提交权限控制代码

cqb-paper/src/main/java/com/qmth/cqb/paper/web/ExamPaperController.java

@@ -15,6 +15,10 @@ import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
 
+import cn.com.qmth.examcloud.common.uac.annotation.Uac;
+import cn.com.qmth.examcloud.common.uac.enums.RoleMeta;
+import cn.com.qmth.examcloud.common.uac.enums.UacPolicy;
+
 import com.qmth.cqb.paper.model.ExamPaper;
 import com.qmth.cqb.paper.model.Paper;
 import com.qmth.cqb.paper.service.ExamPaperService;
@@ -34,6 +38,7 @@ public class ExamPaperController {
 	
 	@ApiOperation(value = "根据考试ID和课程代码获取卷库考试试卷，按试卷类型分组"
 				, notes = "根据考试ID和课程代码获取卷库考试试卷，按试卷类型分组")
+	@Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/examPaper/listByGroupCode/{examId}/{courseCode}")
 	public ResponseEntity<Map<String, List<Paper>>> findExamPaper(@PathVariable Long examId, @PathVariable String courseCode){
 		ExamPaper condition = new ExamPaper();

cqb-paper/src/main/java/com/qmth/cqb/paper/web/ExportPaperController.java

@@ -1,7 +1,13 @@
 package com.qmth.cqb.paper.web;
 
+import cn.com.qmth.examcloud.common.uac.annotation.Uac;
+import cn.com.qmth.examcloud.common.uac.enums.RoleMeta;
+import cn.com.qmth.examcloud.common.uac.enums.UacPolicy;
+
 import com.qmth.cqb.paper.service.ExportPaperService;
+
 import io.swagger.annotations.ApiOperation;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -30,6 +36,7 @@ public class ExportPaperController {
      * @return
      */
     @ApiOperation(value="导出试卷",notes="导出试卷")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/paper/export/{id}")
     public void getPaperById(@PathVariable String id, HttpServletResponse response){
         log.info("导出开始");

cqb-paper/src/main/java/com/qmth/cqb/paper/web/ExtractConfigController.java

@@ -17,7 +17,10 @@ import org.springframework.web.bind.annotation.PutMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 
+import cn.com.qmth.examcloud.common.uac.annotation.Uac;
 import cn.com.qmth.examcloud.common.uac.entity.AccessUser;
+import cn.com.qmth.examcloud.common.uac.enums.RoleMeta;
+import cn.com.qmth.examcloud.common.uac.enums.UacPolicy;
 
 import com.qmth.cqb.paper.model.ExtractConfig;
 import com.qmth.cqb.paper.service.ExtractConfigService;
@@ -37,6 +40,7 @@ public class ExtractConfigController {
 	private ExtractConfigService extractConfigService;
 	
 	@ApiOperation(value = "根据考试ID和课程ID获取调卷规则", notes = "根据考试ID和课程ID获取调卷规则")
+	@Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/extractConfig/{examId}/{courseCode}")
 	public ResponseEntity<ExtractConfig> findExtractConfig(@PathVariable Long examId,@PathVariable String courseCode){
 		ExtractConfig condition = new ExtractConfig();
@@ -47,6 +51,7 @@ public class ExtractConfigController {
 	}
 	
 	@ApiOperation(value = "根据ID获取调卷规则", notes = "根据ID获取调卷规则")
+	@Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/extractConfig/{id}")
 	public ResponseEntity<ExtractConfig> findExtractConfigById(@PathVariable String id){
 		ExtractConfig extractConfig = extractConfigService.findConfigById(id);
@@ -54,6 +59,7 @@ public class ExtractConfigController {
 	} 
 	
 	@ApiOperation(value = "保存调卷规则", notes = "保存调卷规则")
+	@Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @PutMapping(value = "/extractConfig")
 	public ResponseEntity saveExtractConfig(HttpServletRequest request,@RequestBody ExtractConfig extractConfig){
 		try{
@@ -67,6 +73,7 @@ public class ExtractConfigController {
 	}
 	
