Merge pull request #381 from GSM-MSG/hotfix/380-student-put-location-permission

🔀 학생정보 수정 API 접근 권한 추가

Author: enbraining

sms-infrastructure/src/main/kotlin/team/msg/sms/global/security/SecurityConfig.kt

@@ -45,57 +45,66 @@ class SecurityConfig(
             .requestMatchers(RequestMatcher { request ->
                 CorsUtils.isPreFlightRequest(request)
             }).permitAll()
-            //healthCheck
+            // Health
             .antMatchers(HttpMethod.GET, "/health").permitAll()
 
-            // auth
+            // Auth
+            .antMatchers(HttpMethod.GET, "/auth/verity/access").authenticated()
             .antMatchers(HttpMethod.POST, "/auth").permitAll()
             .antMatchers(HttpMethod.PATCH, "/auth").permitAll()
             .antMatchers(HttpMethod.DELETE, "/auth").authenticated()
-            .antMatchers(HttpMethod.GET, "/auth/verity/access").authenticated()
             .antMatchers(HttpMethod.DELETE, "/auth/withdrawal").authenticated()
 
-            .antMatchers(HttpMethod.GET, "/user/profile/img").permitAll()
-            .antMatchers(HttpMethod.GET, "/user/profile").hasAuthority(STUDENT)
-
-            .antMatchers(HttpMethod.POST, "/student").hasAuthority(STUDENT)
-            .antMatchers(HttpMethod.GET, "/student").permitAll()
-            .antMatchers(HttpMethod.POST, "/student/link").hasAuthority(TEACHER)
+            // Student
             .antMatchers(HttpMethod.GET, "/student/link").permitAll()
             .antMatchers(HttpMethod.GET, "/student/{uuid}").hasAnyAuthority(STUDENT, TEACHER)
-            .antMatchers(HttpMethod.PUT, "/student/pdf").hasAuthority(STUDENT)
             .antMatchers(HttpMethod.GET, "/student/anonymous/{uuid}").permitAll()
+            .antMatchers(HttpMethod.GET, "/student/teacher/{uuid}").hasAuthority(TEACHER)
+            .antMatchers(HttpMethod.GET, "/student").permitAll()
+            .antMatchers(HttpMethod.PUT, "/student/pdf").hasAuthority(STUDENT)
+            .antMatchers(HttpMethod.PUT, "/student").hasAuthority(STUDENT)
+            .antMatchers(HttpMethod.POST, "/student").hasAuthority(STUDENT)
+            .antMatchers(HttpMethod.POST, "/student/link").hasAuthority(TEACHER)
 
+            // Teacher
             .antMatchers(HttpMethod.POST, "/teacher/common").hasAuthority(TEACHER)
             .antMatchers(HttpMethod.POST, "/teacher/director").hasAuthority(TEACHER)
             .antMatchers(HttpMethod.POST, "/teacher/homeroom").hasAuthority(TEACHER)
             .antMatchers(HttpMethod.POST, "/teacher/principal").hasAuthority(TEACHER)
             .antMatchers(HttpMethod.POST, "/teacher/deputy-principal").hasAuthority(TEACHER)
 
+            // File
+            .antMatchers(HttpMethod.POST, "/file").authenticated()
+            .antMatchers(HttpMethod.POST, "/file/image").authenticated()
+
+            // Major
+            .antMatchers(HttpMethod.GET, "/major/list").permitAll()
+
+            // Stack
+            .antMatchers(HttpMethod.GET, "/stack/list").permitAll()
+
+            // User
+            .antMatchers(HttpMethod.GET, "/user/profile/img").permitAll()
+            .antMatchers(HttpMethod.GET, "/user/profile").hasAuthority(STUDENT)
+
+            // Authentication
             .antMatchers(HttpMethod.GET, "/authentication/student/{student_uuid}").hasAuthority(TEACHER)
             .antMatchers(HttpMethod.GET, "/authentication/teacher").hasAuthority(TEACHER)
-            .antMatchers(HttpMethod.PATCH, "/authentication/teacher/{uuid}/approve").hasAuthority(TEACHER)
-            .antMatchers(HttpMethod.PATCH, "/authentication/teacher/{uuid}/reject").hasAuthority(TEACHER)
             .antMatchers(HttpMethod.GET, "/authentication/teacher/{uuid}").hasAuthority(TEACHER)
             .antMatchers(HttpMethod.GET, "/authentication/{uuid}/history").hasAnyAuthority(STUDENT, TEACHER)
             .antMatchers(HttpMethod.GET, "/authentication/my").hasAuthority(STUDENT)
-            .antMatchers(HttpMethod.POST, "/authentication").hasAuthority(STUDENT)
             .antMatchers(HttpMethod.GET, "/authentication/{uuid}").hasAuthority(STUDENT)
-            .antMatchers(HttpMethod.DELETE, "/authentication/{uuid}").hasAuthority(STUDENT)
-            .antMatchers(HttpMethod.PATCH, "/authentication/{uuid}").hasAuthority(STUDENT)
-            .antMatchers(HttpMethod.PUT, "/authentication/{uuid}").hasAuthority(STUDENT)
             .antMatchers(HttpMethod.GET, "/").hasAnyAuthority(STUDENT, TEACHER)
-            .antMatchers(HttpMethod.POST, "/authentication/submit/{uuid}").hasAuthority(STUDENT)
-            .antMatchers(HttpMethod.POST, "/authentication/create").hasAuthority(TEACHER)
             .antMatchers(HttpMethod.GET, "/authentication/form/{uuid}").hasAnyAuthority(STUDENT, TEACHER)
             .antMatchers(HttpMethod.GET, "/authentication").hasAuthority(TEACHER)
-
-            .antMatchers(HttpMethod.POST, "/file").authenticated()
-            .antMatchers(HttpMethod.POST, "/file/image").authenticated()
-
-            .antMatchers(HttpMethod.GET, "/major/list").permitAll()
-
-            .antMatchers(HttpMethod.GET, "/stack/list").permitAll()
+            .antMatchers(HttpMethod.PUT, "/authentication/{uuid}").hasAuthority(STUDENT)
+            .antMatchers(HttpMethod.POST, "/authentication").hasAuthority(STUDENT)
+            .antMatchers(HttpMethod.POST, "/authentication/submit/{uuid}").hasAuthority(STUDENT)
+            .antMatchers(HttpMethod.POST, "/authentication/create").hasAuthority(TEACHER)
+            .antMatchers(HttpMethod.PATCH, "/authentication/teacher/{uuid}/approve").hasAuthority(TEACHER)
+            .antMatchers(HttpMethod.PATCH, "/authentication/teacher/{uuid}/reject").hasAuthority(TEACHER)
+            .antMatchers(HttpMethod.PATCH, "/authentication/{uuid}").hasAuthority(STUDENT)
+            .antMatchers(HttpMethod.DELETE, "/authentication/{uuid}").hasAuthority(STUDENT)
 
             .anyRequest().denyAll()