重构鉴权登录

stmms-biz/src/main/java/cn/com/qmth/stmms/biz/exam/bean/MarkerGroupVo.java

@@ -0,0 +1,64 @@
+package cn.com.qmth.stmms.biz.exam.bean;
+
+import cn.com.qmth.stmms.biz.exam.model.ExamSubject;
+import cn.com.qmth.stmms.biz.exam.model.Marker;
+import cn.com.qmth.stmms.common.enums.MarkMode;
+import io.swagger.annotations.ApiModelProperty;
+
+public class MarkerGroupVo {
+
+    @ApiModelProperty("评卷员id")
+    private Integer id;
+
+    @ApiModelProperty("")
+    private String subjectCode;
+
+    @ApiModelProperty("分组号")
+    private Integer groupNumber;
+
+    @ApiModelProperty("进度")
+    private Integer percent;
+
+    @ApiModelProperty("分组名")
+    private String title;
+
+    public Integer getId() {
+        return id;
+    }
+
+    public void setId(Integer id) {
+        this.id = id;
+    }
+
+    public String getSubjectCode() {
+        return subjectCode;
+    }
+
+    public void setSubjectCode(String subjectCode) {
+        this.subjectCode = subjectCode;
+    }
+
+    public Integer getGroupNumber() {
+        return groupNumber;
+    }
+
+    public void setGroupNumber(Integer groupNumber) {
+        this.groupNumber = groupNumber;
+    }
+
+    public Integer getPercent() {
+        return percent;
+    }
+
+    public void setPercent(Integer percent) {
+        this.percent = percent;
+    }
+
+    public String getTitle() {
+        return title;
+    }
+
+    public void setTitle(String title) {
+        this.title = title;
+    }
+}

stmms-biz/src/main/java/cn/com/qmth/stmms/biz/exam/bean/SystemStatusVo.java

@@ -0,0 +1,50 @@
+package cn.com.qmth.stmms.biz.exam.bean;
+
+import io.swagger.annotations.ApiModelProperty;
+
+public class SystemStatusVo {
+
+    @ApiModelProperty("文件服务地址")
+    private String fileServer;
+
+    @ApiModelProperty("首页LOGO")
+    private String indexLogo;
+
+    @ApiModelProperty("版本号")
+    private String versionName;
+
+    @ApiModelProperty("版本时间")
+    private String versionDate;
+
+    public String getFileServer() {
+        return fileServer;
+    }
+
+    public void setFileServer(String fileServer) {
+        this.fileServer = fileServer;
+    }
+
+    public String getIndexLogo() {
+        return indexLogo;
+    }
+
+    public void setIndexLogo(String indexLogo) {
+        this.indexLogo = indexLogo;
+    }
+
+    public String getVersionName() {
+        return versionName;
+    }
+
+    public void setVersionName(String versionName) {
+        this.versionName = versionName;
+    }
+
+    public String getVersionDate() {
+        return versionDate;
+    }
+
+    public void setVersionDate(String versionDate) {
+        this.versionDate = versionDate;
+    }
+}

stmms-web/src/main/java/cn/com/qmth/stmms/api/controller/admin/ExamController.java

@@ -1,11 +1,10 @@
 package cn.com.qmth.stmms.api.controller.admin;
 
 import java.math.BigDecimal;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Calendar;
-import java.util.List;
+import java.util.*;
 
+import cn.com.qmth.stmms.admin.utils.SessionExamUtils;
+import cn.com.qmth.stmms.common.utils.RequestUtils;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -47,6 +46,8 @@ import net.sf.json.JSONArray;
 import net.sf.json.JSONObject;
 import net.sf.json.JsonConfig;
 
+import javax.servlet.http.HttpServletRequest;
+
 @Api(tags = "考试管理")
 @Controller("adminExamController")
 @RequestMapping("/api/admin/exam")
@@ -90,9 +91,9 @@ public class ExamController extends BaseApiController {
     // }
 
