Merge remote-tracking branch 'origin/master'

7b7d83fd · sq3536 · b44fa6f2 · 9fbf01bd · 7b7d83fd · 7b7d83fd
--- a/app_web/package.json
+++ b/app_web/package.json
@@ -25,7 +25,7 @@
    "file-saver": "^2.0.2",
    "font-awesome": "^4.7.0",
    "ibiz-gantt-elastic": "^1.0.12",
-    "ibiz-vue-lib": "^0.1.6",
+    "ibiz-vue-lib": "^0.1.7",
    "interactjs": "^1.9.4",
    "moment": "^2.24.0",
    "path-to-regexp": "^6.1.0",

--- a/app_web/src/components/ibiz-group-picker/ibiz-group-picker.vue
+++ b/app_web/src/components/ibiz-group-picker/ibiz-group-picker.vue
@@ -159,7 +159,7 @@ export default class IBizGroupPicker extends Vue {
     * @memberof IBizGroupPicker
     */  
    public loadTree() {
-        let orgid = this.viewParam.hasfilter ? this.viewParam.filtervalue : '450000';
+        let orgid = this.viewParam.filtervalue?this.viewParam.filtervalue:"alls";
        let get = Http.getInstance().get(`/ibzorganizations/${orgid}/suborg/ibzdepartments/picker`, true);
        get.then((response: any) => {
            if(response.status === 200) {

--- a/app_web/src/components/ibiz-group-select/ibiz-group-select.vue
+++ b/app_web/src/components/ibiz-group-select/ibiz-group-select.vue
@@ -166,10 +166,20 @@ export default class IBizGroupSelect extends Vue {
            title: '分组选择'
        };
        const context: any = JSON.parse(JSON.stringify(this.context));
+        let filtervalue:string = "";
+        if(this.filter){
+            if(this.data[this.filter]){
+                filtervalue = this.data[this.filter];
+            }else if(context[this.filter]){
+                filtervalue = context[this.filter];
+            }else{
+                filtervalue = context.srforgid;
+            }
+        }
        const param: any = {};
        Object.assign(param, {
            hasfilter: this.filter ? true : false,
-            filtervalue: this.filter ? this.data[this.filter] : '',
+            filtervalue: filtervalue,
            multiple: this.multiple,
            selects: this.selects
        });

--- a/app_web/src/pages/uaa/sys-role-permissioncustom-view/sys-role-permissioncustom-view.vue
+++ b/app_web/src/pages/uaa/sys-role-permissioncustom-view/sys-role-permissioncustom-view.vue
@@ -364,9 +364,13 @@
            if(this.formDruipart){
                this.formDruipart.subscribe((res:any) =>{
                    if(Object.is(res.action,'load')){
-                        // 父数据保存时调用当前视图的点击确定事件
+                        // 父数据保存时调用当前视图的事件
                        if(this.selectData.length>0){
+                            // 选中了数据
                            this.onClickOk();
+                        }else{
+                            // 没选中数据
+                            this.onClear();
                        }
                    }
                });
@@ -439,6 +443,10 @@
         * @memberof SYS_ROLE_PERMISSIONCustomViewBase
         */
        public beforeDestroy() {
+            // 清空选中数据
+            this.selectData = {};
+            // 清空视图选中数据
+            this.viewSelections = [];
            this.$store.commit('viewaction/removeView', this.viewtag);
        }

@@ -473,7 +481,6 @@
            if (this.selectData && this.selectData.length > 0) {
                // 判断选中的数据和初始数据
                if (JSON.stringify(this.selectData) == JSON.stringify(this.ininselectData)) {
-                    this.$emit('close', null);
                    return;
                }
                this.selectData.forEach((item: any) => {
@@ -498,15 +505,30 @@
                    }
                  }).catch((e) => {
               });
-
-
-            } else {
-                this.$Notice.error({title: '错误', desc: '未选中数据!'});
            }
+            // 清空视图选中数据，避免重复添加
+            this.viewSelections = [];
        }

+        /**
+         * 清除
+         */
+        private onClear(){
+            // 未选中数据,即没有赋予任何权限，需要清除当前角色的所有权限
+            if (this.selectData.length==0) {
+                // 保存选中的权限信息
+                let url = '/sysroles/'+this.srfparentkey+'/sysrolepermissions/refreshbatch';
+                this.$http.post(url,[]).then((response: any) => {
+                    if (!(!response || response.status !== 200)) {
+                    } else {
+                        this.$Notice.error({title: '错误', desc: response.message});
+                        return;
+                    }
+                }).catch((e) => {
+                });
+            }

