ibizdev提交

config.xml

@@ -37,11 +37,11 @@
 	  git clone -b master $para2 ibzou/
       export NODE_OPTIONS=--max-old-space-size=4096
       cd ibzou/
-      mvn clean package -Pweb
-      cd ibzou-app/ibzou-app-web
-      mvn -Pweb docker:build
-      mvn -Pweb docker:push
-      docker -H $para1 stack deploy --compose-file=src/main/docker/ibzou-app-web.yaml ibzlab-rt --with-registry-auth
+      mvn clean package -Papi
+      cd ibzou-provider/ibzou-provider-api
+      mvn -Papi docker:build
+      mvn -Papi docker:push
+      docker -H $para1 stack deploy --compose-file=src/main/docker/ibzou-provider-api.yaml ibzlab-rt --with-registry-auth      
       </command>
     </hudson.tasks.Shell>
   </builders>

ibzou-app/ibzou-app-web/src/main/docker/Dockerfile

@@ -9,6 +9,6 @@ CMD echo "The application will start in ${IBZ_SLEEP}s..." && \
     sleep ${IBZ_SLEEP} && \
     java ${JAVA_OPTS} -Djava.security.egd=file:/dev/./urandom -jar /ibzou-app-web.jar
 
-EXPOSE 30001
+EXPOSE 8080
 
 ADD ibzou-app-web.jar /ibzou-app-web.jar

ibzou-app/ibzou-app-web/src/main/docker/ibzou-app-web.yaml

@@ -3,11 +3,9 @@ services:
   ibzou-app-web:
     image: registry.cn-shanghai.aliyuncs.com/ibizsys/ibzou-app-web:latest
     ports:
-      - "30001:30001"
+      - "8080:8080"
     networks:
       - agent_network
-    environment:
-      SPRING_CLOUD_NACOS_DISCOVERY_IP: 172.16.180.237
     deploy:
       mode: replicated
       replicas: 1

ibzou-app/ibzou-app-web/src/main/java/cn/ibizlab/web/config/webSecurityConfig.java

@@ -31,7 +31,6 @@ public class webSecurityConfig extends WebSecurityConfigurerAdapter {
     private AuthenticationEntryPoint unauthorizedHandler;
 
     @Autowired
-    @Qualifier("IBZUAAUserService")
     private AuthenticationUserService userDetailsService;
 
     /**

ibzou-app/ibzou-app-web/src/main/java/cn/ibizlab/web/webApplication.java

@@ -27,6 +27,7 @@ import java.util.List;
 @MapperScan("cn.ibizlab.*.mapper")
 @SpringBootApplication(exclude = {
         org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration.class,
+            org.springframework.boot.autoconfigure.mongo.MongoAutoConfiguration.class,
 })
 public class webApplication extends WebMvcConfigurerAdapter{
 

ibzou-app/ibzou-app-web/src/main/resources/application-web-dev.yml

 server:
-  port: 30001
+  port: 8080
\ No newline at end of file

ibzou-app/ibzou-app-web/src/main/resources/application-web-prod.yml

 server:
-  port: 30001
+  port: 8080
 
 #zuul网关路由设置
 zuul:
@@ -16,9 +16,9 @@ zuul:
       path: /ibzorganizations/**
       serviceId: ibzou-api
       stripPrefix: false
-    wfcore:
-      path: /wfcore/**
-      serviceId: ibzwf-api
-      stripPrefix: true
+    loginv7:
+      path: /v7/login
+      serviceId: ibzuaa-api
+      stripPrefix: false
   sensitive-headers:
     - Cookie,Set-Cookie,Authorization

ibzou-boot/src/main/java/cn/ibizlab/DevBootApplication.java

@@ -15,8 +15,10 @@ import java.util.List;
 @EnableDiscoveryClient
 @Configuration
 @EnableTransactionManagement
-@SpringBootApplication
 @EnableFeignClients(basePackages = {"cn.ibizlab" })
+@SpringBootApplication(exclude = {
+            org.springframework.boot.autoconfigure.mongo.MongoAutoConfiguration.class,
+})
 public class DevBootApplication extends WebMvcConfigurerAdapter{
 
     public static void main(String[] args) {

ibzou-boot/src/main/resources/application-dev.yml

 server:
-  port: 8080
+  port: 40001
 
+
+
+#zuul网关路由设置
+zuul:
+  routes:
+      loginv7:
+        path: /v7/login
+        serviceId: ibzuaa-api
+        stripPrefix: false
+  sensitive-headers:
+    - Cookie,Set-Cookie,Authorization

