修改权限

cqb-base/src/main/java/com/qmth/cqb/base/web/CourseController.java

@@ -49,7 +49,7 @@ public class CourseController {
      * @return
      */
     @ApiOperation(value = "获取全部课程", notes = "获取全部课程")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/course/{curPage}/{pageSize}")
     public ResponseEntity getAllCourse(@ModelAttribute Course searchCondition, @PathVariable int curPage,
             @PathVariable int pageSize) {
@@ -63,7 +63,7 @@ public class CourseController {
      * @return
      */
     @ApiOperation(value = "更新课程", notes = "更新课程")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @PutMapping(value = "/course")
     public ResponseEntity updateCourse(@ModelAttribute Course course) {
         return new ResponseEntity(courseRepo.save(course), HttpStatus.OK);
@@ -76,7 +76,7 @@ public class CourseController {
      * @return
      */
     @ApiOperation(value = "新增课程", notes = "新增课程")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @PostMapping(value = "/course")
     public ResponseEntity addCourse(@ModelAttribute Course course) {
         return new ResponseEntity(courseRepo.save(course), HttpStatus.OK);
@@ -89,7 +89,7 @@ public class CourseController {
      * @return
      */
     @ApiOperation(value = "删除课程", notes = "删除课程")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @DeleteMapping(value = "/course/{coruse_id}")
     public ResponseEntity removeCourse(@PathVariable String coruse_id) {
         courseRepo.delete(coruse_id);
@@ -103,7 +103,7 @@ public class CourseController {
      * @return
      */
     @ApiOperation(value = "根据课程名称或者课程编号获取课程信息", notes = "根据课程名称或者课程编号获取课程信息")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/course")
     public ResponseEntity getCourseByKeyword(@RequestParam String keyword) {
         return new ResponseEntity(courseService.findCoursesByKeyword(keyword), HttpStatus.OK);
@@ -116,7 +116,7 @@ public class CourseController {
      * @return
      */
     @ApiOperation(value = "根据课程编号获取课程信息", notes = "根据课程编号获取课程信息")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/course/{courseNo}")
     public ResponseEntity getCourseByNo(@PathVariable String courseNo) {
         return new ResponseEntity(courseRepo.findByCourseNo(courseNo), HttpStatus.OK);
@@ -128,7 +128,7 @@ public class CourseController {
      * @return
      */
     @ApiOperation(value = " 查询所有课程", notes = "查询所有课程")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/course/allCourses")
     public ResponseEntity getAllCourses() {
         List<Course> courses = courseRepo.findAll();

cqb-base/src/main/java/com/qmth/cqb/base/web/SettingController.java

@@ -35,7 +35,7 @@ public class SettingController {
      * @return
      */
     @ApiOperation(value="获取全部设置",notes="获取全部设置")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/setting")
     public ResponseEntity getAllSetting(){
         return new ResponseEntity(settingRepo.findAll(), HttpStatus.OK);
@@ -47,7 +47,7 @@ public class SettingController {
      * @return
      */
     @ApiOperation(value="更新设置",notes="更新设置")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @PutMapping(value = "/setting")
     public ResponseEntity updateSetting(@RequestBody SettingDto settingDto){
     	return new ResponseEntity(settingRepo.save(settingDto.getSettingList()),HttpStatus.OK);
@@ -59,7 +59,7 @@ public class SettingController {
      * @return
      */
     @ApiOperation(value="新增设置",notes="新增设置")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @PostMapping(value = "/setting")
     public ResponseEntity addSetting(@RequestBody SettingDto settingDto){
     	return new ResponseEntity(settingRepo.save(settingDto.getSettingList()),HttpStatus.OK);
@@ -71,7 +71,7 @@ public class SettingController {
      * @return
      */
     @ApiOperation(value="删除设置",notes="删除设置")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @DeleteMapping(value = "/setting/{id}")
     public ResponseEntity removeSetting(@PathVariable String id){
         settingRepo.delete(id);

cqb-gen-paper/src/main/java/com/qmth/cqb/genpaper/web/GenPaperController.java

@@ -34,7 +34,7 @@ public class GenPaperController {
     GenPaperService genPaperService;
 
