增加权限注解，增加excel导出类

src/main/java/org/rcisoft/EducationApplication.java

@@ -5,6 +5,7 @@ import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.context.annotation.EnableAspectJAutoProxy;
 import org.springframework.scheduling.annotation.EnableScheduling;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.transaction.annotation.EnableTransactionManagement;
 import springfox.documentation.swagger2.annotations.EnableSwagger2;
 
@@ -16,6 +17,7 @@ import springfox.documentation.swagger2.annotations.EnableSwagger2;
 @EnableAspectJAutoProxy
 @EnableSwagger2
 @EnableScheduling
+@EnableGlobalMethodSecurity(prePostEnabled=true)
 @MapperScan(basePackages = "org.rcisoft.**.dao")//扫描dao 不需要@repository
 public class EducationApplication {
 

src/main/java/org/rcisoft/business/bcarousel/controller/BCarouselController.java

@@ -16,6 +16,7 @@ import org.rcisoft.core.result.ResultServiceEnums;
 import org.rcisoft.core.util.UploadUtil;
 import org.rcisoft.core.util.UserUtil;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
 
@@ -45,6 +46,7 @@ public class BCarouselController extends PaginationController<BCarousel> {
             @ApiImplicitParam(name = "imageType", value = "图片类型", required = false, dataType = "varchar"),
             @ApiImplicitParam(name = "imageId", value = "图片id", required = false, dataType = "varchar"),
             @ApiImplicitParam(name = "remarks", value = "备注", required = false, dataType = "varchar")})
+    @PreAuthorize("hasRole('ROLE_1001')")
     @PostMapping(value = "/add")
     public Result add(BCarousel bCarousel) {
         PersistModel data = bCarouselServiceImpl.persist(bCarousel,getToken());
@@ -56,6 +58,7 @@ public class BCarouselController extends PaginationController<BCarousel> {
 
     @ApiOperation(value="删除轮播图", notes="根据ID删除一条记录")
     @ApiImplicitParam(name = "id", value = "businessId", required = true, dataType = "varchar")
+    @PreAuthorize("hasRole('ROLE_1001')")
     @PostMapping(value = "/remove")
     public Result remove(String id) {
         PersistModel data = bCarouselServiceImpl.removeBCarousel(id,getToken());
@@ -116,6 +119,7 @@ public class BCarouselController extends PaginationController<BCarousel> {
 
     @ApiOperation(value="上传图片", notes="上传图片到服务器")
     @ApiImplicitParam(name = "file", value = "图片文件", required = true, dataType = "MultipartFile")
+    @PreAuthorize("hasRole('ROLE_1001')")
     @PostMapping(value = "/upload")
     public Result upload(MultipartFile file){
         String path = global.getBASE_UPLOAD_SERVER_LOCATION();

src/main/java/org/rcisoft/business/bchapter/controller/BChapterController.java

@@ -28,6 +28,7 @@ import org.rcisoft.core.result.ResultServiceEnums;
 import org.rcisoft.core.util.UploadUtil;
 import org.rcisoft.core.util.UserUtil;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.util.StringUtils;
 import org.springframework.validation.BindingResult;
@@ -69,6 +70,7 @@ public class BChapterController extends PaginationController<BChapter> {
             @ApiImplicitParam(name = "mdFile", value = "任务书", required = false, dataType = "varchar"),
             @ApiImplicitParam(name = "isTest", value = "1:实验  2:视频   3:PPT'", required = false, dataType = "varchar"),
             @ApiImplicitParam(name = "remarks", value = "备注", required = false, dataType = "varchar")})
+    @PreAuthorize("hasRole('ROLE_1002')")
     @PostMapping(value = "/add")
     public Result add(@Valid BChapter bChapter,
                       BindingResult bindingResult
@@ -88,6 +90,7 @@ public class BChapterController extends PaginationController<BChapter> {
 
     @ApiOperation(value="删除章节", notes="根据ID删除一条记录")
     @ApiImplicitParam(name = "id", value = "businessId", required = true, dataType = "varchar")
+    @PreAuthorize("hasRole('ROLE_1002')")
     @PostMapping(value = "/remove")
     public Result remove(String id) {
         PersistModel data = bChapterService.removeBChapter(id,getToken());
@@ -110,6 +113,7 @@ public class BChapterController extends PaginationController<BChapter> {
 
     @ApiOperation(value="上传图片", notes="上传任务书所需图片")
     @ApiImplicitParam(name = "image", value = "图片文件", required = true, dataType = "MultipartFile")
+    @PreAuthorize("hasRole('ROLE_1002')")
     @PostMapping(value = "/uploadMdFileWithoutAuth")
     public Map<String, Object> uploadMdFile(@RequestParam(name = "editormd-image-file") MultipartFile image) {
         String path = global.getMD_FILE_LOCATION();
@@ -197,6 +201,7 @@ public class BChapterController extends PaginationController<BChapter> {
     @ApiImplicitParams({@ApiImplicitParam(name = "chapterId", value = "课程id", required = false, dataType = "varchar"),
             @ApiImplicitParam(name = "score", value = "分数", required = false, dataType = "varchar"),
             @ApiImplicitParam(name = "studentId", value = "学生id", required = false, dataType = "varchar")})
+    @PreAuthorize("hasRole('ROLE_1002')")
     @PostMapping(value = "/markBatch")
     public Result markBatch(String scoreInfoList) {
         Gson gson = new Gson();
@@ -218,6 +223,7 @@ public class BChapterController extends PaginationController<BChapter> {
 
