zhouweidong@lab.ibiz5.com 部署微服务应用

53c4ecb6 · ibizdev · 4c8af2d8 · 53c4ecb6 · 53c4ecb6 · 53c4ecb6
--- a/app_web/src/widgets/sys-auth-log/main-grid/main-grid-base.vue
+++ b/app_web/src/widgets/sys-auth-log/main-grid/main-grid-base.vue
@@ -25,7 +25,6 @@
                <el-table-column show-overflow-tooltip :prop="'username'" :label="$t('entities.sysauthlog.main_grid.columns.username')" :width="250"  :align="'left'" :sortable="'custom'">
                    <template v-slot:header="{column}">
                      <span class="column-header ">
                        {{$t('entities.sysauthlog.main_grid.columns.username')}}
                      </span>
                    </template>
@@ -38,7 +37,6 @@
                <el-table-column show-overflow-tooltip :prop="'personname'" :label="$t('entities.sysauthlog.main_grid.columns.personname')" :width="250"  :align="'left'" :sortable="'custom'">
                    <template v-slot:header="{column}">
                      <span class="column-header ">
                        {{$t('entities.sysauthlog.main_grid.columns.personname')}}
                      </span>
                    </template>
@@ -51,7 +49,6 @@
                <el-table-column show-overflow-tooltip :prop="'authtime'" :label="$t('entities.sysauthlog.main_grid.columns.authtime')" :width="250"  :align="'left'" :sortable="'custom'">
                    <template v-slot:header="{column}">
                      <span class="column-header ">
                        {{$t('entities.sysauthlog.main_grid.columns.authtime')}}
                      </span>
                    </template>
@@ -64,7 +61,6 @@
                <el-table-column show-overflow-tooltip :prop="'authcode'" :label="$t('entities.sysauthlog.main_grid.columns.authcode')" :width="100"  :align="'left'" :sortable="'custom'">
                    <template v-slot:header="{column}">
                      <span class="column-header ">
                        {{$t('entities.sysauthlog.main_grid.columns.authcode')}}
                      </span>
                    </template>
@@ -79,7 +75,6 @@
                <el-table-column show-overflow-tooltip :prop="'ipaddr'" :label="$t('entities.sysauthlog.main_grid.columns.ipaddr')" :width="250"  :align="'left'" :sortable="'custom'">
                    <template v-slot:header="{column}">
                      <span class="column-header ">
                        {{$t('entities.sysauthlog.main_grid.columns.ipaddr')}}
                      </span>
                    </template>
@@ -92,7 +87,6 @@
                <el-table-column show-overflow-tooltip :prop="'macaddr'" :label="$t('entities.sysauthlog.main_grid.columns.macaddr')" :width="250"  :align="'left'" :sortable="'custom'">
                    <template v-slot:header="{column}">
                      <span class="column-header ">
                        {{$t('entities.sysauthlog.main_grid.columns.macaddr')}}
                      </span>
                    </template>
@@ -105,7 +99,6 @@
                <el-table-column show-overflow-tooltip :prop="'useragent'" :label="$t('entities.sysauthlog.main_grid.columns.useragent')" :width="250"  :align="'left'" :sortable="'custom'">
                    <template v-slot:header="{column}">
                      <span class="column-header ">
                        {{$t('entities.sysauthlog.main_grid.columns.useragent')}}
                      </span>
                    </template>
@@ -118,7 +111,6 @@
                <el-table-column show-overflow-tooltip :prop="'domain'" :label="$t('entities.sysauthlog.main_grid.columns.domain')" :width="100"  :align="'left'" :sortable="'custom'">
                    <template v-slot:header="{column}">
                      <span class="column-header ">
                        {{$t('entities.sysauthlog.main_grid.columns.domain')}}
                      </span>
                    </template>

--- a/app_web/src/widgets/sys-permission/main-grid/main-grid-base.vue
+++ b/app_web/src/widgets/sys-permission/main-grid/main-grid-base.vue
@@ -25,7 +25,6 @@
                <el-table-column show-overflow-tooltip :prop="'sys_permissionid'" :label="$t('entities.syspermission.main_grid.columns.sys_permissionid')" :width="150"  :align="'left'" :sortable="'custom'">
                    <template v-slot:header="{column}">
                      <span class="column-header ">
                        {{$t('entities.syspermission.main_grid.columns.sys_permissionid')}}
                      </span>
                    </template>
@@ -38,7 +37,6 @@
                <el-table-column show-overflow-tooltip :prop="'sys_permissionname'" :label="$t('entities.syspermission.main_grid.columns.sys_permissionname')" :width="250"  :align="'left'" :sortable="'custom'">
                    <template v-slot:header="{column}">
                      <span class="column-header ">
                        {{$t('entities.syspermission.main_grid.columns.sys_permissionname')}}
                      </span>
                    </template>

--- a/app_web/src/widgets/sys-role-permission/main-grid/main-grid-base.vue
+++ b/app_web/src/widgets/sys-role-permission/main-grid/main-grid-base.vue
@@ -25,7 +25,6 @@
                <el-table-column show-overflow-tooltip :prop="'sys_rolename'" :label="$t('entities.sysrolepermission.main_grid.columns.sys_rolename')" :width="250"  :align="'left'" :sortable="'custom'">
                    <template v-slot:header="{column}">
                      <span class="column-header ">
                        {{$t('entities.sysrolepermission.main_grid.columns.sys_rolename')}}
                      </span>
                    </template>
@@ -45,7 +44,6 @@
                <el-table-column show-overflow-tooltip :prop="'sys_permissionname'" :label="$t('entities.sysrolepermission.main_grid.columns.sys_permissionname')" :width="250"  :align="'left'" :sortable="'custom'">
                    <template v-slot:header="{column}">
                      <span class="column-header ">
                        {{$t('entities.sysrolepermission.main_grid.columns.sys_permissionname')}}
                      </span>
                    </template>
@@ -65,7 +63,6 @@
                <el-table-column show-overflow-tooltip :prop="'updatedate'" :label="$t('entities.sysrolepermission.main_grid.columns.updatedate')" :width="250"  :align="'left'" :sortable="'custom'">
                    <template v-slot:header="{column}">
                      <span class="column-header ">
                        {{$t('entities.sysrolepermission.main_grid.columns.updatedate')}}
                      </span>
                    </template>

--- a/app_web/src/widgets/sys-role/main-grid/main-grid-base.vue
+++ b/app_web/src/widgets/sys-role/main-grid/main-grid-base.vue
@@ -25,7 +25,6 @@
                <el-table-column show-overflow-tooltip :prop="'sys_roleid'" :label="$t('entities.sysrole.main_grid.columns.sys_roleid')" :width="250"  :align="'left'" :sortable="'custom'">
                    <template v-slot:header="{column}">
                      <span class="column-header ">
                        {{$t('entities.sysrole.main_grid.columns.sys_roleid')}}
                      </span>
                    </template>
@@ -38,7 +37,6 @@
                <el-table-column show-overflow-tooltip :prop="'sys_rolename'" :label="$t('entities.sysrole.main_grid.columns.sys_rolename')" :width="350"  :align="'left'" :sortable="'custom'">
                    <template v-slot:header="{column}">
                      <span class="column-header ">
                        {{$t('entities.sysrole.main_grid.columns.sys_rolename')}}
                      </span>
                    </template>
@@ -51,7 +49,6 @@
                <el-table-column show-overflow-tooltip :prop="'memo'" :label="$t('entities.sysrole.main_grid.columns.memo')" :width="250"  :align="'left'" :sortable="'custom'">
                    <template v-slot:header="{column}">
                      <span class="column-header ">
                        {{$t('entities.sysrole.main_grid.columns.memo')}}
                      </span>
                    </template>
@@ -64,7 +61,6 @@
                <el-table-column show-overflow-tooltip :prop="'updatedate'" :label="$t('entities.sysrole.main_grid.columns.updatedate')" :width="250"  :align="'left'" :sortable="'custom'">
                    <template v-slot:header="{column}">
                      <span class="column-header ">
                        {{$t('entities.sysrole.main_grid.columns.updatedate')}}
                      </span>
                    </template>

--- a/app_web/src/widgets/sys-user-role/main-grid/main-grid-base.vue
+++ b/app_web/src/widgets/sys-user-role/main-grid/main-grid-base.vue
@@ -25,7 +25,6 @@
                <el-table-column show-overflow-tooltip :prop="'sys_username'" :label="$t('entities.sysuserrole.main_grid.columns.sys_username')" :width="250"  :align="'left'" :sortable="'custom'">
                    <template v-slot:header="{column}">
                      <span class="column-header ">
                        {{$t('entities.sysuserrole.main_grid.columns.sys_username')}}
                      </span>
                    </template>
@@ -45,7 +44,6 @@
                <el-table-column show-overflow-tooltip :prop="'sys_rolename'" :label="$t('entities.sysuserrole.main_grid.columns.sys_rolename')" :width="250"  :align="'left'" :sortable="'custom'">
                    <template v-slot:header="{column}">
                      <span class="column-header ">
                        {{$t('entities.sysuserrole.main_grid.columns.sys_rolename')}}
                      </span>
                    </template>
@@ -65,7 +63,6 @@
                <el-table-column show-overflow-tooltip :prop="'updatedate'" :label="$t('entities.sysuserrole.main_grid.columns.updatedate')" :width="250"  :align="'left'" :sortable="'custom'">
                    <template v-slot:header="{column}">
                      <span class="column-header ">
                        {{$t('entities.sysuserrole.main_grid.columns.updatedate')}}
                      </span>
                    </template>

--- a/app_web/src/widgets/sys-user/main-grid/main-grid-base.vue
+++ b/app_web/src/widgets/sys-user/main-grid/main-grid-base.vue
@@ -25,7 +25,6 @@
                <el-table-column show-overflow-tooltip :prop="'userid'" :label="$t('entities.sysuser.main_grid.columns.userid')" :width="250"  :align="'left'" :sortable="'custom'">
                    <template v-slot:header="{column}">
                      <span class="column-header ">
                        {{$t('entities.sysuser.main_grid.columns.userid')}}
                      </span>
                    </template>
@@ -38,7 +37,6 @@
                <el-table-column show-overflow-tooltip :prop="'username'" :label="$t('entities.sysuser.main_grid.columns.username')" :width="250"  :align="'left'" :sortable="'custom'">
                    <template v-slot:header="{column}">
                      <span class="column-header ">
                        {{$t('entities.sysuser.main_grid.columns.username')}}
                      </span>
                    </template>
@@ -51,7 +49,6 @@
                <el-table-column show-overflow-tooltip :prop="'personname'" :label="$t('entities.sysuser.main_grid.columns.personname')" :width="250"  :align="'left'" :sortable="'custom'">
                    <template v-slot:header="{column}">
                      <span class="column-header ">
                        {{$t('entities.sysuser.main_grid.columns.personname')}}
                      </span>
                    </template>

--- a/config.xml
+++ b/config.xml
@@ -37,6 +37,11 @@
 	  git clone -b master $para2 ibzuaa/
      export NODE_OPTIONS=--max-old-space-size=4096
      cd ibzuaa/
+      mvn clean package -Pweb
+      cd ibzuaa-app/ibzuaa-app-web
+      mvn -Pweb docker:build
+      mvn -Pweb docker:push
+      docker -H $para1 stack deploy --compose-file=src/main/docker/ibzuaa-app-web.yaml ibzlab-rt --with-registry-auth
      </command>
    </hudson.tasks.Shell>
  </builders>

--- a/ibzuaa-app/ibzuaa-app-web/src/main/docker/Dockerfile
+++ b/ibzuaa-app/ibzuaa-app-web/src/main/docker/Dockerfile
@@ -9,6 +9,6 @@ CMD echo "The application will start in ${IBZ_SLEEP}s..." && \
    sleep ${IBZ_SLEEP} && \
    java ${JAVA_OPTS} -Djava.security.egd=file:/dev/./urandom -jar /ibzuaa-app-web.jar
-EXPOSE 8080
+EXPOSE 30002
 ADD ibzuaa-app-web.jar /ibzuaa-app-web.jar
--- a/ibzuaa-app/ibzuaa-app-web/src/main/docker/ibzuaa-app-web.yaml
+++ b/ibzuaa-app/ibzuaa-app-web/src/main/docker/ibzuaa-app-web.yaml
@@ -3,9 +3,23 @@ services:
  ibzuaa-app-web:
    image: registry.cn-shanghai.aliyuncs.com/ibizsys/ibzuaa-app-web:latest
    ports:
-      - "8080:8080"
+      - "30002:30002"
    networks:
      - agent_network
+    environment:
+      - SPRING_CLOUD_NACOS_DISCOVERY_IP=172.16.180.237
+      - SERVER_PORT=30002
+      - SPRING_CLOUD_NACOS_DISCOVERY_SERVER-ADDR=172.16.102.211:8848
+      - SPRING_REDIS_HOST=172.16.100.243
+      - SPRING_REDIS_PORT=6379
+      - SPRING_REDIS_DATABASE=0
+      - SPRING_DATASOURCE_USERNAME=a_A_5d9d78509
+      - SPRING_DATASOURCE_PASSWORD=@6dEfb3@
+      - SPRING_DATASOURCE_URL=jdbc:mysql://172.16.180.232:3306/a_A_5d9d78509?autoReconnect=true&useUnicode=true&characterEncoding=UTF-8&useOldAliasMetadataBehavior=true
+      - SPRING_DATASOURCE_DRIVER-CLASS-NAME=com.mysql.jdbc.Driver
+      - SPRING_DATASOURCE_DEFAULTSCHEMA=a_A_5d9d78509
+      - ABC=1
+      - DEC=2
    deploy:
      mode: replicated
      replicas: 1

--- a/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SysAuthLogResource.java
+++ b/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SysAuthLogResource.java
@@ -22,6 +22,7 @@ import org.springframework.data.domain.Pageable;
 import org.springframework.util.StringUtils;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.access.prepost.PostAuthorize;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiResponse;
@@ -47,7 +48,6 @@ public class SysAuthLogResource {
    public SysAuthLogDTO permissionDTO=new SysAuthLogDTO();
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SysAuthLog-GetDraft-all')")
    @ApiOperation(value = "GetDraft", tags = {"SysAuthLog" },  notes = "GetDraft")
 	@RequestMapping(method = RequestMethod.GET, value = "/sysauthlogs/getdraft")
    public ResponseEntity<SysAuthLogDTO> getDraft() {
@@ -60,13 +60,13 @@ public class SysAuthLogResource {
    @Transactional
    public ResponseEntity<SysAuthLogDTO> update(@PathVariable("sysauthlog_id") String sysauthlog_id, @RequestBody SysAuthLogDTO sysauthlogdto) {
 		SysAuthLog domain  = sysauthlogMapping.toDomain(sysauthlogdto);
-        domain.setLogid(sysauthlog_id);
+        domain .setLogid(sysauthlog_id);
-		sysauthlogService.update(domain);
+		sysauthlogService.update(domain );
-		SysAuthLogDTO dto = sysauthlogMapping.toDto(domain);
+		SysAuthLogDTO dto = sysauthlogMapping.toDto(domain );
        return ResponseEntity.status(HttpStatus.OK).body(dto);
    }
-    @PreAuthorize("hasPermission('Update',{'Sql',this.sysauthlogMapping,#sysauthlogdtos})")
+    //@PreAuthorize("hasPermission('Update',{'Sql',this.sysauthlogMapping,#sysauthlogdtos})")
    @ApiOperation(value = "UpdateBatch", tags = {"SysAuthLog" },  notes = "UpdateBatch")
 	@RequestMapping(method = RequestMethod.PUT, value = "/sysauthlogs/batch")
    public ResponseEntity<Boolean> updateBatch(@RequestBody List<SysAuthLogDTO> sysauthlogdtos) {
@@ -82,7 +82,7 @@ public class SysAuthLogResource {
         return ResponseEntity.status(HttpStatus.OK).body(sysauthlogService.remove(sysauthlog_id));
    }
-    @PreAuthorize("hasPermission('Remove',{'Sql',this.sysauthlogMapping,this.permissionDTO,#ids})")
+    //@PreAuthorize("hasPermission('Remove',{'Sql',this.sysauthlogMapping,this.permissionDTO,#ids})")
    @ApiOperation(value = "RemoveBatch", tags = {"SysAuthLog" },  notes = "RemoveBatch")
 	@RequestMapping(method = RequestMethod.DELETE, value = "/sysauthlogs/batch")
    public ResponseEntity<Boolean> removeBatch(@RequestBody List<String> ids) {
@@ -101,7 +101,7 @@ public class SysAuthLogResource {
 		return ResponseEntity.status(HttpStatus.OK).body(dto);
    }
-    @PreAuthorize("hasPermission('Create',{'Sql',this.sysauthlogMapping,#sysauthlogdtos})")
+    //@PreAuthorize("hasPermission('Create',{'Sql',this.sysauthlogMapping,#sysauthlogdtos})")
    @ApiOperation(value = "createBatch", tags = {"SysAuthLog" },  notes = "createBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "/sysauthlogs/batch")
    public ResponseEntity<Boolean> createBatch(@RequestBody List<SysAuthLogDTO> sysauthlogdtos) {
@@ -109,7 +109,6 @@ public class SysAuthLogResource {
        return  ResponseEntity.status(HttpStatus.OK).body(true);
    }
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SysAuthLog-CheckKey-all')")
    @ApiOperation(value = "CheckKey", tags = {"SysAuthLog" },  notes = "CheckKey")
 	@RequestMapping(method = RequestMethod.POST, value = "/sysauthlogs/checkkey")
    public ResponseEntity<Boolean> checkKey(@RequestBody SysAuthLogDTO sysauthlogdto) {
@@ -132,7 +131,7 @@ public class SysAuthLogResource {
        return ResponseEntity.status(HttpStatus.OK).body(sysauthlogService.save(sysauthlogMapping.toDomain(sysauthlogdto)));
    }
-    @PreAuthorize("hasPermission('Save',{'Sql',this.sysauthlogMapping,#sysauthlogdtos})")
+    //@PreAuthorize("hasPermission('Save',{'Sql',this.sysauthlogMapping,#sysauthlogdtos})")
    @ApiOperation(value = "SaveBatch", tags = {"SysAuthLog" },  notes = "SaveBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "/sysauthlogs/savebatch")
    public ResponseEntity<Boolean> saveBatch(@RequestBody List<SysAuthLogDTO> sysauthlogdtos) {

--- a/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SysPermissionResource.java
+++ b/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SysPermissionResource.java
@@ -22,6 +22,7 @@ import org.springframework.data.domain.Pageable;
 import org.springframework.util.StringUtils;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.access.prepost.PostAuthorize;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiResponse;
@@ -54,7 +55,7 @@ public class SysPermissionResource {
        return ResponseEntity.status(HttpStatus.OK).body(syspermissionService.save(syspermissionMapping.toDomain(syspermissiondto)));
    }
-    @PreAuthorize("hasPermission('Save',{'Sql',this.syspermissionMapping,#syspermissiondtos})")
+    //@PreAuthorize("hasPermission('Save',{'Sql',this.syspermissionMapping,#syspermissiondtos})")
    @ApiOperation(value = "SaveBatch", tags = {"SysPermission" },  notes = "SaveBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "/syspermissions/savebatch")
    public ResponseEntity<Boolean> saveBatch(@RequestBody List<SysPermissionDTO> syspermissiondtos) {
@@ -62,7 +63,6 @@ public class SysPermissionResource {
        return  ResponseEntity.status(HttpStatus.OK).body(true);
    }
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SysPermission-GetDraft-all')")
    @ApiOperation(value = "GetDraft", tags = {"SysPermission" },  notes = "GetDraft")
 	@RequestMapping(method = RequestMethod.GET, value = "/syspermissions/getdraft")
    public ResponseEntity<SysPermissionDTO> getDraft() {
@@ -77,7 +77,7 @@ public class SysPermissionResource {
         return ResponseEntity.status(HttpStatus.OK).body(syspermissionService.remove(syspermission_id));
    }
-    @PreAuthorize("hasPermission('Remove',{'Sql',this.syspermissionMapping,this.permissionDTO,#ids})")
+    //@PreAuthorize("hasPermission('Remove',{'Sql',this.syspermissionMapping,this.permissionDTO,#ids})")
    @ApiOperation(value = "RemoveBatch", tags = {"SysPermission" },  notes = "RemoveBatch")
 	@RequestMapping(method = RequestMethod.DELETE, value = "/syspermissions/batch")
    public ResponseEntity<Boolean> removeBatch(@RequestBody List<String> ids) {
@@ -91,13 +91,13 @@ public class SysPermissionResource {
    @Transactional
    public ResponseEntity<SysPermissionDTO> update(@PathVariable("syspermission_id") String syspermission_id, @RequestBody SysPermissionDTO syspermissiondto) {
 		SysPermission domain  = syspermissionMapping.toDomain(syspermissiondto);
-        domain.setPermissionid(syspermission_id);
+        domain .setPermissionid(syspermission_id);
-		syspermissionService.update(domain);
+		syspermissionService.update(domain );
-		SysPermissionDTO dto = syspermissionMapping.toDto(domain);
+		SysPermissionDTO dto = syspermissionMapping.toDto(domain );
        return ResponseEntity.status(HttpStatus.OK).body(dto);
    }
-    @PreAuthorize("hasPermission('Update',{'Sql',this.syspermissionMapping,#syspermissiondtos})")
+    //@PreAuthorize("hasPermission('Update',{'Sql',this.syspermissionMapping,#syspermissiondtos})")
    @ApiOperation(value = "UpdateBatch", tags = {"SysPermission" },  notes = "UpdateBatch")
 	@RequestMapping(method = RequestMethod.PUT, value = "/syspermissions/batch")
    public ResponseEntity<Boolean> updateBatch(@RequestBody List<SysPermissionDTO> syspermissiondtos) {
@@ -116,7 +116,7 @@ public class SysPermissionResource {
 		return ResponseEntity.status(HttpStatus.OK).body(dto);
    }
-    @PreAuthorize("hasPermission('Create',{'Sql',this.syspermissionMapping,#syspermissiondtos})")
+    //@PreAuthorize("hasPermission('Create',{'Sql',this.syspermissionMapping,#syspermissiondtos})")
    @ApiOperation(value = "createBatch", tags = {"SysPermission" },  notes = "createBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "/syspermissions/batch")
    public ResponseEntity<Boolean> createBatch(@RequestBody List<SysPermissionDTO> syspermissiondtos) {
@@ -124,7 +124,6 @@ public class SysPermissionResource {
        return  ResponseEntity.status(HttpStatus.OK).body(true);
    }
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SysPermission-CheckKey-all')")
    @ApiOperation(value = "CheckKey", tags = {"SysPermission" },  notes = "CheckKey")
 	@RequestMapping(method = RequestMethod.POST, value = "/syspermissions/checkkey")
    public ResponseEntity<Boolean> checkKey(@RequestBody SysPermissionDTO syspermissiondto) {

--- a/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SysRolePermissionResource.java
+++ b/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SysRolePermissionResource.java
@@ -22,6 +22,7 @@ import org.springframework.data.domain.Pageable;
 import org.springframework.util.StringUtils;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.access.prepost.PostAuthorize;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiResponse;
@@ -64,7 +65,7 @@ public class SysRolePermissionResource {
         return ResponseEntity.status(HttpStatus.OK).body(sysrolepermissionService.remove(sysrolepermission_id));
    }
-    @PreAuthorize("hasPermission('Remove',{'Sql',this.sysrolepermissionMapping,this.permissionDTO,#ids})")
+    //@PreAuthorize("hasPermission('Remove',{'Sql',this.sysrolepermissionMapping,this.permissionDTO,#ids})")
    @ApiOperation(value = "RemoveBatch", tags = {"SysRolePermission" },  notes = "RemoveBatch")
 	@RequestMapping(method = RequestMethod.DELETE, value = "/sysrolepermissions/batch")
    public ResponseEntity<Boolean> removeBatch(@RequestBody List<String> ids) {
@@ -72,7 +73,6 @@ public class SysRolePermissionResource {
        return  ResponseEntity.status(HttpStatus.OK).body(true);
    }
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SysRolePermission-GetDraft-all')")
    @ApiOperation(value = "GetDraft", tags = {"SysRolePermission" },  notes = "GetDraft")
 	@RequestMapping(method = RequestMethod.GET, value = "/sysrolepermissions/getdraft")
    public ResponseEntity<SysRolePermissionDTO> getDraft() {
@@ -90,7 +90,7 @@ public class SysRolePermissionResource {
 		return ResponseEntity.status(HttpStatus.OK).body(dto);
    }
-    @PreAuthorize("hasPermission('Create',{'Sql',this.sysrolepermissionMapping,#sysrolepermissiondtos})")
+    //@PreAuthorize("hasPermission('Create',{'Sql',this.sysrolepermissionMapping,#sysrolepermissiondtos})")
    @ApiOperation(value = "createBatch", tags = {"SysRolePermission" },  notes = "createBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "/sysrolepermissions/batch")
    public ResponseEntity<Boolean> createBatch(@RequestBody List<SysRolePermissionDTO> sysrolepermissiondtos) {
@@ -98,7 +98,6 @@ public class SysRolePermissionResource {
        return  ResponseEntity.status(HttpStatus.OK).body(true);
    }
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SysRolePermission-CheckKey-all')")
    @ApiOperation(value = "CheckKey", tags = {"SysRolePermission" },  notes = "CheckKey")
 	@RequestMapping(method = RequestMethod.POST, value = "/sysrolepermissions/checkkey")
    public ResponseEntity<Boolean> checkKey(@RequestBody SysRolePermissionDTO sysrolepermissiondto) {
@@ -112,7 +111,7 @@ public class SysRolePermissionResource {
        return ResponseEntity.status(HttpStatus.OK).body(sysrolepermissionService.save(sysrolepermissionMapping.toDomain(sysrolepermissiondto)));
    }
-    @PreAuthorize("hasPermission('Save',{'Sql',this.sysrolepermissionMapping,#sysrolepermissiondtos})")
+    //@PreAuthorize("hasPermission('Save',{'Sql',this.sysrolepermissionMapping,#sysrolepermissiondtos})")
    @ApiOperation(value = "SaveBatch", tags = {"SysRolePermission" },  notes = "SaveBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "/sysrolepermissions/savebatch")
    public ResponseEntity<Boolean> saveBatch(@RequestBody List<SysRolePermissionDTO> sysrolepermissiondtos) {
@@ -126,13 +125,13 @@ public class SysRolePermissionResource {
    @Transactional
    public ResponseEntity<SysRolePermissionDTO> update(@PathVariable("sysrolepermission_id") String sysrolepermission_id, @RequestBody SysRolePermissionDTO sysrolepermissiondto) {
 		SysRolePermission domain  = sysrolepermissionMapping.toDomain(sysrolepermissiondto);
-        domain.setRolepermissionid(sysrolepermission_id);
+        domain .setRolepermissionid(sysrolepermission_id);
-		sysrolepermissionService.update(domain);
+		sysrolepermissionService.update(domain );
-		SysRolePermissionDTO dto = sysrolepermissionMapping.toDto(domain);
+		SysRolePermissionDTO dto = sysrolepermissionMapping.toDto(domain );
        return ResponseEntity.status(HttpStatus.OK).body(dto);
    }
-    @PreAuthorize("hasPermission('Update',{'Sql',this.sysrolepermissionMapping,#sysrolepermissiondtos})")
+    //@PreAuthorize("hasPermission('Update',{'Sql',this.sysrolepermissionMapping,#sysrolepermissiondtos})")
    @ApiOperation(value = "UpdateBatch", tags = {"SysRolePermission" },  notes = "UpdateBatch")
 	@RequestMapping(method = RequestMethod.PUT, value = "/sysrolepermissions/batch")
    public ResponseEntity<Boolean> updateBatch(@RequestBody List<SysRolePermissionDTO> sysrolepermissiondtos) {
@@ -178,7 +177,7 @@ public class SysRolePermissionResource {
 		return ResponseEntity.status(HttpStatus.OK).body(sysrolepermissionService.remove(sysrolepermission_id));
    }
-    @PreAuthorize("hasPermission('Remove',{'Sql',this.sysrolepermissionMapping,this.permissionDTO,#ids})")
+    //@PreAuthorize("hasPermission('Remove',{'Sql',this.sysrolepermissionMapping,this.permissionDTO,#ids})")
    @ApiOperation(value = "RemoveBatchBySysPermission", tags = {"SysRolePermission" },  notes = "RemoveBatchBySysPermission")
 	@RequestMapping(method = RequestMethod.DELETE, value = "/syspermissions/{syspermission_id}/sysrolepermissions/batch")
    public ResponseEntity<Boolean> removeBatchBySysPermission(@RequestBody List<String> ids) {
@@ -186,7 +185,6 @@ public class SysRolePermissionResource {
        return  ResponseEntity.status(HttpStatus.OK).body(true);
    }
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SysRolePermission-GetDraft-all')")
    @ApiOperation(value = "GetDraftBySysPermission", tags = {"SysRolePermission" },  notes = "GetDraftBySysPermission")
    @RequestMapping(method = RequestMethod.GET, value = "/syspermissions/{syspermission_id}/sysrolepermissions/getdraft")
    public ResponseEntity<SysRolePermissionDTO> getDraftBySysPermission(@PathVariable("syspermission_id") String syspermission_id) {
@@ -207,7 +205,7 @@ public class SysRolePermissionResource {
 		return ResponseEntity.status(HttpStatus.OK).body(dto);
    }
-    @PreAuthorize("hasPermission('Create',{'Sql',this.sysrolepermissionMapping,#sysrolepermissiondtos})")
+    //@PreAuthorize("hasPermission('Create',{'Sql',this.sysrolepermissionMapping,#sysrolepermissiondtos})")
    @ApiOperation(value = "createBatchBySysPermission", tags = {"SysRolePermission" },  notes = "createBatchBySysPermission")
 	@RequestMapping(method = RequestMethod.POST, value = "/syspermissions/{syspermission_id}/sysrolepermissions/batch")
    public ResponseEntity<Boolean> createBatchBySysPermission(@PathVariable("syspermission_id") String syspermission_id, @RequestBody List<SysRolePermissionDTO> sysrolepermissiondtos) {
@@ -219,7 +217,6 @@ public class SysRolePermissionResource {
        return  ResponseEntity.status(HttpStatus.OK).body(true);
    }
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SysRolePermission-CheckKey-all')")
    @ApiOperation(value = "CheckKeyBySysPermission", tags = {"SysRolePermission" },  notes = "CheckKeyBySysPermission")
 	@RequestMapping(method = RequestMethod.POST, value = "/syspermissions/{syspermission_id}/sysrolepermissions/checkkey")
    public ResponseEntity<Boolean> checkKeyBySysPermission(@PathVariable("syspermission_id") String syspermission_id, @RequestBody SysRolePermissionDTO sysrolepermissiondto) {
@@ -235,7 +232,7 @@ public class SysRolePermissionResource {
        return ResponseEntity.status(HttpStatus.OK).body(sysrolepermissionService.save(domain));
    }
-    @PreAuthorize("hasPermission('Save',{'Sql',this.sysrolepermissionMapping,#sysrolepermissiondtos})")
+    //@PreAuthorize("hasPermission('Save',{'Sql',this.sysrolepermissionMapping,#sysrolepermissiondtos})")
    @ApiOperation(value = "SaveBatchBySysPermission", tags = {"SysRolePermission" },  notes = "SaveBatchBySysPermission")
 	@RequestMapping(method = RequestMethod.POST, value = "/syspermissions/{syspermission_id}/sysrolepermissions/savebatch")
    public ResponseEntity<Boolean> saveBatchBySysPermission(@PathVariable("syspermission_id") String syspermission_id, @RequestBody List<SysRolePermissionDTO> sysrolepermissiondtos) {
@@ -260,7 +257,7 @@ public class SysRolePermissionResource {
        return ResponseEntity.status(HttpStatus.OK).body(dto);
    }
-    @PreAuthorize("hasPermission('Update',{'Sql',this.sysrolepermissionMapping,#sysrolepermissiondtos})")
+    //@PreAuthorize("hasPermission('Update',{'Sql',this.sysrolepermissionMapping,#sysrolepermissiondtos})")
    @ApiOperation(value = "UpdateBatchBySysPermission", tags = {"SysRolePermission" },  notes = "UpdateBatchBySysPermission")
 	@RequestMapping(method = RequestMethod.PUT, value = "/syspermissions/{syspermission_id}/sysrolepermissions/batch")
    public ResponseEntity<Boolean> updateBatchBySysPermission(@PathVariable("syspermission_id") String syspermission_id, @RequestBody List<SysRolePermissionDTO> sysrolepermissiondtos) {
@@ -312,7 +309,7 @@ public class SysRolePermissionResource {
 		return ResponseEntity.status(HttpStatus.OK).body(sysrolepermissionService.remove(sysrolepermission_id));
    }
-    @PreAuthorize("hasPermission('Remove',{'Sql',this.sysrolepermissionMapping,this.permissionDTO,#ids})")
+    //@PreAuthorize("hasPermission('Remove',{'Sql',this.sysrolepermissionMapping,this.permissionDTO,#ids})")
    @ApiOperation(value = "RemoveBatchBySysRole", tags = {"SysRolePermission" },  notes = "RemoveBatchBySysRole")
 	@RequestMapping(method = RequestMethod.DELETE, value = "/sysroles/{sysrole_id}/sysrolepermissions/batch")
    public ResponseEntity<Boolean> removeBatchBySysRole(@RequestBody List<String> ids) {
@@ -320,7 +317,6 @@ public class SysRolePermissionResource {
        return  ResponseEntity.status(HttpStatus.OK).body(true);
    }
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SysRolePermission-GetDraft-all')")
    @ApiOperation(value = "GetDraftBySysRole", tags = {"SysRolePermission" },  notes = "GetDraftBySysRole")
    @RequestMapping(method = RequestMethod.GET, value = "/sysroles/{sysrole_id}/sysrolepermissions/getdraft")
    public ResponseEntity<SysRolePermissionDTO> getDraftBySysRole(@PathVariable("sysrole_id") String sysrole_id) {
@@ -341,7 +337,7 @@ public class SysRolePermissionResource {
 		return ResponseEntity.status(HttpStatus.OK).body(dto);
    }
-    @PreAuthorize("hasPermission('Create',{'Sql',this.sysrolepermissionMapping,#sysrolepermissiondtos})")
+    //@PreAuthorize("hasPermission('Create',{'Sql',this.sysrolepermissionMapping,#sysrolepermissiondtos})")
    @ApiOperation(value = "createBatchBySysRole", tags = {"SysRolePermission" },  notes = "createBatchBySysRole")
 	@RequestMapping(method = RequestMethod.POST, value = "/sysroles/{sysrole_id}/sysrolepermissions/batch")
    public ResponseEntity<Boolean> createBatchBySysRole(@PathVariable("sysrole_id") String sysrole_id, @RequestBody List<SysRolePermissionDTO> sysrolepermissiondtos) {
@@ -353,7 +349,6 @@ public class SysRolePermissionResource {
        return  ResponseEntity.status(HttpStatus.OK).body(true);
    }
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SysRolePermission-CheckKey-all')")
    @ApiOperation(value = "CheckKeyBySysRole", tags = {"SysRolePermission" },  notes = "CheckKeyBySysRole")
 	@RequestMapping(method = RequestMethod.POST, value = "/sysroles/{sysrole_id}/sysrolepermissions/checkkey")
    public ResponseEntity<Boolean> checkKeyBySysRole(@PathVariable("sysrole_id") String sysrole_id, @RequestBody SysRolePermissionDTO sysrolepermissiondto) {
@@ -369,7 +364,7 @@ public class SysRolePermissionResource {
        return ResponseEntity.status(HttpStatus.OK).body(sysrolepermissionService.save(domain));
    }
-    @PreAuthorize("hasPermission('Save',{'Sql',this.sysrolepermissionMapping,#sysrolepermissiondtos})")
+    //@PreAuthorize("hasPermission('Save',{'Sql',this.sysrolepermissionMapping,#sysrolepermissiondtos})")
    @ApiOperation(value = "SaveBatchBySysRole", tags = {"SysRolePermission" },  notes = "SaveBatchBySysRole")
 	@RequestMapping(method = RequestMethod.POST, value = "/sysroles/{sysrole_id}/sysrolepermissions/savebatch")
    public ResponseEntity<Boolean> saveBatchBySysRole(@PathVariable("sysrole_id") String sysrole_id, @RequestBody List<SysRolePermissionDTO> sysrolepermissiondtos) {
@@ -394,7 +389,7 @@ public class SysRolePermissionResource {
        return ResponseEntity.status(HttpStatus.OK).body(dto);
    }
-    @PreAuthorize("hasPermission('Update',{'Sql',this.sysrolepermissionMapping,#sysrolepermissiondtos})")
+    //@PreAuthorize("hasPermission('Update',{'Sql',this.sysrolepermissionMapping,#sysrolepermissiondtos})")
    @ApiOperation(value = "UpdateBatchBySysRole", tags = {"SysRolePermission" },  notes = "UpdateBatchBySysRole")
 	@RequestMapping(method = RequestMethod.PUT, value = "/sysroles/{sysrole_id}/sysrolepermissions/batch")
    public ResponseEntity<Boolean> updateBatchBySysRole(@PathVariable("sysrole_id") String sysrole_id, @RequestBody List<SysRolePermissionDTO> sysrolepermissiondtos) {

