diff --git a/src/main/java/org/cotato/csquiz/common/config/SecurityConfig.java b/src/main/java/org/cotato/csquiz/common/config/SecurityConfig.java index b8082f62..89bf9422 100644 --- a/src/main/java/org/cotato/csquiz/common/config/SecurityConfig.java +++ b/src/main/java/org/cotato/csquiz/common/config/SecurityConfig.java @@ -93,13 +93,13 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { .requestMatchers("/v1/api/session/cs-on").hasAnyRole("EDUCATION", "ADMIN") .requestMatchers(new AntPathRequestMatcher("/v1/api/session", "GET")).authenticated() .requestMatchers("/v1/api/session/**").hasAnyRole("ADMIN") - .requestMatchers("/v2/api/attendances/records").hasAnyRole("ADMIN", "OPERATION") + .requestMatchers("/v2/api/attendances/records").hasAnyRole("OPERATION", "ADMIN") .requestMatchers("/v2/api/attendances/{attendance-id}/records").hasAnyRole("ADMIN") - .requestMatchers("/v2/api/attendances").hasAnyRole("ADMIN", "OPERATION") + .requestMatchers("/v2/api/attendances").hasAnyRole("OPERATION", "ADMIN") .requestMatchers("/v2/api/attendances/info") - .hasAnyRole("ADMIN", "OPERATION", "EDUCATION", "MEMBER") + .hasAnyRole("MEMBER", "EDUCATION", "OPERATION", "ADMIN") .requestMatchers("/v2/api/attendances/records/**") - .hasAnyRole("ADMIN", "OPERATION", "EDUCATION", "MEMBER") + .hasAnyRole("MEMBER", "EDUCATION", "OPERATION", "ADMIN") .requestMatchers(new AntPathRequestMatcher("/v1/api/socket/token", "POST")) .hasAnyRole("MEMBER", "EDUCATION", "OPERATION", "ADMIN") // .requestMatchers("/v2/api/events/attendances").hasAnyRole("MEMBER", "ADMIN", "EDUCATION")