     @ApiOperation(value="重新打分", notes="重新打分")
     @ApiImplicitParam(name = "id", value = "businessId", required = true, dataType = "varchar")
+    @PreAuthorize("hasRole('ROLE_1002')")
     @PostMapping(value = "/reMark")
     public Result reMark(String id) {
         bChapterService.deleteScoerInfo(id);
@@ -232,6 +238,7 @@ public class BChapterController extends PaginationController<BChapter> {
             @ApiImplicitParam(name = "score", value = "分数", required = false, dataType = "varchar"),
             @ApiImplicitParam(name = "chapterId", value = "章节id", required = false, dataType = "varchar"),
             @ApiImplicitParam(name = "studentId", value = "学生学号", required = false, dataType = "varchar")})
+    @PreAuthorize("hasRole('ROLE_1003')")
     @PostMapping(value = "/complete")
     public Result complete(ScoreInfoDTO scoreInfoDTO) {
         scoreInfoDTO.setIsComplete(IsCompleteEnum.COMPLETE.getCode());

src/main/java/org/rcisoft/business/bclass/controller/BClassController.java

@@ -17,6 +17,7 @@ import org.rcisoft.core.result.ResultCode;
 import org.rcisoft.core.result.ResultServiceEnums;
 import org.rcisoft.core.util.UserUtil;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.validation.BindingResult;
 import org.springframework.web.bind.annotation.*;
@@ -42,6 +43,7 @@ public class BClassController extends PaginationController<BClass> {
             @ApiImplicitParam(name = "className", value = "班级名称", required = false, dataType = "varchar"),
             @ApiImplicitParam(name = "studentNum", value = "学生数量", required = false, dataType = "varchar"),
             @ApiImplicitParam(name = "remarks", value = "备注", required = false, dataType = "varchar")})
+    @PreAuthorize("hasRole('ROLE_1001')")
     @PostMapping(value = "/add")
     public Result add(@Valid BClass bClass, BindingResult bindingResult) {
         if(bClass.getCode().length()>
@@ -61,6 +63,7 @@ public class BClassController extends PaginationController<BClass> {
 
     @ApiOperation(value="删除班级", notes="根据ID删除一条记录")
     @ApiImplicitParam(name = "id", value = "businessId", required = true, dataType = "varchar")
+    @PreAuthorize("hasRole('ROLE_1001')")
     @PostMapping(value = "/remove")
     public Result remove(String id) {
         PersistModel data = bClassService.removeBClass(id);
@@ -72,6 +75,7 @@ public class BClassController extends PaginationController<BClass> {
 
     @ApiOperation(value="excel导入", notes="上传excel到服务器")
     @ApiImplicitParam(name = "importFile", value = "excel文件", required = true, dataType = "MultipartFile")
+    @PreAuthorize("hasRole('ROLE_1001')")
     @PostMapping(value = "excelImport")
     public Result excelImport(MultipartFile importFile, String token) throws Exception {
         PersistModel data = bClassService.importExcel(MultipartFile2HSSFWorkbookConverter.convert(importFile),token);

src/main/java/org/rcisoft/business/bimage/controller/BImageController.java

@@ -12,6 +12,7 @@ import org.rcisoft.core.model.PersistModel;
 import org.rcisoft.core.result.Result;
 import org.rcisoft.core.util.UserUtil;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 /**
@@ -28,6 +29,7 @@ public class BImageController extends PaginationController<BImage> {
             @ApiImplicitParam(name = "imageName", value = "图片标题", required = false, dataType = "varchar"),
             @ApiImplicitParam(name = "imageCode", value = "图片code", required = false, dataType = "varchar"),
             @ApiImplicitParam(name = "remarks", value = "备注", required = false, dataType = "varchar")})
+    @PreAuthorize("hasRole('ROLE_1001')")
     @PostMapping(value = "/add")
     public Result add(BImage bImage) {
         PersistModel data = bImageService.persist(bImage,getToken());
@@ -39,6 +41,7 @@ public class BImageController extends PaginationController<BImage> {
 
     @ApiOperation(value="删除图片", notes="根据ID删除一条记录")
     @ApiImplicitParam(name = "id", value = "businessId", required = true, dataType = "varchar")
+    @PreAuthorize("hasRole('ROLE_1001')")
     @PostMapping(value = "/remove")
     public Result remove(String id) {
         PersistModel data = bImageService.removeBImage(id,getToken());