--- a/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SysRoleResource.java
+++ b/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SysRoleResource.java
@@ -22,6 +22,7 @@ import org.springframework.data.domain.Pageable;
 import org.springframework.util.StringUtils;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.access.prepost.PostAuthorize;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiResponse;
@@ -54,7 +55,7 @@ public class SysRoleResource {
        return ResponseEntity.status(HttpStatus.OK).body(sysroleService.save(sysroleMapping.toDomain(sysroledto)));
    }
-    @PreAuthorize("hasPermission('Save',{'Sql',this.sysroleMapping,#sysroledtos})")
+    //@PreAuthorize("hasPermission('Save',{'Sql',this.sysroleMapping,#sysroledtos})")
    @ApiOperation(value = "SaveBatch", tags = {"SysRole" },  notes = "SaveBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "/sysroles/savebatch")
    public ResponseEntity<Boolean> saveBatch(@RequestBody List<SysRoleDTO> sysroledtos) {
@@ -68,13 +69,13 @@ public class SysRoleResource {
    @Transactional
    public ResponseEntity<SysRoleDTO> update(@PathVariable("sysrole_id") String sysrole_id, @RequestBody SysRoleDTO sysroledto) {
 		SysRole domain  = sysroleMapping.toDomain(sysroledto);
-        domain.setRoleid(sysrole_id);
+        domain .setRoleid(sysrole_id);
-		sysroleService.update(domain);
+		sysroleService.update(domain );
-		SysRoleDTO dto = sysroleMapping.toDto(domain);
+		SysRoleDTO dto = sysroleMapping.toDto(domain );
        return ResponseEntity.status(HttpStatus.OK).body(dto);
    }
-    @PreAuthorize("hasPermission('Update',{'Sql',this.sysroleMapping,#sysroledtos})")
+    //@PreAuthorize("hasPermission('Update',{'Sql',this.sysroleMapping,#sysroledtos})")
    @ApiOperation(value = "UpdateBatch", tags = {"SysRole" },  notes = "UpdateBatch")
 	@RequestMapping(method = RequestMethod.PUT, value = "/sysroles/batch")
    public ResponseEntity<Boolean> updateBatch(@RequestBody List<SysRoleDTO> sysroledtos) {
@@ -93,7 +94,7 @@ public class SysRoleResource {
 		return ResponseEntity.status(HttpStatus.OK).body(dto);
    }
-    @PreAuthorize("hasPermission('Create',{'Sql',this.sysroleMapping,#sysroledtos})")
+    //@PreAuthorize("hasPermission('Create',{'Sql',this.sysroleMapping,#sysroledtos})")
    @ApiOperation(value = "createBatch", tags = {"SysRole" },  notes = "createBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "/sysroles/batch")
    public ResponseEntity<Boolean> createBatch(@RequestBody List<SysRoleDTO> sysroledtos) {
@@ -118,7 +119,7 @@ public class SysRoleResource {
         return ResponseEntity.status(HttpStatus.OK).body(sysroleService.remove(sysrole_id));
    }
-    @PreAuthorize("hasPermission('Remove',{'Sql',this.sysroleMapping,this.permissionDTO,#ids})")
+    //@PreAuthorize("hasPermission('Remove',{'Sql',this.sysroleMapping,this.permissionDTO,#ids})")
    @ApiOperation(value = "RemoveBatch", tags = {"SysRole" },  notes = "RemoveBatch")
 	@RequestMapping(method = RequestMethod.DELETE, value = "/sysroles/batch")
    public ResponseEntity<Boolean> removeBatch(@RequestBody List<String> ids) {
@@ -126,14 +127,12 @@ public class SysRoleResource {
        return  ResponseEntity.status(HttpStatus.OK).body(true);
    }
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SysRole-GetDraft-all')")
    @ApiOperation(value = "GetDraft", tags = {"SysRole" },  notes = "GetDraft")
 	@RequestMapping(method = RequestMethod.GET, value = "/sysroles/getdraft")
    public ResponseEntity<SysRoleDTO> getDraft() {
        return ResponseEntity.status(HttpStatus.OK).body(sysroleMapping.toDto(sysroleService.getDraft(new SysRole())));
    }
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SysRole-CheckKey-all')")
    @ApiOperation(value = "CheckKey", tags = {"SysRole" },  notes = "CheckKey")
 	@RequestMapping(method = RequestMethod.POST, value = "/sysroles/checkkey")
    public ResponseEntity<Boolean> checkKey(@RequestBody SysRoleDTO sysroledto) {

