修改对外API接口

1.增加详细的错误信息返回
2.部分接口修改权限判断规则
3.修改部分考生获取接口分页限制

stmms-biz/src/main/java/cn/com/qmth/stmms/biz/api/auth/exception/ApiException.java

@@ -0,0 +1,31 @@
+package cn.com.qmth.stmms.biz.api.auth.exception;
+
+public class ApiException extends RuntimeException {
+
+    private static final long serialVersionUID = 1808125284186980834L;
+
+    public static final ApiException USER_UNEXIST = new ApiException(401, "用户不存在");
+
+    public static final ApiException USER_PASSWORD_ERROR = new ApiException(401, "用户密码错误");
+
+    public static final ApiException USER_NOT_ADMIN = new ApiException(401, "用户没有管理员权限");
+
+    public static final ApiException EXAM_NOT_ACCESSIBLE = new ApiException(401, "用户没有访问该考试的权限");
+
+    private int code;
+
+    private String message;
+
+    private ApiException(int code, String message) {
+        this.code = code;
+        this.message = message;
+    }
+
+    public int getCode() {
+        return code;
+    }
+
+    public String getMessage() {
+        return message;
+    }
+}

stmms-biz/src/main/java/cn/com/qmth/stmms/biz/api/auth/service/validator/AdminUserValidator.java

@@ -5,6 +5,7 @@ import javax.annotation.PostConstruct;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
+import cn.com.qmth.stmms.biz.api.auth.exception.ApiException;
 import cn.com.qmth.stmms.biz.api.auth.interfaces.AuthValidator;
 import cn.com.qmth.stmms.biz.api.auth.model.AuthInfo;
 import cn.com.qmth.stmms.biz.user.model.User;
@@ -24,9 +25,14 @@ public class AdminUserValidator implements AuthValidator {
     @Override
     public boolean validate(AuthInfo auth) {
         User user = auth.getLoginUser();
-        return user != null
-                && (user.getRoles().contains(Role.CAMPUS_ADMIN) || user.getRoles().contains(
-                        Role.SCHOOL_ADMIN));
+        if (user == null) {
+            throw ApiException.USER_UNEXIST;
+        }
+        if (user.getRoles().contains(Role.CAMPUS_ADMIN) || user.getRoles().contains(Role.SCHOOL_ADMIN)) {
+            return true;
+        } else {
+            throw ApiException.USER_NOT_ADMIN;
+        }
     }
 
     @Override

stmms-biz/src/main/java/cn/com/qmth/stmms/biz/api/auth/service/validator/DefaultValidator.java

@@ -5,6 +5,7 @@ import javax.annotation.PostConstruct;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
+import cn.com.qmth.stmms.biz.api.auth.exception.ApiException;
 import cn.com.qmth.stmms.biz.api.auth.interfaces.AuthValidator;
 import cn.com.qmth.stmms.biz.api.auth.model.AuthInfo;
 import cn.com.qmth.stmms.biz.api.auth.model.BasicAuthInfo;
@@ -44,9 +45,12 @@ public class DefaultValidator implements AuthValidator {
             if (user.getPassword().equals(Md5EncryptUtils.md5(info.getPassword()))) {
                 info.setLoginUser(RoleAuthUtil.buildRoleAuthByUser(user, roleService));
                 return true;
+            } else {
+                throw ApiException.USER_PASSWORD_ERROR;
             }
+        } else {
+            throw ApiException.USER_UNEXIST;
         }
-        return false;
     }
 
 }

stmms-biz/src/main/java/cn/com/qmth/stmms/biz/exam/query/ExamSearchQuery.java

@@ -21,6 +21,8 @@ public class ExamSearchQuery extends BaseQuery<Exam> {
 
     private Boolean orderByCreateTimeDesc;
 
+    private Boolean orderByIdDesc;
+
     public Integer getCreatorId() {
         return creatorId;
     }
@@ -79,4 +81,12 @@ public class ExamSearchQuery extends BaseQuery<Exam> {
         this.schoolId = schoolId;
     }
 
+    public Boolean getOrderByIdDesc() {
+        return orderByIdDesc;
+    }
+
+    public void setOrderByIdDesc(Boolean orderByIdDesc) {
+        this.orderByIdDesc = orderByIdDesc;
+    }
+
 }

stmms-biz/src/main/java/cn/com/qmth/stmms/biz/exam/service/impl/ExamServiceImpl.java

