usbharu
/
Hideout
mirror of https://github.com/usbharu/Hideout.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

feat: 権限の設定を追加

This commit is contained in:
usbharu 2024-02-12 18:38:19 +09:00
parent d06b4062c8
commit d67a71dd57
1 changed files with 28 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
src/main/kotlin/dev/usbharu/hideout/application/config/SecurityConfig.kt
View File

@ -26,8 +26,7 @@ import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.context.annotation.Primary
import org.springframework.core.annotation.Order
import org.springframework.http.HttpMethod.GET
import org.springframework.http.HttpMethod.POST
import org.springframework.http.HttpMethod.*
import org.springframework.http.HttpStatus
import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder
import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter
@ -210,6 +209,33 @@ class SecurityConfig {
authorize(GET, "/api/v1/timelines/public", permitAll)
authorize(GET, "/api/v1/timelines/home", hasAnyScope("read", "read:statuses"))
authorize(GET, "/api/v2/filters", hasAnyScope("read", "read:filters"))
authorize(POST, "/api/v2/filters", hasAnyScope("write", "write:filters"))
authorize(GET, "/api/v2/filters/*", hasAnyScope("read", "read:filters"))
authorize(PUT, "/api/v2/filters/*", hasAnyScope("write", "write:filters"))
authorize(DELETE, "/api/v2/filters/*", hasAnyScope("write", "write:filters"))
authorize(GET, "/api/v2/filters/*/keywords", hasAnyScope("read", "read:filters"))
authorize(POST, "/api/v2/filters/*/keywords", hasAnyScope("write", "write:filters"))
authorize(GET, "/api/v2/filters/keywords/*", hasAnyScope("read", "read:filters"))
authorize(PUT, "/api/v2/filters/keywords/*", hasAnyScope("write", "write:filters"))
authorize(DELETE, "/api/v2/filters/keywords/*", hasAnyScope("write", "write:filters"))
authorize(GET, "/api/v2/filters/*/statuses", hasAnyScope("read", "read:filters"))
authorize(POST, "/api/v2/filters/*/statuses", hasAnyScope("write", "write:filters"))
authorize(GET, "/api/v2/filters/statuses/*", hasAnyScope("read", "read:filters"))
authorize(DELETE, "/api/v2/filters/statuses/*", hasAnyScope("write", "write:filters"))
authorize(GET, "/api/v1/filters", hasAnyScope("read", "read:filters"))
authorize(POST, "/api/v1/filters", hasAnyScope("write", "write:filters"))
authorize(GET, "/api/v/filters/*", hasAnyScope("read", "read:filters"))
authorize(POST, "/api/v1/filters/*", hasAnyScope("write", "write:filters"))
authorize(DELETE, "/api/v1/filters/*", hasAnyScope("write", "write:filters"))
authorize(anyRequest, authenticated)
}