ibizdev提交

7cc1cbb5 · ibizdev · a68c1fa4 · 7cc1cbb5 · 7cc1cbb5 · 7cc1cbb5
--- a/app_web/src/engine/view/wfdyna-exp-grid-view-engine.ts
+++ b/app_web/src/engine/view/wfdyna-exp-grid-view-engine.ts
+import GridViewEngine from './grid-view-engine';
+/**
+ * 视图引擎基础
+ *
+ * @export
+ * @class WFDynaExpGridViewEngine
+ * @extends {GridViewEngine}
+ */
+export default class WFDynaExpGridViewEngine extends GridViewEngine {
+    /**
+     * Creates an instance of WFDynaExpGridViewEngine.
+     * @memberof WFDynaExpGridViewEngine
+     */
+    constructor() {
+        super();
+    }
+    /**
+     * 引擎加载
+     *
+     * @param {*} [opts={}]
+     * @memberof WFDynaExpGridViewEngine
+     */
+    public load(opts: any = {},isnotify:boolean=false): void {
+        this.view.getWFStepModel().then((res:any) =>{
+            if(!this.view.isformDruipart){
+                super.load(opts);
+            }else{
+                if(isnotify){
+                    super.load(opts);
+                }
+            }
+        })
+    }
+}
\ No newline at end of file
--- a/app_web/src/mock/entity/ibzdepartments/ibzdepartments.ts
+++ b/app_web/src/mock/entity/ibzdepartments/ibzdepartments.ts
@@ -6,10 +6,55 @@ const mock = MockAdapter.getInstance();
 const mockDatas: Array<any> = [
 ];
+//getwflink
+mock.onGet(new RegExp(/^\/wfcore\/ibzou-app-web\/ibzdepartments\/[a-zA-Z0-9\-\;]+\/usertasks\/[a-zA-Z0-9\-\;]+\/ways$/)).reply((config: any) => {
+    console.groupCollapsed("实体:ibzdepartment 方法: getwflink");
+    console.table({url:config.url, method: config.method, data:config.data});
+    console.groupEnd();
+    let status = MockAdapter.mockStatus(config);
+    if (status !== 200) {
+        return [status, {}];
+    }
+    return [status,[
+        {"sequenceFlowId":"dfdsfdsfdsfdsfds","sequenceFlowName":"同意",
+         "taskId":"aaaaddddccccddddd","processDefinitionKey":"support-workorders-approve-v1",
+         "processInstanceId":"ddlfldldfldsfds","refViewKey":""},
+        {"sequenceFlowId":"ddssdfdfdfdfsfdf","sequenceFlowName":"不同意",
+         "taskId":"aaaaddddccccddddd","processDefinitionKey":"support-workorders-approve-v1",
+         "processInstanceId":"ddfdsldlfdlldsf","refViewKey":"workorder_ltform_editview"}
+        ]];
+});
+// getwfstep
+mock.onGet(new RegExp(/^\/wfcore\/ibzou-app-web\/ibzdepartments\/process-definitions-nodes$/)).reply((config: any) => {
+    console.groupCollapsed("实体:ibzdepartment 方法: getwfstep");
+    console.table({url:config.url, method: config.method, data:config.data});
+    console.groupEnd();
+    let status = MockAdapter.mockStatus(config);
+    if (status !== 200) {
+        return [status, {}];
+    }
+    return [status, [
+        {"userTaskId":"sddfddfd-dfdf-fdfd-fdf-dfdfd",
+        "userTaskName":"待审",
+        "cnt":0,
+        "processDefinitionKey":"support-workorders-approve-v1",
+        "processDefinitionName":"工单审批流程v1"
+        },
+        {"userTaskId":"sddfddfd-dfdf-fdfd-fdf-87927",
+        "userTaskName":"待分配",
+        "cnt":3,
+        "processDefinitionKey":"support-workorders-approve-v1",
+        "processDefinitionName":"工单审批流程v1"}
+        ]];
+});
 // createBatch
 mock.onPost(new RegExp(/^\/ibzdepartments\/batch$/)).reply((config: any) => {
    console.groupCollapsed("实体:ibzdepartment 方法: createBatch");
    console.table({url:config.url, method: config.method, data:config.data});
+    console.groupEnd();
    let status = MockAdapter.mockStatus(config);
    if (status !== 200) {
        return [status, {}];
@@ -21,6 +66,7 @@ mock.onPost(new RegExp(/^\/ibzdepartments\/batch$/)).reply((config: any) => {
 mock.onPut(new RegExp(/^\/ibzdepartments\/batch$/)).reply((config: any) => {
    console.groupCollapsed("实体:ibzdepartment 方法: updateBatch");
    console.table({url:config.url, method: config.method, data:config.data});
+    console.groupEnd();
    let status = MockAdapter.mockStatus(config);
    if (status !== 200) {
        return [status, {}];
@@ -32,6 +78,7 @@ mock.onPut(new RegExp(/^\/ibzdepartments\/batch$/)).reply((config: any) => {
 mock.onDelete(new RegExp(/^\/ibzdepartments\/batch$/)).reply((config: any) => {
    console.groupCollapsed("实体:ibzdepartment 方法: removeBatch");
    console.table({url:config.url, method: config.method, data:config.data});
+    console.groupEnd();
    let status = MockAdapter.mockStatus(config);
    if (status !== 200) {
        return [status, {}];

--- a/app_web/src/mock/entity/ibzemployees/ibzemployees.ts
+++ b/app_web/src/mock/entity/ibzemployees/ibzemployees.ts
@@ -6,10 +6,55 @@ const mock = MockAdapter.getInstance();
 const mockDatas: Array<any> = [
 ];
+//getwflink
+mock.onGet(new RegExp(/^\/wfcore\/ibzou-app-web\/ibzemployees\/[a-zA-Z0-9\-\;]+\/usertasks\/[a-zA-Z0-9\-\;]+\/ways$/)).reply((config: any) => {
+    console.groupCollapsed("实体:ibzemployee 方法: getwflink");
+    console.table({url:config.url, method: config.method, data:config.data});
+    console.groupEnd();
+    let status = MockAdapter.mockStatus(config);
+    if (status !== 200) {
+        return [status, {}];
+    }
+    return [status,[
+        {"sequenceFlowId":"dfdsfdsfdsfdsfds","sequenceFlowName":"同意",
+         "taskId":"aaaaddddccccddddd","processDefinitionKey":"support-workorders-approve-v1",
+         "processInstanceId":"ddlfldldfldsfds","refViewKey":""},
+        {"sequenceFlowId":"ddssdfdfdfdfsfdf","sequenceFlowName":"不同意",
+         "taskId":"aaaaddddccccddddd","processDefinitionKey":"support-workorders-approve-v1",
+         "processInstanceId":"ddfdsldlfdlldsf","refViewKey":"workorder_ltform_editview"}
+        ]];
+});
+// getwfstep
+mock.onGet(new RegExp(/^\/wfcore\/ibzou-app-web\/ibzemployees\/process-definitions-nodes$/)).reply((config: any) => {
+    console.groupCollapsed("实体:ibzemployee 方法: getwfstep");
+    console.table({url:config.url, method: config.method, data:config.data});
+    console.groupEnd();
+    let status = MockAdapter.mockStatus(config);
+    if (status !== 200) {
+        return [status, {}];
+    }
+    return [status, [
+        {"userTaskId":"sddfddfd-dfdf-fdfd-fdf-dfdfd",
+        "userTaskName":"待审",
+        "cnt":0,
+        "processDefinitionKey":"support-workorders-approve-v1",
+        "processDefinitionName":"工单审批流程v1"
+        },
+        {"userTaskId":"sddfddfd-dfdf-fdfd-fdf-87927",
+        "userTaskName":"待分配",
+        "cnt":3,
+        "processDefinitionKey":"support-workorders-approve-v1",
+        "processDefinitionName":"工单审批流程v1"}
+        ]];
+});
 // createBatch
 mock.onPost(new RegExp(/^\/ibzemployees\/batch$/)).reply((config: any) => {
    console.groupCollapsed("实体:ibzemployee 方法: createBatch");
    console.table({url:config.url, method: config.method, data:config.data});
+    console.groupEnd();
    let status = MockAdapter.mockStatus(config);
    if (status !== 200) {
        return [status, {}];
