fix: api 접근 권한 변경

DDD-Community · Sep 21, 2024 · 206776f · 206776f
1 parent 63ac654
commit 206776f
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/src/main/java/com/dissonance/itit/config/SecurityConfig.java b/src/main/java/com/dissonance/itit/config/SecurityConfig.java
@@ -44,10 +44,10 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			)
 			.authorizeHttpRequests(authorizeRequests ->
 				authorizeRequests
-					.requestMatchers("/oauth/**",      // TODO: 토큰 관련 작업 후 security 적용
-						"/swagger-ui/**",
-						"/v3/api-docs/**").permitAll()
+					.requestMatchers("/oauth/**", "/swagger-ui/**", "/v3/api-docs/**").permitAll()
 					.requestMatchers(HttpMethod.POST, "/info-posts").hasRole("ADMIN")
+					.requestMatchers(HttpMethod.PATCH, "/info-posts/{infoPostId}/reports").authenticated()
+					.requestMatchers("/info-posts/**", "/featured-posts/**").permitAll()
 					.anyRequest().authenticated()
 			)
 			.addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class)