优化

common/common-security/src/main/java/com/github/tangyi/common/security/annotations/AdminAuthorization.java

+package com.github.tangyi.common.security.annotations;
+
+import org.springframework.security.access.prepost.PreAuthorize;
+
+import java.lang.annotation.*;
+
+/**
+ * 超级管理员权限注解
+ *
+ * @author tangyi
+ * @date 2019/11/02 12:33
+ */
+@Target({ElementType.METHOD, ElementType.TYPE})
+@Retention(RetentionPolicy.RUNTIME)
+@Inherited
+@PreAuthorize("hasRole(T(com.github.tangyi.common.security.enums.Roles).ROLE_ADMIN)")
+public @interface AdminAuthorization {
+}

common/common-security/src/main/java/com/github/tangyi/common/security/annotations/AdminTenantTeacherAuthorization.java

+package com.github.tangyi.common.security.annotations;
+
+import org.springframework.security.access.prepost.PreAuthorize;
+
+import java.lang.annotation.*;
+
+/**
+ * 租户或超管权限
+ *
+ * @author tangyi
+ * @date 2019/11/02 12:40
+ */
+@Target({ElementType.METHOD, ElementType.TYPE})
+@Retention(RetentionPolicy.RUNTIME)
+@Inherited
+@PreAuthorize("hasRole(T(com.github.tangyi.common.security.enums.Roles).ROLE_ADMIN) or hasRole(T(com.github.tangyi.common.security.enums.Roles).ROLE_TENANT_ADMIN) or hasRole(T(com.github.tangyi.common.security.enums.Roles).ROLE_TEACHER)")
+public @interface AdminTenantTeacherAuthorization {
+}

common/common-security/src/main/java/com/github/tangyi/common/security/annotations/UserAuthorization.java

+package com.github.tangyi.common.security.annotations;
+
+import org.springframework.security.access.prepost.PreAuthorize;
+
+import java.lang.annotation.*;
+
+/**
+ * 普通用户权限
+ *
+ * @author tangyi
+ * @date 2019/11/02 12:44
+ */
+@Target({ElementType.METHOD, ElementType.TYPE})
+@Retention(RetentionPolicy.RUNTIME)
+@Inherited
+@PreAuthorize("hasRole(T(com.github.tangyi.common.security.enums.Roles).ROLE_USER)")
+public @interface UserAuthorization {
+}

common/common-security/src/main/java/com/github/tangyi/common/security/enums/Roles.java

+package com.github.tangyi.common.security.enums;
+
+import org.springframework.security.core.GrantedAuthority;
+
+/**
+ * 角色枚举
+ *
+ * @author tangyi
+ * @date 2019/11/02 12:30
+ */
+public enum Roles implements GrantedAuthority {
+    /**
+     * 普通用户
+     */
+    ROLE_USER,
+
+    /**
+     * 超级管理员
+     */
+    ROLE_ADMIN,
+
+    /**
+     * 租户管理员
+     */
+    ROLE_TENANT_ADMIN,
+
+    /**
+     * 老师
+     */
+    ROLE_TEACHER;
+
+    @Override
+    public String getAuthority() {
+        return name();
+    }
+}

modules/auth-service-parent/auth-service/src/main/java/com/github/tangyi/auth/config/CustomAuthorizationServerConfigurer.java

 package com.github.tangyi.auth.config;
 
-import com.github.tangyi.auth.filter.CustomTokenEndpointAuthenticationFilter;
 import com.github.tangyi.auth.security.CustomTokenConverter;
 import com.github.tangyi.common.security.core.ClientDetailsServiceImpl;
 import com.github.tangyi.common.security.exceptions.CustomOauthException;
-import com.github.tangyi.user.api.feign.UserServiceClient;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.cloud.bootstrap.encrypt.KeyProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
 import org.springframework.data.redis.connection.RedisConnectionFactory;
 import org.springframework.http.ResponseEntity;
-import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
 import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
@@ -19,7 +17,6 @@ import org.springframework.security.oauth2.config.annotation.web.configuration.A
 import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
 import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
 import org.springframework.security.oauth2.provider.ClientDetailsService;
-import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
 import org.springframework.security.oauth2.provider.token.TokenStore;
 import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
 import org.springframework.security.oauth2.provider.token.store.KeyStoreKeyFactory;
@@ -37,11 +34,6 @@ import javax.sql.DataSource;
 public class CustomAuthorizationServerConfigurer extends AuthorizationServerConfigurerAdapter {
 
     /**
-     * 认证管理器
-     */
-    private final AuthenticationManager authenticationManager;
-
-    /**
      * redis连接工厂
      */
     private final RedisConnectionFactory redisConnectionFactory;
@@ -56,21 +48,13 @@ public class CustomAuthorizationServerConfigurer extends AuthorizationServerConf
      */
     private final KeyProperties keyProperties;
 
-    private final UserServiceClient userServiceClient;
-
-	private OAuth2RequestFactory oAuth2RequestFactory;
-
     @Autowired
-    public CustomAuthorizationServerConfigurer(AuthenticationManager authenticationManager,
-			RedisConnectionFactory redisConnectionFactory,
-			DataSource dataSource,
-			KeyProperties keyProperties,
-			UserServiceClient userServiceClient) {
-        this.authenticationManager = authenticationManager;
+    public CustomAuthorizationServerConfigurer(RedisConnectionFactory redisConnectionFactory,
+                                               DataSource dataSource,
+                                               KeyProperties keyProperties) {
         this.redisConnectionFactory = redisConnectionFactory;
         this.dataSource = dataSource;
         this.keyProperties = keyProperties;
-        this.userServiceClient = userServiceClient;
     }
 
