From c143326dada6087f6aa96dacd7f6ee0300bb6615 Mon Sep 17 00:00:00 2001 From: ddangelorb Date: Mon, 25 Oct 2021 09:40:56 -0300 Subject: [PATCH] Fixing permission bug --- .../waterproofingdata/wpdauth/controller/UsersController.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/waterproofingdata/wpdauth/controller/UsersController.java b/src/main/java/org/waterproofingdata/wpdauth/controller/UsersController.java index 532d48f..dd802b2 100644 --- a/src/main/java/org/waterproofingdata/wpdauth/controller/UsersController.java +++ b/src/main/java/org/waterproofingdata/wpdauth/controller/UsersController.java @@ -194,7 +194,7 @@ public class UsersController { } @GetMapping(value = "/me") - @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_CLIENT')") + @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_INSTITUTION') or hasRole('ROLE_CLIENT')") @ApiOperation( value = "${UserController.me}", response = UsersResponseDTO.class, @@ -213,7 +213,7 @@ public class UsersController { } @GetMapping("/refresh") - @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_CLIENT')") + @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_INSTITUTION') or hasRole('ROLE_CLIENT')") public String refresh(HttpServletRequest req) { return userService.refresh(req.getRemoteUser()); }