ibiz4j 部署微服务接口

ibzwf-app/ibzwf-app-web/src/main/resources/application-web-prod.yml

@@ -31,5 +31,9 @@ zuul:
       path: /v7/login
       serviceId: ibzuaa-api
       stripPrefix: false
+    oucore:
+      path: /ibzorganizations/**
+      serviceId: ibzou-api
+      stripPrefix: false
   sensitive-headers:
     - Cookie,Set-Cookie,Authorization

ibzwf-boot/src/main/resources/application-dev.yml

@@ -8,5 +8,9 @@ zuul:
         path: /v7/login
         serviceId: ibzuaa-api
         stripPrefix: false
+      oucore:
+        path: /ibzorganizations/**
+        serviceId: ibzou-api
+        stripPrefix: false
   sensitive-headers:
     - Cookie,Set-Cookie,Authorization

ibzwf-core/src/main/java/cn/ibizlab/core/workflow/service/IWFGroupService.java

@@ -52,6 +52,7 @@ public interface IWFGroupService extends IService<WFGroup>{
      */
     boolean execute(String sql, Map param);
 
+
 }
 
 

ibzwf-core/src/main/java/cn/ibizlab/core/workflow/service/IWFMemberService.java

@@ -57,6 +57,7 @@ public interface IWFMemberService extends IService<WFMember>{
      */
     boolean execute(String sql, Map param);
 
+
 }
 
 

ibzwf-core/src/main/java/cn/ibizlab/core/workflow/service/IWFProcessDefinitionService.java

@@ -52,6 +52,7 @@ public interface IWFProcessDefinitionService extends IService<WFProcessDefinitio
      */
     boolean execute(String sql, Map param);
 
+
 }
 
 

ibzwf-core/src/main/java/cn/ibizlab/core/workflow/service/IWFSystemService.java

@@ -52,6 +52,7 @@ public interface IWFSystemService extends IService<WFSystem>{
      */
     boolean execute(String sql, Map param);
 
+
 }
 
 

ibzwf-core/src/main/java/cn/ibizlab/core/workflow/service/IWFUserService.java

@@ -52,6 +52,7 @@ public interface IWFUserService extends IService<WFUser>{
      */
     boolean execute(String sql, Map param);
 
+
 }
 
 

ibzwf-core/src/main/java/cn/ibizlab/core/workflow/service/impl/WFGroupServiceImpl.java

@@ -186,6 +186,7 @@ public class WFGroupServiceImpl extends ServiceImpl<WFGroupMapper, WFGroup> impl
         return true;
     }
 
+
 }
 
 

ibzwf-core/src/main/java/cn/ibizlab/core/workflow/service/impl/WFMemberServiceImpl.java

@@ -267,6 +267,7 @@ public class WFMemberServiceImpl extends ServiceImpl<WFMemberMapper, WFMember> i
         return true;
     }
 
+
 }
 
 

ibzwf-core/src/main/java/cn/ibizlab/core/workflow/service/impl/WFProcessDefinitionServiceImpl.java

@@ -179,6 +179,7 @@ public class WFProcessDefinitionServiceImpl extends ServiceImpl<WFProcessDefinit
         return true;
     }
 
+
 }
 
 

ibzwf-core/src/main/java/cn/ibizlab/core/workflow/service/impl/WFSystemServiceImpl.java

@@ -179,6 +179,7 @@ public class WFSystemServiceImpl extends ServiceImpl<WFSystemMapper, WFSystem> i
         return true;
     }
 
+
 }
 
 

ibzwf-core/src/main/java/cn/ibizlab/core/workflow/service/impl/WFUserServiceImpl.java

@@ -182,6 +182,7 @@ public class WFUserServiceImpl extends ServiceImpl<WFUserMapper, WFUser> impleme
         return true;
     }
 
+
 }
 
 

ibzwf-core/src/main/resources/permission/systemResource.json

     {
+    "systemid":"ibzwf",
     "unires":[
     ],
     "entities":[

ibzwf-provider/ibzwf-provider-api/src/main/java/cn/ibizlab/api/rest/WFGroupResource.java

@@ -22,6 +22,7 @@ import org.springframework.data.domain.Pageable;
 import org.springframework.util.StringUtils;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.access.prepost.PostAuthorize;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiResponse;
@@ -39,14 +40,12 @@ import cn.ibizlab.core.workflow.filter.WFGroupSearchContext;
 public class WFGroupResource {
 
     @Autowired
-    private IWFGroupService wfgroupService;
+    public IWFGroupService wfgroupService;
 
     @Autowired
     @Lazy
     public WFGroupMapping wfgroupMapping;
 
-    public WFGroupDTO permissionDTO=new WFGroupDTO();
-
     @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFGroup-Save-all')")
     @ApiOperation(value = "Save", tags = {"WFGroup" },  notes = "Save")
 	@RequestMapping(method = RequestMethod.POST, value = "/wfgroups/save")
@@ -54,7 +53,7 @@ public class WFGroupResource {
         return ResponseEntity.status(HttpStatus.OK).body(wfgroupService.save(wfgroupMapping.toDomain(wfgroupdto)));
     }
 
-    @PreAuthorize("hasPermission('Save',{'Sql',this.wfgroupMapping,#wfgroupdtos})")
+    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFGroup-Save-all')")
     @ApiOperation(value = "SaveBatch", tags = {"WFGroup" },  notes = "SaveBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "/wfgroups/savebatch")
     public ResponseEntity<Boolean> saveBatch(@RequestBody List<WFGroupDTO> wfgroupdtos) {
@@ -68,13 +67,13 @@ public class WFGroupResource {
     @Transactional
     public ResponseEntity<WFGroupDTO> update(@PathVariable("wfgroup_id") String wfgroup_id, @RequestBody WFGroupDTO wfgroupdto) {
 		WFGroup domain  = wfgroupMapping.toDomain(wfgroupdto);
-        domain.setId(wfgroup_id);
-		wfgroupService.update(domain);
-		WFGroupDTO dto = wfgroupMapping.toDto(domain);
+        domain .setId(wfgroup_id);
+		wfgroupService.update(domain );
+		WFGroupDTO dto = wfgroupMapping.toDto(domain );
         return ResponseEntity.status(HttpStatus.OK).body(dto);
     }
 
-    @PreAuthorize("hasPermission('Update',{'Sql',this.wfgroupMapping,#wfgroupdtos})")
+    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFGroup-Update-all')")
     @ApiOperation(value = "UpdateBatch", tags = {"WFGroup" },  notes = "UpdateBatch")
 	@RequestMapping(method = RequestMethod.PUT, value = "/wfgroups/batch")
     public ResponseEntity<Boolean> updateBatch(@RequestBody List<WFGroupDTO> wfgroupdtos) {
@@ -82,14 +81,12 @@ public class WFGroupResource {
         return  ResponseEntity.status(HttpStatus.OK).body(true);
     }
 
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFGroup-GetDraft-all')")
     @ApiOperation(value = "GetDraft", tags = {"WFGroup" },  notes = "GetDraft")
 	@RequestMapping(method = RequestMethod.GET, value = "/wfgroups/getdraft")
     public ResponseEntity<WFGroupDTO> getDraft() {
         return ResponseEntity.status(HttpStatus.OK).body(wfgroupMapping.toDto(wfgroupService.getDraft(new WFGroup())));
     }
 
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFGroup-CheckKey-all')")
     @ApiOperation(value = "CheckKey", tags = {"WFGroup" },  notes = "CheckKey")
 	@RequestMapping(method = RequestMethod.POST, value = "/wfgroups/checkkey")
     public ResponseEntity<Boolean> checkKey(@RequestBody WFGroupDTO wfgroupdto) {
@@ -107,7 +104,7 @@ public class WFGroupResource {
 		return ResponseEntity.status(HttpStatus.OK).body(dto);
     }
 
