From 6f528835bfd9035e6da56fee71c4f67f6a13e92d Mon Sep 17 00:00:00 2001
From: Paulo Gustavo Veiga <pveiga@wisemapping.com>
Date: Fri, 9 Feb 2024 23:55:05 -0800
Subject: [PATCH] Fix try access.

---
 .../main/java/com/wisemapping/config/rest/RestAppConfig.java   | 3 ++-
 .../src/main/java/com/wisemapping/rest/MindmapController.java  | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/wise-api/src/main/java/com/wisemapping/config/rest/RestAppConfig.java b/wise-api/src/main/java/com/wisemapping/config/rest/RestAppConfig.java
index 65546bd1..918d1278 100644
--- a/wise-api/src/main/java/com/wisemapping/config/rest/RestAppConfig.java
+++ b/wise-api/src/main/java/com/wisemapping/config/rest/RestAppConfig.java
@@ -39,8 +39,9 @@ public class RestAppConfig {
                 .securityMatcher("/**")
                 .addFilterAfter(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
                 .authorizeHttpRequests(auth -> auth
-                        .requestMatchers(mvc.pattern("/api/restful/users/")).permitAll()
                         .requestMatchers(mvc.pattern("/api/restful/authenticate")).permitAll()
+                        .requestMatchers(mvc.pattern("/api/restful/users/")).permitAll()
+                        .requestMatchers(mvc.pattern("/api/restful/maps/*/document/xml-pub")).permitAll()
                         .requestMatchers(mvc.pattern("/api/restful/users/resetPassword")).permitAll()
                         .requestMatchers(mvc.pattern("/api/restful/oauth2/googlecallback")).permitAll()
                         .requestMatchers(mvc.pattern("/api/restful/oauth2/confirmaccountsync")).permitAll()
diff --git a/wise-api/src/main/java/com/wisemapping/rest/MindmapController.java b/wise-api/src/main/java/com/wisemapping/rest/MindmapController.java
index 2d308c2b..276e20aa 100644
--- a/wise-api/src/main/java/com/wisemapping/rest/MindmapController.java
+++ b/wise-api/src/main/java/com/wisemapping/rest/MindmapController.java
@@ -250,7 +250,7 @@ public class MindmapController extends BaseController {
     @NotNull
     private Mindmap findMindmapById(int id) throws MapCouldNotFoundException, AccessDeniedSecurityException {
         // Has enough permissions ?
-        final User user = Utils.getUser(true);
+        final User user = Utils.getUser();
         if (!mindmapService.hasPermissions(user, id, CollaborationRole.VIEWER)) {
             throw new AccessDeniedSecurityException(id, user);
         }