From ecc9b64662b75b61641c1a8f8fa89f0d39d44136 Mon Sep 17 00:00:00 2001
From: ma-zhongxu <mzxzxx1234@163.com>
Date: Wed, 31 Dec 2025 16:24:45 +0800
Subject: [PATCH] =?UTF-8?q?1.=E5=B0=8F=E7=A8=8B=E5=BA=8F=E6=8E=A5=E5=8F=A3?=
 =?UTF-8?q?=E6=9D=83=E9=99=90=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../com/chenhai/web/controller/muhu/CarouselAdsController.java | 3 ++-
 .../main/java/com/chenhai/framework/config/SecurityConfig.java | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/chenhai-admin/src/main/java/com/chenhai/web/controller/muhu/CarouselAdsController.java b/chenhai-admin/src/main/java/com/chenhai/web/controller/muhu/CarouselAdsController.java
index d59a60b..7af56e1 100644
--- a/chenhai-admin/src/main/java/com/chenhai/web/controller/muhu/CarouselAdsController.java
+++ b/chenhai-admin/src/main/java/com/chenhai/web/controller/muhu/CarouselAdsController.java
@@ -31,7 +31,8 @@ public class CarouselAdsController extends BaseController
     /**
      * 查询轮播广告列表
      */
-    @PreAuthorize("@ss.hasPermi('muhu:ads:list')")
+//    @PreAuthorize("@ss.hasPermi('muhu:ads:list')")
+    @PreAuthorize("@ss.hasRole('muhu')")
     @GetMapping("/list")
     public TableDataInfo list(CarouselAds carouselAds)
     {
diff --git a/chenhai-framework/src/main/java/com/chenhai/framework/config/SecurityConfig.java b/chenhai-framework/src/main/java/com/chenhai/framework/config/SecurityConfig.java
index 2e9cdff..71bd321 100644
--- a/chenhai-framework/src/main/java/com/chenhai/framework/config/SecurityConfig.java
+++ b/chenhai-framework/src/main/java/com/chenhai/framework/config/SecurityConfig.java
@@ -144,7 +144,7 @@ public class SecurityConfig
             .authorizeHttpRequests((requests) -> {
                 permitAllUrl.getUrls().forEach(url -> requests.requestMatchers(url).permitAll());
                 // 对于登录login 注册register 验证码captchaImage 允许匿名访问
-                requests.requestMatchers("/login", "/register", "/captchaImage").permitAll()
+                requests.requestMatchers("/login", "/register", "/captchaImage","auth/**").permitAll()
                         .requestMatchers("/auth/**").permitAll()
                     // 静态资源，可匿名访问
                     .requestMatchers(HttpMethod.GET, "/", "/*.html", "/**.html", "/**.css", "/**.js", "/profile/**").permitAll()