修复一些bug，学校新增子机构对接口的支持

stmms-biz/src/main/java/cn/com/qmth/stmms/biz/school/dao/SchoolDao.java

@@ -12,4 +12,6 @@ public interface SchoolDao extends PagingAndSortingRepository<School, Integer>,
     School findFirstByAccessKey(String accessKey);
 
     School findByCode(String code);
+
+    School findByParentIdAndSubCode(Integer schoolId, String subCode);
 }

stmms-biz/src/main/java/cn/com/qmth/stmms/biz/school/model/School.java

@@ -79,6 +79,12 @@ public class School implements Serializable {
     @Column(name = "update_time")
     private Date updateTime;
 
+    @Column(name = "parent_id", nullable = true)
+    private Integer parentId;
+
+    @Column(name = "sub_code", nullable = true)
+    private String subCode;
+
     public Integer getId() {
         return id;
     }
@@ -196,4 +202,20 @@ public class School implements Serializable {
         this.code = code;
     }
 
+    public Integer getParentId() {
+        return parentId;
+    }
+
+    public void setParentId(Integer parentId) {
+        this.parentId = parentId;
+    }
+
+    public String getSubCode() {
+        return subCode;
+    }
+
+    public void setSubCode(String subCode) {
+        this.subCode = subCode;
+    }
+
 }

stmms-biz/src/main/java/cn/com/qmth/stmms/biz/school/service/SchoolService.java

@@ -27,4 +27,6 @@ public interface SchoolService {
 
     List<School> parseJson(String json);
 
+    School findByParentIdAndSubCode(Integer schoolId, String subCode);
+
 }

stmms-biz/src/main/java/cn/com/qmth/stmms/biz/school/service/impl/SchoolServiceImpl.java

@@ -135,12 +135,13 @@ public class SchoolServiceImpl extends BaseQueryService<School> implements Schoo
                 school.setCreateTime(new Date());
                 school.setProvince("");
                 school.setCity("");
+                school.setCode(s.getCode());
                 school.setEnable(true);
             }
             school.setName(s.getName());
             school.setAccessKey(s.getAccessKey());
             school.setAccessSecret(s.getAccessSecret());
-            //school.setLogoUrl(s.getLogoUrl());
+            // school.setLogoUrl(s.getLogoUrl());
             school.setUpdateTime(new Date());
             schoolDao.save(school);
         }
@@ -163,4 +164,10 @@ public class SchoolServiceImpl extends BaseQueryService<School> implements Schoo
         }
         return schools;
     }
+
+    @Override
+    public School findByParentIdAndSubCode(Integer schoolId, String subCode) {
+        School school = schoolDao.findByParentIdAndSubCode(schoolId, subCode);
+        return school;
+    }
 }

stmms-web/src/main/java/cn/com/qmth/stmms/api/controller/BaseApiController.java

@@ -1,15 +1,20 @@
 package cn.com.qmth.stmms.api.controller;
 
-import cn.com.qmth.stmms.api.exception.ApiException;
-import cn.com.qmth.stmms.common.controller.BaseController;
+import javax.servlet.http.HttpServletResponse;
+
 import net.sf.json.JSONObject;
+
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 
-import javax.servlet.http.HttpServletResponse;
+import cn.com.qmth.stmms.api.exception.ApiException;
+import cn.com.qmth.stmms.biz.school.model.School;
+import cn.com.qmth.stmms.biz.school.service.SchoolService;
+import cn.com.qmth.stmms.common.controller.BaseController;
 
 public class BaseApiController extends BaseController {
 
@@ -17,6 +22,9 @@ public class BaseApiController extends BaseController {
 
     private static final String ERROR_MESSAGE_HEADER_KEY = "error-info";
 
+    @Autowired
+    private SchoolService schoolService;
+
     @ExceptionHandler
     public void exception(HttpServletResponse response, Exception ex) {
         log.error("api execute error", ex);
@@ -76,4 +84,23 @@ public class BaseApiController extends BaseController {
         }
         return value;
     }
+
+    protected School validate(Integer parentId, String subCode) {
+        School school = schoolService.findById(parentId);
+        if (StringUtils.isNotBlank(subCode)) {
+            school = schoolService.findByParentIdAndSubCode(parentId, subCode);
+            if (school == null || !school.isEnable()) {
+                throw ApiException.SCHOOL_NOT_ACCESSIBLED;
+            }
+        }
+        return school;
+    }
+
+    protected boolean validate(Integer parentId, Integer subId) {
+        School sub = schoolService.findById(subId);
+        if (sub == null) {
+            return false;
+        }
+        return parentId.equals(subId) || sub.getParentId().equals(parentId);
+    }
 }

