Merge remote-tracking branch 'origin/test20200828' into dev_20201016

stmms-web/src/main/java/cn/com/qmth/stmms/common/controller/LoginController.java

@@ -91,6 +91,10 @@ public class LoginController {
                 return modelAndView;
             }
         } else if ("mark-login".equals(showType) || "mark-login".equals(loginType)) {
+            if (u.getRole() != Role.MARKER) {
+                modelAndView.addObject("message", "user.login.error.access");
+                return modelAndView;
+            }
             if (u.getLastLoginTime() == null) {
                 u.refreshAccessToken();
                 userService.save(u);

stmms-web/src/main/java/cn/com/qmth/stmms/common/interceptor/SessionInterceptor.java

@@ -56,12 +56,29 @@ public class SessionInterceptor extends HandlerInterceptorAdapter {
             throws IOException {
         StmmsSession session = RequestUtils.getSession(request);
         session.setInvalid(true);
-        response.sendError(HttpServletResponse.SC_UNAUTHORIZED, redirectURI);
         sessionService.put(request, response, session);
         response.sendRedirect(request.getContextPath() + redirectURI);
         return false;
     }
 
+    /**
+     * 强制失效session，执行请求跳转
+     *
+     * @param request
+     * @param response
+     * @param redirectURI
+     * @return
+     * @throws IOException
+     */
+    protected boolean sessionExpireAjax(HttpServletRequest request, HttpServletResponse response, String redirectURI)
+            throws IOException {
+        StmmsSession session = RequestUtils.getSession(request);
+        session.setInvalid(true);
+        response.sendError(HttpServletResponse.SC_UNAUTHORIZED, redirectURI);
+        sessionService.put(request, response, session);
+        return false;
+    }
+
     /**
      * 强制执行请求跳转
      *

stmms-web/src/main/java/cn/com/qmth/stmms/mark/MarkController.java

@@ -197,6 +197,9 @@ public class MarkController extends BaseController {
     @RequestMapping("/index")
     public ModelAndView index(HttpServletRequest request, @RequestParam(value = "mode", required = false) String mode) {
         Marker marker = RequestUtils.getWebUser(request).getMarker();
+        if (marker == null) {
+            return new ModelAndView("redirect:/mark/subject-select");
+        }
         ModelAndView modelAndView = getMarkModeView(marker, MarkMode.findByName(mode));
         preProcess(marker, modelAndView);
         return modelAndView;

stmms-web/src/main/java/cn/com/qmth/stmms/mark/interceptor/MarkInterceptor.java

@@ -25,11 +25,10 @@ public class MarkInterceptor extends SessionInterceptor {
     private MarkerService markerService;
 
     @Override
-    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
-            throws Exception {
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
         WebUser wu = buildUser(request);
         if (wu != null) {
-            if (wu.getUser().getLastLoginTime() == null&& request.getServletPath().startsWith("/mark/reset")) {
+            if (wu.getUser().getLastLoginTime() == null && request.getServletPath().startsWith("/mark/reset")) {
                 // 首次登录，强制重置密码及姓名
                 return true;
             } else if (wu.getMarkerId() == null && !request.getServletPath().startsWith("/mark/subject")) {
@@ -38,7 +37,13 @@ public class MarkInterceptor extends SessionInterceptor {
             }
             return true;
         }
-        return sessionExpire(request, response, "/login");
+        if (request.getServletPath().startsWith("/mark/subject-select")
+                || request.getServletPath().startsWith("/mark/index")
+                || request.getServletPath().startsWith("/mark/rest")
+                || request.getServletPath().startsWith("/mark/logout")) {
+            return sessionExpire(request, response, "/login");
+        }
+        return sessionExpireAjax(request, response, "/login");
     }
 
     private WebUser buildUser(HttpServletRequest request) {

stmms-web/src/main/webapp/WEB-INF/views/modules/mark/markJson.jsp

@@ -41,7 +41,7 @@
 	$(document).ajaxError(function (evt, req, settings) {
 	    if (req.status == 401) {
 	        alert("账号已在其他地方登录！");
-	        window.location.href = req.statusText;
+	        window.location.href = '/login';
 	    }
 	});
 	

stmms-web/src/main/webapp/WEB-INF/views/modules/mark/markNew.jsp

@@ -47,7 +47,7 @@
     $(document).ajaxError(function (evt, req, settings) {
         if (req.status == 401) {
             alert("账号已在其他地方登录！");
-            window.location.href = req.statusText;
+            window.location.href = '/login';
         }
     });
 

stmms-web/src/main/webapp/WEB-INF/views/modules/mark/markTrack.jsp

@@ -40,7 +40,7 @@
     $(document).ajaxError(function (evt, req, settings) {
         if (req.status == 401) {
             alert("账号已在其他地方登录！");
-            window.location.href = req.statusText;
+            window.location.href = '/login';
         }
     });
 

stmms-web/src/main/webapp/WEB-INF/views/modules/mark/subjectSelect.jsp

@@ -50,8 +50,8 @@
 
             $(document).ajaxError(function (evt, req, settings) {
                 if (req.status == 401) {
-                    alert("权限失效，请重新登录！");
-                    window.location.href = "/mark-login";
+                	alert("账号已在其他地方登录！");
+                    window.location.href = "/login";
                 }
             });