update

edu-user/edu-user-server/src/main/java/com/keao/edu/user/controller/EmployeeController.java

@@ -14,6 +14,7 @@ import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiImplicitParam;
 import io.swagger.annotations.ApiOperation;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 @RestController
@@ -28,6 +29,7 @@ public class EmployeeController extends BaseController {
 	
 	@ApiOperation("员工服务分页查询")
 	@GetMapping(value = "/list")
+	@PreAuthorize("@pcs.hasPermissions('employee/list')")
 	public HttpResponseResult<PageInfo<Employee>> getList(EmployeeQueryInfo queryInfo) {
 		SysUser sysUser = sysUserFeignService.queryUserInfo();
 		queryInfo.setUserId(sysUser.getId());
@@ -40,12 +42,14 @@ public class EmployeeController extends BaseController {
 	@ApiOperation("查询员工详情")
 	@ApiImplicitParam(name = "id", value = "员工ID", required = true, dataType = "Integer", paramType = "path")
 	@GetMapping(value = "/query")
+	@PreAuthorize("@pcs.hasPermissions('employee/query')")
 	public HttpResponseResult<Employee> query(Integer id) {
 		return succeed(employeeService.getEmployee(id));
 	}
 
 	@ApiOperation("新增员工")
 	@PostMapping(value = "/add")
+	@PreAuthorize("@pcs.hasPermissions('employee/add')")
 	public HttpResponseResult add(@RequestBody Employee employee) {
 //        SysUser sysUser = sysUserFeignService.queryUserInfo();
 //        employee.setOrganId(sysUser.getId());
@@ -56,6 +60,7 @@ public class EmployeeController extends BaseController {
 
 	@ApiOperation("更新员工")
 	@PostMapping(value = "/update")
+	@PreAuthorize("@pcs.hasPermissions('employee/update')")
 	public HttpResponseResult update(@RequestBody Employee employee) {
 		employeeService.updateEmployee(employee);
 		return succeed();
@@ -63,6 +68,7 @@ public class EmployeeController extends BaseController {
 
 	@ApiOperation(value = "获取用户信息")
 	@GetMapping("/queryUserInfo")
+	@PreAuthorize("@pcs.hasPermissions('employee/queryUserInfo')")
 	public Object apiQueryUserInfo() {
 		SysUser sysUser = sysUserFeignService.queryUserInfo();
 		if(sysUser != null && sysUser.getId() != null){
@@ -77,6 +83,7 @@ public class EmployeeController extends BaseController {
 
 	@ApiOperation("删除")
 	@PostMapping(value = "/del/{id}")
+	@PreAuthorize("@pcs.hasPermissions('employee/del')")
 	public HttpResponseResult add(@PathVariable("id") Integer id) {
 		employeeService.del(id);
 		return succeed();

edu-user/edu-user-server/src/main/java/com/keao/edu/user/controller/ExamCertificationController.java

@@ -8,6 +8,7 @@ import com.keao.edu.user.service.ExamCertificationService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
@@ -24,18 +25,21 @@ public class ExamCertificationController extends BaseController {
 
     @ApiOperation("后台获取学员准考证详情")
     @GetMapping(value = "findDetailByStudentId")
+    @PreAuthorize("@pcs.hasPermissions('examCertification/findDetailByStudentId')")
     public HttpResponseResult<ExamCertificationDto> findDetailByStudentId(Long examRegistrationId) {
         return succeed(examCertificationService.findDetailByStudentId(examRegistrationId));
     }
 
     @ApiOperation("学生端获取学员准考证列表")
     @GetMapping(value = "queryCertificationPage")
+    @PreAuthorize("@pcs.hasPermissions('examCertification/queryCertificationPage')")
     public HttpResponseResult<List<ExamCertificationDto>> queryCertification(Long examRegistrationId) {
         return succeed(examCertificationService.queryCertificationPage(examRegistrationId));
     }
 
     @ApiOperation("学生端待考详情")
     @GetMapping(value = "needCheckingDetail")
+    @PreAuthorize("@pcs.hasPermissions('examCertification/needCheckingDetail')")
     public HttpResponseResult<NeedCheckingDetailDto> needCheckingDetail(Long examRegistrationId) {
         return succeed(examCertificationService.needCheckingDetail(examRegistrationId));
     }

edu-user/edu-user-server/src/main/java/com/keao/edu/user/controller/ExamLocationController.java

@@ -12,6 +12,7 @@ import io.swagger.annotations.ApiImplicitParam;
 import io.swagger.annotations.ApiOperation;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.Date;
@@ -31,6 +32,7 @@ public class ExamLocationController extends BaseController {
 
     @ApiOperation("分页查询")
     @GetMapping(value = "/list")
+    @PreAuthorize("@pcs.hasPermissions('examLocation/list')")
     public HttpResponseResult<PageInfo<ExamLocation>> getList(ExamLocationQueryInfo queryInfo) {
         if(StringUtils.isBlank(queryInfo.getSearch())){
             queryInfo.setSearch(null);
@@ -40,6 +42,7 @@ public class ExamLocationController extends BaseController {
 
     @ApiOperation("获取所在机构所有考点")
     @GetMapping(value = "/getTenantAllLocations")
+    @PreAuthorize("@pcs.hasPermissions('examLocation/getTenantAllLocations')")
     public HttpResponseResult<List<ExamLocation>> getTenantAllLocations(){
         return succeed(examLocationService.getTenantAllLocations(TenantContextHolder.getTenantId()));
     }
@@ -47,12 +50,14 @@ public class ExamLocationController extends BaseController {
     @ApiOperation("查询考点详情")
     @ApiImplicitParam(name = "id", value = "机构ID", required = true, dataType = "Integer", paramType = "path")
     @GetMapping(value = "/query")
+    @PreAuthorize("@pcs.hasPermissions('examLocation/query')")
     public HttpResponseResult<ExamLocation> query(Integer id) {
         return succeed(examLocationService.get(id));
     }
 
     @ApiOperation("新增考点")
     @PostMapping(value = "/add")
+    @PreAuthorize("@pcs.hasPermissions('examLocation/add')")
     public HttpResponseResult add(@RequestBody ExamLocation examLocation) {
         examLocation.setTenantId(TenantContextHolder.getTenantId());
         examLocation.setIsAvailable(true);
@@ -62,6 +67,7 @@ public class ExamLocationController extends BaseController {
 
     @ApiOperation("更新考点")
     @PostMapping(value = "/update")
+    @PreAuthorize("@pcs.hasPermissions('examLocation/update')")
     public HttpResponseResult update(@RequestBody ExamLocation examLocation) {
         examLocation.setUpdateTime(new Date());
         examLocationService.update(examLocation);
@@ -70,6 +76,7 @@ public class ExamLocationController extends BaseController {
 
     @ApiOperation("删除考点")
     @PostMapping(value = "/del")
+    @PreAuthorize("@pcs.hasPermissions('examLocation/del')")
     public HttpResponseResult add(Integer id) {
         return succeed(examLocationService.delete(id));
     }

edu-user/edu-user-server/src/main/java/com/keao/edu/user/controller/ExamManualLedgerController.java

@@ -12,11 +12,10 @@ import com.keao.edu.user.entity.ExamManualLedger;
 import com.keao.edu.user.enums.TransDirectionEnum;
 import com.keao.edu.user.page.ExamManualLedgerQueryInfo;
 import com.keao.edu.user.service.ExamManualLedgerService;
-
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
-
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.ui.ModelMap;
 import org.springframework.web.bind.annotation.*;
 