     /**
@@ -123,14 +107,11 @@ public class CustomAuthorizationServerConfigurer extends AuthorizationServerConf
      */
     @Override
     public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
-		oAuth2RequestFactory = endpoints.getOAuth2RequestFactory();
-		endpoints
+        endpoints
                 // 将token存储到redis
                 .tokenStore(tokenStore())
                 // token增强
                 .tokenEnhancer(jwtTokenEnhancer())
-                // 认证管理器
-                .authenticationManager(authenticationManager)
                 // 异常处理
                 .exceptionTranslator(e -> {
                     if (e instanceof OAuth2Exception) {
@@ -158,7 +139,8 @@ public class CustomAuthorizationServerConfigurer extends AuthorizationServerConf
                 // 开启/oauth/check_token验证端口认证权限访问
                 .checkTokenAccess("isAuthenticated()")
                 .allowFormAuthenticationForClients();
-				//.addTokenEndpointAuthenticationFilter(new CustomTokenEndpointAuthenticationFilter(authenticationManager, oAuth2RequestFactory, userServiceClient));
     }
+
+
 }
 

modules/auth-service-parent/auth-service/src/main/java/com/github/tangyi/auth/config/SecurityConfig.java

@@ -12,7 +12,9 @@ import org.springframework.security.config.annotation.method.configuration.Enabl
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerEndpointsConfiguration;
 
 /**
  * Spring Security配置
@@ -28,6 +30,9 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
     @Autowired
     private CustomUserDetailsService userDetailsService;
 
+    @Autowired
+    private AuthorizationServerEndpointsConfiguration endpoints;
+
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http
@@ -35,6 +40,12 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
                 .csrf().disable()
                 .authorizeRequests()
                 .anyRequest().authenticated();
+        if (!endpoints.getEndpointsConfigurer().isUserDetailsServiceOverride()) {
+            UserDetailsService userDetailsService = http.getSharedObject(UserDetailsService.class);
+            endpoints.getEndpointsConfigurer().userDetailsService(userDetailsService);
+        }
+        // 认证管理器
+        endpoints.getEndpointsConfigurer().authenticationManager(authenticationManager());
     }
 
     @Bean

modules/auth-service-parent/auth-service/src/main/java/com/github/tangyi/auth/controller/OauthClientDetailsController.java

@@ -9,7 +9,7 @@ import com.github.tangyi.common.core.utils.PageUtil;
 import com.github.tangyi.common.core.utils.SysUtil;
 import com.github.tangyi.common.core.web.BaseController;
 import com.github.tangyi.common.log.annotation.Log;
-import com.github.tangyi.common.security.constant.SecurityConstant;
+import com.github.tangyi.common.security.annotations.AdminAuthorization;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiImplicitParam;
 import io.swagger.annotations.ApiImplicitParams;
@@ -17,7 +17,6 @@ import io.swagger.annotations.ApiOperation;
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang.ArrayUtils;
-import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.web.bind.annotation.*;
 
@@ -113,7 +112,7 @@ public class OauthClientDetailsController extends BaseController {
      * @date 2019/03/30 16:57
      */
     @PostMapping
-    @PreAuthorize("hasAuthority('sys:client:add') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminAuthorization
     @ApiOperation(value = "创建客户端", notes = "创建客户端")
     @ApiImplicitParam(name = "oauthClientDetails", value = "客户端实体oauthClientDetails", required = true, dataType = "OauthClientDetails")
     @Log("新增客户端")
@@ -133,7 +132,7 @@ public class OauthClientDetailsController extends BaseController {
      * @date 2019/03/30 16:56
      */
     @PutMapping
-    @PreAuthorize("hasAuthority('sys:client:edit') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminAuthorization
     @ApiOperation(value = "更新客户端信息", notes = "根据客户端id更新客户端的基本信息")
     @ApiImplicitParam(name = "oauthClientDetails", value = "客户端实体oauthClientDetails", required = true, dataType = "OauthClientDetails")
     @Log("修改客户端")
@@ -155,7 +154,7 @@ public class OauthClientDetailsController extends BaseController {
      * @date 2019/03/30 16:59
      */
     @DeleteMapping("/{id}")
-    @PreAuthorize("hasAuthority('sys:client:del') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminAuthorization
     @ApiOperation(value = "删除客户端", notes = "根据ID删除客户端")
     @ApiImplicitParam(name = "id", value = "客户端ID", required = true, paramType = "path")
     @Log("删除客户端")
@@ -176,7 +175,7 @@ public class OauthClientDetailsController extends BaseController {
      * @date 2019/03/30 17:01
      */
     @PostMapping("deleteAll")
-    @PreAuthorize("hasAuthority('sys:client:del') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminAuthorization
     @ApiOperation(value = "批量删除客户端", notes = "根据客户端id批量删除客户端")
     @ApiImplicitParam(name = "oauthClientDetails", value = "客户端信息", dataType = "OauthClientDetails")
     @Log("批量删除客户端")

modules/auth-service-parent/auth-service/src/main/java/com/github/tangyi/auth/filter/CustomTokenEndpointAuthenticationFilter.java