--- a/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SysUserResource.java
+++ b/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SysUserResource.java
@@ -22,6 +22,7 @@ import org.springframework.data.domain.Pageable;
 import org.springframework.util.StringUtils;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.access.prepost.PostAuthorize;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiResponse;
@@ -55,7 +56,7 @@ public class SysUserResource {
         return ResponseEntity.status(HttpStatus.OK).body(sysuserService.remove(sysuser_id));
    }
-    @PreAuthorize("hasPermission('Remove',{'Sql',this.sysuserMapping,this.permissionDTO,#ids})")
+    //@PreAuthorize("hasPermission('Remove',{'Sql',this.sysuserMapping,this.permissionDTO,#ids})")
    @ApiOperation(value = "RemoveBatch", tags = {"SysUser" },  notes = "RemoveBatch")
 	@RequestMapping(method = RequestMethod.DELETE, value = "/sysusers/batch")
    public ResponseEntity<Boolean> removeBatch(@RequestBody List<String> ids) {
@@ -69,13 +70,13 @@ public class SysUserResource {
    @Transactional
    public ResponseEntity<SysUserDTO> update(@PathVariable("sysuser_id") String sysuser_id, @RequestBody SysUserDTO sysuserdto) {
 		SysUser domain  = sysuserMapping.toDomain(sysuserdto);
-        domain.setUserid(sysuser_id);
+        domain .setUserid(sysuser_id);
-		sysuserService.update(domain);
+		sysuserService.update(domain );
-		SysUserDTO dto = sysuserMapping.toDto(domain);
+		SysUserDTO dto = sysuserMapping.toDto(domain );
        return ResponseEntity.status(HttpStatus.OK).body(dto);
    }
-    @PreAuthorize("hasPermission('Update',{'Sql',this.sysuserMapping,#sysuserdtos})")
+    //@PreAuthorize("hasPermission('Update',{'Sql',this.sysuserMapping,#sysuserdtos})")
    @ApiOperation(value = "UpdateBatch", tags = {"SysUser" },  notes = "UpdateBatch")
 	@RequestMapping(method = RequestMethod.PUT, value = "/sysusers/batch")
    public ResponseEntity<Boolean> updateBatch(@RequestBody List<SysUserDTO> sysuserdtos) {
@@ -83,7 +84,6 @@ public class SysUserResource {
        return  ResponseEntity.status(HttpStatus.OK).body(true);
    }
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SysUser-CheckKey-all')")
    @ApiOperation(value = "CheckKey", tags = {"SysUser" },  notes = "CheckKey")
 	@RequestMapping(method = RequestMethod.POST, value = "/sysusers/checkkey")
    public ResponseEntity<Boolean> checkKey(@RequestBody SysUserDTO sysuserdto) {
@@ -106,7 +106,7 @@ public class SysUserResource {
        return ResponseEntity.status(HttpStatus.OK).body(sysuserService.save(sysuserMapping.toDomain(sysuserdto)));
    }
-    @PreAuthorize("hasPermission('Save',{'Sql',this.sysuserMapping,#sysuserdtos})")
+    //@PreAuthorize("hasPermission('Save',{'Sql',this.sysuserMapping,#sysuserdtos})")
    @ApiOperation(value = "SaveBatch", tags = {"SysUser" },  notes = "SaveBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "/sysusers/savebatch")
    public ResponseEntity<Boolean> saveBatch(@RequestBody List<SysUserDTO> sysuserdtos) {
@@ -114,7 +114,6 @@ public class SysUserResource {
        return  ResponseEntity.status(HttpStatus.OK).body(true);
    }
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SysUser-GetDraft-all')")
    @ApiOperation(value = "GetDraft", tags = {"SysUser" },  notes = "GetDraft")
 	@RequestMapping(method = RequestMethod.GET, value = "/sysusers/getdraft")
    public ResponseEntity<SysUserDTO> getDraft() {
@@ -132,7 +131,7 @@ public class SysUserResource {
 		return ResponseEntity.status(HttpStatus.OK).body(dto);
    }
-    @PreAuthorize("hasPermission('Create',{'Sql',this.sysuserMapping,#sysuserdtos})")
+    //@PreAuthorize("hasPermission('Create',{'Sql',this.sysuserMapping,#sysuserdtos})")
    @ApiOperation(value = "createBatch", tags = {"SysUser" },  notes = "createBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "/sysusers/batch")
    public ResponseEntity<Boolean> createBatch(@RequestBody List<SysUserDTO> sysuserdtos) {