@@ -36,6 +35,7 @@ public class ExamManualLedgerController extends BaseController {
 
     @ApiOperation("分页查询")
     @GetMapping(value = "/list")
+    @PreAuthorize("@pcs.hasPermissions('examManualLedger/list')")
 	public HttpResponseResult<ModelMap> getList(ExamManualLedgerQueryInfo queryInfo) {
 		PageInfo<ExamManualLedger> pageInfo = examManualLedgerService.queryExamManualLedgers(queryInfo);
 		ModelMap model = new ModelMap();
@@ -46,6 +46,7 @@ public class ExamManualLedgerController extends BaseController {
 
     @ApiOperation("新增支出记录")
     @PostMapping(value = "/add")
+    @PreAuthorize("@pcs.hasPermissions('examManualLedger/add')")
     public HttpResponseResult add(@RequestBody ExamManualLedger examManualLedger) {
         SysUser sysUser = sysUserFeignService.queryUserInfo();
         examManualLedger.setTransDirection(TransDirectionEnum.EXPENDITURE);
@@ -58,6 +59,7 @@ public class ExamManualLedgerController extends BaseController {
 
     @ApiOperation("更新支出记录")
     @PostMapping(value = "/update")
+    @PreAuthorize("@pcs.hasPermissions('examManualLedger/update')")
     public HttpResponseResult update(@RequestBody ExamManualLedger examManualLedger) {
         examManualLedgerService.update(examManualLedger);
         return succeed();
@@ -65,6 +67,7 @@ public class ExamManualLedgerController extends BaseController {
 
     @ApiOperation("删除支出记录")
     @PostMapping(value = "/del")
+    @PreAuthorize("@pcs.hasPermissions('examManualLedger/del')")
     public HttpResponseResult del(Long id) {
         SysUser sysUser = sysUserFeignService.queryUserInfo();
         examManualLedgerService.deleteExamManualLedger(sysUser.getId(),id);
@@ -73,6 +76,7 @@ public class ExamManualLedgerController extends BaseController {
 
     @ApiOperation("获取考级项目支出统计信息")
     @GetMapping(value = "/getExamManualLedgerStatistics")
+    @PreAuthorize("@pcs.hasPermissions('examManualLedger/getExamManualLedgerStatistics')")
     public HttpResponseResult<ExamManualLedgerStatisticsDto> getExamManualLedgerStatistics(Long examId, Integer targetOrganId){
         return succeed(examManualLedgerService.getExamManualLedgerStatistics(OrganContextHolder.getOrganId(),examId,targetOrganId));
     }

edu-user/edu-user-server/src/main/java/com/keao/edu/user/controller/ExamMusicTheoryController.java

@@ -10,6 +10,7 @@ import com.keao.edu.user.service.ExamMusicTheoryService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.Date;
@@ -29,12 +30,14 @@ public class ExamMusicTheoryController extends BaseController {
 
     @ApiOperation("分页查询")
     @GetMapping(value = "/list")
+    @PreAuthorize("@pcs.hasPermissions('examMusicTheory/list')")
     public HttpResponseResult<PageInfo<ExamMusicTheory>> getList(ExamMusicTheoryQueryInfo queryInfo) {
         return succeed(examMusicTheoryService.queryPage(queryInfo));
     }
 
     @ApiOperation("新增")
     @PostMapping(value = "/add")
+    @PreAuthorize("@pcs.hasPermissions('examMusicTheory/add')")
     public HttpResponseResult add(ExamMusicTheory examMusicTheory) {
         examMusicTheory.setTenantId(TenantContextHolder.getTenantId());
         examMusicTheoryService.insert(examMusicTheory);
@@ -43,6 +46,7 @@ public class ExamMusicTheoryController extends BaseController {
 
     @ApiOperation("更新")
     @PostMapping(value = "/update")
+    @PreAuthorize("@pcs.hasPermissions('examMusicTheory/update')")
     public HttpResponseResult update(ExamMusicTheory examMusicTheory) {
         examMusicTheory.setUpdateTime(new Date());
         examMusicTheoryService.update(examMusicTheory);
@@ -51,6 +55,7 @@ public class ExamMusicTheoryController extends BaseController {
 
     @ApiOperation("删除")
     @PostMapping(value = "/del/{id}")
+    @PreAuthorize("@pcs.hasPermissions('examMusicTheory/del')")
     public HttpResponseResult add(@PathVariable("id") Integer id) {
         return succeed(examMusicTheoryService.delete(id));
     }
@@ -58,6 +63,7 @@ public class ExamMusicTheoryController extends BaseController {
 
     @ApiOperation("获取项目乐理级别列表")
     @GetMapping(value = "/getTheoryLevelList")
+    @PreAuthorize("@pcs.hasPermissions('examMusicTheory/getTheoryLevelList')")
     public HttpResponseResult<List<ExamMusicTheory>> getTheoryLevelList(Integer examId) {
         return succeed(examMusicTheoryService.getTheoryLevelList(examId));
     }

edu-user/edu-user-server/src/main/java/com/keao/edu/user/controller/ExamOrganizationRelationController.java

@@ -15,6 +15,7 @@ import com.keao.edu.user.service.ExamOrganizationRelationService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.List;
@@ -41,6 +42,7 @@ public class ExamOrganizationRelationController extends BaseController {
 
     @ApiOperation("分页查询")
     @GetMapping(value = "/list")
+    @PreAuthorize("@pcs.hasPermissions('examOrganizationRelation/list')")
     public HttpResponseResult<PageInfo<ExamOrganizationRelationExtraDto>> getList(ExamOrganizationRelationQueryInfo queryInfo) {
         SysUser sysUser = sysUserFeignService.queryUserInfo();
         if(Objects.isNull(sysUser)){
@@ -58,6 +60,7 @@ public class ExamOrganizationRelationController extends BaseController {
 
     @ApiOperation("获取子合作单位")
     @GetMapping(value = "/getChildOrgans")
+    @PreAuthorize("@pcs.hasPermissions('examOrganizationRelation/getChildOrgans')")
     public HttpResponseResult<List<ExamOrganizationRelationExtraDto>> getChildOrgans(Long examId) {
         SysUser sysUser = sysUserFeignService.queryUserInfo();
         if(Objects.isNull(sysUser)){
@@ -74,6 +77,7 @@ public class ExamOrganizationRelationController extends BaseController {
 
     @ApiOperation("添加合作单位")
     @PostMapping(value = "/addExamOrganizations")
+    @PreAuthorize("@pcs.hasPermissions('examOrganizationRelation/addExamOrganizations')")
     public HttpResponseResult addExamOrganizations(@RequestBody List<ExamOrganizationRelation> organizationRelations){
         SysUser sysUser = sysUserFeignService.queryUserInfo();
         if(Objects.isNull(sysUser)){
@@ -89,6 +93,7 @@ public class ExamOrganizationRelationController extends BaseController {
 
     @ApiOperation("更新考级项目与合作单位关联信息")
     @PostMapping(value = "/updateExamOrganizationRelation")
+    @PreAuthorize("@pcs.hasPermissions('examOrganizationRelation/updateExamOrganizationRelation')")
     public HttpResponseResult updateExamOrganizationRelation(@RequestBody ExamOrganizationRelation examOrganizationRelation){
         SysUser sysUser = sysUserFeignService.queryUserInfo();
         if(Objects.isNull(sysUser)){
@@ -104,6 +109,7 @@ public class ExamOrganizationRelationController extends BaseController {
 
