ibizdev提交

d5369b34 · ibizdev · 25edf511 · d5369b34 · d5369b34 · d5369b34
--- a/config.xml
+++ b/config.xml
@@ -37,11 +37,11 @@
 	  git clone -b master $para2 ibzou/
      export NODE_OPTIONS=--max-old-space-size=4096
      cd ibzou/
-      mvn clean package -Pweb
-      cd ibzou-app/ibzou-app-web
-      mvn -Pweb docker:build
-      mvn -Pweb docker:push
-      docker -H $para1 stack deploy --compose-file=src/main/docker/ibzou-app-web.yaml ibzlab-rt --with-registry-auth
+      mvn clean package -Papi
+      cd ibzou-provider/ibzou-provider-api
+      mvn -Papi docker:build
+      mvn -Papi docker:push
+      docker -H $para1 stack deploy --compose-file=src/main/docker/ibzou-provider-api.yaml ibzlab-rt --with-registry-auth      
      </command>
    </hudson.tasks.Shell>
  </builders>

--- a/ibzou-app/ibzou-app-web/src/main/docker/Dockerfile
+++ b/ibzou-app/ibzou-app-web/src/main/docker/Dockerfile
@@ -9,6 +9,6 @@ CMD echo "The application will start in ${IBZ_SLEEP}s..." && \
    sleep ${IBZ_SLEEP} && \
    java ${JAVA_OPTS} -Djava.security.egd=file:/dev/./urandom -jar /ibzou-app-web.jar

-EXPOSE 30001
+EXPOSE 8080

 ADD ibzou-app-web.jar /ibzou-app-web.jar
--- a/ibzou-app/ibzou-app-web/src/main/docker/ibzou-app-web.yaml
+++ b/ibzou-app/ibzou-app-web/src/main/docker/ibzou-app-web.yaml
@@ -3,11 +3,9 @@ services:
  ibzou-app-web:
    image: registry.cn-shanghai.aliyuncs.com/ibizsys/ibzou-app-web:latest
    ports:
-      - "30001:30001"
+      - "8080:8080"
    networks:
      - agent_network
-    environment:
-      SPRING_CLOUD_NACOS_DISCOVERY_IP: 172.16.180.237
    deploy:
      mode: replicated
      replicas: 1

--- a/ibzou-app/ibzou-app-web/src/main/java/cn/ibizlab/web/config/webSecurityConfig.java
+++ b/ibzou-app/ibzou-app-web/src/main/java/cn/ibizlab/web/config/webSecurityConfig.java
@@ -31,7 +31,6 @@ public class webSecurityConfig extends WebSecurityConfigurerAdapter {
    private AuthenticationEntryPoint unauthorizedHandler;

    @Autowired
-    @Qualifier("IBZUAAUserService")
    private AuthenticationUserService userDetailsService;

    /**

--- a/ibzou-app/ibzou-app-web/src/main/java/cn/ibizlab/web/webApplication.java
+++ b/ibzou-app/ibzou-app-web/src/main/java/cn/ibizlab/web/webApplication.java
@@ -27,6 +27,7 @@ import java.util.List;
 @MapperScan("cn.ibizlab.*.mapper")
 @SpringBootApplication(exclude = {
        org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration.class,
+            org.springframework.boot.autoconfigure.mongo.MongoAutoConfiguration.class,
 })
 public class webApplication extends WebMvcConfigurerAdapter{


--- a/ibzou-app/ibzou-app-web/src/main/resources/application-web-dev.yml
+++ b/ibzou-app/ibzou-app-web/src/main/resources/application-web-dev.yml
 server:
-  port: 30001
\ No newline at end of file
+  port: 8080
\ No newline at end of file
--- a/ibzou-app/ibzou-app-web/src/main/resources/application-web-prod.yml
+++ b/ibzou-app/ibzou-app-web/src/main/resources/application-web-prod.yml
 server:
-  port: 30001
+  port: 8080