src/main/java/org/rcisoft/business/blesson/controller/BLessonController.java

@@ -19,6 +19,7 @@ import org.rcisoft.core.result.ResultServiceEnums;
 import org.rcisoft.core.util.UploadUtil;
 import org.rcisoft.core.util.UserUtil;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.validation.BindingResult;
 import org.springframework.web.bind.annotation.*;
@@ -49,6 +50,7 @@ public class BLessonController extends PaginationController<BLesson> {
             @ApiImplicitParam(name = "defaultUrl", value = "默认封面图片url", required = false, dataType = "varchar"),
             @ApiImplicitParam(name = "remarks", value = "备注", required = false, dataType = "varchar")})
     @PostMapping(value = "/add")
+    @PreAuthorize("hasRole('ROLE_1001')")
     public Result add(@Valid BLesson bLesson, BindingResult bindingResult) {
         if(bLesson.getCode().length()>
                 Integer.parseInt(global.getMAX_CODE_LENGTH()))
@@ -68,6 +70,7 @@ public class BLessonController extends PaginationController<BLesson> {
     @ApiOperation(value="删除课程", notes="根据ID删除一条记录")
     @ApiImplicitParam(name = "id", value = "businessId", required = true, dataType = "varchar")
     @PostMapping(value = "/remove")
+    @PreAuthorize("hasRole('ROLE_1001')")
     public Result remove(String id) {
         PersistModel data = bLessonService.removeBLesson(id);
         return Result.builder(data,
@@ -79,6 +82,7 @@ public class BLessonController extends PaginationController<BLesson> {
     @ApiOperation(value="excel导入", notes="上传excel到服务器")
     @ApiImplicitParam(name = "importFile", value = "excel文件", required = false, dataType = "MultipartFile")
     @PostMapping(value = "excelImport")
+    @PreAuthorize("hasRole('ROLE_1001')")
     public Result excelImport(MultipartFile importFile) throws Exception {
         PersistModel data = bLessonService.importExcel(MultipartFile2HSSFWorkbookConverter.convert(importFile),getToken());
         return Result.builder(data,
@@ -91,6 +95,7 @@ public class BLessonController extends PaginationController<BLesson> {
     @ApiImplicitParams({@ApiImplicitParam(name = "importFile", value = "图片文件", required = false, dataType = "MultipartFile"),
             @ApiImplicitParam(name = "code", value = "课程编号", required = false, dataType = "varchar")})
     @PostMapping(value = "picImport")
+    @PreAuthorize("hasRole('ROLE_1001')")
     public Result picImport(MultipartFile importFile,String code) throws Exception {
         String path = global.getBASE_UPLOAD_SERVER_LOCATION();
         String course_logo_path =global.getIMAGE_LOCATION()+global.getCOURCE_LOGO_LOCATION();
@@ -121,6 +126,7 @@ public class BLessonController extends PaginationController<BLesson> {
     @ApiOperation(value="恢复默认", notes="恢复默认封面图片")
     @ApiImplicitParam(name = "code", value = "课程编号", required = false, dataType = "varchar")
     @PostMapping(value = "defaultUrl")
+    @PreAuthorize("hasRole('ROLE_1001')")
     public Result defaultUrl(String code)throws Exception {
             String path = global.getDEFAULT_COURSE_LOCATION();
             BLesson bL=new BLesson();

src/main/java/org/rcisoft/business/bnews/controller/BNewsController.java

@@ -15,6 +15,7 @@ import org.rcisoft.core.result.ResultCode;
 import org.rcisoft.core.result.ResultServiceEnums;
 import org.rcisoft.core.util.UserUtil;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.validation.BindingResult;
 import org.springframework.web.bind.annotation.*;
@@ -39,6 +40,7 @@ public class BNewsController extends PaginationController<BNews> {
             @ApiImplicitParam(name = "isRelease", value = "0未发布，1：发布", required = false, dataType = "varchar"),
             @ApiImplicitParam(name = "newsContent", value = "新闻内容", required = false, dataType = "varchar"),
             @ApiImplicitParam(name = "remarks", value = "备注", required = false, dataType = "varchar")})
+    @PreAuthorize("hasRole('ROLE_1001')")
     @PostMapping(value = "/add")
     public Result add(@Valid BNews bNews, BindingResult bindingResult) {
         if (bindingResult.hasErrors()) {
@@ -55,6 +57,7 @@ public class BNewsController extends PaginationController<BNews> {
 
     @ApiOperation(value="删除新闻", notes="根据ID删除一条记录")
     @ApiImplicitParam(name = "id", value = "businessId", required = true, dataType = "varchar")
+    @PreAuthorize("hasRole('ROLE_1001')")
     @PostMapping(value = "/remove")
     public Result remove(String id) {
         PersistModel data = bNewsService.removeBNews(id,getToken());

src/main/java/org/rcisoft/business/brclassstudent/controller/BRClassStudentController.java