     @ApiOperation("发送考级报名链接")
     @PostMapping(value = "/sendUrl")
+    @PreAuthorize("@pcs.hasPermissions('examOrganizationRelation/sendUrl')")
     public HttpResponseResult sendUrl(Integer examId){
         SysUser sysUser = sysUserFeignService.queryUserInfo();
         if(Objects.isNull(sysUser)){
@@ -123,6 +129,7 @@ public class ExamOrganizationRelationController extends BaseController {
 
     @ApiOperation("删除")
     @PostMapping(value = "/del")
+    @PreAuthorize("@pcs.hasPermissions('examOrganizationRelation/del')")
     public HttpResponseResult del(Long id){
         examOrganizationRelationService.deleteExamOrgan(id);
         return succeed();
@@ -130,6 +137,7 @@ public class ExamOrganizationRelationController extends BaseController {
 
     @ApiOperation("获取本单位项目信息")
     @GetMapping(value = "/getExamOrganStatistics")
+    @PreAuthorize("@pcs.hasPermissions('examOrganizationRelation/getExamOrganStatistics')")
     public HttpResponseResult getExamOrganStatistics(Long examId){
         SysUser sysUser = sysUserFeignService.queryUserInfo();
         if(Objects.isNull(sysUser)){
@@ -147,6 +155,7 @@ public class ExamOrganizationRelationController extends BaseController {
 
     @ApiOperation("获取未关联到考级项目的合作单位")
     @GetMapping(value = "/queryUnRelatedOrgans")
+    @PreAuthorize("@pcs.hasPermissions('examOrganizationRelation/queryUnRelatedOrgans')")
     public HttpResponseResult<Map<String, Object>> queryUnRelatedOrgans(ExamOrganizationRelationQueryInfo queryInfo){
         SysUser sysUser = sysUserFeignService.queryUserInfo();
         if(Objects.isNull(sysUser)){

edu-user/edu-user-server/src/main/java/com/keao/edu/user/controller/ExamReviewController.java

@@ -5,7 +5,6 @@ import com.keao.edu.auth.api.entity.SysUser;
 import com.keao.edu.common.controller.BaseController;
 import com.keao.edu.common.entity.HttpResponseResult;
 import com.keao.edu.common.page.PageInfo;
-import com.keao.edu.common.page.QueryInfo;
 import com.keao.edu.user.dto.ExamReviewDto;
 import com.keao.edu.user.dto.ExamReviewRecordDto;
 import com.keao.edu.user.entity.Employee;
@@ -15,10 +14,13 @@ import com.keao.edu.user.page.ExamReviewRecordQueryInfo;
 import com.keao.edu.user.service.EmployeeService;
 import com.keao.edu.user.service.ExamReviewService;
 import io.swagger.annotations.Api;
-import io.swagger.annotations.ApiModelProperty;
 import io.swagger.annotations.ApiOperation;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
 
 import java.util.Objects;
 
@@ -36,6 +38,7 @@ public class ExamReviewController extends BaseController {
 
     @ApiOperation("分页查询评审结果")
     @GetMapping(value = "/list")
+    @PreAuthorize("@pcs.hasPermissions('examReview/list')")
     public HttpResponseResult<PageInfo<ExamReviewDto>> getList(ExamReviewQueryInfo queryInfo) {
         SysUser sysUser = sysUserFeignService.queryUserInfo();
         if(!sysUser.getIsSuperAdmin()){
@@ -49,6 +52,7 @@ public class ExamReviewController extends BaseController {
 
     @ApiOperation("监考页面分页查询评审结果")
     @GetMapping(value = "/queryExamReviewRecordList")
+    @PreAuthorize("@pcs.hasPermissions('examReview/queryExamReviewRecordList')")
     public HttpResponseResult<PageInfo<ExamReviewRecordDto>> queryExamReviewRecordList(ExamReviewRecordQueryInfo queryInfo) {
         SysUser sysUser = sysUserFeignService.queryUserInfo();
         queryInfo.setTeacherId(sysUser.getId());
@@ -57,6 +61,7 @@ public class ExamReviewController extends BaseController {
 
     @ApiOperation("修改评审结果")
     @PostMapping(value = "/update")
+    @PreAuthorize("@pcs.hasPermissions('examReview/update')")
     public HttpResponseResult update(ExamReview examReview){
         examReviewService.update(examReview);
         return succeed();
@@ -64,6 +69,7 @@ public class ExamReviewController extends BaseController {
 
     @ApiOperation("老师评审")
     @PostMapping(value = "/createExamReview")
+    @PreAuthorize("@pcs.hasPermissions('examReview/createExamReview')")
     public HttpResponseResult createExamReview(ExamReview examReview){
         examReviewService.add(examReview);
         return succeed();

edu-user/edu-user-server/src/main/java/com/keao/edu/user/controller/ExamRoomController.java

@@ -19,6 +19,7 @@ import com.keao.edu.user.service.TeacherService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.List;
@@ -40,6 +41,7 @@ public class ExamRoomController extends BaseController {
 
     @ApiOperation("分页查询监考列表")
     @GetMapping(value = "/list")
+    @PreAuthorize("@pcs.hasPermissions('examRoom/list')")
     public HttpResponseResult<PageInfo<ExamRoomListDto>> getList(ExamRoomListQueryInfo queryInfo) {
         SysUser sysUser = sysUserFeignService.queryUserInfo();
         if(!sysUser.getIsSuperAdmin() && Objects.isNull(queryInfo.getOrganId())){
@@ -54,6 +56,7 @@ public class ExamRoomController extends BaseController {
 
     @ApiOperation("发送考试安排")
     @GetMapping(value = "/sendExamPlan")
+    @PreAuthorize("@pcs.hasPermissions('examRoom/sendExamPlan')")
     public HttpResponseResult sendExamPlan(Integer examId){
         SysUser sysUser = sysUserFeignService.queryUserInfo();
         Employee employee = employeeService.get(sysUser.getId());
@@ -65,6 +68,7 @@ public class ExamRoomController extends BaseController {
 
     @ApiOperation("获取考级项目教室列表")
     @GetMapping(value = "/queryExamRooms")
+    @PreAuthorize("@pcs.hasPermissions('examRoom/queryExamRooms')")
     public HttpResponseResult<PageInfo<ExamRoomDto>> queryExamRooms(ExamRoomQueryInfo queryInfo) {
         SysUser sysUser = sysUserFeignService.queryUserInfo();
         if(!sysUser.getIsSuperAdmin()&&Objects.isNull(queryInfo.getOrganId())){
@@ -79,6 +83,7 @@ public class ExamRoomController extends BaseController {
 
     @ApiOperation("更新考场")
     @PostMapping(value = "/update")
+    @PreAuthorize("@pcs.hasPermissions('examRoom/update')")
     public HttpResponseResult update(@RequestBody ExamRoom examRoom){
         SysUser sysUser = sysUserFeignService.queryUserInfo();
         Employee employee = employeeService.get(sysUser.getId());
@@ -92,6 +97,7 @@ public class ExamRoomController extends BaseController {
 
     @ApiOperation("创建教室")
     @PostMapping(value = "/createExamRoom")
+    @PreAuthorize("@pcs.hasPermissions('examRoom/createExamRoom')")
     public HttpResponseResult createExamRoom(@RequestBody ExamRoom examRoom){
         SysUser sysUser = sysUserFeignService.queryUserInfo();
         Employee employee = employeeService.get(sysUser.getId());
@@ -105,6 +111,7 @@ public class ExamRoomController extends BaseController {
 