 #zuul网关路由设置
 zuul:
@@ -16,9 +16,9 @@ zuul:
      path: /ibzorganizations/**
      serviceId: ibzou-api
      stripPrefix: false
-    wfcore:
-      path: /wfcore/**
-      serviceId: ibzwf-api
-      stripPrefix: true
+    loginv7:
+      path: /v7/login
+      serviceId: ibzuaa-api
+      stripPrefix: false
  sensitive-headers:
    - Cookie,Set-Cookie,Authorization
--- a/ibzou-boot/src/main/java/cn/ibizlab/DevBootApplication.java
+++ b/ibzou-boot/src/main/java/cn/ibizlab/DevBootApplication.java
@@ -15,8 +15,10 @@ import java.util.List;
 @EnableDiscoveryClient
 @Configuration
 @EnableTransactionManagement
-@SpringBootApplication
 @EnableFeignClients(basePackages = {"cn.ibizlab" })
+@SpringBootApplication(exclude = {
+            org.springframework.boot.autoconfigure.mongo.MongoAutoConfiguration.class,
+})
 public class DevBootApplication extends WebMvcConfigurerAdapter{

    public static void main(String[] args) {

--- a/ibzou-boot/src/main/resources/application-dev.yml
+++ b/ibzou-boot/src/main/resources/application-dev.yml
 server:
-  port: 8080
+  port: 40001

+
+
+#zuul网关路由设置
+zuul:
+  routes:
+      loginv7:
+        path: /v7/login
+        serviceId: ibzuaa-api
+        stripPrefix: false
+  sensitive-headers:
+    - Cookie,Set-Cookie,Authorization
--- a/ibzou-core/src/main/resources/deprivs/DEPrivs.json
+++ b/ibzou-core/src/main/resources/deprivs/DEPrivs.json
@@ -3,27 +3,6 @@
           ],
    "predefineddatarange":[{"id":"ALL","name":"全部数据"},{"id":"CURORG","name":"当前单位"},{"id":"PORG","name":"上级单位"},{"id":"SORG","name":"下级单位"},{"id":"CURORGDEPT","name":"当前部门"},{"id":"PORGDEPT","name":"上级部门"},{"id":"SORGDEPT","name":"下级部门"}],
    "entities":[
-    {
-    "dename":"IBZDepartment",
-    "delogicname":"部门",
-    "sysmoudle":{"id":"OU","name":"ou"},
-    "dedataset":[{"id":"CurDept" , "name":"CurDept"},{"id":"Default" , "name":"DEFAULT"}],
-    "deaction":[{"id":"Create" , "name":"Create" , "type":"BUILTIN" },{"id":"Get" , "name":"Get" , "type":"BUILTIN" },{"id":"Save" , "name":"Save" , "type":"BUILTIN" },{"id":"CheckKey" , "name":"CheckKey" , "type":"BUILTIN" },{"id":"GetDraft" , "name":"GetDraft" , "type":"BUILTIN" },{"id":"Remove" , "name":"Remove" , "type":"BUILTIN" },{"id":"Update" , "name":"Update" , "type":"BUILTIN" }]
-     }
-    ,    {
-    "dename":"IBZEmployee",
-    "delogicname":"人员",
-    "sysmoudle":{"id":"OU","name":"ou"},
-    "dedataset":[{"id":"Default" , "name":"DEFAULT"}],
-    "deaction":[{"id":"Remove" , "name":"Remove" , "type":"BUILTIN" },{"id":"InitPwd" , "name":"初始化密码" , "type":"USERCUSTOM" },{"id":"Create" , "name":"Create" , "type":"BUILTIN" },{"id":"CheckKey" , "name":"CheckKey" , "type":"BUILTIN" },{"id":"Update" , "name":"Update" , "type":"BUILTIN" },{"id":"Save" , "name":"Save" , "type":"BUILTIN" },{"id":"Get" , "name":"Get" , "type":"BUILTIN" },{"id":"GetDraft" , "name":"GetDraft" , "type":"BUILTIN" }]
-     }
-    ,    {
-    "dename":"IBZOrganization",
-    "delogicname":"单位机构",
-    "sysmoudle":{"id":"OU","name":"ou"},
-    "dedataset":[{"id":"SelectSOrg" , "name":"查询下级单位"},{"id":"SelectPOrg" , "name":"查询上级单位"},{"id":"Default" , "name":"DEFAULT"}],
-    "deaction":[{"id":"CheckKey" , "name":"CheckKey" , "type":"BUILTIN" },{"id":"Update" , "name":"Update" , "type":"BUILTIN" },{"id":"Create" , "name":"Create" , "type":"BUILTIN" },{"id":"Save" , "name":"Save" , "type":"BUILTIN" },{"id":"Remove" , "name":"Remove" , "type":"BUILTIN" },{"id":"Get" , "name":"Get" , "type":"BUILTIN" },{"id":"GetDraft" , "name":"GetDraft" , "type":"BUILTIN" }]
-     }
    ]

