Merge pull request #28 from ibardos/refactor/backend/routes

Refactor/backend/routes
ibardos · Feb 13, 2024 · f4840b7 · f4840b7
2 parents ba4d227 + 78102fe
commit f4840b7
Show file tree

Hide file tree

Showing 52 changed files with 395 additions and 457 deletions.
diff --git a/README.md b/README.md
@@ -171,6 +171,7 @@ With Postman:
 4. Start the back-end server in your IDE
    - Database tables will be created and initialized with data automatically
 5. Test the API endpoints with the predefined HTTP requests in Postman (edge cases are also covered)
+   - Remember to retrieve the proper (see hints) JWT token to be able to call service APIs
 
 With my set of End-to-End tests: 
 1. Run the tests I've created for API endpoint testing, located here: ```~/src/test/java/com/ibardos/motoShop/endToEndTests/apiTests```
@@ -206,3 +207,7 @@ with ORM as well.
 - Create a compound in your IDE to be able to run back-end and front-end servers simultaneously with a push of a button.
   - You don't need to bother with database initialisation at any point, as I managed to do that programmatically.
 - If you don't understand something, Google it, ask ChatGPT about it, or feel free to contact me.
+- Security configuration:
+  - User role: read permission
+  - Sales role: create, read, update permissions
+  - Admin role: create, read, update, delete permissions
diff --git a/src/main/java/com/ibardos/motoShop/controller/ManufacturerController.java b/src/main/java/com/ibardos/motoShop/controller/ManufacturerController.java
@@ -13,7 +13,7 @@
  * REST API controller for Manufacturer type.
  */
 @RestController
-@RequestMapping("manufacturer")
+@RequestMapping("service/manufacturer")
 public class ManufacturerController {
     ManufacturerService manufacturerService;
 

diff --git a/src/main/java/com/ibardos/motoShop/controller/MotorcycleModelController.java b/src/main/java/com/ibardos/motoShop/controller/MotorcycleModelController.java
@@ -15,7 +15,7 @@
  * REST API controller for MotorcycleModel type.
  */
 @RestController
-@RequestMapping("motorcycle/model")
+@RequestMapping("service/motorcycle/model")
 public class MotorcycleModelController {
     MotorcycleModelService motorcycleModelService;
 

diff --git a/src/main/java/com/ibardos/motoShop/controller/MotorcycleStockController.java b/src/main/java/com/ibardos/motoShop/controller/MotorcycleStockController.java
@@ -13,7 +13,7 @@
  * REST API controller for MotorcycleStock type.
  */
 @RestController
-@RequestMapping("motorcycle/stock")
+@RequestMapping("service/motorcycle/stock")
 public class MotorcycleStockController {
     MotorcycleStockService motorcycleStockService;
 

diff --git a/src/main/java/com/ibardos/motoShop/security/configuration/SecurityConfiguration.java b/src/main/java/com/ibardos/motoShop/security/configuration/SecurityConfiguration.java
@@ -44,20 +44,20 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
 
                                 .requestMatchers("authentication/register").hasRole("Admin")
 
-                                .requestMatchers("manufacturer/add").hasAuthority("PERMISSION_Create")
-                                .requestMatchers("manufacturer/get/**").hasAuthority("PERMISSION_Read")
-                                .requestMatchers("manufacturer/update").hasAuthority("PERMISSION_Update")
-                                .requestMatchers("manufacturer/delete/**").hasAuthority("PERMISSION_Delete")
+                                .requestMatchers("service/manufacturer/add").hasAuthority("PERMISSION_Create")
+                                .requestMatchers("service/manufacturer/get/**").hasAuthority("PERMISSION_Read")
+                                .requestMatchers("service/manufacturer/update").hasAuthority("PERMISSION_Update")
+                                .requestMatchers("service/manufacturer/delete/**").hasAuthority("PERMISSION_Delete")
 
-                                .requestMatchers("motorcycle/model/add").hasAuthority("PERMISSION_Create")
-                                .requestMatchers("motorcycle/model/get/**").hasAuthority("PERMISSION_Read")
-                                .requestMatchers("motorcycle/model/update").hasAuthority("PERMISSION_Update")
-                                .requestMatchers("motorcycle/model/delete/**").hasAuthority("PERMISSION_Delete")
+                                .requestMatchers("service/motorcycle/model/add").hasAuthority("PERMISSION_Create")
+                                .requestMatchers("service/motorcycle/model/get/**").hasAuthority("PERMISSION_Read")
+                                .requestMatchers("service/motorcycle/model/update").hasAuthority("PERMISSION_Update")
+                                .requestMatchers("service/motorcycle/model/delete/**").hasAuthority("PERMISSION_Delete")
 
-                                .requestMatchers("motorcycle/stock/add").hasAuthority("PERMISSION_Create")
-                                .requestMatchers("motorcycle/stock/get/**").hasAuthority("PERMISSION_Read")
-                                .requestMatchers("motorcycle/stock/update").hasAuthority("PERMISSION_Update")
-                                .requestMatchers("motorcycle/stock/delete/**").hasAuthority("PERMISSION_Delete")
+                                .requestMatchers("service/motorcycle/stock/add").hasAuthority("PERMISSION_Create")
+                                .requestMatchers("service/motorcycle/stock/get/**").hasAuthority("PERMISSION_Read")
+                                .requestMatchers("service/motorcycle/stock/update").hasAuthority("PERMISSION_Update")
+                                .requestMatchers("service/motorcycle/stock/delete/**").hasAuthority("PERMISSION_Delete")
 
                                 .anyRequest()
                                 .authenticated()