@@ -75,6 +75,8 @@ public class ExamServiceImpl extends BaseQueryService<Exam> implements ExamServi
         checkQuery(query);
         if (query.getOrderByCreateTimeDesc() != null) {
             query.setSort(new Sort(query.getOrderByCreateTimeDesc() ? Direction.DESC : Direction.ASC, "createTime"));
+        } else if (query.getOrderByIdDesc() != null) {
+            query.setSort(new Sort(query.getOrderByIdDesc() ? Direction.DESC : Direction.ASC, "id"));
         }
 
         Page<Exam> result = examDao.findAll(new Specification<Exam>() {

stmms-web/src/main/java/cn/com/qmth/stmms/api/controller/ExamInfoController.java

@@ -1,12 +1,11 @@
 package cn.com.qmth.stmms.api.controller;
 
+import java.io.IOException;
 import java.util.LinkedList;
 import java.util.List;
 
 import javax.servlet.http.HttpServletRequest;
-
-import net.sf.json.JSONArray;
-import net.sf.json.JSONObject;
+import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
@@ -18,6 +17,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
 
 import cn.com.qmth.stmms.admin.vo.ExamSubjectVO;
 import cn.com.qmth.stmms.biz.api.auth.annotation.AuthValidate;
+import cn.com.qmth.stmms.biz.api.auth.exception.ApiException;
 import cn.com.qmth.stmms.biz.campus.model.Campus;
 import cn.com.qmth.stmms.biz.campus.service.CampusService;
 import cn.com.qmth.stmms.biz.exam.model.Exam;
@@ -26,9 +26,10 @@ import cn.com.qmth.stmms.biz.exam.query.ExamSearchQuery;
 import cn.com.qmth.stmms.biz.exam.service.ExamService;
 import cn.com.qmth.stmms.biz.exam.service.ExamSubjectService;
 import cn.com.qmth.stmms.biz.user.model.User;
-import cn.com.qmth.stmms.common.enums.ExamStatus;
 import cn.com.qmth.stmms.common.utils.DateUtils;
 import cn.com.qmth.stmms.common.utils.RequestUtils;
+import net.sf.json.JSONArray;
+import net.sf.json.JSONObject;
 
 @Controller("examInfoApiController")
 @RequestMapping("/api")
@@ -48,22 +49,24 @@ public class ExamInfoController {
     public String version(HttpServletRequest request) {
         return "gx";
     }
-    
+
     @AuthValidate("adminUser")
-    @RequestMapping(value = "/exams", method = RequestMethod.GET)
+    @RequestMapping("/exams")
     @ResponseBody
-    public JSONArray getExamInfos(HttpServletRequest request) {
+    public JSONArray getExamInfos(HttpServletRequest request, ExamSearchQuery query) {
         User user = RequestUtils.getApiUser(request);
         JSONArray array = new JSONArray();
         List<Exam> list = new LinkedList<Exam>();
         if (user.getSchoolId() != null) {
-            ExamSearchQuery query = new ExamSearchQuery();
-//            query.setCreatorId(user.getId());
+            // query.setCreatorId(user.getId());
             query.setSchoolId(user.getSchoolId());
-            query.addStatus(ExamStatus.START);
-            query.setPageNumber(1);
-            query.setPageSize(20);
-            query.setOrderByCreateTimeDesc(true);
+            // query.addStatus(ExamStatus.START);
+            // query.setPageNumber(1);
+            // query.setPageSize(20);
+            if (query.getPageSize() < 20) {
+                query.setPageSize(20);
+            }
+            query.setOrderByIdDesc(true);
             query = examService.findByQuery(query);
             if (query.getCurrentCount() > 0) {
                 list = query.getResult();
@@ -81,12 +84,10 @@ public class ExamInfoController {
         return array;
     }
 
-    @AuthValidate("adminUser")
-    @RequestMapping(value = "/campus", method = RequestMethod.GET)
+    @RequestMapping("/campus/{schoolId}")
     @ResponseBody
-    public JSONArray getCampus(HttpServletRequest request) {
-        User user = RequestUtils.getApiUser(request);
-        List<Campus> list = campusService.findBySchoolId(user.getSchoolId());
+    public JSONArray getCampus(@PathVariable Integer schoolId) {
+        List<Campus> list = campusService.findBySchoolId(schoolId);
         JSONArray array = new JSONArray();
         for (Campus c : list) {
             JSONObject obj = new JSONObject();
@@ -97,7 +98,7 @@ public class ExamInfoController {
         return array;
     }
 