    }
--- a/ibzou-provider/ibzou-provider-api/src/main/docker/Dockerfile
+++ b/ibzou-provider/ibzou-provider-api/src/main/docker/Dockerfile
@@ -9,6 +9,6 @@ CMD echo "The application will start in ${IBZ_SLEEP}s..." && \
    sleep ${IBZ_SLEEP} && \
    java ${JAVA_OPTS} -Djava.security.egd=file:/dev/./urandom -jar /ibzou-provider-api.jar

-EXPOSE 8081
+EXPOSE 40001

 ADD ibzou-provider-api.jar /ibzou-provider-api.jar
--- a/ibzou-provider/ibzou-provider-api/src/main/docker/ibzou-provider-api.yaml
+++ b/ibzou-provider/ibzou-provider-api/src/main/docker/ibzou-provider-api.yaml
@@ -3,9 +3,11 @@ services:
  ibzou-provider-api:
    image: registry.cn-shanghai.aliyuncs.com/ibizsys/ibzou-provider-api:latest
    ports:
-      - "8081:8081"
+      - "40001:40001"
    networks:
      - agent_network
+    environment:
+      SPRING_CLOUD_NACOS_DISCOVERY_IP: 172.16.180.237
    deploy:
      mode: replicated
      replicas: 1

--- a/ibzou-provider/ibzou-provider-api/src/main/java/cn/ibizlab/api/config/apiSecurityConfig.java
+++ b/ibzou-provider/ibzou-provider-api/src/main/java/cn/ibizlab/api/config/apiSecurityConfig.java
@@ -31,7 +31,6 @@ public class apiSecurityConfig extends WebSecurityConfigurerAdapter {
    private AuthenticationEntryPoint unauthorizedHandler;

    @Autowired
-    @Qualifier("IBZUAAUserService")
    private AuthenticationUserService userDetailsService;

    /**

--- a/ibzou-provider/ibzou-provider-api/src/main/java/cn/ibizlab/api/ibzouapiApplication.java
+++ b/ibzou-provider/ibzou-provider-api/src/main/java/cn/ibizlab/api/ibzouapiApplication.java
@@ -23,6 +23,7 @@ import java.util.List;
 @MapperScan("cn.ibizlab.*.mapper")
 @SpringBootApplication(exclude = {
        org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration.class,
+            org.springframework.boot.autoconfigure.mongo.MongoAutoConfiguration.class,
 })
 @EnableFeignClients(basePackages = {"cn.ibizlab" })
 public class ibzouapiApplication extends WebMvcConfigurerAdapter{

--- a/ibzou-provider/ibzou-provider-api/src/main/resources/application-api-dev.yml
+++ b/ibzou-provider/ibzou-provider-api/src/main/resources/application-api-dev.yml
 server:
-  port: 8081
\ No newline at end of file
+  port: 40001
\ No newline at end of file
--- a/ibzou-provider/ibzou-provider-api/src/main/resources/application-api-prod.yml
+++ b/ibzou-provider/ibzou-provider-api/src/main/resources/application-api-prod.yml
 server:
-  port: 8081
+  port: 40001
--- a/ibzou-util/src/main/java/cn/ibizlab/util/job/PermissionSyncJob.java
+++ b/ibzou-util/src/main/java/cn/ibizlab/util/job/PermissionSyncJob.java
@@ -32,7 +32,7 @@ public class PermissionSyncJob implements ApplicationRunner {
    @Value("${ibiz.enablePermissionValid:false}")
    boolean enablePermissionValid;  //是否开启权限校验

-    @Value("${ibiz.systemid:110B1A3E-4944-47C8-B4C4-EC15FB8982F3}")
+    @Value("${ibiz.systemid:ibzou}")
    private String systemId;

    @Override

--- a/ibzou-util/src/main/java/cn/ibizlab/util/rest/AuthenticationController.java
+++ b/ibzou-util/src/main/java/cn/ibizlab/util/rest/AuthenticationController.java
@@ -15,9 +15,11 @@ import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;