ibzou-core/src/main/resources/deprivs/DEPrivs.json

@@ -3,27 +3,6 @@
            ],
     "predefineddatarange":[{"id":"ALL","name":"全部数据"},{"id":"CURORG","name":"当前单位"},{"id":"PORG","name":"上级单位"},{"id":"SORG","name":"下级单位"},{"id":"CURORGDEPT","name":"当前部门"},{"id":"PORGDEPT","name":"上级部门"},{"id":"SORGDEPT","name":"下级部门"}],
     "entities":[
-    {
-    "dename":"IBZDepartment",
-    "delogicname":"部门",
-    "sysmoudle":{"id":"OU","name":"ou"},
-    "dedataset":[{"id":"CurDept" , "name":"CurDept"},{"id":"Default" , "name":"DEFAULT"}],
-    "deaction":[{"id":"Create" , "name":"Create" , "type":"BUILTIN" },{"id":"Get" , "name":"Get" , "type":"BUILTIN" },{"id":"Save" , "name":"Save" , "type":"BUILTIN" },{"id":"CheckKey" , "name":"CheckKey" , "type":"BUILTIN" },{"id":"GetDraft" , "name":"GetDraft" , "type":"BUILTIN" },{"id":"Remove" , "name":"Remove" , "type":"BUILTIN" },{"id":"Update" , "name":"Update" , "type":"BUILTIN" }]
-     }
-    ,    {
-    "dename":"IBZEmployee",
-    "delogicname":"人员",
-    "sysmoudle":{"id":"OU","name":"ou"},
-    "dedataset":[{"id":"Default" , "name":"DEFAULT"}],
-    "deaction":[{"id":"Remove" , "name":"Remove" , "type":"BUILTIN" },{"id":"InitPwd" , "name":"初始化密码" , "type":"USERCUSTOM" },{"id":"Create" , "name":"Create" , "type":"BUILTIN" },{"id":"CheckKey" , "name":"CheckKey" , "type":"BUILTIN" },{"id":"Update" , "name":"Update" , "type":"BUILTIN" },{"id":"Save" , "name":"Save" , "type":"BUILTIN" },{"id":"Get" , "name":"Get" , "type":"BUILTIN" },{"id":"GetDraft" , "name":"GetDraft" , "type":"BUILTIN" }]
-     }
-    ,    {
-    "dename":"IBZOrganization",
-    "delogicname":"单位机构",
-    "sysmoudle":{"id":"OU","name":"ou"},
-    "dedataset":[{"id":"SelectSOrg" , "name":"查询下级单位"},{"id":"SelectPOrg" , "name":"查询上级单位"},{"id":"Default" , "name":"DEFAULT"}],
-    "deaction":[{"id":"CheckKey" , "name":"CheckKey" , "type":"BUILTIN" },{"id":"Update" , "name":"Update" , "type":"BUILTIN" },{"id":"Create" , "name":"Create" , "type":"BUILTIN" },{"id":"Save" , "name":"Save" , "type":"BUILTIN" },{"id":"Remove" , "name":"Remove" , "type":"BUILTIN" },{"id":"Get" , "name":"Get" , "type":"BUILTIN" },{"id":"GetDraft" , "name":"GetDraft" , "type":"BUILTIN" }]
-     }
     ]
 
     }

ibzou-provider/ibzou-provider-api/src/main/docker/Dockerfile

@@ -9,6 +9,6 @@ CMD echo "The application will start in ${IBZ_SLEEP}s..." && \
     sleep ${IBZ_SLEEP} && \
     java ${JAVA_OPTS} -Djava.security.egd=file:/dev/./urandom -jar /ibzou-provider-api.jar
 
-EXPOSE 8081
+EXPOSE 40001
 
 ADD ibzou-provider-api.jar /ibzou-provider-api.jar

ibzou-provider/ibzou-provider-api/src/main/docker/ibzou-provider-api.yaml

@@ -3,9 +3,11 @@ services:
   ibzou-provider-api:
     image: registry.cn-shanghai.aliyuncs.com/ibizsys/ibzou-provider-api:latest
     ports:
-      - "8081:8081"
+      - "40001:40001"
     networks:
       - agent_network
+    environment:
+      SPRING_CLOUD_NACOS_DISCOVERY_IP: 172.16.180.237
     deploy:
       mode: replicated
       replicas: 1

ibzou-provider/ibzou-provider-api/src/main/java/cn/ibizlab/api/config/apiSecurityConfig.java

@@ -31,7 +31,6 @@ public class apiSecurityConfig extends WebSecurityConfigurerAdapter {
     private AuthenticationEntryPoint unauthorizedHandler;
 
     @Autowired
-    @Qualifier("IBZUAAUserService")
     private AuthenticationUserService userDetailsService;
 
     /**

ibzou-provider/ibzou-provider-api/src/main/java/cn/ibizlab/api/ibzouapiApplication.java

