From 2a13daaf302493c46052ee1203a24de6103bdefe Mon Sep 17 00:00:00 2001
From: Olivier PARPAILLON <olivier.parpaillon2023@campus-eni.fr>
Date: Wed, 16 Jul 2025 12:45:44 +0200
Subject: [PATCH] more security on endpoint

---
 src/main/java/fr/eni/demo/controller/StockController.java | 6 +++---
 src/main/java/fr/eni/demo/security/SecurityConfig.java    | 5 +++++
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/main/java/fr/eni/demo/controller/StockController.java b/src/main/java/fr/eni/demo/controller/StockController.java
index 43487e8..72fb38c 100644
--- a/src/main/java/fr/eni/demo/controller/StockController.java
+++ b/src/main/java/fr/eni/demo/controller/StockController.java
@@ -30,15 +30,15 @@ public class StockController {
   @GetMapping("/{id}")
   public ResponseEntity<Map<String, Object>> findById(@PathVariable Long id) {
     Optional<Stock> result = stockService.findById(id);
-    return buildResponse("Stock added", true, result);
+    return buildResponse("Stock fetched", true, result);
   }
 
   // Trouver les jeux par nom et compter le result par nom
   // ACCESS PUBLIC
-  @GetMapping("/{name}")
+  @GetMapping("/search/{name}")
   public ResponseEntity<Map<String, Object>> findByName(@PathVariable String name) {
     List<StockCount> result = stockService.findAllByName(name);
-    return buildResponse("Stock added", true, result);
+    return buildResponse("List stock fetched", true, result);
   }
 
   private ResponseEntity<Map<String, Object>> buildResponse(String message, boolean status, Object data) {
diff --git a/src/main/java/fr/eni/demo/security/SecurityConfig.java b/src/main/java/fr/eni/demo/security/SecurityConfig.java
index 4bd2169..6e82b89 100644
--- a/src/main/java/fr/eni/demo/security/SecurityConfig.java
+++ b/src/main/java/fr/eni/demo/security/SecurityConfig.java
@@ -38,6 +38,11 @@ public class SecurityConfig {
                 .authorizeHttpRequests(auth -> auth
                         .requestMatchers("/api/auth/login").permitAll()
                         .requestMatchers("/api/clients/**").hasRole("EMPLOYE")
+                        .requestMatchers("/api/address/**").hasRole("EMPLOYE")
+                        .requestMatchers("/api/facture/**").hasRole("EMPLOYE")
+                        .requestMatchers("/api/gametype/**").hasRole("EMPLOYE")
+                        .requestMatchers("/api/location/**").hasRole("EMPLOYE")
+                        .requestMatchers("/api/stock/search/**").permitAll()
                         .anyRequest().authenticated()
                 )
                 .sessionManagement(sess -> sess.sessionCreationPolicy(SessionCreationPolicy.STATELESS))