From 16a2a3dafce880049ec94ac2cb7d39bf70bf21db Mon Sep 17 00:00:00 2001
From: flaminiaScarciofolo
 <113031535+flaminiaScarciofolo@users.noreply.github.com>
Date: Tue, 14 May 2024 15:40:43 +0200
Subject: [PATCH] [SELC-4812] Feat: Added @PreAuthorize in deleteUserGroup API
 (#442)

---
 .../selfcare/dashboard/web/controller/UserGroupV2Controller.java | 1 +
 1 file changed, 1 insertion(+)

diff --git a/web/src/main/java/it/pagopa/selfcare/dashboard/web/controller/UserGroupV2Controller.java b/web/src/main/java/it/pagopa/selfcare/dashboard/web/controller/UserGroupV2Controller.java
index 5751be49..6d3244d7 100644
--- a/web/src/main/java/it/pagopa/selfcare/dashboard/web/controller/UserGroupV2Controller.java
+++ b/web/src/main/java/it/pagopa/selfcare/dashboard/web/controller/UserGroupV2Controller.java
@@ -102,6 +102,7 @@ public void updateUserGroup(@ApiParam("${swagger.dashboard.user-group.model.id}"
     @PostMapping(value = "/{id}/members/{userId}", produces = MediaType.APPLICATION_JSON_VALUE)
     @ResponseStatus(HttpStatus.NO_CONTENT)
     @ApiOperation(value = "", notes = "${swagger.dashboard.user-group.api.addMember}")
+    @PreAuthorize("hasPermission(#id, 'UserGroupResource', 'ADMIN')")
     public void addMemberToUserGroup(@ApiParam("${swagger.dashboard.user-group.model.id}")
                                      @PathVariable("id") String id,
                                      @ApiParam("${swagger.dashboard.user.model.id}")