stmms-web/src/main/java/cn/com/qmth/stmms/api/controller/CardController.java

@@ -57,7 +57,7 @@ public class CardController extends BaseApiController {
 
     private Exam validateExam(ApiUser au, Integer examId, ExamType... types) {
         Exam exam = examService.findById(examId);
-        if (exam == null || !exam.getSchoolId().equals(au.getSchoolId()) || exam.getStatus() != ExamStatus.START) {
+        if (exam == null || !validate(au.getSchoolId(), exam.getSchoolId()) || exam.getStatus() != ExamStatus.START) {
             throw ApiException.EXAM_NOT_ACCESSIBLED;
         }
         if (types != null && types.length > 0 && !Arrays.asList(types).contains(exam.getType())) {

stmms-web/src/main/java/cn/com/qmth/stmms/api/controller/CoreController.java

@@ -52,6 +52,8 @@ import cn.com.qmth.stmms.biz.exam.service.query.ExamQuestionSearchQuery;
 import cn.com.qmth.stmms.biz.file.service.FileService;
 import cn.com.qmth.stmms.biz.lock.LockService;
 import cn.com.qmth.stmms.biz.mark.service.MarkService;
+import cn.com.qmth.stmms.biz.school.model.School;
+import cn.com.qmth.stmms.biz.school.service.SchoolService;
 import cn.com.qmth.stmms.biz.user.model.User;
 import cn.com.qmth.stmms.biz.user.service.UserService;
 import cn.com.qmth.stmms.biz.utils.ScoreItem;
@@ -63,7 +65,9 @@ import cn.com.qmth.stmms.common.enums.LockType;
 import cn.com.qmth.stmms.common.enums.ObjectiveStatus;
 import cn.com.qmth.stmms.common.enums.Role;
 import cn.com.qmth.stmms.common.enums.SubjectiveStatus;
+import cn.com.qmth.stmms.common.enums.UserSource;
 import cn.com.qmth.stmms.common.utils.DateUtils;
+import cn.com.qmth.stmms.common.utils.EncryptUtils;
 import cn.com.qmth.stmms.common.utils.RequestUtils;
 
 @Controller("coreApiController")
@@ -118,12 +122,17 @@ public class CoreController extends BaseApiController {
     @Autowired
     private InspectHistoryService inspectHistoryService;
 
