athlete test

2026-01-08 11:34:13 +01:00
parent 6c2ae936ac
commit f77b401628
2 changed files with 3 additions and 1 deletions
--- a/back_end/src/main/java/hackathon/FrisbYEE/config/WebSecurityConfig.java
+++ b/back_end/src/main/java/hackathon/FrisbYEE/config/WebSecurityConfig.java
@@ -26,7 +26,7 @@ public class WebSecurityConfig {
                .cors(cors -> cors.configurationSource(corsConfigurationSource()))
                .csrf(csrf -> csrf.disable())
                .authorizeHttpRequests(auth -> auth
-                        .requestMatchers(HttpMethod.OPTIONS, "/", "/public", "/coach/**").permitAll() // allow coach endpoints
+                        .requestMatchers(HttpMethod.OPTIONS, "/", "/public", "/coach/**","/athlete/**").permitAll() // allow coach endpoints
                        .requestMatchers("/admin/**").hasRole("admin")
                        .requestMatchers("/user/**").hasRole("user")
                        .anyRequest().authenticated())
--- a/back_end/src/main/java/hackathon/FrisbYEE/rest/AthleteResource.java
+++ b/back_end/src/main/java/hackathon/FrisbYEE/rest/AthleteResource.java
@@ -34,6 +34,7 @@ import io.swagger.v3.oas.annotations.responses.ApiResponses;

@RestController
@RequestMapping("/athlete")
+@CrossOrigin(origins = "http://localhost:3000")
 public class AthleteResource {
    @Autowired
    private AthleteDAO athleteDAO;
@@ -44,6 +45,7 @@ public class AthleteResource {
            @ApiResponse(responseCode = "200", description = "Renvoie l'athlète créé", content = @Content(mediaType = "application/json", schema = @Schema(implementation = AthleteDTO.class)))
    })
    @PostMapping("/create")
+    @PreAuthorize("hasRole('Admin') or hasRole('Coach') or hasRole('Athlete')")
    public ResponseEntity<AthleteDTO> create(@RequestBody AthleteDTO dto) {
        Athlete athlete = mapToEntity(dto);
        athleteDAO.save(athlete);