     @ApiOperation("更新教室信息")
     @PostMapping(value = "/updateExamRoom")
+    @PreAuthorize("@pcs.hasPermissions('examRoom/updateExamRoom')")
     public HttpResponseResult<ExamRoom> updateExamRoom(@RequestBody ExamRoom examRoom){
         SysUser sysUser = sysUserFeignService.queryUserInfo();
         Employee employee = employeeService.get(sysUser.getId());
@@ -117,6 +124,7 @@ public class ExamRoomController extends BaseController {
 
     @ApiOperation("教室状态变更（关闭教室，开启教室）")
     @PostMapping(value = "/changeExamRoom")
+    @PreAuthorize("@pcs.hasPermissions('examRoom/changeExamRoom')")
     public HttpResponseResult changeExamRoom(Long examRoomId,Integer openFlag){
         examRoomService.changeExamRoom(examRoomId,openFlag);
         return succeed();
@@ -124,6 +132,7 @@ public class ExamRoomController extends BaseController {
 
     @ApiOperation("删除教室")
     @PostMapping(value = "/deleteExamRooms")
+    @PreAuthorize("@pcs.hasPermissions('examRoom/deleteExamRooms')")
     public HttpResponseResult deleteExamRooms(String examRoomIds){
         SysUser sysUser = sysUserFeignService.queryUserInfo();
         Integer organId=null;
@@ -140,18 +149,21 @@ public class ExamRoomController extends BaseController {
 
     @ApiOperation("获取教室")
     @GetMapping(value = "/get")
+    @PreAuthorize("@pcs.hasPermissions('examRoom/get')")
     public HttpResponseResult<ExamRoom> getExamRoom(Long id){
         return succeed(examRoomService.get(id));
     }
 
     @ApiOperation("获取教室")
     @PostMapping(value = "/api/get")
+    @PreAuthorize("@pcs.hasPermissions('examRoom/api/get')")
     public ExamRoom getApiExamRoom(Long id){
         return examRoomService.get(id);
     }
 
     @ApiOperation("获取考场统计信息")
     @GetMapping(value = "/getExamRoomStatisticsInfo")
+    @PreAuthorize("@pcs.hasPermissions('examRoom/getExamRoomStatisticsInfo')")
     public HttpResponseResult<ExamRoomStatisticsDto> getExamRoomStatisticsInfo(Long examId){
         SysUser sysUser = sysUserFeignService.queryUserInfo();
         Integer organId=null;
@@ -167,12 +179,14 @@ public class ExamRoomController extends BaseController {
 
     @ApiOperation("获取报名学员可加入教室列表")
     @GetMapping(value = "/getStudentEnableJoinRoom")
+    @PreAuthorize("@pcs.hasPermissions('examRoom/getStudentEnableJoinRoom')")
     public HttpResponseResult<List<ExamRoom>> getStudentEnableJoinRoom(Long registId){
         return succeed(examRoomService.getStudentEnableJoinRoom(registId));
     }
 
     @ApiOperation("强制关闭考场")
     @PostMapping(value = "/forceCloseExamRoom")
+    @PreAuthorize("@pcs.hasPermissions('examRoom/forceCloseExamRoom')")
     public HttpResponseResult forceCloseExamRoom(Long examRoomId){
         return examRoomService.forceCloseExamRoom(examRoomId);
     }

edu-user/edu-user-server/src/main/java/com/keao/edu/user/controller/ExamRoomStudentRelationController.java

@@ -16,6 +16,7 @@ import com.keao.edu.user.service.ExamRoomStudentRelationService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -44,6 +45,7 @@ public class ExamRoomStudentRelationController extends BaseController {
 
     @ApiOperation("签到")
     @PostMapping(value = "/signIn")
+    @PreAuthorize("@pcs.hasPermissions('examRoomStudentRelation/signIn')")
     public HttpResponseResult signIn(Long examRegistrationId) {
         examRoomStudentRelationService.signIn(examRegistrationId);
         return succeed();
@@ -51,6 +53,7 @@ public class ExamRoomStudentRelationController extends BaseController {
 
     @ApiOperation("下一位")
     @PostMapping(value = "/nextBit")
+    @PreAuthorize("@pcs.hasPermissions('examRoomStudentRelation/nextBit')")
     public HttpResponseResult nextBit(Integer examStatus,Long roomId) {
         examRoomStudentRelationService.nextBit(examStatus,roomId);
         return succeed();
@@ -58,6 +61,7 @@ public class ExamRoomStudentRelationController extends BaseController {
 
     @ApiOperation("开始考试")
     @PostMapping(value = "/actionExam")
+    @PreAuthorize("@pcs.hasPermissions('examRoomStudentRelation/actionExam')")
     public HttpResponseResult actionExam(Long roomId) {
         examRoomStudentRelationService.actionExam(roomId);
         return succeed();
@@ -65,6 +69,7 @@ public class ExamRoomStudentRelationController extends BaseController {
 
     @ApiOperation("监考端选择去录播")
     @PostMapping(value = "/webRecorded")
+    @PreAuthorize("@pcs.hasPermissions('examRoomStudentRelation/webRecorded')")
     public HttpResponseResult webRecorded(Long roomId) {
         examRoomStudentRelationService.recorded(roomId);
         return succeed();
@@ -78,12 +83,14 @@ public class ExamRoomStudentRelationController extends BaseController {
 
     @ApiOperation("学生端录播详情页面")
     @GetMapping(value = "/stuRecordDetail")
+    @PreAuthorize("@pcs.hasPermissions('examRoomStudentRelation/stuRecordDetail')")
     public HttpResponseResult<StuRecordDetailDto> stuRecordDetail(Long examRegistrationId) {
         return succeed(examRoomStudentRelationService.stuRecordDetail(examRegistrationId));
     }
 
     @ApiOperation("学生端完成录播")
     @PostMapping(value = "/stuEndRecord")
+    @PreAuthorize("@pcs.hasPermissions('examRoomStudentRelation/stuEndRecord')")
     public HttpResponseResult stuEndRecord(Long examRegistrationId,String videoUrl) {
         examRoomStudentRelationService.stuEndRecord(examRegistrationId,videoUrl);
         return succeed();
@@ -97,24 +104,28 @@ public class ExamRoomStudentRelationController extends BaseController {
 
     @ApiOperation("获取后台考场待考队列")
     @PostMapping(value = "/queryNeedCheckingList")
+    @PreAuthorize("@pcs.hasPermissions('examRoomStudentRelation/queryNeedCheckingList')")
     public HttpResponseResult queryNeedCheckingList(Long roomId) {
         return succeed(examRoomStudentRelationService.queryNeedCheckingList(roomId));
     }
 
     @ApiOperation("获取推送消息内容")
     @PostMapping(value = "api/getPublishMessage")
+    @PreAuthorize("@pcs.hasPermissions('examRoomStudentRelation/api/getPublishMessage')")
     public PublishMessageDto getPublishMessage(Long examRegistrationId) {
         return examRoomStudentRelationService.getPublishMessage(examRegistrationId);
     }
 
     @ApiOperation("获取教室学员关联")
     @PostMapping(value = "api/getExamRoomStudentRelation")
+    @PreAuthorize("@pcs.hasPermissions('examRoomStudentRelation/api/getExamRoomStudentRelation')")
     public ExamRoomStudentRelation getExamRoomStudentRelation(Long registrationId) {
         return examRoomStudentRelationService.getExamRoomStudentRelation(registrationId);
     }
 
