Closed x-snackage-x closed 3 weeks ago
The following three endpoints have to be protected against access through a participant:
An example of how to do it for an ADMIN:
String callerId = authentication.getName(); UserRole callingRole = userService.getUserRole(callerId); if (callingRole != UserRole.ADMIN) { return new ResponseEntity<>(HttpStatus.FORBIDDEN); }
These will also require some tests for coverage.
The following three endpoints have to be protected against access through a participant:
An example of how to do it for an ADMIN:
These will also require some tests for coverage.