From d401fe40f3e3beb6d87a519b940fca6ba418c834 Mon Sep 17 00:00:00 2001
From: ailtonbsj <ailton.ifce@gmail.com>
Date: Mon, 5 Sep 2022 12:01:43 -0300
Subject: [PATCH] Finished PreAuth

---
 README.md                                                | 9 +++++++++
 .../sauteapi/controllers/AutorizacaoController.java      | 7 +++++++
 .../sauteapi/controllers/ProcessoController.java         | 6 ++++++
 3 files changed, 22 insertions(+)
 create mode 100644 README.md

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..b8f1aa1
--- /dev/null
+++ b/README.md
@@ -0,0 +1,9 @@
+# SauteWeb API with Spring Boot
+
+This is the backend of project SauteWeb.
+
+## Features
+
+- Using Spring Boot for Rest API (Java)
+- Spring Security for Authentication and Authorization
+- Implemented Basic Auth
\ No newline at end of file
diff --git a/src/main/java/ailtonbsj/sauteweb/sauteapi/controllers/AutorizacaoController.java b/src/main/java/ailtonbsj/sauteweb/sauteapi/controllers/AutorizacaoController.java
index 1c56435..7c1ac27 100644
--- a/src/main/java/ailtonbsj/sauteweb/sauteapi/controllers/AutorizacaoController.java
+++ b/src/main/java/ailtonbsj/sauteweb/sauteapi/controllers/AutorizacaoController.java
@@ -5,6 +5,7 @@
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -28,27 +29,32 @@ public class AutorizacaoController {
     @Autowired
     AutorizacaoRepository rep;
 
+    @PreAuthorize("hasRole('editor')")
     @PostMapping
     public Long save(@RequestBody Autorizacao autorizacao) {
         return rep.save(autorizacao).getId();
     }
 
+    @PreAuthorize("hasRole('viewer')")
     @GetMapping
     public Iterable<Autorizacao> findAll() {
         return rep.findAll();
     }
 
+    @PreAuthorize("hasRole('viewer')")
     @GetMapping("/proc/{id}")
     public Iterable<Autorizacao> findAllByProcesso(@PathVariable Long id) {
         return rep.findAllByProcessoId(id);
     }
 
+    @PreAuthorize("hasRole('viewer')")
     @GetMapping("{id}")
     public Autorizacao findById(@PathVariable Long id) {
         return rep.findById(id).orElseThrow(
                 () -> new ResponseStatusException(HttpStatus.NOT_FOUND));
     }
 
+    @PreAuthorize("hasRole('editor')")
     @PatchMapping
     public Long update(@RequestBody Autorizacao autorizacao) {
         Autorizacao ent = this.findById(autorizacao.getId());
@@ -58,6 +64,7 @@ public Long update(@RequestBody Autorizacao autorizacao) {
         return rep.save(ent).getId();
     }
 
+    @PreAuthorize("hasRole('admin')")
     @DeleteMapping("{id}")
     public void deleteById(@PathVariable Long id) {
         rep.deleteById(id);
diff --git a/src/main/java/ailtonbsj/sauteweb/sauteapi/controllers/ProcessoController.java b/src/main/java/ailtonbsj/sauteweb/sauteapi/controllers/ProcessoController.java
index b637571..b7242ac 100644
--- a/src/main/java/ailtonbsj/sauteweb/sauteapi/controllers/ProcessoController.java
+++ b/src/main/java/ailtonbsj/sauteweb/sauteapi/controllers/ProcessoController.java
@@ -6,6 +6,7 @@
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -30,11 +31,13 @@ public class ProcessoController {
     @Autowired
     ProcessoRepository rep;
 
+    @PreAuthorize("hasRole('editor')")
     @PostMapping
     public Long save(@RequestBody Processo processo) {
         return rep.save(processo).getId();
     }
 
+    @PreAuthorize("hasRole('viewer')")
     @GetMapping
     public Iterable<Processo> findAll(@RequestParam Optional<String> q) {
         if (q.isEmpty()) {
@@ -45,12 +48,14 @@ public Iterable<Processo> findAll(@RequestParam Optional<String> q) {
         }
     }
 
+    @PreAuthorize("hasRole('viewer')")
     @GetMapping("{id}")
     public Processo findById(@PathVariable Long id) {
         return rep.findById(id).orElseThrow(
                 () -> new ResponseStatusException(HttpStatus.NOT_FOUND));
     }
 
+    @PreAuthorize("hasRole('editor')")
     @PatchMapping
     public Long update(@RequestBody Processo processo) {
         Processo ent = rep.findById(processo.getId())
@@ -61,6 +66,7 @@ public Long update(@RequestBody Processo processo) {
         return rep.save(ent).getId();
     }
 
+    @PreAuthorize("hasRole('admin')")
     @DeleteMapping("{id}")
     public void deleteById(@PathVariable Long id) {
         rep.deleteById(id);