@@ -13,6 +13,7 @@ import org.rcisoft.core.model.PersistModel;
 import org.rcisoft.core.result.Result;
 import org.rcisoft.core.result.ResultCode;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
@@ -31,6 +32,7 @@ public class BRClassStudentController extends PaginationController<BRClassStuden
     @ApiImplicitParams({@ApiImplicitParam(name = "businessId", value = "businessId", required = true, dataType = "varchar"),
             @ApiImplicitParam(name = "classCode", value = "班级编号", required = false, dataType = "varchar"),
             @ApiImplicitParam(name = "studentCode", value = "学生编号", required = false, dataType = "varchar")})
+    @PreAuthorize("hasRole('ROLE_1001')")
     @PostMapping(value = "/add")
     public Result add(BRClassStudent bRClassStudent) {
         PersistModel data = bRClassStudentService.persist(bRClassStudent);
@@ -43,6 +45,7 @@ public class BRClassStudentController extends PaginationController<BRClassStuden
     @ApiOperation(value="删除学生班级信息", notes="根据班级编号和学生编号删除一条记录")
     @ApiImplicitParams({@ApiImplicitParam(name = "classCode", value = "班级编号", required = false, dataType = "varchar"),
             @ApiImplicitParam(name = "studentCode", value = "学生编号", required = false, dataType = "varchar")})
+    @PreAuthorize("hasRole('ROLE_1001')")
     @PostMapping(value = "/remove")
     public Result remove(String stuCode,String classCode) {
         PersistModel data = bRClassStudentService.removeBRClassStudents(stuCode, classCode);
@@ -54,6 +57,7 @@ public class BRClassStudentController extends PaginationController<BRClassStuden
 
     @ApiOperation(value="excel导入", notes="excel导入")
     @ApiImplicitParam(name = "importFile", value = "excel文件", required = true, dataType = "MultipartFile")
+    @PreAuthorize("hasRole('ROLE_1001')")
     @PostMapping(value = "excelImport")
     public Result excelImport(MultipartFile importFile) throws Exception {
         PersistModel data = bRClassStudentService.importExcel(MultipartFile2HSSFWorkbookConverter.convert(importFile));

src/main/java/org/rcisoft/business/brslstudent/controller/BRSlStudentController.java

@@ -13,6 +13,7 @@ import org.rcisoft.core.model.PersistModel;
 import org.rcisoft.core.result.Result;
 import org.rcisoft.core.result.ResultCode;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
@@ -30,6 +31,7 @@ public class BRSlStudentController extends PaginationController<BRSlStudent> {
     @ApiImplicitParams({@ApiImplicitParam(name = "businessId", value = "businessId", required = true, dataType = "varchar"),
             @ApiImplicitParam(name = "slCode", value = "课程编号", required = false, dataType = "varchar"),
             @ApiImplicitParam(name = "studentCode", value = "学生编号", required = false, dataType = "varchar")})
+    @PreAuthorize("hasRole('ROLE_1001')")
     @PostMapping(value = "/add")
     public Result add(BRSlStudent bRSlStudent) {
         PersistModel data = bRSlStudentService.persist(bRSlStudent);
@@ -42,6 +44,7 @@ public class BRSlStudentController extends PaginationController<BRSlStudent> {
     @ApiOperation(value="删除学生课程信息", notes="根课程级编号和学生编号删除一条记录")
     @ApiImplicitParams({@ApiImplicitParam(name = "slCode", value = "课程编号", required = false, dataType = "varchar"),
             @ApiImplicitParam(name = "studentCode", value = "学生编号", required = false, dataType = "varchar")})
+    @PreAuthorize("hasRole('ROLE_1001')")
     @PostMapping(value = "/remove")
     public Result remove(@RequestParam("studentCode") String studentCode,
                                @RequestParam("slCode") String slCode) {
@@ -54,6 +57,7 @@ public class BRSlStudentController extends PaginationController<BRSlStudent> {
 
     @ApiOperation(value="excel导入", notes="excel导入")
     @ApiImplicitParam(name = "importFile", value = "excel文件", required = true, dataType = "MultipartFile")
+    @PreAuthorize("hasRole('ROLE_1001')")
     @PostMapping(value = "excelImport")
     public Result excelImport(MultipartFile importFile) throws Exception {
         PersistModel data = bRSlStudentService.importExcel(MultipartFile2HSSFWorkbookConverter.convert(importFile));

src/main/java/org/rcisoft/business/bsl/controller/BSlController.java

@@ -19,6 +19,7 @@ import org.rcisoft.core.result.ResultServiceEnums;
 import org.rcisoft.core.util.UploadUtil;
 import org.rcisoft.core.util.UserUtil;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.validation.BindingResult;
 import org.springframework.web.bind.annotation.*;
@@ -57,6 +58,7 @@ public class BSlController extends PaginationController<BSl> {
             @ApiImplicitParam(name = "delFlag", value = "删除标记（0：正常；1：删除；2：审核）", required = false, dataType = "varchar"),
             @ApiImplicitParam(name = "flag", value = "启用标记（0：停用；1：启用）", required = false, dataType = "varchar"),
             @ApiImplicitParam(name = "remarks", value = "备注", required = false, dataType = "varchar")})
+    @PreAuthorize("hasRole('ROLE_1001')")
     @PostMapping(value = "/add")
     public Result add(@Valid BSl bSl, BindingResult bindingResult) throws UnsupportedEncodingException {
         if(bSl.getCode()!=null&&bSl.getCode().length()>
@@ -76,6 +78,7 @@ public class BSlController extends PaginationController<BSl> {
 
     @ApiOperation(value="excel导入", notes="excel导入")
     @ApiImplicitParam(name = "importFile", value = "excel文件", required = true, dataType = "MultipartFile")
+    @PreAuthorize("hasRole('ROLE_1001')")
     @PostMapping(value = "excelImport")
     public Result excelImport(MultipartFile importFile) throws Exception {
         //调用service层方法，进行具体的excel导入相关操作，这里先讲springMVC接收到的文件转化成HSSFWorkbook需要的excel文件
@@ -88,6 +91,7 @@ public class BSlController extends PaginationController<BSl> {
 