     @ApiOperation("给教室分配学员")
     @PostMapping(value = "/addStudentForRoom")
+    @PreAuthorize("@pcs.hasPermissions('examRoomStudentRelation/addStudentForRoom')")
     public HttpResponseResult addStudentForRoom(Long examRoomId, String registIds){
         SysUser sysUser = sysUserFeignService.queryUserInfo();
         Integer organId=null;
@@ -131,6 +142,7 @@ public class ExamRoomStudentRelationController extends BaseController {
 
     @ApiOperation("自动分配学员到考场")
     @PostMapping(value = "/autoSplitStudentToRoom")
+    @PreAuthorize("@pcs.hasPermissions('examRoomStudentRelation/autoSplitStudentToRoom')")
     public HttpResponseResult autoSplitStudentToRoom(Long examId){
         SysUser sysUser = sysUserFeignService.queryUserInfo();
         Integer organId=null;
@@ -147,6 +159,7 @@ public class ExamRoomStudentRelationController extends BaseController {
 
     @ApiOperation("更换学员考场")
     @PostMapping(value = "/changeStudentExamRoom")
+    @PreAuthorize("@pcs.hasPermissions('examRoomStudentRelation/changeStudentExamRoom')")
     public HttpResponseResult changeStudentExamRoom(Long registId, Long examRoomId){
         SysUser sysUser = sysUserFeignService.queryUserInfo();
         Integer organId=null;
@@ -163,6 +176,7 @@ public class ExamRoomStudentRelationController extends BaseController {
 
     @ApiOperation("获取教室学员")
     @GetMapping(value = "/findExamRoomStudents")
+    @PreAuthorize("@pcs.hasPermissions('examRoomStudentRelation/findExamRoomStudents')")
     public HttpResponseResult<PageInfo<ExamRoomStudentRelationDto>> findExamRoomStudents(ExamRoomStudentRelationQueryInfo queryInfo){
         SysUser sysUser = sysUserFeignService.queryUserInfo();
         if(!sysUser.getIsSuperAdmin()){
@@ -176,6 +190,7 @@ public class ExamRoomStudentRelationController extends BaseController {
 
     @ApiOperation("删除指定教室学员")
     @PostMapping(value = "/deleteStudentFromRoom")
+    @PreAuthorize("@pcs.hasPermissions('examRoomStudentRelation/deleteStudentFromRoom')")
     public HttpResponseResult deleteStudentFromRoom(Long examRoomId, String registIds){
         SysUser sysUser = sysUserFeignService.queryUserInfo();
         Integer organId=null;

edu-user/edu-user-server/src/main/java/com/keao/edu/user/controller/ExamSongController.java

@@ -11,6 +11,7 @@ import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiImplicitParam;
 import io.swagger.annotations.ApiOperation;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.Date;
@@ -30,12 +31,14 @@ public class ExamSongController extends BaseController {
 
     @ApiOperation("分页查询")
     @GetMapping(value = "/list")
+    @PreAuthorize("@pcs.hasPermissions('examSong/list')")
     public HttpResponseResult<PageInfo<ExamSong>> getList(ExamSongQueryInfo queryInfo) {
         return succeed(examSongService.queryPage(queryInfo));
     }
 
     @ApiOperation("学生端分页查询考级曲库")
     @GetMapping(value = "/queryPage")
+    @PreAuthorize("@pcs.hasPermissions('examSong/queryPage')")
     public HttpResponseResult<PageInfo<ExamSong>> queryPage(ExamSongQueryInfo queryInfo) {
         return succeed(examSongService.querySongPage(queryInfo));
     }
@@ -43,12 +46,14 @@ public class ExamSongController extends BaseController {
     @ApiOperation("查询曲库详情")
     @ApiImplicitParam(name = "id", value = "机构ID", required = true, dataType = "Integer", paramType = "path")
     @GetMapping(value = "/query")
+    @PreAuthorize("@pcs.hasPermissions('examSong/query')")
     public HttpResponseResult<ExamSong> query(Integer id) {
         return succeed(examSongService.get(id));
     }
 
     @ApiOperation("新增曲库")
     @PostMapping(value = "/add")
+    @PreAuthorize("@pcs.hasPermissions('examSong/add')")
     public HttpResponseResult add(@RequestBody ExamSong examSong) {
         examSong.setTenantId(TenantContextHolder.getTenantId());
         examSongService.insert(examSong);
@@ -57,6 +62,7 @@ public class ExamSongController extends BaseController {
 
     @ApiOperation("更新曲库")
     @PostMapping(value = "/update")
+    @PreAuthorize("@pcs.hasPermissions('examSong/update')")
     public HttpResponseResult update(@RequestBody ExamSong examSong) {
         examSong.setUpdateTime(new Date());
         examSongService.update(examSong);
@@ -65,12 +71,14 @@ public class ExamSongController extends BaseController {
 
     @ApiOperation("删除曲库")
     @PostMapping(value = "/del")
+    @PreAuthorize("@pcs.hasPermissions('examSong/del')")
     public HttpResponseResult add(Integer id) {
         return succeed(examSongService.delete(id));
     }
 
     @ApiOperation("根据专业获取曲目")
     @GetMapping(value = "/getWithSubject")
+    @PreAuthorize("@pcs.hasPermissions('examSong/getWithSubject')")
     public HttpResponseResult<List<ExamSong>> getWithSubject(Integer subjectId){
         return succeed(examSongService.getWithSubject(subjectId));
     }

edu-user/edu-user-server/src/main/java/com/keao/edu/user/controller/ExamSubjectController.java

@@ -3,16 +3,15 @@ package com.keao.edu.user.controller;
 import com.keao.edu.common.controller.BaseController;
 import com.keao.edu.common.entity.HttpResponseResult;
 import com.keao.edu.common.tenant.TenantContextHolder;
-import com.keao.edu.user.dto.ExamSubjectDto;
-import com.keao.edu.user.entity.ExamSong;
 import com.keao.edu.user.entity.Subject;
 import com.keao.edu.user.service.ExamSubjectService;
 import io.swagger.annotations.Api;
-import io.swagger.annotations.ApiImplicitParam;
 import io.swagger.annotations.ApiOperation;
-import org.apache.ibatis.annotations.Param;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
 
 import java.util.List;
 
@@ -33,6 +32,7 @@ public class ExamSubjectController extends BaseController {
 
     @ApiOperation("获取与考级项目相关的专业")
     @GetMapping(value = "/getUnRelatedWithExamSubjects")
+    @PreAuthorize("@pcs.hasPermissions('examSubject/getUnRelatedWithExamSubjects')")
     public HttpResponseResult<List<Subject>> getUnRelatedWithExamSubjects(Integer examId){
         return succeed(examSubjectService.getUnRelatedWithExamSubjects(Integer.valueOf(TenantContextHolder.getTenantId()), examId));
     }

edu-user/edu-user-server/src/main/java/com/keao/edu/user/controller/ExamSubjectSongController.java

@@ -13,6 +13,7 @@ import io.swagger.annotations.ApiImplicitParam;
 import io.swagger.annotations.ApiImplicitParams;
 import io.swagger.annotations.ApiOperation;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.List;
@@ -31,12 +32,14 @@ public class ExamSubjectSongController extends BaseController {
 
     @ApiOperation("分页查询")
     @GetMapping(value = "/list")
+    @PreAuthorize("@pcs.hasPermissions('examSubjectSong/list')")
     public HttpResponseResult<PageInfo<ExamSubjectSongDto>> getList(ExamSubjectSongQueryInfo queryInfo) {
         return succeed(examSubjectSongService.queryExamSubjectSongs(queryInfo));
     }
 
     @ApiOperation("添加考试内容")
     @PostMapping(value = "/addExamSubjects")
+    @PreAuthorize("@pcs.hasPermissions('examSubjectSong/addExamSubjects')")
     public HttpResponseResult addExamSubjects(@RequestBody List<ExamSubjectSong> examSubjectSongs) {
         examSubjectSongService.addExamSubjects(examSubjectSongs);
         return succeed();
@@ -44,6 +47,7 @@ public class ExamSubjectSongController extends BaseController {
 
     @ApiOperation("更新考试内容")
     @PostMapping(value = "/update")
+    @PreAuthorize("@pcs.hasPermissions('examSubjectSong/update')")
     public HttpResponseResult update(@RequestBody ExamSubjectSong examSubjectSong) {
         examSubjectSongService.update(examSubjectSong);
         return succeed();
@@ -51,6 +55,7 @@ public class ExamSubjectSongController extends BaseController {
 
     @ApiOperation(value = "删除考试内容")
     @PostMapping(value = "del")
+    @PreAuthorize("@pcs.hasPermissions('examSubjectSong/del')")
     public HttpResponseResult del(Long id) {
         examSubjectSongService.deleteExamSubjectSong(id);
         return succeed();
@@ -61,6 +66,7 @@ public class ExamSubjectSongController extends BaseController {
             @ApiImplicitParam(name = "examinationBasicId", value = "项目id", required = true, dataType = "Integer"),
             @ApiImplicitParam(name = "examSubjectId", value = "考试项目专业id", required = true, dataType = "Integer")})
     @GetMapping(value = "/getExamSubjectLevel")
+    @PreAuthorize("@pcs.hasPermissions('examSubjectSong/getExamSubjectLevel')")
     public HttpResponseResult<List<ExamSubjectSong>> getExamSubjectLevel(Integer examinationBasicId, Long examSubjectId) {
         return succeed(examSubjectSongService.getExamSubjectLevels(examinationBasicId, examSubjectId));
     }
@@ -71,6 +77,7 @@ public class ExamSubjectSongController extends BaseController {
             @ApiImplicitParam(name = "examSubjectId", value = "考试项目专业id", required = true, dataType = "Integer"),
             @ApiImplicitParam(name = "level", value = "级别", required = true, dataType = "Integer")})
     @GetMapping(value = "/getExamSubjectSong")
+    @PreAuthorize("@pcs.hasPermissions('examSubjectSong/getExamSubjectSong')")
     public HttpResponseResult<List<ExamSong>> getExamSubjectSong(Integer examinationBasicId, Long examSubjectId, Integer level) {
         return succeed(examSubjectSongService.getExamSubjectSong(examinationBasicId, examSubjectId, level));
     }

edu-user/edu-user-server/src/main/java/com/keao/edu/user/controller/ExamTeacherSalaryController.java

@@ -13,6 +13,7 @@ import com.keao.edu.user.service.ExamTeacherSalaryService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -36,12 +37,14 @@ public class ExamTeacherSalaryController extends BaseController {
 
     @ApiOperation("分页查询")
     @GetMapping(value = "/list")
+    @PreAuthorize("@pcs.hasPermissions('examTeacherSalary/list')")
     public HttpResponseResult<PageInfo<ExamTeacherSalaryDto>> getList(ExamTeacherSalaryQueryInfo queryInfo) {
         return succeed(examTeacherSalaryService.queryExamTeacherSalary(queryInfo));
     }
 
     @ApiOperation("新增")
     @PostMapping(value = "/add")
+    @PreAuthorize("@pcs.hasPermissions('examTeacherSalary/add')")
     public HttpResponseResult add(ExamTeacherSalary examTeacherSalary) {
         examTeacherSalary.setTotalInvigilationNum(0);
         examTeacherSalary.setTotalInvigilationStudentNum(0);
@@ -52,6 +55,7 @@ public class ExamTeacherSalaryController extends BaseController {
 
     @ApiOperation("新增考级教师")
     @PostMapping(value = "/addExamTeacherSalary")
+    @PreAuthorize("@pcs.hasPermissions('examTeacherSalary/addExamTeacherSalary')")
     public HttpResponseResult addExamTeacherSalary(Long examId, String teacherIdsStr) {
         examTeacherSalaryService.addExamTeacherSalary(examId, teacherIdsStr);
         return succeed();
@@ -59,12 +63,14 @@ public class ExamTeacherSalaryController extends BaseController {
 
     @ApiOperation("获取指定考级项目可排考教师")
     @GetMapping(value = "/getExamTeachers")
+    @PreAuthorize("@pcs.hasPermissions('examTeacherSalary/getExamTeachers')")
     public HttpResponseResult<List<BaseUserInfoDto>> getExamTeachers(Integer examId){
         return succeed(examTeacherSalaryService.getExamTeachers(examId));
     }
 
     @ApiOperation("更新")
     @PostMapping(value = "/update")
+    @PreAuthorize("@pcs.hasPermissions('examTeacherSalary/update')")
     public HttpResponseResult update(ExamTeacherSalary examTeacherSalary) {
         examTeacherSalary.setUpdateTime(new Date());
         examTeacherSalaryService.updateExamTeacherSalary(examTeacherSalary);
@@ -73,6 +79,7 @@ public class ExamTeacherSalaryController extends BaseController {
 
     @ApiOperation("删除")
     @PostMapping(value = "/del")
+    @PreAuthorize("@pcs.hasPermissions('examTeacherSalary/del')")
     public HttpResponseResult add(Long id) {
         examTeacherSalaryService.deleteExamTeacherSalary(id);
         return succeed();
@@ -80,12 +87,14 @@ public class ExamTeacherSalaryController extends BaseController {
 
     @ApiOperation("获取与考级项目无关的教师")
     @GetMapping(value = "/getUnRelatedWithExamTeachers")
+    @PreAuthorize("@pcs.hasPermissions('examTeacherSalary/getUnRelatedWithExamTeachers')")
     public HttpResponseResult<PageInfo<TeacherDto>> getUnRelatedWithExamTeachers(ExamTeacherSalaryQueryInfo queryInfo){
         return succeed(examTeacherSalaryService.getUnRelatedWithExamTeachers(queryInfo));
     }
 
     @ApiOperation("获取考级项目关联教师统计信息")
     @GetMapping(value = "/getExamTeacherSalaryStaticsInfo")
+    @PreAuthorize("@pcs.hasPermissions('examTeacherSalary/getExamTeacherSalaryStaticsInfo')")
     public HttpResponseResult<ExamTeacherSalaryStaticsInfo> getExamTeacherSalaryStaticsInfo(Integer examId){
         return succeed(examTeacherSalaryService.getExamTeacherSalaryStaticsInfo(examId));
     }

edu-user/edu-user-server/src/main/java/com/keao/edu/user/controller/ExaminationBasicController.java

@@ -15,6 +15,7 @@ import com.keao.edu.user.service.ExaminationBasicService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.Objects;
@@ -37,12 +38,14 @@ public class ExaminationBasicController extends BaseController {
 
     @ApiOperation("查询指定考级项目")
     @GetMapping(value = "/getExaminationBasic")
+    @PreAuthorize("@pcs.hasPermissions('examinationBasic/getExaminationBasic')")
     public HttpResponseResult<ExaminationBasicDto> getExaminationBasic(Integer examId) {
         return succeed(examinationBasicService.getExaminationBasic(examId));
     }
 
     @ApiOperation("分页查询")
     @GetMapping(value = "/list")
+    @PreAuthorize("@pcs.hasPermissions('examinationBasic/list')")
     public HttpResponseResult<PageInfo<ExaminationBasicDto>> getList(ExaminationQueryInfo queryInfo) {
         SysUser sysUser = sysUserFeignService.queryUserInfo();
         if(!sysUser.getIsSuperAdmin()){
@@ -57,6 +60,7 @@ public class ExaminationBasicController extends BaseController {
 
     @ApiOperation("创建考级项目")
     @PostMapping(value = "/addExaminationBasic")
+    @PreAuthorize("@pcs.hasPermissions('examinationBasic/addExaminationBasic')")
     public HttpResponseResult<ExaminationBasic> addExaminationBasic(@RequestBody ExaminationBasic examinationBasic){
         SysUser sysUser = sysUserFeignService.queryUserInfo();
         Employee employee = employeeService.get(sysUser.getId());
@@ -70,6 +74,7 @@ public class ExaminationBasicController extends BaseController {
 
     @ApiOperation("更新考级项目")
     @PostMapping(value = "/update")
+    @PreAuthorize("@pcs.hasPermissions('examinationBasic/update')")
     public HttpResponseResult update(@RequestBody ExaminationBasic examinationBasic){
         SysUser sysUser = sysUserFeignService.queryUserInfo();
         examinationBasicService.updateExam(examinationBasic,sysUser.getId());
@@ -78,6 +83,7 @@ public class ExaminationBasicController extends BaseController {
 
     @ApiOperation("更新考级项目状态")
     @PostMapping(value = "/updateExamBasicStatus")
+    @PreAuthorize("@pcs.hasPermissions('examinationBasic/updateExamBasicStatus')")
     public HttpResponseResult updateExamBasicStatus(Long examId, ExamStatusEnum statusEnum){
         SysUser sysUser = sysUserFeignService.queryUserInfo();
         examinationBasicService.updateExamBasicStatus(examId, statusEnum, sysUser.getId());
@@ -86,6 +92,7 @@ public class ExaminationBasicController extends BaseController {
 
     @ApiOperation("关闭考级项目")
     @PostMapping(value = "/closeExam")
+    @PreAuthorize("@pcs.hasPermissions('examinationBasic/closeExam')")
     public HttpResponseResult closeExam(Integer examId, String reason){
         SysUser sysUser = sysUserFeignService.queryUserInfo();
         Integer organId = null;
@@ -102,6 +109,7 @@ public class ExaminationBasicController extends BaseController {
 
     @ApiOperation("获取考级项目信息")
     @PostMapping(value = "/getInfo")
+    @PreAuthorize("@pcs.hasPermissions('examinationBasic/getInfo')")
     public HttpResponseResult<ExaminationBasic> getInfo(Integer examId){
         return succeed(examinationBasicService.getInfo(examId));
     }

edu-user/edu-user-server/src/main/java/com/keao/edu/user/controller/MusicTheoryController.java

@@ -11,6 +11,7 @@ import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiImplicitParam;
 import io.swagger.annotations.ApiOperation;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 /**
@@ -28,6 +29,7 @@ public class MusicTheoryController extends BaseController {
 
     @ApiOperation("分页查询")
     @GetMapping(value = "/list")
+    @PreAuthorize("@pcs.hasPermissions('musicTheory/list')")
     public HttpResponseResult<PageInfo<MusicTheory>> getList(QueryInfo queryInfo) {
         return succeed(musicTheoryService.queryPage(queryInfo));
     }
@@ -35,12 +37,14 @@ public class MusicTheoryController extends BaseController {
     @ApiOperation("查询乐理详情")
     @ApiImplicitParam(name = "id", value = "机构ID", required = true, dataType = "Integer", paramType = "path")
     @GetMapping(value = "/query")
+    @PreAuthorize("@pcs.hasPermissions('musicTheory/query')")
     public HttpResponseResult<MusicTheory> query(Integer id) {
         return succeed(musicTheoryService.get(id));
     }
 
     @ApiOperation("新增乐理")
     @PostMapping(value = "/add")
+    @PreAuthorize("@pcs.hasPermissions('musicTheory/add')")
     public HttpResponseResult add(MusicTheory musicTheory) {
         musicTheory.setTenantId(TenantContextHolder.getTenantId());
         musicTheoryService.addMusicTheory(musicTheory);
@@ -49,6 +53,7 @@ public class MusicTheoryController extends BaseController {
 
     @ApiOperation("更新乐理")
     @PostMapping(value = "/update")
+    @PreAuthorize("@pcs.hasPermissions('musicTheory/update')")
     public HttpResponseResult update(MusicTheory musicTheory) {
         musicTheoryService.update(musicTheory);
         return succeed();
@@ -56,6 +61,7 @@ public class MusicTheoryController extends BaseController {
 
     @ApiOperation("删除乐理")
     @PostMapping(value = "/del/{id}")
+    @PreAuthorize("@pcs.hasPermissions('musicTheory/del')")
     public HttpResponseResult add(@PathVariable("id") Integer id) {
         return succeed(musicTheoryService.delete(id));
     }

edu-user/edu-user-server/src/main/java/com/keao/edu/user/controller/StudentAttendanceController.java

@@ -10,6 +10,7 @@ import com.keao.edu.user.service.StudentAttendanceService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -25,12 +26,14 @@ public class StudentAttendanceController extends BaseController {
 	
 	@ApiOperation("分页查询")
 	@GetMapping(value = "/list")
+	@PreAuthorize("@pcs.hasPermissions('studentAttendance/list')")
 	public HttpResponseResult<PageInfo<StudentAttendance>> getList(QueryInfo queryInfo) {
 		return succeed(studentAttendanceService.queryPage(queryInfo));
 	}
 
 	@ApiOperation("更新学员考勤")
 	@PostMapping(value = "/api/upsetStudentAttendance")
+	@PreAuthorize("@pcs.hasPermissions('studentAttendance/api/upsetStudentAttendance')")
 	public HttpResponseResult upsetAttendance(Long examRegistrationId,Integer signFlag) {
 		studentAttendanceService.upsetAttendance(examRegistrationId,signFlag);
 		return succeed();

edu-user/edu-user-server/src/main/java/com/keao/edu/user/controller/StudentController.java

@@ -57,6 +57,7 @@ public class StudentController extends BaseController {
 
     @ApiOperation(value = "学员报名")
     @PostMapping(value = "apply")
+    @PreAuthorize("@pcs.hasPermissions('student/apply')")
     public HttpResponseResult apply(Integer organId, String phone) {
         Student student = new Student(organId, phone);
         studentService.addStudent(student);
@@ -65,6 +66,7 @@ public class StudentController extends BaseController {
 
     @ApiOperation(value = "获取学生信息")
     @GetMapping(value = "getStudent")
+    @PreAuthorize("@pcs.hasPermissions('student/getStudent')")
     public HttpResponseResult<Student> getStudent() {
         SysUser user = sysUserFeignService.queryUserInfo();
         return succeed(studentService.getStudent(user.getId()));
@@ -72,6 +74,7 @@ public class StudentController extends BaseController {
 
