laizhilong 发布系统代码

app_web/src/locale/lanres/sys-role/sys-role_en_US.ts

@@ -44,7 +44,8 @@ export default {
 			tabpage1: "权限", 
 			druipart2: "用户", 
 			tabpage2: "用户", 
-			tabpage3: "分页面板", 
+			druipart3: "角色权限关系", 
+			tabpage3: "角色权限关系", 
 			tabpanel1: "", 
 			formpage1: "基本信息", 
 			srfupdatedate: "更新时间", 
@@ -55,9 +56,9 @@ export default {
 			srfuf: "", 
 			srfdeid: "", 
 			srfsourcekey: "", 
+			sys_roleid: "角色表标识", 
 			sys_rolename: "角色表名称", 
 			memo: "备注", 
-			sys_roleid: "角色表标识", 
 		},
 		uiactions: {
 		},

app_web/src/locale/lanres/sys-role/sys-role_zh_CN.ts

@@ -43,7 +43,8 @@ export default {
 			tabpage1: '权限', 
 			druipart2: '用户', 
 			tabpage2: '用户', 
-			tabpage3: '分页面板', 
+			druipart3: '角色权限关系', 
+			tabpage3: '角色权限关系', 
 			tabpanel1: '', 
 			formpage1: '基本信息', 
 			srfupdatedate: '更新时间', 
@@ -54,9 +55,9 @@ export default {
 			srfuf: '', 
 			srfdeid: '', 
 			srfsourcekey: '', 
+			sys_roleid: '角色表标识', 
 			sys_rolename: '角色表名称', 
 			memo: '备注', 
-			sys_roleid: '角色表标识', 
 		},
 		uiactions: {
 		},

app_web/src/store/modules/view-action/state.ts

@@ -104,6 +104,7 @@ export const viewstate: any = {
             viewdatachange: false,
             refviews: [
                 '61a949e3c23ebdda724888662ded1478',
+                'b8a97c1797a1b91fbb37f8c2d14b1fb6',
                 'fb89f9af95f2caf92ccc1249025c9a1b',
             ],
         },
@@ -156,6 +157,7 @@ export const viewstate: any = {
             viewdatachange: false,
             refviews: [
                 '61a949e3c23ebdda724888662ded1478',
+                'b8a97c1797a1b91fbb37f8c2d14b1fb6',
                 'fb89f9af95f2caf92ccc1249025c9a1b',
             ],
         },

app_web/src/widgets/sys-role/main-form/main-form-base.vue

@@ -3,27 +3,27 @@
     <input style="display:none;" />
     <row >
             
-<i-col v-show="detailsModel.group1.visible" :style="{}"  :lg="{ span: 24, offset: 0 }">
+<i-col v-show="detailsModel.group1.visible" :style="{}"  :lg="{ span: 12, offset: 0 }">
     <app-form-group layoutType="TABLE_24COL" titleStyle="" class='' uiActionGroup="detailsModel.group1.uiActionGroup" @groupuiactionclick="groupUIActionClick($event)" :caption="$t('entities.sys_role.main_form.details.group1')" :isShowCaption="true" uiStyle="DEFAULT" :titleBarCloseMode="0" :isInfoGroupMode="false" >    
     <row>
-        <i-col v-show="detailsModel.sys_rolename.visible" :style="{}"  :lg="{ span: 24, offset: 0 }">
+        <i-col v-show="detailsModel.sys_roleid.visible" :style="{}"  :lg="{ span: 12, offset: 0 }">
+    <app-form-item name='sys_roleid' :itemRules="this.rules.sys_roleid" class='' :caption="$t('entities.sys_role.main_form.details.sys_roleid')" uiStyle="DEFAULT" :labelWidth="130" :isShowCaption="true" :error="detailsModel.sys_roleid.error" :isEmptyCaption="false" labelPos="LEFT">
+    <app-span   name='sys_roleid'
+:value="data.sys_roleid" style=""></app-span>
+</app-form-item>
+
+</i-col>
+<i-col v-show="detailsModel.sys_rolename.visible" :style="{}"  :lg="{ span: 12, offset: 0 }">
     <app-form-item name='sys_rolename' :itemRules="this.rules.sys_rolename" class='' :caption="$t('entities.sys_role.main_form.details.sys_rolename')" uiStyle="DEFAULT" :labelWidth="130" :isShowCaption="true" :error="detailsModel.sys_rolename.error" :isEmptyCaption="false" labelPos="LEFT">
     <input-box v-model="data.sys_rolename"  @enter="onEnter($event)"   unit=""  :disabled="detailsModel.sys_rolename.disabled" type='text'  style=""></input-box>
 </app-form-item>
 