     @ApiOperation(value="修改课程是否上线", notes="0：待上线，1：已上线，2：已下线")
     @ApiImplicitParam(name = "code", value = "课程编号", required = false, dataType = "varchar")
+    @PreAuthorize("hasRole('ROLE_1001')")
     @PostMapping(value = "updateIsOnline")
     public Result updateIsOnline(String code) {
         PersistModel data = bSlService.updateIsOnline(code,getToken());
@@ -169,6 +173,7 @@ public class BSlController extends PaginationController<BSl> {
 
     @ApiOperation(value="删除课程", notes="根据ID删除一条记录")
     @ApiImplicitParam(name = "id", value = "businessId", required = true, dataType = "varchar")
+    @PreAuthorize("hasRole('ROLE_1001')")
     @PostMapping(value = "/remove")
     public Result remove(String id) {
         PersistModel data = bSlService.removeBSl(id);
@@ -181,6 +186,7 @@ public class BSlController extends PaginationController<BSl> {
     @ApiOperation(value="上传封面", notes="根据ID上传课程封面")
     @ApiImplicitParams({@ApiImplicitParam(name = "id", value = "businessId", required = true, dataType = "varchar"),
             @ApiImplicitParam(name = "file", value = "图片文件", required = false, dataType = "MultipartFile")})
+    @PreAuthorize("hasRole('ROLE_1001')")
     @PostMapping(value = "/uploadCover")
     public Result uploadCover(@RequestParam("file") MultipartFile cover,
                                     @RequestParam("id") String id) {
@@ -204,6 +210,7 @@ public class BSlController extends PaginationController<BSl> {
     @ApiOperation(value="修改课程简介", notes="修改课程简介")
     @ApiImplicitParams({@ApiImplicitParam(name = "id", value = "businessId", required = true, dataType = "varchar"),
             @ApiImplicitParam(name = "notes", value = "课程简介", required = false, dataType = "varchar")})
+    @PreAuthorize("hasRole('ROLE_1001')")
     @PostMapping(value = "/updateNotes")
     public Result updateNotes(@RequestParam("notes") String notes,
                                     @RequestParam("id") String id) {

src/main/java/org/rcisoft/business/bslapply/controller/BSlApplyController.java

@@ -19,6 +19,7 @@ import org.rcisoft.core.result.ResultServiceEnums;
 import org.rcisoft.core.util.UserUtil;
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.validation.BindingResult;
 import org.springframework.web.bind.annotation.*;
@@ -44,6 +45,7 @@ public class BSlApplyController extends PaginationController<BSlApply> {
             @ApiImplicitParam(name = "applyCode", value = "申请单号", required = false, dataType = "varchar"),
             @ApiImplicitParam(name = "teacherCode", value = "教师编号", required = false, dataType = "varchar"),
             @ApiImplicitParam(name = "refuseCourse", value = "拒绝原因", required = false, dataType = "varchar")})
+    @PreAuthorize("hasRole('ROLE_1001')")
     @PostMapping(value = "/add")
     public Result add(@Valid ApplyFormDTO applyFormDTO,
                             BindingResult bindingResult) {
@@ -62,6 +64,7 @@ public class BSlApplyController extends PaginationController<BSlApply> {
 
     @ApiOperation(value="删除开课申请", notes="根据ID删除一条记录")
     @ApiImplicitParam(name = "id", value = "businessId", required = true, dataType = "varchar")
+    @PreAuthorize("hasRole('ROLE_1001')")
     @PostMapping(value = "/remove")
     public Result remove(String id) {
         PersistModel data = bSlApplyService.removeBSlApply(id,getToken());
@@ -85,6 +88,7 @@ public class BSlApplyController extends PaginationController<BSlApply> {
     @ApiImplicitParams({@ApiImplicitParam(name = "businessId", value = "businessId", required = true, dataType = "varchar"),
             @ApiImplicitParam(name = "courseCode", value = "课程编号", required = false, dataType = "varchar"),
             @ApiImplicitParam(name = "slCode", value = "课序号", required = false, dataType = "varchar")})
+    @PreAuthorize("hasRole('ROLE_1001')")
     @PostMapping(value = "/agree")
     public Result agree(@Valid ApplyDTO applyDTO,
                               BindingResult bindingResult) throws UnsupportedEncodingException {
@@ -109,6 +113,7 @@ public class BSlApplyController extends PaginationController<BSlApply> {
             @ApiImplicitParam(name = "teacherCode", value = "教师编号", required = false, dataType = "varchar"),
             @ApiImplicitParam(name = "refuseCourse", value = "拒绝原因", required = false, dataType = "varchar"),
             @ApiImplicitParam(name = "remarks", value = "备注", required = false, dataType = "varchar")})
+    @PreAuthorize("hasRole('ROLE_1001')")
     @PostMapping(value = "/refuse")
     public Result refuse(BSlApply bSlApply) {
         bSlApply.setApplyState(ApplyStatuEnum.REFUSE.getCode());