-    @RequestMapping(value = "/subjects/{examId}", method = RequestMethod.GET)
+    @RequestMapping("/subjects/{examId}")
     @ResponseBody
     public JSONArray getSubjects(@PathVariable Integer examId) {
         List<ExamSubject> sList = subjectService.list(examId);
@@ -114,11 +115,12 @@ public class ExamInfoController {
     @AuthValidate("adminUser")
     @RequestMapping(value = "/subject/update", method = RequestMethod.POST)
     @ResponseBody
-    public JSONObject updateSubject(HttpServletRequest request, @RequestBody ExamSubjectVO subject) {
+    public JSONObject updateSubject(HttpServletRequest request, HttpServletResponse response,
+            @RequestBody ExamSubjectVO subject) throws IOException {
         User user = RequestUtils.getApiUser(request);
-        Exam exam = examService.findById(subject.getExamId());
         JSONObject result = new JSONObject();
-        if (exam != null && exam.getCreatorId().equals(user.getId())) {
+        Exam exam = examService.findById(subject.getExamId());
+        if (exam != null && exam.getSchoolId().equals(user.getSchoolId())) {
             ExamSubject es = subjectService.find(subject.getExamId(), subject.getCode());
             if (es != null) {
                 if (subject.getHasAnswer() != null) {
@@ -129,10 +131,13 @@ public class ExamInfoController {
                 }
                 subjectService.save(es);
                 result.accumulate("code", subject.getCode());
-                return result;
+            } else {
+                result.accumulate("code", "");
             }
+        } else {
+            response.sendError(ApiException.EXAM_NOT_ACCESSIBLE.getCode(),
+                    ApiException.EXAM_NOT_ACCESSIBLE.getMessage());
         }
-        result.accumulate("code", "");
         return result;
     }
 }

stmms-web/src/main/java/cn/com/qmth/stmms/api/controller/ExamQuestionController.java

@@ -4,20 +4,18 @@ import java.util.List;
 
 import javax.servlet.http.HttpServletRequest;
 
-import net.sf.json.JSONArray;
-import net.sf.json.JSONObject;
-
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.ResponseBody;
 
 import cn.com.qmth.stmms.biz.exam.model.ExamQuestion;
 import cn.com.qmth.stmms.biz.exam.model.ExamSubject;
 import cn.com.qmth.stmms.biz.exam.service.ExamQuestionService;
 import cn.com.qmth.stmms.biz.exam.service.ExamSubjectService;
+import net.sf.json.JSONArray;
+import net.sf.json.JSONObject;
 
 @Controller("examQuestionApiController")
 @RequestMapping("/api")
@@ -30,7 +28,7 @@ public class ExamQuestionController {
     private ExamSubjectService subjectService;
 
     // @AuthValidate("adminUser")
-    @RequestMapping(value = "/objective/{examId}", method = RequestMethod.GET)
+    @RequestMapping("/objective/{examId}")
     @ResponseBody
     public JSONArray getObjectiveQuestion(HttpServletRequest request, @PathVariable Integer examId) {
         JSONArray result = new JSONArray();

stmms-web/src/main/java/cn/com/qmth/stmms/api/controller/ExamStudentController.java

@@ -1,10 +1,12 @@
 package cn.com.qmth.stmms.api.controller;
 
+import java.io.IOException;
 import java.text.DecimalFormat;
 import java.util.LinkedList;
 import java.util.List;
 
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
@@ -20,6 +22,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
 
 import cn.com.qmth.stmms.api.utils.AESUtil;
 import cn.com.qmth.stmms.biz.api.auth.annotation.AuthValidate;
+import cn.com.qmth.stmms.biz.api.auth.exception.ApiException;
 import cn.com.qmth.stmms.biz.campus.model.Campus;
 import cn.com.qmth.stmms.biz.campus.service.CampusService;
 import cn.com.qmth.stmms.biz.exam.model.Exam;
@@ -33,7 +36,9 @@ import cn.com.qmth.stmms.biz.exam.service.ExamStudentService;
 import cn.com.qmth.stmms.biz.exam.service.ExamSubjectService;
 import cn.com.qmth.stmms.biz.mark.model.MarkLibrary;
 import cn.com.qmth.stmms.biz.mark.service.MarkLibraryService;
+import cn.com.qmth.stmms.biz.user.model.User;
 import cn.com.qmth.stmms.common.enums.LibraryStatus;
+import cn.com.qmth.stmms.common.utils.RequestUtils;
 import net.sf.json.JSONArray;
 import net.sf.json.JSONObject;
 
