Code Room
Code reviewMediumcr-g035
Subject Missing authorizationLevel Mid–Senior~25 minCommon in Security interviewsIndustries Software development

Question

Review this Java Spring controller for downloading an invoice.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewjava
@GetMapping("/api/invoices/{id}")public ResponseEntity<InvoiceDto> getInvoice(@PathVariable Long id,                                            @AuthenticationPrincipal User me) {    Invoice inv = invoiceRepo.findById(id)            .orElseThrow(() -> new NotFoundException());    return ResponseEntity.ok(InvoiceMapper.toDto(inv));}
Run or narrate your approach, then ask the coach.