 	@ApiOperation(value = "根据调卷规则生成试卷", notes = "根据调卷规则生成试卷")
+	@Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @PutMapping(value = "/makePaperByConfig/{id}")
 	public ResponseEntity makePaperByConfig(@PathVariable String id){
 		try{

cqb-paper/src/main/java/com/qmth/cqb/paper/web/ExtractController.java

@@ -11,6 +11,10 @@ import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
+import cn.com.qmth.examcloud.common.uac.annotation.Uac;
+import cn.com.qmth.examcloud.common.uac.enums.RoleMeta;
+import cn.com.qmth.examcloud.common.uac.enums.UacPolicy;
+
 import com.qmth.cqb.paper.model.ExtractConfig;
 import com.qmth.cqb.paper.service.ExtractService;
 
@@ -27,6 +31,7 @@ public class ExtractController {
     ExtractService extractService;
 
     @ApiOperation(value = "抽取试卷", notes = "抽取试卷")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/extract/{exam_id}/{course_code}/{group_code}")
     public ResponseEntity extract(@PathVariable String exam_id, @PathVariable String course_code,
             @PathVariable String group_code) {
@@ -43,6 +48,7 @@ public class ExtractController {
     }
 
     @ApiOperation(value = "抽取单个试题", notes = "抽取单个试题")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/extractQues/{ques_id}")
     public ResponseEntity extractQuestion(@PathVariable String ques_id) {
         Map<String, Object> quesMap = new HashMap<String, Object>();

cqb-paper/src/main/java/com/qmth/cqb/paper/web/ImportPaperController.java

@@ -24,7 +24,10 @@ import com.qmth.cqb.paper.dao.PaperRepo;
 import com.qmth.cqb.paper.service.ImportPaperService;
 import com.qmth.cqb.paper.service.PaperService;
 
+import cn.com.qmth.examcloud.common.uac.annotation.Uac;
 import cn.com.qmth.examcloud.common.uac.entity.AccessUser;
+import cn.com.qmth.examcloud.common.uac.enums.RoleMeta;
+import cn.com.qmth.examcloud.common.uac.enums.UacPolicy;
 import io.swagger.annotations.ApiOperation;
 
 /**
@@ -59,6 +62,7 @@ public class ImportPaperController {
      * @return
      */
     @ApiOperation(value = "导入试卷", notes = "导入试卷")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @PostMapping(value = "/importPaper")
     public ResponseEntity importPaper(HttpServletRequest request, 
                                         @RequestParam String paperName,
@@ -98,6 +102,7 @@ public class ImportPaperController {
      * @return
      */
     @ApiOperation(value = "保存导入类型空白试卷", notes = "保存导入类型空白试卷")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @PostMapping(value = "/importPaper/saveBlankPaper/{courseNo}/{courseName}/{paperName}")
     public ResponseEntity saveBlankPaper(HttpServletRequest request, 
                                         @PathVariable String courseNo,

cqb-paper/src/main/java/com/qmth/cqb/paper/web/PaperController.java

@@ -43,7 +43,10 @@ import com.qmth.cqb.utils.StringSimilarityUtils;
 import com.qmth.cqb.utils.enums.PaperType;
 
 import cn.com.qmth.examcloud.common.dto.question.enums.QuesStructType;
+import cn.com.qmth.examcloud.common.uac.annotation.Uac;
 import cn.com.qmth.examcloud.common.uac.entity.AccessUser;
+import cn.com.qmth.examcloud.common.uac.enums.RoleMeta;
+import cn.com.qmth.examcloud.common.uac.enums.UacPolicy;
 import io.swagger.annotations.ApiOperation;
 
