From ab48bf6c616db5bb7f50184b6fc5e3cc3a105674 Mon Sep 17 00:00:00 2001
From: taeyeon <tyeon42051@naver.com>
Date: Mon, 27 May 2024 13:52:07 +0900
Subject: [PATCH] =?UTF-8?q?update=20::=20Orders=20config=20=EC=88=98?=
 =?UTF-8?q?=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../server/v2/global/security/config/SecurityConfig.java        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/com/mindway/server/v2/global/security/config/SecurityConfig.java b/src/main/java/com/mindway/server/v2/global/security/config/SecurityConfig.java
index 83a8363..4b5e836 100644
--- a/src/main/java/com/mindway/server/v2/global/security/config/SecurityConfig.java
+++ b/src/main/java/com/mindway/server/v2/global/security/config/SecurityConfig.java
@@ -61,7 +61,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                                 .requestMatchers(HttpMethod.POST, "/api/v2/order").authenticated()
                                 .requestMatchers(HttpMethod.DELETE, "/api/v2/order/{order_id}").authenticated()
                                 .requestMatchers(HttpMethod.PATCH, "/api/v2/order/{order_id}").authenticated()
-                                .requestMatchers(HttpMethod.GET, "/api/v2/order").authenticated()
+                                .requestMatchers(HttpMethod.GET, "/api/v2/order").hasAnyAuthority(Authority.ROLE_TEACHER.name(), Authority.ROLE_HELPER.name())
 
                                 // goal
                                 .requestMatchers(HttpMethod.POST, "/api/v2/goal").authenticated()