-    @PreAuthorize("hasPermission('Create',{'Sql',this.wfgroupMapping,#wfgroupdtos})")
+    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFGroup-Create-all')")
     @ApiOperation(value = "createBatch", tags = {"WFGroup" },  notes = "createBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "/wfgroups/batch")
     public ResponseEntity<Boolean> createBatch(@RequestBody List<WFGroupDTO> wfgroupdtos) {
@@ -123,7 +120,7 @@ public class WFGroupResource {
          return ResponseEntity.status(HttpStatus.OK).body(wfgroupService.remove(wfgroup_id));
     }
 
-    @PreAuthorize("hasPermission('Remove',{'Sql',this.wfgroupMapping,this.permissionDTO,#ids})")
+    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFGroup-Remove-all')")
     @ApiOperation(value = "RemoveBatch", tags = {"WFGroup" },  notes = "RemoveBatch")
 	@RequestMapping(method = RequestMethod.DELETE, value = "/wfgroups/batch")
     public ResponseEntity<Boolean> removeBatch(@RequestBody List<String> ids) {
@@ -162,3 +159,4 @@ public class WFGroupResource {
                 .body(new PageImpl(wfgroupMapping.toDto(domains.getContent()), context.getPageable(), domains.getTotalElements()));
 	}
 }
+

ibzwf-provider/ibzwf-provider-api/src/main/java/cn/ibizlab/api/rest/WFMemberResource.java

@@ -22,6 +22,7 @@ import org.springframework.data.domain.Pageable;
 import org.springframework.util.StringUtils;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.access.prepost.PostAuthorize;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiResponse;
@@ -39,22 +40,18 @@ import cn.ibizlab.core.workflow.filter.WFMemberSearchContext;
 public class WFMemberResource {
 
     @Autowired
-    private IWFMemberService wfmemberService;
+    public IWFMemberService wfmemberService;
 
     @Autowired
     @Lazy
     public WFMemberMapping wfmemberMapping;
 
-    public WFMemberDTO permissionDTO=new WFMemberDTO();
-
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFMember-CheckKey-all')")
     @ApiOperation(value = "CheckKey", tags = {"WFMember" },  notes = "CheckKey")
 	@RequestMapping(method = RequestMethod.POST, value = "/wfmembers/checkkey")
     public ResponseEntity<Boolean> checkKey(@RequestBody WFMemberDTO wfmemberdto) {
         return  ResponseEntity.status(HttpStatus.OK).body(wfmemberService.checkKey(wfmemberMapping.toDomain(wfmemberdto)));
     }
 
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFMember-GetDraft-all')")
     @ApiOperation(value = "GetDraft", tags = {"WFMember" },  notes = "GetDraft")
 	@RequestMapping(method = RequestMethod.GET, value = "/wfmembers/getdraft")
     public ResponseEntity<WFMemberDTO> getDraft() {
@@ -72,7 +69,7 @@ public class WFMemberResource {
 		return ResponseEntity.status(HttpStatus.OK).body(dto);
     }
 
-    @PreAuthorize("hasPermission('Create',{'Sql',this.wfmemberMapping,#wfmemberdtos})")
+    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFMember-Create-all')")
     @ApiOperation(value = "createBatch", tags = {"WFMember" },  notes = "createBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "/wfmembers/batch")
     public ResponseEntity<Boolean> createBatch(@RequestBody List<WFMemberDTO> wfmemberdtos) {
@@ -88,7 +85,7 @@ public class WFMemberResource {
          return ResponseEntity.status(HttpStatus.OK).body(wfmemberService.remove(wfmember_id));
     }
 
-    @PreAuthorize("hasPermission('Remove',{'Sql',this.wfmemberMapping,this.permissionDTO,#ids})")
+    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFMember-Remove-all')")
     @ApiOperation(value = "RemoveBatch", tags = {"WFMember" },  notes = "RemoveBatch")
 	@RequestMapping(method = RequestMethod.DELETE, value = "/wfmembers/batch")
     public ResponseEntity<Boolean> removeBatch(@RequestBody List<String> ids) {
@@ -103,7 +100,7 @@ public class WFMemberResource {
         return ResponseEntity.status(HttpStatus.OK).body(wfmemberService.save(wfmemberMapping.toDomain(wfmemberdto)));
     }
 
-    @PreAuthorize("hasPermission('Save',{'Sql',this.wfmemberMapping,#wfmemberdtos})")
+    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFMember-Save-all')")
     @ApiOperation(value = "SaveBatch", tags = {"WFMember" },  notes = "SaveBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "/wfmembers/savebatch")
     public ResponseEntity<Boolean> saveBatch(@RequestBody List<WFMemberDTO> wfmemberdtos) {
@@ -117,13 +114,13 @@ public class WFMemberResource {
     @Transactional
     public ResponseEntity<WFMemberDTO> update(@PathVariable("wfmember_id") String wfmember_id, @RequestBody WFMemberDTO wfmemberdto) {
 		WFMember domain  = wfmemberMapping.toDomain(wfmemberdto);
-        domain.setMemberid(wfmember_id);
-		wfmemberService.update(domain);
-		WFMemberDTO dto = wfmemberMapping.toDto(domain);
+        domain .setMemberid(wfmember_id);
+		wfmemberService.update(domain );
+		WFMemberDTO dto = wfmemberMapping.toDto(domain );
         return ResponseEntity.status(HttpStatus.OK).body(dto);
     }
 
-    @PreAuthorize("hasPermission('Update',{'Sql',this.wfmemberMapping,#wfmemberdtos})")
+    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFMember-Update-all')")
     @ApiOperation(value = "UpdateBatch", tags = {"WFMember" },  notes = "UpdateBatch")
 	@RequestMapping(method = RequestMethod.PUT, value = "/wfmembers/batch")
     public ResponseEntity<Boolean> updateBatch(@RequestBody List<WFMemberDTO> wfmemberdtos) {
@@ -161,14 +158,12 @@ public class WFMemberResource {
 	    return ResponseEntity.status(HttpStatus.OK)
                 .body(new PageImpl(wfmemberMapping.toDto(domains.getContent()), context.getPageable(), domains.getTotalElements()));
 	}
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFMember-CheckKey-all')")
     @ApiOperation(value = "CheckKeyByWFGroup", tags = {"WFMember" },  notes = "CheckKeyByWFGroup")
 	@RequestMapping(method = RequestMethod.POST, value = "/wfgroups/{wfgroup_id}/wfmembers/checkkey")
     public ResponseEntity<Boolean> checkKeyByWFGroup(@PathVariable("wfgroup_id") String wfgroup_id, @RequestBody WFMemberDTO wfmemberdto) {
         return  ResponseEntity.status(HttpStatus.OK).body(wfmemberService.checkKey(wfmemberMapping.toDomain(wfmemberdto)));
     }
 
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFMember-GetDraft-all')")
     @ApiOperation(value = "GetDraftByWFGroup", tags = {"WFMember" },  notes = "GetDraftByWFGroup")
     @RequestMapping(method = RequestMethod.GET, value = "/wfgroups/{wfgroup_id}/wfmembers/getdraft")
     public ResponseEntity<WFMemberDTO> getDraftByWFGroup(@PathVariable("wfgroup_id") String wfgroup_id) {
@@ -189,7 +184,7 @@ public class WFMemberResource {
 		return ResponseEntity.status(HttpStatus.OK).body(dto);
     }
 