@@ -8,7 +8,6 @@ import com.github.tangyi.common.core.utils.SysUtil;
 import com.github.tangyi.user.api.feign.UserServiceClient;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.HttpHeaders;
-import org.springframework.http.HttpMethod;
 import org.springframework.scheduling.annotation.Async;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.core.Authentication;

modules/exam-service-parent/exam-service/src/main/java/com/github/tangyi/exam/controller/CourseController.java

@@ -7,7 +7,7 @@ import com.github.tangyi.common.core.utils.PageUtil;
 import com.github.tangyi.common.core.utils.SysUtil;
 import com.github.tangyi.common.core.web.BaseController;
 import com.github.tangyi.common.log.annotation.Log;
-import com.github.tangyi.common.security.constant.SecurityConstant;
+import com.github.tangyi.common.security.annotations.AdminTenantTeacherAuthorization;
 import com.github.tangyi.exam.api.module.Course;
 import com.github.tangyi.exam.service.CourseService;
 import io.swagger.annotations.Api;
@@ -17,7 +17,6 @@ import io.swagger.annotations.ApiOperation;
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang.ArrayUtils;
-import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import javax.validation.Valid;
@@ -93,7 +92,7 @@ public class CourseController extends BaseController {
      * @date 2018/11/10 21:31
      */
     @PostMapping
-    @PreAuthorize("hasAuthority('exam:course:add') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminTenantTeacherAuthorization
     @ApiOperation(value = "创建课程", notes = "创建课程")
     @ApiImplicitParam(name = "course", value = "课程实体course", required = true, dataType = "Course")
     @Log("新增课程")
@@ -111,7 +110,7 @@ public class CourseController extends BaseController {
      * @date 2018/11/10 21:31
      */
     @PutMapping
-    @PreAuthorize("hasAuthority('exam:course:edit') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminTenantTeacherAuthorization
     @ApiOperation(value = "更新课程信息", notes = "根据课程id更新课程的基本信息")
     @ApiImplicitParam(name = "course", value = "课程实体course", required = true, dataType = "Course")
     @Log("更新课程")
@@ -129,7 +128,7 @@ public class CourseController extends BaseController {
      * @date 2018/11/10 21:32
      */
     @DeleteMapping("{id}")
-    @PreAuthorize("hasAuthority('exam:course:del') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminTenantTeacherAuthorization
     @ApiOperation(value = "删除课程", notes = "根据ID删除课程")
     @ApiImplicitParam(name = "id", value = "课程ID", required = true, paramType = "path")
     @Log("删除课程")
@@ -158,7 +157,7 @@ public class CourseController extends BaseController {
      * @date 2018/12/4 11:26
      */
     @PostMapping("deleteAll")
-    @PreAuthorize("hasAuthority('exam:course:del') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminTenantTeacherAuthorization
     @ApiOperation(value = "批量删除课程", notes = "根据课程id批量删除课程")
     @ApiImplicitParam(name = "ids", value = "课程ID", dataType = "Long")
     @Log("批量删除课程")

modules/exam-service-parent/exam-service/src/main/java/com/github/tangyi/exam/controller/ExaminationController.java

@@ -7,8 +7,7 @@ import com.github.tangyi.common.core.utils.PageUtil;
 import com.github.tangyi.common.core.utils.SysUtil;
 import com.github.tangyi.common.core.web.BaseController;
 import com.github.tangyi.common.log.annotation.Log;
-import com.github.tangyi.common.security.constant.SecurityConstant;
-import com.github.tangyi.exam.api.dto.AnswerCartDto;
+import com.github.tangyi.common.security.annotations.AdminTenantTeacherAuthorization;
 import com.github.tangyi.exam.api.dto.ExaminationDto;
 import com.github.tangyi.exam.api.dto.SubjectDto;
 import com.github.tangyi.exam.api.module.Course;
@@ -25,7 +24,6 @@ import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.lang.ArrayUtils;
 import org.springframework.beans.BeanUtils;
-import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import javax.validation.Valid;
@@ -152,7 +150,7 @@ public class ExaminationController extends BaseController {
      * @date 2018/11/10 21:14
      */
     @PostMapping
-    @PreAuthorize("hasAuthority('exam:exam:add') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminTenantTeacherAuthorization
     @ApiOperation(value = "创建考试", notes = "创建考试")
     @ApiImplicitParam(name = "examinationDto", value = "考试实体examinationDto", required = true, dataType = "ExaminationDto")
     @Log("新增考试")
@@ -173,7 +171,7 @@ public class ExaminationController extends BaseController {
      * @date 2018/11/10 21:15
      */
     @PutMapping
-    @PreAuthorize("hasAuthority('exam:exam:edit') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminTenantTeacherAuthorization
     @ApiOperation(value = "更新考试信息", notes = "根据考试id更新考试的基本信息")
     @ApiImplicitParam(name = "examinationDto", value = "考试实体answer", required = true, dataType = "ExaminationDto")
     @Log("更新考试")
@@ -195,7 +193,7 @@ public class ExaminationController extends BaseController {
      * @date 2018/11/10 21:20
      */
     @DeleteMapping("{id}")
-    @PreAuthorize("hasAuthority('exam:exam:del') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminTenantTeacherAuthorization
     @ApiOperation(value = "删除考试", notes = "根据ID删除考试")
     @ApiImplicitParam(name = "id", value = "考试ID", required = true, paramType = "path")
     @Log("删除考试")
@@ -224,7 +222,7 @@ public class ExaminationController extends BaseController {
      * @date 2018/12/03 22:03
      */
     @PostMapping("deleteAll")
-    @PreAuthorize("hasAuthority('exam:exam:del') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminTenantTeacherAuthorization
     @ApiOperation(value = "批量删除考试", notes = "根据考试id批量删除考试")
     @ApiImplicitParam(name = "ids", value = "考试ID", dataType = "Long")
     @Log("批量删除考试")