-
+        }
    }
 </script>


--- a/ibzuaa-boot/src/main/java/cn/ibizlab/config/DevBootSecurityConfig.java
+++ b/ibzuaa-boot/src/main/java/cn/ibizlab/config/DevBootSecurityConfig.java
@@ -102,6 +102,8 @@ public class DevBootSecurityConfig extends WebSecurityConfigurerAdapter {
                       .antMatchers( HttpMethod.POST,"/"+uaaLoginPath).permitAll()
                       .antMatchers( HttpMethod.POST,"/"+uaaLoginPath2).permitAll()
                       .antMatchers("/syspssystems/**/permissiondata").permitAll()
+                       //同步系统权限资源
+                       .antMatchers("/syspssystems/save").permitAll()
                       .antMatchers("/uaa/login").permitAll()
                .anyRequest().authenticated()
                // 防止iframe 造成跨域

--- a/ibzuaa-core/src/main/java/cn/ibizlab/core/uaa/extensions/domain/SysStructure.java
+++ b/ibzuaa-core/src/main/java/cn/ibizlab/core/uaa/extensions/domain/SysStructure.java
@@ -7,7 +7,6 @@ import cn.ibizlab.core.uaa.extensions.domain.Structure.FuncItem;
 import cn.ibizlab.core.uaa.extensions.domain.Structure.UniResNode;
 import com.alibaba.fastjson.annotation.JSONField;
 import com.fasterxml.jackson.annotation.JsonProperty;
-import liquibase.pro.packaged.S;
 import lombok.Data;

 import java.sql.Timestamp;

--- a/ibzuaa-core/src/main/resources/permission/systemResource.json
+++ b/ibzuaa-core/src/main/resources/permission/systemResource.json
    {
+    "systemid":"ibzuaa",
    "unires":[
-           ],
+    ],
    "entities":[
    {
    "dename":"SysAuthLog",

--- a/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/config/apiSecurityConfig.java
+++ b/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/config/apiSecurityConfig.java
@@ -117,6 +117,8 @@ public class apiSecurityConfig extends WebSecurityConfigurerAdapter {
                .antMatchers("/"+uploadpath).permitAll()
                .antMatchers("/"+previewpath+"/**").permitAll()
                .antMatchers("/syspssystems/**/permissiondata").permitAll()
+                //同步系统权限资源
+                .antMatchers("/syspssystems/save").permitAll()
                .antMatchers("/uaa/login").permitAll()
                // 所有请求都需要认证
                .anyRequest().authenticated()

--- a/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SysPSSystemResource.java
+++ b/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SysPSSystemResource.java
@@ -105,7 +105,7 @@ public class SysPSSystemResource {
        return  ResponseEntity.status(HttpStatus.OK).body(true);
    }

-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SysPSSystem-Save-all')")
+//    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SysPSSystem-Save-all')")
    @ApiOperation(value = "Save", tags = {"SysPSSystem" },  notes = "Save")
 	@RequestMapping(method = RequestMethod.POST, value = "/syspssystems/save")
    public ResponseEntity<Boolean> save(@RequestBody SysPSSystemDTO syspssystemdto) {

--- a/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/extensions/ClientAuthenticationResource.java
+++ b/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/extensions/ClientAuthenticationResource.java
--- a/ibzuaa-util/src/main/java/cn/ibizlab/util/client/IBZUAAFallback.java
+++ b/ibzuaa-util/src/main/java/cn/ibizlab/util/client/IBZUAAFallback.java
@@ -9,8 +9,8 @@ import com.alibaba.fastjson.JSONObject;
 public class IBZUAAFallback implements IBZUAAFeignClient {

    @Override
-    public boolean pushSystemPermissionData(String systemid,JSONObject systemPermissionData) {
-        return false;
+    public Boolean syncSysAuthority(JSONObject system) {
+        return null;
    }

    @Override

--- a/ibzuaa-util/src/main/java/cn/ibizlab/util/client/IBZUAAFeignClient.java
+++ b/ibzuaa-util/src/main/java/cn/ibizlab/util/client/IBZUAAFeignClient.java
@@ -10,13 +10,12 @@ import com.alibaba.fastjson.JSONObject;
 public interface IBZUAAFeignClient
 {
 	/**
-	 * 推送系统权限数据到uaa
-	 * @param systemid
-	 * @param systemPermissionData
+	 * 同步系统资源到uaa
+	 * @param system 系统资源信息
 	 * @return
 	 */
-	@PostMapping("/syspssystems/{systemid}/permissiondata")
-	boolean pushSystemPermissionData(@PathVariable("systemid") String systemid,@RequestBody JSONObject systemPermissionData);
+	@PostMapping("/syspssystems/save")
+	Boolean syncSysAuthority(@RequestBody JSONObject system);