 </i-col>
-<i-col v-show="detailsModel.memo.visible" :style="{}"  :lg="{ span: 24, offset: 0 }">
+<i-col v-show="detailsModel.memo.visible" :style="{}"  :lg="{ span: 12, offset: 0 }">
     <app-form-item name='memo' :itemRules="this.rules.memo" class='' :caption="$t('entities.sys_role.main_form.details.memo')" uiStyle="DEFAULT" :labelWidth="130" :isShowCaption="true" :error="detailsModel.memo.error" :isEmptyCaption="false" labelPos="LEFT">
     <input-box v-model="data.memo"  @enter="onEnter($event)"   unit=""  :disabled="detailsModel.memo.disabled" type='text'  style=""></input-box>
 </app-form-item>
 
-</i-col>
-<i-col v-show="detailsModel.sys_roleid.visible" :style="{}"  :lg="{ span: 24, offset: 0 }">
-    <app-form-item name='sys_roleid' :itemRules="this.rules.sys_roleid" class='' :caption="$t('entities.sys_role.main_form.details.sys_roleid')" uiStyle="DEFAULT" :labelWidth="130" :isShowCaption="true" :error="detailsModel.sys_roleid.error" :isEmptyCaption="false" labelPos="LEFT">
-    <app-span   name='sys_roleid'
-:value="data.sys_roleid" style=""></app-span>
-</app-form-item>
-
 </i-col>
     
     </row>
@@ -114,6 +114,29 @@
                 ])
             }">
             
+    <i-col v-show="detailsModel.druipart3.visible" :style="{}"  :lg="{ span: 24, offset: 0 }">
+    <app-form-druipart
+    
+    :formState="formState"
+    :isForbidLoad="this.data.srfuf === '0'"
+    paramItem='sys_role' 
+    :parentdata='{"srfparentdename":"SYS_ROLE","SRFPARENTTYPE":"CUSTOM"}'
+    :parameters="[
+    ]"
+    :context="context"
+    :viewparams="viewparams"
+    parameterName='sys_role'
+    parentName="SYS_ROLE"  
+    refviewtype='DEMPICKUPVIEW' 
+    refreshitems='' 
+    :ignorefieldvaluechange="ignorefieldvaluechange"
+    viewname='sys-permissionmpickup-view' 
+    :data="JSON.stringify(this.data)" 
+    @drdatasaved="drdatasaved($event)"
+    style=";overflow: auto;">
+</app-form-druipart>
+
+</i-col>
 
 
         </tab-pane>
@@ -419,9 +442,9 @@ export default class MainBase extends Vue implements ControlInterface {
         srfuf: null,
         srfdeid: null,
         srfsourcekey: null,
+        sys_roleid: null,
         sys_rolename: null,
         memo: null,
-        sys_roleid: null,
         sys_role:null,
     };
 
@@ -512,6 +535,12 @@ export default class MainBase extends Vue implements ControlInterface {
             { required: false, type: 'string', message: ' 值不能为空', trigger: 'change' },
             { required: false, type: 'string', message: ' 值不能为空', trigger: 'blur' },
         ],
+        sys_roleid: [
+            { type: 'string', message: '角色表标识 值必须为字符串类型', trigger: 'change' },
+            { type: 'string', message: '角色表标识 值必须为字符串类型', trigger: 'blur' },
+            { required: false, type: 'string', message: '角色表标识 值不能为空', trigger: 'change' },
+            { required: false, type: 'string', message: '角色表标识 值不能为空', trigger: 'blur' },
+        ],
         sys_rolename: [
             { type: 'string', message: '角色表名称 值必须为字符串类型', trigger: 'change' },
             { type: 'string', message: '角色表名称 值必须为字符串类型', trigger: 'blur' },
@@ -524,12 +553,6 @@ export default class MainBase extends Vue implements ControlInterface {
             { required: false, type: 'string', message: '备注 值不能为空', trigger: 'change' },
             { required: false, type: 'string', message: '备注 值不能为空', trigger: 'blur' },
         ],
-        sys_roleid: [
-            { type: 'string', message: '角色表标识 值必须为字符串类型', trigger: 'change' },
-            { type: 'string', message: '角色表标识 值必须为字符串类型', trigger: 'blur' },
-            { required: false, type: 'string', message: '角色表标识 值不能为空', trigger: 'change' },
-            { required: false, type: 'string', message: '角色表标识 值不能为空', trigger: 'blur' },
-        ],
     }
 
     /**
@@ -549,7 +572,9 @@ export default class MainBase extends Vue implements ControlInterface {
 , 
         tabpage2: new FormTabPageModel({ caption: '用户', detailType: 'TABPAGE', name: 'tabpage2', visible: true, isShowCaption: true, form: this })
 , 
-        tabpage3: new FormTabPageModel({ caption: '分页面板', detailType: 'TABPAGE', name: 'tabpage3', visible: true, isShowCaption: true, form: this })
+        druipart3: new FormDRUIPartModel({ caption: '角色权限关系', detailType: 'DRUIPART', name: 'druipart3', visible: true, isShowCaption: true, form: this })
+, 
+        tabpage3: new FormTabPageModel({ caption: '角色权限关系', detailType: 'TABPAGE', name: 'tabpage3', visible: true, isShowCaption: true, form: this })
 , 
         tabpanel1: new FormTabPanelModel({ caption: '', detailType: 'TABPANEL', name: 'tabpanel1', visible: true, isShowCaption: false, form: this, tabPages: [{ name: 'tabpage1', index: 0, visible: true }, { name: 'tabpage2', index: 1, visible: true }, { name: 'tabpage3', index: 2, visible: true }] })
 , 
@@ -570,12 +595,12 @@ export default class MainBase extends Vue implements ControlInterface {
         srfdeid: new FormItemModel({ caption: '', detailType: 'FORMITEM', name: 'srfdeid', visible: true, isShowCaption: true, form: this, disabled: false, enableCond: 3 })
 , 
         srfsourcekey: new FormItemModel({ caption: '', detailType: 'FORMITEM', name: 'srfsourcekey', visible: true, isShowCaption: true, form: this, disabled: false, enableCond: 3 })
+, 
+        sys_roleid: new FormItemModel({ caption: '角色表标识', detailType: 'FORMITEM', name: 'sys_roleid', visible: true, isShowCaption: true, form: this, disabled: false, enableCond: 3 })
 , 
         sys_rolename: new FormItemModel({ caption: '角色表名称', detailType: 'FORMITEM', name: 'sys_rolename', visible: true, isShowCaption: true, form: this, disabled: false, enableCond: 3 })
 , 
         memo: new FormItemModel({ caption: '备注', detailType: 'FORMITEM', name: 'memo', visible: true, isShowCaption: true, form: this, disabled: false, enableCond: 3 })
-, 
-        sys_roleid: new FormItemModel({ caption: '角色表标识', detailType: 'FORMITEM', name: 'sys_roleid', visible: true, isShowCaption: true, form: this, disabled: false, enableCond: 3 })
 , 
     };
 
@@ -676,39 +701,39 @@ export default class MainBase extends Vue implements ControlInterface {
     }
 
     /**
-     * 监控表单属性 sys_rolename 值
+     * 监控表单属性 sys_roleid 值
      *
      * @param {*} newVal
      * @param {*} oldVal
      * @memberof Main
      */
-    @Watch('data.sys_rolename')
-    onSys_rolenameChange(newVal: any, oldVal: any) {
-        this.formDataChange({ name: 'sys_rolename', newVal: newVal, oldVal: oldVal });
+    @Watch('data.sys_roleid')
+    onSys_roleidChange(newVal: any, oldVal: any) {
+        this.formDataChange({ name: 'sys_roleid', newVal: newVal, oldVal: oldVal });
     }
 
     /**
-     * 监控表单属性 memo 值
+     * 监控表单属性 sys_rolename 值
      *
      * @param {*} newVal
      * @param {*} oldVal
      * @memberof Main
      */
-    @Watch('data.memo')
-    onMemoChange(newVal: any, oldVal: any) {
-        this.formDataChange({ name: 'memo', newVal: newVal, oldVal: oldVal });
+    @Watch('data.sys_rolename')
+    onSys_rolenameChange(newVal: any, oldVal: any) {
+        this.formDataChange({ name: 'sys_rolename', newVal: newVal, oldVal: oldVal });
     }
 
     /**
-     * 监控表单属性 sys_roleid 值
+     * 监控表单属性 memo 值
      *
      * @param {*} newVal
      * @param {*} oldVal
      * @memberof Main
      */
-    @Watch('data.sys_roleid')
-    onSys_roleidChange(newVal: any, oldVal: any) {
-        this.formDataChange({ name: 'sys_roleid', newVal: newVal, oldVal: oldVal });
+    @Watch('data.memo')
+    onMemoChange(newVal: any, oldVal: any) {
+        this.formDataChange({ name: 'memo', newVal: newVal, oldVal: oldVal });
     }
 
 
@@ -765,6 +790,7 @@ export default class MainBase extends Vue implements ControlInterface {
 
 
 
+
 
     }
 
@@ -1289,7 +1315,7 @@ export default class MainBase extends Vue implements ControlInterface {
             Object.assign(arg, data);
             Object.assign(arg, this.context);
             if (ifStateNext) {
-                this.drcounter = 2;
+                this.drcounter = 3;
                 if(this.drcounter !== 0){
                     this.drsaveopt = opt;
                     this.formState.next({ type: 'beforesave', data: arg });//先通知关系界面保存

app_web/src/widgets/sys-role/main-form/main-form-model.ts

@@ -55,6 +55,11 @@ export default class MainModel {
       {
         name: 'srfsourcekey',
       },
+      {
+        name: 'sys_roleid',
+        prop: 'roleid',
+        dataType: 'GUID',
+      },
       {
         name: 'sys_rolename',
         prop: 'rolename',
@@ -65,11 +70,6 @@ export default class MainModel {
         prop: 'memo',
         dataType: 'TEXT',
       },
-      {
-        name: 'sys_roleid',
-        prop: 'roleid',
-        dataType: 'GUID',
-      },
       {
         name: 'sys_role',
         prop: 'roleid',

ibzuaa-core/pom.xml

@@ -150,7 +150,7 @@
                                     <verbose>true</verbose>
                                     <logging>debug</logging>
                                     <contexts>!test</contexts>
-                                    <diffExcludeObjects>Index:.*,table:IBZFILE,IBZUSER,IBZDATAAUDIT</diffExcludeObjects>
+                                    <diffExcludeObjects>Index:.*,table:ibzfile,ibzuser,ibzdataaudit</diffExcludeObjects>
                                 </configuration>
                                 <phase>process-resources</phase>
                                 <goals>

ibzuaa-core/src/main/resources/liquibase/h2_table.xml

@@ -136,7 +136,7 @@
         </createTable>
     </changeSet>
     <!--输出实体[SYS_ROLE]数据结构 -->
-    <changeSet author="a_A_5d9d78509" id="tab-sys_role-63-7">
+    <changeSet author="a_A_5d9d78509" id="tab-sys_role-68-7">
         <createTable tableName="IBZROLE">
                 <column name="SYS_ROLEID" remarks="" type="VARCHAR(100)">
                     <constraints primaryKey="true" primaryKeyName="PK_SYS_ROLE_SYS_ROLEID"/>

ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SYS_PERMISSIONResource.java

@@ -50,7 +50,9 @@ public class SYS_PERMISSIONResource {
 
     @Autowired
     @Lazy
-    private SYS_PERMISSIONMapping sys_permissionMapping;
+    public SYS_PERMISSIONMapping sys_permissionMapping;
+
+    public SYS_PERMISSIONDTO permissionDTO=new SYS_PERMISSIONDTO();
 
 
 
@@ -110,7 +112,6 @@ public class SYS_PERMISSIONResource {
         return ResponseEntity.status(HttpStatus.OK).body(dto);
     }
 
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_PERMISSION-Update-all')")
     @ApiOperation(value = "UpdateBatch", tags = {"SYS_PERMISSION" },  notes = "UpdateBatch")
 	@RequestMapping(method = RequestMethod.PUT, value = "/sys_permissions/batch")
     public ResponseEntity<Boolean> updateBatch(@RequestBody List<SYS_PERMISSIONDTO> sys_permissiondtos) {
@@ -131,7 +132,7 @@ public class SYS_PERMISSIONResource {
         SYS_PERMISSIONDTO dto = sys_permissionMapping.toDto(domain);
 		return ResponseEntity.status(HttpStatus.OK).body(dto);
     }
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_PERMISSION-Create-all')")
+
     @ApiOperation(value = "createBatch", tags = {"SYS_PERMISSION" },  notes = "createBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "/sys_permissions/batch")
     public ResponseEntity<Boolean> createBatch(@RequestBody List<SYS_PERMISSIONDTO> sys_permissiondtos) {
@@ -183,12 +184,4 @@ public class SYS_PERMISSIONResource {
 	}
 
 
-    /**
-     * 用户权限校验
-     * @return
-     */
-	public SYS_PERMISSION getEntity(){
-        return new SYS_PERMISSION();
-    }
-
 }

ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SYS_PSAPPMENUITEMResource.java

@@ -50,7 +50,9 @@ public class SYS_PSAPPMENUITEMResource {
 
     @Autowired
     @Lazy
-    private SYS_PSAPPMENUITEMMapping sys_psappmenuitemMapping;
+    public SYS_PSAPPMENUITEMMapping sys_psappmenuitemMapping;
+
+    public SYS_PSAPPMENUITEMDTO permissionDTO=new SYS_PSAPPMENUITEMDTO();
 
 
 
@@ -81,7 +83,7 @@ public class SYS_PSAPPMENUITEMResource {
         SYS_PSAPPMENUITEMDTO dto = sys_psappmenuitemMapping.toDto(domain);
 		return ResponseEntity.status(HttpStatus.OK).body(dto);
     }
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_PSAPPMENUITEM-Create-all')")
+
     @ApiOperation(value = "createBatch", tags = {"SYS_PSAPPMENUITEM" },  notes = "createBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "/sys_psappmenuitems/batch")
     public ResponseEntity<Boolean> createBatch(@RequestBody List<SYS_PSAPPMENUITEMDTO> sys_psappmenuitemdtos) {
@@ -104,7 +106,6 @@ public class SYS_PSAPPMENUITEMResource {
         return ResponseEntity.status(HttpStatus.OK).body(dto);
     }
 
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_PSAPPMENUITEM-Update-all')")
     @ApiOperation(value = "UpdateBatch", tags = {"SYS_PSAPPMENUITEM" },  notes = "UpdateBatch")
 	@RequestMapping(method = RequestMethod.PUT, value = "/sys_psappmenuitems/batch")
     public ResponseEntity<Boolean> updateBatch(@RequestBody List<SYS_PSAPPMENUITEMDTO> sys_psappmenuitemdtos) {
@@ -183,12 +184,4 @@ public class SYS_PSAPPMENUITEMResource {
 	}
 
 
-    /**
-     * 用户权限校验
-     * @return
-     */
-	public SYS_PSAPPMENUITEM getEntity(){
-        return new SYS_PSAPPMENUITEM();
-    }
-
 }

ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SYS_PSDEOPPRIVResource.java

@@ -50,7 +50,9 @@ public class SYS_PSDEOPPRIVResource {
 
     @Autowired
     @Lazy
-    private SYS_PSDEOPPRIVMapping sys_psdeopprivMapping;
+    public SYS_PSDEOPPRIVMapping sys_psdeopprivMapping;
+
+    public SYS_PSDEOPPRIVDTO permissionDTO=new SYS_PSDEOPPRIVDTO();
 
 
 
@@ -101,7 +103,7 @@ public class SYS_PSDEOPPRIVResource {
         SYS_PSDEOPPRIVDTO dto = sys_psdeopprivMapping.toDto(domain);
 		return ResponseEntity.status(HttpStatus.OK).body(dto);
     }
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_PSDEOPPRIV-Create-all')")
+
     @ApiOperation(value = "createBatch", tags = {"SYS_PSDEOPPRIV" },  notes = "createBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "/sys_psdeopprivs/batch")
     public ResponseEntity<Boolean> createBatch(@RequestBody List<SYS_PSDEOPPRIVDTO> sys_psdeopprivdtos) {
@@ -136,7 +138,6 @@ public class SYS_PSDEOPPRIVResource {
         return ResponseEntity.status(HttpStatus.OK).body(dto);
     }
 
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_PSDEOPPRIV-Update-all')")
     @ApiOperation(value = "UpdateBatch", tags = {"SYS_PSDEOPPRIV" },  notes = "UpdateBatch")
 	@RequestMapping(method = RequestMethod.PUT, value = "/sys_psdeopprivs/batch")
     public ResponseEntity<Boolean> updateBatch(@RequestBody List<SYS_PSDEOPPRIVDTO> sys_psdeopprivdtos) {
@@ -183,12 +184,4 @@ public class SYS_PSDEOPPRIVResource {
 	}
 
 
-    /**
-     * 用户权限校验
-     * @return
-     */
-	public SYS_PSDEOPPRIV getEntity(){
-        return new SYS_PSDEOPPRIV();
-    }
-
 }

ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SYS_ROLEResource.java

@@ -50,7 +50,9 @@ public class SYS_ROLEResource {
 
     @Autowired
     @Lazy
-    private SYS_ROLEMapping sys_roleMapping;
+    public SYS_ROLEMapping sys_roleMapping;
+
+    public SYS_ROLEDTO permissionDTO=new SYS_ROLEDTO();
 
 
 
@@ -83,7 +85,6 @@ public class SYS_ROLEResource {
         return ResponseEntity.status(HttpStatus.OK).body(dto);
     }
 
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_ROLE-Update-all')")
     @ApiOperation(value = "UpdateBatch", tags = {"SYS_ROLE" },  notes = "UpdateBatch")
 	@RequestMapping(method = RequestMethod.PUT, value = "/sys_roles/batch")
     public ResponseEntity<Boolean> updateBatch(@RequestBody List<SYS_ROLEDTO> sys_roledtos) {
@@ -104,7 +105,7 @@ public class SYS_ROLEResource {
         SYS_ROLEDTO dto = sys_roleMapping.toDto(domain);
 		return ResponseEntity.status(HttpStatus.OK).body(dto);
     }
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_ROLE-Create-all')")
+
     @ApiOperation(value = "createBatch", tags = {"SYS_ROLE" },  notes = "createBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "/sys_roles/batch")
     public ResponseEntity<Boolean> createBatch(@RequestBody List<SYS_ROLEDTO> sys_roledtos) {
@@ -183,12 +184,4 @@ public class SYS_ROLEResource {
 	}
 
 
-    /**
-     * 用户权限校验
-     * @return
-     */
-	public SYS_ROLE getEntity(){
-        return new SYS_ROLE();
-    }
-
 }

ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SYS_ROLE_PERMISSIONResource.java

@@ -50,12 +50,14 @@ public class SYS_ROLE_PERMISSIONResource {
 
     @Autowired
     @Lazy
-    private SYS_ROLE_PERMISSIONMapping sys_role_permissionMapping;
+    public SYS_ROLE_PERMISSIONMapping sys_role_permissionMapping;
 
+    public SYS_ROLE_PERMISSIONDTO permissionDTO=new SYS_ROLE_PERMISSIONDTO();
 
 
 
-    @PreAuthorize("hasPermission(#sys_role_permission_id,'Get',{this.getEntity(),'Sql'})")
+
+    @PreAuthorize("hasPermission(#sys_role_permission_id,'Get',{'Sql',this.sys_role_permissionMapping,this.permissionDTO})")
     @ApiOperation(value = "Get", tags = {"SYS_ROLE_PERMISSION" },  notes = "Get")
 	@RequestMapping(method = RequestMethod.GET, value = "/sys_role_permissions/{sys_role_permission_id}")
     public ResponseEntity<SYS_ROLE_PERMISSIONDTO> get(@PathVariable("sys_role_permission_id") String sys_role_permission_id) {
@@ -67,7 +69,7 @@ public class SYS_ROLE_PERMISSIONResource {
 
 
 
-    @PreAuthorize("hasPermission(#sys_role_permission_id,'Remove',{this.getEntity(),'Sql'})")
+    @PreAuthorize("hasPermission(#sys_role_permission_id,'Remove',{'Sql',this.sys_role_permissionMapping,this.permissionDTO})")
     @ApiOperation(value = "Remove", tags = {"SYS_ROLE_PERMISSION" },  notes = "Remove")
 	@RequestMapping(method = RequestMethod.DELETE, value = "/sys_role_permissions/{sys_role_permission_id}")
     @Transactional
@@ -94,7 +96,7 @@ public class SYS_ROLE_PERMISSIONResource {
 
 
 
-    @PreAuthorize("hasPermission('','Create',{this.getEntity(),'Sql'})")
+    @PreAuthorize("hasPermission('','Create',{'Sql',this.sys_role_permissionMapping,#sys_role_permissiondto})")
     @ApiOperation(value = "Create", tags = {"SYS_ROLE_PERMISSION" },  notes = "Create")
 	@RequestMapping(method = RequestMethod.POST, value = "/sys_role_permissions")
     @Transactional
@@ -104,7 +106,7 @@ public class SYS_ROLE_PERMISSIONResource {
         SYS_ROLE_PERMISSIONDTO dto = sys_role_permissionMapping.toDto(domain);
 		return ResponseEntity.status(HttpStatus.OK).body(dto);
     }
-    @PreAuthorize("hasPermission('','Create',{this.getEntity(),'Sql'})")
+
     @ApiOperation(value = "createBatch", tags = {"SYS_ROLE_PERMISSION" },  notes = "createBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "/sys_role_permissions/batch")
     public ResponseEntity<Boolean> createBatch(@RequestBody List<SYS_ROLE_PERMISSIONDTO> sys_role_permissiondtos) {
@@ -140,7 +142,7 @@ public class SYS_ROLE_PERMISSIONResource {
 
 
 
-    @PreAuthorize("hasPermission(#sys_role_permission_id,'Update',{this.getEntity(),'Sql'})")
+    @PreAuthorize("hasPermission(#sys_role_permission_id,'Update',{'Sql',this.sys_role_permissionMapping,#sys_role_permissiondto})")
     @ApiOperation(value = "Update", tags = {"SYS_ROLE_PERMISSION" },  notes = "Update")
 	@RequestMapping(method = RequestMethod.PUT, value = "/sys_role_permissions/{sys_role_permission_id}")
     @Transactional
@@ -152,7 +154,6 @@ public class SYS_ROLE_PERMISSIONResource {
         return ResponseEntity.status(HttpStatus.OK).body(dto);
     }
 
-    @PreAuthorize("hasPermission(#sys_role_permission_id,'Update',{this.getEntity(),'Sql'})")
     @ApiOperation(value = "UpdateBatch", tags = {"SYS_ROLE_PERMISSION" },  notes = "UpdateBatch")
 	@RequestMapping(method = RequestMethod.PUT, value = "/sys_role_permissions/batch")
     public ResponseEntity<Boolean> updateBatch(@RequestBody List<SYS_ROLE_PERMISSIONDTO> sys_role_permissiondtos) {
@@ -497,12 +498,4 @@ public class SYS_ROLE_PERMISSIONResource {
 	}
 
 
-    /**
-     * 用户权限校验
-     * @return
-     */
-	public SYS_ROLE_PERMISSION getEntity(){
-        return new SYS_ROLE_PERMISSION();
-    }
-
 }

ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SYS_USERResource.java

@@ -50,7 +50,9 @@ public class SYS_USERResource {
 
     @Autowired
     @Lazy
-    private SYS_USERMapping sys_userMapping;
+    public SYS_USERMapping sys_userMapping;
+
+    public SYS_USERDTO permissionDTO=new SYS_USERDTO();
 
 
 
@@ -85,7 +87,6 @@ public class SYS_USERResource {
         return ResponseEntity.status(HttpStatus.OK).body(dto);
     }
 
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_USER-Update-all')")
     @ApiOperation(value = "UpdateBatch", tags = {"SYS_USER" },  notes = "UpdateBatch")
 	@RequestMapping(method = RequestMethod.PUT, value = "/sys_users/batch")
     public ResponseEntity<Boolean> updateBatch(@RequestBody List<SYS_USERDTO> sys_userdtos) {
@@ -152,7 +153,7 @@ public class SYS_USERResource {
         SYS_USERDTO dto = sys_userMapping.toDto(domain);
 		return ResponseEntity.status(HttpStatus.OK).body(dto);
     }
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_USER-Create-all')")
+
     @ApiOperation(value = "createBatch", tags = {"SYS_USER" },  notes = "createBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "/sys_users/batch")
     public ResponseEntity<Boolean> createBatch(@RequestBody List<SYS_USERDTO> sys_userdtos) {
@@ -183,12 +184,4 @@ public class SYS_USERResource {
 	}
 
 
-    /**
-     * 用户权限校验
-     * @return
-     */
-	public SYS_USER getEntity(){
-        return new SYS_USER();
-    }
-
 }

ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SYS_USER_ROLEResource.java

@@ -50,7 +50,9 @@ public class SYS_USER_ROLEResource {
 
     @Autowired
     @Lazy
-    private SYS_USER_ROLEMapping sys_user_roleMapping;
+    public SYS_USER_ROLEMapping sys_user_roleMapping;
+
+    public SYS_USER_ROLEDTO permissionDTO=new SYS_USER_ROLEDTO();
 
 
 
@@ -85,7 +87,6 @@ public class SYS_USER_ROLEResource {
         return ResponseEntity.status(HttpStatus.OK).body(dto);
     }
 
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_USER_ROLE-Update-all')")
     @ApiOperation(value = "UpdateBatch", tags = {"SYS_USER_ROLE" },  notes = "UpdateBatch")
 	@RequestMapping(method = RequestMethod.PUT, value = "/sys_user_roles/batch")
     public ResponseEntity<Boolean> updateBatch(@RequestBody List<SYS_USER_ROLEDTO> sys_user_roledtos) {
@@ -124,7 +125,7 @@ public class SYS_USER_ROLEResource {
         SYS_USER_ROLEDTO dto = sys_user_roleMapping.toDto(domain);
 		return ResponseEntity.status(HttpStatus.OK).body(dto);
     }
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_USER_ROLE-Create-all')")
+
     @ApiOperation(value = "createBatch", tags = {"SYS_USER_ROLE" },  notes = "createBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "/sys_user_roles/batch")
     public ResponseEntity<Boolean> createBatch(@RequestBody List<SYS_USER_ROLEDTO> sys_user_roledtos) {
@@ -431,12 +432,4 @@ public class SYS_USER_ROLEResource {
 	}
 
 
-    /**
-     * 用户权限校验
-     * @return
-     */
-	public SYS_USER_ROLE getEntity(){
-        return new SYS_USER_ROLE();
-    }
-
 }

ibzuaa-util/src/main/java/cn/ibizlab/util/security/AuthPermissionEvaluator.java

@@ -6,7 +6,9 @@ import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
 import com.mongodb.QueryBuilder;
 import cn.ibizlab.util.annotation.DEField;
+import cn.ibizlab.util.domain.DTOBase;
 import cn.ibizlab.util.domain.EntityBase;
+import cn.ibizlab.util.domain.MappingBase;
 import cn.ibizlab.util.enums.DEPredefinedFieldType;
 import cn.ibizlab.util.filter.QueryBuildContext;
 import cn.ibizlab.util.filter.QueryWrapperContext;
@@ -72,8 +74,10 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
             return true;
 
         List paramList = (ArrayList) params;
-        EntityBase  entity = (EntityBase) paramList.get(0);
-        String deStorageMode= (String) paramList.get(1);
+        String deStorageMode= (String) paramList.get(0);
+        MappingBase mappingBase= (MappingBase) paramList.get(1);
+        DTOBase dtoBase = (DTOBase) paramList.get(2);
+        EntityBase entity = (EntityBase) mappingBase.toDomain(dtoBase);
 
         if (StringUtils.isEmpty(entity))
             return false;
@@ -82,10 +86,6 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
         JSONObject permissionList=userPermission.getJSONObject("entities");
         String entityName = entity.getClass().getSimpleName();
 
-        if(action.equalsIgnoreCase("create")){
-            return validDEActionHasPermission(permissionList,entityName,action);
-        }
-        else{
         //拥有全部数据访问权限时，则跳过权限检查
         if(isAllData(permissionList,entityName,action)){
             return true;
@@ -94,8 +94,11 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
         if(!validDEActionHasPermission(permissionList,entityName,action)){
             return false;
         }
-            //检查是否有数据权限
-            return deActionPermissionValidRouter(deStorageMode, entity , action , srfKey, permissionList);
+        if(action.equalsIgnoreCase("create")){
+            return createActionPermissionValid(permissionList,entity, action);
+        }
+        else{
+            return otherActionPermissionValidRouter(deStorageMode, entity , action , srfKey, permissionList);
         }
     }
 
@@ -113,7 +116,10 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
         if(!permissionList.containsKey(entityName))
             return false;
         JSONObject entity=permissionList.getJSONObject(entityName);
-        if(entity.containsKey(action) && entity.getJSONArray(action).contains("ALL"))
+        if(!entity.containsKey(DEActionType))
+            return false;
+        JSONObject dataRange=entity.getJSONObject(DEActionType);//获取实体行为对应的数据范围
+        if(dataRange.containsKey(action) && dataRange.getJSONArray(action).contains("all"))
             return true;
 
         return false;
@@ -144,6 +150,81 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
         return hasPermission;
     }
 
+    /**
+     * 新建行为校验
+     * @param permissionList
+     * @param entity
+     * @param action
+     * @return
+     */
+    private boolean createActionPermissionValid(JSONObject permissionList,EntityBase entity, String action){
+
+        Map<String,String> permissionField=getPermissionField(entity);//获取组织、部门预置属性
+        String keyField=permissionField.get(keyFieldTag);
+        if(StringUtils.isEmpty(keyField)){
+            throw new RuntimeException("权限校验失败，请检查当前实体中是否已经配置主键属性!");
+        }
+
+        //获取权限表达式[全部数据、本单位、本部门等]
+        JSONObject entityObj=permissionList.getJSONObject(entity.getClass().getSimpleName());//获取实体
+        JSONObject permissionType= entityObj.getJSONObject(DEActionType);
+        JSONArray dataRangeList=permissionType.getJSONArray(action);//行为：read；insert...
+        if(dataRangeList.size()==0)
+            return false;
+
+        boolean isCreate=true;
+
+        String orgField=permissionField.get("orgfield");
+        String orgDeptField=permissionField.get("orgsecfield");
+        String createManField=permissionField.get("createmanfield");
+        AuthenticationUser authenticationUser = AuthenticationUser.getAuthenticationUser();
+        Map<String, Set<String>> userInfo = authenticationUser.getOrgInfo();
+        Set<String> orgParent = userInfo.get("parentorg");
+        Set<String> orgChild = userInfo.get("suborg");
+        Set<String> orgDeptParent = userInfo.get("parentdept");
+        Set<String> orgDeptChild = userInfo.get("subdept");
+
+        Object orgFieldValue=entity.get(orgField);
+        Object orgDeptFieldValue=entity.get(orgDeptField);
+        Object crateManFieldValue=entity.get(createManField);
+
+        Set<String> userOrg = new HashSet<>();
+        Set<String> userOrgDept = new HashSet<>();
+
+        for(int a=0;a<dataRangeList.size();a++){
+            String permissionCond=dataRangeList.getString(a);//权限配置条件
+            if(permissionCond.equals("curorg")){   //本单位
+                userOrg.add(authenticationUser.getOrgid());
+            }
+            else if(permissionCond.equals("porg")){//上级单位
+                userOrg.addAll(orgParent);
+            }
+            else if(permissionCond.equals("sorg")){//下级单位
+                userOrg.addAll(orgChild);
+            }
+            else if(permissionCond.equals("curorgdept")){//本部门
+                userOrgDept.add(authenticationUser.getMdeptid());
+            }
+            else if(permissionCond.equals("porgdept")){//上级部门
+                userOrgDept.addAll(orgDeptParent);
+            }
+            else if(permissionCond.equals("sorgdept")){//下级部门
+                userOrgDept.addAll(orgDeptChild);
+            }
+        }
+
+        if(!ObjectUtils.isEmpty(orgFieldValue) && !userOrg.contains(orgFieldValue)){
+            return false;
+        }
+        if(!ObjectUtils.isEmpty(orgDeptFieldValue) && !userOrgDept.contains(orgDeptFieldValue)){
+            return false;
+        }
+        if(!ObjectUtils.isEmpty(crateManFieldValue) && !crateManFieldValue.equals(authenticationUser.getUserid())){
+            return false;
+        }
+
+        return isCreate;
+    }
 
     /**
      * 根据实体存储模式，进行鉴权
@@ -154,7 +235,7 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
      * @param permissionList
      * @return
      */
-    private boolean deActionPermissionValidRouter(String deStorageMode, EntityBase entity , String action , Object srfKey , JSONObject permissionList){
+    private boolean otherActionPermissionValidRouter(String deStorageMode, EntityBase entity , String action , Object srfKey , JSONObject permissionList){
 
         if(deStorageMode.equalsIgnoreCase("sql")){
             return sqlPermissionValid(entity , action , srfKey, permissionList);