Add role-based authorization

src/main/java/com/openisle/config/SecurityConfig.java

@@ -43,7 +43,7 @@ public class SecurityConfig {
                 .<UserDetails>map(user -> org.springframework.security.core.userdetails.User
                         .withUsername(user.getUsername())
                         .password(user.getPassword())
-                        .authorities("USER")
+                        .authorities(user.getRole().name())
                         .build())
                 .orElseThrow(() -> new UsernameNotFoundException("User not found"));
     }
@@ -63,6 +63,7 @@ public class SecurityConfig {
             .sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
             .authorizeHttpRequests(auth -> auth
                     .requestMatchers(HttpMethod.POST, "/api/auth/**").permitAll()
+                    .requestMatchers("/api/admin/**").hasAuthority("ADMIN")
                     .anyRequest().authenticated()
             )
             .addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);

src/main/java/com/openisle/controller/AdminController.java

@@ -0,0 +1,16 @@
+package com.openisle.controller;
+
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+import java.util.Map;
+
+/**
+ * Simple admin demo endpoint.
+ */
+@RestController
+public class AdminController {
+    @GetMapping("/api/admin/hello")
+    public Map<String, String> adminHello() {
+        return Map.of("message", "Hello, Admin User");
+    }
+}

src/main/java/com/openisle/model/Role.java

@@ -0,0 +1,6 @@
+package com.openisle.model;
+
+public enum Role {
+    ADMIN,
+    USER
+}

src/main/java/com/openisle/model/User.java

@@ -5,6 +5,12 @@ import lombok.Getter;
 import lombok.NoArgsConstructor;
 import lombok.Setter;
 
+import com.openisle.model.Role;
+
+/**
+ * Simple user entity with basic fields and a role.
+ */
+
 @Entity
 @Getter
 @Setter
@@ -28,4 +34,8 @@ public class User {
     private boolean verified = false;
 
     private String verificationCode;
+
+    @Enumerated(EnumType.STRING)
+    @Column(nullable = false)
+    private Role role = Role.USER;
 }

src/main/java/com/openisle/service/UserService.java

@@ -1,6 +1,7 @@
 package com.openisle.service;
 
 import com.openisle.model.User;
+import com.openisle.model.Role;
 import com.openisle.repository.UserRepository;
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@@ -50,6 +51,7 @@ public class UserService {
         user.setUsername(username);
         user.setEmail(email);
         user.setPassword(passwordEncoder.encode(password));
+        user.setRole(Role.USER);
         user.setVerified(false);
         user.setVerificationCode(genCode());
         return userRepository.save(user);