提交权限控制代码

cqb-base/src/main/java/com/qmth/cqb/base/web/CourseController.java

@@ -15,6 +15,10 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 
+import cn.com.qmth.examcloud.common.uac.annotation.Uac;
+import cn.com.qmth.examcloud.common.uac.enums.RoleMeta;
+import cn.com.qmth.examcloud.common.uac.enums.UacPolicy;
+
 import com.google.gson.Gson;
 import com.qmth.cqb.base.dao.CourseRepo;
 import com.qmth.cqb.base.model.Course;
@@ -45,6 +49,7 @@ public class CourseController {
      * @return
      */
     @ApiOperation(value = "获取全部课程", notes = "获取全部课程")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/course/{curPage}/{pageSize}")
     public ResponseEntity getAllCourse(@ModelAttribute Course searchCondition, @PathVariable int curPage,
             @PathVariable int pageSize) {
@@ -58,6 +63,7 @@ public class CourseController {
      * @return
      */
     @ApiOperation(value = "更新课程", notes = "更新课程")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @PutMapping(value = "/course")
     public ResponseEntity updateCourse(@ModelAttribute Course course) {
         return new ResponseEntity(courseRepo.save(course), HttpStatus.OK);
@@ -70,6 +76,7 @@ public class CourseController {
      * @return
      */
     @ApiOperation(value = "新增课程", notes = "新增课程")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @PostMapping(value = "/course")
     public ResponseEntity addCourse(@ModelAttribute Course course) {
         return new ResponseEntity(courseRepo.save(course), HttpStatus.OK);
@@ -82,6 +89,7 @@ public class CourseController {
      * @return
      */
     @ApiOperation(value = "删除课程", notes = "删除课程")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @DeleteMapping(value = "/course/{coruse_id}")
     public ResponseEntity removeCourse(@PathVariable String coruse_id) {
         courseRepo.delete(coruse_id);
@@ -95,6 +103,7 @@ public class CourseController {
      * @return
      */
     @ApiOperation(value = "根据课程名称或者课程编号获取课程信息", notes = "根据课程名称或者课程编号获取课程信息")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/course")
     public ResponseEntity getCourseByKeyword(@RequestParam String keyword) {
         return new ResponseEntity(courseService.findCoursesByKeyword(keyword), HttpStatus.OK);
@@ -107,6 +116,7 @@ public class CourseController {
      * @return
      */
     @ApiOperation(value = "根据课程编号获取课程信息", notes = "根据课程编号获取课程信息")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/course/{courseNo}")
     public ResponseEntity getCourseByNo(@PathVariable String courseNo) {
         return new ResponseEntity(courseRepo.findByCourseNo(courseNo), HttpStatus.OK);
@@ -118,6 +128,7 @@ public class CourseController {
      * @return
      */
     @ApiOperation(value = " 查询所有课程", notes = "查询所有课程")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/course/allCourses")
     public ResponseEntity getAllCourses() {
         List<Course> courses = courseRepo.findAll();

cqb-base/src/main/java/com/qmth/cqb/base/web/SettingController.java

@@ -1,10 +1,16 @@
 package com.qmth.cqb.base.web;
 
+import cn.com.qmth.examcloud.common.uac.annotation.Uac;
+import cn.com.qmth.examcloud.common.uac.enums.RoleMeta;
+import cn.com.qmth.examcloud.common.uac.enums.UacPolicy;
+
 import com.google.gson.Gson;
 import com.qmth.cqb.base.dao.SettingRepo;
 import com.qmth.cqb.base.dto.SettingDto;
 import com.qmth.cqb.base.model.Setting;
+
 import io.swagger.annotations.ApiOperation;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -29,6 +35,7 @@ public class SettingController {
      * @return
      */
     @ApiOperation(value="获取全部设置",notes="获取全部设置")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/setting")
     public ResponseEntity getAllSetting(){
         return new ResponseEntity(settingRepo.findAll(), HttpStatus.OK);
@@ -40,6 +47,7 @@ public class SettingController {
      * @return
      */
     @ApiOperation(value="更新设置",notes="更新设置")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @PutMapping(value = "/setting")
     public ResponseEntity updateSetting(@RequestBody SettingDto settingDto){
     	return new ResponseEntity(settingRepo.save(settingDto.getSettingList()),HttpStatus.OK);
@@ -51,6 +59,7 @@ public class SettingController {
      * @return
      */
     @ApiOperation(value="新增设置",notes="新增设置")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @PostMapping(value = "/setting")
     public ResponseEntity addSetting(@RequestBody SettingDto settingDto){
     	return new ResponseEntity(settingRepo.save(settingDto.getSettingList()),HttpStatus.OK);
@@ -62,6 +71,7 @@ public class SettingController {
      * @return
      */
     @ApiOperation(value="删除设置",notes="删除设置")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @DeleteMapping(value = "/setting/{id}")
     public ResponseEntity removeSetting(@PathVariable String id){
         settingRepo.delete(id);

cqb-gen-paper/src/main/java/com/qmth/cqb/genpaper/web/GenPaperController.java

@@ -17,7 +17,10 @@ import com.qmth.cqb.genpaper.model.GenPaperDto;
 import com.qmth.cqb.genpaper.service.GenPaperService;
 import com.qmth.cqb.utils.enums.RandomGenPaperPolicy;
 
+import cn.com.qmth.examcloud.common.uac.annotation.Uac;
 import cn.com.qmth.examcloud.common.uac.entity.AccessUser;
+import cn.com.qmth.examcloud.common.uac.enums.RoleMeta;
+import cn.com.qmth.examcloud.common.uac.enums.UacPolicy;
 import io.swagger.annotations.ApiOperation;
 
