From 03a9cd21c1589e98978dc7296bb7fb48f1dcd7fe Mon Sep 17 00:00:00 2001
From: 龚焕茏 <2842157468@qq.com>
Date: 星期五, 17 五月 2024 16:13:45 +0800
Subject: [PATCH] feat：创建试卷时新增选择用户查询条件

---
 src/main/java/com/mindskip/xzs/configuration/spring/security/SecurityConfigurer.java |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/main/java/com/mindskip/xzs/configuration/spring/security/SecurityConfigurer.java b/src/main/java/com/mindskip/xzs/configuration/spring/security/SecurityConfigurer.java
index 1cb3769..1ac3145 100644
--- a/src/main/java/com/mindskip/xzs/configuration/spring/security/SecurityConfigurer.java
+++ b/src/main/java/com/mindskip/xzs/configuration/spring/security/SecurityConfigurer.java
@@ -6,6 +6,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@@ -86,9 +87,11 @@
                             "/api/admin/question/download/question/import/temp",
                             "/api/admin/question/question/import"
                     ).permitAll()
+                    .antMatchers("/files/**").permitAll()
+                    // 闈欐�佽祫婧愶紝鍙尶鍚嶈闂�
                     // todo 璁剧疆閮ㄩ棬绠＄悊鍛樺彲浠ョ湅鐨勮姹�
                     .antMatchers("/api/admin/**").hasAnyRole(RoleEnum.ADMIN.getName(), RoleEnum.DEPT_ADMIN.getName())
-                    .antMatchers("/api/student/**").hasRole(RoleEnum.STUDENT.getName())
+                    .antMatchers("/api/student/**").hasAnyRole(RoleEnum.STUDENT.getName(), RoleEnum.DEPT_ADMIN.getName())
                     .anyRequest().permitAll()
                     .and().exceptionHandling().accessDeniedHandler(restAccessDeniedHandler)
                     .and().formLogin().successHandler(restAuthenticationSuccessHandler).failureHandler(restAuthenticationFailureHandler)
@@ -97,7 +100,6 @@
                     .and().csrf().disable()
                     .cors();
         }
-
 
         /**
          * Cors configuration source cors configuration source.

--
Gitblit v1.8.0