bug：学员有状态不能修改问题

xiangpei

2025-05-14 47cd9ecc0eff38ffe6b3b794b2bf197e958f4403

 src/main/java/com/mindskip/xzs/configuration/spring/security/SecurityConfigurer.java

@@ -75,6 +75,7 @@
            List<String> securityIgnoreUrls = systemConfig.getSecurityIgnoreUrls();
            String[] ignores = new String[securityIgnoreUrls.size()];
            http
                    .addFilterAt(authenticationFilter(), UsernamePasswordAuthenticationFilter.class)
                    .exceptionHandling().authenticationEntryPoint(restAuthenticationEntryPoint)
                    .and().authenticationProvider(restAuthenticationProvider)
                    .authorizeRequests()
@@ -84,14 +85,12 @@
                            "/api/admin/user/conversion",
                            "/api/admin/examPaperGrade/updates",
                            "/api/admin/question/download/question/import/temp",
                            "/api/admin/question/question/import",
                            "/api/upload/**"
                            "/api/admin/question/question/import"
                    ).permitAll()
                    .antMatchers("/files/**").permitAll()
                    // 静态资源，可匿名访问
                    // todo 设置部门管理员可以看的请求
                    .antMatchers("/api/admin/**").hasAnyRole(RoleEnum.ADMIN.getName(), RoleEnum.DEPT_ADMIN.getName())
                    .antMatchers("/api/student/**").hasRole(RoleEnum.STUDENT.getName())
                    .antMatchers("/api/student/**").hasAnyRole(RoleEnum.STUDENT.getName(), RoleEnum.DEPT_ADMIN.getName())
                    .anyRequest().permitAll()
                    .and().exceptionHandling().accessDeniedHandler(restAccessDeniedHandler)
                    .and().formLogin().successHandler(restAuthenticationSuccessHandler).failureHandler(restAuthenticationFailureHandler)
@@ -99,26 +98,25 @@
                    .and().rememberMe().key(CookieConfig.getName()).tokenValiditySeconds(CookieConfig.getInterval()).userDetailsService(formDetailsService)
                    .and().csrf().disable()
                    .cors();
            http.addFilterAt(authenticationFilter(), UsernamePasswordAuthenticationFilter.class);
        }

//        /**
//         * Cors configuration source cors configuration source.
//         *
//         * @return the cors configuration source
//         */
//        @Bean
//        public CorsConfigurationSource corsConfigurationSource() {
//            final CorsConfiguration configuration = new CorsConfiguration();
//            configuration.setMaxAge(3600L);
//            configuration.setAllowedOrigins(Collections.singletonList("*"));
//            configuration.setAllowedMethods(Collections.singletonList("*"));
//            configuration.setAllowCredentials(true);
//            configuration.setAllowedHeaders(Collections.singletonList("*"));
//            final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
//            source.registerCorsConfiguration("/api/**", configuration);
//            return source;
//        }
        /**
         * Cors configuration source cors configuration source.
         *
         * @return the cors configuration source
         */
        @Bean
        public CorsConfigurationSource corsConfigurationSource() {
            final CorsConfiguration configuration = new CorsConfiguration();
            configuration.setMaxAge(3600L);
            configuration.setAllowedOrigins(Collections.singletonList("*"));
            configuration.setAllowedMethods(Collections.singletonList("*"));
            configuration.setAllowCredentials(true);
            configuration.setAllowedHeaders(Collections.singletonList("*"));
            final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
            source.registerCorsConfiguration("/api/**", configuration);
            return source;
        }


        /**