     @ApiOperation(value = "考试分页查询")
-    @RequestMapping(value = "list", method = RequestMethod.POST)
+    @RequestMapping(value = "query", method = RequestMethod.POST)
     @ResponseBody
-    public PageResult<ExamVo> list(ExamSearchQuery query) {
+    public PageResult<ExamVo> query(ExamSearchQuery query) {
         ApiUser user = getApiUser();
         query.setSchoolId(user.getSchoolId());
         query.orderByIdDesc();
@@ -252,4 +253,30 @@ public class ExamController extends BaseApiController {
         ret.setTotalPaperCount(totalPaperCount);
         return ret;
     }
+
+    @ApiOperation(value = "考试下拉列表查询")
+    @RequestMapping(value = "list", method = RequestMethod.POST)
+    @ResponseBody
+    public List<ExamVo> list(ExamSearchQuery query) {
+        ApiUser wu = getApiUser();
+        List<Exam> examList = new ArrayList<Exam>();
+        if (wu.isSubjectHeader() || wu.isInspector()) {
+            examList = examService.findBySubjectHeaderUserId(wu.getUser().getSchoolId(), wu.getUser().getId());
+        } else if (wu.isSchoolViewer()) {
+            examList = examService.findBySchoolViewUserId(wu.getUser().getSchoolId(), wu.getUser().getId());
+        } else if (wu.isMarker()) {
+            Calendar rightNow = Calendar.getInstance();
+            rightNow.setTime(new Date());
+            rightNow.add(Calendar.YEAR, -1);
+            examList = examService.findByMarkerUserId(wu.getUser().getId(), rightNow.getTime());
+        } else {
+            examList = examService.findBySchoolId(wu.getUser().getSchoolId());
+        }
+        List<ExamVo> ret = new ArrayList<>();
+        for (Exam e : query.getResult()) {
+            ret.add(ExamVo.of(e));
+        }
+        return ret;
+    }
+
 }

stmms-web/src/main/java/cn/com/qmth/stmms/api/controller/admin/MarkGroupController.java

@@ -6,6 +6,8 @@ import java.util.List;
 
 import javax.servlet.http.HttpServletRequest;
 
+import cn.com.qmth.stmms.biz.exam.bean.MarkerGroupVo;
+import cn.com.qmth.stmms.biz.user.model.User;
 import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
@@ -589,4 +591,36 @@ public class MarkGroupController extends BaseApiController {
         }
         return resultOk();
     }
+
+    @ApiOperation(value = "查询评卷员可评的分组")
+    @RequestMapping(value = "/marker/list", method = RequestMethod.POST)
+    @ResponseBody
+    public List<MarkerGroupVo> groupQuery(HttpServletRequest request, @RequestParam Integer examId,
+                                          @RequestParam String subjectCode) {
+        User user = getApiUser().getUser();
+        List<Marker> list = markerService.findByExamAndSubjectAndUserIdAndEnable(examId, subjectCode, user.getId(),
+                true);
+        List<MarkerGroupVo> array = new ArrayList<>();
+        for (Marker marker : list) {
+            MarkGroup group = groupService.findOne(examId, marker.getSubjectCode(), marker.getGroupNumber());
+            group.setQuestionList(questionService.findByExamAndSubjectAndObjectiveAndGroupNumber(examId,
+                    marker.getSubjectCode(), false, group.getNumber()));
+            if (group.getStatus() != MarkStatus.FINISH) {
+                MarkerGroupVo vo = new MarkerGroupVo();
+                vo.setId( marker.getId());
+                vo.setTitle(group.getTitle());
+                vo.setGroupNumber(group.getNumber());
+                int percent = group.getLibraryCount() > 0 ? (int) (group.getMarkedCount() * 100.00 / group
+                        .getLibraryCount()) : 0;
+                if (group.getMarkedCount() > 0 && percent == 0) {
+                    percent = 1;
+                } else if (group.getLeftCount() > 0 && percent == 100) {
+                    percent = 99;
+                }
+                vo.setPercent(percent);
+                array.add(vo);
+            }
+        }
+        return array;
+    }
 }

stmms-web/src/main/java/cn/com/qmth/stmms/api/controller/admin/SubjectController.java

