From fb5a3c062c4e328143ff49bc26fabd292d04fe0a Mon Sep 17 00:00:00 2001
From: Paul-Christian Volkmer
Date: Mon, 27 May 2024 12:19:24 +0200
Subject: feat: allow access to MTBFile endpoint for non-token users

---
 .../kotlin/dev/dnpm/etl/processor/config/AppSecurityConfiguration.kt  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/main/kotlin/dev')

diff --git a/src/main/kotlin/dev/dnpm/etl/processor/config/AppSecurityConfiguration.kt b/src/main/kotlin/dev/dnpm/etl/processor/config/AppSecurityConfiguration.kt
index 0da9398..6b063bd 100644
--- a/src/main/kotlin/dev/dnpm/etl/processor/config/AppSecurityConfiguration.kt
+++ b/src/main/kotlin/dev/dnpm/etl/processor/config/AppSecurityConfiguration.kt
@@ -89,7 +89,7 @@ class AppSecurityConfiguration(
         http {
             authorizeRequests {
                 authorize("/configs/**", hasRole("ADMIN"))
-                authorize("/mtbfile/**", hasAnyRole("MTBFILE"))
+                authorize("/mtbfile/**", hasAnyRole("MTBFILE", "ADMIN", "USER"))
                 authorize("/report/**", hasAnyRole("ADMIN", "USER"))
                 authorize("*.css", permitAll)
                 authorize("*.ico", permitAll)
@@ -147,7 +147,7 @@ class AppSecurityConfiguration(
         http {
             authorizeRequests {
                 authorize("/configs/**", hasRole("ADMIN"))
-                authorize("/mtbfile/**", hasAnyRole("MTBFILE"))
+                authorize("/mtbfile/**", hasAnyRole("MTBFILE", "ADMIN"))
                 authorize("/report/**", hasRole("ADMIN"))
                 authorize(anyRequest, permitAll)
             }
-- 
cgit v1.2.3