feat: allow access to MTBFile endpoint for non-token users

2025-07-04 07:22:55 +00:00 · 2024-05-27 12:19:24 +02:00
parent 8fc0609aa4
commit fb5a3c062c
2 changed files with 71 additions and 3 deletions
--- a/src/main/kotlin/dev/dnpm/etl/processor/config/AppSecurityConfiguration.kt
+++ b/src/main/kotlin/dev/dnpm/etl/processor/config/AppSecurityConfiguration.kt
@ -89,7 +89,7 @@ class AppSecurityConfiguration(
        http {
            authorizeRequests {
                authorize("/configs/**", hasRole("ADMIN"))
-                authorize("/mtbfile/**", hasAnyRole("MTBFILE"))
+                authorize("/mtbfile/**", hasAnyRole("MTBFILE", "ADMIN", "USER"))
                authorize("/report/**", hasAnyRole("ADMIN", "USER"))
                authorize("*.css", permitAll)
                authorize("*.ico", permitAll)
@ -147,7 +147,7 @@ class AppSecurityConfiguration(
        http {
            authorizeRequests {
                authorize("/configs/**", hasRole("ADMIN"))
-                authorize("/mtbfile/**", hasAnyRole("MTBFILE"))
+                authorize("/mtbfile/**", hasAnyRole("MTBFILE", "ADMIN"))
                authorize("/report/**", hasRole("ADMIN"))
                authorize(anyRequest, permitAll)
            }