 /**
@@ -75,6 +78,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "根据Id获取试卷", notes = "根据Id获取试卷")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/paper/{paperId}")
     public ResponseEntity getPaperById(@PathVariable String paperId) {
         return new ResponseEntity(gson.toJson(paperService.getPaperDto(paperId)), HttpStatus.OK);
@@ -87,6 +91,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "保存试卷", notes = "保存试卷")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @PutMapping(value = "/paper")
     public ResponseEntity savePaperById(HttpServletRequest request, @RequestBody PaperExp paper) {
         AccessUser user = (AccessUser) request.getAttribute("accessUser");
@@ -108,6 +113,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "查询所有导入试卷", notes = "查询所有导入试卷")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/importPaper/{curPage}/{pageSize}")
     public ResponseEntity getImportPapers(HttpServletRequest request, @ModelAttribute PaperSearchInfo paperSearchInfo,
             @PathVariable int curPage, @PathVariable int pageSize) {
@@ -117,6 +123,7 @@ public class PaperController {
     }
 
     @ApiOperation(value = "查询所有待审核和审核不通过的导入试卷", notes = "查询所有待审核和审核不通过的导入试卷")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/importPaperNotSuccess/{curPage}/{pageSize}")
     public ResponseEntity getImportPapersNotSuccess(HttpServletRequest request,
             @ModelAttribute PaperSearchInfo paperSearchInfo, @PathVariable int curPage, @PathVariable int pageSize) {
@@ -127,6 +134,7 @@ public class PaperController {
     }
 
     @ApiOperation(value = "根据条件查询导入试卷", notes = "根据条件查询导入试卷")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/getImportPaper")
     public ResponseEntity<List<Paper>> getImportPapersBySearch(@ModelAttribute PaperSearchInfo paperSearchInfo) {
         return new ResponseEntity<List<Paper>>(paperService.getImportPapersBySearch(paperSearchInfo), HttpStatus.OK);
@@ -141,6 +149,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "查询所有已组试卷", notes = "查询所有已组试卷")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/genPaper/{curPage}/{pageSize}")
     public ResponseEntity getGenPapers(HttpServletRequest request, @ModelAttribute PaperSearchInfo paperSearchInfo,
             @PathVariable int curPage, @PathVariable int pageSize) {
@@ -156,6 +165,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "删除试卷", notes = "删除试卷")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @DeleteMapping(value = "/paper/{paperIds}")
     public ResponseEntity delPaper(@PathVariable String paperIds) {
         List<String> paperList = Stream.of(paperIds.split(",")).collect(Collectors.toList());
@@ -175,6 +185,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "批量通过试卷", notes = "批量通过试卷")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @PutMapping(value = "/paper/pass")
     public ResponseEntity passPapers(@RequestBody PaperSearchInfo paperSearchInfo) {
         paperService.passPapers(Arrays.asList(paperSearchInfo.getPaperIds()));
@@ -188,6 +199,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "批量不通过试卷", notes = "批量不通过试卷")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @PutMapping(value = "/paper/noPass")
     public ResponseEntity noPassPapers(@RequestBody PaperSearchInfo paperSearchInfo) {
         paperService.noPassPapers(Arrays.asList(paperSearchInfo.getPaperIds()));
@@ -201,6 +213,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "批量待审核试卷", notes = "批量待审核试卷")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @PutMapping(value = "/paper/draft")
     public ResponseEntity initPapers(@RequestBody PaperSearchInfo paperSearchInfo) {
         paperService.backPapers(Arrays.asList(paperSearchInfo.getPaperIds()));
@@ -216,6 +229,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "获取卷库考试试卷", notes = "获取卷库考试试卷")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/paper/list/{examId}/{courseCode}/{groupCode}")
     public List<Paper> listPaperById(@PathVariable String examId, @PathVariable String courseCode,
             @PathVariable String groupCode) {
@@ -232,6 +246,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "新增考试试卷", notes = "新增考试试卷")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @PostMapping(value = "/paper/join/{examId}/{courseCode}/{groupCode}/{paperId}")
     public ResponseEntity joinExamPaper(@PathVariable String examId, @PathVariable String courseCode,
             @PathVariable String groupCode, @PathVariable String paperId) {
@@ -249,6 +264,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "删除考试试卷", notes = "删除考试试卷")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @DeleteMapping(value = "/paper/release/{examId}/{courseCode}/{groupCode}/{paperId}")
     public ResponseEntity releaseExamPaper(@PathVariable String examId, @PathVariable String courseCode,
             @PathVariable String groupCode, @PathVariable String paperId) {
@@ -265,6 +281,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "获取考试试卷类型集合", notes = "获取考试试卷类型集合")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/paper/groupCode/{examId}/{courseCode}")
     public Set<String> listGroup(@PathVariable String examId, @PathVariable String courseCode) {
         return paperService.listGroupCodes(Long.parseLong(examId), courseCode);
@@ -279,6 +296,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "删除考试试卷类型", notes = "删除考试试卷类型")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @DeleteMapping(value = "/paper/groupCode/{examId}/{courseCode}/{groupCode}")
     public ResponseEntity deleteGroup(@PathVariable String examId, @PathVariable String courseCode,
             @PathVariable String groupCode) {
@@ -293,6 +311,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "删除导入试卷中的试题", notes = "删除导入试卷中的试题")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @DeleteMapping(value = "/paper/deleteQuestion/{questionId}")
     public ResponseEntity deleteImportPaperQuestion(HttpServletRequest request, @PathVariable String questionId) {
         AccessUser user = (AccessUser) request.getAttribute("accessUser");
@@ -309,6 +328,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "向导入试卷中的新增试题", notes = "向导入试卷中的新增试题")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @PostMapping(value = "/paper/addQuestion/{paperId}/{paperDetailId}")
     public ResponseEntity insertQuestionToPaper(HttpServletRequest request, @PathVariable String paperId,
             @PathVariable String paperDetailId, @RequestBody Question question) {
@@ -319,6 +339,7 @@ public class PaperController {
     }
 
