Dev

auth-service/pom.xml

@@ -68,7 +68,7 @@
             <scope>runtime</scope>
             <optional>true</optional>
         </dependency>
-        
+
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-test</artifactId>
@@ -177,6 +177,18 @@
                 <groupId>org.springframework.boot</groupId>
                 <artifactId>spring-boot-maven-plugin</artifactId>
             </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <configuration>
+                    <annotationProcessorPaths>
+                        <path>
+                            <groupId>org.projectlombok</groupId>
+                            <artifactId>lombok</artifactId>
+                        </path>
+                    </annotationProcessorPaths>
+                </configuration>
+            </plugin>
         </plugins>
     </build>
 

auth-service/src/main/java/com/techtorque/auth_service/controller/UserController.java

@@ -29,7 +29,6 @@
 @RequestMapping("/users")
 // CORS handled by API Gateway; remove @CrossOrigin to avoid conflicts
 // @CrossOrigin(origins = "*", maxAge = 3600)
-@PreAuthorize("hasRole('ADMIN') or hasRole('SUPER_ADMIN')")
 @Tag(name = "User Management", description = "User management endpoints (Admin/Super Admin only)")
 @SecurityRequirement(name = "bearerAuth")
 public class UserController {
@@ -44,6 +43,7 @@ public class UserController {
    * Get a list of all users in the system.
    */
   @GetMapping
+  @PreAuthorize("hasRole('ADMIN') or hasRole('SUPER_ADMIN')")
   public ResponseEntity<List<UserDto>> getAllUsers(@RequestParam(required = false) String role) {
     List<UserDto> users = userService.findAllUsers().stream()
             .map(this::convertToDto)
@@ -56,6 +56,7 @@ public ResponseEntity<List<UserDto>> getAllUsers(@RequestParam(required = false)
    * Get detailed information for a single user by their username.
    */
   @GetMapping("/{username}")
+  @PreAuthorize("hasRole('ADMIN') or hasRole('SUPER_ADMIN')")
   public ResponseEntity<UserDto> getUserByUsername(@PathVariable String username) {
     return userService.findByUsername(username)
             .map(user -> ResponseEntity.ok(convertToDto(user)))
@@ -66,6 +67,7 @@ public ResponseEntity<UserDto> getUserByUsername(@PathVariable String username)
    * Disable a user's account.
    */
   @PostMapping("/{username}/disable")
+  @PreAuthorize("hasRole('ADMIN') or hasRole('SUPER_ADMIN')")
   public ResponseEntity<?> disableUser(@PathVariable String username) {
     try {
       userService.disableUser(username);
@@ -79,6 +81,7 @@ public ResponseEntity<?> disableUser(@PathVariable String username) {
    * Enable a user's account.
    */
   @PostMapping("/{username}/enable")
+  @PreAuthorize("hasRole('ADMIN') or hasRole('SUPER_ADMIN')")
   public ResponseEntity<?> enableUser(@PathVariable String username) {
     try {
       userService.enableUser(username);
@@ -102,6 +105,7 @@ public ResponseEntity<?> unlockUser(@PathVariable String username) {
    * Delete a user from the system permanently.
    */
   @DeleteMapping("/{username}")
+  @PreAuthorize("hasRole('ADMIN') or hasRole('SUPER_ADMIN')")
   public ResponseEntity<?> deleteUser(@PathVariable String username) {
     try {
       userService.deleteUser(username);
@@ -116,6 +120,7 @@ public ResponseEntity<?> deleteUser(@PathVariable String username) {
    * PUT /api/v1/users/{username}
    */
   @PutMapping("/{username}")
+  @PreAuthorize("hasRole('ADMIN') or hasRole('SUPER_ADMIN')")
   public ResponseEntity<?> updateUser(@PathVariable String username, 
                                      @Valid @RequestBody UpdateUserRequest updateRequest) {
     try {
@@ -136,6 +141,7 @@ public ResponseEntity<?> updateUser(@PathVariable String username,
    * POST /api/v1/users/{username}/reset-password
    */
   @PostMapping("/{username}/reset-password")
+  @PreAuthorize("hasRole('ADMIN') or hasRole('SUPER_ADMIN')")
   public ResponseEntity<?> resetUserPassword(@PathVariable String username,
                                            @Valid @RequestBody ResetPasswordRequest resetRequest) {
     try {

auth-service/src/main/java/com/techtorque/auth_service/dto/request/CreateAdminRequest.java

@@ -14,11 +14,13 @@
 @AllArgsConstructor
 @Builder
 public class CreateAdminRequest {
-    
+
     private String username;
     private String email;
     private String password;
-
+
+    private String fullName;
+
     // Optional: Additional admin-specific fields
     private String firstName;
     private String lastName;

auth-service/src/main/java/com/techtorque/auth_service/dto/request/CreateEmployeeRequest.java

@@ -14,11 +14,13 @@
 @AllArgsConstructor
 @Builder
 public class CreateEmployeeRequest {
-    
+
     private String username;
     private String email;
     private String password;
-
+
+    private String fullName;
+
     // Optional: Additional employee-specific fields
     private String firstName;
     private String lastName;