src/main/java/org/rcisoft/business/bstudent/controller/BStudentController.java

@@ -19,6 +19,7 @@ import org.rcisoft.core.util.UserUtil;
 import org.rcisoft.sys.user.entity.SysUser;
 import org.rcisoft.sys.user.service.SysUserService;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
@@ -47,6 +48,7 @@ public class BStudentController extends PaginationController<BStudent> {
             @ApiImplicitParam(name = "recommendOrder", value = "推荐排序", required = false, dataType = "varchar"),
             @ApiImplicitParam(name = "recommendCourse", value = "推荐原因", required = false, dataType = "varchar"),
             @ApiImplicitParam(name = "remarks", value = "备注", required = false, dataType = "varchar")})
+    @PreAuthorize("hasRole('ROLE_1001')")
     @PostMapping(value = "/add")
     public Result add(BStudent bStudent, SysUser user) throws UnsupportedEncodingException {
         if(bStudent.getCode()!=null&&bStudent.getCode().length()>
@@ -62,6 +64,7 @@ public class BStudentController extends PaginationController<BStudent> {
 
     @ApiOperation(value="excel导入", notes="excel导入学生信息")
     @ApiImplicitParam(name = "importFile", value = "excel文件", required = false, dataType = "MultipartFile")
+    @PreAuthorize("hasRole('ROLE_1001')")
     @PostMapping(value = "excelImport")
     public Result excelImport(MultipartFile importFile) throws Exception {
         PersistModel data = bStudentService.importExcel(MultipartFile2HSSFWorkbookConverter.convert(importFile),getToken());
@@ -119,6 +122,7 @@ public class BStudentController extends PaginationController<BStudent> {
 
     @ApiOperation(value="逻辑删除", notes="根据ID删除一条记录")
     @ApiImplicitParam(name = "id", value = "businessId", required = true, dataType = "varchar")
+    @PreAuthorize("hasRole('ROLE_1001')")
     @PostMapping(value = "/remove")
     public Result remove(String id) {
         PersistModel data = bStudentService.removeBBStudent(id);

src/main/java/org/rcisoft/business/bteacher/controller/BTeacherController.java

@@ -18,6 +18,7 @@ import org.rcisoft.core.result.ResultServiceEnums;
 import org.rcisoft.core.util.UserUtil;
 import org.rcisoft.sys.user.entity.SysUser;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
@@ -44,6 +45,7 @@ public class BTeacherController extends PaginationController<BTeacher> {
             @ApiImplicitParam(name = "recommendOrder", value = "推荐排序", required = false, dataType = "varchar"),
             @ApiImplicitParam(name = "recommendCourse", value = "推荐原因", required = false, dataType = "varchar"),
             @ApiImplicitParam(name = "remarks", value = "备注", required = false, dataType = "varchar")})
+    @PreAuthorize("hasRole('ROLE_1001')")
     @PostMapping(value = "/add")
     public Result add(BTeacher bTeacher, SysUser user) throws UnsupportedEncodingException {
         if(bTeacher.getCode()!=null&&bTeacher.getCode().length()>
@@ -59,6 +61,7 @@ public class BTeacherController extends PaginationController<BTeacher> {
 
     @ApiOperation(value="逻辑删除", notes="根据ID删除一条记录")
     @ApiImplicitParam(name = "id", value = "businessId", required = true, dataType = "varchar")
+    @PreAuthorize("hasRole('ROLE_1001')")
     @PostMapping(value = "/remove")
     public Result remove(String id) {
         PersistModel data = bTeacherService.removeBTeacher(id);
@@ -72,6 +75,7 @@ public class BTeacherController extends PaginationController<BTeacher> {
 
     @ApiOperation(value="excel导入", notes="excel导入学生信息")
     @ApiImplicitParam(name = "importFile", value = "excel文件", required = false, dataType = "MultipartFile")
+    @PreAuthorize("hasRole('ROLE_1001')")
     @PostMapping(value = "excelImport")
     public Result excelImport(MultipartFile importFile) throws Exception {
         PersistModel data = bTeacherService.importExcel(MultipartFile2HSSFWorkbookConverter.convert(importFile),getToken());

src/main/java/org/rcisoft/business/bterm/controller/BTermController.java

@@ -18,6 +18,7 @@ import org.rcisoft.core.result.Result;
 import org.rcisoft.core.result.ResultCode;
 import org.rcisoft.core.result.ResultServiceEnums;
 import org.rcisoft.core.util.UserUtil;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.validation.BindingResult;
 import org.springframework.web.bind.annotation.*;
@@ -44,6 +45,7 @@ public class BTermController extends PaginationController<BTerm> {
             @ApiImplicitParam(name = "code", value = "学期编号", required = false, dataType = "varchar"),
             @ApiImplicitParam(name = "name", value = "学期名称", required = false, dataType = "varchar"),
             @ApiImplicitParam(name = "remarks", value = "备注", required = false, dataType = "varchar")})
+    @PreAuthorize("hasRole('ROLE_1001')")
     @PostMapping(value = "/add")
     public Result add(@Valid BTermDTO bTermDTO, BindingResult bindingResult) {
         if(bTermDTO.getCode().length() >
@@ -109,6 +111,7 @@ public class BTermController extends PaginationController<BTerm> {
 