modules/exam-service-parent/exam-service/src/main/java/com/github/tangyi/exam/controller/SubjectCategoryController.java

@@ -7,7 +7,7 @@ import com.github.tangyi.common.core.utils.SysUtil;
 import com.github.tangyi.common.core.utils.TreeUtil;
 import com.github.tangyi.common.core.web.BaseController;
 import com.github.tangyi.common.log.annotation.Log;
-import com.github.tangyi.common.security.constant.SecurityConstant;
+import com.github.tangyi.common.security.annotations.AdminTenantTeacherAuthorization;
 import com.github.tangyi.exam.api.constants.ExamSubjectConstant;
 import com.github.tangyi.exam.api.dto.SubjectCategoryDto;
 import com.github.tangyi.exam.api.module.SubjectCategory;
@@ -17,7 +17,6 @@ import io.swagger.annotations.ApiImplicitParam;
 import io.swagger.annotations.ApiOperation;
 import lombok.AllArgsConstructor;
 import org.apache.commons.collections4.CollectionUtils;
-import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import javax.validation.Valid;
@@ -89,7 +88,7 @@ public class SubjectCategoryController extends BaseController {
      * @date 2018/12/04 22:00
      */
     @PostMapping
-    @PreAuthorize("hasAuthority('exam:subject:category:add') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminTenantTeacherAuthorization
     @ApiOperation(value = "创建分类", notes = "创建分类")
     @ApiImplicitParam(name = "subjectCategory", value = "分类实体subjectCategory", required = true, dataType = "SubjectCategory")
     @Log("新增题目分类")
@@ -108,7 +107,7 @@ public class SubjectCategoryController extends BaseController {
      * @date 2018/12/04 22:01
      */
     @PutMapping
-    @PreAuthorize("hasAuthority('exam:subject:category:edit') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminTenantTeacherAuthorization
     @ApiOperation(value = "更新分类信息", notes = "根据分类id更新分类的基本信息")
     @ApiImplicitParam(name = "subjectCategory", value = "分类实体subjectCategory", required = true, dataType = "SubjectCategory")
     @Log("更新题目分类")
@@ -126,7 +125,7 @@ public class SubjectCategoryController extends BaseController {
      * @date 2018/12/04 22:02
      */
     @DeleteMapping("/{id}")
-    @PreAuthorize("hasAuthority('exam:subject:category:del') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminTenantTeacherAuthorization
     @ApiOperation(value = "删除分类", notes = "根据ID删除分类")
     @ApiImplicitParam(name = "id", value = "分类ID", required = true, paramType = "path")
     @Log("删除题目分类")

modules/exam-service-parent/exam-service/src/main/java/com/github/tangyi/exam/controller/SubjectController.java

@@ -7,7 +7,7 @@ import com.github.tangyi.common.core.model.ResponseBean;
 import com.github.tangyi.common.core.utils.*;
 import com.github.tangyi.common.core.web.BaseController;
 import com.github.tangyi.common.log.annotation.Log;
-import com.github.tangyi.common.security.constant.SecurityConstant;
+import com.github.tangyi.common.security.annotations.AdminTenantTeacherAuthorization;
 import com.github.tangyi.exam.api.dto.SubjectDto;
 import com.github.tangyi.exam.service.AnswerService;
 import com.github.tangyi.exam.service.SubjectService;
@@ -17,7 +17,6 @@ import io.swagger.annotations.*;
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.collections4.CollectionUtils;
-import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
 