--- a/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SysUserRoleResource.java
+++ b/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SysUserRoleResource.java
@@ -22,6 +22,7 @@ import org.springframework.data.domain.Pageable;
 import org.springframework.util.StringUtils;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.access.prepost.PostAuthorize;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiResponse;
@@ -47,14 +48,12 @@ public class SysUserRoleResource {
    public SysUserRoleDTO permissionDTO=new SysUserRoleDTO();
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SysUserRole-CheckKey-all')")
    @ApiOperation(value = "CheckKey", tags = {"SysUserRole" },  notes = "CheckKey")
 	@RequestMapping(method = RequestMethod.POST, value = "/sysuserroles/checkkey")
    public ResponseEntity<Boolean> checkKey(@RequestBody SysUserRoleDTO sysuserroledto) {
        return  ResponseEntity.status(HttpStatus.OK).body(sysuserroleService.checkKey(sysuserroleMapping.toDomain(sysuserroledto)));
    }
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SysUserRole-GetDraft-all')")
    @ApiOperation(value = "GetDraft", tags = {"SysUserRole" },  notes = "GetDraft")
 	@RequestMapping(method = RequestMethod.GET, value = "/sysuserroles/getdraft")
    public ResponseEntity<SysUserRoleDTO> getDraft() {
@@ -67,13 +66,13 @@ public class SysUserRoleResource {
    @Transactional
    public ResponseEntity<SysUserRoleDTO> update(@PathVariable("sysuserrole_id") String sysuserrole_id, @RequestBody SysUserRoleDTO sysuserroledto) {
 		SysUserRole domain  = sysuserroleMapping.toDomain(sysuserroledto);
-        domain.setUserroleid(sysuserrole_id);
+        domain .setUserroleid(sysuserrole_id);
-		sysuserroleService.update(domain);
+		sysuserroleService.update(domain );
-		SysUserRoleDTO dto = sysuserroleMapping.toDto(domain);
+		SysUserRoleDTO dto = sysuserroleMapping.toDto(domain );
        return ResponseEntity.status(HttpStatus.OK).body(dto);
    }
-    @PreAuthorize("hasPermission('Update',{'Sql',this.sysuserroleMapping,#sysuserroledtos})")
+    //@PreAuthorize("hasPermission('Update',{'Sql',this.sysuserroleMapping,#sysuserroledtos})")
    @ApiOperation(value = "UpdateBatch", tags = {"SysUserRole" },  notes = "UpdateBatch")
 	@RequestMapping(method = RequestMethod.PUT, value = "/sysuserroles/batch")
    public ResponseEntity<Boolean> updateBatch(@RequestBody List<SysUserRoleDTO> sysuserroledtos) {
@@ -89,7 +88,7 @@ public class SysUserRoleResource {
         return ResponseEntity.status(HttpStatus.OK).body(sysuserroleService.remove(sysuserrole_id));
    }
-    @PreAuthorize("hasPermission('Remove',{'Sql',this.sysuserroleMapping,this.permissionDTO,#ids})")
+    //@PreAuthorize("hasPermission('Remove',{'Sql',this.sysuserroleMapping,this.permissionDTO,#ids})")
    @ApiOperation(value = "RemoveBatch", tags = {"SysUserRole" },  notes = "RemoveBatch")
 	@RequestMapping(method = RequestMethod.DELETE, value = "/sysuserroles/batch")
    public ResponseEntity<Boolean> removeBatch(@RequestBody List<String> ids) {
@@ -108,7 +107,7 @@ public class SysUserRoleResource {
 		return ResponseEntity.status(HttpStatus.OK).body(dto);
    }
-    @PreAuthorize("hasPermission('Create',{'Sql',this.sysuserroleMapping,#sysuserroledtos})")
+    //@PreAuthorize("hasPermission('Create',{'Sql',this.sysuserroleMapping,#sysuserroledtos})")
    @ApiOperation(value = "createBatch", tags = {"SysUserRole" },  notes = "createBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "/sysuserroles/batch")
    public ResponseEntity<Boolean> createBatch(@RequestBody List<SysUserRoleDTO> sysuserroledtos) {
@@ -132,7 +131,7 @@ public class SysUserRoleResource {
        return ResponseEntity.status(HttpStatus.OK).body(sysuserroleService.save(sysuserroleMapping.toDomain(sysuserroledto)));
    }
-    @PreAuthorize("hasPermission('Save',{'Sql',this.sysuserroleMapping,#sysuserroledtos})")
+    //@PreAuthorize("hasPermission('Save',{'Sql',this.sysuserroleMapping,#sysuserroledtos})")
    @ApiOperation(value = "SaveBatch", tags = {"SysUserRole" },  notes = "SaveBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "/sysuserroles/savebatch")
    public ResponseEntity<Boolean> saveBatch(@RequestBody List<SysUserRoleDTO> sysuserroledtos) {
@@ -161,14 +160,12 @@ public class SysUserRoleResource {
 	    return ResponseEntity.status(HttpStatus.OK)
                .body(new PageImpl(sysuserroleMapping.toDto(domains.getContent()), context.getPageable(), domains.getTotalElements()));
 	}
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SysUserRole-CheckKey-all')")
    @ApiOperation(value = "CheckKeyBySysRole", tags = {"SysUserRole" },  notes = "CheckKeyBySysRole")
 	@RequestMapping(method = RequestMethod.POST, value = "/sysroles/{sysrole_id}/sysuserroles/checkkey")
    public ResponseEntity<Boolean> checkKeyBySysRole(@PathVariable("sysrole_id") String sysrole_id, @RequestBody SysUserRoleDTO sysuserroledto) {
        return  ResponseEntity.status(HttpStatus.OK).body(sysuserroleService.checkKey(sysuserroleMapping.toDomain(sysuserroledto)));
    }
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SysUserRole-GetDraft-all')")
    @ApiOperation(value = "GetDraftBySysRole", tags = {"SysUserRole" },  notes = "GetDraftBySysRole")
    @RequestMapping(method = RequestMethod.GET, value = "/sysroles/{sysrole_id}/sysuserroles/getdraft")
    public ResponseEntity<SysUserRoleDTO> getDraftBySysRole(@PathVariable("sysrole_id") String sysrole_id) {
@@ -190,7 +187,7 @@ public class SysUserRoleResource {
        return ResponseEntity.status(HttpStatus.OK).body(dto);
    }
-    @PreAuthorize("hasPermission('Update',{'Sql',this.sysuserroleMapping,#sysuserroledtos})")
+    //@PreAuthorize("hasPermission('Update',{'Sql',this.sysuserroleMapping,#sysuserroledtos})")
    @ApiOperation(value = "UpdateBatchBySysRole", tags = {"SysUserRole" },  notes = "UpdateBatchBySysRole")
 	@RequestMapping(method = RequestMethod.PUT, value = "/sysroles/{sysrole_id}/sysuserroles/batch")
    public ResponseEntity<Boolean> updateBatchBySysRole(@PathVariable("sysrole_id") String sysrole_id, @RequestBody List<SysUserRoleDTO> sysuserroledtos) {
@@ -210,7 +207,7 @@ public class SysUserRoleResource {
 		return ResponseEntity.status(HttpStatus.OK).body(sysuserroleService.remove(sysuserrole_id));
    }
-    @PreAuthorize("hasPermission('Remove',{'Sql',this.sysuserroleMapping,this.permissionDTO,#ids})")
+    //@PreAuthorize("hasPermission('Remove',{'Sql',this.sysuserroleMapping,this.permissionDTO,#ids})")
    @ApiOperation(value = "RemoveBatchBySysRole", tags = {"SysUserRole" },  notes = "RemoveBatchBySysRole")
 	@RequestMapping(method = RequestMethod.DELETE, value = "/sysroles/{sysrole_id}/sysuserroles/batch")
    public ResponseEntity<Boolean> removeBatchBySysRole(@RequestBody List<String> ids) {
@@ -230,7 +227,7 @@ public class SysUserRoleResource {
 		return ResponseEntity.status(HttpStatus.OK).body(dto);
    }
-    @PreAuthorize("hasPermission('Create',{'Sql',this.sysuserroleMapping,#sysuserroledtos})")
+    //@PreAuthorize("hasPermission('Create',{'Sql',this.sysuserroleMapping,#sysuserroledtos})")
    @ApiOperation(value = "createBatchBySysRole", tags = {"SysUserRole" },  notes = "createBatchBySysRole")
 	@RequestMapping(method = RequestMethod.POST, value = "/sysroles/{sysrole_id}/sysuserroles/batch")
    public ResponseEntity<Boolean> createBatchBySysRole(@PathVariable("sysrole_id") String sysrole_id, @RequestBody List<SysUserRoleDTO> sysuserroledtos) {
@@ -260,7 +257,7 @@ public class SysUserRoleResource {
        return ResponseEntity.status(HttpStatus.OK).body(sysuserroleService.save(domain));
    }
-    @PreAuthorize("hasPermission('Save',{'Sql',this.sysuserroleMapping,#sysuserroledtos})")
+    //@PreAuthorize("hasPermission('Save',{'Sql',this.sysuserroleMapping,#sysuserroledtos})")
    @ApiOperation(value = "SaveBatchBySysRole", tags = {"SysUserRole" },  notes = "SaveBatchBySysRole")
 	@RequestMapping(method = RequestMethod.POST, value = "/sysroles/{sysrole_id}/sysuserroles/savebatch")
    public ResponseEntity<Boolean> saveBatchBySysRole(@PathVariable("sysrole_id") String sysrole_id, @RequestBody List<SysUserRoleDTO> sysuserroledtos) {
@@ -295,14 +292,12 @@ public class SysUserRoleResource {
 	    return ResponseEntity.status(HttpStatus.OK)
                .body(new PageImpl(sysuserroleMapping.toDto(domains.getContent()), context.getPageable(), domains.getTotalElements()));
 	}
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SysUserRole-CheckKey-all')")
    @ApiOperation(value = "CheckKeyBySysUser", tags = {"SysUserRole" },  notes = "CheckKeyBySysUser")
 	@RequestMapping(method = RequestMethod.POST, value = "/sysusers/{sysuser_id}/sysuserroles/checkkey")
    public ResponseEntity<Boolean> checkKeyBySysUser(@PathVariable("sysuser_id") String sysuser_id, @RequestBody SysUserRoleDTO sysuserroledto) {
        return  ResponseEntity.status(HttpStatus.OK).body(sysuserroleService.checkKey(sysuserroleMapping.toDomain(sysuserroledto)));
    }
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SysUserRole-GetDraft-all')")
    @ApiOperation(value = "GetDraftBySysUser", tags = {"SysUserRole" },  notes = "GetDraftBySysUser")
    @RequestMapping(method = RequestMethod.GET, value = "/sysusers/{sysuser_id}/sysuserroles/getdraft")
    public ResponseEntity<SysUserRoleDTO> getDraftBySysUser(@PathVariable("sysuser_id") String sysuser_id) {
@@ -324,7 +319,7 @@ public class SysUserRoleResource {
        return ResponseEntity.status(HttpStatus.OK).body(dto);
    }
-    @PreAuthorize("hasPermission('Update',{'Sql',this.sysuserroleMapping,#sysuserroledtos})")
+    //@PreAuthorize("hasPermission('Update',{'Sql',this.sysuserroleMapping,#sysuserroledtos})")
    @ApiOperation(value = "UpdateBatchBySysUser", tags = {"SysUserRole" },  notes = "UpdateBatchBySysUser")
 	@RequestMapping(method = RequestMethod.PUT, value = "/sysusers/{sysuser_id}/sysuserroles/batch")
    public ResponseEntity<Boolean> updateBatchBySysUser(@PathVariable("sysuser_id") String sysuser_id, @RequestBody List<SysUserRoleDTO> sysuserroledtos) {
@@ -344,7 +339,7 @@ public class SysUserRoleResource {
 		return ResponseEntity.status(HttpStatus.OK).body(sysuserroleService.remove(sysuserrole_id));
    }
-    @PreAuthorize("hasPermission('Remove',{'Sql',this.sysuserroleMapping,this.permissionDTO,#ids})")
+    //@PreAuthorize("hasPermission('Remove',{'Sql',this.sysuserroleMapping,this.permissionDTO,#ids})")
    @ApiOperation(value = "RemoveBatchBySysUser", tags = {"SysUserRole" },  notes = "RemoveBatchBySysUser")
 	@RequestMapping(method = RequestMethod.DELETE, value = "/sysusers/{sysuser_id}/sysuserroles/batch")
    public ResponseEntity<Boolean> removeBatchBySysUser(@RequestBody List<String> ids) {
@@ -364,7 +359,7 @@ public class SysUserRoleResource {
 		return ResponseEntity.status(HttpStatus.OK).body(dto);
    }
-    @PreAuthorize("hasPermission('Create',{'Sql',this.sysuserroleMapping,#sysuserroledtos})")
+    //@PreAuthorize("hasPermission('Create',{'Sql',this.sysuserroleMapping,#sysuserroledtos})")
    @ApiOperation(value = "createBatchBySysUser", tags = {"SysUserRole" },  notes = "createBatchBySysUser")
 	@RequestMapping(method = RequestMethod.POST, value = "/sysusers/{sysuser_id}/sysuserroles/batch")
    public ResponseEntity<Boolean> createBatchBySysUser(@PathVariable("sysuser_id") String sysuser_id, @RequestBody List<SysUserRoleDTO> sysuserroledtos) {
@@ -394,7 +389,7 @@ public class SysUserRoleResource {
        return ResponseEntity.status(HttpStatus.OK).body(sysuserroleService.save(domain));
    }
-    @PreAuthorize("hasPermission('Save',{'Sql',this.sysuserroleMapping,#sysuserroledtos})")
+    //@PreAuthorize("hasPermission('Save',{'Sql',this.sysuserroleMapping,#sysuserroledtos})")
    @ApiOperation(value = "SaveBatchBySysUser", tags = {"SysUserRole" },  notes = "SaveBatchBySysUser")
 	@RequestMapping(method = RequestMethod.POST, value = "/sysusers/{sysuser_id}/sysuserroles/savebatch")
    public ResponseEntity<Boolean> saveBatchBySysUser(@PathVariable("sysuser_id") String sysuser_id, @RequestBody List<SysUserRoleDTO> sysuserroledtos) {