     @ApiOperation(value="逻辑删除", notes="根据ID删除一条记录")
     @ApiImplicitParam(name = "id", value = "businessId", required = true, dataType = "varchar")
+    @PreAuthorize("hasRole('ROLE_1001')")
     @PostMapping(value = "/remove")
     public Result remove(String id) {
         PersistModel data = bTermService.removeBTerm(id);
@@ -120,6 +123,7 @@ public class BTermController extends PaginationController<BTerm> {
 
     @ApiOperation(value="修改 is_start值", notes="根据学期编号修改 is_start值")
     @ApiImplicitParam(name = "code", value = "学期编号", required = false, dataType = "varchar")
+    @PreAuthorize("hasRole('ROLE_1001')")
     @PostMapping(value = "/changeIS")
     public Result changeIS(@RequestParam("code") String code)
     {

src/main/java/org/rcisoft/business/bterm/dao/BTermRepository.java

@@ -30,6 +30,10 @@ public interface BTermRepository extends BaseMapper<BTerm> {
     @Update("<script>update b_term set is_start=0 where business_id != #{id}</script>")
     int updateUnStart(String id);
 
+    @Select("<script>select * from b_term where code = #{code}</script>")
+    @ResultMap(value = "BaseResultMap" )
+    List<BTerm> queryBtermByCode(String code);
+
 
     /*
     这里可以不写，因为这个写的是  导入excel文件格式的时候的 插入，不是正常单个插入

src/main/java/org/rcisoft/business/bterm/entity/BTerm.java

@@ -20,6 +20,8 @@ import java.util.Date;
 @AllArgsConstructor
 public class BTerm extends IdEntity<BTerm> {
 
+    private static final long serialVersionUID = 6619306545135522432L;
+
     public BTerm(String code) {
         this.code = code;
     }

src/main/java/org/rcisoft/business/bterm/service/impl/BTermServiceImpl.java

@@ -83,19 +83,20 @@ public class BTermServiceImpl implements BTermService {
         //这里没有直接使用  0  1 ，而是自定义了枚举类，来使用枚举类型
         BTerm bt=new BTerm();
         bt.setCode(code);
-        BTerm bTerm=bTermRepository.selectOne(bt);
+        List<BTerm> bTerm = bTermRepository.queryBtermByCode(code);
+        //BTerm bTerm=bTermRepository.selectOne(bt);
         if(bTerm!=null)
         {
-            if(bTerm.getIsStart().equals(BTermEnum.UN_START.getCode())) {
-                bTerm.setIsStart(BTermEnum.START.getCode());
-                bTermRepository.updateUnStart(bTerm.getBusinessId());
+            if(bTerm.get(0).getIsStart().equals(BTermEnum.UN_START.getCode())) {
+                bTerm.get(0).setIsStart(BTermEnum.START.getCode());
+                bTermRepository.updateUnStart(bTerm.get(0).getBusinessId());
             }
             else {
-                bTerm.setIsStart(BTermEnum.UN_START.getCode());
+                bTerm.get(0).setIsStart(BTermEnum.UN_START.getCode());
             }
             //如果是用updateByPrimaryKey的话，那么在数据库中将没赋值的项 置空
-            UserUtil.setCurrentMergeOperation(bTerm);
-            int line = bTermRepository.updateByPrimaryKeySelective(bTerm);
+            UserUtil.setCurrentMergeOperation(bTerm.get(0));
+            int line = bTermRepository.updateByPrimaryKeySelective(bTerm.get(0));
             return new PersistModel(line);
         }
         else

src/main/java/org/rcisoft/business/bvideo/controller/BVideoController.java

@@ -15,6 +15,7 @@ import org.rcisoft.core.result.Result;
 import org.rcisoft.core.result.ResultCode;
 import org.rcisoft.core.util.UserUtil;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
@@ -43,6 +44,7 @@ public class BVideoController extends PaginationController<BVideo> {
             @ApiImplicitParam(name = "videoUrl", value = "视频地址", required = false, dataType = "varchar"),
             @ApiImplicitParam(name = "type", value = "'0'为视频，'1'为附件", required = false, dataType = "varchar"),
             @ApiImplicitParam(name = "remarks", value = "备注", required = false, dataType = "varchar")})
+    @PreAuthorize("hasRole('ROLE_1002')")
     @PostMapping(value = "/add")
     public Result add(BVideo bVideo) {
         PersistModel data = bVideoService.persist(bVideo,getToken());
@@ -54,6 +56,7 @@ public class BVideoController extends PaginationController<BVideo> {
 