@@ -23,6 +23,7 @@ import java.util.List;
 @MapperScan("cn.ibizlab.*.mapper")
 @SpringBootApplication(exclude = {
         org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration.class,
+            org.springframework.boot.autoconfigure.mongo.MongoAutoConfiguration.class,
 })
 @EnableFeignClients(basePackages = {"cn.ibizlab" })
 public class ibzouapiApplication extends WebMvcConfigurerAdapter{

ibzou-provider/ibzou-provider-api/src/main/resources/application-api-dev.yml

 server:
-  port: 8081
+  port: 40001
\ No newline at end of file

ibzou-provider/ibzou-provider-api/src/main/resources/application-api-prod.yml

 server:
-  port: 8081
+  port: 40001

ibzou-util/src/main/java/cn/ibizlab/util/job/PermissionSyncJob.java

@@ -32,7 +32,7 @@ public class PermissionSyncJob implements ApplicationRunner {
     @Value("${ibiz.enablePermissionValid:false}")
     boolean enablePermissionValid;  //是否开启权限校验
 
-    @Value("${ibiz.systemid:110B1A3E-4944-47C8-B4C4-EC15FB8982F3}")
+    @Value("${ibiz.systemid:ibzou}")
     private String systemId;
 
     @Override

ibzou-util/src/main/java/cn/ibizlab/util/rest/AuthenticationController.java

@@ -15,9 +15,11 @@ import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 
 @RestController
 @RequestMapping("/")
+@ConditionalOnProperty( name = "ibiz.enablePermissionValid", havingValue = "false")
 public class AuthenticationController
 {
 
@@ -28,7 +30,6 @@ public class AuthenticationController
     private AuthTokenUtil jwtTokenUtil;
 
     @Autowired
-    @Qualifier("IBZUAAUserService")
     private AuthenticationUserService userDetailsService;
 
     @PostMapping(value = "${ibiz.auth.path:v7/login}")

ibzou-util/src/main/java/cn/ibizlab/util/security/AuthPermissionEvaluator.java

@@ -12,6 +12,7 @@ import cn.ibizlab.util.filter.QueryBuildContext;
 import cn.ibizlab.util.filter.QueryWrapperContext;
 import cn.ibizlab.util.helper.DEFieldCacheMap;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Lazy;
 import org.springframework.data.mongodb.core.MongoTemplate;
 import org.springframework.data.mongodb.core.query.BasicQuery;
 import org.springframework.data.mongodb.core.query.Query;
@@ -48,6 +49,7 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
     private String keyFieldTag="keyfield";
 
     @Resource
+    @Lazy
     private MongoTemplate mongoTemplate;
 
     /**
@@ -115,8 +117,6 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
             if(!validDataSetHasPermission(permissionList,entityName,dataSetName)){
                 return false;
             }
-            //拼接权限条件
-            deDataSetFillPermissionSQLRouter(deStorageMode, searchContext, entity , dataSetName , permissionList);
         }
                 return true;
     }
@@ -344,80 +344,6 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
         }
     }
 
-    /**
-     * 根据实体存储类型，拼接权限条件
-     * @param deStorageMode
-     * @param searchContext
-     * @param entity
-     * @param dataSetName
-     * @param permissionList
-     */
-    private void deDataSetFillPermissionSQLRouter(String deStorageMode , Object searchContext, EntityBase entity ,String dataSetName ,JSONObject permissionList){
-
-        //检查是否有数据权限[单行删除]
-        if(deStorageMode.equalsIgnoreCase("sql")){
-            sqlPermissionBuilder(searchContext, entity , dataSetName, permissionList);
-        }
-        else if(deStorageMode.equalsIgnoreCase("nosql")){
-            noSqlPermissionBuilder(searchContext, entity , dataSetName, permissionList);
-        }
-        else if(deStorageMode.equalsIgnoreCase("serviceapi")){
-        }
-        else {
-            throw new RuntimeException(String.format("未能识别[%s]实体对应存储模式[%s]",entity.getClass().getSimpleName(),deStorageMode));
-        }
-    }
-
-    /**
-     * 为NoSQL存储模式的表格查询填充权限条件
-     * @param searchContext
-     * @param entity
-     * @param dataSetName
-     * @param permissionList
-     */
-    private void noSqlPermissionBuilder(Object searchContext, EntityBase entity, String dataSetName, JSONObject permissionList) {
-
-        if(searchContext instanceof QueryBuildContext){
-            //获取权限表达式[全部数据、本单位、本部门等]
-            String entityName=entity.getClass().getSimpleName();
-            JSONObject entityObj=permissionList.getJSONObject(entityName);
-            JSONObject permissionType=entityObj.getJSONObject(DataSetTag);
-            JSONArray dataRange=permissionType.getJSONArray(dataSetName);
-            if(dataRange.size()==0)
-                return ;
-            //根据权限表达式生成查询条件，并将查询条件设置到SearchContext中
-            fillNoSqlPermissionCond(dataRange,entity,((QueryBuildContext) searchContext).getSelectCond());
-        }
-    }
-
-
-    /**
-     * 为SQL存储模式的表格查询填充权限条件
-     * @param searchContext
-     * @param entity
-     * @param dataSetName
-     * @param permissionList
-     */
-    private void sqlPermissionBuilder(Object searchContext, EntityBase entity, String dataSetName, JSONObject permissionList){
-
-        //获取权限表达式[全部数据、本单位、本部门等]
-        String entityName=entity.getClass().getSimpleName();
-        JSONObject entityObj=permissionList.getJSONObject(entityName);//获取实体
-        JSONObject permissionType=entityObj.getJSONObject(DataSetTag);
-        JSONArray dataRange=permissionType.getJSONArray(dataSetName);//获取实体数据集
-        if(dataRange.size()==0)
-            return ;
-        //根据权限条件获取SQL
-        String permissionSQL=getPermissionSQL(entity,dataRange);
-        //将SQL拼接到SearchContext中
-        if(searchContext instanceof QueryWrapperContext){
-            QueryWrapperContext queryWrapperContext = (QueryWrapperContext) searchContext;
-            QueryWrapper queryWrapper = queryWrapperContext.getSelectCond();
-            queryWrapper.apply(permissionSQL);
-        }
-    }
-
-
 