     @ApiOperation(value = "获取试卷的重复试题", notes = "获取试卷的重复试题")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/paper/{paperId}/reduplicate-questions")
     public ResponseEntity reduplicateQuestions(@PathVariable String paperId) {
 
@@ -395,6 +416,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "获取试题所在的试卷名称", notes = "获取试题所在的试卷名称")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/paper/listNames/{questionId}")
     public ResponseEntity getPaperNamesByQuesId(@PathVariable String questionId) {
         return new ResponseEntity(paperService.getPaperNamesByQuestionId(questionId), HttpStatus.OK);
@@ -407,6 +429,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "查询用于选题的试题列表", notes = "查询用于选题的试题列表")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/paper/listQuestion/{paperId}/{curPage}/{pageSize}")
     public ResponseEntity listQuestionforSelect(@PathVariable String paperId, @PathVariable int curPage,
             @PathVariable int pageSize, @RequestParam(name = "quesType") String quesType) {
@@ -430,6 +453,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "向导入试卷中的新增试题", notes = "向导入试卷中的新增试题")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @PostMapping(value = "/paper/selectQuestions/{paperId}/{paperDetailId}")
     public ResponseEntity selectQuestionsToPaper(HttpServletRequest request, @PathVariable String paperId,
             @PathVariable String paperDetailId, @RequestBody List<Question> questions) {
@@ -449,6 +473,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "查询所有导入试卷(not in paperIds)", notes = "查询所有导入试卷(not in paperIds)")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/importPaper/{ids}/{curPage}/{pageSize}")
     public ResponseEntity getImportPapersNotInIds(HttpServletRequest request,
             @ModelAttribute PaperSearchInfo paperSearchInfo, @PathVariable String[] ids, @PathVariable int curPage,
@@ -471,6 +496,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "查询该课程的所有导入试卷", notes = "查询该课程的所有导入试卷")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/importPaper/course")
     public ResponseEntity getImportPapersByCourseNo(HttpServletRequest request,
             @ModelAttribute PaperSearchInfo paperSearchInfo) {

cqb-paper/src/main/java/com/qmth/cqb/paper/web/PaperDetailController.java

@@ -22,7 +22,10 @@ import com.qmth.cqb.paper.model.PaperDetailUnit;
 import com.qmth.cqb.paper.service.PaperDetailService;
 import com.qmth.cqb.paper.service.PaperService;
 
+import cn.com.qmth.examcloud.common.uac.annotation.Uac;
 import cn.com.qmth.examcloud.common.uac.entity.AccessUser;
+import cn.com.qmth.examcloud.common.uac.enums.RoleMeta;
+import cn.com.qmth.examcloud.common.uac.enums.UacPolicy;
 import io.swagger.annotations.ApiOperation;
 