     @ApiOperation(value="逻辑删除", notes="根据ID删除一条记录")
     @ApiImplicitParam(name = "id", value = "businessId", required = true, dataType = "varchar")
+    @PreAuthorize("hasRole('ROLE_1001')")
     @PostMapping(value = "/remove")
     public Result remove(String id) {
         PersistModel data = bVideoService.removeBVideo(id,getToken());
@@ -117,6 +120,7 @@ public class BVideoController extends PaginationController<BVideo> {
             @ApiImplicitParam(name = "flag", value = "启用标记（0：停用；1：启用）", required = false, dataType = "varchar"),
             @ApiImplicitParam(name = "remarks", value = "备注", required = false, dataType = "varchar"),
             @ApiImplicitParam(name = "file", value = "视频文件", required = false, dataType = "MultipartFile")})
+    @PreAuthorize("hasRole('ROLE_1002')")
     @PostMapping(value = "/uploadVideo")
     public Result uploadVideo(BVideo bVideo, HttpServletRequest request) {
         Result result = new Result();

src/main/java/org/rcisoft/core/util/UploadUtil.java

@@ -56,6 +56,8 @@ public class UploadUtil {
             String fileurl = realPath + filename;
             multipartFile.transferTo(new File(fileurl));//上传到服务器，在服务器上新建一个文件夹，放图片，
             // 图片是multipartFile中包含的，也就是说，实际上传给我的参数中，multipartFile就是图片的代表。
+            System.out.println(global.getSERVER_LINUX());
+            System.out.println(global.getIS_SERVER_LINUX());
             if((global.getSERVER_LINUX()).equals(global.getIS_SERVER_LINUX()))
             Runtime.getRuntime().exec("chmod -R 755 "+basePath);
             map.put(IS_SUCCESSS, true);

src/main/java/org/rcisoft/sys/excel/ExcelDownloadController.java

+package org.rcisoft.sys.excel;
+
+import io.swagger.annotations.ApiImplicitParam;
+import io.swagger.annotations.ApiOperation;
+import org.rcisoft.common.component.Global;
+import org.rcisoft.core.exception.ServiceException;
+import org.rcisoft.core.result.ResultServiceEnums;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.*;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.*;
+import java.net.URLEncoder;
+
+/**
+ * Created by gaowenfeng on 2017/8/2.
+ */
+@RestController
+public class ExcelDownloadController {
+    private static final String STUDNET_FILE_NAME = "student.xls";
+    private static final String TEACHER_FILE_NAME = "teacher.xls";
+    private static final String CLASS_FILE_NAME = "class.xls";
+    private static final String STUDENT_CLASS_FILE_NAME = "student-class.xls";
+    private static final String STUDNET_SL_FILE_NAME = "student-sl.xls";
+    private static final String LESSON_FILE_NAME = "lesson.xls";
+    private static final String SL_FILE_NAME = "sl.xls";
+
+    @Autowired
+    private Global global;
+
+    @ApiOperation(value="下载excel模板", notes="下载excel模板")
+    @ApiImplicitParam(name = "type", value = "模板类型", required = false, dataType = "varchar")
+    @PostMapping("excelWithoutAuth")
+    public void excelDownLoad(HttpServletRequest request,
+                              HttpServletResponse response,
+                              @RequestParam("type") String type)
+            throws Exception {
+        String path = request.getServletContext().getRealPath(global.getEXCEL_TEMPLATE_LOCATION());
+        InputStream in = null;
+        OutputStream out = null;
+        File file = getDownLoadFile(type,path);
+        if (file == null)
+            throw new ServiceException(ResultServiceEnums.TEMPLAGE_NOT_EXISTS);
+        in = new BufferedInputStream(new FileInputStream(file));
+        out = new BufferedOutputStream(response.getOutputStream());
+        response.setContentType("application/octet-stream");
+        response.setCharacterEncoding("UTF-8");
+        response.setHeader("Content-Disposition", "attachment;filename=" + URLEncoder.encode(file.getName(), "UTF-8"));//如果输出的是中文名的文件，在此处就要用URLEncoder.encode方法进行处理
+        byte[] buffer = new byte[in.available()];
+        in.read(buffer);
+        out.write(buffer);
+    }
+
+    @GetMapping("excel")
+    public void excel(HttpServletRequest request,
+                              HttpServletResponse response,
+                              @RequestParam("type") String type)
+            throws Exception {
+        excelDownLoad(request,response,type);
+    }
+
+    private File getDownLoadFile(String type, String path){
+        File file = null;
+        switch (type) {
+            case "1":
+                file = new File(path + STUDNET_FILE_NAME);
+                break;
+            case "2":
+                file = new File(path + TEACHER_FILE_NAME);
+                break;
+            case "3":
+                file = new File(path + CLASS_FILE_NAME);
+                break;
+            case "4":
+                file = new File(path + STUDENT_CLASS_FILE_NAME);
+                break;
+            case "5":
+                file = new File(path + STUDNET_SL_FILE_NAME);
+                break;
+            case "6":
+                file = new File(path + LESSON_FILE_NAME);
+                break;
+            case "7":
+                file = new File(path + SL_FILE_NAME);
+                break;
+        }
+        return file;
+    }
+
+}

src/main/resources/application-dev.yml

@@ -117,11 +117,11 @@ global:
     server_url:  http://gwf.natapp.cc/eduServer
     server_linux: 1
     login_secert_key: "base64EncodedSecretKey"
-    is_server_linux: 5
+    is_server_linux: 1
     max_code_length: 15
     session_admin_header_value: pYez25-y7nqPfm9seY2S
   code:
-    admin: 1001
-    teacher: 1002
-    student: 1003
+    admin: ROLE_1001
+    teacher: ROLE_1002
+    student: ROLE_1003