From dbcf6bfe7723e36c650564a5f8a5bb7e34edf286 Mon Sep 17 00:00:00 2001
From: Yujin1219 <jin-1219@naver.com>
Date: Sat, 20 Sep 2025 20:13:16 +0900
Subject: [PATCH] =?UTF-8?q?Refactor:=20=EA=B4=80=EB=A6=AC=EC=9E=90=20API?=
 =?UTF-8?q?=20=EA=B6=8C=ED=95=9C=20=EC=84=A4=EC=A0=95=20=EC=B6=94=EA=B0=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../report/controller/AdminReportController.java     |  2 ++
 .../global/config/WebOAuthSecurityConfig.java        | 12 ++++++------
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/src/main/java/com/DecodEat/domain/report/controller/AdminReportController.java b/src/main/java/com/DecodEat/domain/report/controller/AdminReportController.java
index d1b36b0..dd11479 100644
--- a/src/main/java/com/DecodEat/domain/report/controller/AdminReportController.java
+++ b/src/main/java/com/DecodEat/domain/report/controller/AdminReportController.java
@@ -10,12 +10,14 @@
 import io.swagger.v3.oas.annotations.responses.ApiResponses;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.RequiredArgsConstructor;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 @RestController
 @RequiredArgsConstructor
 @RequestMapping("/api/admin/reports")
 @Tag(name = "[관리자] 신고 관리")
+@PreAuthorize("hasRole('ADMIN')")
 public class AdminReportController {
 
     private final ReportService reportService;
diff --git a/src/main/java/com/DecodEat/global/config/WebOAuthSecurityConfig.java b/src/main/java/com/DecodEat/global/config/WebOAuthSecurityConfig.java
index f6ba47e..348104f 100644
--- a/src/main/java/com/DecodEat/global/config/WebOAuthSecurityConfig.java
+++ b/src/main/java/com/DecodEat/global/config/WebOAuthSecurityConfig.java
@@ -54,13 +54,13 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
 
         // 3. 요청별 인가 규칙 설정
         http.authorizeHttpRequests(auth -> auth
-                .anyRequest().permitAll());
-//                .requestMatchers("/img/**", "/css/**", "/js/**", "/favicon.ico", "/error").permitAll()
-//                .requestMatchers("/swagger-ui/**","/v3/api-docs/**").permitAll() // 토큰 재발급 요청은 누구나 가능
-//                .requestMatchers("/api/token").permitAll()
+//                .anyRequest().permitAll());
+                .requestMatchers("/img/**", "/css/**", "/js/**", "/favicon.ico", "/error").permitAll()
+                .requestMatchers("/swagger-ui/**","/v3/api-docs/**").permitAll() // 토큰 재발급 요청은 누구나 가능
+                .requestMatchers("/api/token").permitAll()
 //                .requestMatchers("/api/users/**").hasAnyRole("USER", "ADMIN") // 유저 관련 API는 USER 또는 ADMIN 권한 필요
-//                .requestMatchers("/api/admin/**").hasRole("ADMIN") // 어드민 관련 API는 ADMIN 권한만 가능
-//                .anyRequest().authenticated()); // 나머지 요청은 인증 필요
+                .requestMatchers("/api/admin/**").hasRole("ADMIN") // 어드민 관련 API는 ADMIN 권한만 가능
+                .anyRequest().authenticated()); // 나머지 요청은 인증 필요
 
         // 4. OAuth2 로그인 설정
         http.oauth2Login(oauth2 -> oauth2