Merge remote-tracking branch 'origin/master'

# Conflicts:
#	hzgzpt-common/src/main/java/com/miaxis/common/utils/RedisPrefixUtils.java
#	hzgzpt-framework/src/main/java/com/miaxis/framework/web/service/SysLoginService.java
#	hzgzpt-service-app/src/main/java/com/miaxis/app/sms/impl/SmsServiceImpl.java

hzgzpt-admin/src/main/java/com/miaxis/app/controller/school/SchoolRegionController.java

@@ -13,6 +13,7 @@ import com.miaxis.common.enums.BusinessTypeEnum;
 import com.miaxis.common.utils.poi.ExcelUtil;
 import io.swagger.annotations.*;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.List;
@@ -33,7 +34,7 @@ public class SchoolRegionController extends BaseController{
     /**
      * 查询驾校训练场列表
      */
-    //@PreAuthorize("@ss.hasPermi('school:region:list')")
+    @PreAuthorize("@ss.hasPermi('school:region:list')")
     @GetMapping("/list")
     @ApiOperation("查询驾校训练场列表")
     @ApiImplicitParams({

hzgzpt-admin/src/main/java/com/miaxis/app/controller/user/UserInfoController.java

@@ -31,7 +31,7 @@ import java.util.Map;
  * @date 2020-12-23
  */
 @RestController
-@RequestMapping(Constants.OPEN_PREFIX+"/user/info")
+@RequestMapping(Constants.STUDENT_PREFIX+"/user/info")
 @Api(tags={"【app-普通用户信息】"})
 public class UserInfoController extends BaseController{
 

hzgzpt-admin/src/main/java/com/miaxis/system/controller/system/SysLoginController.java

@@ -120,8 +120,7 @@ public class SysLoginController
         SmsParameter smsParameter = new SmsParameter();
         smsParameter.setPhone(mobile);
         smsParameter.setType("login");
-        smsService.sendVerificationCode(smsParameter);
-        return Response.success();
+        return smsService.sendVerificationCode(smsParameter);
     }
     /**
      * 学员用户名密码登录方法

hzgzpt-admin/src/main/resources/application-dev.yml

@@ -8,14 +8,14 @@ spring:
             master:
                 url: jdbc:mysql://192.168.8.213:3306/hzgzpt?useUnicode=true&characterEncoding=utf8&zeroDateTimeBehavior=convertToNull&useSSL=true&serverTimezone=GMT%2B8&autoReconnect=true
                 username: root
-                password: 123456
+                password: miaxis110
             # 从库数据源
             slave:
                 # 从数据源开关/默认关闭
                 enabled: false
-                url: 
-                username: 
-                password: 
+                url:
+                username:
+                password:
             # 初始连接数
             initialSize: 5
             # 最小连接池数量
@@ -35,7 +35,7 @@ spring:
             testWhileIdle: true
             testOnBorrow: false
             testOnReturn: false
-            webStatFilter: 
+            webStatFilter:
                 enabled: true
             statViewServlet:
                 enabled: true
@@ -43,8 +43,8 @@ spring:
                 allow:
                 url-pattern: /druid/*
                 # 控制台管理用户名和密码
-                login-username: 
-                login-password: 
+                login-username:
+                login-password:
             filter:
                 stat:
                     enabled: true
@@ -74,4 +74,4 @@ spring:
                 # 连接池的最大数据库连接数
                 max-active: 8
                 # #连接池最大阻塞等待时间（使用负值表示没有限制）
-                max-wait: -1ms
+                max-wait: -1ms

hzgzpt-common/src/main/java/com/miaxis/common/constant/Constants.java

@@ -141,4 +141,9 @@ public class Constants
      * 开放api路径 前缀
      */
     public static final String OPEN_PREFIX = "/open";
+
+    /**
+     * 学员权限路径
+     */
+    public static final String STUDENT_PREFIX = "/student";
 }

hzgzpt-common/src/main/java/com/miaxis/common/core/domain/model/LoginUser.java

@@ -8,9 +8,12 @@ import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
 import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
 
+import java.util.ArrayList;
 import java.util.Collection;
+import java.util.List;
 import java.util.Set;
 
 /**
@@ -259,6 +262,14 @@ public class LoginUser implements UserDetails
     @Override
     public Collection<? extends GrantedAuthority> getAuthorities()
     {
-        return null;
+        if (getStudent() != null){
+            List<SimpleGrantedAuthority> roleList = new ArrayList<SimpleGrantedAuthority>();
+            roleList.add(new SimpleGrantedAuthority("ROLE_STUDENT"));
+            return roleList;
+        }else {
+            return null;
+        }
+
+
     }
 }

hzgzpt-framework/src/main/java/com/miaxis/framework/config/SecurityConfig.java

@@ -106,6 +106,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
                 .antMatchers("/open/**").permitAll()
                 // 对于登录login 验证码captchaImage 允许匿名访问
                 .antMatchers("/login", "/login/noCode","/captchaImage","/login/studentpassword","/login/studentMobileCode","/login/studentMobile").anonymous()
+                .antMatchers("/student/**").hasRole("STUDENT")
                 .antMatchers(
                         HttpMethod.GET,
                         "/*.html",
@@ -152,9 +153,10 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
         DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
         MobileCodeAuthenticationProvider mobileCodeAuthenticationProvider = new MobileCodeAuthenticationProvider();
 //        daoAuthenticationProvider.setUserDetailsService(userDetailsService);
-//        mobileCodeAuthenticationProvider.setUserDetailsService(userDetailsService);
+        mobileCodeAuthenticationProvider.setUserDetailsService(userDetailsService);
         //ProviderManager providerManager = new ProviderManager(Arrays.asList(mobileCodeAuthenticationProvider,daoAuthenticationProvider));
         auth.authenticationProvider(mobileCodeAuthenticationProvider);
         auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder());
+
     }
 }

hzgzpt-framework/src/main/java/com/miaxis/framework/security/token/MoblieCodeAuthenticationToken.java

@@ -97,7 +97,7 @@ public class MoblieCodeAuthenticationToken extends AbstractAuthenticationToken {
 
 	@Override
 	public void eraseCredentials() {
-		super.eraseCredentials();
+		//super.eraseCredentials();
 
 	}
 }

hzgzpt-framework/src/main/java/com/miaxis/framework/web/service/SysLoginService.java

@@ -103,8 +103,8 @@ public class SysLoginService
             return authenticate(principal,new UsernamePasswordAuthenticationToken(principal, credential));
         } else if (StudentLoginTypeEnum.MOBILELOGIN.getCode().equals(loginType)){
             //验证码是否正确
-            validateCode(principal,credential);
-            return authenticate(principal,new MoblieCodeAuthenticationToken(credential));
+//            validateCode(principal,credential);
+            return authenticate(principal,new MoblieCodeAuthenticationToken(principal));
         }
         else{
             throw new CustomException("loginType参数错误");