     @ApiOperation(value = "简易随机组卷", notes = "简易随机组卷")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @PostMapping("/genPaper/simple")
     public ResponseEntity genPaperSimple(HttpServletRequest request, @RequestBody GenPaperDto genPaperDto) {
         AccessUser user = (AccessUser) request.getAttribute("accessUser");
@@ -79,7 +79,7 @@ public class GenPaperController {
     }
 
     @ApiOperation(value = "精细组卷", notes = "精细组卷")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @PostMapping("/genPaper/normal")
     public ResponseEntity genPaperNormal(HttpServletRequest request, @RequestBody GenPaperDto genPaperDto) {
         AccessUser user = (AccessUser) request.getAttribute("accessUser");

cqb-paper/src/main/java/com/qmth/cqb/paper/web/ExamPaperController.java

@@ -38,7 +38,6 @@ public class ExamPaperController {
 	
 	@ApiOperation(value = "根据考试ID和课程代码获取卷库考试试卷，按试卷类型分组"
 				, notes = "根据考试ID和课程代码获取卷库考试试卷，按试卷类型分组")
-	@Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/examPaper/listByGroupCode/{examId}/{courseCode}")
 	public ResponseEntity<Map<String, List<Paper>>> findExamPaper(@PathVariable Long examId, @PathVariable String courseCode){
 		ExamPaper condition = new ExamPaper();

cqb-paper/src/main/java/com/qmth/cqb/paper/web/ExportPaperController.java

@@ -36,7 +36,7 @@ public class ExportPaperController {
      * @return
      */
     @ApiOperation(value="导出试卷",notes="导出试卷")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/paper/export/{id}")
     public void getPaperById(@PathVariable String id, HttpServletResponse response){
         log.info("导出开始");

cqb-paper/src/main/java/com/qmth/cqb/paper/web/ExtractController.java

@@ -31,7 +31,6 @@ public class ExtractController {
     ExtractService extractService;
 
     @ApiOperation(value = "抽取试卷", notes = "抽取试卷")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/extract/{exam_id}/{course_code}/{group_code}")
     public ResponseEntity extract(@PathVariable String exam_id, @PathVariable String course_code,
             @PathVariable String group_code) {
@@ -48,7 +47,6 @@ public class ExtractController {
     }
 
     @ApiOperation(value = "抽取单个试题", notes = "抽取单个试题")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/extractQues/{ques_id}")
     public ResponseEntity extractQuestion(@PathVariable String ques_id) {
         Map<String, Object> quesMap = new HashMap<String, Object>();

cqb-paper/src/main/java/com/qmth/cqb/paper/web/ImportPaperController.java

@@ -62,7 +62,7 @@ public class ImportPaperController {
      * @return
      */
     @ApiOperation(value = "导入试卷", notes = "导入试卷")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @PostMapping(value = "/importPaper")
     public ResponseEntity importPaper(HttpServletRequest request, 
                                         @RequestParam String paperName,
@@ -102,7 +102,7 @@ public class ImportPaperController {
      * @return
      */
     @ApiOperation(value = "保存导入类型空白试卷", notes = "保存导入类型空白试卷")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @PostMapping(value = "/importPaper/saveBlankPaper/{courseNo}/{courseName}/{paperName}")
     public ResponseEntity saveBlankPaper(HttpServletRequest request, 
                                         @PathVariable String courseNo,

cqb-paper/src/main/java/com/qmth/cqb/paper/web/PaperController.java

@@ -78,7 +78,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "根据Id获取试卷", notes = "根据Id获取试卷")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/paper/{paperId}")
     public ResponseEntity getPaperById(@PathVariable String paperId) {
         return new ResponseEntity(gson.toJson(paperService.getPaperDto(paperId)), HttpStatus.OK);
@@ -91,7 +91,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "保存试卷", notes = "保存试卷")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @PutMapping(value = "/paper")
     public ResponseEntity savePaperById(HttpServletRequest request, @RequestBody PaperExp paper) {
         AccessUser user = (AccessUser) request.getAttribute("accessUser");
@@ -113,7 +113,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "查询所有导入试卷", notes = "查询所有导入试卷")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/importPaper/{curPage}/{pageSize}")
     public ResponseEntity getImportPapers(HttpServletRequest request, @ModelAttribute PaperSearchInfo paperSearchInfo,
             @PathVariable int curPage, @PathVariable int pageSize) {
@@ -123,7 +123,7 @@ public class PaperController {
     }
 
