oauth2Scope).ADMIN) or @reviewFacade.findById(#id).getUserId().equals(T(com.example.pa165_project_movies.common.util.UUID5).from(T(com.example.pa165_project_movies.common.config.SecurityConst).UUID5_NAMESPACE_EMAIL, authentication.getName()))")
    @DeleteMapping(path = "/{id}")
    public ResponseEntity<Void> deleteReview(@PathVariable UUID id) {
        reviewFacade.delete(id);