-    @PreAuthorize("hasPermission('Create',{'Sql',this.wfmemberMapping,#wfmemberdtos})")
+    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFMember-Create-all')")
     @ApiOperation(value = "createBatchByWFGroup", tags = {"WFMember" },  notes = "createBatchByWFGroup")
 	@RequestMapping(method = RequestMethod.POST, value = "/wfgroups/{wfgroup_id}/wfmembers/batch")
     public ResponseEntity<Boolean> createBatchByWFGroup(@PathVariable("wfgroup_id") String wfgroup_id, @RequestBody List<WFMemberDTO> wfmemberdtos) {
@@ -209,7 +204,7 @@ public class WFMemberResource {
 		return ResponseEntity.status(HttpStatus.OK).body(wfmemberService.remove(wfmember_id));
     }
 
-    @PreAuthorize("hasPermission('Remove',{'Sql',this.wfmemberMapping,this.permissionDTO,#ids})")
+    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFMember-Remove-all')")
     @ApiOperation(value = "RemoveBatchByWFGroup", tags = {"WFMember" },  notes = "RemoveBatchByWFGroup")
 	@RequestMapping(method = RequestMethod.DELETE, value = "/wfgroups/{wfgroup_id}/wfmembers/batch")
     public ResponseEntity<Boolean> removeBatchByWFGroup(@RequestBody List<String> ids) {
@@ -226,7 +221,7 @@ public class WFMemberResource {
         return ResponseEntity.status(HttpStatus.OK).body(wfmemberService.save(domain));
     }
 
-    @PreAuthorize("hasPermission('Save',{'Sql',this.wfmemberMapping,#wfmemberdtos})")
+    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFMember-Save-all')")
     @ApiOperation(value = "SaveBatchByWFGroup", tags = {"WFMember" },  notes = "SaveBatchByWFGroup")
 	@RequestMapping(method = RequestMethod.POST, value = "/wfgroups/{wfgroup_id}/wfmembers/savebatch")
     public ResponseEntity<Boolean> saveBatchByWFGroup(@PathVariable("wfgroup_id") String wfgroup_id, @RequestBody List<WFMemberDTO> wfmemberdtos) {
@@ -251,7 +246,7 @@ public class WFMemberResource {
         return ResponseEntity.status(HttpStatus.OK).body(dto);
     }
 
-    @PreAuthorize("hasPermission('Update',{'Sql',this.wfmemberMapping,#wfmemberdtos})")
+    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFMember-Update-all')")
     @ApiOperation(value = "UpdateBatchByWFGroup", tags = {"WFMember" },  notes = "UpdateBatchByWFGroup")
 	@RequestMapping(method = RequestMethod.PUT, value = "/wfgroups/{wfgroup_id}/wfmembers/batch")
     public ResponseEntity<Boolean> updateBatchByWFGroup(@PathVariable("wfgroup_id") String wfgroup_id, @RequestBody List<WFMemberDTO> wfmemberdtos) {
@@ -295,14 +290,12 @@ public class WFMemberResource {
 	    return ResponseEntity.status(HttpStatus.OK)
                 .body(new PageImpl(wfmemberMapping.toDto(domains.getContent()), context.getPageable(), domains.getTotalElements()));
 	}
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFMember-CheckKey-all')")
     @ApiOperation(value = "CheckKeyByWFUser", tags = {"WFMember" },  notes = "CheckKeyByWFUser")
 	@RequestMapping(method = RequestMethod.POST, value = "/wfusers/{wfuser_id}/wfmembers/checkkey")
     public ResponseEntity<Boolean> checkKeyByWFUser(@PathVariable("wfuser_id") String wfuser_id, @RequestBody WFMemberDTO wfmemberdto) {
         return  ResponseEntity.status(HttpStatus.OK).body(wfmemberService.checkKey(wfmemberMapping.toDomain(wfmemberdto)));
     }
 
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFMember-GetDraft-all')")
     @ApiOperation(value = "GetDraftByWFUser", tags = {"WFMember" },  notes = "GetDraftByWFUser")
     @RequestMapping(method = RequestMethod.GET, value = "/wfusers/{wfuser_id}/wfmembers/getdraft")
     public ResponseEntity<WFMemberDTO> getDraftByWFUser(@PathVariable("wfuser_id") String wfuser_id) {
@@ -323,7 +316,7 @@ public class WFMemberResource {
 		return ResponseEntity.status(HttpStatus.OK).body(dto);
     }
 
-    @PreAuthorize("hasPermission('Create',{'Sql',this.wfmemberMapping,#wfmemberdtos})")
+    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFMember-Create-all')")
     @ApiOperation(value = "createBatchByWFUser", tags = {"WFMember" },  notes = "createBatchByWFUser")
 	@RequestMapping(method = RequestMethod.POST, value = "/wfusers/{wfuser_id}/wfmembers/batch")
     public ResponseEntity<Boolean> createBatchByWFUser(@PathVariable("wfuser_id") String wfuser_id, @RequestBody List<WFMemberDTO> wfmemberdtos) {
@@ -343,7 +336,7 @@ public class WFMemberResource {
 		return ResponseEntity.status(HttpStatus.OK).body(wfmemberService.remove(wfmember_id));
     }
 
-    @PreAuthorize("hasPermission('Remove',{'Sql',this.wfmemberMapping,this.permissionDTO,#ids})")
+    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFMember-Remove-all')")
     @ApiOperation(value = "RemoveBatchByWFUser", tags = {"WFMember" },  notes = "RemoveBatchByWFUser")
 	@RequestMapping(method = RequestMethod.DELETE, value = "/wfusers/{wfuser_id}/wfmembers/batch")
     public ResponseEntity<Boolean> removeBatchByWFUser(@RequestBody List<String> ids) {
@@ -360,7 +353,7 @@ public class WFMemberResource {
         return ResponseEntity.status(HttpStatus.OK).body(wfmemberService.save(domain));
     }
 
-    @PreAuthorize("hasPermission('Save',{'Sql',this.wfmemberMapping,#wfmemberdtos})")
+    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFMember-Save-all')")
     @ApiOperation(value = "SaveBatchByWFUser", tags = {"WFMember" },  notes = "SaveBatchByWFUser")
 	@RequestMapping(method = RequestMethod.POST, value = "/wfusers/{wfuser_id}/wfmembers/savebatch")
     public ResponseEntity<Boolean> saveBatchByWFUser(@PathVariable("wfuser_id") String wfuser_id, @RequestBody List<WFMemberDTO> wfmemberdtos) {
@@ -385,7 +378,7 @@ public class WFMemberResource {
         return ResponseEntity.status(HttpStatus.OK).body(dto);
     }
 
-    @PreAuthorize("hasPermission('Update',{'Sql',this.wfmemberMapping,#wfmemberdtos})")
+    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFMember-Update-all')")
     @ApiOperation(value = "UpdateBatchByWFUser", tags = {"WFMember" },  notes = "UpdateBatchByWFUser")
 	@RequestMapping(method = RequestMethod.PUT, value = "/wfusers/{wfuser_id}/wfmembers/batch")
     public ResponseEntity<Boolean> updateBatchByWFUser(@PathVariable("wfuser_id") String wfuser_id, @RequestBody List<WFMemberDTO> wfmemberdtos) {
@@ -430,3 +423,4 @@ public class WFMemberResource {
                 .body(new PageImpl(wfmemberMapping.toDto(domains.getContent()), context.getPageable(), domains.getTotalElements()));
 	}
 }
+

ibzwf-provider/ibzwf-provider-api/src/main/java/cn/ibizlab/api/rest/WFProcessDefinitionResource.java

