From 47cd9ecc0eff38ffe6b3b794b2bf197e958f4403 Mon Sep 17 00:00:00 2001
From: xiangpei <xiangpei@timesnew.cn>
Date: 星期三, 14 五月 2025 15:50:57 +0800
Subject: [PATCH] bug：学员有状态不能修改问题

---
 src/main/java/com/mindskip/xzs/configuration/spring/security/SecurityConfigurer.java |   23 +++++++++++++----------
 1 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/src/main/java/com/mindskip/xzs/configuration/spring/security/SecurityConfigurer.java b/src/main/java/com/mindskip/xzs/configuration/spring/security/SecurityConfigurer.java
index ecd922a..e7b5b97 100644
--- a/src/main/java/com/mindskip/xzs/configuration/spring/security/SecurityConfigurer.java
+++ b/src/main/java/com/mindskip/xzs/configuration/spring/security/SecurityConfigurer.java
@@ -6,6 +6,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@@ -18,12 +19,7 @@
 import java.util.List;
 
 
-/**
- * @version 3.5.0
- * @description: The type Security configurer.
- * Copyright (C), 2020-2021, 姝︽眽鎬濈淮璺宠穬绉戞妧鏈夐檺鍏徃
- * @date 2021/12/25 9:45
- */
+
 @Configuration
 @EnableWebSecurity
 public class SecurityConfigurer {
@@ -84,9 +80,17 @@
                     .and().authenticationProvider(restAuthenticationProvider)
                     .authorizeRequests()
                     .antMatchers(securityIgnoreUrls.toArray(ignores)).permitAll()
-                    .antMatchers("/api/admin/department/list", "/api/admin/video/getList").permitAll()
-                    .antMatchers("/api/admin/**").hasRole(RoleEnum.ADMIN.getName())
-                    .antMatchers("/api/student/**").hasRole(RoleEnum.STUDENT.getName())
+                    .antMatchers("/api/admin/department/list",
+                            "/api/admin/video/getList",
+                            "/api/admin/user/conversion",
+                            "/api/admin/examPaperGrade/updates",
+                            "/api/admin/question/download/question/import/temp",
+                            "/api/admin/question/question/import"
+                    ).permitAll()
+                    .antMatchers("/files/**").permitAll()
+                    // 闈欐�佽祫婧愶紝鍙尶鍚嶈闂�
+                    .antMatchers("/api/admin/**").hasAnyRole(RoleEnum.ADMIN.getName(), RoleEnum.DEPT_ADMIN.getName())
+                    .antMatchers("/api/student/**").hasAnyRole(RoleEnum.STUDENT.getName(), RoleEnum.DEPT_ADMIN.getName())
                     .anyRequest().permitAll()
                     .and().exceptionHandling().accessDeniedHandler(restAccessDeniedHandler)
                     .and().formLogin().successHandler(restAuthenticationSuccessHandler).failureHandler(restAuthenticationFailureHandler)
@@ -95,7 +99,6 @@
                     .and().csrf().disable()
                     .cors();
         }
-
 
         /**
          * Cors configuration source cors configuration source.

--
Gitblit v1.8.0