。。。

examcloud-core-basic-api-provider/src/main/java/cn/com/qmth/examcloud/core/basic/api/provider/StudentCloudServiceProvider.java

@@ -78,7 +78,7 @@ public class StudentCloudServiceProvider extends ControllerSupport implements St
 	@ApiOperation(value = "查询学生")
 	@PostMapping("getStudent")
 	@Override
-	public GetStudentResp getStudent(GetStudentReq req) {
+	public GetStudentResp getStudent(@RequestBody GetStudentReq req) {
 		Long rootOrgId = req.getRootOrgId();
 		String studentCode = req.getStudentCode();
 		String identityNumber = req.getIdentityNumber();
@@ -86,9 +86,6 @@ public class StudentCloudServiceProvider extends ControllerSupport implements St
 		if (null == rootOrgId) {
 			throw new StatusException("B-150000", "rootOrgId is null");
 		}
-		if (StringUtils.isBlank(studentCode)) {
-			throw new StatusException("B-150003", "studentCode is null");
-		}
 		if (StringUtils.isBlank(identityNumber)) {
 			throw new StatusException("B-150004", "identityNumber is null");
 		}
@@ -106,6 +103,12 @@ public class StudentCloudServiceProvider extends ControllerSupport implements St
 		if (null == student) {
 			throw new StatusException("B-150005", "学生不存在");
 		}
+		String realStudentCode = student.getStudentCode();
+
+		if (StringUtils.isNotBlank(studentCode)
+				&& (StringUtils.isBlank(realStudentCode) || !studentCode.equals(realStudentCode))) {
+			throw new StatusException("B-150005", "学号错误");
+		}
 
 		Org org = orgRepo.findOne(student.getOrgId());
 

examcloud-core-basic-starter/src/main/resources/security-exclusions.conf

@@ -20,4 +20,5 @@ regexp:.*\[getLoginUser\].*
 [${$rmp.cloud.basic}student][insertOrUpdateStudent][POST]
 [${$rmp.cloud.basic}org][getOrg][POST]
 [${$rmp.cloud.basic}student][getStudent][POST]
+[${$rmp.cloud.basic}course][saveCourse][POST]