Add. Authorization to get user by username API

shaikrasheed99 · shaikrasheed99 · commit 19fa388ac07f · 2023-10-14T23:03:44.000+05:30
diff --git a/db-data-file.mv.db b/db-data-file.mv.db
diff --git a/src/main/java/com/springsecuritybasics/security/SecurityConfig.java b/src/main/java/com/springsecuritybasics/security/SecurityConfig.java
@@ -36,6 +36,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity, Handle
                 authorize.requestMatchers(antMatcher("/h2-console/**")).permitAll()
                         .requestMatchers(mvcRequestMatcher.pattern("/signup")).permitAll()
                         .requestMatchers(mvcRequestMatcher.pattern("/users")).hasRole("admin")
+                        .requestMatchers(mvcRequestMatcher.pattern("/users/{username}")).hasAnyRole("admin", "user")
                         .anyRequest().authenticated()
         ).httpBasic(Customizer.withDefaults());
 
diff --git a/src/test/java/com/springsecuritybasics/controllers/UserControllerTest.java b/src/test/java/com/springsecuritybasics/controllers/UserControllerTest.java
@@ -181,6 +181,7 @@ void shouldBeAbleToReturnUserByUsername() throws Exception {
                                 SecurityMockMvcRequestPostProcessors
                                         .user(signupRequest.username())
                                         .password(signupRequest.password())
+                                        .roles(signupRequest.role())
                         )
         );
 
@@ -201,7 +202,7 @@ void shouldBeAbleToReturnUserByUsername() throws Exception {
     }
 
     @Test
-    void shouldNotBeAbleToReturnUserByUsernameForUnauthorisedUsers() throws Exception {
+    void shouldNotBeAbleToReturnUserByUsernameForUnauthenticatedUsers() throws Exception {
         ResultActions result = mockMvc.perform(
                 MockMvcRequestBuilders
                         .get("/users/{username}", signupRequest.username())
@@ -215,6 +216,27 @@ void shouldNotBeAbleToReturnUserByUsernameForUnauthorisedUsers() throws Exceptio
         );
     }
 
+    @Test
+    void shouldNotBeAbleToReturnUserByUsernameForUnauthorisedUsers() throws Exception {
+        ResultActions result = mockMvc.perform(
+                MockMvcRequestBuilders
+                        .get("/users/{username}", signupRequest.username())
+                        .contentType(MediaType.APPLICATION_JSON)
+                        .with(
+                                SecurityMockMvcRequestPostProcessors
+                                        .user(signupRequest.username())
+                                        .password(signupRequest.password())
+                                        .roles("unauthorisedRoleName")
+                        )
+        );
+
+        result.andExpect(
+                MockMvcResultMatchers
+                        .status()
+                        .isForbidden()
+        );
+    }
+
     @Test
     void shouldNotBeAbleToReturnUserByAnotherUsername() throws Exception {
         ResultActions result = mockMvc.perform(
@@ -225,6 +247,7 @@ void shouldNotBeAbleToReturnUserByAnotherUsername() throws Exception {
                                 SecurityMockMvcRequestPostProcessors
                                         .user(signupRequest.username())
                                         .password(signupRequest.password())
+                                        .roles(signupRequest.role())
                         )
         );
 
