Merge remote-tracking branch 'origin/master'

app_web/package.json

@@ -25,7 +25,7 @@
     "file-saver": "^2.0.2",
     "font-awesome": "^4.7.0",
     "ibiz-gantt-elastic": "^1.0.12",
-    "ibiz-vue-lib": "^0.1.6",
+    "ibiz-vue-lib": "^0.1.7",
     "interactjs": "^1.9.4",
     "moment": "^2.24.0",
     "path-to-regexp": "^6.1.0",

app_web/src/components/ibiz-group-picker/ibiz-group-picker.vue

@@ -159,7 +159,7 @@ export default class IBizGroupPicker extends Vue {
      * @memberof IBizGroupPicker
      */  
     public loadTree() {
-        let orgid = this.viewParam.hasfilter ? this.viewParam.filtervalue : '450000';
+        let orgid = this.viewParam.filtervalue?this.viewParam.filtervalue:"alls";
         let get = Http.getInstance().get(`/ibzorganizations/${orgid}/suborg/ibzdepartments/picker`, true);
         get.then((response: any) => {
             if(response.status === 200) {

app_web/src/components/ibiz-group-select/ibiz-group-select.vue

@@ -166,10 +166,20 @@ export default class IBizGroupSelect extends Vue {
             title: '分组选择'
         };
         const context: any = JSON.parse(JSON.stringify(this.context));
+        let filtervalue:string = "";
+        if(this.filter){
+            if(this.data[this.filter]){
+                filtervalue = this.data[this.filter];
+            }else if(context[this.filter]){
+                filtervalue = context[this.filter];
+            }else{
+                filtervalue = context.srforgid;
+            }
+        }
         const param: any = {};
         Object.assign(param, {
             hasfilter: this.filter ? true : false,
-            filtervalue: this.filter ? this.data[this.filter] : '',
+            filtervalue: filtervalue,
             multiple: this.multiple,
             selects: this.selects
         });

app_web/src/pages/uaa/sys-role-permissioncustom-view/sys-role-permissioncustom-view.vue

@@ -364,9 +364,13 @@
             if(this.formDruipart){
                 this.formDruipart.subscribe((res:any) =>{
                     if(Object.is(res.action,'load')){
-                        // 父数据保存时调用当前视图的点击确定事件
+                        // 父数据保存时调用当前视图的事件
                         if(this.selectData.length>0){
+                            // 选中了数据
                             this.onClickOk();
+                        }else{
+                            // 没选中数据
+                            this.onClear();
                         }
                     }
                 });
@@ -439,6 +443,10 @@
          * @memberof SYS_ROLE_PERMISSIONCustomViewBase
          */
         public beforeDestroy() {
+            // 清空选中数据
+            this.selectData = {};
+            // 清空视图选中数据
+            this.viewSelections = [];
             this.$store.commit('viewaction/removeView', this.viewtag);
         }
 
@@ -473,7 +481,6 @@
             if (this.selectData && this.selectData.length > 0) {
                 // 判断选中的数据和初始数据
                 if (JSON.stringify(this.selectData) == JSON.stringify(this.ininselectData)) {
-                    this.$emit('close', null);
                     return;
                 }
                 this.selectData.forEach((item: any) => {
@@ -498,15 +505,30 @@
                     }
                   }).catch((e) => {
                });
-
-
-            } else {
-                this.$Notice.error({title: '错误', desc: '未选中数据!'});
             }
+            // 清空视图选中数据，避免重复添加
+            this.viewSelections = [];
         }
 
+        /**
+         * 清除
+         */
+        private onClear(){
+            // 未选中数据,即没有赋予任何权限，需要清除当前角色的所有权限
+            if (this.selectData.length==0) {
+                // 保存选中的权限信息
+                let url = '/sysroles/'+this.srfparentkey+'/sysrolepermissions/refreshbatch';
+                this.$http.post(url,[]).then((response: any) => {
+                    if (!(!response || response.status !== 200)) {
+                    } else {
+                        this.$Notice.error({title: '错误', desc: response.message});
+                        return;
+                    }
+                }).catch((e) => {
+                });
+            }
 