@@ -101,7 +100,7 @@ public class SubjectController extends BaseController {
      * @date 2018/11/10 21:43
      */
     @PostMapping
-    @PreAuthorize("hasAuthority('exam:exam:subject:add') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminTenantTeacherAuthorization
     @ApiOperation(value = "创建题目", notes = "创建题目")
     @ApiImplicitParam(name = "subject", value = "题目信息", required = true, dataType = "SubjectDto")
     @Log("新增题目")
@@ -119,7 +118,7 @@ public class SubjectController extends BaseController {
      * @date 2018/11/10 21:43
      */
     @PutMapping
-    @PreAuthorize("hasAuthority('exam:exam:subject:edit') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminTenantTeacherAuthorization
     @ApiOperation(value = "更新题目信息", notes = "根据题目id更新题目的基本信息")
     @ApiImplicitParam(name = "subject", value = "角色实体subject", required = true, dataType = "Subject")
     @Log("更新题目")
@@ -137,7 +136,7 @@ public class SubjectController extends BaseController {
      * @date 2018/11/10 21:43
      */
     @DeleteMapping("{id}")
-    @PreAuthorize("hasAuthority('exam:exam:subject:del') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminTenantTeacherAuthorization
     @ApiOperation(value = "删除题目", notes = "根据ID删除题目")
     @ApiImplicitParams({
             @ApiImplicitParam(name = "id", value = "题目ID", required = true, dataType = "Long", paramType = "path"),
@@ -161,7 +160,7 @@ public class SubjectController extends BaseController {
      * @date 2018/11/28 12:53
      */
     @PostMapping("export")
-    @PreAuthorize("hasAuthority('exam:exam:subject:export') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminTenantTeacherAuthorization
     @ApiOperation(value = "导出题目", notes = "根据分类id导出题目")
     @ApiImplicitParams({
             @ApiImplicitParam(name = "ids", value = "题目ID", required = true, dataType = "Long"),
@@ -200,7 +199,7 @@ public class SubjectController extends BaseController {
      * @date 2018/11/28 12:59
      */
     @RequestMapping("import")
-    @PreAuthorize("hasAuthority('exam:exam:subject:import') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminTenantTeacherAuthorization
     @ApiOperation(value = "导入题目", notes = "导入题目")
     @ApiImplicitParams({
             @ApiImplicitParam(name = "examinationId", value = "考试ID", dataType = "Long"),
@@ -232,7 +231,7 @@ public class SubjectController extends BaseController {
      * @date 2018/12/04 9:55
      */
     @PostMapping("deleteAll")
-    @PreAuthorize("hasAuthority('exam:exam:subject:del') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminTenantTeacherAuthorization
     @ApiOperation(value = "批量删除题目", notes = "根据题目id批量删除题目")
     @ApiImplicitParam(name = "ids", value = "题目ID", dataType = "Long")
     @Log("批量删除题目")

modules/exam-service-parent/exam-service/src/main/java/com/github/tangyi/exam/service/ExamRecordService.java

 package com.github.tangyi.exam.service;
 
 import com.github.tangyi.common.core.constant.CommonConstant;
+import com.github.tangyi.common.core.model.ResponseBean;
 import com.github.tangyi.common.core.service.CrudService;
+import com.github.tangyi.common.core.utils.ResponseUtil;
+import com.github.tangyi.common.core.vo.DeptVo;
+import com.github.tangyi.common.core.vo.UserVo;
+import com.github.tangyi.exam.api.dto.ExaminationRecordDto;
 import com.github.tangyi.exam.api.module.ExaminationRecord;
 import com.github.tangyi.exam.mapper.ExamRecordMapper;
+import com.github.tangyi.user.api.feign.UserServiceClient;
 import lombok.AllArgsConstructor;
+import org.apache.commons.collections4.CollectionUtils;
 import org.springframework.cache.annotation.CacheEvict;
 import org.springframework.cache.annotation.Cacheable;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
+import java.util.List;
+
 /**
  * 考试记录service
  *
@@ -20,6 +29,8 @@ import org.springframework.transaction.annotation.Transactional;
 @Service
 public class ExamRecordService extends CrudService<ExamRecordMapper, ExaminationRecord> {
 
+	private final UserServiceClient userServiceClient;
+
     /**
      * 查询考试记录
      *
@@ -90,4 +101,40 @@ public class ExamRecordService extends CrudService<ExamRecordMapper, Examination
     public int deleteAll(Long[] ids) {
         return super.deleteAll(ids);
     }
+
+	/**
+	 * 获取用户、部门相关信息
+	 * @param examRecordDtoList examRecordDtoList
+	 * @param userIds userIds
+	 */
+    public void fillExamUserInfo(List<ExaminationRecordDto> examRecordDtoList, Long[] userIds) {
+		// 查询用户信息
+		ResponseBean<List<UserVo>> returnT = userServiceClient.findUserById(userIds);
+		if (ResponseUtil.isSuccess(returnT)) {
+			// 查询部门信息
+			ResponseBean<List<DeptVo>> deptResponseBean = userServiceClient.findDeptById(returnT.getData().stream().map(UserVo::getDeptId).distinct().toArray(Long[]::new));
+			if (ResponseUtil.isSuccess(deptResponseBean)) {
+				examRecordDtoList.forEach(tempExamRecordDto -> {
+					// 查询、设置用户信息
+					UserVo examRecordDtoUserVo = returnT.getData().stream()
+							.filter(tempUserVo -> tempExamRecordDto.getUserId().equals(tempUserVo.getId()))
+							.findFirst().orElse(null);
+					if (examRecordDtoUserVo != null) {
+						// 设置用户名
+						tempExamRecordDto.setUserName(examRecordDtoUserVo.getName());
+						// 查询、设置部门信息
+						if (CollectionUtils.isNotEmpty(deptResponseBean.getData())) {
+							DeptVo examRecordDtoDeptVo = deptResponseBean.getData().stream()
+									// 根据部门ID过滤
+									.filter(tempDept -> tempDept.getId().equals(examRecordDtoUserVo.getDeptId()))
+									.findFirst().orElse(null);
+							// 设置部门名称
+							if (examRecordDtoDeptVo != null)
+								tempExamRecordDto.setDeptName(examRecordDtoDeptVo.getDeptName());
+						}
+					}
+				});
+			}
+		}
+	}
 }

modules/exam-service-parent/exam-service/src/main/java/com/github/tangyi/exam/service/ExaminationService.java