--- a/ibzuaa-util/src/main/java/cn/ibizlab/util/security/AuthPermissionEvaluator.java
+++ b/ibzuaa-util/src/main/java/cn/ibizlab/util/security/AuthPermissionEvaluator.java
 package cn.ibizlab.util.security;
-import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
-import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
-import com.mongodb.QueryBuilder;
 import cn.ibizlab.util.annotation.DEField;
-import cn.ibizlab.util.domain.DTOBase;
 import cn.ibizlab.util.domain.EntityBase;
-import cn.ibizlab.util.domain.MappingBase;
 import cn.ibizlab.util.enums.DEPredefinedFieldType;
 import cn.ibizlab.util.helper.DEFieldCacheMap;
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.context.annotation.Lazy;
-import org.springframework.data.mongodb.core.MongoTemplate;
-import org.springframework.data.mongodb.core.query.BasicQuery;
-import org.springframework.data.mongodb.core.query.Query;
 import org.springframework.security.access.PermissionEvaluator;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.stereotype.Component;
 import org.springframework.util.ObjectUtils;
-import org.springframework.util.StringUtils;
-import javax.annotation.Resource;
 import java.io.Serializable;
 import java.lang.reflect.Field;
 import java.util.*;
@@ -34,273 +23,71 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
    @Value("${ibiz.enablePermissionValid:false}")
    boolean enablePermissionValid;  //是否开启权限校验
-    /**
-     *实体主键标识
-     */
-    private String keyFieldTag="keyfield";
-    @Resource
-    @Lazy
-    private MongoTemplate mongoTemplate;
    /**
-     * 批处理权限检查[createBatch:updateBatch:removeBatch]
+     * 实体行为鉴权
     * @param authentication
-     * @param DEAction
+     * @param entity
-     * @param params
+     * @param action
     * @return
     */
    @Override
-    public boolean hasPermission(Authentication authentication, Object DEAction, Object params) {
+    public boolean hasPermission(Authentication authentication, Object entity, Object action) {
        //未开启权限校验、超级管理员则不进行权限检查
        if(AuthenticationUser.getAuthenticationUser().getSuperuser()==1  || !enablePermissionValid)
            return true;
-        List paramList = (ArrayList) params;
-        String deStorageMode= (String) paramList.get(0);
-        String action=String.valueOf(DEAction);
-        List<String> ids=null;
-        EntityBase entity;
-        List<EntityBase> entityList = null;
-        MappingBase mappingBase= (MappingBase) paramList.get(1);
-        //参数准备
-        if(action.equalsIgnoreCase("remove")){
-            entity= (EntityBase) mappingBase.toDomain(paramList.get(2));
-            ids= (List<String>) paramList.get(3);
-        }
-        else{
-            List<DTOBase> dtoList = (List<DTOBase>) paramList.get(2);
-            if(dtoList.size()==0)
-                return false;
-            entityList =mappingBase.toDomain(dtoList);
-            entity = (EntityBase) mappingBase.toDomain(dtoList.get(0));
-        }
-        if (entity==null)
-            return false;
-        Set<String> entityDataRange = getAuthorities(authentication,entity.getClass().getSimpleName(),action);
+        String strAction=String.valueOf(action);
+        Set<String> entityDataRange = getAuthorities(authentication,strAction);
        if(entityDataRange.size()==0)
            return false;
        //拥有全部数据访问权限时，则跳过权限检查
-        if(isAllData(action,entityDataRange)){
+        if(isAllData(strAction,entityDataRange)){
            return true;
        }
-        if(action.equalsIgnoreCase("create")){
+        if(entity instanceof  ArrayList){
-            return createBatchActionPermissionValid(entityList,entityDataRange);
+            List<EntityBase> entities= (List<EntityBase>) entity;
+            for(EntityBase entityBase: entities){
+                boolean result=actionValid(entityBase,entityDataRange);
+                if(!result){
+                   return false;
                }
-        else if(action.equalsIgnoreCase("save")){
-            return saveBatchActionPermissionValid(deStorageMode, entityList, entityDataRange);
            }
-        else{
-            if(!action.equalsIgnoreCase("remove")){
-                ids=getIds(entity,entityList);
        }
-            if(ids.size()==0)
+        else{
-                return false;
+            EntityBase entityBase= (EntityBase) entity;
-            return otherBatchActionPermissionValidRouter(deStorageMode, entity ,ids, entityDataRange);
+            return actionValid(entityBase,entityDataRange);
        }
+        return true;
    }
-    /**
-     * 实体行为权限检查 ：用于检查当前用户是否拥有实体的新建、编辑、删除权限
-     *
-     * @param authentication
-     * @param id         当前操作数据的主键
-     * @param action         当前操作行为：如：[READ、UPDATE、DELETE]
-     * @param params         相关参数
-     * @return true/false true则允许当前行为，false拒绝行为
-     */
    @Override
    public boolean hasPermission(Authentication authentication, Serializable id, String action, Object params) {
-        //未开启权限校验、超级管理员则不进行权限检查
-        if(AuthenticationUser.getAuthenticationUser().getSuperuser()==1  || !enablePermissionValid)
-            return true;
-        List paramList = (ArrayList) params;
-        String deStorageMode= (String) paramList.get(0);
-        MappingBase mappingBase= (MappingBase) paramList.get(1);
-        DTOBase dtoBase = (DTOBase) paramList.get(2);
-        EntityBase entity = (EntityBase) mappingBase.toDomain(dtoBase);
-        if (StringUtils.isEmpty(entity))
-            return false;
-        Set<String> entityDataRange = getAuthorities(authentication,entity.getClass().getSimpleName(),action);
-        if(entityDataRange.size()==0)
-            return false;
-        //拥有全部数据访问权限时，则跳过权限检查
-        if(isAllData(action,entityDataRange)){
        return true;
    }
-        if(action.equalsIgnoreCase("save")){
-            Map<String,String> permissionField=getPermissionField(entity);
-            String keyFieldName=permissionField.get(keyFieldTag);
-            Object srfKey=entity.get(keyFieldName);
-            if(ObjectUtils.isEmpty(srfKey))
-                action="create";
-            else
-                action="update";
-        }
-        if(action.equalsIgnoreCase("create")){
-            return createActionPermissionValid(entity,entityDataRange);
-        }
-        else{
-            return otherActionPermissionValidRouter(deStorageMode, entity, id, entityDataRange);
-        }
-    }
    /**
     * 获取用户权限资源
     * @param authentication
-     * @param entityName
     * @param action
     * @return
     */
-    private Set<String> getAuthorities(Authentication authentication,String entityName,String action){
+    private Set<String> getAuthorities(Authentication authentication , String action){
        Collection authorities=authentication.getAuthorities();
        Set<String> entityDataRange = new HashSet();
        Iterator var2 = authorities.iterator();
        while(var2.hasNext()) {
            GrantedAuthority authority = (GrantedAuthority)var2.next();
-            if(authority.getAuthority().contains(String.format("%s-%s-",entityName,action)))
+            if(authority.getAuthority().contains(action))
                entityDataRange.add(authority.getAuthority());
        }
        return entityDataRange;
    }
-    /**
-     * 批save校验
-     * @param deStorageMode
-     * @param entityList
-     * @param entityDataRange
-     * @return
-     */
-    private boolean saveBatchActionPermissionValid(String deStorageMode, List<EntityBase> entityList, Set<String> entityDataRange) {
-        if(entityList==null || entityList.size()==0)
-            return false;
-        EntityBase tempEntity=entityList.get(0);
-        Map<String,String> permissionField=getPermissionField(tempEntity);
-        String keyFieldName=permissionField.get(keyFieldTag);
-        List createList=new ArrayList();
-        List<String> updateList =new ArrayList();
-        for(EntityBase entity : entityList){
-            Object id = entity.get(keyFieldName);
-            if(ObjectUtils.isEmpty(id))
-                createList.add(entity);
-            else
-                updateList.add(String.valueOf(id));
-        }
-        if(updateList.size()>0){
-            boolean isUpdate = otherBatchActionPermissionValidRouter(deStorageMode, tempEntity ,updateList, entityDataRange);
-            if(!isUpdate)
-                return false;
-        }
-        if(createList.size()>0){
-            boolean isCreate=createBatchActionPermissionValid(entityList,entityDataRange);
-            if(!isCreate)
-                return false;
-        }
-        return true;
-    }
-    /**
-     * 批处理新建权限校验
-     * @param entityList
-     * @param entityDataRange
-     * @return
-     */
-    private boolean createBatchActionPermissionValid(List<EntityBase> entityList,Set<String> entityDataRange){
-        for(EntityBase entity : entityList){
-            boolean isCreate = createActionPermissionValid(entity ,entityDataRange);
-            if(!isCreate){
-                return false;
-            }
-        }
-        return true;
-    }
-    /**
-     * 批处理行为权限校验[get:update:delete]
-     * @param deStorageMode
-     * @param entity
-     * @param ids
-     * @param entityDataRange
-     * @return
-     */
-    private boolean otherBatchActionPermissionValidRouter(String deStorageMode , EntityBase entity , List<String> ids , Set<String> entityDataRange){
-        if(deStorageMode.equalsIgnoreCase("sql")){
-            return sqlBatchPermissionValid(entity ,ids, entityDataRange);
-        }
-        else if(deStorageMode.equalsIgnoreCase("nosql")){
-            return noSqlBatchPermissionValid(entity, ids , entityDataRange);
-        }
-        else if(deStorageMode.equalsIgnoreCase("serviceapi")){
-            return true;
-        }
-        else {
-            throw new RuntimeException(String.format("未能识别实体对应存储模式[%s]",deStorageMode));
-        }
-    }
-    /**
-     * SQL批处理权限校验
-     * @param entity
-     * @param ids
-     * @param entityDataRange
-     * @return
-     */
-    private boolean sqlBatchPermissionValid(EntityBase entity , List<String> ids,  Set<String> entityDataRange){
-        Map<String,String> permissionField=getPermissionField(entity);//获取组织、部门预置属性
-        String keyFieldName=permissionField.get(keyFieldTag);
-        ServiceImpl service= SpringContextHolder.getBean(String.format("%s%s",entity.getClass().getSimpleName(),"ServiceImpl"));//获取实体service对象
-        //通过权限表达式来获取sql
-        String permissionSQL= String.format(" (%s) AND ( %s in (%s) ) ",getPermissionSQL(entity,entityDataRange),keyFieldName,getEntityKeyCond(ids)); //拼接权限条件-编辑
-        //执行sql进行权限检查
-        QueryWrapper permissionWrapper=getPermissionWrapper(permissionSQL);//构造权限条件
-        List list=service.list(permissionWrapper);
-        if(list.size() == ids.size()){
-            return true;
-        }else{
-            return false;
-        }
-    }
-    /**
-     * NoSQL批处理权限校验
-     * @param entity
-     * @param ids
-     * @param entityDataRange
-     * @return
-     */
-    private boolean noSqlBatchPermissionValid(EntityBase entity, List<String> ids,  Set<String> entityDataRange) {
-        Map<String,String> permissionField=getPermissionField(entity);//获取组织、部门预置属性
-        String keyFieldName=permissionField.get(keyFieldTag);
-        //根据权限表达式填充权限条件
-        QueryBuilder permissionCond=getNoSqlPermissionCond(entity,entityDataRange);
-        //权限条件拼接主键
