From aca629db15b70b3a488b68fdb5f295f2ce0e51e2 Mon Sep 17 00:00:00 2001
From: I-migi <sunnn10189@gmail.com>
Date: Fri, 22 Nov 2024 18:04:13 +0900
Subject: [PATCH] =?UTF-8?q?refactor:=20=EA=B2=BD=EA=B8=B0=20=EC=83=9D?=
 =?UTF-8?q?=EC=84=B1=20=EB=A1=9C=EC=A7=81=20=EC=9D=BC=EB=B0=98=20=ED=9A=8C?=
 =?UTF-8?q?=EC=9B=90=EB=8F=84=20=EC=8B=A4=ED=96=89=20=EA=B0=80=EB=8A=A5?=
 =?UTF-8?q?=ED=95=98=EA=B2=8C=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../org/badminton/api/config/security/SecurityConfig.java  | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/api/src/main/java/org/badminton/api/config/security/SecurityConfig.java b/api/src/main/java/org/badminton/api/config/security/SecurityConfig.java
index 4db6f6cc..5d430edc 100644
--- a/api/src/main/java/org/badminton/api/config/security/SecurityConfig.java
+++ b/api/src/main/java/org/badminton/api/config/security/SecurityConfig.java
@@ -142,8 +142,8 @@ public SecurityFilterChain clubFilterChain(HttpSecurity http) throws Exception {
 				.requestMatchers(HttpMethod.GET, "/v1/clubs/{clubToken}")
 				.authenticated()
 
-				.requestMatchers(HttpMethod.POST, "/v1/clubs/{clubToken}/leagues",
-					"/v1/clubs/{clubToken}/clubMembers/approve", "/v1/clubs/{clubToken}/clubMembers/reject")
+				.requestMatchers(HttpMethod.POST, "/v1/clubs/{clubToken}/clubMembers/approve",
+					"/v1/clubs/{clubToken}/clubMembers/reject")
 				.access(hasClubRole("OWNER", "MANAGER"))
 				.requestMatchers(HttpMethod.POST, "/v1/clubs/{clubToken}/league", "/v1/clubs/images")
 				.access(hasClubRole("OWNER", "MANAGER"))
@@ -151,7 +151,8 @@ public SecurityFilterChain clubFilterChain(HttpSecurity http) throws Exception {
 				.access(hasClubRole("OWNER", "MANAGER"))
 				.requestMatchers(HttpMethod.PATCH, "/v1/clubs/{clubToken}/leagues/{leagueId}")
 				.access(hasClubRole("OWNER", "MANAGER"))
-				.requestMatchers(HttpMethod.POST, "/v1/clubs/{clubToken}/leagues/{leagueId}/participation")
+				.requestMatchers(HttpMethod.POST, "/v1/clubs/{clubToken}/leagues/{leagueId}/participation",
+					"/v1/clubs/{clubToken}/leagues")
 				.access(hasClubRole("OWNER", "MANAGER", "USER"))
 				.requestMatchers(HttpMethod.DELETE, "/v1/clubs/{clubToken}/leagues/{leagueId}/participation")
 				.access(hasClubRole("OWNER", "MANAGER", "USER"))