From 14168c16638b0b73a7cab911d1152efd174a0ea7 Mon Sep 17 00:00:00 2001
From: usbharu <64310155+usbharu@users.noreply.github.com>
Date: Mon, 12 Feb 2024 18:38:19 +0900
Subject: [PATCH] =?UTF-8?q?feat:=20=E6=A8=A9=E9=99=90=E3=81=AE=E8=A8=AD?=
 =?UTF-8?q?=E5=AE=9A=E3=82=92=E8=BF=BD=E5=8A=A0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../application/config/SecurityConfig.kt      | 30 +++++++++++++++++--
 1 file changed, 28 insertions(+), 2 deletions(-)

diff --git a/src/main/kotlin/dev/usbharu/hideout/application/config/SecurityConfig.kt b/src/main/kotlin/dev/usbharu/hideout/application/config/SecurityConfig.kt
index 075fc1bb..7ecbbbe7 100644
--- a/src/main/kotlin/dev/usbharu/hideout/application/config/SecurityConfig.kt
+++ b/src/main/kotlin/dev/usbharu/hideout/application/config/SecurityConfig.kt
@@ -26,8 +26,7 @@ import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
 import org.springframework.context.annotation.Primary
 import org.springframework.core.annotation.Order
-import org.springframework.http.HttpMethod.GET
-import org.springframework.http.HttpMethod.POST
+import org.springframework.http.HttpMethod.*
 import org.springframework.http.HttpStatus
 import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder
 import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter
@@ -210,6 +209,33 @@ class SecurityConfig {
                 authorize(GET, "/api/v1/timelines/public", permitAll)
                 authorize(GET, "/api/v1/timelines/home", hasAnyScope("read", "read:statuses"))
 
+                authorize(GET, "/api/v2/filters", hasAnyScope("read", "read:filters"))
+                authorize(POST, "/api/v2/filters", hasAnyScope("write", "write:filters"))
+
+                authorize(GET, "/api/v2/filters/*", hasAnyScope("read", "read:filters"))
+                authorize(PUT, "/api/v2/filters/*", hasAnyScope("write", "write:filters"))
+                authorize(DELETE, "/api/v2/filters/*", hasAnyScope("write", "write:filters"))
+
+                authorize(GET, "/api/v2/filters/*/keywords", hasAnyScope("read", "read:filters"))
+                authorize(POST, "/api/v2/filters/*/keywords", hasAnyScope("write", "write:filters"))
+
+                authorize(GET, "/api/v2/filters/keywords/*", hasAnyScope("read", "read:filters"))
+                authorize(PUT, "/api/v2/filters/keywords/*", hasAnyScope("write", "write:filters"))
+                authorize(DELETE, "/api/v2/filters/keywords/*", hasAnyScope("write", "write:filters"))
+
+                authorize(GET, "/api/v2/filters/*/statuses", hasAnyScope("read", "read:filters"))
+                authorize(POST, "/api/v2/filters/*/statuses", hasAnyScope("write", "write:filters"))
+
+                authorize(GET, "/api/v2/filters/statuses/*", hasAnyScope("read", "read:filters"))
+                authorize(DELETE, "/api/v2/filters/statuses/*", hasAnyScope("write", "write:filters"))
+
+                authorize(GET, "/api/v1/filters", hasAnyScope("read", "read:filters"))
+                authorize(POST, "/api/v1/filters", hasAnyScope("write", "write:filters"))
+
+                authorize(GET, "/api/v/filters/*", hasAnyScope("read", "read:filters"))
+                authorize(POST, "/api/v1/filters/*", hasAnyScope("write", "write:filters"))
+                authorize(DELETE, "/api/v1/filters/*", hasAnyScope("write", "write:filters"))
+
                 authorize(anyRequest, authenticated)
             }