 	/**
 	 * 用户登录

--- a/ibzuaa-util/src/main/java/cn/ibizlab/util/job/PermissionSyncJob.java
+++ b/ibzuaa-util/src/main/java/cn/ibizlab/util/job/PermissionSyncJob.java
@@ -36,10 +36,14 @@ public class PermissionSyncJob implements ApplicationRunner {
            Thread.sleep(10000);
            InputStream permission= this.getClass().getResourceAsStream("/permission/systemResource.json"); //获取当前系统所有实体资源能力
            String permissionResult = IOUtils.toString(permission,"UTF-8");
-            if(client.pushSystemPermissionData(systemId,JSONObject.parseObject(permissionResult))){
+            JSONObject system= new JSONObject();
+            system.put("pssystemid",systemId);
+            system.put("pssystemname",systemId);
+            system.put("sysstructure",JSONObject.parseObject(permissionResult));
+            if(client.syncSysAuthority(system)){
                log.info("向[UAA]同步系统资源成功");
            }else{
-                log.info(String.format("向[UAA]同步系统资源失败"));
+                log.error("向[UAA]同步系统资源失败");
            }
        }
        catch (Exception ex) {

--- a/ibzuaa-util/src/main/java/cn/ibizlab/util/rest/AppController.java
+++ b/ibzuaa-util/src/main/java/cn/ibizlab/util/rest/AppController.java
 package cn.ibizlab.util.rest;

-import com.alibaba.fastjson.JSONArray;
 import com.alibaba.fastjson.JSONObject;
+import cn.ibizlab.util.security.AuthenticationUser;
+import cn.ibizlab.util.service.AuthenticationUserService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
-import org.springframework.util.ObjectUtils;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RestController;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.beans.factory.annotation.Autowired;
-import cn.ibizlab.util.security.AuthenticationUser;
-import cn.ibizlab.util.service.AuthenticationUserService;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;

 @RestController
 @RequestMapping(value = "")
@@ -27,14 +30,20 @@ public class AppController {
 	public ResponseEntity<JSONObject> getAppData() {

 		JSONObject appData = new JSONObject() ;
-		JSONArray uniRes=new JSONArray();
-    	JSONArray appMenu=new JSONArray();
+		Set<String> appMenu = new HashSet();
+		Set<String> uniRes = new HashSet();
+
 		if(enablePermissionValid){
-			JSONObject userPermission=AuthenticationUser.getAuthenticationUser().getPermissionList();
-			if(!ObjectUtils.isEmpty(userPermission)){
-				uniRes = userPermission.getJSONArray("unires");
-    			appMenu = userPermission.getJSONArray("appmenu");
-			}
+			Collection<GrantedAuthority> authorities=AuthenticationUser.getAuthenticationUser().getAuthorities();
+				Iterator it = authorities.iterator();
+				while(it.hasNext()) {
+					GrantedAuthority authority = (GrantedAuthority)it.next();
+					String strAuthority=authority.getAuthority();
+					if(strAuthority.startsWith("UNIRES"))
+						uniRes.add(strAuthority);
+					else if(strAuthority.startsWith("APPMENU"))
+						appMenu.add(strAuthority);
+				}
 		}
 		appData.put("unires",uniRes);
    	appData.put("appmenu",appMenu);

--- a/ibzuaa-util/src/main/java/cn/ibizlab/util/security/AuthPermissionEvaluator.java
+++ b/ibzuaa-util/src/main/java/cn/ibizlab/util/security/AuthPermissionEvaluator.java
--- a/ibzuaa-util/src/main/java/cn/ibizlab/util/service/IBZUSERServiceImpl.java
+++ b/ibzuaa-util/src/main/java/cn/ibizlab/util/service/IBZUSERServiceImpl.java
@@ -7,6 +7,7 @@ import cn.ibizlab.util.errors.BadRequestAlertException;
 import cn.ibizlab.util.helper.CachedBeanCopier;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Primary;
+import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.stereotype.Service;
 import cn.ibizlab.util.mapper.IBZUSERMapper;
@@ -72,6 +73,9 @@ public class IBZUSERServiceImpl extends ServiceImpl<IBZUSERMapper, IBZUSER> impl
 	public  AuthenticationUser createUserDetails(IBZUSER user) {
 		AuthenticationUser userdatail = new AuthenticationUser();
 		CachedBeanCopier.copy(user,userdatail);
+		if(userdatail.getSuperuser()==1){
+			userdatail.setAuthorities(AuthorityUtils.createAuthorityList("ROLE_SUPERADMIN"));
+		}
 		return userdatail;
 	}
 }
\ No newline at end of file