fix(FSADT1-1431): added security role for districts (#1077)

bcgov · Aug 13, 2024 · 7cab479 · 7cab479
1 parent b35aab7
commit 7cab479
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/backend/src/main/java/ca/bc/gov/app/security/ApiAuthorizationCustomizer.java b/backend/src/main/java/ca/bc/gov/app/security/ApiAuthorizationCustomizer.java
@@ -70,6 +70,17 @@ public void customize(AuthorizeExchangeSpec authorize) {
             ApplicationConstant.ROLE_EDITOR,
             ApplicationConstant.ROLE_ADMIN);
 
+    // Added a separate rule for the districts endpoint due to the processor service
+    authorize
+        .pathMatchers(HttpMethod.GET, "/api/codes/districts/**")
+        .hasAnyRole(ApplicationConstant.ROLE_VIEWER,
+            ApplicationConstant.ROLE_EDITOR,
+            ApplicationConstant.ROLE_ADMIN,
+            ApplicationConstant.USERTYPE_BCEIDBUSINESS_USER,
+            ApplicationConstant.USERTYPE_BCSC_USER,
+            ApplicationConstant.USERTYPE_SERVICE_USER
+        );
+
     // Viewer, editor, admin, BCeIDBusiness and BCSC users can GET from the codes endpoint
     authorize
         .pathMatchers(HttpMethod.GET, "/api/codes/**")