@@ -22,6 +22,7 @@ import org.springframework.data.domain.Pageable;
 import org.springframework.util.StringUtils;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.access.prepost.PostAuthorize;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiResponse;
@@ -39,14 +40,12 @@ import cn.ibizlab.core.workflow.filter.WFProcessDefinitionSearchContext;
 public class WFProcessDefinitionResource {
 
     @Autowired
-    private IWFProcessDefinitionService wfprocessdefinitionService;
+    public IWFProcessDefinitionService wfprocessdefinitionService;
 
     @Autowired
     @Lazy
     public WFProcessDefinitionMapping wfprocessdefinitionMapping;
 
-    public WFProcessDefinitionDTO permissionDTO=new WFProcessDefinitionDTO();
-
     @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFProcessDefinition-Save-all')")
     @ApiOperation(value = "Save", tags = {"WFProcessDefinition" },  notes = "Save")
 	@RequestMapping(method = RequestMethod.POST, value = "/wfprocessdefinitions/save")
@@ -54,7 +53,7 @@ public class WFProcessDefinitionResource {
         return ResponseEntity.status(HttpStatus.OK).body(wfprocessdefinitionService.save(wfprocessdefinitionMapping.toDomain(wfprocessdefinitiondto)));
     }
 
-    @PreAuthorize("hasPermission('Save',{'Sql',this.wfprocessdefinitionMapping,#wfprocessdefinitiondtos})")
+    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFProcessDefinition-Save-all')")
     @ApiOperation(value = "SaveBatch", tags = {"WFProcessDefinition" },  notes = "SaveBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "/wfprocessdefinitions/savebatch")
     public ResponseEntity<Boolean> saveBatch(@RequestBody List<WFProcessDefinitionDTO> wfprocessdefinitiondtos) {
@@ -68,13 +67,13 @@ public class WFProcessDefinitionResource {
     @Transactional
     public ResponseEntity<WFProcessDefinitionDTO> update(@PathVariable("wfprocessdefinition_id") String wfprocessdefinition_id, @RequestBody WFProcessDefinitionDTO wfprocessdefinitiondto) {
 		WFProcessDefinition domain  = wfprocessdefinitionMapping.toDomain(wfprocessdefinitiondto);
-        domain.setDefinitionkey(wfprocessdefinition_id);
-		wfprocessdefinitionService.update(domain);
-		WFProcessDefinitionDTO dto = wfprocessdefinitionMapping.toDto(domain);
+        domain .setDefinitionkey(wfprocessdefinition_id);
+		wfprocessdefinitionService.update(domain );
+		WFProcessDefinitionDTO dto = wfprocessdefinitionMapping.toDto(domain );
         return ResponseEntity.status(HttpStatus.OK).body(dto);
     }
 
-    @PreAuthorize("hasPermission('Update',{'Sql',this.wfprocessdefinitionMapping,#wfprocessdefinitiondtos})")
+    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFProcessDefinition-Update-all')")
     @ApiOperation(value = "UpdateBatch", tags = {"WFProcessDefinition" },  notes = "UpdateBatch")
 	@RequestMapping(method = RequestMethod.PUT, value = "/wfprocessdefinitions/batch")
     public ResponseEntity<Boolean> updateBatch(@RequestBody List<WFProcessDefinitionDTO> wfprocessdefinitiondtos) {
@@ -91,14 +90,12 @@ public class WFProcessDefinitionResource {
         return ResponseEntity.status(HttpStatus.OK).body(dto);
     }
 
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFProcessDefinition-CheckKey-all')")
     @ApiOperation(value = "CheckKey", tags = {"WFProcessDefinition" },  notes = "CheckKey")
 	@RequestMapping(method = RequestMethod.POST, value = "/wfprocessdefinitions/checkkey")
     public ResponseEntity<Boolean> checkKey(@RequestBody WFProcessDefinitionDTO wfprocessdefinitiondto) {
         return  ResponseEntity.status(HttpStatus.OK).body(wfprocessdefinitionService.checkKey(wfprocessdefinitionMapping.toDomain(wfprocessdefinitiondto)));
     }
 
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFProcessDefinition-GetDraft-all')")
     @ApiOperation(value = "GetDraft", tags = {"WFProcessDefinition" },  notes = "GetDraft")
 	@RequestMapping(method = RequestMethod.GET, value = "/wfprocessdefinitions/getdraft")
     public ResponseEntity<WFProcessDefinitionDTO> getDraft() {
@@ -116,7 +113,7 @@ public class WFProcessDefinitionResource {
 		return ResponseEntity.status(HttpStatus.OK).body(dto);
     }
 
-    @PreAuthorize("hasPermission('Create',{'Sql',this.wfprocessdefinitionMapping,#wfprocessdefinitiondtos})")
+    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFProcessDefinition-Create-all')")
     @ApiOperation(value = "createBatch", tags = {"WFProcessDefinition" },  notes = "createBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "/wfprocessdefinitions/batch")
     public ResponseEntity<Boolean> createBatch(@RequestBody List<WFProcessDefinitionDTO> wfprocessdefinitiondtos) {
@@ -132,7 +129,7 @@ public class WFProcessDefinitionResource {
          return ResponseEntity.status(HttpStatus.OK).body(wfprocessdefinitionService.remove(wfprocessdefinition_id));
     }
 
-    @PreAuthorize("hasPermission('Remove',{'Sql',this.wfprocessdefinitionMapping,this.permissionDTO,#ids})")
+    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFProcessDefinition-Remove-all')")
     @ApiOperation(value = "RemoveBatch", tags = {"WFProcessDefinition" },  notes = "RemoveBatch")
 	@RequestMapping(method = RequestMethod.DELETE, value = "/wfprocessdefinitions/batch")
     public ResponseEntity<Boolean> removeBatch(@RequestBody List<String> ids) {
@@ -162,3 +159,4 @@ public class WFProcessDefinitionResource {
                 .body(new PageImpl(wfprocessdefinitionMapping.toDto(domains.getContent()), context.getPageable(), domains.getTotalElements()));
 	}
 }
+

ibzwf-provider/ibzwf-provider-api/src/main/java/cn/ibizlab/api/rest/WFREModelResource.java

@@ -22,6 +22,7 @@ import org.springframework.data.domain.Pageable;
 import org.springframework.util.StringUtils;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.access.prepost.PostAuthorize;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiResponse;
@@ -39,27 +40,23 @@ import cn.ibizlab.core.workflow.filter.WFREModelSearchContext;
 public class WFREModelResource {
 
     @Autowired
-    private IWFREModelService wfremodelService;
+    public IWFREModelService wfremodelService;
 
     @Autowired
     @Lazy
     public WFREModelMapping wfremodelMapping;
 
-    public WFREModelDTO permissionDTO=new WFREModelDTO();
-
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFREModel-Update-all')")
     @ApiOperation(value = "Update", tags = {"WFREModel" },  notes = "Update")
 	@RequestMapping(method = RequestMethod.PUT, value = "/wfremodels/{wfremodel_id}")
     @Transactional
     public ResponseEntity<WFREModelDTO> update(@PathVariable("wfremodel_id") String wfremodel_id, @RequestBody WFREModelDTO wfremodeldto) {
 		WFREModel domain  = wfremodelMapping.toDomain(wfremodeldto);
-        domain.setId(wfremodel_id);
-		wfremodelService.update(domain);
-		WFREModelDTO dto = wfremodelMapping.toDto(domain);
+        domain .setId(wfremodel_id);
+		wfremodelService.update(domain );
+		WFREModelDTO dto = wfremodelMapping.toDto(domain );
         return ResponseEntity.status(HttpStatus.OK).body(dto);
     }
 
