Add version to exec-maven-plugin and enforce role-based access for user and group endpoints

2025-10-21 21:34:20 +02:00 · 2025-10-21 21:34:20 +02:00 · 0c51bf7c3d
commit 0c51bf7c3d
parent a76de8e53c
3 changed files with 6 additions and 0 deletions
--- a/pom.xml
+++ b/pom.xml
@ -178,6 +178,7 @@
            <plugin>
                <artifactId>exec-maven-plugin</artifactId>
                <groupId>org.codehaus.mojo</groupId>
+                <version>3.1.0</version>
                <executions>
                    <execution>
                        <id>npm build the vue app</id>
--- a/src/main/java/de/avatic/lcc/controller/users/GroupController.java
+++ b/src/main/java/de/avatic/lcc/controller/users/GroupController.java
@ -5,6 +5,7 @@ import de.avatic.lcc.repositories.pagination.SearchQueryResult;
 import de.avatic.lcc.service.users.GroupService;
 import jakarta.validation.constraints.Min;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;

 import java.util.List;
@ -32,6 +33,7 @@ public class GroupController {
     * @return A ResponseEntity containing the list of groups and pagination headers.
     */
    @GetMapping({"/", ""})
+    @PreAuthorize("hasRole('RIGHT-MANAGMENT')")
    public ResponseEntity<List<GroupDTO>> listGroups(@RequestParam(defaultValue = "20") @Min(1) int limit,
                                                     @RequestParam(defaultValue = "1") @Min(1) int page) {

--- a/src/main/java/de/avatic/lcc/controller/users/UserController.java
+++ b/src/main/java/de/avatic/lcc/controller/users/UserController.java
@ -6,6 +6,7 @@ import de.avatic.lcc.repositories.pagination.SearchQueryResult;
 import de.avatic.lcc.service.users.UserService;
 import jakarta.validation.constraints.Min;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;

@ -35,6 +36,7 @@ public class UserController {
     * @return A ResponseEntity containing the list of users, along with pagination headers.
     */
    @GetMapping({"/", ""})
+    @PreAuthorize("hasRole('RIGHT-MANAGMENT')")
    public ResponseEntity<List<UserDTO>> listUsers(
            @RequestParam(defaultValue = "20") @Min(1) int limit,
            @RequestParam(defaultValue = "1") @Min(1) int page) {
@ -57,6 +59,7 @@ public class UserController {
     * @return A ResponseEntity indicating the operation was successful.
     */
    @PutMapping({"/", ""})
+    @PreAuthorize("hasRole('RIGHT-MANAGMENT')")
    public ResponseEntity<Void> updateUser(UserDTO user) {
        userService.updateUser(user);
        return ResponseEntity.ok().build();