@@ -19,6 +19,10 @@ import java.util.Set;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import cn.com.qmth.stmms.biz.exam.model.*;
+import cn.com.qmth.stmms.biz.exam.service.*;
+import cn.com.qmth.stmms.common.enums.*;
+import net.sf.json.JSONArray;
 import org.apache.commons.io.FileUtils;
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang.StringUtils;
@@ -58,20 +62,6 @@ import cn.com.qmth.stmms.biz.common.domain.card.CardFile;
 import cn.com.qmth.stmms.biz.exam.bean.ExamVo;
 import cn.com.qmth.stmms.biz.exam.bean.ResultMessage;
 import cn.com.qmth.stmms.biz.exam.bean.SubjectSplit;
-import cn.com.qmth.stmms.biz.exam.model.AnswerCard;
-import cn.com.qmth.stmms.biz.exam.model.Exam;
-import cn.com.qmth.stmms.biz.exam.model.ExamQuestion;
-import cn.com.qmth.stmms.biz.exam.model.ExamSubject;
-import cn.com.qmth.stmms.biz.exam.model.MarkGroup;
-import cn.com.qmth.stmms.biz.exam.model.SelectiveGroup;
-import cn.com.qmth.stmms.biz.exam.service.AnswerCardService;
-import cn.com.qmth.stmms.biz.exam.service.ExamQuestionService;
-import cn.com.qmth.stmms.biz.exam.service.ExamService;
-import cn.com.qmth.stmms.biz.exam.service.ExamStudentService;
-import cn.com.qmth.stmms.biz.exam.service.ExamSubjectService;
-import cn.com.qmth.stmms.biz.exam.service.InspectHistoryService;
-import cn.com.qmth.stmms.biz.exam.service.MarkGroupService;
-import cn.com.qmth.stmms.biz.exam.service.SelectiveGroupService;
 import cn.com.qmth.stmms.biz.exam.service.query.ExamQuestionSearchQuery;
 import cn.com.qmth.stmms.biz.exam.service.query.ExamSubjectSearchQuery;
 import cn.com.qmth.stmms.biz.file.enums.FormatType;
@@ -81,12 +71,6 @@ import cn.com.qmth.stmms.biz.report.service.ReportService;
 import cn.com.qmth.stmms.biz.utils.PageUtil;
 import cn.com.qmth.stmms.common.annotation.Logging;
 import cn.com.qmth.stmms.common.domain.ApiUser;
-import cn.com.qmth.stmms.common.enums.CardSource;
-import cn.com.qmth.stmms.common.enums.ExamStatus;
-import cn.com.qmth.stmms.common.enums.LockType;
-import cn.com.qmth.stmms.common.enums.LogType;
-import cn.com.qmth.stmms.common.enums.ObjectiveStatus;
-import cn.com.qmth.stmms.common.enums.SubjectiveStatus;
 import cn.com.qmth.stmms.common.utils.ExportExcel;
 import cn.com.qmth.stmms.common.utils.ImportExcel;
 import cn.com.qmth.stmms.common.utils.RequestUtils;
@@ -145,6 +129,8 @@ public class SubjectController extends BaseApiController {
 
     @Autowired
     private InspectHistoryService inspectHistoryService;
+    @Autowired
+    private MarkerService markerService;
 
