Add annotations to allow or deny use-cases access.

sportshub-application/src/main/java/org/sportshub/application/configuration/SecurityConfiguration.java

@@ -1,6 +1,5 @@
 package org.sportshub.application.configuration;
 
-import static org.sportshub.domain.user.model.UserRole.ADMIN;
 import static org.springframework.http.HttpMethod.GET;
 import static org.springframework.http.HttpMethod.OPTIONS;
 import static org.springframework.http.HttpMethod.POST;
@@ -9,6 +8,7 @@ import org.sportshub.application.security.JwtAuthenticationFilter;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
@@ -23,6 +23,7 @@ import static jakarta.servlet.http.HttpServletResponse.SC_UNAUTHORIZED;
 
 @Configuration
 @EnableWebSecurity
+@EnableMethodSecurity(securedEnabled = true)
 public class SecurityConfiguration {
     @Bean
     public SecurityFilterChain securityFilterChain(
@@ -45,10 +46,6 @@ public class SecurityConfiguration {
                     "/api/health/check",
                     "/error"
                 ).permitAll()
-                .requestMatchers(
-                    GET,
-                    "/api/users"
-                ).hasAuthority(ADMIN.name())
                 .requestMatchers(
                     POST,
                     "/api/users/login"

sportshub-application/src/main/java/org/sportshub/application/security/annotation/AllowedToAdmins.java

@@ -0,0 +1,14 @@
+package org.sportshub.application.security.annotation;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+import org.springframework.security.access.prepost.PreAuthorize;
+
+@Target(ElementType.METHOD)
+@Retention(RetentionPolicy.RUNTIME)
+@PreAuthorize("hasAuthority('ROLE_' + T(org.sportshub.domain.user.model.UserRole).ADMIN.name())")
+public @interface AllowedToAdmins {
+}

sportshub-application/src/main/java/org/sportshub/application/security/annotation/AllowedToAnonymous.java

@@ -0,0 +1,14 @@
+package org.sportshub.application.security.annotation;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+import org.springframework.security.access.prepost.PreAuthorize;
+
+@Target(ElementType.METHOD)
+@Retention(RetentionPolicy.RUNTIME)
+@PreAuthorize("permitAll()")
+public @interface AllowedToAnonymous {
+}

sportshub-application/src/main/java/org/sportshub/application/user/UserUseCases.java

@@ -5,6 +5,7 @@ import java.util.Optional;
 import java.util.UUID;
 
 import org.sportshub.application.security.JwtService;
+import org.sportshub.application.security.annotation.AllowedToAdmins;
 import org.sportshub.domain.exception.LoginFailureException;
 import org.sportshub.domain.user.model.User;
 import org.sportshub.domain.user.port.UserPort;
@@ -31,6 +32,7 @@ public class UserUseCases {
         return userPort.findById(userId);
     }
 
+    @AllowedToAdmins
     public List<User> findAll() {
         return userPort.findAll();
     }