@@ -5,7 +5,6 @@ import com.github.tangyi.common.core.constant.CommonConstant;
 import com.github.tangyi.common.core.service.CrudService;
 import com.github.tangyi.common.core.utils.PageUtil;
 import com.github.tangyi.common.core.utils.SysUtil;
-import com.github.tangyi.exam.api.dto.AnswerCartDto;
 import com.github.tangyi.exam.api.dto.SubjectDto;
 import com.github.tangyi.exam.api.module.Examination;
 import com.github.tangyi.exam.api.module.ExaminationSubject;

modules/exam-service-parent/exam-service/src/main/java/com/github/tangyi/exam/service/SubjectService.java

@@ -23,7 +23,6 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.stream.Collectors;
-import java.util.stream.Stream;
 
 /**
  * 题目service

modules/user-service-parent/user-service-api/src/main/java/com/github/tangyi/user/api/constant/MenuConstant.java

@@ -45,5 +45,28 @@ public class MenuConstant {
      * 修改
      */
     public static final String PERMISSION_SUFFIX_MODIFY = ":edit";
+
+    public static final String MENU_SYS = "sys";
+
+	/**
+	 * 终端管理
+	 */
+	public static final String MENU_CLIENT = "sys:client";
+
+	/**
+	 * 路由管理
+	 */
+	public static final String MENU_ROUTE = "sys:route";
+
+	/**
+	 * 租户中心
+	 */
+	public static final String MENU_TENANT = "tenant";
+
+	/**
+	 * 系统监控
+	 */
+	public static final String MENU_MONITOR = "monitor";
+
 }
 

modules/user-service-parent/user-service/src/main/java/com/github/tangyi/user/controller/DeptController.java

@@ -8,7 +8,7 @@ import com.github.tangyi.common.core.utils.TreeUtil;
 import com.github.tangyi.common.core.vo.DeptVo;
 import com.github.tangyi.common.core.web.BaseController;
 import com.github.tangyi.common.log.annotation.Log;
-import com.github.tangyi.common.security.constant.SecurityConstant;
+import com.github.tangyi.common.security.annotations.AdminTenantTeacherAuthorization;
 import com.github.tangyi.user.api.dto.DeptDto;
 import com.github.tangyi.user.api.module.Dept;
 import com.github.tangyi.user.service.DeptService;
@@ -17,7 +17,6 @@ import io.swagger.annotations.ApiImplicitParam;
 import io.swagger.annotations.ApiOperation;
 import lombok.AllArgsConstructor;
 import org.springframework.beans.BeanUtils;
-import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import javax.validation.Valid;
@@ -91,7 +90,7 @@ public class DeptController extends BaseController {
      * @date 2018/8/28 10:15
      */
     @PostMapping
-    @PreAuthorize("hasAuthority('sys:dept:add') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminTenantTeacherAuthorization
     @ApiOperation(value = "创建部门", notes = "创建部门")
     @ApiImplicitParam(name = "dept", value = "部门实体", required = true, dataType = "Dept")
     @Log("新增部门")
@@ -109,7 +108,7 @@ public class DeptController extends BaseController {
      * @date 2018/8/28 10:16
      */
     @DeleteMapping("/{id}")
-    @PreAuthorize("hasAuthority('sys:dept:del') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminTenantTeacherAuthorization
     @ApiOperation(value = "删除部门", notes = "根据ID删除部门")
     @ApiImplicitParam(name = "id", value = "部门ID", required = true, paramType = "path")
     @Log("删除部门")
@@ -129,7 +128,7 @@ public class DeptController extends BaseController {
      * @date 2018/8/28 10:22
      */
     @PutMapping
-    @PreAuthorize("hasAuthority('sys:dept:edit') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminTenantTeacherAuthorization
     @ApiOperation(value = "更新部门信息", notes = "根据部门id更新部门的基本信息")
     @ApiImplicitParam(name = "dept", value = "部门实体", required = true, dataType = "Dept")
     @Log("更新部门")

modules/user-service-parent/user-service/src/main/java/com/github/tangyi/user/controller/LogController.java

@@ -7,7 +7,7 @@ import com.github.tangyi.common.core.model.ResponseBean;
 import com.github.tangyi.common.core.utils.PageUtil;
 import com.github.tangyi.common.core.utils.SysUtil;
 import com.github.tangyi.common.core.web.BaseController;
-import com.github.tangyi.common.security.constant.SecurityConstant;
+import com.github.tangyi.common.security.annotations.AdminAuthorization;
 import com.github.tangyi.user.service.LogService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiImplicitParam;
@@ -16,7 +16,6 @@ import io.swagger.annotations.ApiOperation;
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang.ArrayUtils;
-import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import javax.validation.Valid;
@@ -115,7 +114,7 @@ public class LogController extends BaseController {
      * @date 2018/10/31 21:27
      */
     @DeleteMapping("/{id}")
-    @PreAuthorize("hasAuthority('monitor:log:del') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminAuthorization
     @ApiOperation(value = "删除日志", notes = "根据ID删除日志")
     @ApiImplicitParam(name = "id", value = "日志ID", required = true, paramType = "path")
     public ResponseBean<Boolean> delete(@PathVariable Long id) {
@@ -133,7 +132,7 @@ public class LogController extends BaseController {
      * @date 2018/12/4 10:12
      */
     @PostMapping("deleteAll")
-    @PreAuthorize("hasAuthority('monitor:log:del') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminAuthorization
     @ApiOperation(value = "批量删除日志", notes = "根据日志ids批量删除日志")
     @ApiImplicitParam(name = "ids", value = "日志ID", dataType = "Long")
     public ResponseBean<Boolean> deleteAllLog(@RequestBody Long[] ids) {

modules/user-service-parent/user-service/src/main/java/com/github/tangyi/user/controller/MenuController.java