 @RestController
 @RequestMapping("/")
+@ConditionalOnProperty( name = "ibiz.enablePermissionValid", havingValue = "false")
 public class AuthenticationController
 {

@@ -28,7 +30,6 @@ public class AuthenticationController
    private AuthTokenUtil jwtTokenUtil;

    @Autowired
-    @Qualifier("IBZUAAUserService")
    private AuthenticationUserService userDetailsService;

    @PostMapping(value = "${ibiz.auth.path:v7/login}")

--- a/ibzou-util/src/main/java/cn/ibizlab/util/security/AuthPermissionEvaluator.java
+++ b/ibzou-util/src/main/java/cn/ibizlab/util/security/AuthPermissionEvaluator.java
@@ -12,6 +12,7 @@ import cn.ibizlab.util.filter.QueryBuildContext;
 import cn.ibizlab.util.filter.QueryWrapperContext;
 import cn.ibizlab.util.helper.DEFieldCacheMap;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Lazy;
 import org.springframework.data.mongodb.core.MongoTemplate;
 import org.springframework.data.mongodb.core.query.BasicQuery;
 import org.springframework.data.mongodb.core.query.Query;
@@ -48,6 +49,7 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
    private String keyFieldTag="keyfield";

    @Resource
+    @Lazy
    private MongoTemplate mongoTemplate;

    /**
@@ -115,8 +117,6 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
            if(!validDataSetHasPermission(permissionList,entityName,dataSetName)){
                return false;
            }
-            //拼接权限条件
-            deDataSetFillPermissionSQLRouter(deStorageMode, searchContext, entity , dataSetName , permissionList);
        }
                return true;
    }
@@ -344,80 +344,6 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
        }
    }

-    /**
-     * 根据实体存储类型，拼接权限条件
-     * @param deStorageMode
-     * @param searchContext
-     * @param entity
-     * @param dataSetName
-     * @param permissionList
-     */
-    private void deDataSetFillPermissionSQLRouter(String deStorageMode , Object searchContext, EntityBase entity ,String dataSetName ,JSONObject permissionList){
-
-        //检查是否有数据权限[单行删除]
-        if(deStorageMode.equalsIgnoreCase("sql")){
-            sqlPermissionBuilder(searchContext, entity , dataSetName, permissionList);
-        }
-        else if(deStorageMode.equalsIgnoreCase("nosql")){
-            noSqlPermissionBuilder(searchContext, entity , dataSetName, permissionList);
-        }
-        else if(deStorageMode.equalsIgnoreCase("serviceapi")){
-        }
-        else {
-            throw new RuntimeException(String.format("未能识别[%s]实体对应存储模式[%s]",entity.getClass().getSimpleName(),deStorageMode));
-        }
-    }
-
-    /**
-     * 为NoSQL存储模式的表格查询填充权限条件
-     * @param searchContext
-     * @param entity
-     * @param dataSetName
-     * @param permissionList
-     */
-    private void noSqlPermissionBuilder(Object searchContext, EntityBase entity, String dataSetName, JSONObject permissionList) {
-
-        if(searchContext instanceof QueryBuildContext){
-            //获取权限表达式[全部数据、本单位、本部门等]
-            String entityName=entity.getClass().getSimpleName();
-            JSONObject entityObj=permissionList.getJSONObject(entityName);
-            JSONObject permissionType=entityObj.getJSONObject(DataSetTag);
-            JSONArray dataRange=permissionType.getJSONArray(dataSetName);
-            if(dataRange.size()==0)
-                return ;
-            //根据权限表达式生成查询条件，并将查询条件设置到SearchContext中
-            fillNoSqlPermissionCond(dataRange,entity,((QueryBuildContext) searchContext).getSelectCond());
-        }
-    }
-
-
-    /**
-     * 为SQL存储模式的表格查询填充权限条件
-     * @param searchContext
-     * @param entity
-     * @param dataSetName
-     * @param permissionList
-     */
-    private void sqlPermissionBuilder(Object searchContext, EntityBase entity, String dataSetName, JSONObject permissionList){
-
-        //获取权限表达式[全部数据、本单位、本部门等]
-        String entityName=entity.getClass().getSimpleName();
-        JSONObject entityObj=permissionList.getJSONObject(entityName);//获取实体
-        JSONObject permissionType=entityObj.getJSONObject(DataSetTag);
-        JSONArray dataRange=permissionType.getJSONArray(dataSetName);//获取实体数据集
-        if(dataRange.size()==0)
-            return ;
-        //根据权限条件获取SQL
-        String permissionSQL=getPermissionSQL(entity,dataRange);
-        //将SQL拼接到SearchContext中
-        if(searchContext instanceof QueryWrapperContext){
-            QueryWrapperContext queryWrapperContext = (QueryWrapperContext) searchContext;
-            QueryWrapper queryWrapper = queryWrapperContext.getSelectCond();
-            queryWrapper.apply(permissionSQL);
-        }
-    }
-
-