-    @PreAuthorize("hasPermission('Update',{'None',this.wfremodelMapping,#wfremodeldtos})")
     @ApiOperation(value = "UpdateBatch", tags = {"WFREModel" },  notes = "UpdateBatch")
 	@RequestMapping(method = RequestMethod.PUT, value = "/wfremodels/batch")
     public ResponseEntity<Boolean> updateBatch(@RequestBody List<WFREModelDTO> wfremodeldtos) {
@@ -67,14 +64,12 @@ public class WFREModelResource {
         return  ResponseEntity.status(HttpStatus.OK).body(true);
     }
 
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFREModel-Save-all')")
     @ApiOperation(value = "Save", tags = {"WFREModel" },  notes = "Save")
 	@RequestMapping(method = RequestMethod.POST, value = "/wfremodels/save")
     public ResponseEntity<Boolean> save(@RequestBody WFREModelDTO wfremodeldto) {
         return ResponseEntity.status(HttpStatus.OK).body(wfremodelService.save(wfremodelMapping.toDomain(wfremodeldto)));
     }
 
-    @PreAuthorize("hasPermission('Save',{'None',this.wfremodelMapping,#wfremodeldtos})")
     @ApiOperation(value = "SaveBatch", tags = {"WFREModel" },  notes = "SaveBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "/wfremodels/savebatch")
     public ResponseEntity<Boolean> saveBatch(@RequestBody List<WFREModelDTO> wfremodeldtos) {
@@ -82,7 +77,6 @@ public class WFREModelResource {
         return  ResponseEntity.status(HttpStatus.OK).body(true);
     }
 
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFREModel-Get-all')")
     @ApiOperation(value = "Get", tags = {"WFREModel" },  notes = "Get")
 	@RequestMapping(method = RequestMethod.GET, value = "/wfremodels/{wfremodel_id}")
     public ResponseEntity<WFREModelDTO> get(@PathVariable("wfremodel_id") String wfremodel_id) {
@@ -91,7 +85,6 @@ public class WFREModelResource {
         return ResponseEntity.status(HttpStatus.OK).body(dto);
     }
 
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFREModel-Create-all')")
     @ApiOperation(value = "Create", tags = {"WFREModel" },  notes = "Create")
 	@RequestMapping(method = RequestMethod.POST, value = "/wfremodels")
     @Transactional
@@ -102,7 +95,6 @@ public class WFREModelResource {
 		return ResponseEntity.status(HttpStatus.OK).body(dto);
     }
 
-    @PreAuthorize("hasPermission('Create',{'None',this.wfremodelMapping,#wfremodeldtos})")
     @ApiOperation(value = "createBatch", tags = {"WFREModel" },  notes = "createBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "/wfremodels/batch")
     public ResponseEntity<Boolean> createBatch(@RequestBody List<WFREModelDTO> wfremodeldtos) {
@@ -110,14 +102,12 @@ public class WFREModelResource {
         return  ResponseEntity.status(HttpStatus.OK).body(true);
     }
 
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFREModel-CheckKey-all')")
     @ApiOperation(value = "CheckKey", tags = {"WFREModel" },  notes = "CheckKey")
 	@RequestMapping(method = RequestMethod.POST, value = "/wfremodels/checkkey")
     public ResponseEntity<Boolean> checkKey(@RequestBody WFREModelDTO wfremodeldto) {
         return  ResponseEntity.status(HttpStatus.OK).body(wfremodelService.checkKey(wfremodelMapping.toDomain(wfremodeldto)));
     }
 
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFREModel-Remove-all')")
     @ApiOperation(value = "Remove", tags = {"WFREModel" },  notes = "Remove")
 	@RequestMapping(method = RequestMethod.DELETE, value = "/wfremodels/{wfremodel_id}")
     @Transactional
@@ -125,7 +115,6 @@ public class WFREModelResource {
          return ResponseEntity.status(HttpStatus.OK).body(wfremodelService.remove(wfremodel_id));
     }
 
-    @PreAuthorize("hasPermission('Remove',{'None',this.wfremodelMapping,this.permissionDTO,#ids})")
     @ApiOperation(value = "RemoveBatch", tags = {"WFREModel" },  notes = "RemoveBatch")
 	@RequestMapping(method = RequestMethod.DELETE, value = "/wfremodels/batch")
     public ResponseEntity<Boolean> removeBatch(@RequestBody List<String> ids) {
@@ -133,14 +122,12 @@ public class WFREModelResource {
         return  ResponseEntity.status(HttpStatus.OK).body(true);
     }
 
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFREModel-GetDraft-all')")
     @ApiOperation(value = "GetDraft", tags = {"WFREModel" },  notes = "GetDraft")
 	@RequestMapping(method = RequestMethod.GET, value = "/wfremodels/getdraft")
     public ResponseEntity<WFREModelDTO> getDraft() {
         return ResponseEntity.status(HttpStatus.OK).body(wfremodelMapping.toDto(wfremodelService.getDraft(new WFREModel())));
     }
 
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFREModel-Default-all')")
 	@ApiOperation(value = "fetchDEFAULT", tags = {"WFREModel" } ,notes = "fetchDEFAULT")
     @RequestMapping(method= RequestMethod.GET , value="/wfremodels/fetchdefault")
 	public ResponseEntity<List<WFREModelDTO>> fetchDefault(WFREModelSearchContext context) {
@@ -153,7 +140,6 @@ public class WFREModelResource {
                 .body(list);
 	}
 
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFREModel-Default-all')")
 	@ApiOperation(value = "searchDEFAULT", tags = {"WFREModel" } ,notes = "searchDEFAULT")
     @RequestMapping(method= RequestMethod.POST , value="/wfremodels/searchdefault")
 	public ResponseEntity<Page<WFREModelDTO>> searchDefault(@RequestBody WFREModelSearchContext context) {
@@ -162,3 +148,4 @@ public class WFREModelResource {
                 .body(new PageImpl(wfremodelMapping.toDto(domains.getContent()), context.getPageable(), domains.getTotalElements()));
 	}
 }
+

ibzwf-provider/ibzwf-provider-api/src/main/java/cn/ibizlab/api/rest/WFSystemResource.java

@@ -22,6 +22,7 @@ import org.springframework.data.domain.Pageable;
 import org.springframework.util.StringUtils;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.access.prepost.PostAuthorize;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiResponse;
@@ -39,14 +40,12 @@ import cn.ibizlab.core.workflow.filter.WFSystemSearchContext;
 public class WFSystemResource {
 
     @Autowired
-    private IWFSystemService wfsystemService;
+    public IWFSystemService wfsystemService;
 
     @Autowired
     @Lazy
     public WFSystemMapping wfsystemMapping;
 
-    public WFSystemDTO permissionDTO=new WFSystemDTO();
-
     @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFSystem-Remove-all')")
     @ApiOperation(value = "Remove", tags = {"WFSystem" },  notes = "Remove")
 	@RequestMapping(method = RequestMethod.DELETE, value = "/wfsystems/{wfsystem_id}")
@@ -55,7 +54,7 @@ public class WFSystemResource {
          return ResponseEntity.status(HttpStatus.OK).body(wfsystemService.remove(wfsystem_id));
     }
 
-    @PreAuthorize("hasPermission('Remove',{'Sql',this.wfsystemMapping,this.permissionDTO,#ids})")
+    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFSystem-Remove-all')")
     @ApiOperation(value = "RemoveBatch", tags = {"WFSystem" },  notes = "RemoveBatch")
 	@RequestMapping(method = RequestMethod.DELETE, value = "/wfsystems/batch")
     public ResponseEntity<Boolean> removeBatch(@RequestBody List<String> ids) {
@@ -69,13 +68,13 @@ public class WFSystemResource {
     @Transactional
     public ResponseEntity<WFSystemDTO> update(@PathVariable("wfsystem_id") String wfsystem_id, @RequestBody WFSystemDTO wfsystemdto) {
 		WFSystem domain  = wfsystemMapping.toDomain(wfsystemdto);
-        domain.setPssystemid(wfsystem_id);
-		wfsystemService.update(domain);
-		WFSystemDTO dto = wfsystemMapping.toDto(domain);
+        domain .setPssystemid(wfsystem_id);
+		wfsystemService.update(domain );
+		WFSystemDTO dto = wfsystemMapping.toDto(domain );
         return ResponseEntity.status(HttpStatus.OK).body(dto);
     }
 