     @ApiOperation(value = "更新学员基本信息")
     @PostMapping(value = "updateInfo")
+    @PreAuthorize("@pcs.hasPermissions('student/updateInfo')")
     public HttpResponseResult<Student> updateInfo(Student student) {
         SysUser user = sysUserFeignService.queryUserInfo();
         student.setUserId(user.getId());

edu-user/edu-user-server/src/main/java/com/keao/edu/user/controller/StudentExamResultController.java

@@ -17,6 +17,7 @@ import com.keao.edu.user.service.StudentExamResultService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.Objects;
@@ -45,6 +46,7 @@ public class StudentExamResultController extends BaseController {
 
     @ApiOperation("查询考试结果")
     @GetMapping(value = "/queryStudentExamResult")
+    @PreAuthorize("@pcs.hasPermissions('studentExamResult/queryStudentExamResult')")
     public HttpResponseResult<PageInfo<StudentExamResult>> queryStudentExamResult(StudentExamResultQueryInfo queryInfo){
         SysUser sysUser = sysUserFeignService.queryUserInfo();
         if(!sysUser.getIsSuperAdmin()&&Objects.isNull(queryInfo.getOrganId())){
@@ -59,6 +61,7 @@ public class StudentExamResultController extends BaseController {
 
     @ApiOperation("修改考试结果")
     @PostMapping(value = "/update")
+    @PreAuthorize("@pcs.hasPermissions('studentExamResult/update')")
     public HttpResponseResult update(StudentExamResult examResult){
         studentExamResultService.updateStudentExamResult(examResult);
         return succeed();
@@ -66,18 +69,21 @@ public class StudentExamResultController extends BaseController {
 
     @ApiOperation("修改考试状态")
     @PostMapping(value = "/api/updateFinishedExam")
+    @PreAuthorize("@pcs.hasPermissions('studentExamResult/api/updateFinishedExam')")
     public void updateFinishedExam(Long examRegistrationId,Integer finishedExam){
         studentExamResultService.updateFinishedExam(examRegistrationId,finishedExam);
     }
 
     @ApiOperation("获取考试结果")
     @PostMapping(value = "/api/get")
+    @PreAuthorize("@pcs.hasPermissions('studentExamResult/api/get')")
     public StudentExamResultApiDto get(Long id){
         return studentExamResultService.getStudentExamResultApiDto(id);
     }
 
     @ApiOperation("考试结果统计信息")
     @GetMapping(value = "/getStudentExamResultStatisticsInfo")
+    @PreAuthorize("@pcs.hasPermissions('studentExamResult/getStudentExamResultStatisticsInfo')")
     public HttpResponseResult<StudentExamResultStatisticsDto> getStudentExamResultStatisticsInfo(Integer examId){
         SysUser sysUser = sysUserFeignService.queryUserInfo();
         Integer organId=null;
@@ -93,6 +99,7 @@ public class StudentExamResultController extends BaseController {
 
     @ApiOperation("确认考生")
     @PostMapping(value = "/confirmStudent")
+    @PreAuthorize("@pcs.hasPermissions('studentExamResult/confirmStudent')")
     public HttpResponseResult confirmStudent(Long examRegistrationId) {
         studentExamResultService.confirmStudent(examRegistrationId);
         return succeed();
@@ -105,6 +112,7 @@ public class StudentExamResultController extends BaseController {
      * @throws Exception
      */
     @RequestMapping(value = "/shieldUserId", method = RequestMethod.POST)
+    @PreAuthorize("@pcs.hasPermissions('studentExamResult/shieldUserId')")
     public Object shieldUserId(Long roomId,Integer shieldFlag)throws Exception {
         studentExamResultService.shieldUserId(roomId,shieldFlag);
         return succeed();

edu-user/edu-user-server/src/main/java/com/keao/edu/user/controller/SubjectController.java

@@ -4,7 +4,6 @@ package com.keao.edu.user.controller;
 import com.keao.edu.common.controller.BaseController;
 import com.keao.edu.common.entity.HttpResponseResult;
 import com.keao.edu.common.page.PageInfo;
-import com.keao.edu.common.tenant.TenantContextHolder;
 import com.keao.edu.user.entity.Subject;
 import com.keao.edu.user.page.SubjectQueryInfo;
 import com.keao.edu.user.service.SubjectService;
@@ -58,6 +57,7 @@ public class SubjectController extends BaseController {
 
     @ApiOperation(value = "学生端分页查询科目列表")
     @GetMapping("/studentQueryPage")
+    @PreAuthorize("@pcs.hasPermissions('studentExamResult/studentQueryPage')")
     public HttpResponseResult<PageInfo<Subject>> studentQueryPage(SubjectQueryInfo queryInfo){
         return succeed(subjectService.queryPage(queryInfo));
     }

edu-user/edu-user-server/src/main/java/com/keao/edu/user/controller/SysConfigController.java

@@ -89,6 +89,7 @@ public class SysConfigController extends BaseController {
 
 	@ApiOperation(value = "查询参数")
 	@PostMapping(value = "api/get")
+	@PreAuthorize("@pcs.hasPermissions('studentExamResult/api/get')")
 	public String apiGet(String paramName) {
 		String tenantId = TenantContextHolder.getTenantId();
 		return sysConfigService.findByParamName(paramName,tenantId).getParanValue();

edu-user/edu-user-server/src/main/java/com/keao/edu/user/controller/TeacherAttendanceController.java

@@ -10,6 +10,7 @@ import com.keao.edu.user.service.TeacherAttendanceService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;

edu-user/edu-user-server/src/main/java/com/keao/edu/user/controller/TenantInfoController.java

@@ -15,6 +15,7 @@ import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.Date;
@@ -31,12 +32,14 @@ public class TenantInfoController extends BaseController {
 	
 	@ApiOperation("机构服务分页查询")
 	@GetMapping(value = "/list")
+	@PreAuthorize("@pcs.hasPermissions('tenantInfo/list')")
 	public HttpResponseResult<PageInfo<TenantInfoDto>> getList(QueryInfo queryInfo) {
 		return succeed(tenantInfoService.queryTenants(queryInfo));
 	}
 
 	@ApiOperation("查询机构详情")
 	@GetMapping(value = "/query")
+	@PreAuthorize("@pcs.hasPermissions('tenantInfo/query')")
 	public HttpResponseResult<TenantInfo> query() {
 		String tenantId = TenantContextHolder.getTenantId();
 		if(StringUtils.isNotEmpty(tenantId)){
@@ -48,6 +51,7 @@ public class TenantInfoController extends BaseController {
 
 	@ApiOperation("新增机构")
 	@PostMapping(value = "/add")
+	@PreAuthorize("@pcs.hasPermissions('tenantInfo/add')")
 	public HttpResponseResult add(@RequestBody TenantInfoDto tenantInfo) {
 		tenantInfoService.addTenant(tenantInfo);
 		return succeed();
@@ -55,6 +59,7 @@ public class TenantInfoController extends BaseController {
 
 	@ApiOperation("更新机构")
 	@PostMapping(value = "/update")
+	@PreAuthorize("@pcs.hasPermissions('tenantInfo/update')")
 	public HttpResponseResult update(@RequestBody TenantInfoDto tenantInfo) {
 		SysUser sysUser = sysUserFeignService.queryUserInfo();
 		if(!sysUser.getIsSuperAdmin()){
@@ -71,6 +76,7 @@ public class TenantInfoController extends BaseController {
 
 	@ApiOperation("删除")
 	@PostMapping(value = "/del")
+	@PreAuthorize("@pcs.hasPermissions('tenantInfo/del')")
 	public HttpResponseResult add(Integer id) {
 		return succeed(tenantInfoService.delete(id));
 	}