     @ApiOperation(value = "查询所有待审核和审核不通过的导入试卷", notes = "查询所有待审核和审核不通过的导入试卷")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/importPaperNotSuccess/{curPage}/{pageSize}")
     public ResponseEntity getImportPapersNotSuccess(HttpServletRequest request,
             @ModelAttribute PaperSearchInfo paperSearchInfo, @PathVariable int curPage, @PathVariable int pageSize) {
@@ -134,7 +134,7 @@ public class PaperController {
     }
 
     @ApiOperation(value = "根据条件查询导入试卷", notes = "根据条件查询导入试卷")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/getImportPaper")
     public ResponseEntity<List<Paper>> getImportPapersBySearch(@ModelAttribute PaperSearchInfo paperSearchInfo) {
         return new ResponseEntity<List<Paper>>(paperService.getImportPapersBySearch(paperSearchInfo), HttpStatus.OK);
@@ -149,7 +149,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "查询所有已组试卷", notes = "查询所有已组试卷")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/genPaper/{curPage}/{pageSize}")
     public ResponseEntity getGenPapers(HttpServletRequest request, @ModelAttribute PaperSearchInfo paperSearchInfo,
             @PathVariable int curPage, @PathVariable int pageSize) {
@@ -165,7 +165,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "删除试卷", notes = "删除试卷")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @DeleteMapping(value = "/paper/{paperIds}")
     public ResponseEntity delPaper(@PathVariable String paperIds) {
         List<String> paperList = Stream.of(paperIds.split(",")).collect(Collectors.toList());
@@ -185,7 +185,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "批量通过试卷", notes = "批量通过试卷")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @PutMapping(value = "/paper/pass")
     public ResponseEntity passPapers(@RequestBody PaperSearchInfo paperSearchInfo) {
         paperService.passPapers(Arrays.asList(paperSearchInfo.getPaperIds()));
@@ -199,7 +199,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "批量不通过试卷", notes = "批量不通过试卷")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @PutMapping(value = "/paper/noPass")
     public ResponseEntity noPassPapers(@RequestBody PaperSearchInfo paperSearchInfo) {
         paperService.noPassPapers(Arrays.asList(paperSearchInfo.getPaperIds()));
@@ -213,7 +213,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "批量待审核试卷", notes = "批量待审核试卷")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @PutMapping(value = "/paper/draft")
     public ResponseEntity initPapers(@RequestBody PaperSearchInfo paperSearchInfo) {
         paperService.backPapers(Arrays.asList(paperSearchInfo.getPaperIds()));
@@ -229,7 +229,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "获取卷库考试试卷", notes = "获取卷库考试试卷")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/paper/list/{examId}/{courseCode}/{groupCode}")
     public List<Paper> listPaperById(@PathVariable String examId, @PathVariable String courseCode,
             @PathVariable String groupCode) {
@@ -246,7 +246,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "新增考试试卷", notes = "新增考试试卷")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @PostMapping(value = "/paper/join/{examId}/{courseCode}/{groupCode}/{paperId}")
     public ResponseEntity joinExamPaper(@PathVariable String examId, @PathVariable String courseCode,
             @PathVariable String groupCode, @PathVariable String paperId) {
@@ -264,7 +264,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "删除考试试卷", notes = "删除考试试卷")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @DeleteMapping(value = "/paper/release/{examId}/{courseCode}/{groupCode}/{paperId}")
     public ResponseEntity releaseExamPaper(@PathVariable String examId, @PathVariable String courseCode,
             @PathVariable String groupCode, @PathVariable String paperId) {
@@ -281,7 +281,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "获取考试试卷类型集合", notes = "获取考试试卷类型集合")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/paper/groupCode/{examId}/{courseCode}")
     public Set<String> listGroup(@PathVariable String examId, @PathVariable String courseCode) {
         return paperService.listGroupCodes(Long.parseLong(examId), courseCode);
@@ -296,7 +296,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "删除考试试卷类型", notes = "删除考试试卷类型")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @DeleteMapping(value = "/paper/groupCode/{examId}/{courseCode}/{groupCode}")
     public ResponseEntity deleteGroup(@PathVariable String examId, @PathVariable String courseCode,
             @PathVariable String groupCode) {
@@ -311,7 +311,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "删除导入试卷中的试题", notes = "删除导入试卷中的试题")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @DeleteMapping(value = "/paper/deleteQuestion/{questionId}")
     public ResponseEntity deleteImportPaperQuestion(HttpServletRequest request, @PathVariable String questionId) {
         AccessUser user = (AccessUser) request.getAttribute("accessUser");
@@ -328,7 +328,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "向导入试卷中的新增试题", notes = "向导入试卷中的新增试题")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @PostMapping(value = "/paper/addQuestion/{paperId}/{paperDetailId}")
     public ResponseEntity insertQuestionToPaper(HttpServletRequest request, @PathVariable String paperId,
             @PathVariable String paperDetailId, @RequestBody Question question) {
@@ -339,7 +339,7 @@ public class PaperController {
     }
 