 /**
@@ -48,6 +51,7 @@ public class PaperDetailController {
      * @return
      */
     @ApiOperation(value = "获取大题对应的小题", notes = "获取大题对应的小题")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/paperDetail/units/{detail_id}")
     public List<PaperDetailUnit> getUnitsByPaperDetailId(String detail_id) {
         return paperDetailService.getUnitsByPaperDetailId(detail_id);
@@ -60,6 +64,7 @@ public class PaperDetailController {
      * @return
      */
     @ApiOperation(value = "获取大题", notes = "获取大题")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/paperDetail/{detail_id}")
     public PaperDetail getPaperDetailId(@PathVariable String detail_id) {
         return paperDetailService.findById(detail_id);
@@ -72,6 +77,7 @@ public class PaperDetailController {
      * @return
      */
     @ApiOperation(value = "更新试卷中的大题", notes = "更新试卷中的大题")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @PostMapping(value = "/updatePaperDetail/{paperId}")
     public ResponseEntity updatePaperDetail( HttpServletRequest request,
                                              @PathVariable String paperId, 
@@ -89,6 +95,7 @@ public class PaperDetailController {
      * @return
      */
     @ApiOperation(value = "新增大题", notes = "新增大题")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @PostMapping(value = "/paperDetail")
     public ResponseEntity addPaperDetail(@RequestBody PaperDetail pd) {
         PaperDetail paperDetail = paperDetailRepo.save(pd);
@@ -102,6 +109,7 @@ public class PaperDetailController {
      * @return
      */
     @ApiOperation(value = "删除大题", notes = "删除大题")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @DeleteMapping(value = "/paperDetail/{detailId}")
     public ResponseEntity removePaperDetail(@PathVariable String detailId) {
         paperDetailService.deletePaperDetail(detailId);
@@ -115,6 +123,7 @@ public class PaperDetailController {
      * @return
      */
     @ApiOperation(value = "根据试卷ID得到所有大题", notes = "根据试卷ID得到所有大题")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/paperDetail/paper/{paperId}")
     public ResponseEntity getPaperDetailsByPaperId(@PathVariable String paperId) {
         return new ResponseEntity(paperService.findPaperDetailsById(paperId), HttpStatus.OK);

cqb-paper/src/main/java/com/qmth/cqb/paper/web/PaperDetailUnitController.java

@@ -19,7 +19,10 @@ import com.qmth.cqb.paper.model.PaperDetailUnit;
 import com.qmth.cqb.paper.service.PaperDetailUnitService;
 import com.qmth.cqb.question.model.Question;
 
+import cn.com.qmth.examcloud.common.uac.annotation.Uac;
 import cn.com.qmth.examcloud.common.uac.entity.AccessUser;
+import cn.com.qmth.examcloud.common.uac.enums.RoleMeta;
+import cn.com.qmth.examcloud.common.uac.enums.UacPolicy;
 import io.swagger.annotations.ApiOperation;
 