-
+        }
     }
 </script>
 

ibzuaa-boot/src/main/java/cn/ibizlab/config/DevBootSecurityConfig.java

@@ -102,6 +102,8 @@ public class DevBootSecurityConfig extends WebSecurityConfigurerAdapter {
                        .antMatchers( HttpMethod.POST,"/"+uaaLoginPath).permitAll()
                        .antMatchers( HttpMethod.POST,"/"+uaaLoginPath2).permitAll()
                        .antMatchers("/syspssystems/**/permissiondata").permitAll()
+                       //同步系统权限资源
+                       .antMatchers("/syspssystems/save").permitAll()
                        .antMatchers("/uaa/login").permitAll()
                 .anyRequest().authenticated()
                 // 防止iframe 造成跨域

ibzuaa-core/src/main/java/cn/ibizlab/core/uaa/extensions/domain/SysStructure.java

@@ -7,7 +7,6 @@ import cn.ibizlab.core.uaa.extensions.domain.Structure.FuncItem;
 import cn.ibizlab.core.uaa.extensions.domain.Structure.UniResNode;
 import com.alibaba.fastjson.annotation.JSONField;
 import com.fasterxml.jackson.annotation.JsonProperty;
-import liquibase.pro.packaged.S;
 import lombok.Data;
 
 import java.sql.Timestamp;

ibzuaa-core/src/main/resources/permission/systemResource.json

     {
+    "systemid":"ibzuaa",
     "unires":[
-           ],
+    ],
     "entities":[
     {
     "dename":"SysAuthLog",

ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/config/apiSecurityConfig.java

@@ -117,6 +117,8 @@ public class apiSecurityConfig extends WebSecurityConfigurerAdapter {
                 .antMatchers("/"+uploadpath).permitAll()
                 .antMatchers("/"+previewpath+"/**").permitAll()
                 .antMatchers("/syspssystems/**/permissiondata").permitAll()
+                //同步系统权限资源
+                .antMatchers("/syspssystems/save").permitAll()
                 .antMatchers("/uaa/login").permitAll()
                 // 所有请求都需要认证
                 .anyRequest().authenticated()

ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SysPSSystemResource.java

@@ -105,7 +105,7 @@ public class SysPSSystemResource {
         return  ResponseEntity.status(HttpStatus.OK).body(true);
     }
 
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SysPSSystem-Save-all')")
+//    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SysPSSystem-Save-all')")
     @ApiOperation(value = "Save", tags = {"SysPSSystem" },  notes = "Save")
 	@RequestMapping(method = RequestMethod.POST, value = "/syspssystems/save")
     public ResponseEntity<Boolean> save(@RequestBody SysPSSystemDTO syspssystemdto) {

ibzuaa-util/src/main/java/cn/ibizlab/util/client/IBZUAAFallback.java

@@ -9,8 +9,8 @@ import com.alibaba.fastjson.JSONObject;
 public class IBZUAAFallback implements IBZUAAFeignClient {
 
     @Override
-    public boolean pushSystemPermissionData(String systemid,JSONObject systemPermissionData) {
-        return false;
+    public Boolean syncSysAuthority(JSONObject system) {
+        return null;
     }
 
     @Override

ibzuaa-util/src/main/java/cn/ibizlab/util/client/IBZUAAFeignClient.java

@@ -10,13 +10,12 @@ import com.alibaba.fastjson.JSONObject;
 public interface IBZUAAFeignClient
 {
 	/**
-	 * 推送系统权限数据到uaa
-	 * @param systemid
-	 * @param systemPermissionData
+	 * 同步系统资源到uaa
+	 * @param system 系统资源信息
 	 * @return
 	 */
-	@PostMapping("/syspssystems/{systemid}/permissiondata")
-	boolean pushSystemPermissionData(@PathVariable("systemid") String systemid,@RequestBody JSONObject systemPermissionData);
+	@PostMapping("/syspssystems/save")
+	Boolean syncSysAuthority(@RequestBody JSONObject system);
 