     @Value("${file.temp}")
     private String tempFile;
@@ -152,9 +138,24 @@ public class SubjectController extends BaseApiController {
     @ApiOperation(value = "科目下拉列表")
     @RequestMapping(value = "/list", method = RequestMethod.POST)
     @ResponseBody
-    public List<ExamSubject> list(HttpServletRequest request) {
-        int examId = getSessionExamId(request);
-        return getExamSubject(examId, RequestUtils.getApiUser(request));
+    public List<ExamSubject> list() {
+        int examId = getSessionExamId();
+        ApiUser wu = getApiUser();
+        if(wu.isMarker()){
+            List<Marker> list = markerService.findByExamAndUserId(examId, wu.getUser().getId());
+            Map<String,ExamSubject> map = new HashMap<>();
+            JSONArray array = new JSONArray();
+            for (Marker marker : list) {
+                MarkGroup group = groupService.findOne(examId, marker.getSubjectCode(), marker.getGroupNumber());
+                if (map.get(marker.getSubjectCode())==null && marker.isEnable()
+                        && group.getStatus() != MarkStatus.FINISH) {
+                    ExamSubject subject = subjectService.find(marker.getExamId(), marker.getSubjectCode());
+                    map.put(marker.getSubjectCode(),subject);
+                }
+            }
+            return new ArrayList<>(map.values());
+        }
+        return getExamSubject(examId,wu);
     }
 
     @ApiOperation(value = "科目层次下拉列表")

stmms-web/src/main/java/cn/com/qmth/stmms/api/controller/admin/SystemController.java

@@ -1,39 +1,183 @@
 package cn.com.qmth.stmms.api.controller.admin;
 
-import java.util.Arrays;
+import java.text.SimpleDateFormat;
+import java.util.Calendar;
+import java.util.Date;
 import java.util.List;
 
-import cn.com.qmth.stmms.biz.file.service.FileService;
-import io.swagger.annotations.Api;
-import io.swagger.annotations.ApiOperation;
-import net.sf.json.JSONObject;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import cn.com.qmth.stmms.admin.utils.SessionExamUtils;
+import cn.com.qmth.stmms.biz.exam.model.Exam;
+import cn.com.qmth.stmms.biz.exam.model.MarkGroup;
+import cn.com.qmth.stmms.biz.exam.model.Marker;
+import cn.com.qmth.stmms.biz.exam.service.ExamService;
+import cn.com.qmth.stmms.biz.exam.service.MarkGroupService;
+import cn.com.qmth.stmms.biz.exam.service.MarkerService;
+import cn.com.qmth.stmms.biz.exam.service.SubjectUserService;
+import cn.com.qmth.stmms.common.domain.ApiUser;
+import cn.com.qmth.stmms.common.enums.MarkStatus;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.ResponseBody;
 
 import cn.com.qmth.stmms.api.controller.BaseApiController;
-import cn.com.qmth.stmms.common.enums.ExamType;
+import cn.com.qmth.stmms.biz.config.service.impl.SystemCache;
+import cn.com.qmth.stmms.biz.exam.bean.ResultMessage;
+import cn.com.qmth.stmms.biz.exam.bean.SystemStatusVo;
+import cn.com.qmth.stmms.biz.exception.StatusException;
+import cn.com.qmth.stmms.biz.file.service.FileService;
+import cn.com.qmth.stmms.biz.user.model.User;
+import cn.com.qmth.stmms.biz.user.service.UserService;
+import cn.com.qmth.stmms.common.annotation.Logging;
+import cn.com.qmth.stmms.common.domain.WebUser;
+import cn.com.qmth.stmms.common.enums.LogType;
+import cn.com.qmth.stmms.common.enums.Role;
+import cn.com.qmth.stmms.common.session.model.StmmsSession;
+import cn.com.qmth.stmms.common.session.service.SessionService;
+import cn.com.qmth.stmms.common.utils.EncryptUtils;
+import cn.com.qmth.stmms.common.utils.RequestIPUtil;
+import cn.com.qmth.stmms.common.utils.RequestUtils;
+import cn.com.qmth.stmms.common.utils.VersionInfo;
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
+import org.springframework.web.servlet.ModelAndView;
 
