From 7e5d89132025e4867879215110622ec2eb18debe Mon Sep 17 00:00:00 2001
From: flaminiaScarciofolo
 <113031535+flaminiaScarciofolo@users.noreply.github.com>
Date: Tue, 14 May 2024 15:39:53 +0200
Subject: [PATCH] [SELC-4807] Feat: Added @PreAuthorize in searchUser by
 taxCode API (#437)

---
 .../selfcare/dashboard/web/controller/UserV2Controller.java      | 1 +
 1 file changed, 1 insertion(+)

diff --git a/web/src/main/java/it/pagopa/selfcare/dashboard/web/controller/UserV2Controller.java b/web/src/main/java/it/pagopa/selfcare/dashboard/web/controller/UserV2Controller.java
index 3d796602..9f4f07ac 100644
--- a/web/src/main/java/it/pagopa/selfcare/dashboard/web/controller/UserV2Controller.java
+++ b/web/src/main/java/it/pagopa/selfcare/dashboard/web/controller/UserV2Controller.java
@@ -119,6 +119,7 @@ public UserResource getUserById(@ApiParam("${swagger.dashboard.user.model.id}")
                     @Content(mediaType = MediaType.APPLICATION_PROBLEM_JSON_VALUE,
                             schema = @Schema(implementation = Problem.class))
             })
+    @PreAuthorize("hasPermission(#institutionId, 'InstitutionResource', 'ADMIN')")
     public UserResource search(@ApiParam("${swagger.dashboard.user.model.searchUserDto}")
                                @RequestBody
                                @Valid