laizhilong 发布系统代码

5274a109 · ibizdev · be10eac6 · 5274a109 · 5274a109 · 5274a109
--- a/app_web/src/locale/lanres/sys-role-permission/sys-role-permission_en_US.ts
+++ b/app_web/src/locale/lanres/sys-role-permission/sys-role-permission_en_US.ts
@@ -10,6 +10,8 @@ export default {
    createdate: '建立时间',
    updatedate: '更新时间',
    systemid: '系统标识',
+    updateman: '更新人',
+    createman: '建立人',
  },
 	views: {
 		mpickupview: {

--- a/app_web/src/locale/lanres/sys-role-permission/sys-role-permission_zh_CN.ts
+++ b/app_web/src/locale/lanres/sys-role-permission/sys-role-permission_zh_CN.ts
@@ -9,6 +9,8 @@ export default {
    createdate: '建立时间',
    updatedate: '更新时间',
    systemid: '系统标识',
+    updateman: '更新人',
+    createman: '建立人',
  },
 	views: {
 		mpickupview: {

--- a/app_web/src/widgets/sys-role-permission/default-drbar/default-drbar-model.ts
+++ b/app_web/src/widgets/sys-role-permission/default-drbar/default-drbar-model.ts
@@ -42,6 +42,12 @@ export default class DefaultModel {
      {
        name: 'systemid',
      },
+      {
+        name: 'updateman',
+      },
+      {
+        name: 'createman',
+      },
    ]
  }


--- a/app_web/src/widgets/sys-role-permission/mpickup-viewpickupviewpanel-pickupviewpanel/mpickup-viewpickupviewpanel-pickupviewpanel-model.ts
+++ b/app_web/src/widgets/sys-role-permission/mpickup-viewpickupviewpanel-pickupviewpanel/mpickup-viewpickupviewpanel-pickupviewpanel-model.ts
@@ -42,6 +42,12 @@ export default class MPickupViewpickupviewpanelModel {
      {
        name: 'systemid',
      },
+      {
+        name: 'updateman',
+      },
+      {
+        name: 'createman',
+      },
    ]
  }


--- a/app_web/src/widgets/sys-role-permission/pickup-viewpickupviewpanel-pickupviewpanel/pickup-viewpickupviewpanel-pickupviewpanel-model.ts
+++ b/app_web/src/widgets/sys-role-permission/pickup-viewpickupviewpanel-pickupviewpanel/pickup-viewpickupviewpanel-pickupviewpanel-model.ts
@@ -42,6 +42,12 @@ export default class PickupViewpickupviewpanelModel {
      {
        name: 'systemid',
      },
+      {
+        name: 'updateman',
+      },
+      {
+        name: 'createman',
+      },
    ]
  }


--- a/ibzuaa-core/src/main/java/cn/ibizlab/core/uaa/domain/SYS_ROLE_PERMISSION.java
+++ b/ibzuaa-core/src/main/java/cn/ibizlab/core/uaa/domain/SYS_ROLE_PERMISSION.java
@@ -108,6 +108,22 @@ public class SYS_ROLE_PERMISSION extends EntityMP implements Serializable {
    @JSONField(name = "systemid")
    @JsonProperty("systemid")
    private String systemid;
+    /**
+     * 更新人
+     */
+    @DEField(preType = DEPredefinedFieldType.UPDATEMAN)
+    @TableField(value = "updateman")
+    @JSONField(name = "updateman")
+    @JsonProperty("updateman")
+    private String updateman;
+    /**
+     * 建立人
+     */
+    @DEField(preType = DEPredefinedFieldType.CREATEMAN)
+    @TableField(value = "createman" , fill = FieldFill.INSERT)
+    @JSONField(name = "createman")
+    @JsonProperty("createman")
+    private String createman;

    /**
     * 资源

--- a/ibzuaa-core/src/main/resources/liquibase/h2_table.xml
+++ b/ibzuaa-core/src/main/resources/liquibase/h2_table.xml
@@ -36,7 +36,7 @@
        </createTable>
    </changeSet>
    <!--输出实体[SYS_ROLE_PERMISSION]数据结构 -->
-    <changeSet author="a_A_5d9d78509" id="tab-sys_role_permission-59-2">
+    <changeSet author="a_A_5d9d78509" id="tab-sys_role_permission-64-2">
        <createTable tableName="IBZROLE_PERMISSION">
                <column name="SYS_ROLE_PERMISSIONID" remarks="" type="VARCHAR(100)">
                    <constraints primaryKey="true" primaryKeyName="PK_SYS_ROLE_PERMISSION_SYS_ROL"/>
@@ -57,6 +57,10 @@
                </column>
                <column name="SYSTEMID" remarks="" type="VARCHAR(100)">
                </column>
+                <column name="UPDATEMAN" remarks="" type="VARCHAR(60)">
+                </column>
+                <column name="CREATEMAN" remarks="" type="VARCHAR(60)">
+                </column>
        </createTable>
    </changeSet>
    <!--输出实体[SYS_USER]数据结构 -->
@@ -188,7 +192,7 @@

        <!--输出实体[SYS_PSDEOPPRIV]外键关系 -->
        <!--输出实体[SYS_ROLE_PERMISSION]外键关系 -->
-    <changeSet author="a_A_5d9d78509" id="fk-sys_role_permission-59-10">
+    <changeSet author="a_A_5d9d78509" id="fk-sys_role_permission-64-10">
       <addForeignKeyConstraint baseColumnNames="SYS_PERMISSIONID" baseTableName="IBZROLE_PERMISSION" constraintName="DER1N_SYS_ROLE_PERMISSION_SYS_" deferrable="false" initiallyDeferred="false" onDelete="RESTRICT" onUpdate="RESTRICT" referencedColumnNames="SYS_PERMISSIONID" referencedTableName="IBZPERMISSION" validate="true"/>
    </changeSet>
        <!--输出实体[SYS_USER]外键关系 -->

--- a/ibzuaa-core/src/main/resources/mapper/uaa/sys_role_permission/SYS_ROLE_PERMISSIONMapper.xml
+++ b/ibzuaa-core/src/main/resources/mapper/uaa/sys_role_permission/SYS_ROLE_PERMISSIONMapper.xml
@@ -4,6 +4,9 @@
 <mapper	namespace="cn.ibizlab.core.uaa.mapper.SYS_ROLE_PERMISSIONMapper">

    <!--该方法用于重写mybatis中selectById方法，以实现查询逻辑属性-->
+	<select id="selectById"  resultMap="SYS_ROLE_PERMISSIONResultMap" databaseId="mysql">
+        <![CDATA[select t1.* from (SELECT t1.`CREATEDATE`, t1.`CREATEMAN`, t1.`SYSTEMID`, t1.`SYS_PERMISSIONID`, t1.`SYS_PERMISSIONNAME`, t1.`SYS_ROLEID`, t1.`SYS_ROLENAME`, t1.`SYS_ROLE_PERMISSIONID`, t1.`SYS_ROLE_PERMISSIONNAME`, t1.`UPDATEDATE`, t1.`UPDATEMAN` FROM `IBZROLE_PERMISSION` t1  ) t1 where sys_role_permissionid=#{id}]]>
+    </select>

    <!--通过mybatis将查询结果注入到entity中,通过配置autoMapping="true"由mybatis自动处理映射关系 -->
    <resultMap id="SYS_ROLE_PERMISSIONResultMap" type="cn.ibizlab.core.uaa.domain.SYS_ROLE_PERMISSION" autoMapping="true">
@@ -56,16 +59,22 @@

    <!--数据查询[Default]-->
    <sql id="Default" databaseId="mysql">
-       <![CDATA[	SELECT t1.`CREATEDATE`, t1.`SYSTEMID`, t1.`SYS_PERMISSIONID`, t1.`SYS_PERMISSIONNAME`, t1.`SYS_ROLEID`, t1.`SYS_ROLENAME`, t1.`SYS_ROLE_PERMISSIONID`, t1.`SYS_ROLE_PERMISSIONNAME`, t1.`UPDATEDATE` FROM `IBZROLE_PERMISSION` t1  
+       <![CDATA[	SELECT t1.`CREATEDATE`, t1.`CREATEMAN`, t1.`SYSTEMID`, t1.`SYS_PERMISSIONID`, t1.`SYS_PERMISSIONNAME`, t1.`SYS_ROLEID`, t1.`SYS_ROLENAME`, t1.`SYS_ROLE_PERMISSIONID`, t1.`SYS_ROLE_PERMISSIONNAME`, t1.`UPDATEDATE`, t1.`UPDATEMAN` FROM `IBZROLE_PERMISSION` t1  
 			]]>
    </sql>

    <!--数据查询[Permissionenable1]-->
    <sql id="Permissionenable1" databaseId="mysql">
-       <![CDATA[	SELECT t1.`CREATEDATE`, t1.`SYSTEMID`, t1.`SYS_PERMISSIONID`, t1.`SYS_PERMISSIONNAME`, t1.`SYS_ROLEID`, t1.`SYS_ROLENAME`, t1.`SYS_ROLE_PERMISSIONID`, t1.`SYS_ROLE_PERMISSIONNAME`, t1.`UPDATEDATE` FROM `IBZROLE_PERMISSION` t1  LEFT JOIN IBZPERMISSION t11 ON t1.SYS_PERMISSIONID = t11.SYS_PERMISSIONID  
+       <![CDATA[	SELECT t1.`CREATEDATE`, t1.`SYSTEMID`, t1.`SYS_PERMISSIONID`, t1.`SYS_PERMISSIONNAME`, t1.`SYS_ROLEID`, t1.`SYS_ROLENAME`, t1.`SYS_ROLE_PERMISSIONID`, t1.`SYS_ROLE_PERMISSIONNAME`, t1.`UPDATEDATE` FROM `IBZROLE_PERMISSION` t1  INNER JOIN IBZPERMISSION t11 ON t1.SYS_PERMISSIONID = t11.SYS_PERMISSIONID  WHERE t11.ENABLE=1 
 				 WHERE 	( t11.enable=1 )
 			]]>
    </sql>

+    <!--数据查询[View]-->
+    <sql id="View" databaseId="mysql">
+       <![CDATA[	SELECT t1.`CREATEDATE`, t1.`CREATEMAN`, t1.`SYSTEMID`, t1.`SYS_PERMISSIONID`, t1.`SYS_PERMISSIONNAME`, t1.`SYS_ROLEID`, t1.`SYS_ROLENAME`, t1.`SYS_ROLE_PERMISSIONID`, t1.`SYS_ROLE_PERMISSIONNAME`, t1.`UPDATEDATE`, t1.`UPDATEMAN` FROM `IBZROLE_PERMISSION` t1  
+			]]>
+    </sql>
+
 </mapper>

--- a/ibzuaa-core/src/main/resources/permission/systemResource.json
+++ b/ibzuaa-core/src/main/resources/permission/systemResource.json
@@ -8,7 +8,7 @@
    "sysmoudle":{"id":"UAA","name":"uaa"},
    "dedataset":[{"id":"Default" , "name":"DEFAULT"},{"id":"Permissionenable1" , "name":"permissionenable1"}],
    "deaction":[{"id":"Get" , "name":"Get" , "type":"BUILTIN" },{"id":"Remove" , "name":"Remove" , "type":"BUILTIN" },{"id":"GetDraft" , "name":"GetDraft" , "type":"BUILTIN" },{"id":"Create" , "name":"Create" , "type":"BUILTIN" },{"id":"CheckKey" , "name":"CheckKey" , "type":"BUILTIN" },{"id":"Save" , "name":"Save" , "type":"BUILTIN" },{"id":"Update" , "name":"Update" , "type":"BUILTIN" }],
-    "datascope":[{"id":"all","name":"全部数据"}]
+    "datascope":[{"id":"all","name":"全部数据"}, {"id":"createman","name":"创建人"}]
     }
    ,    {
    "dename":"SYS_PERMISSION",

--- a/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/dto/SYS_ROLE_PERMISSIONDTO.java
+++ b/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/dto/SYS_ROLE_PERMISSIONDTO.java
@@ -97,6 +97,22 @@ public class SYS_ROLE_PERMISSIONDTO extends DTOBase implements Serializable {
    @JsonProperty("systemid")
    private String systemid;

+    /**
+     * 属性 [UPDATEMAN]
+     *
+     */
+    @JSONField(name = "updateman")
+    @JsonProperty("updateman")
+    private String updateman;
+
+    /**
+     * 属性 [CREATEMAN]
+     *
+     */
+    @JSONField(name = "createman")
+    @JsonProperty("createman")
+    private String createman;
+

    /**
     * 设置 [SYS_ROLE_PERMISSIONNAME]

--- a/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SYS_ROLE_PERMISSIONResource.java
+++ b/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SYS_ROLE_PERMISSIONResource.java
@@ -55,7 +55,7 @@ public class SYS_ROLE_PERMISSIONResource {



-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_ROLE_PERMISSION-Get-all')")
+    @PreAuthorize("hasPermission(#sys_role_permission_id,'Get',{this.getEntity(),'Sql'})")
    @ApiOperation(value = "Get", tags = {"SYS_ROLE_PERMISSION" },  notes = "Get")
 	@RequestMapping(method = RequestMethod.GET, value = "/sys_role_permissions/{sys_role_permission_id}")
    public ResponseEntity<SYS_ROLE_PERMISSIONDTO> get(@PathVariable("sys_role_permission_id") String sys_role_permission_id) {
@@ -67,7 +67,7 @@ public class SYS_ROLE_PERMISSIONResource {



-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_ROLE_PERMISSION-Remove-all')")
+    @PreAuthorize("hasPermission('Remove',{#sys_role_permission_id,{this.getEntity(),'Sql'}})")
    @ApiOperation(value = "Remove", tags = {"SYS_ROLE_PERMISSION" },  notes = "Remove")
 	@RequestMapping(method = RequestMethod.DELETE, value = "/sys_role_permissions/{sys_role_permission_id}")
    @Transactional
@@ -94,7 +94,7 @@ public class SYS_ROLE_PERMISSIONResource {



-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_ROLE_PERMISSION-Create-all')")
+    @PreAuthorize("hasPermission('','Create',{this.getEntity(),'Sql'})")
    @ApiOperation(value = "Create", tags = {"SYS_ROLE_PERMISSION" },  notes = "Create")
 	@RequestMapping(method = RequestMethod.POST, value = "/sys_role_permissions")
    @Transactional
@@ -104,7 +104,7 @@ public class SYS_ROLE_PERMISSIONResource {
        SYS_ROLE_PERMISSIONDTO dto = sys_role_permissionMapping.toDto(domain);
 		return ResponseEntity.status(HttpStatus.OK).body(dto);
    }
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_ROLE_PERMISSION-Create-all')")
+    @PreAuthorize("hasPermission('','Create',{this.getEntity(),'Sql'})")
    @ApiOperation(value = "createBatch", tags = {"SYS_ROLE_PERMISSION" },  notes = "createBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "/sys_role_permissions/batch")
    public ResponseEntity<Boolean> createBatch(@RequestBody List<SYS_ROLE_PERMISSIONDTO> sys_role_permissiondtos) {
@@ -140,7 +140,7 @@ public class SYS_ROLE_PERMISSIONResource {



-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_ROLE_PERMISSION-Update-all')")
+    @PreAuthorize("hasPermission(#sys_role_permission_id,'Update',{this.getEntity(),'Sql'})")
    @ApiOperation(value = "Update", tags = {"SYS_ROLE_PERMISSION" },  notes = "Update")
 	@RequestMapping(method = RequestMethod.PUT, value = "/sys_role_permissions/{sys_role_permission_id}")
    @Transactional
@@ -152,7 +152,7 @@ public class SYS_ROLE_PERMISSIONResource {
        return ResponseEntity.status(HttpStatus.OK).body(dto);
    }

-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_ROLE_PERMISSION-Update-all')")
+    @PreAuthorize("hasPermission(#sys_role_permission_id,'Update',{this.getEntity(),'Sql'})")
    @ApiOperation(value = "UpdateBatch", tags = {"SYS_ROLE_PERMISSION" },  notes = "UpdateBatch")
 	@RequestMapping(method = RequestMethod.PUT, value = "/sys_role_permissions/batch")
    public ResponseEntity<Boolean> updateBatch(@RequestBody List<SYS_ROLE_PERMISSIONDTO> sys_role_permissiondtos) {

--- a/ibzuaa-util/src/main/java/cn/ibizlab/util/security/AuthPermissionEvaluator.java
+++ b/ibzuaa-util/src/main/java/cn/ibizlab/util/security/AuthPermissionEvaluator.java
@@ -39,10 +39,6 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
     * 实体行为操作标识
     */
    private String DEActionType="DEACTION";
-    /**
-     * 实体数据集操作标识
-     */
-    private String DataSetTag="DATASET";
    /**
     *实体主键标识
     */
@@ -63,61 +59,6 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
    @Override
    public boolean hasPermission(Authentication authentication, Object deAction, Object gridParam) {

-        //未开启权限校验、超级管理员则不进行权限检查
-        if(AuthenticationUser.getAuthenticationUser().getSuperuser()==1  || !enablePermissionValid)
-            return true;
-
-        String action = "";
-        String deStorageMode;
-        if (deAction instanceof String)
-            action = (String) deAction;
-
-        if (StringUtils.isEmpty(action))
-            return false;
-
-        //获取当前用户权限列表
-        JSONObject userPermission= AuthenticationUser.getAuthenticationUser().getPermissionList();
-
-        if(userPermission==null)
-            return false;
-
-        List gridParamList = (ArrayList) gridParam;
-        if(action.equalsIgnoreCase("remove")){
-            //准备参数
-            Object srfKey =gridParamList.get(0);
-            EntityBase entity = (EntityBase) gridParamList.get(1);
-            deStorageMode= (String) gridParamList.get(2);
-            String entityName = entity.getClass().getSimpleName();
-
-            //获取实体行为权限信息
-            JSONObject permissionList=userPermission.getJSONObject("entities");
-
-            //检查是否有操作权限[create.update.delete.read]
-            if(!validDEActionHasPermission(permissionList,entityName,action)){
-                return false;
-            }
-            //检查是否有数据权限
-            return deActionPermissionValidRouter(deStorageMode, entity , action , srfKey, permissionList);
-        }
-        else{
-            //准备参数
-            Object searchContext=gridParamList.get(0);
-            String dataSetName=String.valueOf(gridParamList.get(1));
-            EntityBase entity = (EntityBase) gridParamList.get(2);
-            deStorageMode= (String) gridParamList.get(3);
-            String entityName = entity.getClass().getSimpleName();
-
-            //获取数据集权限信息
-            JSONObject permissionList=userPermission.getJSONObject("entities");
-
-            if(StringUtils.isEmpty(entityName)|| StringUtils.isEmpty(dataSetName))
-                return false;
-
-            //检查是否有访问数据集的权限
-            if(!validDataSetHasPermission(permissionList,entityName,dataSetName)){
-                return false;
-            }
-        }
                return true;
    }

@@ -211,33 +152,6 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
        return hasPermission;
    }

-    /**
-     * 数据集合权限校验
-     * @param userPermission
-     * @param entityName
-     * @param dataSetName
-     * userPermission:{"ENTITY":{"DEACTION":{"READ":["CURORG"]},"DATASET":{"Default":["CURORG"]}}}
-     * @return
-     */
-    private boolean validDataSetHasPermission(JSONObject userPermission,String entityName ,String dataSetName){
-
-        boolean hasPermission=false;
-        if(userPermission==null)
-            return false;
-        if(!userPermission.containsKey(entityName))
-            return false;
-        JSONObject entity=userPermission.getJSONObject(entityName);//获取实体
-        if(!entity.containsKey(DataSetTag))
-            return false;
-        JSONObject dataSetList=entity.getJSONObject(DataSetTag);//获取数据集
-        if(!dataSetList.containsKey(dataSetName))
-            return false;
-        JSONArray dataRange=dataSetList.getJSONArray(dataSetName);//获取数据范围
-        if(dataRange!=null && dataRange.size()>0){
-            hasPermission=true;
-        }
-        return hasPermission;
-    }

    /**
     * 根据实体存储模式，进行鉴权
@@ -366,28 +280,28 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {

        for(int i=0;i<oppriList.size();i++){
            String permissionCond=oppriList.getString(i);//权限配置条件
-            if(permissionCond.equals("CURORG")){   //本单位
+            if(permissionCond.equals("curorg")){   //本单位
                permissionSQL.or(new QueryBuilder().and(orgField).is(AuthenticationUser.getAuthenticationUser().getOrgid()).get());
            }
-            else if(permissionCond.equals("PORG")){//上级单位
+            else if(permissionCond.equals("porg")){//上级单位
                permissionSQL.or(new QueryBuilder().and(orgField).in(formatStringArr(orgParent)).get());
            }
-            else if(permissionCond.equals("SORG")){//下级单位
+            else if(permissionCond.equals("sorg")){//下级单位
                permissionSQL.or(new QueryBuilder().and(orgField).in(formatStringArr(orgChild)).get());
            }
-            else if(permissionCond.equals("CREATEMAN")){//建立人
+            else if(permissionCond.equals("createman")){//建立人
                permissionSQL.or(new QueryBuilder().and(createManField).is(AuthenticationUser.getAuthenticationUser().getUserid()).get());
            }
-            else if(permissionCond.equals("CURORGDEPT")){//本部门
+            else if(permissionCond.equals("curorgdept")){//本部门
                permissionSQL.or(new QueryBuilder().and(orgDeptField).is(AuthenticationUser.getAuthenticationUser().getMdeptid()).get());
            }
-            else if(permissionCond.equals("PORGDEPT")){//上级部门
+            else if(permissionCond.equals("porgdept")){//上级部门
                permissionSQL.or(new QueryBuilder().and(orgDeptField).in(formatStringArr(orgDeptParent)).get());
            }
-            else if(permissionCond.equals("SORGDEPT")){//下级部门
+            else if(permissionCond.equals("sorgdept")){//下级部门
                permissionSQL.or(new QueryBuilder().and(orgDeptField).in(formatStringArr(orgDeptChild)).get());
            }
-            else if(permissionCond.equals("ALL")){
+            else if(permissionCond.equals("all")){
                permissionSQL.or(new QueryBuilder().get());
            }
        }
@@ -417,28 +331,28 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
        for(int i=0;i<oppriList.size();i++){
            permissionSQL.append("OR");
            String permissionCond=oppriList.getString(i);//权限配置条件
-            if(permissionCond.equals("CURORG")){   //本单位
+            if(permissionCond.equals("curorg")){   //本单位
                permissionSQL.append(String.format("(%s='%s')",orgField,AuthenticationUser.getAuthenticationUser().getOrgid()));
            }
-            else if(permissionCond.equals("PORG")){//上级单位
+            else if(permissionCond.equals("porg")){//上级单位
                permissionSQL.append(String.format(" %s in(%s) ", orgField, formatStringArr(orgParent)));
            }
-            else if(permissionCond.equals("SORG")){//下级单位
+            else if(permissionCond.equals("sorg")){//下级单位
                permissionSQL.append(String.format(" %s in(%s) ", orgField, formatStringArr(orgChild)));
            }
-            else if(permissionCond.equals("CREATEMAN")){//建立人
+            else if(permissionCond.equals("createman")){//建立人
                permissionSQL.append(String.format("(%s='%s')",createManField,AuthenticationUser.getAuthenticationUser().getUserid()));
            }
-            else if(permissionCond.equals("CURORGDEPT")){//本部门
+            else if(permissionCond.equals("curorgdept")){//本部门
                permissionSQL.append(String.format("(%s='%s')",orgDeptField,AuthenticationUser.getAuthenticationUser().getMdeptid()));
            }
-            else if(permissionCond.equals("PORGDEPT")){//上级部门
+            else if(permissionCond.equals("porgdept")){//上级部门
                permissionSQL.append(String.format(" %s in (%s) ", orgDeptField, formatStringArr(orgDeptParent)));
            }
-            else if(permissionCond.equals("SORGDEPT")){//下级部门
+            else if(permissionCond.equals("sorgdept")){//下级部门
                permissionSQL.append(String.format(" %s in (%s) ", orgDeptField, formatStringArr(orgDeptChild)));
            }
-            else if(permissionCond.equals("ALL")){//全部数据
+            else if(permissionCond.equals("all")){//全部数据
                permissionSQL.append("(1=1)");
            }
            else{