fix

front/src/App.jsx

@@ -18,8 +18,8 @@ export default function App() {
   const links = [
     { path: 'catalog', label: "Catalog", userGroup: "AUTH" },
     { path: 'readerAction', label: "ReaderAction", userGroup: "USER" },
-    { path: 'creatorAction', label: "CreatorAction", userGroup: "ADMIN" },
-    { path: 'users', label: "Users", userGroup: "ADMIN" }
+    { path: 'creatorAction', label: "CreatorAction", userGroup: "USER" },
+    { path: 'users', label: "Users", userGroup: "USER" }
   ];
   return (
       <>
@@ -37,7 +37,7 @@ export default function App() {
               <Route element={<PrivateRoutes userGroup="USER" />}>
                 <Route element={<ReaderAction />} path="/readerAction" />
               </Route>
-              <Route element={<PrivateRoutes userGroup="ADMIN" />}>
+              <Route element={<PrivateRoutes userGroup="USER" />}>
                 <Route element={<UsersPage />} path="/users" />
                 <Route element={<CreatorAction />} path="/creatorAction" />
               </Route>

src/main/java/com/LabWork/app/MangaStore/controller/UserController.java

@@ -50,6 +50,7 @@ public class UserController {
         return new UserDto(user);
     }
 
+    @Secured(UserRole.AsString.ADMIN)
     @PostMapping(OpenAPI30Configuration.API_PREFIX + "/user")
     public String updateUser(@RequestBody @Valid UserDto userDto) {
         try {
@@ -60,12 +61,14 @@ public class UserController {
         }
     }
 
+    @Secured(UserRole.AsString.ADMIN)
     @DeleteMapping(OpenAPI30Configuration.API_PREFIX + "/user/{id}")
     public UserDto removeUser(@PathVariable Long id) {
         User user = userService.deleteUser(id);
         return new UserDto(user);
     }
 
+    @Secured(UserRole.AsString.ADMIN)
     @GetMapping(OpenAPI30Configuration.API_PREFIX + "/users")
     public Pair<Page<UserDto>, List<Integer>> getUsers(@RequestParam(defaultValue = "1") int page,
                            @RequestParam(defaultValue = "5") int size) {