 /**
@@ -39,6 +42,7 @@ public class PaperDetailUnitController {
      * @return
      */
     @ApiOperation(value = "获取小题对应的试题", notes = "获取小题对应的试题")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/paperDetailUnit/question/{unit_id}")
     public Question getQuestionByUnitId(String unit_id) {
         return unitService.getQuestionByPaperDetailUnitId(unit_id);
@@ -51,6 +55,7 @@ public class PaperDetailUnitController {
      * @return
      */
     @ApiOperation(value = "获取小题", notes = "获取小题")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/paperDetailUnit/{unit_id}")
     public PaperDetailUnit getPaperDetailUnitId(@PathVariable String unit_id) {
         return unitService.findById(unit_id);
@@ -63,6 +68,7 @@ public class PaperDetailUnitController {
      * @return
      */
     @ApiOperation(value = "更新小题", notes = "更新小题")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @PutMapping(value = "/paperDetailUnit")
     public ResponseEntity updatePaperDetailUnit(HttpServletRequest request, @RequestBody PaperDetailUnitExp pdu) {
         AccessUser user = (AccessUser) request.getAttribute("accessUser");
@@ -78,6 +84,7 @@ public class PaperDetailUnitController {
      * @return
      */
     @ApiOperation(value = "新增小题", notes = "新增小题")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @PostMapping(value = "/paperDetailUnit")
     public ResponseEntity addPaperDetailUnit(HttpServletRequest request, @RequestBody PaperDetailUnitExp pdu) {
         AccessUser user = (AccessUser) request.getAttribute("accessUser");
@@ -92,6 +99,7 @@ public class PaperDetailUnitController {
      * @return
      */
     @ApiOperation(value = "删除小题", notes = "删除小题")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @DeleteMapping(value = "/paperDetailUnit/{unitId}")
     public ResponseEntity removePaperDetailUnit(HttpServletRequest request, @PathVariable String unitId) {
         AccessUser user = (AccessUser) request.getAttribute("accessUser");

cqb-paper/src/main/java/com/qmth/cqb/paper/web/PaperStructController.java

@@ -24,7 +24,10 @@ import com.qmth.cqb.paper.model.PaperStruct;
 import com.qmth.cqb.paper.model.PaperStructSearchInfo;
 import com.qmth.cqb.paper.service.PaperStructService;
 
+import cn.com.qmth.examcloud.common.uac.annotation.Uac;
 import cn.com.qmth.examcloud.common.uac.entity.AccessUser;
+import cn.com.qmth.examcloud.common.uac.enums.RoleMeta;
+import cn.com.qmth.examcloud.common.uac.enums.UacPolicy;
 import io.swagger.annotations.ApiOperation;
 
 /**
@@ -47,6 +50,7 @@ public class PaperStructController {
      * @return
      */
     @ApiOperation(value = "获取试卷结构带分页", notes = "获取试卷结构带分页")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/paperStruct/{curPage}/{pageSize}")
     public ResponseEntity getPaperStructs(HttpServletRequest request, @ModelAttribute PaperStructSearchInfo searchInfo,
             @PathVariable int curPage, @PathVariable int pageSize) {
@@ -63,6 +67,7 @@ public class PaperStructController {
      */
     @ApiOperation(value = "获取试卷结构", notes = "获取试卷结构")
     @GetMapping(value = "/paperStruct")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     public ResponseEntity findAll() {
         return new ResponseEntity(paperStructRepo.findAll(), HttpStatus.OK);
     }
@@ -74,6 +79,7 @@ public class PaperStructController {
      * @return
      */
     @ApiOperation(value = "获取试卷结构", notes = "获取试卷结构")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/paperStruct/{id}")
     public ResponseEntity getPaperStructById(@PathVariable String id) {
         return new ResponseEntity(paperStructRepo.findOne(id), HttpStatus.OK);
@@ -86,6 +92,7 @@ public class PaperStructController {
      * @return
      */
     @ApiOperation(value = "更新试卷结构", notes = "更新试卷结构")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @PutMapping(value = "/paperStruct")
     public ResponseEntity updatePaperStruct(HttpServletRequest request, @RequestBody PaperStruct ps) {
         AccessUser user = (AccessUser) request.getAttribute("accessUser");
@@ -105,6 +112,7 @@ public class PaperStructController {
      * @return
      */
     @ApiOperation(value = "新增试卷结构", notes = "新增试卷结构")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @PostMapping(value = "/paperStruct")
     public ResponseEntity addPaperStruct(HttpServletRequest request, @RequestBody PaperStruct ps) {
         AccessUser user = (AccessUser) request.getAttribute("accessUser");
@@ -124,6 +132,7 @@ public class PaperStructController {
      * @return
      */
     @ApiOperation(value = "删除试卷结构", notes = "删除试卷结构")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @DeleteMapping(value = "/paperStruct/{ids}")
     public ResponseEntity removePaperStruct(@PathVariable String ids) {
         List<String> paperList = Stream.of(ids.split(",")).collect(Collectors.toList());