feat(security/config): autorizados solo ADMIN para reactivar usuarios

a7950059 · Alba María Álvarez · a637af9a · a7950059
Commit a7950059 authored Aug 06, 2025 by Alba María Álvarez
Showing with 2 additions and 0 deletions
src/main/java/com/example/apprecetas/security/config/SecurityConfig.java
--- a/src/main/java/com/example/apprecetas/security/config/SecurityConfig.java
+++ b/src/main/java/com/example/apprecetas/security/config/SecurityConfig.java
@@ -40,6 +40,8 @@ public class SecurityConfig {
                        .requestMatchers(HttpMethod.GET, "/user").hasRole("ADMIN")
                        // Para eliminar un usuario, solo ADMIN
                        .requestMatchers(HttpMethod.DELETE, "/user").hasRole("ADMIN")
+                        // Para reactivar un usuario, solo ADMIN
+                        .requestMatchers(HttpMethod.PATCH, "/user/{id}/activate").hasRole("ADMIN")
                        // Todo lo demás, autenticados
                        .anyRequest().authenticated()
                )