-        permissionCond.and(keyFieldName).in(ids);
-        //执行权限检查
-        Query query = new BasicQuery(permissionCond.get().toString());
-        List list=mongoTemplate.find(query,entity.getClass());
-        if(list.size()==ids.size()){
-            return true;
-        }
-        else{
-            return false;
-        }
-    }
    /**
     * 是否为全部数据
     * @param action
@@ -317,14 +104,13 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
    }
    /**
-     * 新建行为校验
+     * 实体行为权限校验
     * @param entity
     * @param entityDataRange
     * @return
     */
-    private boolean createActionPermissionValid(EntityBase entity, Set<String> entityDataRange){
+    private boolean actionValid(EntityBase entity, Set<String> entityDataRange){
-        boolean isCreate=true;
        Map<String,String> permissionField=getPermissionField(entity);//获取组织、部门预置属性
        String orgField=permissionField.get("orgfield");
        String orgDeptField=permissionField.get("orgsecfield");
@@ -374,204 +160,8 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
            return false;
        }
-        return isCreate;
-    }
-    /**
-     * 根据实体存储模式，进行鉴权
-     * @param deStorageMode
-     * @param entity
-     * @param id
-     * @param entityDataRange
-     * @return
-     */
-    private boolean otherActionPermissionValidRouter(String deStorageMode, EntityBase entity , Object id , Set<String> entityDataRange){
-        if(deStorageMode.equalsIgnoreCase("sql")){
-            return sqlPermissionValid(entity , id, entityDataRange);
-        }
-        else if(deStorageMode.equalsIgnoreCase("nosql")){
-            return noSqlPermissionValid(entity , id, entityDataRange);
-        }
-        else if(deStorageMode.equalsIgnoreCase("serviceapi")){
-            return true;
-        }
-        else {
-            throw new RuntimeException(String.format("未能识别[%s]实体对应存储模式[%s]",entity.getClass().getSimpleName(),deStorageMode));
-        }
-    }
-    /**
-     * sql存储模式实体行为鉴权
-     * @param entity
-     * @param id
-     * @param entityDataRange
-     * @return
-     */
-    private boolean sqlPermissionValid(EntityBase entity , Object id, Set<String> entityDataRange){
-        ServiceImpl service= SpringContextHolder.getBean(String.format("%s%s",entity.getClass().getSimpleName(),"ServiceImpl"));//获取实体service对象
-        Map<String,String> permissionField=getPermissionField(entity);//获取组织、部门预置属性
-        //通过权限表达式来获取sql
-        String permissionSQL= String.format(" (%s) AND (%s='%s')",getPermissionSQL(entity,entityDataRange),permissionField.get(keyFieldTag),id); //拼接权限条件-编辑
-        //执行sql进行权限检查
-        QueryWrapper permissionWrapper=getPermissionWrapper(permissionSQL);//构造权限条件
-        List list=service.list(permissionWrapper);
-        if(list.size()>0){
-            return true;
-        }else{
-            return false;
-        }
-    }
-    /**
-     * NoSQL实体行为鉴权
-     * @param entity
-     * @param id
-     * @param entityDataRange
-     * @return
-     */
-    private boolean noSqlPermissionValid(EntityBase entity, Object id, Set<String> entityDataRange) {
-        Map<String,String> permissionField=getPermissionField(entity);//获取组织、部门预置属性
-        String keyField=permissionField.get(keyFieldTag);
-        //根据权限表达式填充权限条件
-        QueryBuilder permissionCond=getNoSqlPermissionCond(entity,entityDataRange);
-        //权限条件拼接主键
-        permissionCond.and(keyField).is(id);
-        //执行权限检查
-        Query query = new BasicQuery(permissionCond.get().toString());
-        List list=mongoTemplate.find(query,entity.getClass());
-        if(list.size()>0){
        return true;
    }
-        else{
-            return false;
-        }
-    }
-    /**
-     * 为NoSQL存储模式的表格查询填充权限条件
-     * @param entity
-     * @param entityDataRange
-     * @return
-     */
-    private QueryBuilder getNoSqlPermissionCond( EntityBase entity ,Set<String> entityDataRange){
-        QueryBuilder permissionSQL=new QueryBuilder();
-        Map<String,String> permissionField=getPermissionField(entity);//获取组织、部门预置属性
-        String orgField=permissionField.get("orgfield");
-        String orgDeptField=permissionField.get("orgsecfield");
-        String createManField=permissionField.get("createmanfield");
-        AuthenticationUser authenticationUser = AuthenticationUser.getAuthenticationUser();
-        Map<String, Set<String>> userInfo = authenticationUser.getOrgInfo();
-        Set<String> orgParent = userInfo.get("parentorg");
-        Set<String> orgChild = userInfo.get("suborg");
-        Set<String> orgDeptParent = userInfo.get("parentdept");
-        Set<String> orgDeptChild = userInfo.get("subdept");
-        for(String permissionCond:entityDataRange){
-            if(permissionCond.endsWith("curorg")){   //本单位
-                permissionSQL.or(new QueryBuilder().and(orgField).is(AuthenticationUser.getAuthenticationUser().getOrgid()).get());
-            }
-            else if(permissionCond.endsWith("porg")){//上级单位
-                permissionSQL.or(new QueryBuilder().and(orgField).in(formatStringArr(orgParent)).get());
-            }
-            else if(permissionCond.endsWith("sorg")){//下级单位
-                permissionSQL.or(new QueryBuilder().and(orgField).in(formatStringArr(orgChild)).get());
-            }
-            else if(permissionCond.endsWith("createman")){//建立人
-                permissionSQL.or(new QueryBuilder().and(createManField).is(AuthenticationUser.getAuthenticationUser().getUserid()).get());
-            }
-            else if(permissionCond.endsWith("curorgdept")){//本部门
-                permissionSQL.or(new QueryBuilder().and(orgDeptField).is(AuthenticationUser.getAuthenticationUser().getMdeptid()).get());
-            }
-            else if(permissionCond.endsWith("porgdept")){//上级部门
-                permissionSQL.or(new QueryBuilder().and(orgDeptField).in(formatStringArr(orgDeptParent)).get());
-            }
-            else if(permissionCond.endsWith("sorgdept")){//下级部门
-                permissionSQL.or(new QueryBuilder().and(orgDeptField).in(formatStringArr(orgDeptChild)).get());
-            }
-            else if(permissionCond.endsWith("all")){
-                permissionSQL.or(new QueryBuilder().get());
-            }
-        }
-        return permissionSQL;
-    }
-    /**
-     * SQL获取权限条件
-     * @param entity
-     * @param entityDataRange
-     * @return
-     */
-    private String  getPermissionSQL(EntityBase entity, Set<String> entityDataRange){
-        Map<String,String> permissionField=getPermissionField(entity);//获取组织、部门预置属性
-        String nPermissionSQL = "1<>1";
-        String orgField=permissionField.get("orgfield");
-        String orgDeptField=permissionField.get("orgsecfield");
-        String createManField=permissionField.get("createmanfield");
-        StringBuffer permissionSQL=new StringBuffer();
-        AuthenticationUser authenticationUser = AuthenticationUser.getAuthenticationUser();
-        Map<String, Set<String>> userInfo = authenticationUser.getOrgInfo();
-        Set<String> orgParent = userInfo.get("parentorg");
-        Set<String> orgChild = userInfo.get("suborg");
-        Set<String> orgDeptParent = userInfo.get("parentdept");
-        Set<String> orgDeptChild = userInfo.get("subdept");
-        for(String permissionCond: entityDataRange){
-            permissionSQL.append("OR");
-            if(permissionCond.endsWith("curorg")){   //本单位
-                permissionSQL.append(String.format("(%s='%s')",orgField,AuthenticationUser.getAuthenticationUser().getOrgid()));
-            }
-            else if(permissionCond.endsWith("porg")){//上级单位
-                permissionSQL.append(String.format(" %s in(%s) ", orgField, formatStringArr(orgParent)));
-            }
-            else if(permissionCond.endsWith("sorg")){//下级单位
-                permissionSQL.append(String.format(" %s in(%s) ", orgField, formatStringArr(orgChild)));
-            }
-            else if(permissionCond.endsWith("createman")){//建立人
-                permissionSQL.append(String.format("(%s='%s')",createManField,AuthenticationUser.getAuthenticationUser().getUserid()));
-            }
-            else if(permissionCond.endsWith("curorgdept")){//本部门
-                permissionSQL.append(String.format("(%s='%s')",orgDeptField,AuthenticationUser.getAuthenticationUser().getMdeptid()));
-            }
-            else if(permissionCond.endsWith("porgdept")){//上级部门
-                permissionSQL.append(String.format(" %s in (%s) ", orgDeptField, formatStringArr(orgDeptParent)));
-            }
-            else if(permissionCond.endsWith("sorgdept")){//下级部门
-                permissionSQL.append(String.format(" %s in (%s) ", orgDeptField, formatStringArr(orgDeptChild)));
-            }
-            else if(permissionCond.endsWith("all")){//全部数据
-                permissionSQL.append("(1=1)");
-            }
-            else{
-                permissionSQL.append(nPermissionSQL);
-            }
-        }
-        if(StringUtils.isEmpty(permissionSQL.toString()))
-            return "";
-        String resultCond=parseResult(permissionSQL, "OR");
-        return  resultCond;
-    }
-    /**
-     * 构造 wrapper
-     * @param whereCond
-     * @return
-     */
-    private QueryWrapper getPermissionWrapper(String whereCond){
-        QueryWrapper permissionWrapper=new QueryWrapper();
-        if(!StringUtils.isEmpty(whereCond)){
-            permissionWrapper.apply(whereCond);
-        }
-        return permissionWrapper;
-    }
    /**
     * 获取实体权限字段 orgid/orgsecid
@@ -624,65 +214,4 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
        }
        return deFieldMap;
    }
-    /**
-     * 转换[a,b]格式字符串到 'a','b'格式
-     * @return
-     */
-    private String formatStringArr(Set<String> array) {
-        String[] arr = array.toArray(new String[array.size()]);
-        return "'" + String.join("','", arr) + "'";
-    }
-    /**
-     * 格式转换
-     * @param cond
-     * @param operator
-     * @return
-     */
-    private String parseResult(StringBuffer cond, String operator) {
-        String resultCond = cond.toString();
-        if (resultCond.startsWith(operator))
-            resultCond = resultCond.replaceFirst(operator, "");
-        if (resultCond.endsWith(operator))
-            resultCond = resultCond.substring(0, resultCond.lastIndexOf(operator));
-        return resultCond;
-    }
-    /**
-     * 转换[a,b]格式字符串到 'a','b'格式
-     *
-     * @return
-     */
-    private String getEntityKeyCond(List<String> array) {
-        String[] arr = array.toArray(new String[array.size()]);
-        return "'" + String.join("','", arr) + "'";
-    }
-    /**
-     * 获取实体主键集合
-     * @param entityBase
-     * @param entityList
-     * @return
-     */
-    private List<String> getIds(EntityBase entityBase ,List<EntityBase> entityList) {
-        List<String> entityKeyList=new ArrayList<>();
-        Map<String,String> permissionField=getPermissionField(entityBase);//获取组织、部门预置属性
-        String keyFieldName=permissionField.get(keyFieldTag);
-        if(StringUtils.isEmpty(keyFieldName))
-            return entityKeyList;
-        for(EntityBase entity: entityList){
-            Object objEntityKey = entity.get(keyFieldName);
-            if(!ObjectUtils.isEmpty(objEntityKey)){
-                entityKeyList.add(String.valueOf(objEntityKey));
-            }
-        }
-        return entityKeyList;
-    }
 }
\ No newline at end of file