大致权限控制完成，新增优化权限控制代码

pom.xml

@@ -58,7 +58,31 @@
         <dependency>
             <groupId>com.baomidou</groupId>
             <artifactId>mybatis-plus-boot-starter</artifactId>
-            <version>3.5.5</version> <!-- 版本可根据需求选择，建议使用最新稳定版 -->
+            <version>3.5.5</version>
+        </dependency>
+        <!--    引入JWT依赖-->
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-api</artifactId>
+            <version>0.11.5</version>
+        </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-impl</artifactId>
+            <version>0.11.5</version>
+            <scope>runtime</scope>
+        </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-jackson</artifactId>
+            <version>0.11.5</version>
+            <scope>runtime</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>cn.dev33</groupId>
+            <artifactId>sa-token-spring-boot3-starter</artifactId>
+            <version>1.37.0</version>
         </dependency>
     </dependencies>
 

src/main/java/cn/zyp/stusystem/controller/ClassController.java

@@ -1,11 +1,10 @@
 package cn.zyp.stusystem.controller;
 
-
+import cn.dev33.satoken.annotation.SaCheckLogin;
+import cn.dev33.satoken.annotation.SaCheckPermission;
 import cn.zyp.stusystem.entity.GradeClass;
 import cn.zyp.stusystem.service.ClassService;
-import org.apache.ibatis.annotations.Param;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.HashMap;
@@ -16,53 +15,61 @@ import java.util.Map;
 @RequestMapping("/api/class")
 public class ClassController {
 
-    //测试git
-
     @Autowired
     private ClassService classService;
 
-    //根据年级查询班级列表
+    // 根据年级查询班级列表 - 所有登录用户都可以查看
+    @SaCheckLogin
+    @SaCheckPermission("class:view")
     @GetMapping("/list")
-    public Map<String, Object> getClassList(@RequestParam Integer grade,@RequestParam(required = false) String name){
+    public Map<String, Object> getClassList(@RequestParam Integer grade, @RequestParam(required = false) String name) {
         List<GradeClass> gradeClasses = classService.findClassByGradeId(grade);
         System.out.println(gradeClasses);
 
-        //过滤班级名称
+        // 过滤班级名称
-        if(name != null){
+        if (name != null) {
-           gradeClasses= gradeClasses.stream().filter(gradeClass -> gradeClass.getName().contains(name)).toList();
+            gradeClasses = gradeClasses.stream().filter(gradeClass -> gradeClass.getName().contains(name)).toList();
         }
-        Map<String,Object> result = new HashMap<>();
+        Map<String, Object> result = new HashMap<>();
-        result.put("data",gradeClasses);
+        result.put("data", gradeClasses);
         return result;
     }
 
-    //新增班级
+    // 新增班级 - 只有管理员有权限
+    @SaCheckLogin
+    @SaCheckPermission("class:add")
     @PostMapping("/add")
-    public boolean addClass(@RequestBody GradeClass gradeClass){
+    public boolean addClass(@RequestBody GradeClass gradeClass) {
         return classService.save(gradeClass);
     }
 
-    //编辑班级
+    // 编辑班级 - 只有管理员有权限
+    @SaCheckLogin
+    @SaCheckPermission("class:edit")
     @PutMapping("/edit")
-    public boolean editClass(@RequestBody GradeClass gradeClass){
+    public boolean editClass(@RequestBody GradeClass gradeClass) {
         return classService.updateById(gradeClass);
     }
 
-    //删除班级
+    // 删除班级 - 只有管理员有权限
+    @SaCheckLogin
+    @SaCheckPermission("class:delete")
     @DeleteMapping("/delete/{id}")
-    public boolean deleteClass(@PathVariable Integer id){
+    public boolean deleteClass(@PathVariable Integer id) {
-        if(classService.isClassHasStudent(id)){
+        if (classService.isClassHasStudent(id)) {
             return false;
-        }else {
+        } else {
             return classService.removeById(id);
         }
     }
 
+    // 检查班级是否有学生 - 所有登录用户都可以查看
+    @SaCheckLogin
+    @SaCheckPermission("class:view")
     @GetMapping("/check")
-    //检查班级是否有学生
+    public Map<String, Object> checkClassHasStudent(@RequestParam Integer classId) {
-    public Map<String,Object> checkClassHasStudent(@RequestParam Integer classId){
+        Map<String, Object> result = new HashMap<>();
-        Map<String,Object> result = new HashMap<>();
+        result.put("data", classService.isClassHasStudent(classId));
-        result.put("data",classService.isClassHasStudent(classId));
         return result;
     }
-}
+}

src/main/java/cn/zyp/stusystem/controller/StudentController.java

@@ -1,6 +1,7 @@
 package cn.zyp.stusystem.controller;
 
-
+import cn.dev33.satoken.annotation.SaCheckLogin;
+import cn.dev33.satoken.annotation.SaCheckPermission;
 import cn.zyp.stusystem.entity.Student;
 import cn.zyp.stusystem.service.StudentService;
 import com.baomidou.mybatisplus.core.metadata.IPage;
@@ -18,7 +19,9 @@ public class StudentController {
     @Autowired
     private StudentService studentService;
 
-    //获取学生列表
+    // 获取学生列表 - 所有登录用户都可以查看
+    @SaCheckLogin
+    @SaCheckPermission("student:view")
     @GetMapping("/list")
     public Map<String, Object> getStudentList(
             @RequestParam Integer page,  // 页码（从1开始）
@@ -27,7 +30,7 @@ public class StudentController {
             @RequestParam(required = false) Long classId,  // 班级ID
             @RequestParam(required = false) String name
     ) {
-        //参数校验
+        // 参数校验
         if (page == null || page < 1) {
             page = 1;
         }
@@ -37,25 +40,31 @@ public class StudentController {
         result.put("list", studentPage.getRecords());
         result.put("total", studentPage.getTotal());
 