@@ -21,6 +66,7 @@ mock.onPost(new RegExp(/^\/ibzemployees\/batch$/)).reply((config: any) => {
 mock.onPut(new RegExp(/^\/ibzemployees\/batch$/)).reply((config: any) => {
    console.groupCollapsed("实体:ibzemployee 方法: updateBatch");
    console.table({url:config.url, method: config.method, data:config.data});
+    console.groupEnd();
    let status = MockAdapter.mockStatus(config);
    if (status !== 200) {
        return [status, {}];
@@ -32,6 +78,7 @@ mock.onPut(new RegExp(/^\/ibzemployees\/batch$/)).reply((config: any) => {
 mock.onDelete(new RegExp(/^\/ibzemployees\/batch$/)).reply((config: any) => {
    console.groupCollapsed("实体:ibzemployee 方法: removeBatch");
    console.table({url:config.url, method: config.method, data:config.data});
+    console.groupEnd();
    let status = MockAdapter.mockStatus(config);
    if (status !== 200) {
        return [status, {}];

--- a/app_web/src/mock/entity/ibzorganizations/ibzorganizations.ts
+++ b/app_web/src/mock/entity/ibzorganizations/ibzorganizations.ts
@@ -6,10 +6,55 @@ const mock = MockAdapter.getInstance();
 const mockDatas: Array<any> = [
 ];
+//getwflink
+mock.onGet(new RegExp(/^\/wfcore\/ibzou-app-web\/ibzorganizations\/[a-zA-Z0-9\-\;]+\/usertasks\/[a-zA-Z0-9\-\;]+\/ways$/)).reply((config: any) => {
+    console.groupCollapsed("实体:ibzorganization 方法: getwflink");
+    console.table({url:config.url, method: config.method, data:config.data});
+    console.groupEnd();
+    let status = MockAdapter.mockStatus(config);
+    if (status !== 200) {
+        return [status, {}];
+    }
+    return [status,[
+        {"sequenceFlowId":"dfdsfdsfdsfdsfds","sequenceFlowName":"同意",
+         "taskId":"aaaaddddccccddddd","processDefinitionKey":"support-workorders-approve-v1",
+         "processInstanceId":"ddlfldldfldsfds","refViewKey":""},
+        {"sequenceFlowId":"ddssdfdfdfdfsfdf","sequenceFlowName":"不同意",
+         "taskId":"aaaaddddccccddddd","processDefinitionKey":"support-workorders-approve-v1",
+         "processInstanceId":"ddfdsldlfdlldsf","refViewKey":"workorder_ltform_editview"}
+        ]];
+});
+// getwfstep
+mock.onGet(new RegExp(/^\/wfcore\/ibzou-app-web\/ibzorganizations\/process-definitions-nodes$/)).reply((config: any) => {
+    console.groupCollapsed("实体:ibzorganization 方法: getwfstep");
+    console.table({url:config.url, method: config.method, data:config.data});
+    console.groupEnd();
+    let status = MockAdapter.mockStatus(config);
+    if (status !== 200) {
+        return [status, {}];
+    }
+    return [status, [
+        {"userTaskId":"sddfddfd-dfdf-fdfd-fdf-dfdfd",
+        "userTaskName":"待审",
+        "cnt":0,
+        "processDefinitionKey":"support-workorders-approve-v1",
+        "processDefinitionName":"工单审批流程v1"
+        },
+        {"userTaskId":"sddfddfd-dfdf-fdfd-fdf-87927",
+        "userTaskName":"待分配",
+        "cnt":3,
+        "processDefinitionKey":"support-workorders-approve-v1",
+        "processDefinitionName":"工单审批流程v1"}
+        ]];
+});
 // createBatch
 mock.onPost(new RegExp(/^\/ibzorganizations\/batch$/)).reply((config: any) => {
    console.groupCollapsed("实体:ibzorganization 方法: createBatch");
    console.table({url:config.url, method: config.method, data:config.data});
+    console.groupEnd();
    let status = MockAdapter.mockStatus(config);
    if (status !== 200) {
        return [status, {}];
@@ -21,6 +66,7 @@ mock.onPost(new RegExp(/^\/ibzorganizations\/batch$/)).reply((config: any) => {
 mock.onPut(new RegExp(/^\/ibzorganizations\/batch$/)).reply((config: any) => {
    console.groupCollapsed("实体:ibzorganization 方法: updateBatch");
    console.table({url:config.url, method: config.method, data:config.data});
+    console.groupEnd();
    let status = MockAdapter.mockStatus(config);
    if (status !== 200) {
        return [status, {}];
@@ -32,6 +78,7 @@ mock.onPut(new RegExp(/^\/ibzorganizations\/batch$/)).reply((config: any) => {
 mock.onDelete(new RegExp(/^\/ibzorganizations\/batch$/)).reply((config: any) => {
    console.groupCollapsed("实体:ibzorganization 方法: removeBatch");
    console.table({url:config.url, method: config.method, data:config.data});
+    console.groupEnd();
    let status = MockAdapter.mockStatus(config);
    if (status !== 200) {
        return [status, {}];

--- a/config.xml
+++ b/config.xml
@@ -38,11 +38,6 @@
 	  git clone -b master $para2 ibzou/
      export NODE_OPTIONS=--max-old-space-size=4096
      cd ibzou/
-      mvn clean package -Papi
-      cd ibzou-provider/ibzou-provider-api
-      mvn -Papi docker:build
-      mvn -Papi docker:push
-      docker -H $para1 stack deploy --compose-file=src/main/docker/ibzou-provider-api.yaml dev --with-registry-auth      
      </command>
    </hudson.tasks.Shell>
  </builders>

--- a/ibzou-app/ibzou-app-web/src/main/java/cn/ibizlab/web/config/webSecurityConfig.java
+++ b/ibzou-app/ibzou-app-web/src/main/java/cn/ibizlab/web/config/webSecurityConfig.java
@@ -41,6 +41,15 @@ public class webSecurityConfig extends WebSecurityConfigurerAdapter {
    @Value("${ibiz.auth.path:v7/login}")
    private String loginPath;
+    @Value("${ibiz.file.uploadpath:ibizutil/upload}")
+    private String uploadpath;
+    @Value("${ibiz.file.downloadpath:ibizutil/download}")
+    private String downloadpath;
+    @Value("${ibiz.file.previewpath:ibizutil/preview}")
+    private String previewpath;
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth
@@ -97,6 +106,10 @@ public class webSecurityConfig extends WebSecurityConfigurerAdapter {
                ).permitAll()
                //放行登录请求
                .antMatchers( HttpMethod.POST,"/"+loginPath).permitAll()
+                // 文件操作
+                .antMatchers("/"+downloadpath+"/**").permitAll()
+                .antMatchers("/"+uploadpath).permitAll()
+                .antMatchers("/"+previewpath+"/**").permitAll()
                // 所有请求都需要认证
                .anyRequest().authenticated()
                // 防止iframe 造成跨域

--- a/ibzou-boot/src/main/resources/application-dev.yml
+++ b/ibzou-boot/src/main/resources/application-dev.yml
 server:
-  port: 40001
+  port: 8080
--- a/ibzou-core/src/main/java/cn/ibizlab/core/ou/domain/IBZOrganization.java
+++ b/ibzou-core/src/main/java/cn/ibizlab/core/ou/domain/IBZOrganization.java
@@ -35,7 +35,7 @@ public class IBZOrganization extends EntityMP implements Serializable {
    /**
     * 单位标识
     */
-    @DEField(isKeyField=true)
+    @DEField(defaultValue = "orgcode" , defaultValueType = DEFieldDefaultValueType.PARAM , isKeyField=true)
    @TableId(value= "orgid",type=IdType.UUID)
    @JSONField(name = "orgid")
    @JsonProperty("orgid")

--- a/ibzou-core/src/main/resources/liquibase/h2_table.xml
+++ b/ibzou-core/src/main/resources/liquibase/h2_table.xml
@@ -2,7 +2,7 @@