@@ -64,18 +69,21 @@ public class ExamStudentController {
     @AuthValidate("adminUser")
     @RequestMapping(value = "/package/{examId}", method = RequestMethod.GET)
     @ResponseBody
-    public JSONArray getPackageCode(HttpServletRequest request, @PathVariable Integer examId) {
+    public JSONArray getPackageCode(HttpServletRequest request, HttpServletResponse response,
+            @PathVariable Integer examId) throws IOException {
+        User user = RequestUtils.getApiUser(request);
         JSONArray array = new JSONArray();
         Exam exam = examService.findById(examId);
-        if (exam == null) {
-            return array;
-        }
-
-        List<String> list = examStudentService.findDistinctPackageCode(examId);
-        if (list != null) {
-            for (String code : list) {
-                array.add(code);
+        if (exam != null && exam.getSchoolId().equals(user.getSchoolId())) {
+            List<String> list = examStudentService.findDistinctPackageCode(examId);
+            if (list != null) {
+                for (String code : list) {
+                    array.add(code);
+                }
             }
+        } else {
+            response.sendError(ApiException.EXAM_NOT_ACCESSIBLE.getCode(),
+                    ApiException.EXAM_NOT_ACCESSIBLE.getMessage());
         }
         return array;
     }
@@ -83,16 +91,20 @@ public class ExamStudentController {
     @AuthValidate("adminUser")
     @RequestMapping(value = "/package/{examId}", method = RequestMethod.POST)
     @ResponseBody
-    public int updatePackage(HttpServletRequest request, @PathVariable Integer examId,
-            @RequestBody ExamPackage examPackage) {
+    public int updatePackage(HttpServletRequest request, HttpServletResponse response, @PathVariable Integer examId,
+            @RequestBody ExamPackage examPackage) throws IOException {
+        User user = RequestUtils.getApiUser(request);
         Exam exam = examService.findById(examId);
-        if (exam != null) {
+        if (exam != null && exam.getSchoolId().equals(user.getSchoolId())) {
             ExamPackage obj = packageService.find(examId, examPackage.getCode());
             if (obj != null && examPackage.getPicCount() != null) {
                 obj.setPicCount(examPackage.getPicCount());
                 obj = packageService.save(obj);
                 return obj.getPicCount();
             }
+        } else {
+            response.sendError(ApiException.EXAM_NOT_ACCESSIBLE.getCode(),
+                    ApiException.EXAM_NOT_ACCESSIBLE.getMessage());
         }
         return -1;
     }
@@ -101,32 +113,35 @@ public class ExamStudentController {
     @RequestMapping(value = "/exam/students/{examId}", method = RequestMethod.GET)
     @ResponseBody
     public JSONArray getExamStudents(HttpServletRequest request, @PathVariable Integer examId,
-                                     @RequestParam(required = false) Integer pageNumber, @RequestParam(required = false) Integer pageSize) {
+            @RequestParam(required = false) Integer pageNumber, @RequestParam(required = false) Integer pageSize) {
+        User user = RequestUtils.getApiUser(request);
         JSONArray array = new JSONArray();
-        List<ExamStudent> esList = new LinkedList<ExamStudent>();
         Exam exam = examService.findById(examId);
-        if ( pageNumber ==null || pageSize ==null || pageNumber == 0 || pageSize == 0 ) {
+        if (pageNumber == null || pageNumber < 1) {
             pageNumber = 1;
-            pageSize = Integer.MAX_VALUE;
         }
-        if (exam != null) {
-            esList = examStudentService.findByExamId(examId,pageNumber,pageSize);
+        if (pageSize == null || pageSize < 1 || pageSize > 1000) {
+            pageSize = 1000;
         }
-        for (ExamStudent student : esList) {
-            JSONObject obj = new JSONObject();
-            obj.accumulate("examNumber", student.getExamNumber());
-            obj.accumulate("campusName", student.getCampusName());
-            obj.accumulate("subjectCode", student.getSubjectCode());
-            obj.accumulate("subjectName", student.getSubjectName());
-            obj.accumulate("name", student.getName());
-            obj.accumulate("studentId", String.valueOf(student.getId()));
-            obj.accumulate("studentCode",student.getStudentCode());
-            obj.accumulate("packageCode",student.getPackageCode());
-            obj.accumulate("barcode", student.getExamNumber());
 