-        //测试
+        // 测试
         System.out.println("后端返回的学生数据：" + result);
 
         return result;
     }
 
-    //新增学生
+    // 新增学生 - 管理员和班主任有权限
+    @SaCheckLogin
+    @SaCheckPermission("student:add")
     @PostMapping("/add")
     public boolean addStudent(@RequestBody Student student) {
         return studentService.save(student);
     }
 
-    //编辑学生
+    // 编辑学生 - 管理员和班主任有权限
+    @SaCheckLogin
+    @SaCheckPermission("student:edit")
     @PutMapping("/edit")
     public boolean editStudent(@RequestBody Student student) {
         return studentService.updateById(student);
     }
 
-    //删除学生
+    // 删除学生 - 管理员和班主任有权限
+    @SaCheckLogin
+    @SaCheckPermission("student:delete")
     @DeleteMapping("/delete/{id}")
     public boolean deleteStudent(@PathVariable String id) {
         if (id.contains(",")) {
@@ -65,4 +74,4 @@ public class StudentController {
             return studentService.removeById(id);
         }
     }
-}
+}

src/main/java/cn/zyp/stusystem/entity/GradeClass.java

@@ -22,6 +22,11 @@ public class GradeClass {
     @TableField("grade")
     private Integer grade;
 
-    @TableField("head_teacher")
+    // 数据库字段是 head_teacher_id，类型应该是Long（关联user表的id）
+    @TableField("head_teacher_id")
+    private Long headTeacherId;
+
+
+    @TableField(exist = false)
     private String headTeacher;
-}
+}

src/main/java/cn/zyp/stusystem/service/impl/ClassServiceImpl.java

@@ -3,17 +3,13 @@ package cn.zyp.stusystem.service.impl;
 
 import cn.zyp.stusystem.entity.GradeClass;
 import cn.zyp.stusystem.entity.Student;
+import cn.zyp.stusystem.entity.User;
 import cn.zyp.stusystem.mapper.ClassMapper;
 import cn.zyp.stusystem.mapper.StudentMapper;
+import cn.zyp.stusystem.mapper.UserMapper;
 import cn.zyp.stusystem.service.ClassService;
-import com.baomidou.mybatisplus.annotation.IdType;
-import com.baomidou.mybatisplus.annotation.TableField;
-import com.baomidou.mybatisplus.annotation.TableId;
-import com.baomidou.mybatisplus.annotation.TableName;
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
-import lombok.ConfigurationKeys;
-import lombok.Data;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
@@ -25,12 +21,27 @@ public class ClassServiceImpl extends ServiceImpl<ClassMapper, GradeClass> imple
 
     @Autowired
     private StudentMapper studentMapper;
+    @Autowired
+    private UserMapper userMapper;
 
     @Override
     public List<GradeClass> findClassByGradeId(Integer gradeId) {
         QueryWrapper<GradeClass> queryWrapper = new QueryWrapper<>();
         queryWrapper.eq("grade",gradeId);
-        return baseMapper.selectList(queryWrapper);
+        List<GradeClass> classes = baseMapper.selectList(queryWrapper);
+
+        // 为每个班级设置班主任姓名
+        for (GradeClass gradeClass : classes) {
+            if (gradeClass.getHeadTeacherId() != null) {
+                // 根据headTeacherId查询班主任姓名
+                User teacher = userMapper.selectById(gradeClass.getHeadTeacherId());
+                if (teacher != null) {
+                    gradeClass.setHeadTeacher(teacher.getName());
+                }
+            }
+        }
+
+        return classes;
     }
 
     @Override

src/main/resources/application.yaml

@@ -5,9 +5,18 @@ spring:
     username: root
     password: 123456
 
+
 # MyBatis-Plus ??
 mybatis-plus:
   mapper-locations: classpath:mapper/*.xml  # Mapper.xml ????
   type-aliases-package: com.example.student.entity  # ??????
   configuration:
-    log-impl: org.apache.ibatis.logging.stdout.StdOutImpl  # ??SQL?????????
+    log-impl: org.apache.ibatis.logging.stdout.StdOutImpl  # ??SQL?????????
+
+sa-token:
+  token-name: Authorization    # token名称（与前端对应）
+  timeout: 7200               # token有效期（秒）
+  active-timeout: -1          # 活跃有效期（-1代表不限制）
+  is-concurrent: true         # 是否允许并发登录
+  is-share: false              # 在多人登录时是否共享token
+  token-style: uuid           # token生成风格

target/classes/application.yaml

@@ -5,9 +5,18 @@ spring:
     username: root
     password: 123456
 
+
 # MyBatis-Plus ??
 mybatis-plus:
   mapper-locations: classpath:mapper/*.xml  # Mapper.xml ????
   type-aliases-package: com.example.student.entity  # ??????
   configuration:
-    log-impl: org.apache.ibatis.logging.stdout.StdOutImpl  # ??SQL?????????
+    log-impl: org.apache.ibatis.logging.stdout.StdOutImpl  # ??SQL?????????
+
+sa-token:
+  token-name: Authorization    # token名称（与前端对应）
+  timeout: 7200               # token有效期（秒）
+  active-timeout: -1          # 活跃有效期（-1代表不限制）
+  is-concurrent: true         # 是否允许并发登录
+  is-share: false              # 在多人登录时是否共享token
+  token-style: uuid           # token生成风格