。。。

examcloud-exchange-outer-api-provider/src/main/java/cn/com/qmth/examcloud/exchange/outer/api/provider/FaceOuterServiceProvider.java

@@ -22,7 +22,6 @@ import com.google.common.collect.Maps;
 import cn.com.qmth.examcloud.commons.base.exception.StatusException;
 import cn.com.qmth.examcloud.commons.base.util.HttpClientUtil;
 import cn.com.qmth.examcloud.commons.base.util.ZipUtil;
-import cn.com.qmth.examcloud.commons.web.security.bean.User;
 import cn.com.qmth.examcloud.commons.web.support.ControllerSupport;
 import cn.com.qmth.examcloud.exchange.outer.api.FaceOuterService;
 import cn.com.qmth.examcloud.exchange.outer.service.FaceService;
@@ -69,6 +68,10 @@ public class FaceOuterServiceProvider extends ControllerSupport implements FaceO
 			@RequestParam @ApiParam(value = "照片地址", required = true) String photoUrl,
 			@RequestParam @ApiParam(value = "操作者", required = true) String operator) {
 
+		if (!getSecurityRootOrgId().equals(rootOrgId)) {
+			throw new StatusException("EX-1000001", "rootOrgId is wrong");
+		}
+
 		if (photoUrl.startsWith("http")) {
 			byte[] bs = HttpClientUtil.get(photoUrl);
 
@@ -98,9 +101,14 @@ public class FaceOuterServiceProvider extends ControllerSupport implements FaceO
 	@PostMapping("addPhoto")
 	@Override
 	public void addPhoto(
+			@RequestParam @ApiParam(value = "顶级机构ID", example = "1", required = true) Long rootOrgId,
+			@RequestParam @ApiParam(value = "身份证", required = true) String identityNumber,
+			@RequestParam @ApiParam(value = "操作者", required = true) String operator,
 			@RequestParam @ApiParam(value = "学生照片文件(文件名称=身份证号码+文件后缀) 如：xxxxxxxxxx.jpg", required = true) CommonsMultipartFile file) {
-		User accessUser = getAccessUser();
-		Long rootOrgId = accessUser.getRootOrgId();
+
+		if (!getSecurityRootOrgId().equals(rootOrgId)) {
+			throw new StatusException("EX-1000001", "rootOrgId is wrong");
+		}
 
 		DiskFileItem item = (DiskFileItem) file.getFileItem();
 		File storeLocation = item.getStoreLocation();
@@ -113,21 +121,22 @@ public class FaceOuterServiceProvider extends ControllerSupport implements FaceO
 		if (!fileName.matches("[^\\.\\s]+\\.[^\\.\\s]+")) {
 			throw new StatusException("EX-600101", "文件名不合法");
 		}
-		String identityNumber = fileName.substring(0, fileName.lastIndexOf("."));
 		String fileSuffix = fileName.substring(fileName.lastIndexOf("."));
 
-		faceService.processFace(rootOrgId, identityNumber, fileSuffix, storeLocation,
-				accessUser.getDisplayName());
+		faceService.processFace(rootOrgId, identityNumber, fileSuffix, storeLocation, operator);
 	}
 
 	@ApiOperation(value = "导入学生照片", httpMethod = "POST")
 	@PostMapping("importPhotos")
 	@Override
 	public List<Map<String, String>> importPhotos(
+			@RequestParam @ApiParam(value = "顶级机构ID", example = "1", required = true) Long rootOrgId,
+			@RequestParam @ApiParam(value = "操作者", required = true) String operator,
 			@RequestParam @ApiParam(value = "学生照片文件(身份证号码+文件后缀)压缩包(ZIP文件,压缩包内不含目录)", required = true) CommonsMultipartFile file) {
 
-		User accessUser = getAccessUser();
-		Long rootOrgId = accessUser.getRootOrgId();
+		if (!getSecurityRootOrgId().equals(rootOrgId)) {
+			throw new StatusException("EX-1000001", "rootOrgId is wrong");
+		}
 
 		DiskFileItem item = (DiskFileItem) file.getFileItem();
 		File storeLocation = item.getStoreLocation();
@@ -181,7 +190,7 @@ public class FaceOuterServiceProvider extends ControllerSupport implements FaceO
 				String fileSuffix = fileName.substring(fileName.lastIndexOf("."));
 
 				faceService.processFace(rootOrgId, identityNumber, fileSuffix, storeLocation,
-						accessUser.getDisplayName());
+						operator);
 
 				map.put("statusCode", "200");
 				map.put("statusDesc", "成功");

examcloud-exchange-outer-api-provider/src/main/java/cn/com/qmth/examcloud/exchange/outer/api/provider/StudentOuterServiceProvider.java

@@ -63,6 +63,11 @@ public class StudentOuterServiceProvider extends ControllerSupport implements St
 		trim(req);
 
 		Long rootOrgId = req.getRootOrgId();
+
+		if (!getSecurityRootOrgId().equals(rootOrgId)) {
+			throw new StatusException("EX-1000001", "rootOrgId is wrong");
+		}
+
 		String identityNumber = req.getIdentityNumber();
 
 		SaveStudentReq request = new SaveStudentReq();

examcloud-exchange-outer-api/src/main/java/cn/com/qmth/examcloud/exchange/outer/api/FaceOuterService.java

@@ -20,8 +20,10 @@ public interface FaceOuterService extends OuterService {
 	void addPhotoByUrl(@RequestParam Long rootOrgId, @RequestParam String identityNumber,
 			@RequestParam String photoUrl, @RequestParam String operator);
 
-	void addPhoto(@RequestParam CommonsMultipartFile file);
+	void addPhoto(Long rootOrgId, String identityNumber, String operator,
+			CommonsMultipartFile file);
 
-	List<Map<String, String>> importPhotos(@RequestParam CommonsMultipartFile file);
+	List<Map<String, String>> importPhotos(Long rootOrgId, String operator,
+			CommonsMultipartFile file);
 
 }