-            Campus campus = campusService.findBySchoolAndName(exam.getSchoolId(), student.getCampusName());
-            obj.accumulate("campusCode", campus != null ? campus.getId().toString() : "");
-            array.add(obj);
+        if (exam != null && exam.getSchoolId().equals(user.getSchoolId())) {
+            List<ExamStudent> esList = examStudentService.findByExamId(examId, pageNumber, pageSize);
+            for (ExamStudent student : esList) {
+                JSONObject obj = new JSONObject();
+                obj.accumulate("examNumber", student.getExamNumber());
+                obj.accumulate("campusName", student.getCampusName());
+                obj.accumulate("subjectCode", student.getSubjectCode());
+                obj.accumulate("subjectName", student.getSubjectName());
+                obj.accumulate("name", student.getName());
+                obj.accumulate("studentId", String.valueOf(student.getId()));
+                obj.accumulate("studentCode", student.getStudentCode());
+                obj.accumulate("packageCode", student.getPackageCode());
+                obj.accumulate("barcode", student.getExamNumber());
+
+                Campus campus = campusService.findBySchoolAndName(exam.getSchoolId(), student.getCampusName());
+                obj.accumulate("campusCode", campus != null ? campus.getId().toString() : "");
+                array.add(obj);
+            }
         }
         return array;
     }
@@ -137,37 +152,31 @@ public class ExamStudentController {
     public JSONArray getStudent(HttpServletRequest request, @PathVariable Integer examId,
             @RequestParam(required = false) Boolean upload, @RequestParam(required = false) Boolean absent,
             @RequestParam(required = false) Integer pageNumber, @RequestParam(required = false) Integer pageSize) {
+        User user = RequestUtils.getApiUser(request);
         JSONArray array = new JSONArray();
         Exam exam = examService.findById(examId);
-        if (exam == null) {
-            return array;
-        }
-
-        ExamStudentSearchQuery query = new ExamStudentSearchQuery();
-        query.setExamId(examId);
-        query.setUpload(upload);
-        query.setAbsent(absent);
-        if (pageNumber != null && pageSize != null) {
+        if (exam != null && exam.getSchoolId().equals(user.getSchoolId())) {
+            ExamStudentSearchQuery query = new ExamStudentSearchQuery();
+            query.setExamId(examId);
+            query.setUpload(upload);
+            query.setAbsent(absent);
             query.setPageNumber(pageNumber);
             query.setPageSize(pageSize);
-        } else {
-            query.setPageNumber(1);
-            query.setPageSize(Integer.MAX_VALUE);
-        }
-        examStudentService.findByQuery(query);
-        for (ExamStudent student : query.getResult()) {
-            JSONObject obj = new JSONObject();
-            obj.accumulate("id", student.getId());
-            obj.accumulate("examNumber", student.getExamNumber());
-            obj.accumulate("campusName", student.getCampusName());
-            obj.accumulate("subjectCode", student.getSubjectCode());
-            obj.accumulate("subjectName", student.getSubjectName());
-            obj.accumulate("name", student.getName());
-            obj.accumulate("studentCode", student.getStudentCode());
+            examStudentService.findByQuery(query);
+            for (ExamStudent student : query.getResult()) {
+                JSONObject obj = new JSONObject();
+                obj.accumulate("id", student.getId());
+                obj.accumulate("examNumber", student.getExamNumber());
+                obj.accumulate("campusName", student.getCampusName());
+                obj.accumulate("subjectCode", student.getSubjectCode());
+                obj.accumulate("subjectName", student.getSubjectName());
+                obj.accumulate("name", student.getName());
+                obj.accumulate("studentCode", student.getStudentCode());
 