     @ApiOperation(value = "获取试卷的重复试题", notes = "获取试卷的重复试题")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/paper/{paperId}/reduplicate-questions")
     public ResponseEntity reduplicateQuestions(@PathVariable String paperId) {
 
@@ -416,7 +416,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "获取试题所在的试卷名称", notes = "获取试题所在的试卷名称")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/paper/listNames/{questionId}")
     public ResponseEntity getPaperNamesByQuesId(@PathVariable String questionId) {
         return new ResponseEntity(paperService.getPaperNamesByQuestionId(questionId), HttpStatus.OK);
@@ -429,7 +429,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "查询用于选题的试题列表", notes = "查询用于选题的试题列表")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/paper/listQuestion/{paperId}/{curPage}/{pageSize}")
     public ResponseEntity listQuestionforSelect(@PathVariable String paperId, @PathVariable int curPage,
             @PathVariable int pageSize, @RequestParam(name = "quesType") String quesType) {
@@ -453,7 +453,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "向导入试卷中的新增试题", notes = "向导入试卷中的新增试题")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @PostMapping(value = "/paper/selectQuestions/{paperId}/{paperDetailId}")
     public ResponseEntity selectQuestionsToPaper(HttpServletRequest request, @PathVariable String paperId,
             @PathVariable String paperDetailId, @RequestBody List<Question> questions) {
@@ -473,7 +473,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "查询所有导入试卷(not in paperIds)", notes = "查询所有导入试卷(not in paperIds)")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/importPaper/{ids}/{curPage}/{pageSize}")
     public ResponseEntity getImportPapersNotInIds(HttpServletRequest request,
             @ModelAttribute PaperSearchInfo paperSearchInfo, @PathVariable String[] ids, @PathVariable int curPage,
@@ -496,7 +496,7 @@ public class PaperController {
      * @return
      */
     @ApiOperation(value = "查询该课程的所有导入试卷", notes = "查询该课程的所有导入试卷")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/importPaper/course")
     public ResponseEntity getImportPapersByCourseNo(HttpServletRequest request,
             @ModelAttribute PaperSearchInfo paperSearchInfo) {