-    @PreAuthorize("hasPermission('Update',{'Sql',this.wfsystemMapping,#wfsystemdtos})")
+    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFSystem-Update-all')")
     @ApiOperation(value = "UpdateBatch", tags = {"WFSystem" },  notes = "UpdateBatch")
 	@RequestMapping(method = RequestMethod.PUT, value = "/wfsystems/batch")
     public ResponseEntity<Boolean> updateBatch(@RequestBody List<WFSystemDTO> wfsystemdtos) {
@@ -83,7 +82,6 @@ public class WFSystemResource {
         return  ResponseEntity.status(HttpStatus.OK).body(true);
     }
 
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFSystem-GetDraft-all')")
     @ApiOperation(value = "GetDraft", tags = {"WFSystem" },  notes = "GetDraft")
 	@RequestMapping(method = RequestMethod.GET, value = "/wfsystems/getdraft")
     public ResponseEntity<WFSystemDTO> getDraft() {
@@ -97,7 +95,7 @@ public class WFSystemResource {
         return ResponseEntity.status(HttpStatus.OK).body(wfsystemService.save(wfsystemMapping.toDomain(wfsystemdto)));
     }
 
-    @PreAuthorize("hasPermission('Save',{'Sql',this.wfsystemMapping,#wfsystemdtos})")
+    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFSystem-Save-all')")
     @ApiOperation(value = "SaveBatch", tags = {"WFSystem" },  notes = "SaveBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "/wfsystems/savebatch")
     public ResponseEntity<Boolean> saveBatch(@RequestBody List<WFSystemDTO> wfsystemdtos) {
@@ -116,7 +114,7 @@ public class WFSystemResource {
 		return ResponseEntity.status(HttpStatus.OK).body(dto);
     }
 
-    @PreAuthorize("hasPermission('Create',{'Sql',this.wfsystemMapping,#wfsystemdtos})")
+    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFSystem-Create-all')")
     @ApiOperation(value = "createBatch", tags = {"WFSystem" },  notes = "createBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "/wfsystems/batch")
     public ResponseEntity<Boolean> createBatch(@RequestBody List<WFSystemDTO> wfsystemdtos) {
@@ -124,7 +122,6 @@ public class WFSystemResource {
         return  ResponseEntity.status(HttpStatus.OK).body(true);
     }
 
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFSystem-CheckKey-all')")
     @ApiOperation(value = "CheckKey", tags = {"WFSystem" },  notes = "CheckKey")
 	@RequestMapping(method = RequestMethod.POST, value = "/wfsystems/checkkey")
     public ResponseEntity<Boolean> checkKey(@RequestBody WFSystemDTO wfsystemdto) {
@@ -162,3 +159,4 @@ public class WFSystemResource {
                 .body(new PageImpl(wfsystemMapping.toDto(domains.getContent()), context.getPageable(), domains.getTotalElements()));
 	}
 }
+

ibzwf-provider/ibzwf-provider-api/src/main/java/cn/ibizlab/api/rest/WFUserResource.java

@@ -22,6 +22,7 @@ import org.springframework.data.domain.Pageable;
 import org.springframework.util.StringUtils;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.access.prepost.PostAuthorize;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiResponse;
@@ -39,14 +40,12 @@ import cn.ibizlab.core.workflow.filter.WFUserSearchContext;
 public class WFUserResource {
 
     @Autowired
-    private IWFUserService wfuserService;
+    public IWFUserService wfuserService;
 
     @Autowired
     @Lazy
     public WFUserMapping wfuserMapping;
 
-    public WFUserDTO permissionDTO=new WFUserDTO();
-
     @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFUser-Remove-all')")
     @ApiOperation(value = "Remove", tags = {"WFUser" },  notes = "Remove")
 	@RequestMapping(method = RequestMethod.DELETE, value = "/wfusers/{wfuser_id}")
@@ -55,7 +54,7 @@ public class WFUserResource {
          return ResponseEntity.status(HttpStatus.OK).body(wfuserService.remove(wfuser_id));
     }
 
-    @PreAuthorize("hasPermission('Remove',{'Sql',this.wfuserMapping,this.permissionDTO,#ids})")
+    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFUser-Remove-all')")
     @ApiOperation(value = "RemoveBatch", tags = {"WFUser" },  notes = "RemoveBatch")
 	@RequestMapping(method = RequestMethod.DELETE, value = "/wfusers/batch")
     public ResponseEntity<Boolean> removeBatch(@RequestBody List<String> ids) {
@@ -63,7 +62,6 @@ public class WFUserResource {
         return  ResponseEntity.status(HttpStatus.OK).body(true);
     }
 
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFUser-GetDraft-all')")
     @ApiOperation(value = "GetDraft", tags = {"WFUser" },  notes = "GetDraft")
 	@RequestMapping(method = RequestMethod.GET, value = "/wfusers/getdraft")
     public ResponseEntity<WFUserDTO> getDraft() {
@@ -77,7 +75,7 @@ public class WFUserResource {
         return ResponseEntity.status(HttpStatus.OK).body(wfuserService.save(wfuserMapping.toDomain(wfuserdto)));
     }
 
-    @PreAuthorize("hasPermission('Save',{'Sql',this.wfuserMapping,#wfuserdtos})")
+    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFUser-Save-all')")
     @ApiOperation(value = "SaveBatch", tags = {"WFUser" },  notes = "SaveBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "/wfusers/savebatch")
     public ResponseEntity<Boolean> saveBatch(@RequestBody List<WFUserDTO> wfuserdtos) {
@@ -91,13 +89,13 @@ public class WFUserResource {
     @Transactional
     public ResponseEntity<WFUserDTO> update(@PathVariable("wfuser_id") String wfuser_id, @RequestBody WFUserDTO wfuserdto) {
 		WFUser domain  = wfuserMapping.toDomain(wfuserdto);
-        domain.setId(wfuser_id);
-		wfuserService.update(domain);
-		WFUserDTO dto = wfuserMapping.toDto(domain);
+        domain .setId(wfuser_id);
+		wfuserService.update(domain );
+		WFUserDTO dto = wfuserMapping.toDto(domain );
         return ResponseEntity.status(HttpStatus.OK).body(dto);
     }
 
-    @PreAuthorize("hasPermission('Update',{'Sql',this.wfuserMapping,#wfuserdtos})")
+    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFUser-Update-all')")
     @ApiOperation(value = "UpdateBatch", tags = {"WFUser" },  notes = "UpdateBatch")
 	@RequestMapping(method = RequestMethod.PUT, value = "/wfusers/batch")
     public ResponseEntity<Boolean> updateBatch(@RequestBody List<WFUserDTO> wfuserdtos) {
@@ -125,7 +123,7 @@ public class WFUserResource {
 		return ResponseEntity.status(HttpStatus.OK).body(dto);
     }
 
-    @PreAuthorize("hasPermission('Create',{'Sql',this.wfuserMapping,#wfuserdtos})")
+    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFUser-Create-all')")
     @ApiOperation(value = "createBatch", tags = {"WFUser" },  notes = "createBatch")
 	@RequestMapping(method = RequestMethod.POST, value = "/wfusers/batch")
     public ResponseEntity<Boolean> createBatch(@RequestBody List<WFUserDTO> wfuserdtos) {
@@ -133,7 +131,6 @@ public class WFUserResource {
         return  ResponseEntity.status(HttpStatus.OK).body(true);
     }
 