+    @Autowired
+    private SchoolService schoolService;
+
+    public static final String USER_PASSWORD = "123456";
+
     @RequestMapping(value = "/exam/save", method = RequestMethod.POST)
     @ResponseBody
     @RoleRequire({ Role.SCHOOL_ADMIN, Role.SCHOOL_DEV })
     public JSONObject examSave(HttpServletRequest request, @RequestParam(required = false) Integer id,
             @RequestParam(required = false) String code, @RequestParam String name, @RequestParam String examTime,
-            @RequestParam String type) {
+            @RequestParam String type, @RequestParam(required = false) String schoolCode) {
         ApiUser user = RequestUtils.getApiUser(request);
         JSONObject result = new JSONObject();
         // 输入字段预处理并初步校验
@@ -131,6 +140,7 @@ public class CoreController extends BaseApiController {
         name = validate("name", name, true, 32);
         Date time = DateUtils.parseDate(examTime);
         Exam current = null;
+        School school = validate(user.getSchoolId(), schoolCode);
         if (id != null) {
             // 根据id查找考试并校验
             current = examService.findById(id);
@@ -139,7 +149,7 @@ public class CoreController extends BaseApiController {
             }
         } else if (code != null) {
             // 根据code查找考试并校验
-            current = examService.findBySchoolAndCode(user.getSchoolId(), code);
+            current = examService.findBySchoolAndCode(school.getId(), code);
         } else {
             throw ApiException.QUERY_PARAM_ERROR.replaceMessage("id/code both unexists");
         }
@@ -181,7 +191,7 @@ public class CoreController extends BaseApiController {
             @RequestParam(required = false) String examSite, @RequestParam(required = false) String examRoom) {
         ApiUser user = RequestUtils.getApiUser(request);
         Exam exam = examService.findById(examId);
-        if (exam == null || !exam.getSchoolId().equals(user.getSchoolId()) || exam.getStatus() != ExamStatus.START) {
+        if (exam == null || !validate(user.getSchoolId(), exam.getSchoolId()) || exam.getStatus() != ExamStatus.START) {
             throw ApiException.EXAM_NOT_ACCESSIBLED;
         }
         examNumber = validate("examNumber", examNumber, true, 64);
@@ -270,7 +280,8 @@ public class CoreController extends BaseApiController {
     @ResponseBody
     @RoleRequire({ Role.SCHOOL_ADMIN, Role.SCHOOL_DEV })
     public JSONArray studentQuery(HttpServletRequest request, @RequestParam String studentCode,
-            @RequestParam(required = false) String subjectCode, @RequestParam(required = false) Date minExamTime) {
+            @RequestParam(required = false) String subjectCode, @RequestParam(required = false) Date minExamTime,
+            @RequestParam(required = false) String schoolCode) {
         ApiUser user = RequestUtils.getApiUser(request);
         JSONArray array = new JSONArray();
         studentCode = StringUtils.trimToNull(studentCode);
@@ -279,7 +290,8 @@ public class CoreController extends BaseApiController {
             throw ApiException.QUERY_PARAM_ERROR.replaceMessage("studentCode invalid");
         }
         ExamStudentSearchQuery query = new ExamStudentSearchQuery();
-        query.setSchoolId(user.getSchoolId());
+        School school = validate(user.getSchoolId(), schoolCode);
+        query.setSchoolId(school.getId());
         query.setStudentCode(studentCode);
         query.setSubjectCode(subjectCode);
         query.orderByExamIdDesc();
@@ -311,6 +323,7 @@ public class CoreController extends BaseApiController {
             @RequestParam(required = false) String studentCode, @RequestParam(required = false) String subjectCode,
             @RequestParam(required = false) String college, @RequestParam(required = false) String className,
             @RequestParam(required = false) String teacher, @RequestParam(required = false) Boolean withMarkTrack,
+            @RequestParam(required = false) String schoolCode,
             @RequestParam(required = false, defaultValue = "1") Integer pageNumber,
             @RequestParam(required = false, defaultValue = "20") Integer pageSize) {
         ApiUser user = RequestUtils.getApiUser(request);
@@ -321,8 +334,9 @@ public class CoreController extends BaseApiController {
         if (examId != null) {
             exam = examService.findById(examId);
         }
+        School school = validate(user.getSchoolId(), schoolCode);
         if (examCode != null) {
-            exam = examService.findBySchoolAndCode(user.getSchoolId(), examCode);
+            exam = examService.findBySchoolAndCode(school.getId(), examCode);
         }
         if (exam == null) {
             throw ApiException.QUERY_PARAM_ERROR.replaceMessage("exam unexists");
@@ -451,7 +465,7 @@ public class CoreController extends BaseApiController {
             @RequestParam(required = false) String examCode, @RequestParam(required = false) String examNumber,
             @RequestParam(required = false) String studentCode, @RequestParam(required = false) String subjectCode,
             @RequestParam(required = false) String college, @RequestParam(required = false) String className,
-            @RequestParam(required = false) String teacher) {
+            @RequestParam(required = false) String teacher, @RequestParam(required = false) String schoolCode) {
         ApiUser user = RequestUtils.getApiUser(request);
         if (examId == null && examCode == null) {
             throw ApiException.QUERY_PARAM_ERROR.replaceMessage("examId or examCode is required");
@@ -460,13 +474,14 @@ public class CoreController extends BaseApiController {
         if (examId != null) {
             exam = examService.findById(examId);
         }
+        School school = validate(user.getSchoolId(), schoolCode);
         if (examCode != null) {
-            exam = examService.findBySchoolAndCode(user.getSchoolId(), examCode);
+            exam = examService.findBySchoolAndCode(school.getId(), examCode);
         }
         if (exam == null) {
             throw ApiException.QUERY_PARAM_ERROR.replaceMessage("exam unexists");
         }
-        if (!exam.getSchoolId().equals(user.getSchoolId())) {
+        if (!validate(user.getSchoolId(), exam.getSchoolId())) {
             throw ApiException.EXAM_NOT_ACCESSIBLED;
         }
         ExamStudentSearchQuery query = new ExamStudentSearchQuery();
@@ -497,7 +512,7 @@ public class CoreController extends BaseApiController {
         Exam exam = examService.findById(examId);
         if (exam == null) {
             throw ApiException.QUERY_PARAM_ERROR.replaceMessage("examId invalid");
-        } else if (!exam.getSchoolId().equals(user.getSchoolId()) || exam.getStatus() != ExamStatus.START) {
+        } else if (!validate(user.getSchoolId(), exam.getSchoolId()) || exam.getStatus() != ExamStatus.START) {
             throw ApiException.EXAM_NOT_ACCESSIBLED;
         }
         ExamSubject subject = subjectService.find(examId, code);
@@ -524,14 +539,16 @@ public class CoreController extends BaseApiController {
     @RoleRequire({ Role.SCHOOL_ADMIN, Role.SCHOOL_DEV })
     public JSONObject userSave(HttpServletRequest request, @RequestParam String account,
             @RequestParam(required = false) String name, @RequestParam(required = false) String password,
-            @RequestParam(required = false) Role role, @RequestParam boolean enable) {
+            @RequestParam(required = false) Role role, @RequestParam boolean enable,
+            @RequestParam(required = false) String schoolCode) {
         ApiUser user = RequestUtils.getApiUser(request);
         JSONObject result = new JSONObject();
         // 输入字段预处理并初步校验
         account = validate("account", account, true, 32);
         name = validate("name", name, true, 32);
         password = validate("password", password, false, 32);
-        User u = userService.externalSaveAndUpdate(user.getSchoolId(), account, name, password, role);
+        School school = validate(user.getSchoolId(), schoolCode);
+        User u = userService.externalSaveAndUpdate(school.getId(), account, name, password, role);
         if (u.isEnable() != enable) {
             u.setEnable(enable);
             userService.save(u);
@@ -550,7 +567,7 @@ public class CoreController extends BaseApiController {
         Exam exam = examService.findById(paper.getExamId());
         if (exam == null) {
             throw ApiException.QUERY_PARAM_ERROR.replaceMessage("examId invalid");
-        } else if (!exam.getSchoolId().equals(user.getSchoolId()) || exam.getStatus() != ExamStatus.START) {
+        } else if (!validate(user.getSchoolId(), exam.getSchoolId()) || exam.getStatus() != ExamStatus.START) {
             throw ApiException.EXAM_NOT_ACCESSIBLED;
         }
         ExamSubject subject = subjectService.find(paper.getExamId(), paper.getSubjectCode());
@@ -627,7 +644,7 @@ public class CoreController extends BaseApiController {
         JSONArray result = new JSONArray();
         // 输入字段预处理并初步校验
         Exam exam = examService.findById(examId);
-        if (exam == null || !exam.getSchoolId().equals(user.getSchoolId()) || exam.getStatus() != ExamStatus.START) {
+        if (exam == null || !validate(user.getSchoolId(), exam.getSchoolId()) || exam.getStatus() != ExamStatus.START) {
             throw ApiException.EXAM_NOT_ACCESSIBLED;
         }
         subjectCode = validate("subjectCode", subjectCode, true, 64);
@@ -681,7 +698,7 @@ public class CoreController extends BaseApiController {
         JSONObject result = new JSONObject();
         // 输入字段预处理并初步校验
         Exam exam = examService.findById(examId);
-        if (exam == null || !exam.getSchoolId().equals(user.getSchoolId()) || exam.getStatus() != ExamStatus.START) {
+        if (exam == null || !validate(user.getSchoolId(), exam.getSchoolId()) || exam.getStatus() != ExamStatus.START) {
             throw ApiException.EXAM_NOT_ACCESSIBLED;
         }
         subjectCode = validate("subjectCode", subjectCode, true, 64);
@@ -714,7 +731,7 @@ public class CoreController extends BaseApiController {
         JSONObject result = new JSONObject();
         // 输入字段预处理并初步校验
         Exam exam = examService.findById(examId);
-        if (exam == null || !exam.getSchoolId().equals(user.getSchoolId()) || exam.getStatus() != ExamStatus.START) {
+        if (exam == null || !validate(user.getSchoolId(), exam.getSchoolId()) || exam.getStatus() != ExamStatus.START) {
             throw ApiException.EXAM_NOT_ACCESSIBLED;
         }
         subjectCode = validate("subjectCode", subjectCode, true, 64);
@@ -734,7 +751,7 @@ public class CoreController extends BaseApiController {
         JSONObject result = new JSONObject();
         // 输入字段预处理并初步校验
         Exam exam = examService.findById(dto.getExamId());
-        if (exam == null || !exam.getSchoolId().equals(user.getSchoolId()) || exam.getStatus() != ExamStatus.START) {
+        if (exam == null || !validate(user.getSchoolId(), exam.getSchoolId()) || exam.getStatus() != ExamStatus.START) {
             throw ApiException.EXAM_NOT_ACCESSIBLED;
         }
         String subjectCode = validate("subjectCode", dto.getSubjectCode(), true, 64);
@@ -786,7 +803,7 @@ public class CoreController extends BaseApiController {
         // 输入字段预处理并初步校验
         account = validate("account", account, true, 32);
         Exam exam = examService.findById(examId);
-        if (exam == null || !exam.getSchoolId().equals(user.getSchoolId()) || exam.getStatus() != ExamStatus.START) {
+        if (exam == null || !validate(user.getSchoolId(), exam.getSchoolId()) || exam.getStatus() != ExamStatus.START) {
             throw ApiException.EXAM_NOT_ACCESSIBLED;
         }
         subjectCode = validate("subjectCode", subjectCode, true, 64);
@@ -821,13 +838,14 @@ public class CoreController extends BaseApiController {
     @ResponseBody
     @RoleRequire({ Role.SCHOOL_ADMIN, Role.SCHOOL_DEV, Role.COLLEGE_ADMIN })
     public JSONObject subjectHeaderSave(HttpServletRequest request, @RequestParam String subjectCode,
-            @RequestParam String account) {
+            @RequestParam String account, @RequestParam(required = false) String schoolCode) {
         ApiUser user = RequestUtils.getApiUser(request);
         JSONObject result = new JSONObject();
         // 输入字段预处理并初步校验
         account = validate("account", account, true, 32);
         subjectCode = validate("subjectCode", subjectCode, true, 64);
-        User u = userService.findByAccount(user.getSchoolId(), account);
+        School school = validate(user.getSchoolId(), schoolCode);
+        User u = userService.findByAccount(school.getId(), account);
         if (u == null || !Role.SUBJECT_HEADER.equals(u.getRole())) {
             throw ApiException.QUERY_PARAM_ERROR.appendMessage(": account error");
         }
@@ -851,7 +869,7 @@ public class CoreController extends BaseApiController {
         JSONArray result = new JSONArray();
         // 输入字段预处理并初步校验
         Exam exam = examService.findById(examId);
-        if (exam == null || !exam.getSchoolId().equals(user.getSchoolId()) || exam.getStatus() != ExamStatus.START) {
+        if (exam == null || !validate(user.getSchoolId(), exam.getSchoolId()) || exam.getStatus() != ExamStatus.START) {
             throw ApiException.EXAM_NOT_ACCESSIBLED;
         }
         subjectCode = validate("subjectCode", subjectCode, true, 64);
@@ -887,7 +905,7 @@ public class CoreController extends BaseApiController {
             @RequestParam String examNumber, @RequestParam Double objectiveScore) {
         ApiUser user = RequestUtils.getApiUser(request);
         Exam exam = examService.findById(examId);
-        if (exam == null || !exam.getSchoolId().equals(user.getSchoolId()) || exam.getStatus() != ExamStatus.START
+        if (exam == null || !validate(user.getSchoolId(), exam.getSchoolId()) || exam.getStatus() != ExamStatus.START
                 || exam.getType() != ExamType.MULTI_MEDIA) {
             throw ApiException.EXAM_NOT_ACCESSIBLED;
         }
@@ -904,4 +922,43 @@ public class CoreController extends BaseApiController {
         return result;
     }
 
+    @RequestMapping(value = "/school/sub/save", method = RequestMethod.POST)
+    @ResponseBody
+    @RoleRequire({ Role.SCHOOL_DEV })
+    public JSONObject schoolSave(HttpServletRequest request, @RequestParam String code, @RequestParam String name) {
+        ApiUser user = RequestUtils.getApiUser(request);
+        JSONObject result = new JSONObject();
+        // 输入字段预处理并初步校验
+        code = validate("code", code, false, 32);
+        name = validate("name", name, true, 32);
+        School school = schoolService.findByParentIdAndSubCode(user.getSchoolId(), code);
+        if (school == null) {
+            School parent = schoolService.findById(user.getSchoolId());
+            school = new School();
+            school.setParentId(parent.getId());
+            school.setSubCode(parent.getCode() + "-" + code);
+            school.setEnable(true);
+            school.setProvince(parent.getProvince());
+            school.setCity(parent.getCity());
+            school.setAddress(parent.getAddress());
+            school.setDescription(parent.getDescription());
+            school.resetAccessKeyAndSecret();
+        }
+        school.setName(name);
+        school = schoolService.save(school);
+        User admin = userService.findSchoolAdmin(school.getId());
+        if (admin == null) {
+            admin = new User();
+            admin.setSchoolId(school.getId());
+            admin.setEnable(true);
+            admin.setRole(Role.SCHOOL_ADMIN);
+            admin.setSource(UserSource.INTERNAL);
+            admin.setLoginName("admin-" + school.getCode());
+            admin.setPassword(EncryptUtils.md5(USER_PASSWORD));
+            userService.save(admin);
+        }
+        result.accumulate("id", school.getId());
+        result.accumulate("updateTime", DateUtils.formatDateTime(new Date()));
+        return result;
+    }
 }