    /**
     * 为NoSQL存储模式的表格查询填充权限条件

--- a/ibzou-util/src/main/java/cn/ibizlab/util/security/AuthorizationTokenFilter.java
+++ b/ibzou-util/src/main/java/cn/ibizlab/util/security/AuthorizationTokenFilter.java
@@ -27,7 +27,7 @@ public class AuthorizationTokenFilter extends OncePerRequestFilter {
    private final AuthTokenUtil authTokenUtil;
    private final String tokenHeader;

-    public AuthorizationTokenFilter(@Qualifier("IBZUAAUserService") AuthenticationUserService userDetailsService, AuthTokenUtil authTokenUtil, @Value("${ibiz.jwt.header:Authorization}") String tokenHeader) {
+    public AuthorizationTokenFilter(AuthenticationUserService userDetailsService, AuthTokenUtil authTokenUtil, @Value("${ibiz.jwt.header:Authorization}") String tokenHeader) {
        this.userDetailsService = userDetailsService;
        this.authTokenUtil = authTokenUtil;
        this.tokenHeader = tokenHeader;

--- a/ibzou-util/src/main/java/cn/ibizlab/util/service/IBZUAAUserService.java
+++ b/ibzou-util/src/main/java/cn/ibizlab/util/service/IBZUAAUserService.java
@@ -12,11 +12,13 @@ import org.springframework.context.annotation.Primary;
 import org.springframework.stereotype.Service;
 import org.springframework.util.DigestUtils;
 import org.springframework.util.StringUtils;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;

 /**
 * 实体[IBZUSER] 服务对象接口实现
 */
 @Service("IBZUAAUserService")
+@ConditionalOnExpression("${ibiz.enablePermissionValid:false}||'${ibiz.auth.service:SimpleUserService}'.equals('IBZUAAUserService')")
 public class IBZUAAUserService implements AuthenticationUserService{

 	@Autowired

--- a/ibzou-util/src/main/java/cn/ibizlab/util/service/IBZUSERServiceImpl.java
+++ b/ibzou-util/src/main/java/cn/ibizlab/util/service/IBZUSERServiceImpl.java
@@ -13,11 +13,13 @@ import cn.ibizlab.util.mapper.IBZUSERMapper;
 import cn.ibizlab.util.domain.IBZUSER;
 import org.springframework.util.DigestUtils;
 import org.springframework.util.StringUtils;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;

 /**
 * 实体[IBZUSER] 服务对象接口实现
 */
 @Service("IBZUSERService")
+@ConditionalOnExpression("(!${ibiz.enablePermissionValid:false})&&'${ibiz.auth.service:SimpleUserService}'.equals('IBZUSERService')")
 public class IBZUSERServiceImpl extends ServiceImpl<IBZUSERMapper, IBZUSER> implements IBZUSERService,AuthenticationUserService{

 	@Value("${ibiz.auth.pwencrymode:0}")

--- a/ibzou-util/src/main/java/cn/ibizlab/util/service/SimpleUserService.java
+++ b/ibzou-util/src/main/java/cn/ibizlab/util/service/SimpleUserService.java
@@ -11,12 +11,14 @@ import org.springframework.util.StringUtils;
 import com.alibaba.fastjson.JSONObject;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;

 /**
 * 实体[IBZUSER] 服务对象接口实现
 */
 @Primary
 @Service("SimpleUserService")
+@ConditionalOnExpression("(!${ibiz.enablePermissionValid:false})&&'${ibiz.auth.service:SimpleUserService}'.equals('SimpleUserService')")
 public class SimpleUserService implements AuthenticationUserService{

 	@Override