 <databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:ext="http://www.liquibase.org/xml/ns/dbchangelog-ext" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog-ext http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-ext.xsd http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.6.xsd">
    <!--输出实体[IBZORG]数据结构 -->
-    <changeSet author="a_A_5d9d78509" id="tab-ibzorg-409-1">
+    <changeSet author="a_A_5d9d78509" id="tab-ibzorg-410-1">
        <createTable tableName="IBZORG">
                <column name="ORGID" remarks="" type="VARCHAR(100)">
                    <constraints primaryKey="true" primaryKeyName="PK_IBZORG_ORGID"/>
@@ -137,7 +137,7 @@
    </changeSet>
        <!--输出实体[IBZORG]外键关系 -->
-    <changeSet author="a_A_5d9d78509" id="fk-ibzorg-409-4">
+    <changeSet author="a_A_5d9d78509" id="fk-ibzorg-410-4">
       <addForeignKeyConstraint baseColumnNames="PORGID" baseTableName="IBZORG" constraintName="DER1N_IBZORG_IBZORG_PORGID" deferrable="false" initiallyDeferred="false" onDelete="RESTRICT" onUpdate="RESTRICT" referencedColumnNames="ORGID" referencedTableName="IBZORG" validate="true"/>
    </changeSet>
        <!--输出实体[IBZEMP]外键关系 -->

--- a/ibzou-provider/ibzou-provider-api/src/main/docker/Dockerfile
+++ b/ibzou-provider/ibzou-provider-api/src/main/docker/Dockerfile
@@ -9,6 +9,6 @@ CMD echo "The application will start in ${IBZ_SLEEP}s..." && \
    sleep ${IBZ_SLEEP} && \
    java ${JAVA_OPTS} -Djava.security.egd=file:/dev/./urandom -jar /ibzou-provider-api.jar
-EXPOSE 40001
+EXPOSE 8081
 ADD ibzou-provider-api.jar /ibzou-provider-api.jar
--- a/ibzou-provider/ibzou-provider-api/src/main/docker/ibzou-provider-api.yaml
+++ b/ibzou-provider/ibzou-provider-api/src/main/docker/ibzou-provider-api.yaml
@@ -3,11 +3,9 @@ services:
  ibzou-provider-api:
    image: registry.cn-shanghai.aliyuncs.com/ibizsys/ibzou-provider-api:latest
    ports:
-      - "40001:40001"
+      - "8081:8081"
    networks:
      - agent_network
-    environment:
-      SPRING_CLOUD_NACOS_DISCOVERY_IP: 172.16.180.237
    deploy:
      mode: replicated
      replicas: 1

--- a/ibzou-provider/ibzou-provider-api/src/main/java/cn/ibizlab/api/rest/IBZDepartmentResource.java
+++ b/ibzou-provider/ibzou-provider-api/src/main/java/cn/ibizlab/api/rest/IBZDepartmentResource.java
@@ -55,7 +55,7 @@ public class IBZDepartmentResource {
-    @PreAuthorize("hasPermission('','Create',this.getEntity())")
+    @PreAuthorize("hasPermission('','Create',{this.getEntity(),'Sql'})")
    @ApiOperation(value = "Create", tags = {"IBZDepartment" },  notes = "Create")
 	@RequestMapping(method = RequestMethod.POST, value = "/ibzdepartments")
    @Transactional
@@ -66,7 +66,7 @@ public class IBZDepartmentResource {
 		return ResponseEntity.status(HttpStatus.OK).body(dto);
    }
-    @PreAuthorize("hasPermission('','Create',this.getEntity())")
+    @PreAuthorize("hasPermission('','Create',{this.getEntity(),'Sql'})")
    @ApiOperation(value = "createBatch", tags = {"createBatch" },  notes = "createBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "/ibzdepartments/createbatch")
    public ResponseEntity<Boolean> createBatch(@RequestBody List<IBZDepartmentDTO> ibzdepartmentdtos) {
@@ -77,7 +77,7 @@ public class IBZDepartmentResource {
-    @PreAuthorize("hasPermission(#ibzdepartment_id,'Get',this.getEntity())")
+    @PreAuthorize("hasPermission(#ibzdepartment_id,'Get',{this.getEntity(),'Sql'})")
    @ApiOperation(value = "Get", tags = {"IBZDepartment" },  notes = "Get")
 	@RequestMapping(method = RequestMethod.GET, value = "/ibzdepartments/{ibzdepartment_id}")
    public ResponseEntity<IBZDepartmentDTO> get(@PathVariable("ibzdepartment_id") String ibzdepartment_id) {
@@ -123,7 +123,7 @@ public class IBZDepartmentResource {
-    @PreAuthorize("hasPermission('Remove',{#ibzdepartment_id,this.getEntity()})")
+    @PreAuthorize("hasPermission('Remove',{#ibzdepartment_id,{this.getEntity(),'Sql'}})")
    @ApiOperation(value = "Remove", tags = {"IBZDepartment" },  notes = "Remove")
 	@RequestMapping(method = RequestMethod.DELETE, value = "/ibzdepartments/{ibzdepartment_id}")
    @Transactional
@@ -141,7 +141,7 @@ public class IBZDepartmentResource {
-    @PreAuthorize("hasPermission(#ibzdepartment_id,'Update',this.getEntity())")
+    @PreAuthorize("hasPermission(#ibzdepartment_id,'Update',{this.getEntity(),'Sql'})")
    @ApiOperation(value = "Update", tags = {"IBZDepartment" },  notes = "Update")
 	@RequestMapping(method = RequestMethod.PUT, value = "/ibzdepartments/{ibzdepartment_id}")
    @Transactional
@@ -153,7 +153,7 @@ public class IBZDepartmentResource {
        return ResponseEntity.status(HttpStatus.OK).body(dto);
    }
-    @PreAuthorize("hasPermission(#ibzdepartment_id,'Update',this.getEntity())")
+    @PreAuthorize("hasPermission(#ibzdepartment_id,'Update',{this.getEntity(),'Sql'})")
    @ApiOperation(value = "UpdateBatch", tags = {"UpdateBatch" },  notes = "UpdateBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "/ibzdepartments/updatebatch")
    public ResponseEntity<Boolean> updateBatch(@RequestBody List<IBZDepartmentDTO> ibzdepartmentdtos) {
@@ -161,7 +161,7 @@ public class IBZDepartmentResource {
        return  ResponseEntity.status(HttpStatus.OK).body(true);
    }
-    @PreAuthorize("hasPermission('Get',{#context,'Default',this.getEntity()})")
+    @PreAuthorize("hasPermission('Get',{#context,'Default',this.getEntity(),'Sql'})")
 	@ApiOperation(value = "fetchDEFAULT", tags = {"IBZDepartment" } ,notes = "fetchDEFAULT")
    @RequestMapping(method= RequestMethod.GET , value="/ibzdepartments/fetchdefault")
 	public ResponseEntity<List<IBZDepartmentDTO>> fetchDefault(IBZDepartmentSearchContext context) {
@@ -174,7 +174,7 @@ public class IBZDepartmentResource {
                .body(list);
 	}
-    @PreAuthorize("hasPermission('Get',{#context,'Default',this.getEntity()})")
+    @PreAuthorize("hasPermission('Get',{#context,'Default',this.getEntity(),'Sql'})")
 	@ApiOperation(value = "searchDEFAULT", tags = {"IBZDepartment" } ,notes = "searchDEFAULT")
    @RequestMapping(method= RequestMethod.GET , value="/ibzdepartments/searchdefault")
 	public ResponseEntity<Page<IBZDepartmentDTO>> searchDefault(IBZDepartmentSearchContext context) {

--- a/ibzou-provider/ibzou-provider-api/src/main/java/cn/ibizlab/api/rest/IBZEmployeeResource.java
+++ b/ibzou-provider/ibzou-provider-api/src/main/java/cn/ibizlab/api/rest/IBZEmployeeResource.java
@@ -55,7 +55,7 @@ public class IBZEmployeeResource {
-    @PreAuthorize("hasPermission('Remove',{#ibzemployee_id,this.getEntity()})")
+    @PreAuthorize("hasPermission('Remove',{#ibzemployee_id,{this.getEntity(),'Sql'}})")
    @ApiOperation(value = "Remove", tags = {"IBZEmployee" },  notes = "Remove")
 	@RequestMapping(method = RequestMethod.DELETE, value = "/ibzemployees/{ibzemployee_id}")
    @Transactional
@@ -86,7 +86,7 @@ public class IBZEmployeeResource {
-    @PreAuthorize("hasPermission('','Create',this.getEntity())")
+    @PreAuthorize("hasPermission('','Create',{this.getEntity(),'Sql'})")
    @ApiOperation(value = "Create", tags = {"IBZEmployee" },  notes = "Create")
 	@RequestMapping(method = RequestMethod.POST, value = "/ibzemployees")
    @Transactional
@@ -97,7 +97,7 @@ public class IBZEmployeeResource {
 		return ResponseEntity.status(HttpStatus.OK).body(dto);
    }
-    @PreAuthorize("hasPermission('','Create',this.getEntity())")
+    @PreAuthorize("hasPermission('','Create',{this.getEntity(),'Sql'})")
    @ApiOperation(value = "createBatch", tags = {"createBatch" },  notes = "createBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "/ibzemployees/createbatch")
    public ResponseEntity<Boolean> createBatch(@RequestBody List<IBZEmployeeDTO> ibzemployeedtos) {
@@ -117,7 +117,7 @@ public class IBZEmployeeResource {
-    @PreAuthorize("hasPermission(#ibzemployee_id,'Update',this.getEntity())")
+    @PreAuthorize("hasPermission(#ibzemployee_id,'Update',{this.getEntity(),'Sql'})")
    @ApiOperation(value = "Update", tags = {"IBZEmployee" },  notes = "Update")
 	@RequestMapping(method = RequestMethod.PUT, value = "/ibzemployees/{ibzemployee_id}")
    @Transactional
@@ -129,7 +129,7 @@ public class IBZEmployeeResource {
        return ResponseEntity.status(HttpStatus.OK).body(dto);
    }
-    @PreAuthorize("hasPermission(#ibzemployee_id,'Update',this.getEntity())")
+    @PreAuthorize("hasPermission(#ibzemployee_id,'Update',{this.getEntity(),'Sql'})")
    @ApiOperation(value = "UpdateBatch", tags = {"UpdateBatch" },  notes = "UpdateBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "/ibzemployees/updatebatch")
    public ResponseEntity<Boolean> updateBatch(@RequestBody List<IBZEmployeeDTO> ibzemployeedtos) {
@@ -156,7 +156,7 @@ public class IBZEmployeeResource {
-    @PreAuthorize("hasPermission(#ibzemployee_id,'Get',this.getEntity())")
+    @PreAuthorize("hasPermission(#ibzemployee_id,'Get',{this.getEntity(),'Sql'})")
    @ApiOperation(value = "Get", tags = {"IBZEmployee" },  notes = "Get")
 	@RequestMapping(method = RequestMethod.GET, value = "/ibzemployees/{ibzemployee_id}")
    public ResponseEntity<IBZEmployeeDTO> get(@PathVariable("ibzemployee_id") String ibzemployee_id) {
@@ -174,7 +174,7 @@ public class IBZEmployeeResource {
        return ResponseEntity.status(HttpStatus.OK).body(ibzemployeeMapping.toDto(ibzemployeeService.getDraft(new IBZEmployee())));
    }
-    @PreAuthorize("hasPermission('Get',{#context,'Default',this.getEntity()})")
+    @PreAuthorize("hasPermission('Get',{#context,'Default',this.getEntity(),'Sql'})")
 	@ApiOperation(value = "fetchDEFAULT", tags = {"IBZEmployee" } ,notes = "fetchDEFAULT")
    @RequestMapping(method= RequestMethod.GET , value="/ibzemployees/fetchdefault")
 	public ResponseEntity<List<IBZEmployeeDTO>> fetchDefault(IBZEmployeeSearchContext context) {
@@ -187,7 +187,7 @@ public class IBZEmployeeResource {
                .body(list);
 	}
-    @PreAuthorize("hasPermission('Get',{#context,'Default',this.getEntity()})")
+    @PreAuthorize("hasPermission('Get',{#context,'Default',this.getEntity(),'Sql'})")
 	@ApiOperation(value = "searchDEFAULT", tags = {"IBZEmployee" } ,notes = "searchDEFAULT")
    @RequestMapping(method= RequestMethod.GET , value="/ibzemployees/searchdefault")
 	public ResponseEntity<Page<IBZEmployeeDTO>> searchDefault(IBZEmployeeSearchContext context) {

--- a/ibzou-provider/ibzou-provider-api/src/main/java/cn/ibizlab/api/rest/IBZOrganizationResource.java
+++ b/ibzou-provider/ibzou-provider-api/src/main/java/cn/ibizlab/api/rest/IBZOrganizationResource.java
@@ -64,7 +64,7 @@ public class IBZOrganizationResource {
-    @PreAuthorize("hasPermission(#ibzorganization_id,'Update',this.getEntity())")
+    @PreAuthorize("hasPermission(#ibzorganization_id,'Update',{this.getEntity(),'Sql'})")
    @ApiOperation(value = "Update", tags = {"IBZOrganization" },  notes = "Update")
 	@RequestMapping(method = RequestMethod.PUT, value = "/ibzorganizations/{ibzorganization_id}")
    @Transactional
@@ -76,7 +76,7 @@ public class IBZOrganizationResource {
        return ResponseEntity.status(HttpStatus.OK).body(dto);
    }
-    @PreAuthorize("hasPermission(#ibzorganization_id,'Update',this.getEntity())")
+    @PreAuthorize("hasPermission(#ibzorganization_id,'Update',{this.getEntity(),'Sql'})")
    @ApiOperation(value = "UpdateBatch", tags = {"UpdateBatch" },  notes = "UpdateBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "/ibzorganizations/updatebatch")
    public ResponseEntity<Boolean> updateBatch(@RequestBody List<IBZOrganizationDTO> ibzorganizationdtos) {
@@ -87,7 +87,7 @@ public class IBZOrganizationResource {
-    @PreAuthorize("hasPermission('','Create',this.getEntity())")
+    @PreAuthorize("hasPermission('','Create',{this.getEntity(),'Sql'})")
    @ApiOperation(value = "Create", tags = {"IBZOrganization" },  notes = "Create")
 	@RequestMapping(method = RequestMethod.POST, value = "/ibzorganizations")
    @Transactional
@@ -98,7 +98,7 @@ public class IBZOrganizationResource {
 		return ResponseEntity.status(HttpStatus.OK).body(dto);
    }
-    @PreAuthorize("hasPermission('','Create',this.getEntity())")
+    @PreAuthorize("hasPermission('','Create',{this.getEntity(),'Sql'})")
    @ApiOperation(value = "createBatch", tags = {"createBatch" },  notes = "createBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "/ibzorganizations/createbatch")
    public ResponseEntity<Boolean> createBatch(@RequestBody List<IBZOrganizationDTO> ibzorganizationdtos) {
@@ -125,7 +125,7 @@ public class IBZOrganizationResource {
-    @PreAuthorize("hasPermission('Remove',{#ibzorganization_id,this.getEntity()})")
+    @PreAuthorize("hasPermission('Remove',{#ibzorganization_id,{this.getEntity(),'Sql'}})")
    @ApiOperation(value = "Remove", tags = {"IBZOrganization" },  notes = "Remove")
 	@RequestMapping(method = RequestMethod.DELETE, value = "/ibzorganizations/{ibzorganization_id}")
    @Transactional
@@ -143,7 +143,7 @@ public class IBZOrganizationResource {
-    @PreAuthorize("hasPermission(#ibzorganization_id,'Get',this.getEntity())")
+    @PreAuthorize("hasPermission(#ibzorganization_id,'Get',{this.getEntity(),'Sql'})")
    @ApiOperation(value = "Get", tags = {"IBZOrganization" },  notes = "Get")
 	@RequestMapping(method = RequestMethod.GET, value = "/ibzorganizations/{ibzorganization_id}")
    public ResponseEntity<IBZOrganizationDTO> get(@PathVariable("ibzorganization_id") String ibzorganization_id) {
@@ -161,7 +161,7 @@ public class IBZOrganizationResource {
        return ResponseEntity.status(HttpStatus.OK).body(ibzorganizationMapping.toDto(ibzorganizationService.getDraft(new IBZOrganization())));
    }
-    @PreAuthorize("hasPermission('Get',{#context,'SelectSOrg',this.getEntity()})")
+    @PreAuthorize("hasPermission('Get',{#context,'SelectSOrg',this.getEntity(),'Sql'})")
 	@ApiOperation(value = "fetch查询下级单位", tags = {"IBZOrganization" } ,notes = "fetch查询下级单位")
    @RequestMapping(method= RequestMethod.GET , value="/ibzorganizations/fetchselectsorg")
 	public ResponseEntity<List<IBZOrganizationDTO>> fetchSelectSOrg(IBZOrganizationSearchContext context) {
@@ -174,7 +174,7 @@ public class IBZOrganizationResource {
                .body(list);
 	}
-    @PreAuthorize("hasPermission('Get',{#context,'SelectSOrg',this.getEntity()})")
+    @PreAuthorize("hasPermission('Get',{#context,'SelectSOrg',this.getEntity(),'Sql'})")
 	@ApiOperation(value = "search查询下级单位", tags = {"IBZOrganization" } ,notes = "search查询下级单位")
    @RequestMapping(method= RequestMethod.GET , value="/ibzorganizations/searchselectsorg")
 	public ResponseEntity<Page<IBZOrganizationDTO>> searchSelectSOrg(IBZOrganizationSearchContext context) {
@@ -183,7 +183,7 @@ public class IBZOrganizationResource {
                .body(new PageImpl(ibzorganizationMapping.toDto(domains.getContent()), context.getPageable(), domains.getTotalElements()));
 	}
-    @PreAuthorize("hasPermission('Get',{#context,'SelectPOrg',this.getEntity()})")
+    @PreAuthorize("hasPermission('Get',{#context,'SelectPOrg',this.getEntity(),'Sql'})")
 	@ApiOperation(value = "fetch查询上级单位", tags = {"IBZOrganization" } ,notes = "fetch查询上级单位")
    @RequestMapping(method= RequestMethod.GET , value="/ibzorganizations/fetchselectporg")
 	public ResponseEntity<List<IBZOrganizationDTO>> fetchSelectPOrg(IBZOrganizationSearchContext context) {
@@ -196,7 +196,7 @@ public class IBZOrganizationResource {
                .body(list);
 	}
-    @PreAuthorize("hasPermission('Get',{#context,'SelectPOrg',this.getEntity()})")
+    @PreAuthorize("hasPermission('Get',{#context,'SelectPOrg',this.getEntity(),'Sql'})")
 	@ApiOperation(value = "search查询上级单位", tags = {"IBZOrganization" } ,notes = "search查询上级单位")
    @RequestMapping(method= RequestMethod.GET , value="/ibzorganizations/searchselectporg")
 	public ResponseEntity<Page<IBZOrganizationDTO>> searchSelectPOrg(IBZOrganizationSearchContext context) {
@@ -205,7 +205,7 @@ public class IBZOrganizationResource {
                .body(new PageImpl(ibzorganizationMapping.toDto(domains.getContent()), context.getPageable(), domains.getTotalElements()));
 	}
-    @PreAuthorize("hasPermission('Get',{#context,'Default',this.getEntity()})")
+    @PreAuthorize("hasPermission('Get',{#context,'Default',this.getEntity(),'Sql'})")
 	@ApiOperation(value = "fetchDEFAULT", tags = {"IBZOrganization" } ,notes = "fetchDEFAULT")
    @RequestMapping(method= RequestMethod.GET , value="/ibzorganizations/fetchdefault")
 	public ResponseEntity<List<IBZOrganizationDTO>> fetchDefault(IBZOrganizationSearchContext context) {
@@ -218,7 +218,7 @@ public class IBZOrganizationResource {
                .body(list);
 	}
-    @PreAuthorize("hasPermission('Get',{#context,'Default',this.getEntity()})")
+    @PreAuthorize("hasPermission('Get',{#context,'Default',this.getEntity(),'Sql'})")
 	@ApiOperation(value = "searchDEFAULT", tags = {"IBZOrganization" } ,notes = "searchDEFAULT")
    @RequestMapping(method= RequestMethod.GET , value="/ibzorganizations/searchdefault")
 	public ResponseEntity<Page<IBZOrganizationDTO>> searchDefault(IBZOrganizationSearchContext context) {

--- a/ibzou-provider/ibzou-provider-api/src/main/resources/application-api-dev.yml
+++ b/ibzou-provider/ibzou-provider-api/src/main/resources/application-api-dev.yml
 server:
-  port: 40001
+  port: 8081
\ No newline at end of file
--- a/ibzou-provider/ibzou-provider-api/src/main/resources/application-api-prod.yml
+++ b/ibzou-provider/ibzou-provider-api/src/main/resources/application-api-prod.yml
 server:
-  port: 40001
+  port: 8081
--- a/ibzou-util/src/main/java/cn/ibizlab/util/domain/FileItem.java
+++ b/ibzou-util/src/main/java/cn/ibizlab/util/domain/FileItem.java
@@ -14,6 +14,8 @@ public class FileItem
 {
 	private String id;
 	private String name;
+	private String fileid;
+	private String filename;
 	private long size;
 	private String ext;
 }
--- a/ibzou-util/src/main/java/cn/ibizlab/util/rest/FileController.java
+++ b/ibzou-util/src/main/java/cn/ibizlab/util/rest/FileController.java
@@ -14,21 +14,20 @@ import java.io.*;
 @Slf4j
+@RestController
+@RequestMapping("/")
 public class FileController
 {
 	@Autowired
 	private FileService fileService;
-	@PostMapping(value = "${ibiz.uploadpath.path:ibizutil/upload}")
+	@PostMapping(value = "${ibiz.file.uploadpath:ibizutil/upload}")
 	public ResponseEntity<FileItem> upload(@RequestParam("file") MultipartFile multipartFile){
 		return ResponseEntity.ok().body(fileService.saveFile(multipartFile));
 	}
 	private final String defaultdownloadpath="ibizutil/download/{id}";
-	protected String getDefaultdownloadpath(){
-		return defaultdownloadpath;
-	}
 	@GetMapping(value = "${ibiz.file.downloadpath:"+defaultdownloadpath+"}")
 	@ResponseStatus(HttpStatus.OK)

--- a/ibzou-util/src/main/java/cn/ibizlab/util/security/AuthPermissionEvaluator.java
+++ b/ibzou-util/src/main/java/cn/ibizlab/util/security/AuthPermissionEvaluator.java
@@ -4,17 +4,28 @@ import com.alibaba.fastjson.JSONArray;
 import com.alibaba.fastjson.JSONObject;
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
+import com.mongodb.BasicDBList;
+import com.mongodb.BasicDBObject;
+import com.mongodb.QueryBuilder;
 import cn.ibizlab.util.annotation.DEField;
 import cn.ibizlab.util.domain.EntityBase;
 import cn.ibizlab.util.enums.DEPredefinedFieldType;
+import cn.ibizlab.util.filter.QueryBuildContext;
 import cn.ibizlab.util.filter.QueryWrapperContext;
 import cn.ibizlab.util.helper.DEFieldCacheMap;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.data.domain.PageImpl;
+import org.springframework.data.mongodb.core.MongoTemplate;
+import org.springframework.data.mongodb.core.query.BasicQuery;
+import org.springframework.data.mongodb.core.query.Query;
 import org.springframework.security.access.PermissionEvaluator;
 import org.springframework.security.core.Authentication;
 import org.springframework.stereotype.Component;
 import org.springframework.util.ObjectUtils;
 import org.springframework.util.StringUtils;
+import javax.annotation.Resource;
+import javax.swing.text.html.parser.Entity;
 import java.io.Serializable;
 import java.lang.reflect.Field;
 import java.util.ArrayList;
@@ -39,6 +50,13 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
     * 实体数据集操作标识
     */
    private String DataSetTag="DATASET";
+    /**
+     *实体主键标识
+     */
+    private String keyFieldTag="keyfield";
+    @Resource
+    private MongoTemplate mongoTemplate;
    /**
     * 表格权限检查 ：用于检查当前用户是否拥有表格数据的读取、删除权限
@@ -56,6 +74,7 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
            return true;
        String action = "";
+        String deStorageMode;
        if (deAction instanceof String)
            action = (String) deAction;
