diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/UsersController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/UsersController.java index 8532d3d26..4446d9de7 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/UsersController.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/UsersController.java @@ -10,6 +10,7 @@ import org.slf4j.LoggerFactory; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; +import org.springframework.security.access.annotation.Secured; import org.springframework.security.crypto.bcrypt.BCrypt; import org.springframework.transaction.annotation.Transactional; import org.springframework.web.bind.annotation.DeleteMapping; @@ -48,6 +49,7 @@ public UsersController(UserRepository userRepository, RoleRepository roleReposit this.userService = userService; } + @Secured("ROLE_ADMIN") @Transactional(readOnly = true) @GetMapping public List getAll() { @@ -65,12 +67,14 @@ public ResponseEntity getCurrentUser() { } } + @Secured("ROLE_ADMIN") @Transactional(readOnly = true) @GetMapping("/{username}") public ResponseEntity getOne(@PathVariable String username) { return ResponseEntity.ok(findUserOrThrowHttp404(username)); } + @Secured("ROLE_ADMIN") @Transactional @DeleteMapping("/{username}") public ResponseEntity deleteOne(@PathVariable String username) { @@ -79,6 +83,7 @@ public ResponseEntity deleteOne(@PathVariable String username) { return ResponseEntity.noContent().build(); } + @Secured("ROLE_ADMIN") @Transactional @PostMapping ResponseEntity saveOne(@RequestBody User user) { @@ -96,6 +101,7 @@ ResponseEntity saveOne(@RequestBody User user) { return ResponseEntity.ok(savedUser); } + @Secured("ROLE_ADMIN") @Transactional @PatchMapping("/{username}") ResponseEntity updateOne(@PathVariable(value = "username") String username, @RequestBody User user) {