From 734591807f35644cee2c24a65dbb211dcb8ab512 Mon Sep 17 00:00:00 2001
From: androidlover5842 <androidlover5842@gmail.com>
Date: Mon, 2 Feb 2026 09:34:58 +0530
Subject: [PATCH] Make cancellation policy read endpoint public

---
 .../controller/property/CancellationPolicies.kt                 | 1 -
 .../com/android/trisolarisserver/security/PublicEndpoints.kt    | 2 ++
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/main/kotlin/com/android/trisolarisserver/controller/property/CancellationPolicies.kt b/src/main/kotlin/com/android/trisolarisserver/controller/property/CancellationPolicies.kt
index 1199d1a..36bad17 100644
--- a/src/main/kotlin/com/android/trisolarisserver/controller/property/CancellationPolicies.kt
+++ b/src/main/kotlin/com/android/trisolarisserver/controller/property/CancellationPolicies.kt
@@ -35,7 +35,6 @@ class CancellationPolicies(
         @PathVariable propertyId: UUID,
         @AuthenticationPrincipal principal: MyPrincipal?
     ): CancellationPolicyResponse {
-        requireRole(propertyAccess, propertyId, principal, Role.ADMIN, Role.MANAGER, Role.FINANCE)
         val policy = policyRepo.findByPropertyId(propertyId)
         return if (policy != null) {
             CancellationPolicyResponse(
diff --git a/src/main/kotlin/com/android/trisolarisserver/security/PublicEndpoints.kt b/src/main/kotlin/com/android/trisolarisserver/security/PublicEndpoints.kt
index 66e03f1..bbdf2c3 100644
--- a/src/main/kotlin/com/android/trisolarisserver/security/PublicEndpoints.kt
+++ b/src/main/kotlin/com/android/trisolarisserver/security/PublicEndpoints.kt
@@ -13,6 +13,7 @@ internal object PublicEndpoints {
     private val razorpayWebhook = Regex("^/properties/[^/]+/razorpay/webhook$")
     private val razorpayReturn = Regex("^/properties/[^/]+/razorpay/return/(success|failure)$")
     private val guestDocumentFile = Regex("^/properties/[^/]+/guests/[^/]+/documents/[^/]+/file$")
+    private val cancellationPolicy = Regex("^/properties/[^/]+/cancellation-policy$")
 
     fun isPublic(request: HttpServletRequest): Boolean {
         val path = request.requestURI
@@ -32,5 +33,6 @@ internal object PublicEndpoints {
             || path == "/icons/png"
             || iconPngFile.matches(path)
             || guestDocumentFile.matches(path)
+            || (cancellationPolicy.matches(path) && method == "GET")
     }
 }