stmms-web/src/main/java/cn/com/qmth/stmms/api/controller/ExamController.java

@@ -49,7 +49,7 @@ public class ExamController extends BaseApiController {
 
     private Exam validateExam(ApiUser au, Integer examId, ExamType... types) {
         Exam exam = examService.findById(examId);
-        if (exam == null || !exam.getSchoolId().equals(au.getSchoolId()) || exam.getStatus() != ExamStatus.START) {
+        if (exam == null || !validate(au.getSchoolId(), exam.getSchoolId()) || exam.getStatus() != ExamStatus.START) {
             throw ApiException.EXAM_NOT_ACCESSIBLED;
         }
         if (types != null && types.length > 0 && !Arrays.asList(types).contains(exam.getType())) {

stmms-web/src/main/java/cn/com/qmth/stmms/api/controller/ExamInfoController.java

@@ -30,6 +30,7 @@ import cn.com.qmth.stmms.biz.exam.service.ExamService;
 import cn.com.qmth.stmms.biz.exam.service.ExamSubjectService;
 import cn.com.qmth.stmms.biz.file.service.FileService;
 import cn.com.qmth.stmms.biz.mark.model.PictureConfigItem;
+import cn.com.qmth.stmms.biz.school.model.School;
 import cn.com.qmth.stmms.common.annotation.Logging;
 import cn.com.qmth.stmms.common.annotation.RoleRequire;
 import cn.com.qmth.stmms.common.domain.ApiUser;
@@ -65,10 +66,12 @@ public class ExamInfoController extends BaseApiController {
     @RoleRequire({ Role.SCHOOL_ADMIN, Role.SCANNER, Role.SCHOOL_DEV })
     @RequestMapping("/exams")
     @ResponseBody
-    public JSONArray getExamInfos(HttpServletRequest request, ExamSearchQuery query) {
+    public JSONArray getExamInfos(HttpServletRequest request, ExamSearchQuery query,
+            @RequestParam(required = false) String schoolCode) {
         ApiUser user = RequestUtils.getApiUser(request);
         JSONArray array = new JSONArray();
-        query.setSchoolId(user.getSchoolId());
+        School school = validate(user.getSchoolId(), schoolCode);
+        query.setSchoolId(school.getId());
         query.setType(ExamType.SCAN_IMAGE);
         query.setStatus(ExamStatus.START);
         if (query.getPageSize() < 1) {

stmms-web/src/main/java/cn/com/qmth/stmms/api/controller/ExamPackageController.java

@@ -15,6 +15,8 @@ import cn.com.qmth.stmms.common.enums.Role;
 import cn.com.qmth.stmms.common.utils.RequestUtils;
 import net.sf.json.JSONArray;
 import net.sf.json.JSONObject;
+
+import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -23,6 +25,7 @@ import org.springframework.web.bind.annotation.*;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+
 import java.util.List;
 import java.util.stream.Collectors;
 
@@ -55,7 +58,7 @@ public class ExamPackageController extends BaseApiController {
             List<String> list = examStudentService.findDistinctPackageCode(examId);
             if (list != null) {
                 for (String code : list) {
-                    array.add(code);
+                    array.add(StringUtils.trimToEmpty(code));
                 }
             }
         } else {
@@ -101,7 +104,8 @@ public class ExamPackageController extends BaseApiController {
                     obj.accumulate("code", ep.getCode());
                     obj.accumulate("picCount", ep.getPicCount());
                     if (withUrl != null && withUrl.booleanValue()) {
-                        obj.accumulate("urls",
+                        obj.accumulate(
+                                "urls",
                                 fileService.getPackageUris(ep.getExamId(), ep.getCode(), 1, ep.getPicCount()).stream()
                                         .map(uri -> fileService.getFileServer().concat(uri))
                                         .collect(Collectors.toList()));

