feat(security/config): autorizados solo ADMIN para reactivar usuarios

parent a637af9a
......@@ -40,6 +40,8 @@ public class SecurityConfig {
.requestMatchers(HttpMethod.GET, "/user").hasRole("ADMIN")
// Para eliminar un usuario, solo ADMIN
.requestMatchers(HttpMethod.DELETE, "/user").hasRole("ADMIN")
// Para reactivar un usuario, solo ADMIN
.requestMatchers(HttpMethod.PATCH, "/user/{id}/activate").hasRole("ADMIN")
// Todo lo demás, autenticados
.anyRequest().authenticated()
)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment