All endpoints has been gone through in all controllers to make sure they have the correct authentication access based on either user or admin role. Since we've used @PreAuthorize for each method in the controllers there is no need to keep those authorization endpoints in WebSecurityConfig.
WebSecurityConfig now only contains endpoints with "permitAll"-access.
To test in Postman
git checkout 104-look-over-and-add-appropriate-role-authentication-to-endpoints
All endpoints needs to be tested for both user and admin roles. If an endpoint has limited access (user OR admin), actively try to access that endpoint to confirm that the authorization works as it should.
When logged in as a user, also try to access other user id's, ex. another users seller or buyer history.
All endpoints has been gone through in all controllers to make sure they have the correct authentication access based on either user or admin role. Since we've used @PreAuthorize for each method in the controllers there is no need to keep those authorization endpoints in WebSecurityConfig.
WebSecurityConfig now only contains endpoints with "permitAll"-access.
To test in Postman git checkout 104-look-over-and-add-appropriate-role-authentication-to-endpoints
All endpoints needs to be tested for both user and admin roles. If an endpoint has limited access (user OR admin), actively try to access that endpoint to confirm that the authorization works as it should. When logged in as a user, also try to access other user id's, ex. another users seller or buyer history.
Thank you and good luck! :)
EDIT PR instructions.txt
Added a document with endpoints, functionality, auth access and request type since it got totally fucked up in when I posted the PR buhu.