stmms-web/src/main/java/cn/com/qmth/stmms/api/controller/FileController.java

@@ -71,7 +71,7 @@ public class FileController extends BaseApiController {
 
     private Exam validateExam(ApiUser au, Integer examId, ExamType... types) {
         Exam exam = examService.findById(examId);
-        if (exam == null || !exam.getSchoolId().equals(au.getSchoolId()) || exam.getStatus() != ExamStatus.START) {
+        if (exam == null || !validate(au.getSchoolId(), exam.getSchoolId()) || exam.getStatus() != ExamStatus.START) {
             throw ApiException.EXAM_NOT_ACCESSIBLED;
         }
         if (types != null && types.length > 0 && !Arrays.asList(types).contains(exam.getType())) {
@@ -233,8 +233,8 @@ public class FileController extends BaseApiController {
                 String text = new String(ByteStreams.toByteArray(file.getInputStream()), "UTF-8");
                 Map<Boolean, List<ExamQuestion>> map = PaperJsonUtils.toSubject(subject, text);
                 // 客观题全体更新
-                if (0 != questionService
-                        .countByExamIdAndSubjectAndObjectiveAndGroupNumberIsNull(examId, subjectCode, true)) {
+                if (0 != questionService.countByExamIdAndSubjectAndObjectiveAndGroupNumberIsNull(examId, subjectCode,
+                        true)) {
                     questionService.deleteByExamAndSubjectAndObjective(examId, subjectCode, true);
                 }
                 List<ExamQuestion> oList = map.get(Boolean.TRUE);
@@ -243,8 +243,8 @@ public class FileController extends BaseApiController {
                 // 主观题有分组不更新
                 List<MarkGroup> groups = groupService.findByExamAndSubject(examId, subject.getCode());
                 if (groups == null || groups.size() == 0) {
-                    if (0 != questionService
-                            .countByExamIdAndSubjectAndObjectiveAndGroupNumberIsNull(examId, subjectCode, false)) {
+                    if (0 != questionService.countByExamIdAndSubjectAndObjectiveAndGroupNumberIsNull(examId,
+                            subjectCode, false)) {
                         questionService.deleteByExamAndSubjectAndObjective(examId, subjectCode, false);
                     }
                     List<ExamQuestion> sList = map.get(Boolean.FALSE);
@@ -254,10 +254,10 @@ public class FileController extends BaseApiController {
             fileService.uploadPaper(file.getInputStream(), md5, examId, subjectCode, format);
             subject.setPaperFileType(format);
             subjectService.save(subject);
-            subjectService
-                    .updateScore(examId, subjectCode, true, questionService.sumTotalScore(examId, subjectCode, true));
-            subjectService
-                    .updateScore(examId, subjectCode, false, questionService.sumTotalScore(examId, subjectCode, false));
+            subjectService.updateScore(examId, subjectCode, true,
+                    questionService.sumTotalScore(examId, subjectCode, true));
+            subjectService.updateScore(examId, subjectCode, false,
+                    questionService.sumTotalScore(examId, subjectCode, false));
         } catch (Exception e) {
             log.error("paper upload error", e);
             throw ApiException.FILE_UPLOAD_ERROR.replaceMessage("paper upload error: " + e.getMessage());
@@ -304,12 +304,13 @@ public class FileController extends BaseApiController {
         subjectCode = StringUtils.trimToNull(subjectCode);
         Exam exam = validateExam(au, examId, ExamType.SCAN_IMAGE);
         ExamSubject subject = subjectCode != null ? validateExamSubject(examId, subjectCode) : null;
-        //FormatType current = subject != null ? subject.getCardType() : exam.getCardType();
-        //if (current != null) {
-        //    validateFormatType(format, current);
-        //} else {
+        // FormatType current = subject != null ? subject.getCardType() :
+        // exam.getCardType();
+        // if (current != null) {
+        // validateFormatType(format, current);
+        // } else {
         validateFormatType(format, FormatType.JSON, FormatType.ZIP);
-        //}
+        // }
         String uri = "";
         InputStream ins = null;
         AnswerCard card = null;

stmms-web/src/main/java/cn/com/qmth/stmms/api/exception/ApiException.java

@@ -41,4 +41,6 @@ public class ApiException extends RuntimeException {
 
     public static final ApiException FORMAT_TYPE_ERROR = new ApiException(500, "format type error");
 
+    public static final ApiException SCHOOL_NOT_ACCESSIBLED = new ApiException(401, "user cannot access school");
+
 }

stmms-web/src/main/java/cn/com/qmth/stmms/open/controller/OpenUserController.java

@@ -47,7 +47,7 @@ public class OpenUserController {
     @RequestMapping(value = "/mark/login", method = RequestMethod.POST)
     public String markLogin(HttpServletRequest request, HttpServletResponse response, RedirectAttributes redirect,
             @RequestParam Long time, @RequestParam String authorization, @RequestParam String account,
-            @RequestParam String name, @RequestParam String returnUrl) {
+            @RequestParam String name, @RequestParam String returnUrl, @RequestParam(required = false) String schoolCode) {
         // 请求参数验证
         authorization = StringUtils.trimToEmpty(authorization);
         name = StringUtils.trimToNull(name);
@@ -75,6 +75,12 @@ public class OpenUserController {
         if (school == null || !school.isEnable() || !info.validate(school.getAccessSecret())) {
             return errorRedirect(redirect, returnUrl, "鉴权失败");
         }
+        if (StringUtils.isNotBlank(schoolCode)) {
+            school = schoolService.findByParentIdAndSubCode(school.getId(), schoolCode);
+            if (school == null || !school.isEnable()) {
+                return errorRedirect(redirect, returnUrl, "鉴权失败");
+            }
+        }
         // 查找第三方账号并登陆
         User user = userService.externalLogin(school.getId(), account, name, null, Role.MARKER);
         if (user == null) {
@@ -120,7 +126,8 @@ public class OpenUserController {
     @RequestMapping(value = "/subject_header/login", method = RequestMethod.POST)
     public String subjectHeaderLogin(HttpServletRequest request, HttpServletResponse response,
             RedirectAttributes redirect, @RequestParam Long time, @RequestParam String authorization,
-            @RequestParam String account, @RequestParam String name, @RequestParam String returnUrl) {
+            @RequestParam String account, @RequestParam String name, @RequestParam String returnUrl,
+            @RequestParam(required = false) String schoolCode) {
         // 请求参数验证
         authorization = StringUtils.trimToEmpty(authorization);
         name = StringUtils.trimToNull(name);
@@ -148,6 +155,12 @@ public class OpenUserController {
         if (school == null || !school.isEnable() || !info.validate(school.getAccessSecret())) {
             return errorRedirect(redirect, returnUrl, "鉴权失败");
         }
+        if (StringUtils.isNotBlank(schoolCode)) {
+            school = schoolService.findByParentIdAndSubCode(school.getId(), schoolCode);
+            if (school == null || !school.isEnable()) {
+                return errorRedirect(redirect, returnUrl, "鉴权失败");
+            }
+        }
         // 查找第三方账号并登陆
         User user = userService.externalLogin(school.getId(), account, name, null, Role.SUBJECT_HEADER);
         if (user == null) {