 /**
@@ -31,6 +34,7 @@ public class GenPaperController {
     GenPaperService genPaperService;
 
     @ApiOperation(value = "简易随机组卷", notes = "简易随机组卷")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @PostMapping("/genPaper/simple")
     public ResponseEntity genPaperSimple(HttpServletRequest request, @RequestBody GenPaperDto genPaperDto) {
         AccessUser user = (AccessUser) request.getAttribute("accessUser");
@@ -75,6 +79,7 @@ public class GenPaperController {
     }
 
     @ApiOperation(value = "精细组卷", notes = "精细组卷")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @PostMapping("/genPaper/normal")
     public ResponseEntity genPaperNormal(HttpServletRequest request, @RequestBody GenPaperDto genPaperDto) {
         AccessUser user = (AccessUser) request.getAttribute("accessUser");

cqb-paper/src/main/java/com/qmth/cqb/paper/web/ExtractConfigController.java

@@ -40,7 +40,6 @@ public class ExtractConfigController {
 	private ExtractConfigService extractConfigService;
 	
 	@ApiOperation(value = "根据考试ID和课程ID获取调卷规则", notes = "根据考试ID和课程ID获取调卷规则")
-	@Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/extractConfig/{examId}/{courseCode}")
 	public ResponseEntity<ExtractConfig> findExtractConfig(@PathVariable Long examId,@PathVariable String courseCode){
 		ExtractConfig condition = new ExtractConfig();
@@ -51,7 +50,6 @@ public class ExtractConfigController {
 	}
 	
 	@ApiOperation(value = "根据ID获取调卷规则", notes = "根据ID获取调卷规则")
-	@Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/extractConfig/{id}")
 	public ResponseEntity<ExtractConfig> findExtractConfigById(@PathVariable String id){
 		ExtractConfig extractConfig = extractConfigService.findConfigById(id);
@@ -59,7 +57,6 @@ public class ExtractConfigController {
 	} 
 	
 	@ApiOperation(value = "保存调卷规则", notes = "保存调卷规则")
-	@Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @PutMapping(value = "/extractConfig")
 	public ResponseEntity saveExtractConfig(HttpServletRequest request,@RequestBody ExtractConfig extractConfig){
 		try{
@@ -73,7 +70,6 @@ public class ExtractConfigController {
 	}
 	
 	@ApiOperation(value = "根据调卷规则生成试卷", notes = "根据调卷规则生成试卷")
-	@Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @PutMapping(value = "/makePaperByConfig/{id}")
 	public ResponseEntity makePaperByConfig(@PathVariable String id){
 		try{

cqb-question-resource/src/main/java/com/qmth/cqb/question/web/QuesController.java

@@ -23,7 +23,10 @@ import com.qmth.cqb.question.model.Question;
 import com.qmth.cqb.question.model.QuestionSearchCondition;
 import com.qmth.cqb.question.service.QuesService;
 
+import cn.com.qmth.examcloud.common.uac.annotation.Uac;
 import cn.com.qmth.examcloud.common.uac.entity.AccessUser;
+import cn.com.qmth.examcloud.common.uac.enums.RoleMeta;
+import cn.com.qmth.examcloud.common.uac.enums.UacPolicy;
 import io.swagger.annotations.ApiOperation;
 
 /**
@@ -49,6 +52,7 @@ public class QuesController {
      * @return
      */
     @ApiOperation(value = "获取试题", notes = "获取试题")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/question/{id}")
     public ResponseEntity getQuesById(@PathVariable String id) {
         Question ques = quesRepo.findOne(id);
@@ -62,6 +66,7 @@ public class QuesController {
      * @return
      */
     @ApiOperation(value = "分页查询试题", notes = "分页查询试题")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/question/{curPage}/{pageSize}")
     public ResponseEntity getAllQuestion(HttpServletRequest request,
                                         @ModelAttribute QuestionSearchCondition searchCondition,
@@ -79,6 +84,7 @@ public class QuesController {
      * @return
      */
     @ApiOperation(value = "更新试题", notes = "更新试题")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @PutMapping(value = "/question")
     public ResponseEntity updateQuestion(@RequestBody Question question) {
         quesService.saveQues(question);
@@ -92,6 +98,7 @@ public class QuesController {
      * @return
      */
     @ApiOperation(value = "新增试题", notes = "新增试题")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @PostMapping(value = "/question")
     public ResponseEntity addQuestion(HttpServletRequest request,
                                       @RequestBody Question question) {
@@ -105,6 +112,7 @@ public class QuesController {
      * @return
      */
     @ApiOperation(value = "删除试题", notes = "删除试题")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @DeleteMapping(value = "/question/{id}")
     public ResponseEntity removeQuestion(@PathVariable String id) {
         quesRepo.delete(id);
@@ -118,6 +126,7 @@ public class QuesController {
      * @return
      */
     @ApiOperation(value = "删除套题子题", notes = "删除套题子题")
+    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @PutMapping(value = "/question/{id}/{number}")
     public ResponseEntity removeQuestion(@PathVariable String id, @PathVariable String number) {
         Question question = quesRepo.findOne(id);

pom.xml

@@ -46,6 +46,11 @@
         <type>pom</type>
         <scope>import</scope>
       </dependency>
+      <dependency>
+            <groupId>cn.com.qmth.examcloud.common</groupId>
+            <artifactId>common-uac</artifactId>
+            <version>${project.version}</version>
+      </dependency>
     </dependencies>
   </dependencyManagement>