 	/**
 	 * 用户登录

ibzuaa-util/src/main/java/cn/ibizlab/util/job/PermissionSyncJob.java

@@ -36,10 +36,14 @@ public class PermissionSyncJob implements ApplicationRunner {
             Thread.sleep(10000);
             InputStream permission= this.getClass().getResourceAsStream("/permission/systemResource.json"); //获取当前系统所有实体资源能力
             String permissionResult = IOUtils.toString(permission,"UTF-8");
-            if(client.pushSystemPermissionData(systemId,JSONObject.parseObject(permissionResult))){
+            JSONObject system= new JSONObject();
+            system.put("pssystemid",systemId);
+            system.put("pssystemname",systemId);
+            system.put("sysstructure",JSONObject.parseObject(permissionResult));
+            if(client.syncSysAuthority(system)){
                 log.info("向[UAA]同步系统资源成功");
             }else{
-                log.info(String.format("向[UAA]同步系统资源失败"));
+                log.error("向[UAA]同步系统资源失败");
             }
         }
         catch (Exception ex) {

ibzuaa-util/src/main/java/cn/ibizlab/util/rest/AppController.java

 package cn.ibizlab.util.rest;
 
-import com.alibaba.fastjson.JSONArray;
 import com.alibaba.fastjson.JSONObject;
+import cn.ibizlab.util.security.AuthenticationUser;
+import cn.ibizlab.util.service.AuthenticationUserService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
-import org.springframework.util.ObjectUtils;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RestController;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.beans.factory.annotation.Autowired;
-import cn.ibizlab.util.security.AuthenticationUser;
-import cn.ibizlab.util.service.AuthenticationUserService;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
 
 @RestController
 @RequestMapping(value = "")
@@ -27,14 +30,20 @@ public class AppController {
 	public ResponseEntity<JSONObject> getAppData() {
 
 		JSONObject appData = new JSONObject() ;
-		JSONArray uniRes=new JSONArray();
-    	JSONArray appMenu=new JSONArray();
+		Set<String> appMenu = new HashSet();
+		Set<String> uniRes = new HashSet();
+
 		if(enablePermissionValid){
-			JSONObject userPermission=AuthenticationUser.getAuthenticationUser().getPermissionList();
-			if(!ObjectUtils.isEmpty(userPermission)){
-				uniRes = userPermission.getJSONArray("unires");
-    			appMenu = userPermission.getJSONArray("appmenu");
-			}
+			Collection<GrantedAuthority> authorities=AuthenticationUser.getAuthenticationUser().getAuthorities();
+				Iterator it = authorities.iterator();
+				while(it.hasNext()) {
+					GrantedAuthority authority = (GrantedAuthority)it.next();
+					String strAuthority=authority.getAuthority();
+					if(strAuthority.startsWith("UNIRES"))
+						uniRes.add(strAuthority);
+					else if(strAuthority.startsWith("APPMENU"))
+						appMenu.add(strAuthority);
+				}
 		}
 		appData.put("unires",uniRes);
     	appData.put("appmenu",appMenu);

ibzuaa-util/src/main/java/cn/ibizlab/util/service/IBZUSERServiceImpl.java

@@ -7,6 +7,7 @@ import cn.ibizlab.util.errors.BadRequestAlertException;
 import cn.ibizlab.util.helper.CachedBeanCopier;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Primary;
+import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.stereotype.Service;
 import cn.ibizlab.util.mapper.IBZUSERMapper;
@@ -72,6 +73,9 @@ public class IBZUSERServiceImpl extends ServiceImpl<IBZUSERMapper, IBZUSER> impl
 	public  AuthenticationUser createUserDetails(IBZUSER user) {
 		AuthenticationUser userdatail = new AuthenticationUser();
 		CachedBeanCopier.copy(user,userdatail);
+		if(userdatail.getSuperuser()==1){
+			userdatail.setAuthorities(AuthorityUtils.createAuthorityList("ROLE_SUPERADMIN"));
+		}
 		return userdatail;
 	}
 }
\ No newline at end of file