-            Campus campus = campusService.findBySchoolAndName(exam.getSchoolId(), student.getCampusName());
-            obj.accumulate("campusCode", campus != null ? campus.getId().toString() : "");
-            array.add(obj);
+                Campus campus = campusService.findBySchoolAndName(exam.getSchoolId(), student.getCampusName());
+                obj.accumulate("campusCode", campus != null ? campus.getId().toString() : "");
+                array.add(obj);
+            }
         }
         return array;
     }
@@ -176,44 +185,38 @@ public class ExamStudentController {
     @RequestMapping(value = "/exam/students")
     @ResponseBody
     public JSONArray getStudent(HttpServletRequest request, ExamStudentSearchQuery query) {
+        User user = RequestUtils.getApiUser(request);
         JSONArray array = new JSONArray();
-        // User user = RequestUtils.getApiUser(request);
-        // if (user.getSchoolId() != null) {
-        // List<Exam> exams = examService.findBySchoolId(user.getSchoolId());
-        // }
-        if(query.getExamId() == null){
+        if (query.getExamId() == null) {
             return array;
         }
         Exam exam = examService.findById(query.getExamId());
-        if (exam == null) {
-            return array;
-        }
-        if (query.getPageNumber() == 0 || query.getPageSize() == 0) {
-            query.setPageNumber(1);
-            query.setPageSize(Integer.MAX_VALUE);
-        }
-        examStudentService.findByQuery(query);
-        for (ExamStudent student : query.getResult()) {
-            JSONObject obj = new JSONObject();
-            obj.accumulate("id", student.getId());
-            obj.accumulate("examNumber", student.getExamNumber());
-            obj.accumulate("campusName", student.getCampusName());
-            obj.accumulate("subjectCode", student.getSubjectCode());
-            obj.accumulate("subjectName", student.getSubjectName());
-            obj.accumulate("name", student.getName());
-            obj.accumulate("studentCode", student.getStudentCode());
-            obj.accumulate("packageCode", student.getPackageCode());
-            obj.accumulate("batchCode", student.getBatchCode() == null ? "" : student.getBatchCode());
-            obj.accumulate("sheetCount", student.getSheetCount());
-            obj.accumulate("sliceCount", student.getSliceCount());
-            obj.accumulate("answers", student.getAnswers() == null ? "" : student.getAnswers());
-            obj.accumulate("upload", student.isUpload());
-            obj.accumulate("absent", student.isAbsent());
-            obj.accumulate("objectiveScore", student.getObjectiveScore()==null?"":student.getObjectiveScore());
-            obj.accumulate("subjectiveScore", student.getSubjectiveScore()==null?"":student.getSubjectiveScore());
-            Campus campus = campusService.findBySchoolAndName(exam.getSchoolId(), student.getCampusName());
-            obj.accumulate("campusCode", campus != null ? campus.getId().toString() : "");
-            array.add(obj);
+        if (exam != null && exam.getSchoolId().equals(user.getSchoolId())) {
+            examStudentService.findByQuery(query);
+            for (ExamStudent student : query.getResult()) {
+                JSONObject obj = new JSONObject();
+                obj.accumulate("id", student.getId());
+                obj.accumulate("examNumber", student.getExamNumber());
+                obj.accumulate("campusName", student.getCampusName());
+                obj.accumulate("subjectCode", student.getSubjectCode());
+                obj.accumulate("subjectName", student.getSubjectName());
+                obj.accumulate("name", student.getName());
+                obj.accumulate("studentCode", student.getStudentCode());
+                obj.accumulate("packageCode", student.getPackageCode());
+                obj.accumulate("batchCode", student.getBatchCode() == null ? "" : student.getBatchCode());
+                obj.accumulate("sheetCount", student.getSheetCount());
+                obj.accumulate("sliceCount", student.getSliceCount());
+                obj.accumulate("answers", student.getAnswers() == null ? "" : student.getAnswers());
+                obj.accumulate("upload", student.isUpload());
+                obj.accumulate("absent", student.isAbsent());
+                obj.accumulate("objectiveScore",
+                        student.getObjectiveScore() == null ? "" : student.getObjectiveScore());
+                obj.accumulate("subjectiveScore",
+                        student.getSubjectiveScore() == null ? "" : student.getSubjectiveScore());
+                Campus campus = campusService.findBySchoolAndName(exam.getSchoolId(), student.getCampusName());
+                obj.accumulate("campusCode", campus != null ? campus.getId().toString() : "");
+                array.add(obj);
+            }
         }
         return array;
     }
@@ -346,12 +349,12 @@ public class ExamStudentController {
                 } else {
                     absentSetObj(detail, obj);
                 }
-                obj.accumulate("absent",student.isAbsent());
+                obj.accumulate("absent", student.isAbsent());
             } else {
                 obj.accumulate("exist", false);
                 obj.accumulate("examId", "");
                 obj.accumulate("upload", false);
-                obj.accumulate("absent",true);
+                obj.accumulate("absent", true);
                 absentSetObj(detail, obj);
             }
             if (StringUtils.isNotBlank(examSeqCode)) {