-@Api(tags = "系统配置")
+@Api(tags = "系统配置和登录")
 @Controller("sysController")
-@RequestMapping("/api/sys")
+@RequestMapping("/api/admin/sys")
 public class SystemController extends BaseApiController {
 
     protected static final Logger log = LoggerFactory.getLogger(SystemController.class);
 
     @Autowired
     private FileService fileService;
+
+    @Autowired
+    private UserService userService;
+    @Autowired
+    private SubjectUserService subjectUserService;
+
+    @Autowired
+    private SystemCache authCache;
+
+    @Autowired
+    private SessionService sessionService;
+    @Autowired
+    private ExamService examService;
+    @Autowired
+    private MarkerService markerService;
+    @Autowired
+    private MarkGroupService groupService;
+
+    @Value("${index.logo}")
+    private String indexLogo;
+
     @ApiOperation(value = "系统版本及配置")
     @RequestMapping(value = "/version", method = RequestMethod.POST)
     @ResponseBody
-    public JSONObject version() {
-        JSONObject result  = new JSONObject();
-        result.accumulate("fileServer", fileService.getFileServer());
-        return result;
+    public SystemStatusVo version() {
+        SystemStatusVo vo = new SystemStatusVo();
+        vo.setFileServer(fileService.getFileServer());
+        vo.setIndexLogo(indexLogo);
+        vo.setVersionName(VersionInfo.NAME);
+        vo.setVersionDate(VersionInfo.DATE);
+        return vo;
+    }
+
+    @ApiOperation(value = "登出")
+    @RequestMapping(value = "/logout", method = RequestMethod.POST)
+    @ResponseBody
+    public ResultMessage logout(HttpServletRequest request) {
+        StmmsSession session = RequestUtils.getSession(request);
+        session.setInvalid(true);
+        return resultOk();
+    }
+
+    @ApiOperation(value = "登录")
+    @Logging(menu = "登录", type = LogType.QUERY)
+    @RequestMapping(value = "/login", method = RequestMethod.POST)
+    @ResponseBody
+    public User login(User user, HttpServletRequest request, HttpServletResponse response) {
+        StmmsSession session = RequestUtils.getSession(request);
+        User u = userService.findByLoginName(user.getLoginName());
+        if (u == null) {
+            throw new StatusException("用户不存在");
+        }
+        if (!u.getPassword().equals(EncryptUtils.md5(user.getPassword()))) {
+            throw new StatusException("密码错误");
+        }
+        if (!u.isEnable()) {
+            throw new StatusException("用户被禁用");
+        }
+        if (!authCache.isAuth() && u.getRole() != Role.SYS_ADMIN) {
+            throw new StatusException("系统未授权");
+        }
+        if (authCache.getExpireTime() != null && new Date(authCache.getExpireTime()).before(new Date())
+                && u.getRole() != Role.SYS_ADMIN) {
+            throw new StatusException("系统授权已过期");
+        }
+        u.setLastLoginTime(new Date());
+        u.setLastLoginIp(RequestIPUtil.getIpAddress(request));
+        u.refreshAccessToken();
+        u = userService.save(u);
+
+        ApiUser au = new ApiUser(u);
+        au.setSubjectCodeSet(subjectUserService.findSubjectCode(au.getId()));
+        RequestUtils.setApiUser(request, au);
+
+        WebUser wu = new WebUser(u);
+        session.saveWebUser(wu);
+        sessionService.put(request, response, session);
+
+        return u;
+    }
+    @ApiOperation(value = "考试选择")
+    @RequestMapping(value = "select/exam", method = RequestMethod.POST)
+    @ResponseBody
+    public ResultMessage selectExam(HttpServletRequest request, @RequestParam Integer examId) {
+        Exam exam = examService.findById(examId);
+        SessionExamUtils.setExamId(request, exam);
+        return resultOk();
     }
 
