From 47cd9ecc0eff38ffe6b3b794b2bf197e958f4403 Mon Sep 17 00:00:00 2001 From: xiangpei <xiangpei@timesnew.cn> Date: 星期三, 14 五月 2025 15:50:57 +0800 Subject: [PATCH] bug:学员有状态不能修改问题 --- src/main/java/com/mindskip/xzs/configuration/spring/security/SecurityConfigurer.java | 15 +++++++++++---- 1 files changed, 11 insertions(+), 4 deletions(-) diff --git a/src/main/java/com/mindskip/xzs/configuration/spring/security/SecurityConfigurer.java b/src/main/java/com/mindskip/xzs/configuration/spring/security/SecurityConfigurer.java index 62b472d..e7b5b97 100644 --- a/src/main/java/com/mindskip/xzs/configuration/spring/security/SecurityConfigurer.java +++ b/src/main/java/com/mindskip/xzs/configuration/spring/security/SecurityConfigurer.java @@ -6,6 +6,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.http.HttpMethod; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; @@ -79,10 +80,17 @@ .and().authenticationProvider(restAuthenticationProvider) .authorizeRequests() .antMatchers(securityIgnoreUrls.toArray(ignores)).permitAll() - .antMatchers("/api/admin/department/list", "/api/admin/video/getList","/api/admin/user/conversion","/api/admin/examPaperGrade/updates").permitAll() - // todo 璁剧疆閮ㄩ棬绠$悊鍛樺彲浠ョ湅鐨勮姹� + .antMatchers("/api/admin/department/list", + "/api/admin/video/getList", + "/api/admin/user/conversion", + "/api/admin/examPaperGrade/updates", + "/api/admin/question/download/question/import/temp", + "/api/admin/question/question/import" + ).permitAll() + .antMatchers("/files/**").permitAll() + // 闈欐�佽祫婧愶紝鍙尶鍚嶈闂� .antMatchers("/api/admin/**").hasAnyRole(RoleEnum.ADMIN.getName(), RoleEnum.DEPT_ADMIN.getName()) - .antMatchers("/api/student/**").hasRole(RoleEnum.STUDENT.getName()) + .antMatchers("/api/student/**").hasAnyRole(RoleEnum.STUDENT.getName(), RoleEnum.DEPT_ADMIN.getName()) .anyRequest().permitAll() .and().exceptionHandling().accessDeniedHandler(restAccessDeniedHandler) .and().formLogin().successHandler(restAuthenticationSuccessHandler).failureHandler(restAuthenticationFailureHandler) @@ -91,7 +99,6 @@ .and().csrf().disable() .cors(); } - /** * Cors configuration source cors configuration source. -- Gitblit v1.8.0