Skip to content
Snippets Groups Projects
Commit a15a596f authored by Lars Maronde's avatar Lars Maronde
Browse files

endpunkt um neue apotheke registrieren geöffnet für alle

parent 2a95df7c
No related branches found
No related tags found
No related merge requests found
......@@ -57,7 +57,13 @@ public class BenutzerController {
@PostMapping("/apotheke/{apothekeId}/benutzer")
public ResponseEntity<?> createNewBenutzer(@PathVariable String apothekeId, @RequestBody BenutzerAPIDetails benutzerData) {
if(!authController.checkIfAuthorized(authController.getCurrentUsername(), apothekeId)) {
//first user does not have to be authorized
boolean firstUser = apothekeRepo.findById(apothekeId).orElseThrow(InvalidInputException::new)
.getBenutzer().size() == 0;
if(!firstUser && !authController.checkIfAuthorized(authController.getCurrentUsername(), apothekeId)) {
return new ResponseEntity<>(HttpStatus.FORBIDDEN);
}
......
......@@ -38,7 +38,8 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter implemen
.antMatchers(HttpMethod.DELETE, "/**").hasAnyRole("ADMIN")
.antMatchers(HttpMethod.PUT, "​/apotheke​/*​/btmbuchung​/*").hasAnyRole("PRUEFER")
.antMatchers(HttpMethod.PUT, "/apotheke/**").hasAnyRole("BENUTZER","ADMIN")
.antMatchers(HttpMethod.POST, "/apotheke").hasAnyRole("BENUTZER", "ADMIN")
.antMatchers(HttpMethod.POST, "/apotheke").permitAll()
.antMatchers(HttpMethod.POST, "/apotheke/*").permitAll()
.antMatchers("/login", "/logout").permitAll()
//disable cross site forgery and disable cors protection
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment