diff --git a/huertos/src/main/java/net/miarma/backend/huertos/config/SecurityConfig.java b/huertos/src/main/java/net/miarma/backend/huertos/config/SecurityConfig.java index 7286e3d..aa7420a 100644 --- a/huertos/src/main/java/net/miarma/backend/huertos/config/SecurityConfig.java +++ b/huertos/src/main/java/net/miarma/backend/huertos/config/SecurityConfig.java @@ -37,16 +37,16 @@ public class SecurityConfig { .csrf(csrf -> csrf.disable()) .sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) .exceptionHandling(ex -> ex - .authenticationEntryPoint(authEntryPoint) - .accessDeniedHandler(accessDeniedHandler) + .authenticationEntryPoint(authEntryPoint) + .accessDeniedHandler(accessDeniedHandler) ) .authorizeHttpRequests(auth -> auth // PUBLICAS .requestMatchers("/login").permitAll() - .requestMatchers("/announces").permitAll() - .requestMatchers("/requests").permitAll() - .requestMatchers("/huertos/users/waitlist/limited").permitAll() - .requestMatchers("/huertos/users/latest-number").permitAll() + .requestMatchers("/announcements").permitAll() + .requestMatchers("/requests/mine").permitAll() + .requestMatchers("/users/waitlist/limited").permitAll() + .requestMatchers("/users/latest-number").permitAll() // PRIVADAS .anyRequest().authenticated() ); diff --git a/huertos/src/main/java/net/miarma/backend/huertos/controller/AnnouncementController.java b/huertos/src/main/java/net/miarma/backend/huertos/controller/AnnouncementController.java index f8f3c17..6201cb9 100644 --- a/huertos/src/main/java/net/miarma/backend/huertos/controller/AnnouncementController.java +++ b/huertos/src/main/java/net/miarma/backend/huertos/controller/AnnouncementController.java @@ -23,7 +23,6 @@ public class AnnouncementController { } @GetMapping - @PreAuthorize("hasAnyRole('HUERTOS_ROLE_ADMIN', 'HUERTOS_ROLE_DEV')") public ResponseEntity> getAll() { return ResponseEntity.ok( announcementService.getAll()