stmms-web/src/main/java/cn/com/qmth/stmms/api/controller/ScanController.java

@@ -1,8 +1,10 @@
 package cn.com.qmth.stmms.api.controller;
 
+import java.io.IOException;
 import java.util.Date;
 
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -19,12 +21,12 @@ import org.springframework.web.bind.annotation.ResponseBody;
 import cn.com.qmth.stmms.admin.exam.parameter.BaseParameterController;
 import cn.com.qmth.stmms.api.utils.ScanStudentParameter;
 import cn.com.qmth.stmms.biz.api.auth.annotation.AuthValidate;
+import cn.com.qmth.stmms.biz.api.auth.exception.ApiException;
 import cn.com.qmth.stmms.biz.exam.model.Exam;
 import cn.com.qmth.stmms.biz.exam.model.ExamStudent;
 import cn.com.qmth.stmms.biz.exam.service.ExamService;
 import cn.com.qmth.stmms.biz.exam.service.ExamStudentService;
 import cn.com.qmth.stmms.biz.user.model.User;
-import cn.com.qmth.stmms.common.enums.ExamStatus;
 import cn.com.qmth.stmms.common.utils.DateUtils;
 import cn.com.qmth.stmms.common.utils.RequestUtils;
 import net.sf.json.JSONArray;
@@ -50,18 +52,26 @@ public class ScanController extends BaseParameterController {
      * @param subjectId
      * @param scStudentParameter
      * @return
+     * @throws IOException
      */
     @AuthValidate("adminUser")
     @RequestMapping(value = "/student/{examId}", method = RequestMethod.POST)
     @ResponseBody
     @Transactional
-    public JSONArray saveStudent(HttpServletRequest request, @PathVariable Integer examId,
-            @RequestBody ScanStudentParameter[] scStudentParameter) {
+    public JSONArray saveStudent(HttpServletRequest request, HttpServletResponse response, @PathVariable Integer examId,
+            @RequestBody ScanStudentParameter[] scStudentParameter) throws IOException {
         User user = RequestUtils.getApiUser(request);
-        Exam exam = examService.findById(examId);
         JSONArray array = new JSONArray();
+
+        Exam exam = examService.findById(examId);
         // 判断上传权限
-        if (canSaveScan(exam, user) && scStudentParameter != null && scStudentParameter.length > 0) {
+        if (exam == null || exam.getSchoolId().equals(user.getSchoolId())) {
+            response.sendError(ApiException.EXAM_NOT_ACCESSIBLE.getCode(),
+                    ApiException.EXAM_NOT_ACCESSIBLE.getMessage());
+            return array;
+        }
+
+        if (scStudentParameter != null && scStudentParameter.length > 0) {
             for (ScanStudentParameter sc : scStudentParameter) {
                 ExamStudent student = studentService.findByExamIdAndExamNumber(examId, sc.getExamNumber());
                 if (student != null) {
@@ -88,16 +98,4 @@ public class ScanController extends BaseParameterController {
         return array;
     }
 
-    private boolean canSaveScan(Exam exam, User user) {
-        boolean flag = false;
-        if (exam != null && exam.getStatus() == ExamStatus.START) {
-//            flag = exam.getCreatorId().intValue() == user.getId().intValue();
-            //之前由于每个学校只有一个管理员，所以可以根据接口调用的userId与创建试卷的creatorID比较来判断是否具有上传权限，
-            //但现在修改逻辑，每个学校可以有同级别的管理员，所以不能根据创建试卷的creatorId来判断，只能根据他们所属上级机构ID来判断。
-            flag = user.getSchoolId().intValue() == exam.getSchoolId().intValue();
-
-        }
-        return flag;
-    }
-
 }