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFUser-CheckKey-all')")
     @ApiOperation(value = "CheckKey", tags = {"WFUser" },  notes = "CheckKey")
 	@RequestMapping(method = RequestMethod.POST, value = "/wfusers/checkkey")
     public ResponseEntity<Boolean> checkKey(@RequestBody WFUserDTO wfuserdto) {
@@ -162,3 +159,4 @@ public class WFUserResource {
                 .body(new PageImpl(wfuserMapping.toDto(domains.getContent()), context.getPageable(), domains.getTotalElements()));
 	}
 }
+

ibzwf-util/src/main/java/cn/ibizlab/util/client/IBZUAAFallback.java

@@ -9,8 +9,8 @@ import com.alibaba.fastjson.JSONObject;
 public class IBZUAAFallback implements IBZUAAFeignClient {
 
     @Override
-    public boolean pushSystemPermissionData(String systemid,JSONObject systemPermissionData) {
-        return false;
+    public Boolean syncSysAuthority(JSONObject system) {
+        return null;
     }
 
     @Override

ibzwf-util/src/main/java/cn/ibizlab/util/client/IBZUAAFeignClient.java

@@ -10,13 +10,12 @@ import com.alibaba.fastjson.JSONObject;
 public interface IBZUAAFeignClient
 {
 	/**
-	 * 推送系统权限数据到uaa
-	 * @param systemid
-	 * @param systemPermissionData
+	 * 同步系统资源到uaa
+	 * @param system 系统资源信息
 	 * @return
 	 */
-	@PostMapping("/syspssystems/{systemid}/permissiondata")
-	boolean pushSystemPermissionData(@PathVariable("systemid") String systemid,@RequestBody JSONObject systemPermissionData);
+	@PostMapping("/syspssystems/save")
+	Boolean syncSysAuthority(@RequestBody JSONObject system);
 
 	/**
 	 * 用户登录

ibzwf-util/src/main/java/cn/ibizlab/util/job/PermissionSyncJob.java

@@ -36,10 +36,14 @@ public class PermissionSyncJob implements ApplicationRunner {
             Thread.sleep(10000);
             InputStream permission= this.getClass().getResourceAsStream("/permission/systemResource.json"); //获取当前系统所有实体资源能力
             String permissionResult = IOUtils.toString(permission,"UTF-8");
-            if(client.pushSystemPermissionData(systemId,JSONObject.parseObject(permissionResult))){
+            JSONObject system= new JSONObject();
+            system.put("pssystemid",systemId);
+            system.put("pssystemname",systemId);
+            system.put("sysstructure",JSONObject.parseObject(permissionResult));
+            if(client.syncSysAuthority(system)){
                 log.info("向[UAA]同步系统资源成功");
             }else{
-                log.info(String.format("向[UAA]同步系统资源失败"));
+                log.error("向[UAA]同步系统资源失败");
             }
         }
         catch (Exception ex) {

ibzwf-util/src/main/java/cn/ibizlab/util/rest/AppController.java

 package cn.ibizlab.util.rest;
 
-import com.alibaba.fastjson.JSONArray;
 import com.alibaba.fastjson.JSONObject;
+import cn.ibizlab.util.security.AuthenticationUser;
+import cn.ibizlab.util.service.AuthenticationUserService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
-import org.springframework.util.ObjectUtils;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RestController;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.beans.factory.annotation.Autowired;
-import cn.ibizlab.util.security.AuthenticationUser;
-import cn.ibizlab.util.service.AuthenticationUserService;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
 
 @RestController
 @RequestMapping(value = "")
@@ -27,13 +30,19 @@ public class AppController {
 	public ResponseEntity<JSONObject> getAppData() {
 
 		JSONObject appData = new JSONObject() ;
-		JSONArray uniRes=new JSONArray();
-    	JSONArray appMenu=new JSONArray();
+		Set<String> appMenu = new HashSet();
+		Set<String> uniRes = new HashSet();
+
 		if(enablePermissionValid){
-			JSONObject userPermission=AuthenticationUser.getAuthenticationUser().getPermissionList();
-			if(!ObjectUtils.isEmpty(userPermission)){
-				uniRes = userPermission.getJSONArray("unires");
-    			appMenu = userPermission.getJSONArray("appmenu");
+			Collection<GrantedAuthority> authorities=AuthenticationUser.getAuthenticationUser().getAuthorities();
+				Iterator it = authorities.iterator();
+				while(it.hasNext()) {
+					GrantedAuthority authority = (GrantedAuthority)it.next();
+					String strAuthority=authority.getAuthority();
+					if(strAuthority.startsWith("UNIRES"))
+						uniRes.add(strAuthority);
+					else if(strAuthority.startsWith("APPMENU"))
+						appMenu.add(strAuthority);
 				}
 		}
 		appData.put("unires",uniRes);

ibzwf-util/src/main/java/cn/ibizlab/util/security/AuthPermissionEvaluator.java

 package cn.ibizlab.util.security;
 
-import com.alibaba.fastjson.JSONArray;
-import com.alibaba.fastjson.JSONObject;
-import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
-import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
-import com.mongodb.QueryBuilder;
 import cn.ibizlab.util.annotation.DEField;
-import cn.ibizlab.util.domain.DTOBase;
 import cn.ibizlab.util.domain.EntityBase;
-import cn.ibizlab.util.domain.MappingBase;
 import cn.ibizlab.util.enums.DEPredefinedFieldType;
 import cn.ibizlab.util.helper.DEFieldCacheMap;
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.context.annotation.Lazy;
-import org.springframework.data.mongodb.core.MongoTemplate;
-import org.springframework.data.mongodb.core.query.BasicQuery;
-import org.springframework.data.mongodb.core.query.Query;
 import org.springframework.security.access.PermissionEvaluator;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.stereotype.Component;
 import org.springframework.util.ObjectUtils;
-import org.springframework.util.StringUtils;
-import javax.annotation.Resource;
 import java.io.Serializable;
-import java.lang.reflect.Field;
 import java.util.*;
 
 /**
@@ -36,331 +23,91 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
     @Value("${ibiz.enablePermissionValid:false}")
     boolean enablePermissionValid;  //是否开启权限校验
     /**
-     * 实体行为操作标识
-     */
-    private String DEActionType="DEACTION";
-    /**
-     *实体主键标识
-     */
-    private String keyFieldTag="keyfield";
-
-    @Resource
-    @Lazy
-    private MongoTemplate mongoTemplate;
-
-    /**
-     * 批处理权限检查[createBatch:updateBatch:removeBatch]
+     * 实体行为鉴权
      * @param authentication
-     * @param DEAction
-     * @param params
+     * @param entity
+     * @param action
      * @return
      */
     @Override
-    public boolean hasPermission(Authentication authentication, Object DEAction, Object params) {
+    public boolean hasPermission(Authentication authentication, Object entity, Object action) {
 