+    @ApiOperation(value = "分组选择")
+    @RequestMapping(value = "select/group", method = RequestMethod.POST)
+    @ResponseBody
+    public ResultMessage select(HttpServletRequest request, HttpServletResponse response, @RequestParam Integer markerId) {
+        Marker marker = markerService.findById(markerId);
+        if (marker == null) {
+            throw new StatusException("评卷分组不存在");
+        }
+        Exam exam = examService.findById(marker.getExamId());
+        Date now = new Date();
+        if ((exam.getStartTime() != null && now.before(exam.getStartTime()))
+                || (exam.getEndTime() != null && now.after(exam.getEndTime()))) {
+            SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
+            String start = exam.getStartTime() == null ? "" : " 开始时间：" + sdf.format(exam.getStartTime());
+            String end = exam.getEndTime() == null ? "" : " 结束时间：" + sdf.format(exam.getEndTime());
+            throw new StatusException("message", "不在评卷时间范围 " + start + " " + end);
+        }
+        MarkGroup group = groupService.findOne(marker.getExamId(), marker.getSubjectCode(), marker.getGroupNumber());
+        if (group == null) {
+            throw new StatusException("评卷分组不存在");
+        }
+        if (group.getStatus() == MarkStatus.FINISH) {
+            throw new StatusException("评卷分组已结束");
+        }
+        WebUser user = RequestUtils.getWebUser(request);
+        user.setMarkerId(marker.getId());
+        StmmsSession session = RequestUtils.getSession(request);
+        session.saveWebUser(user);
+        sessionService.put(request, response, session);
+        SessionExamUtils.setExamId(request, exam);
+        return resultOk();
+    }
 }

stmms-web/src/main/java/cn/com/qmth/stmms/api/controller/admin/UserController.java

@@ -45,6 +45,7 @@ import cn.com.qmth.stmms.common.utils.*;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import net.sf.json.JSONObject;
+import org.springframework.web.servlet.ModelAndView;
 
 @Api(tags = "用户管理")
 @Controller("adminUserController")
@@ -536,7 +537,7 @@ public class UserController extends BaseApiController {
 
     @ApiOperation(value = "重置密码")
     @Logging(menu = "用户重置密码", type = LogType.UPDATE)
-    @RequestMapping(value = "/reset", method = RequestMethod.POST)
+    @RequestMapping(value = "/resetPwd", method = RequestMethod.POST)
     @ResponseBody
     public ResultMessage reSetPassword(@RequestParam Integer[] ids, @RequestParam String password) {
         for (Integer id : ids) {
@@ -861,4 +862,21 @@ public class UserController extends BaseApiController {
         }
         return user;
     }
+
+    @Logging(menu = "首次登录修改姓名密码", type = LogType.UPDATE)
+    @RequestMapping(value = "/resetName", method = RequestMethod.POST)
+    public ResultMessage reset(HttpServletRequest request, User user) {
+        User current = getApiUser().getUser();
+        if (current.getPassword().equalsIgnoreCase(EncryptUtils.md5(user.getPassword()))) {
+            throw new StatusException("新密码不可与初始密码一致");
+        }
+        current.setName(user.getName());
+        current.setEmpno(user.getEmpno());
+        current.setRandomPassword(null);
+        current.setPassword(EncryptUtils.md5(user.getPassword()));
+        current.setLastLoginIp(RequestIPUtil.getIpAddress(request));
+        current.setLastLoginTime(new Date());
+        userService.save(current);
+        return resultOk();
+    }
 }

stmms-web/src/main/java/cn/com/qmth/stmms/api/interceptor/ApiInterceptor.java

@@ -1,6 +1,9 @@
 package cn.com.qmth.stmms.api.interceptor;
 
