From d0d69387fb2affdef39b4454862a04cf35cf183f Mon Sep 17 00:00:00 2001
From: renjianbo <18691577328@163.com>
Date: Sat, 23 May 2026 01:45:15 +0800
Subject: [PATCH] fix: change nursing endpoints from anonymous() to permitAll()

- .anonymous() blocks authenticated users (returns 403 with token)
- .permitAll() allows both anonymous and authenticated requests
- Add @Anonymous annotation to publishedList() and incrementView()
- Remove /system/nursing/** from anonymous whitelist, add to permitAll

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .../main/java/com/ruoyi/framework/config/SecurityConfig.java   | 3 ++-
 .../ruoyi/system/controller/RlzNursingArticleController.java   | 3 +++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/rlz/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java b/rlz/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java
index 8b5c6c4..b3ea623 100644
--- a/rlz/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java
+++ b/rlz/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java
@@ -109,7 +109,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
                 // 过滤请求
                 .authorizeRequests()
                 // 对于登录login 注册register 验证码captchaImage 允许匿名访问
-                .antMatchers("/login","/appLogin","/system/msm","/smsLogin", "/register", "/captchaImage","/weixinLogin","/getUserToken","/system/weixin/wxPayNotify","/system/weixin/wxRefundNotify","/system/user/getAppIndexInfo","/system/nursing/published","/system/nursing/view/**").anonymous()
+                .antMatchers("/login","/appLogin","/system/msm","/smsLogin", "/register", "/captchaImage","/weixinLogin","/getUserToken","/system/weixin/wxPayNotify","/system/weixin/wxRefundNotify","/system/user/getAppIndexInfo").anonymous()
+                .antMatchers("/system/nursing/published","/system/nursing/view/**").permitAll()
                 // 静态资源，可匿名访问
                 .antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**").permitAll()
                 .antMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**").permitAll()
diff --git a/rlz/ruoyi-system/src/main/java/com/ruoyi/system/controller/RlzNursingArticleController.java b/rlz/ruoyi-system/src/main/java/com/ruoyi/system/controller/RlzNursingArticleController.java
index 7e64ec0..db2153d 100644
--- a/rlz/ruoyi-system/src/main/java/com/ruoyi/system/controller/RlzNursingArticleController.java
+++ b/rlz/ruoyi-system/src/main/java/com/ruoyi/system/controller/RlzNursingArticleController.java
@@ -12,6 +12,7 @@ import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
+import com.ruoyi.common.annotation.Anonymous;
 import com.ruoyi.common.annotation.Log;
 import com.ruoyi.common.core.controller.BaseController;
 import com.ruoyi.common.core.domain.AjaxResult;
@@ -94,6 +95,7 @@ public class RlzNursingArticleController extends BaseController
     /**
      * 获取已发布的护理资讯列表（无需认证，供App使用）
      */
+    @Anonymous
     @GetMapping("/published")
     public AjaxResult publishedList()
     {
@@ -104,6 +106,7 @@ public class RlzNursingArticleController extends BaseController
     /**
      * 阅读量+1（无需认证，App点击文章时调用）
      */
+    @Anonymous
     @PutMapping("/view/{id}")
     public AjaxResult incrementView(@PathVariable("id") Long id)
     {