     /**
      * 为NoSQL存储模式的表格查询填充权限条件

ibzou-util/src/main/java/cn/ibizlab/util/security/AuthorizationTokenFilter.java

@@ -27,7 +27,7 @@ public class AuthorizationTokenFilter extends OncePerRequestFilter {
     private final AuthTokenUtil authTokenUtil;
     private final String tokenHeader;
 
-    public AuthorizationTokenFilter(@Qualifier("IBZUAAUserService") AuthenticationUserService userDetailsService, AuthTokenUtil authTokenUtil, @Value("${ibiz.jwt.header:Authorization}") String tokenHeader) {
+    public AuthorizationTokenFilter(AuthenticationUserService userDetailsService, AuthTokenUtil authTokenUtil, @Value("${ibiz.jwt.header:Authorization}") String tokenHeader) {
         this.userDetailsService = userDetailsService;
         this.authTokenUtil = authTokenUtil;
         this.tokenHeader = tokenHeader;

ibzou-util/src/main/java/cn/ibizlab/util/service/IBZUAAUserService.java

@@ -12,11 +12,13 @@ import org.springframework.context.annotation.Primary;
 import org.springframework.stereotype.Service;
 import org.springframework.util.DigestUtils;
 import org.springframework.util.StringUtils;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
 
 /**
  * 实体[IBZUSER] 服务对象接口实现
  */
 @Service("IBZUAAUserService")
+@ConditionalOnExpression("${ibiz.enablePermissionValid:false}||'${ibiz.auth.service:SimpleUserService}'.equals('IBZUAAUserService')")
 public class IBZUAAUserService implements AuthenticationUserService{
 
 	@Autowired

ibzou-util/src/main/java/cn/ibizlab/util/service/IBZUSERServiceImpl.java

@@ -13,11 +13,13 @@ import cn.ibizlab.util.mapper.IBZUSERMapper;
 import cn.ibizlab.util.domain.IBZUSER;
 import org.springframework.util.DigestUtils;
 import org.springframework.util.StringUtils;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
 
 /**
  * 实体[IBZUSER] 服务对象接口实现
  */
 @Service("IBZUSERService")
+@ConditionalOnExpression("(!${ibiz.enablePermissionValid:false})&&'${ibiz.auth.service:SimpleUserService}'.equals('IBZUSERService')")
 public class IBZUSERServiceImpl extends ServiceImpl<IBZUSERMapper, IBZUSER> implements IBZUSERService,AuthenticationUserService{
 
 	@Value("${ibiz.auth.pwencrymode:0}")

ibzou-util/src/main/java/cn/ibizlab/util/service/SimpleUserService.java

@@ -11,12 +11,14 @@ import org.springframework.util.StringUtils;
 import com.alibaba.fastjson.JSONObject;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
 
 /**
  * 实体[IBZUSER] 服务对象接口实现
  */
 @Primary
 @Service("SimpleUserService")
+@ConditionalOnExpression("(!${ibiz.enablePermissionValid:false})&&'${ibiz.auth.service:SimpleUserService}'.equals('SimpleUserService')")
 public class SimpleUserService implements AuthenticationUserService{
 
 	@Override