stmms-web/src/main/webapp/WEB-INF/views/modules/exam/questionAdd.jsp

@@ -72,13 +72,13 @@
 		<div class="control-group">
 			<label class="control-label">大题号</label>
 			<div class="controls">
-			 <input name="mainNumber" value="${examQuestion.mainNumber }" type="number" htmlEscape="false" max="100" min="1" class="required digits"/>
+			 <input name="mainNumber" value="${examQuestion.mainNumber }" type="number" htmlEscape="false" max="10000" min="1" class="required digits"/>
 			</div>
 		</div>
 		<div class="control-group">
 			<label class="control-label">小题号</label>
 			<div class="controls">
-			 <input name="subNumber" value="${examQuestion.subNumber }" type="number" htmlEscape="false" max="100" min="1" class="required digits"/>
+			 <input name="subNumber" value="${examQuestion.subNumber }" type="number" htmlEscape="false" max="10000" min="1" class="required digits"/>
 			</div>
 		</div>
 		<div class="control-group">

stmms-web/src/main/webapp/WEB-INF/views/modules/exam/questionEdit.jsp

@@ -67,13 +67,13 @@
 		<div class="control-group">
 			<label class="control-label">大题号</label>
 			<div class="controls">
-			 <input name="mainNumber" value="${examQuestion.mainNumber }" type="number" htmlEscape="false" max="100" min="1" class="required digits"/>
+			 <input name="mainNumber" value="${examQuestion.mainNumber }" type="number" htmlEscape="false" max="10000" min="1" class="required digits"/>
 			</div>
 		</div>
 		<div class="control-group">
 			<label class="control-label">小题号</label>
 			<div class="controls">
-			 <input name="subNumber" value="${examQuestion.subNumber }" type="number" htmlEscape="false" max="100" min="1" class="required digits"/>
+			 <input name="subNumber" value="${examQuestion.subNumber }" type="number" htmlEscape="false" max="10000" min="1" class="required digits"/>
 			</div>
 		</div>
 		<div class="control-group">

stmms-web/src/main/webapp/WEB-INF/views/modules/exam/selectiveList.jsp

@@ -194,10 +194,13 @@ $('.task-btn').click(function () {
             wrongMessage.html('请输入正整数!');
             return false;
         }
+        selectivePart = Number(selectivePart);
+        selectiveCount = Number(selectiveCount);
         if (selectivePart > 100 ||selectiveCount > 100 ||selectivePart <= 0 ||selectiveCount <= 0) {
             wrongMessage.html('数量不合法!');
             return false;
         }
+        debugger;
         if (selectivePart <= selectiveCount || selectiveCount<1) {
             wrongMessage.html('合分数量必须小于选择数量且大于等于1');
             return false;

stmms-web/src/main/webapp/sql/stmms_ft.sql

@@ -16,6 +16,8 @@ CREATE TABLE `b_school`
     `province`      varchar(16) NOT NULL COMMENT '省份',
     `city`          varchar(16) NOT NULL COMMENT '城市',
     `code`          varchar(64)  DEFAULT NULL COMMENT '代码',
+	`parent_id`     int(11)      DEFAULT NULL COMMENT '父机构ID',
+	`sub_code`      varchar(64)  DEFAULT NULL COMMENT '子机构代码',
     `address`       varchar(128) DEFAULT NULL COMMENT '地址',
     `phone`         varchar(32)  DEFAULT NULL COMMENT '电话',
     `logo_url`      text  DEFAULT NULL COMMENT '图片地址',