 import cn.com.qmth.stmms.api.exception.ApiException;
+import cn.com.qmth.stmms.biz.basic.service.PrivilegeService;
+import cn.com.qmth.stmms.biz.basic.service.RolePrivilegeService;
+import cn.com.qmth.stmms.biz.exam.service.SubjectUserService;
 import cn.com.qmth.stmms.biz.school.model.School;
 import cn.com.qmth.stmms.biz.school.service.SchoolService;
 import cn.com.qmth.stmms.biz.user.model.User;
@@ -9,6 +12,7 @@ import cn.com.qmth.stmms.common.annotation.RoleRequire;
 import cn.com.qmth.stmms.common.authorization.AuthorizationService;
 import cn.com.qmth.stmms.common.domain.ApiUser;
 import cn.com.qmth.stmms.common.domain.AuthInfo;
+import cn.com.qmth.stmms.common.domain.WebUser;
 import cn.com.qmth.stmms.common.enums.Role;
 import cn.com.qmth.stmms.common.session.service.SessionService;
 import cn.com.qmth.stmms.common.signature.SignatureInfo;
@@ -47,6 +51,14 @@ public class ApiInterceptor extends HandlerInterceptorAdapter {
 
     @Autowired
     private SessionService sessionService;
+    @Autowired
+    private SubjectUserService subjectUserService;
+
+    @Autowired
+    private RolePrivilegeService rolePrivilegeService;
+
+    @Autowired
+    private PrivilegeService privilegeService;
 
     @Override
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
@@ -149,7 +161,16 @@ public class ApiInterceptor extends HandlerInterceptorAdapter {
     }
 
     private boolean buildApiUser(HttpServletRequest request, HttpServletResponse response, User user) {
-        RequestUtils.setApiUser(request, new ApiUser(user));
+        ApiUser wu = new ApiUser(user);
+        if (wu != null) {
+            if (wu.getRole() == Role.SUBJECT_HEADER || wu.getRole() == Role.INSPECTOR
+                    || wu.getRole() == Role.COLLEGE_ADMIN || wu.getRole() == Role.SCHOOL_VIEWER) {
+                wu.setSubjectCodeSet(subjectUserService.findSubjectCode(wu.getId()));
+            }
+            RequestUtils.setRolePrivilegeCodes(request, rolePrivilegeService.getRoleCodes(wu.getUser().getSchoolId(), wu.getRole()));
+            RequestUtils.setPrivileges(request, privilegeService.getMenuPrivileges());
+        }
+        RequestUtils.setApiUser(request, wu);
         sessionService.put(request, response, RequestUtils.getSession(request));
         return true;
     }

stmms-web/src/main/java/cn/com/qmth/stmms/common/domain/ApiUser.java

@@ -1,11 +1,12 @@
 package cn.com.qmth.stmms.common.domain;
 
+import java.util.HashSet;
+import java.util.Set;
+
 import cn.com.qmth.stmms.biz.school.model.School;
 import cn.com.qmth.stmms.biz.user.model.User;
 import cn.com.qmth.stmms.common.enums.Role;
 
-import java.util.Set;
-
 public class ApiUser {
 
     private Integer schoolId;
@@ -28,6 +29,7 @@ public class ApiUser {
         this.user = user;
         schoolId = user.getSchoolId();
         role = user.getRole();
+        this.subjectCodeSet = new HashSet<>();
     }
 
     public Integer getSchoolId() {
@@ -80,5 +82,4 @@ public class ApiUser {
         }
         return user.getId();
     }
-
 }

stmms-web/src/main/webapp/WEB-INF/spring-mvc.xml

@@ -73,7 +73,9 @@
         </mvc:interceptor>
         <mvc:interceptor>
             <mvc:mapping path="/api/**"/>
-             <mvc:exclude-mapping path="/api/admin/login"/>
+            <mvc:exclude-mapping path="/api/admin/login"/>
+            <mvc:exclude-mapping path="/api/admin/sys/login"/>
+            <mvc:exclude-mapping path="/api/admin/sys/version"/>
             <bean id="apiInterceptor" class="cn.com.qmth.stmms.api.interceptor.ApiInterceptor"/>
         </mvc:interceptor>
     </mvc:interceptors>