@@ -7,7 +7,7 @@ import com.github.tangyi.common.core.model.ResponseBean;
 import com.github.tangyi.common.core.utils.*;
 import com.github.tangyi.common.core.web.BaseController;
 import com.github.tangyi.common.log.annotation.Log;
-import com.github.tangyi.common.security.constant.SecurityConstant;
+import com.github.tangyi.common.security.annotations.AdminTenantTeacherAuthorization;
 import com.github.tangyi.user.api.dto.MenuDto;
 import com.github.tangyi.user.api.module.Menu;
 import com.github.tangyi.user.service.MenuService;
@@ -17,7 +17,6 @@ import io.swagger.annotations.*;
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.ArrayUtils;
-import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
 
@@ -90,7 +89,7 @@ public class MenuController extends BaseController {
      * @date 2018/8/27 16:12
      */
     @PostMapping
-    @PreAuthorize("hasAuthority('sys:menu:add') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminTenantTeacherAuthorization
     @ApiOperation(value = "创建菜单", notes = "创建菜单")
     @ApiImplicitParam(name = "menu", value = "角色实体menu", required = true, dataType = "Menu")
     @Log("新增菜单")
@@ -108,7 +107,7 @@ public class MenuController extends BaseController {
      * @date 2018/10/24 16:34
      */
     @PutMapping
-    @PreAuthorize("hasAuthority('sys:menu:edit') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminTenantTeacherAuthorization
     @ApiOperation(value = "更新菜单信息", notes = "根据菜单id更新菜单的基本信息")
     @ApiImplicitParam(name = "menu", value = "角色实体menu", required = true, dataType = "Menu")
     @Log("更新菜单")
@@ -126,7 +125,7 @@ public class MenuController extends BaseController {
      * @date 2018/8/27 16:19
      */
     @DeleteMapping("/{id}")
-    @PreAuthorize("hasAuthority('sys:menu:del') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminTenantTeacherAuthorization
     @ApiOperation(value = "删除菜单", notes = "根据ID删除菜单")
     @ApiImplicitParam(name = "id", value = "菜单ID", required = true, paramType = "path")
     @Log("删除菜单")
@@ -243,7 +242,7 @@ public class MenuController extends BaseController {
      * @date 2018/11/28 12:46
      */
     @PostMapping("export")
-    @PreAuthorize("hasAuthority('sys:menu:export') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminTenantTeacherAuthorization
     @ApiOperation(value = "导出菜单", notes = "根据菜单id导出菜单")
     @ApiImplicitParam(name = "ids", value = "菜单ID", required = true, dataType = "Long")
     @Log("导出菜单")
@@ -280,7 +279,7 @@ public class MenuController extends BaseController {
      * @date 2018/11/28 12:51
      */
     @PostMapping("import")
-    @PreAuthorize("hasAuthority('sys:menu:import') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminTenantTeacherAuthorization
     @ApiOperation(value = "导入菜单", notes = "导入菜单")
     @Log("导入菜单")
     public ResponseBean<Boolean> importMenu(@ApiParam(value = "要上传的文件", required = true) MultipartFile file) {

modules/user-service-parent/user-service/src/main/java/com/github/tangyi/user/controller/RoleController.java

@@ -7,7 +7,7 @@ import com.github.tangyi.common.core.utils.PageUtil;
 import com.github.tangyi.common.core.utils.SysUtil;
 import com.github.tangyi.common.core.web.BaseController;
 import com.github.tangyi.common.log.annotation.Log;
-import com.github.tangyi.common.security.constant.SecurityConstant;
+import com.github.tangyi.common.security.annotations.AdminTenantTeacherAuthorization;
 import com.github.tangyi.user.api.module.Role;
 import com.github.tangyi.user.service.RoleMenuService;
 import com.github.tangyi.user.service.RoleService;
@@ -19,7 +19,6 @@ import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang.ArrayUtils;
 import org.apache.commons.lang.StringUtils;
-import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import javax.validation.Valid;
@@ -120,7 +119,7 @@ public class RoleController extends BaseController {
      * @date 2018/9/14 18:22
      */
     @PutMapping
-    @PreAuthorize("hasAuthority('sys:role:edit') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminTenantTeacherAuthorization
     @ApiOperation(value = "更新角色信息", notes = "根据角色id更新角色的基本信息")
     @ApiImplicitParam(name = "role", value = "角色实体role", required = true, dataType = "RoleVo")
     @Log("修改角色")
@@ -162,7 +161,7 @@ public class RoleController extends BaseController {
      * @date 2018/9/14 18:23
      */
     @PostMapping
-    @PreAuthorize("hasAuthority('sys:role:add') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminTenantTeacherAuthorization
     @ApiOperation(value = "创建角色", notes = "创建角色")
     @ApiImplicitParam(name = "role", value = "角色实体role", required = true, dataType = "RoleVo")
     @Log("新增角色")
@@ -180,7 +179,7 @@ public class RoleController extends BaseController {
      * @date 2018/9/14 18:24
      */
     @DeleteMapping("/{id}")
-    @PreAuthorize("hasAuthority('sys:role:del') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminTenantTeacherAuthorization
     @ApiOperation(value = "删除角色", notes = "根据ID删除角色")
     @ApiImplicitParam(name = "id", value = "角色ID", required = true, paramType = "path")
     @Log("删除角色")
@@ -201,7 +200,7 @@ public class RoleController extends BaseController {
      * @date 2018/12/4 10:00
      */
     @PostMapping("deleteAll")
-    @PreAuthorize("hasAuthority('sys:role:del') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminTenantTeacherAuthorization
     @ApiOperation(value = "批量删除角色", notes = "根据角色id批量删除角色")
     @ApiImplicitParam(name = "ids", value = "角色ID", dataType = "Long")
     @Log("批量删除角色")

