diff --git a/dms-infrastructure/src/main/kotlin/team/aliens/dms/global/security/SecurityConfiguration.kt b/dms-infrastructure/src/main/kotlin/team/aliens/dms/global/security/SecurityConfiguration.kt index bf18cd249..8082c66a8 100644 --- a/dms-infrastructure/src/main/kotlin/team/aliens/dms/global/security/SecurityConfiguration.kt +++ b/dms-infrastructure/src/main/kotlin/team/aliens/dms/global/security/SecurityConfiguration.kt @@ -32,8 +32,10 @@ class SecurityConfiguration( .sessionCreationPolicy(SessionCreationPolicy.STATELESS) http .authorizeRequests() + // healthcheck .antMatchers(HttpMethod.GET, "/").permitAll() + // /auth .antMatchers(HttpMethod.GET, "/auth/account-id").permitAll() .antMatchers(HttpMethod.GET, "/auth/email").permitAll() @@ -41,9 +43,11 @@ class SecurityConfiguration( .antMatchers(HttpMethod.POST, "/auth/code").permitAll() .antMatchers(HttpMethod.POST, "/auth/tokens").permitAll() .antMatchers(HttpMethod.PUT, "/auth/reissue").permitAll() + // /users .antMatchers(HttpMethod.GET, "/users/password").hasAnyAuthority(STUDENT.name, MANAGER.name) .antMatchers(HttpMethod.PATCH, "/users/password").hasAnyAuthority(STUDENT.name, MANAGER.name) + // /students .antMatchers(HttpMethod.GET, "/students/email/duplication").permitAll() .antMatchers(HttpMethod.GET, "/students/account-id/duplication").permitAll() @@ -62,6 +66,7 @@ class SecurityConfiguration( .antMatchers(HttpMethod.GET, "/managers/profile").hasAuthority(MANAGER.name) .antMatchers(HttpMethod.PATCH, "managers/password/initialization").permitAll() .antMatchers(HttpMethod.DELETE, "/managers/students/{student-id}").hasAuthority(MANAGER.name) + // /schools .antMatchers(HttpMethod.GET, "/schools").permitAll() .antMatchers(HttpMethod.GET, "/schools/question/{school-id}").permitAll() @@ -69,6 +74,7 @@ class SecurityConfiguration( .antMatchers(HttpMethod.GET, "/schools/code").permitAll() .antMatchers(HttpMethod.PATCH, "/schools/question").hasAuthority(MANAGER.name) .antMatchers(HttpMethod.PATCH, "/schools/code").hasAuthority(MANAGER.name) + // /notices .antMatchers(HttpMethod.GET, "/notices/status").hasAuthority(STUDENT.name) .antMatchers(HttpMethod.GET, "/notices").hasAnyAuthority(STUDENT.name, MANAGER.name) @@ -76,11 +82,14 @@ class SecurityConfiguration( .antMatchers(HttpMethod.POST, "/notices").hasAuthority(MANAGER.name) .antMatchers(HttpMethod.PATCH, "/notices/{notice-id}").hasAuthority(MANAGER.name) .antMatchers(HttpMethod.DELETE, "/notices/{notice-id}").hasAuthority(MANAGER.name) + // /files .antMatchers(HttpMethod.POST, "/files").permitAll() .antMatchers(HttpMethod.POST, "/files/verified-student").permitAll() + // /meals .antMatchers(HttpMethod.GET, "/meals/{date}").hasAuthority(STUDENT.name) + // /points .antMatchers(HttpMethod.GET, "/points").hasAuthority(STUDENT.name) .antMatchers(HttpMethod.POST, "/points/options").hasAuthority(MANAGER.name) @@ -92,11 +101,13 @@ class SecurityConfiguration( .antMatchers(HttpMethod.PUT, "/points/history/{point-history-id}").hasAuthority(MANAGER.name) .antMatchers(HttpMethod.GET, "/points/options").hasAuthority(MANAGER.name) .antMatchers(HttpMethod.PATCH, "/points/options/{point-option-id}").hasAuthority(MANAGER.name) + // /templates .antMatchers(HttpMethod.GET, "/templates").permitAll() .antMatchers(HttpMethod.POST, "/templates").permitAll() .antMatchers(HttpMethod.PATCH, "/templates").permitAll() .antMatchers(HttpMethod.DELETE, "/templates").permitAll() + // /study-rooms .antMatchers(HttpMethod.GET, "/study-rooms/available-time").hasAnyAuthority(STUDENT.name, MANAGER.name) .antMatchers(HttpMethod.PUT, "/study-rooms/available-time").hasAuthority(MANAGER.name) @@ -113,6 +124,7 @@ class SecurityConfiguration( .antMatchers(HttpMethod.GET, "/study-rooms/list/managers").hasAuthority(MANAGER.name) .antMatchers(HttpMethod.DELETE, "/study-rooms/types/{type-id}").hasAuthority(MANAGER.name) .antMatchers(HttpMethod.GET, "/study-rooms/my").hasAuthority(STUDENT.name) + // /remains .antMatchers(HttpMethod.PUT, "/remains/{remain-option-id}").hasAuthority(STUDENT.name) .antMatchers(HttpMethod.POST, "/remains/options").hasAuthority(MANAGER.name) @@ -123,6 +135,7 @@ class SecurityConfiguration( .antMatchers(HttpMethod.DELETE, "/remains/options/{remain-option-id}").hasAuthority(MANAGER.name) .antMatchers(HttpMethod.PUT, "/remains/available-time").hasAuthority(MANAGER.name) .antMatchers(HttpMethod.GET, "/remains/status/file").hasAuthority(MANAGER.name) + .anyRequest().denyAll() http diff --git a/dms-infrastructure/src/main/kotlin/team/aliens/dms/persistence/remain/RemainStatusPersistenceAdapter.kt b/dms-infrastructure/src/main/kotlin/team/aliens/dms/persistence/remain/RemainStatusPersistenceAdapter.kt index 62d8676ea..ec06e1c6c 100644 --- a/dms-infrastructure/src/main/kotlin/team/aliens/dms/persistence/remain/RemainStatusPersistenceAdapter.kt +++ b/dms-infrastructure/src/main/kotlin/team/aliens/dms/persistence/remain/RemainStatusPersistenceAdapter.kt @@ -42,7 +42,6 @@ class RemainStatusPersistenceAdapter( } } - override fun deleteRemainStatusByRemainOptionId(remainOptionId: UUID) { remainStatusRepository.deleteByRemainOptionId(remainOptionId) } diff --git a/dms-infrastructure/src/main/kotlin/team/aliens/dms/persistence/user/UserPersistenceAdapter.kt b/dms-infrastructure/src/main/kotlin/team/aliens/dms/persistence/user/UserPersistenceAdapter.kt index 9a58b754e..3cd0c54c4 100644 --- a/dms-infrastructure/src/main/kotlin/team/aliens/dms/persistence/user/UserPersistenceAdapter.kt +++ b/dms-infrastructure/src/main/kotlin/team/aliens/dms/persistence/user/UserPersistenceAdapter.kt @@ -41,4 +41,3 @@ class UserPersistenceAdapter( userRepository.findByAccountId(accountId) ) } -