stmms-web/src/main/java/cn/com/qmth/stmms/api/interceptor/ApiInterceptor.java

@@ -8,13 +8,13 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.lang.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
-import org.springframework.web.bind.annotation.ResponseStatus;
 import org.springframework.web.method.HandlerMethod;
 import org.springframework.web.servlet.ModelAndView;
 import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
 
 import cn.com.qmth.stmms.api.utils.AuthInfoUtils;
 import cn.com.qmth.stmms.biz.api.auth.annotation.AuthValidate;
+import cn.com.qmth.stmms.biz.api.auth.exception.ApiException;
 import cn.com.qmth.stmms.biz.api.auth.interfaces.AuthValidator;
 import cn.com.qmth.stmms.biz.api.auth.model.AuthInfo;
 import cn.com.qmth.stmms.biz.api.auth.service.AuthInfoService;
@@ -36,13 +36,13 @@ public class ApiInterceptor extends HandlerInterceptorAdapter {
     private AuthValidateService validateService;
 
     @Override
-    public void postHandle(HttpServletRequest request, HttpServletResponse response,
-            Object handler, ModelAndView modelAndView) throws Exception {
+    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
+            ModelAndView modelAndView) throws Exception {
     }
 
     @Override
-    public boolean preHandle(HttpServletRequest request, HttpServletResponse response,
-            Object handler) throws Exception {
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
+            throws Exception {
         HandlerMethod method = (HandlerMethod) handler;
         AuthValidate validateConfig = method.getMethodAnnotation(AuthValidate.class);
         if (validateConfig != null) {
@@ -50,29 +50,27 @@ public class ApiInterceptor extends HandlerInterceptorAdapter {
             List<AuthValidator> validators = validateService.getValidators(validateConfig.value());
             if (validators != null) {
                 boolean flag = true;
-                HttpStatus status = null;
+                int status = 200;
                 String reason = null;
                 for (AuthValidator validator : validators) {
                     try {
                         if (!validator.validate(auth)) {
                             flag = false;
-                            status = HttpStatus.UNAUTHORIZED;
+                            status = HttpStatus.UNAUTHORIZED.value();
                             break;
                         }
-                    } catch (RuntimeException e) {
+                    } catch (ApiException e) {
                         flag = false;
-                        ResponseStatus rs = e.getClass().getAnnotation(ResponseStatus.class);
-                        if (rs != null) {
-                            status = rs.value();
-                            reason = rs.reason();
-                        }
+                        status = e.getCode();
+                        reason = e.getMessage();
                         break;
                     }
                 }
                 if (!flag) {
-                    response.sendError(status.value(), StringUtils.trimToEmpty(reason));
+                    response.sendError(status, StringUtils.trimToEmpty(reason));
+                } else {
+                    RequestUtils.setApiUser(request, auth.getLoginUser());
                 }
-                RequestUtils.setApiUser(request, auth.getLoginUser());
                 return flag;
             }
         }

stmms-web/src/main/webapp/WEB-INF/application.properties

@@ -1,9 +1,9 @@
 #jdbc config
 driverClassName=com.mysql.jdbc.Driver
 #jdbc config
-url=jdbc:mysql://localhost:3306/stmms_gx?useUnicode=true&characterEncoding=UTF-8
-username=stmms
-password=stmms
+url=jdbc:mysql://192.168.10.30:3306/stmms_hk_0508?useUnicode=true&characterEncoding=UTF-8
+username=root
+password=root
 
 #cookie config
 cookie.max.age=36000
@@ -51,14 +51,14 @@ upyun.slice.password=qmth12345678
 
 ##\u662f\u5426\u66ff\u6362\u79d1\u76ee\u540d\u79f0\u4e2d\u7684\u534a\u89d2\u62ec\u53f7
 subject.name.bracket.replace=false
-jvm.cleanMapinterval = 20
-jvm.cleanMapTimer = 0 0/10 6-23 * * ?
+jvm.cleanMapinterval=20
+jvm.cleanMapTimer=0 0/10 6-23 * * ?
 app.home=
 #value = aopeng or null (aopeng set 'aopeng' others set '')
 app.index=
 
 # value = true or false (aopeng set true and others set false.If a project needs to be set up true in the future else false)
-scoreList.showExportScore =false
+scoreList.showExportScore=false
 
 #value = true or false  (aopeng set true and others set false.If a project needs to be set up true in the future else false)
-marker.showBtnImportAndBtnUpdateImport = false
+marker.showBtnImportAndBtnUpdateImport=false