@@ -69,10 +88,11 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
            return false;
        List gridParamList = (ArrayList) gridParam;
-        if(action.equalsIgnoreCase("DELETE")){ //grid delete
+        if(action.equalsIgnoreCase("remove")){
            //准备参数
            Object srfKey =gridParamList.get(0);
            EntityBase entity = (EntityBase) gridParamList.get(1);
+            deStorageMode= (String) gridParamList.get(2);
            String entityName = entity.getClass().getSimpleName();
            //获取实体行为权限信息
@@ -82,61 +102,53 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
            if(!validDEActionHasPermission(permissionList,entityName,action)){
                return false;
            }
-            //检查是否有数据权限[单行删除]
+            //检查是否有数据权限
-            ServiceImpl service= SpringContextHolder.getBean(String.format("%s%s",entityName,"ServiceImpl"));//获取实体service对象
+            return deActionPermissionValidRouter(deStorageMode, entity , action , srfKey, permissionList);
-            Map<String,String> permissionField=getPermissionField(entity);//获取组织、部门预置属性
-            String permissionSQL=getPermissionSQLById(permissionList,entityName,action,srfKey,permissionField);//获取权限SQL
-            if(StringUtils.isEmpty(permissionSQL))
-                return false;
-            QueryWrapper permissionWrapper=getPermissionWrapper(permissionSQL);//构造权限条件
-            return testDataAccess(service,permissionWrapper);//执行权限检查
        }
-        else{   //grid fetch
+        else{
            //准备参数
            Object searchContext=gridParamList.get(0);
            String dataSetName=String.valueOf(gridParamList.get(1));
            EntityBase entity = (EntityBase) gridParamList.get(2);
+            deStorageMode= (String) gridParamList.get(3);
            String entityName = entity.getClass().getSimpleName();
            //获取数据集权限信息
            JSONObject permissionList=userPermission.getJSONObject("userPermissionList");
-            if(StringUtils.isEmpty(entityName)|| StringUtils.isEmpty(dataSetName)|| StringUtils.isEmpty(action))
+            if(StringUtils.isEmpty(entityName)|| StringUtils.isEmpty(dataSetName))
                return false;
            //检查是否有访问数据集的权限
            if(!validDataSetHasPermission(permissionList,entityName,dataSetName)){
                return false;
            }
+            //拼接权限条件
-            Map<String,String> permissionField=getPermissionField(entity);//获取组织、部门预置属性
+            deDataSetFillPermissionSQLRouter(deStorageMode, searchContext, entity , dataSetName , permissionList);
-            String permissionSQL=getPermissionSQLByList(permissionList,entityName,action,dataSetName,permissionField);//获取权限SQL
-            if(StringUtils.isEmpty(permissionSQL))
-                return false;
-            fillPermissionSQL(searchContext,permissionSQL);//将权限SQL添加到searchContext中，过滤出权限内数据
        }
            return true;
    }
    /**
     * 表单权限检查 ：用于检查当前用户是否拥有表单的新建、编辑、删除权限
     *
     * @param authentication
     * @param srfKey         当前操作数据的主键
     * @param action         当前操作行为：如：[READ、UPDATE、DELETE]
-     * @param cur_entity     当前操作的实体对象
+     * @param formParam      表单参数对象
     * @return true/false true则允许当前行为，false拒绝行为
     */
    @Override
-    public boolean hasPermission(Authentication authentication, Serializable srfKey, String action, Object cur_entity) {
+    public boolean hasPermission(Authentication authentication, Serializable srfKey, String action, Object formParam) {
        //未开启权限校验、超级管理员则不进行权限检查
        if(AuthenticationUser.getAuthenticationUser().getSuperuser()==1  || !enablePermissionValid)
            return true;
-        EntityBase entity = null;
+        List formParamList = (ArrayList) formParam;
-        if (cur_entity instanceof EntityBase)
+        EntityBase  entity = (EntityBase) formParamList.get(0);
-            entity = (EntityBase) cur_entity;
+        String deStorageMode= (String) formParamList.get(1);
        if (StringUtils.isEmpty(entity))
            return false;
@@ -145,7 +157,7 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
        JSONObject permissionList=userPermission.getJSONObject("userPermissionList");
        String entityName = entity.getClass().getSimpleName();
-        if(action.equalsIgnoreCase("CREATE")){
+        if(action.equalsIgnoreCase("create")){
            return validDEActionHasPermission(permissionList,entityName,action);
        }
        else{
@@ -158,13 +170,7 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
                return false;
            }
            //检查是否有数据权限
-            ServiceImpl service= SpringContextHolder.getBean(String.format("%s%s",entityName,"ServiceImpl"));
+            return deActionPermissionValidRouter(deStorageMode, entity , action , srfKey, permissionList);
-            Map<String,String> permissionField=getPermissionField(entity);//获取组织、部门预置属性
-            String permissionSQL=getPermissionSQLById(permissionList,entityName,action,srfKey,permissionField);//获取权限SQL
-            if(StringUtils.isEmpty(permissionSQL))
-                return false;
-            QueryWrapper permissionWrapper=getPermissionWrapper(permissionSQL);//构造权限条件
-            return testDataAccess(service,permissionWrapper);//执行权限检查
        }
    }
@@ -188,39 +194,6 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
        return false;
    }
-    /**
-     * 拼接表格查询条件
-     * @param gridDataAbility
-     * @param entityName
-     * @param action
-     * @param dataSetName
-     * @param permissionField
-     * @return
-     */
-    private String  getPermissionSQLByList(JSONObject gridDataAbility, String entityName, String action, String dataSetName, Map<String,String> permissionField){
-        JSONObject entity=gridDataAbility.getJSONObject(entityName);//获取实体
-        JSONObject permissionType=entity.getJSONObject(DataSetTag);
-        JSONArray dataRange=permissionType.getJSONArray(dataSetName);//获取实体数据集
-        if(dataRange.size()==0)
-            return null;
-        return getPermissionSQL(dataRange,permissionField); //拼接权限条件-查询
-    }
-    /**
-     * 填充权限SQL
-     * @param targetDomainObject
-     * @param permissionCond
-     */
-    private void fillPermissionSQL(Object targetDomainObject, String permissionCond){
-        if(targetDomainObject instanceof QueryWrapperContext){
-            QueryWrapperContext queryWrapperContext = (QueryWrapperContext) targetDomainObject;
-            QueryWrapper queryWrapper = queryWrapperContext.getSelectCond();
-            queryWrapper.apply(permissionCond);
-        }
-    }
    /**
     * 实体行为权限校验
     * @param userPermission
@@ -246,7 +219,6 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
        return hasPermission;
    }
    /**
     * 数据集合权限校验
     * @param userPermission
@@ -276,53 +248,244 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
