From 612ccc48f348d1241d2b832f8e7ba2db41255613 Mon Sep 17 00:00:00 2001
From: crico2 <crico@ingerencia.cl>
Date: Sun, 1 Feb 2026 17:29:53 -0500
Subject: [PATCH] security(auth): Add @PreAuthorize annotation to
 /attendees/profile endpoint

---
 .../com/meevent/webapi/Controller/v1/AttendeeController.java  | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/main/java/com/meevent/webapi/Controller/v1/AttendeeController.java b/src/main/java/com/meevent/webapi/Controller/v1/AttendeeController.java
index 6c15a31..c280460 100644
--- a/src/main/java/com/meevent/webapi/Controller/v1/AttendeeController.java
+++ b/src/main/java/com/meevent/webapi/Controller/v1/AttendeeController.java
@@ -9,6 +9,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.bind.annotation.*;
 
@@ -18,8 +19,9 @@
 public class AttendeeController {
     private final AttendeeService attendeeService;
 
+    @PreAuthorize("isAuthenticated()")
     @PatchMapping("/profile")
-    public ResponseEntity<MessageResponse> updateMyProfile( @Valid @RequestBody UpdateAttendeeProfileRequest request) {
+    public ResponseEntity<MessageResponse> updateMyProfile(@Valid @RequestBody UpdateAttendeeProfileRequest request) {
         String userEmail = SecurityContextHolder.getContext().getAuthentication().getName();
         attendeeService.updateProfile(userEmail, request);