cqb-paper/src/main/java/com/qmth/cqb/paper/web/PaperDetailController.java

@@ -51,7 +51,7 @@ public class PaperDetailController {
      * @return
      */
     @ApiOperation(value = "获取大题对应的小题", notes = "获取大题对应的小题")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/paperDetail/units/{detail_id}")
     public List<PaperDetailUnit> getUnitsByPaperDetailId(String detail_id) {
         return paperDetailService.getUnitsByPaperDetailId(detail_id);
@@ -64,7 +64,7 @@ public class PaperDetailController {
      * @return
      */
     @ApiOperation(value = "获取大题", notes = "获取大题")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/paperDetail/{detail_id}")
     public PaperDetail getPaperDetailId(@PathVariable String detail_id) {
         return paperDetailService.findById(detail_id);
@@ -77,7 +77,7 @@ public class PaperDetailController {
      * @return
      */
     @ApiOperation(value = "更新试卷中的大题", notes = "更新试卷中的大题")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @PostMapping(value = "/updatePaperDetail/{paperId}")
     public ResponseEntity updatePaperDetail( HttpServletRequest request,
                                              @PathVariable String paperId, 
@@ -95,7 +95,7 @@ public class PaperDetailController {
      * @return
      */
     @ApiOperation(value = "新增大题", notes = "新增大题")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @PostMapping(value = "/paperDetail")
     public ResponseEntity addPaperDetail(@RequestBody PaperDetail pd) {
         PaperDetail paperDetail = paperDetailRepo.save(pd);
@@ -109,7 +109,7 @@ public class PaperDetailController {
      * @return
      */
     @ApiOperation(value = "删除大题", notes = "删除大题")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @DeleteMapping(value = "/paperDetail/{detailId}")
     public ResponseEntity removePaperDetail(@PathVariable String detailId) {
         paperDetailService.deletePaperDetail(detailId);
@@ -123,7 +123,7 @@ public class PaperDetailController {
      * @return
      */
     @ApiOperation(value = "根据试卷ID得到所有大题", notes = "根据试卷ID得到所有大题")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/paperDetail/paper/{paperId}")
     public ResponseEntity getPaperDetailsByPaperId(@PathVariable String paperId) {
         return new ResponseEntity(paperService.findPaperDetailsById(paperId), HttpStatus.OK);

cqb-paper/src/main/java/com/qmth/cqb/paper/web/PaperDetailUnitController.java

@@ -42,7 +42,7 @@ public class PaperDetailUnitController {
      * @return
      */
     @ApiOperation(value = "获取小题对应的试题", notes = "获取小题对应的试题")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/paperDetailUnit/question/{unit_id}")
     public Question getQuestionByUnitId(String unit_id) {
         return unitService.getQuestionByPaperDetailUnitId(unit_id);
@@ -55,7 +55,7 @@ public class PaperDetailUnitController {
      * @return
      */
     @ApiOperation(value = "获取小题", notes = "获取小题")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/paperDetailUnit/{unit_id}")
     public PaperDetailUnit getPaperDetailUnitId(@PathVariable String unit_id) {
         return unitService.findById(unit_id);
@@ -68,7 +68,7 @@ public class PaperDetailUnitController {
      * @return
      */
     @ApiOperation(value = "更新小题", notes = "更新小题")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @PutMapping(value = "/paperDetailUnit")
     public ResponseEntity updatePaperDetailUnit(HttpServletRequest request, @RequestBody PaperDetailUnitExp pdu) {
         AccessUser user = (AccessUser) request.getAttribute("accessUser");
@@ -84,7 +84,7 @@ public class PaperDetailUnitController {
      * @return
      */
     @ApiOperation(value = "新增小题", notes = "新增小题")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @PostMapping(value = "/paperDetailUnit")
     public ResponseEntity addPaperDetailUnit(HttpServletRequest request, @RequestBody PaperDetailUnitExp pdu) {
         AccessUser user = (AccessUser) request.getAttribute("accessUser");
@@ -99,7 +99,7 @@ public class PaperDetailUnitController {
      * @return
      */
     @ApiOperation(value = "删除小题", notes = "删除小题")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @DeleteMapping(value = "/paperDetailUnit/{unitId}")
     public ResponseEntity removePaperDetailUnit(HttpServletRequest request, @PathVariable String unitId) {
         AccessUser user = (AccessUser) request.getAttribute("accessUser");