modules/user-service-parent/user-service/src/main/java/com/github/tangyi/user/controller/UserController.java

@@ -8,6 +8,7 @@ import com.github.tangyi.common.core.utils.*;
 import com.github.tangyi.common.core.vo.UserVo;
 import com.github.tangyi.common.core.web.BaseController;
 import com.github.tangyi.common.log.annotation.Log;
+import com.github.tangyi.common.security.annotations.AdminTenantTeacherAuthorization;
 import com.github.tangyi.common.security.constant.SecurityConstant;
 import com.github.tangyi.user.api.dto.UserDto;
 import com.github.tangyi.user.api.dto.UserInfoDto;
@@ -26,7 +27,6 @@ import org.apache.commons.lang.ArrayUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.BeanUtils;
 import org.springframework.http.HttpHeaders;
-import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
@@ -175,7 +175,7 @@ public class UserController extends BaseController {
      * @date 2018/8/26 14:34
      */
     @PostMapping
-    @PreAuthorize("hasAuthority('sys:user:add') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminTenantTeacherAuthorization
     @ApiOperation(value = "创建用户", notes = "创建用户")
     @ApiImplicitParam(name = "userDto", value = "用户实体user", required = true, dataType = "UserDto")
     @Log("新增用户")
@@ -193,7 +193,7 @@ public class UserController extends BaseController {
      * @date 2018/8/26 15:06
      */
     @PutMapping("/{id:[a-zA-Z0-9,]+}")
-    @PreAuthorize("hasAuthority('sys:user:edit') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminTenantTeacherAuthorization
     @ApiOperation(value = "更新用户信息", notes = "根据用户id更新用户的基本信息、角色信息")
     @ApiImplicitParam(name = "userDto", value = "用户实体user", required = true, dataType = "UserDto")
     @Log("修改用户")
@@ -266,7 +266,7 @@ public class UserController extends BaseController {
      * @date 2018/8/26 15:28
      */
     @DeleteMapping("/{id}")
-    @PreAuthorize("hasAuthority('sys:user:del') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminTenantTeacherAuthorization
     @ApiOperation(value = "删除用户", notes = "根据ID删除用户")
     @ApiImplicitParam(name = "id", value = "用户ID", required = true, paramType = "path")
     @Log("删除用户")
@@ -291,7 +291,7 @@ public class UserController extends BaseController {
      * @date 2018/11/26 22:11
      */
     @PostMapping("export")
-    @PreAuthorize("hasAuthority('sys:user:export') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminTenantTeacherAuthorization
     @ApiOperation(value = "导出用户", notes = "根据用户id导出用户")
     @ApiImplicitParam(name = "userVo", value = "用户信息", required = true, dataType = "UserVo")
     @Log("导出用户")
@@ -339,7 +339,7 @@ public class UserController extends BaseController {
      * @date 2018/11/28 12:44
      */
     @PostMapping("import")
-    @PreAuthorize("hasAuthority('sys:user:import') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminTenantTeacherAuthorization
     @ApiOperation(value = "导入数据", notes = "导入数据")
     @Log("导入用户")
     public ResponseBean<Boolean> importUser(@ApiParam(value = "要上传的文件", required = true) MultipartFile file, HttpServletRequest request) {
@@ -365,7 +365,7 @@ public class UserController extends BaseController {
      * @date 2018/12/4 9:58
      */
     @PostMapping("deleteAll")
-    @PreAuthorize("hasAuthority('sys:user:del') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminTenantTeacherAuthorization
     @ApiOperation(value = "批量删除用户", notes = "根据用户id批量删除用户")
     @ApiImplicitParam(name = "ids", value = "用户信息", dataType = "Long")
     @Log("批量删除用户")
@@ -460,7 +460,7 @@ public class UserController extends BaseController {
      * @date 2019/6/7 12:00
      */
     @PutMapping("/resetPassword")
-    @PreAuthorize("hasAuthority('sys:user:edit') or hasAnyRole('" + SecurityConstant.ROLE_ADMIN + "')")
+    @AdminTenantTeacherAuthorization
     @ApiOperation(value = "重置密码", notes = "根据用户id重置密码")
     @ApiImplicitParam(name = "userDto", value = "用户实体user", required = true, dataType = "UserDto")
     @Log("重置密码")