From 09d573e00f508949045986ff192529fbacb3f1a1 Mon Sep 17 00:00:00 2001
From: Hongxin <5400599+zhx828@users.noreply.github.com>
Date: Wed, 7 Feb 2024 16:20:23 -0600
Subject: [PATCH] Allow premium user to access actionable variants and
 annotated variants

---
 .../mskcc/cbio/oncokb/config/SecurityConfiguration.java    | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/main/java/org/mskcc/cbio/oncokb/config/SecurityConfiguration.java b/src/main/java/org/mskcc/cbio/oncokb/config/SecurityConfiguration.java
index 6efae95b6..c2d588ae7 100644
--- a/src/main/java/org/mskcc/cbio/oncokb/config/SecurityConfiguration.java
+++ b/src/main/java/org/mskcc/cbio/oncokb/config/SecurityConfiguration.java
@@ -107,6 +107,13 @@ public void configure(HttpSecurity http) throws Exception {
             .antMatchers("/api/v1/utils/cancerGeneList").permitAll()
             .antMatchers("/api/v1/utils/cancerGeneList.txt").permitAll()
             .antMatchers("/api/v1/utils/cancerGeneList.json").permitAll()
+
+            .antMatchers("/api/v1/annotation/search").hasAnyAuthority(AuthoritiesConstants.PREMIUM_USER, AuthoritiesConstants.ADMIN)
+            .antMatchers("/api/v1/utils/allActionableVariants").hasAnyAuthority(AuthoritiesConstants.PREMIUM_USER, AuthoritiesConstants.ADMIN)
+            .antMatchers("/api/v1/utils/allActionableVariants.txt").hasAnyAuthority(AuthoritiesConstants.PREMIUM_USER, AuthoritiesConstants.ADMIN)
+            .antMatchers("/api/v1/utils/allAnnotatedVariants").hasAnyAuthority(AuthoritiesConstants.PREMIUM_USER, AuthoritiesConstants.ADMIN)
+            .antMatchers("/api/v1/utils/allAnnotatedVariants.txt").hasAnyAuthority(AuthoritiesConstants.PREMIUM_USER, AuthoritiesConstants.ADMIN)
+
             .antMatchers("/api/v1/**").hasAnyAuthority(AuthoritiesConstants.ADMIN)
 
             .antMatchers("/api/account/reset-password/init").permitAll()