    }
    /**
-     * 获取单条权限数据SQL
+     * 根据实体存储模式，进行鉴权
-     * @param formDataAbility
+     * @param deStorageMode
-     * @param entityName
+     * @param entity
     * @param action
     * @param srfKey
-     * @param permissionField
+     * @param permissionList
     * @return
     */
-    private String getPermissionSQLById(JSONObject formDataAbility, String entityName, String action, Object srfKey, Map<String,String> permissionField){
+    private boolean deActionPermissionValidRouter(String deStorageMode, EntityBase entity , String action , Object srfKey , JSONObject permissionList){
-        JSONObject entity=formDataAbility.getJSONObject(entityName);//获取实体
+        if(deStorageMode.equalsIgnoreCase("sql")){
-        JSONObject permissionType= entity.getJSONObject(DEActionType);
+            return sqlPermissionValid(entity , action , srfKey, permissionList);
+        }
+        else if(deStorageMode.equalsIgnoreCase("nosql")){
+            return noSqlPermissionValid(entity , action , srfKey, permissionList);
+        }
+        else if(deStorageMode.equalsIgnoreCase("serviceapi")){
+            return true;
+        }
+        else {
+            throw new RuntimeException(String.format("未能识别[%s]实体对应存储模式[%s]",entity.getClass().getSimpleName(),deStorageMode));
+        }
+    }
+    /**
+     * sql存储模式实体行为鉴权
+     * @param entity
+     * @param action
+     * @param srfKey
+     * @param permissionList
+     * @return
+     */
+    private boolean sqlPermissionValid(EntityBase entity , String action , Object srfKey, JSONObject permissionList){
+        String entityName=entity.getClass().getSimpleName();
+        ServiceImpl service= SpringContextHolder.getBean(String.format("%s%s",entityName,"ServiceImpl"));//获取实体service对象
+        Map<String,String> permissionField=getPermissionField(entity);//获取组织、部门预置属性
+        String keyField=permissionField.get(keyFieldTag);
+        if(StringUtils.isEmpty(keyField)){
+            throw new RuntimeException("权限校验失败，请检查当前实体中是否已经配置主键属性!");
+        }
+        //获取权限表达式[全部数据、本单位、本部门等]
+        JSONObject entityObj=permissionList.getJSONObject(entity.getClass().getSimpleName());//获取实体
+        JSONObject permissionType= entityObj.getJSONObject(DEActionType);
        JSONArray opprivList=permissionType.getJSONArray(action);//行为：read；insert...
        if(opprivList.size()==0)
-            return null;
+            return false;
-        String permissionSQL=getPermissionSQL(opprivList,permissionField);
+        //通过权限表达式来获取sql
+        String tempPermissionSQL=getPermissionSQL(entity,opprivList);
+        String permissionSQL= String.format(" (%s) AND (%s='%s')",tempPermissionSQL,keyField,srfKey); //拼接权限条件-编辑
+        //执行sql进行权限检查
+        QueryWrapper permissionWrapper=getPermissionWrapper(permissionSQL);//构造权限条件
+        List list=service.list(permissionWrapper);
+        if(list.size()>0){
+            return true;
+        }else{
+            return false;
+        }
-        String keyField=permissionField.get("keyfield");
+    }
+    /**
+     * NoSQL实体行为鉴权
+     * @param entity
+     * @param action
+     * @param srfKey
+     * @param permissionList
+     * @return
+     */
+    private boolean noSqlPermissionValid(EntityBase entity, String action, Object srfKey, JSONObject permissionList) {
+        Map<String,String> permissionField=getPermissionField(entity);//获取组织、部门预置属性
+        String keyField=permissionField.get(keyFieldTag);
        if(StringUtils.isEmpty(keyField)){
            throw new RuntimeException("权限校验失败，请检查当前实体中是否已经配置主键属性!");
        }
-        return String.format(" (%s) AND (%s='%s')",permissionSQL,keyField,srfKey); //拼接权限条件-编辑
+        //获取权限表达式[全部数据、本单位、本部门等]
+        JSONObject entityObj=permissionList.getJSONObject(entity.getClass().getSimpleName());//获取实体
+        JSONObject permissionType= entityObj.getJSONObject(DEActionType);
+        JSONArray dataRange=permissionType.getJSONArray(action);//行为：read；insert...
+        if(dataRange.size()==0)
+            return false;
+        //根据权限表达式填充权限条件
+        QueryBuilder permissionCond=new QueryBuilder();
+        fillNoSqlPermissionCond(dataRange,entity,permissionCond);
+        //权限条件拼接主键
+        permissionCond.and(keyField).is(srfKey);
+        //执行权限检查
+        Query query = new BasicQuery(permissionCond.get().toString());
+        List list=mongoTemplate.find(query,entity.getClass());
+        if(list.size()>0){
+            return true;
+        }
+        else{
+            return false;
+        }
    }
    /**
-     * 表单权限检查
+     * 根据实体存储类型，拼接权限条件
-     * @param service
+     * @param deStorageMode
-     * @param permissionCond
+     * @param searchContext
-     * @return
+     * @param entity
+     * @param dataSetName
+     * @param permissionList
+     */
+    private void deDataSetFillPermissionSQLRouter(String deStorageMode , Object searchContext, EntityBase entity ,String dataSetName ,JSONObject permissionList){
+        //检查是否有数据权限[单行删除]
+        if(deStorageMode.equalsIgnoreCase("sql")){
+            sqlPermissionBuilder(searchContext, entity , dataSetName, permissionList);
+        }
+        else if(deStorageMode.equalsIgnoreCase("nosql")){
+            noSqlPermissionBuilder(searchContext, entity , dataSetName, permissionList);
+        }
+        else if(deStorageMode.equalsIgnoreCase("serviceapi")){
+        }
+        else {
+            throw new RuntimeException(String.format("未能识别[%s]实体对应存储模式[%s]",entity.getClass().getSimpleName(),deStorageMode));
+        }
+    }
+    /**
+     * 为NoSQL存储模式的表格查询填充权限条件
+     * @param searchContext
+     * @param entity
+     * @param dataSetName
+     * @param permissionList
+     */
+    private void noSqlPermissionBuilder(Object searchContext, EntityBase entity, String dataSetName, JSONObject permissionList) {
+        if(searchContext instanceof QueryBuildContext){
+            //获取权限表达式[全部数据、本单位、本部门等]
+            String entityName=entity.getClass().getSimpleName();
+            JSONObject entityObj=permissionList.getJSONObject(entityName);
+            JSONObject permissionType=entityObj.getJSONObject(DataSetTag);
+            JSONArray dataRange=permissionType.getJSONArray(dataSetName);
+            if(dataRange.size()==0)
+                return ;
+            //根据权限表达式生成查询条件，并将查询条件设置到SearchContext中
+            fillNoSqlPermissionCond(dataRange,entity,((QueryBuildContext) searchContext).getSelectCond());
+        }
+    }
+    /**
+     * 为SQL存储模式的表格查询填充权限条件
+     * @param searchContext
+     * @param entity
+     * @param dataSetName
+     * @param permissionList
+     */
+    private void sqlPermissionBuilder(Object searchContext, EntityBase entity, String dataSetName, JSONObject permissionList){
+        //获取权限表达式[全部数据、本单位、本部门等]
+        String entityName=entity.getClass().getSimpleName();
