Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found
Select Git revision

Target

Select target project
  • fatima-ezzahra.majidi.etu/gestion-des-stages
1 result
Select Git revision
Show changes
Commits on Source (2)
Hide whitespace changes
Inline Side-by-side
src/main/java/com/example/gestionstagesbackend/config/SecurityConfig.java
View file @ dd69abf9
...@@ -2,6 +2,7 @@ package com.example.gestionstagesbackend.config; ...@@ -2,6 +2,7 @@ package com.example.gestionstagesbackend.config;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration; import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
...@@ -42,19 +43,36 @@ public class SecurityConfig { ...@@ -42,19 +43,36 @@ public class SecurityConfig {
.requestMatchers("/**").permitAll() .requestMatchers("/**").permitAll()
// Role-based access // Role-based access
.requestMatchers("/api/students").hasAuthority("ROLE_ETUDIANT") // 👨‍🎓 STUDENTS (ETUDIANTS) - Can ONLY View Students & Stages
.requestMatchers("/api/students/**").hasAuthority("ROLE_ETUDIANT") .requestMatchers(HttpMethod.GET, "/api/students").hasAuthority("ROLE_ETUDIANT")
.requestMatchers("/api/stages").hasAuthority("ROLE_ETUDIANT") .requestMatchers(HttpMethod.GET, "/api/stages").hasAuthority("ROLE_ETUDIANT")
.requestMatchers("/api/stages/**").hasAuthority("ROLE_ENTREPRISE")
.requestMatchers("/api/students").hasAuthority("ROLE_SUPERVISEUR") // ENTERPRISES - Can CRUD Stages but NOT Students
.requestMatchers("/api/students/**").hasAuthority("ROLE_SUPERVISEUR") .requestMatchers(HttpMethod.POST, "/api/stages/add").hasAuthority("ROLE_ENTREPRISE")
.requestMatchers("/api/stages").hasAuthority("ROLE_SUPERVISEUR") .requestMatchers(HttpMethod.PUT, "/api/stages/update/**").hasAuthority("ROLE_ENTREPRISE")
.requestMatchers("/api/stages/**").hasAuthority("ROLE_SUPERVISEUR") .requestMatchers(HttpMethod.DELETE, "/api/stages/delete/**").hasAuthority("ROLE_ENTREPRISE")
.requestMatchers("/api/enterprises/add").hasAuthority("ROLE_ENTREPRISE")
.requestMatchers("/api/enterprises/update").hasAuthority("ROLE_ENTREPRISE") // SUPERVISEURS - Can CRUD Students & View Stages
.requestMatchers("/api/enterprises/delete").hasAuthority("ROLE_ENTREPRISE") .requestMatchers(HttpMethod.GET, "/api/students").hasAuthority("ROLE_SUPERVISEUR")
.requestMatchers("/**").hasAuthority("ROLE_ADMIN") .requestMatchers(HttpMethod.POST, "/api/students/add").hasAuthority("ROLE_SUPERVISEUR")
.requestMatchers(HttpMethod.PUT, "/api/students/update/**").hasAuthority("ROLE_SUPERVISEUR")
.requestMatchers(HttpMethod.DELETE, "/api/students/delete/**").hasAuthority("ROLE_SUPERVISEUR")
.requestMatchers(HttpMethod.GET, "/api/stages").hasAuthority("ROLE_SUPERVISEUR")
// ENTERPRISES - Can CRUD their own Enterprise details
.requestMatchers(HttpMethod.POST, "/api/enterprises/add").hasAuthority("ROLE_ENTREPRISE")
.requestMatchers(HttpMethod.PUT, "/api/enterprises/update/**").hasAuthority("ROLE_ENTREPRISE")
.requestMatchers(HttpMethod.DELETE, "/api/enterprises/delete/**").hasAuthority("ROLE_ENTREPRISE")
// CANDIDATURES - Students Can Apply, Supervisors & Admins Can View & Manage
.requestMatchers(HttpMethod.POST, "/api/candidacies/add").hasAuthority("ROLE_ETUDIANT") // Students apply
.requestMatchers(HttpMethod.GET, "/api/candidacies").hasAnyAuthority("ROLE_ADMIN", "ROLE_SUPERVISEUR") // Admin & Supervisor can view
.requestMatchers(HttpMethod.PUT, "/api/candidacies/update/**").hasAuthority("ROLE_ADMIN") // Only Admins can update candidacies
.requestMatchers(HttpMethod.DELETE, "/api/candidacies/delete/**").hasAuthority("ROLE_ADMIN") // Only Admins can delete candidacies
// ADMIN ACCESS - Has Full Control Over Everything
.requestMatchers("/api/admin/**").hasAuthority("ROLE_ADMIN")
.requestMatchers("/**").hasAuthority("ROLE_ADMIN")
// Any other request requires authentication // Any other request requires authentication
.anyRequest().authenticated() .anyRequest().authenticated()
) )
......