cqb-paper/src/main/java/com/qmth/cqb/paper/web/PaperStructController.java

@@ -50,7 +50,7 @@ public class PaperStructController {
      * @return
      */
     @ApiOperation(value = "获取试卷结构带分页", notes = "获取试卷结构带分页")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/paperStruct/{curPage}/{pageSize}")
     public ResponseEntity getPaperStructs(HttpServletRequest request, @ModelAttribute PaperStructSearchInfo searchInfo,
             @PathVariable int curPage, @PathVariable int pageSize) {
@@ -67,7 +67,7 @@ public class PaperStructController {
      */
     @ApiOperation(value = "获取试卷结构", notes = "获取试卷结构")
     @GetMapping(value = "/paperStruct")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     public ResponseEntity findAll() {
         return new ResponseEntity(paperStructRepo.findAll(), HttpStatus.OK);
     }
@@ -79,7 +79,7 @@ public class PaperStructController {
      * @return
      */
     @ApiOperation(value = "获取试卷结构", notes = "获取试卷结构")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/paperStruct/{id}")
     public ResponseEntity getPaperStructById(@PathVariable String id) {
         return new ResponseEntity(paperStructRepo.findOne(id), HttpStatus.OK);
@@ -92,7 +92,7 @@ public class PaperStructController {
      * @return
      */
     @ApiOperation(value = "更新试卷结构", notes = "更新试卷结构")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @PutMapping(value = "/paperStruct")
     public ResponseEntity updatePaperStruct(HttpServletRequest request, @RequestBody PaperStruct ps) {
         AccessUser user = (AccessUser) request.getAttribute("accessUser");
@@ -112,7 +112,7 @@ public class PaperStructController {
      * @return
      */
     @ApiOperation(value = "新增试卷结构", notes = "新增试卷结构")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @PostMapping(value = "/paperStruct")
     public ResponseEntity addPaperStruct(HttpServletRequest request, @RequestBody PaperStruct ps) {
         AccessUser user = (AccessUser) request.getAttribute("accessUser");
@@ -132,7 +132,7 @@ public class PaperStructController {
      * @return
      */
     @ApiOperation(value = "删除试卷结构", notes = "删除试卷结构")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @DeleteMapping(value = "/paperStruct/{ids}")
     public ResponseEntity removePaperStruct(@PathVariable String ids) {
         List<String> paperList = Stream.of(ids.split(",")).collect(Collectors.toList());

cqb-question-resource/src/main/java/com/qmth/cqb/question/web/QuesController.java

@@ -52,7 +52,7 @@ public class QuesController {
      * @return
      */
     @ApiOperation(value = "获取试题", notes = "获取试题")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/question/{id}")
     public ResponseEntity getQuesById(@PathVariable String id) {
         Question ques = quesRepo.findOne(id);
@@ -66,7 +66,7 @@ public class QuesController {
      * @return
      */
     @ApiOperation(value = "分页查询试题", notes = "分页查询试题")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @GetMapping(value = "/question/{curPage}/{pageSize}")
     public ResponseEntity getAllQuestion(HttpServletRequest request,
                                         @ModelAttribute QuestionSearchCondition searchCondition,
@@ -84,7 +84,7 @@ public class QuesController {
      * @return
      */
     @ApiOperation(value = "更新试题", notes = "更新试题")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @PutMapping(value = "/question")
     public ResponseEntity updateQuestion(@RequestBody Question question) {
         quesService.saveQues(question);
@@ -98,7 +98,7 @@ public class QuesController {
      * @return
      */
     @ApiOperation(value = "新增试题", notes = "新增试题")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @PostMapping(value = "/question")
     public ResponseEntity addQuestion(HttpServletRequest request,
                                       @RequestBody Question question) {
@@ -112,7 +112,7 @@ public class QuesController {
      * @return
      */
     @ApiOperation(value = "删除试题", notes = "删除试题")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @DeleteMapping(value = "/question/{id}")
     public ResponseEntity removeQuestion(@PathVariable String id) {
         quesRepo.delete(id);
@@ -126,7 +126,7 @@ public class QuesController {
      * @return
      */
     @ApiOperation(value = "删除套题子题", notes = "删除套题子题")
-    @Uac(roles={RoleMeta.QUESTION_ADMIN},policy=UacPolicy.IN)
+    @Uac(roles={RoleMeta.QUESTION_ADMIN,RoleMeta.SUPER_ADMIN},policy=UacPolicy.IN)
     @PutMapping(value = "/question/{id}/{number}")
     public ResponseEntity removeQuestion(@PathVariable String id, @PathVariable String number) {
         Question question = quesRepo.findOne(id);