+        JSONObject entityObj=permissionList.getJSONObject(entityName);//获取实体
+        JSONObject permissionType=entityObj.getJSONObject(DataSetTag);
+        JSONArray dataRange=permissionType.getJSONArray(dataSetName);//获取实体数据集
+        if(dataRange.size()==0)
+            return ;
+        //根据权限条件获取SQL
+        String permissionSQL=getPermissionSQL(entity,dataRange);
+        //将SQL拼接到SearchContext中
+        if(searchContext instanceof QueryWrapperContext){
+            QueryWrapperContext queryWrapperContext = (QueryWrapperContext) searchContext;
+            QueryWrapper queryWrapper = queryWrapperContext.getSelectCond();
+            queryWrapper.apply(permissionSQL);
+        }
+    }
+    /**
+     * 为NoSQL存储模式的表格查询填充权限条件
+     * @param oppriList
+     * @param entity
+     * @param permissionSQL
     */
-    private boolean testDataAccess(ServiceImpl service, QueryWrapper permissionCond){
+    private void fillNoSqlPermissionCond(JSONArray oppriList, EntityBase entity, QueryBuilder permissionSQL){
+        Map<String,String> permissionField=getPermissionField(entity);//获取组织、部门预置属性
+        String orgField=permissionField.get("orgfield");
+        String orgDeptField=permissionField.get("orgsecfield");
+        String createManField=permissionField.get("createmanfield");
+        AuthenticationUser authenticationUser = AuthenticationUser.getAuthenticationUser();
+        JSONObject userInfo = authenticationUser.getOrgInfo();
+        JSONObject orgObject = userInfo.getJSONObject("org");
+        JSONArray orgParent = orgObject.getJSONArray("porg");
+        JSONArray orgChild = orgObject.getJSONArray("sorg");
+        JSONObject orgDeptObject = userInfo.getJSONObject("orgdept");
+        JSONArray orgDeptParent = orgDeptObject.getJSONArray("porgdept");
+        JSONArray orgDeptChild = orgDeptObject.getJSONArray("sorgdept");
-        boolean isPermission=false;
+        for(int i=0;i<oppriList.size();i++){
-         List list=service.list(permissionCond);
+            String permissionCond=oppriList.getString(i);//权限配置条件
-         if(list.size()>0)
+            if(permissionCond.equals("CURORG")){   //本单位
-             isPermission=true;
+                permissionSQL.or(new QueryBuilder().and(orgField).is(AuthenticationUser.getAuthenticationUser().getOrgid()).get());
-        return isPermission;
+            }
+            else if(permissionCond.equals("PORG")){//上级单位
+                permissionSQL.or(new QueryBuilder().and(orgField).in(formatStringArr(orgParent)).get());
+            }
+            else if(permissionCond.equals("SORG")){//下级单位
+                permissionSQL.or(new QueryBuilder().and(orgField).in(formatStringArr(orgChild)).get());
+            }
+            else if(permissionCond.equals("CREATEMAN")){//建立人
+                permissionSQL.or(new QueryBuilder().and(createManField).is(AuthenticationUser.getAuthenticationUser().getUserid()).get());
+            }
+            else if(permissionCond.equals("CURORGDEPT")){//本部门
+                permissionSQL.or(new QueryBuilder().and(orgDeptField).is(AuthenticationUser.getAuthenticationUser().getMdeptid()).get());
+            }
+            else if(permissionCond.equals("PORGDEPT")){//上级部门
+                permissionSQL.or(new QueryBuilder().and(orgDeptField).in(formatStringArr(orgDeptParent)).get());
+            }
+            else if(permissionCond.equals("SORGDEPT")){//下级部门
+                permissionSQL.or(new QueryBuilder().and(orgDeptField).in(formatStringArr(orgDeptChild)).get());
+            }
+            else if(permissionCond.equals("ALL")){
+                permissionSQL.or(new QueryBuilder().get());
+            }
+        }
    }
    /**
-     * 获取权限SQL
+     * SQL获取权限条件
+     * @param entity
     * @param oppriList
-     * @param permissionField
     * @return
     */
-    private String  getPermissionSQL(JSONArray oppriList, Map<String,String> permissionField){
+    private String  getPermissionSQL(EntityBase entity, JSONArray oppriList){
+        Map<String,String> permissionField=getPermissionField(entity);//获取组织、部门预置属性
        String nPermissionSQL = "1<>1";
        String orgField=permissionField.get("orgfield");
        String orgDeptField=permissionField.get("orgsecfield");

--- a/ibzou-util/src/main/java/cn/ibizlab/util/service/SimpleFileService.java
+++ b/ibzou-util/src/main/java/cn/ibizlab/util/service/SimpleFileService.java
@@ -3,6 +3,7 @@ package cn.ibizlab.util.service;
 import cn.ibizlab.util.domain.FileItem;
 import cn.ibizlab.util.errors.InternalServerErrorException;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.codec.digest.DigestUtils;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Primary;
 import org.springframework.stereotype.Service;
@@ -11,7 +12,6 @@ import org.springframework.web.multipart.MultipartFile;
 import java.io.File;
 import java.io.IOException;
 import java.nio.file.Files;
-import java.util.UUID;
 @Primary
 @Slf4j
@@ -21,26 +21,22 @@ public class SimpleFileService implements FileService {
    @Value("${ibiz.filePath:/app/file/}")
    private String fileRoot;
    @Override
    public FileItem saveFile(MultipartFile multipartFile) {
        FileItem item=null;
        // 获取文件名
        String fileName = multipartFile.getOriginalFilename();
        // 获取文件后缀
        String extname="."+getExtensionName(fileName);
-        // 用uuid作为文件名，防止生成的临时文件重复
+        try {
-        String fileid= UUID.randomUUID().toString();
+            String fileid= DigestUtils.md5Hex(multipartFile.getInputStream());
-        String fileFullPath = this.fileRoot+"ibztuit"+File.separator+fileid+File.separator+fileName;
+            String fileFullPath = this.fileRoot+"ibizutil"+File.separator+fileid+File.separator+fileName;
            File file = new File(fileFullPath);
            File parent = new File(file.getParent());
            if(!parent.exists())
                parent.mkdirs();
-        try {
+            FileCopyUtils.copy(multipartFile.getInputStream(),Files.newOutputStream(file.toPath()));
-            FileCopyUtils.copy(multipartFile.getInputStream() , Files.newOutputStream(file.toPath()));
+            item=new FileItem(fileid,fileName,fileid,fileName,(int)multipartFile.getSize(),extname);
-            item=new FileItem(fileid,fileName, (int)multipartFile.getSize() ,extname);
        } catch (IOException e) {
            throw new InternalServerErrorException("文件上传失败");
        }
@@ -49,7 +45,7 @@ public class SimpleFileService implements FileService {
    @Override
    public File getFile(String fileid) {
-        String dirpath = this.fileRoot+"ibztuit"+File.separator+fileid;
+        String dirpath = this.fileRoot+"ibizutil"+File.separator+fileid;
        File parent = new File(dirpath);
        if (parent.exists() && parent.isDirectory() && parent.listFiles().length > 0) {
            return parent.listFiles()[0];