diff --git a/src/main/kotlin/com/android/trisolarisserver/controller/RoomTypes.kt b/src/main/kotlin/com/android/trisolarisserver/controller/RoomTypes.kt index b53d3e2..432e13a 100644 --- a/src/main/kotlin/com/android/trisolarisserver/controller/RoomTypes.kt +++ b/src/main/kotlin/com/android/trisolarisserver/controller/RoomTypes.kt @@ -40,8 +40,9 @@ class RoomTypes( @PathVariable propertyId: UUID, @AuthenticationPrincipal principal: MyPrincipal? ): List { - requirePrincipal(principal) - propertyAccess.requireMember(propertyId, principal!!.userId) + if (principal != null) { + propertyAccess.requireMember(propertyId, principal.userId) + } return roomTypeRepo.findByPropertyIdOrderByCode(propertyId).map { it.toResponse() } } diff --git a/src/main/kotlin/com/android/trisolarisserver/security/FirebaseAuthFilter.kt b/src/main/kotlin/com/android/trisolarisserver/security/FirebaseAuthFilter.kt index 32b6614..d4b1bfd 100644 --- a/src/main/kotlin/com/android/trisolarisserver/security/FirebaseAuthFilter.kt +++ b/src/main/kotlin/com/android/trisolarisserver/security/FirebaseAuthFilter.kt @@ -26,6 +26,7 @@ class FirebaseAuthFilter( return true } return path.matches(Regex("^/properties/[^/]+/rooms/[^/]+/images/[^/]+/file$")) + || path.matches(Regex("^/properties/[^/]+/room-types$")) } override fun doFilterInternal( diff --git a/src/main/kotlin/com/android/trisolarisserver/security/SecurityConfig.kt b/src/main/kotlin/com/android/trisolarisserver/security/SecurityConfig.kt index 926c257..592277b 100644 --- a/src/main/kotlin/com/android/trisolarisserver/security/SecurityConfig.kt +++ b/src/main/kotlin/com/android/trisolarisserver/security/SecurityConfig.kt @@ -27,6 +27,7 @@ class SecurityConfig( .authorizeHttpRequests { it.requestMatchers("/", "/health", "/auth/**").permitAll() it.requestMatchers("/properties/*/rooms/*/images/*/file").permitAll() + it.requestMatchers("/properties/*/room-types").permitAll() it.anyRequest().authenticated() } .exceptionHandling {