         //未开启权限校验、超级管理员则不进行权限检查
         if(AuthenticationUser.getAuthenticationUser().getSuperuser()==1  || !enablePermissionValid)
             return true;
-        List paramList = (ArrayList) params;
-        String deStorageMode= (String) paramList.get(0);
-        String action=String.valueOf(DEAction);
-        List<String> ids=null;
-        EntityBase entity;
-        List<EntityBase> entityList = null;
-        JSONObject userPermission= AuthenticationUser.getAuthenticationUser().getPermissionList();
-        if(userPermission==null)
-            return false;
-        MappingBase mappingBase= (MappingBase) paramList.get(1);
-        //参数准备
-        if(action.equalsIgnoreCase("remove")){
-            entity= (EntityBase) mappingBase.toDomain(paramList.get(2));
-            ids= (List<String>) paramList.get(3);
-        }
-        else{
-            List<DTOBase> dtoList = (List<DTOBase>) paramList.get(2);
-            if(dtoList.size()==0)
-                return false;
-            entityList =mappingBase.toDomain(dtoList);
-            entity = (EntityBase) mappingBase.toDomain(dtoList.get(0));
-        }
-        if (entity==null)
-            return false;
-
-        JSONObject permissionList=userPermission.getJSONObject("entities");
-        String entityName = entity.getClass().getSimpleName();
 
-        //拥有全部数据访问权限时，则跳过权限检查
-        if(isAllData(entityName,action,permissionList)){
-            return true;
-        }
-        //检查是否有操作权限[create.update.delete.read]
-        if(!validDEActionHasPermission(entityName,action,permissionList)){
-            return false;
-        }
-        JSONArray dataRangeList=getDataRange(entityName,action,permissionList);
-        if(dataRangeList.size()==0)
-            return false;
-
-        if(action.equalsIgnoreCase("create")){
-            return createBatchActionPermissionValid(entityList,dataRangeList);
-        }
-        else if(action.equalsIgnoreCase("save")){
-            return saveBatchActionPermissionValid(deStorageMode, entityList, dataRangeList);
-        }
-        else{
-            if(!action.equalsIgnoreCase("remove")){
-                ids=getIds(entity,entityList);
-            }
-            if(ids.size()==0)
+        String strAction=String.valueOf(action);
+        Set<String> userAuthorities = getAuthorities(authentication,strAction);
+        if(userAuthorities.size()==0)
             return false;
-            return otherBatchActionPermissionValidRouter(deStorageMode, entity ,ids, dataRangeList);
-        }
-    }
-
-    /**
-     * 实体行为权限检查 ：用于检查当前用户是否拥有实体的新建、编辑、删除权限
-     *
-     * @param authentication
-     * @param id         当前操作数据的主键
-     * @param action         当前操作行为：如：[READ、UPDATE、DELETE]
-     * @param params         相关参数
-     * @return true/false true则允许当前行为，false拒绝行为
-     */
-    @Override
-    public boolean hasPermission(Authentication authentication, Serializable id, String action, Object params) {
-
-        //未开启权限校验、超级管理员则不进行权限检查
-        if(AuthenticationUser.getAuthenticationUser().getSuperuser()==1  || !enablePermissionValid)
-            return true;
-
-        List paramList = (ArrayList) params;
-        String deStorageMode= (String) paramList.get(0);
-        MappingBase mappingBase= (MappingBase) paramList.get(1);
-        DTOBase dtoBase = (DTOBase) paramList.get(2);
-        EntityBase entity = (EntityBase) mappingBase.toDomain(dtoBase);
-
-        if (StringUtils.isEmpty(entity))
-            return false;
-
-        JSONObject userPermission= AuthenticationUser.getAuthenticationUser().getPermissionList();
-        if(userPermission==null)
-            return false;
-        JSONObject permissionList=userPermission.getJSONObject("entities");
-        String entityName = entity.getClass().getSimpleName();
 
         //拥有全部数据访问权限时，则跳过权限检查
-        if(isAllData(entityName,action,permissionList)){
+        if(isAllData(strAction,userAuthorities)){
             return true;
         }
-        //检查是否有操作权限[create.update.delete.read]
-        if(!validDEActionHasPermission(entityName,action,permissionList)){
+        if(entity instanceof  ArrayList){
+            List<EntityBase> entities= (List<EntityBase>) entity;
+            for(EntityBase entityBase: entities){
+                boolean result=actionValid(entityBase, strAction ,userAuthorities);
+                if(!result){
                     return false;
                 }
-        JSONArray dataRangeList=getDataRange(entityName,action,permissionList);
-        if(dataRangeList.size()==0)
-            return false;
-
-        if(action.equalsIgnoreCase("save")){
-            Map<String,String> permissionField=getPermissionField(entity);
-            String keyFieldName=permissionField.get(keyFieldTag);
-            Object srfKey=entity.get(keyFieldName);
-            if(ObjectUtils.isEmpty(srfKey))
-                action="create";
-            else
-                action="update";
             }
-        if(action.equalsIgnoreCase("create")){
-            return createActionPermissionValid(entity,dataRangeList);
         }
         else{
-            return otherActionPermissionValidRouter(deStorageMode, entity, id, dataRangeList);
-        }
-    }
-
-    /**
-     * 批save校验
-     * @param deStorageMode
-     * @param entityList
-     * @param dataRangeList
-     * @return
-     */
-    private boolean saveBatchActionPermissionValid(String deStorageMode, List<EntityBase> entityList, JSONArray dataRangeList) {
-
-        if(entityList==null || entityList.size()==0)
-            return false;
-        EntityBase tempEntity=entityList.get(0);
-        Map<String,String> permissionField=getPermissionField(tempEntity);
-        String keyFieldName=permissionField.get(keyFieldTag);
-        List createList=new ArrayList();
-        List<String> updateList =new ArrayList();
-
-        for(EntityBase entity : entityList){
-            Object id = entity.get(keyFieldName);
-            if(ObjectUtils.isEmpty(id))
-                createList.add(entity);
-            else
-                updateList.add(String.valueOf(id));
-        }
-        if(updateList.size()>0){
-            boolean isUpdate = otherBatchActionPermissionValidRouter(deStorageMode, tempEntity ,updateList, dataRangeList);
-            if(!isUpdate)
-                return false;
-        }
-        if(createList.size()>0){
-            boolean isCreate=createBatchActionPermissionValid(entityList,dataRangeList);
-            if(!isCreate)
-                return false;
-        }
-        return true;
-    }
-
-    /**
-     * 批处理新建权限校验
-     * @param entityList
-     * @param dataRangeList
-     * @return
-     */
-    private boolean createBatchActionPermissionValid(List<EntityBase> entityList,JSONArray dataRangeList){
-        for(EntityBase entity : entityList){
-            boolean isCreate = createActionPermissionValid(entity ,dataRangeList);
-            if(!isCreate){
-                return false;
-            }
+            EntityBase entityBase= (EntityBase) entity;
+            return actionValid(entityBase , strAction ,userAuthorities);
         }
         return true;
     }
 
-    /**
-     * 批处理行为权限校验[get:update:delete]
-     * @param deStorageMode
-     * @param entity
-     * @param ids
-     * @param dataRangeList
-     * @return
-     */
-    private boolean otherBatchActionPermissionValidRouter(String deStorageMode , EntityBase entity , List<String> ids , JSONArray dataRangeList){
 
-        if(deStorageMode.equalsIgnoreCase("sql")){
-            return sqlBatchPermissionValid(entity ,ids, dataRangeList);
-        }
-        else if(deStorageMode.equalsIgnoreCase("nosql")){
-            return noSqlBatchPermissionValid(entity, ids , dataRangeList);
-        }
-        else if(deStorageMode.equalsIgnoreCase("serviceapi")){
-            return true;
-        }
-        else {
-            throw new RuntimeException(String.format("未能识别实体对应存储模式[%s]",deStorageMode));
-        }
-    }
-
-    /**
-     * SQL批处理权限校验
-     * @param entity
-     * @param ids
-     * @param dataRangeList
-     * @return
-     */
-    private boolean sqlBatchPermissionValid(EntityBase entity , List<String> ids,  JSONArray dataRangeList){
-
-        Map<String,String> permissionField=getPermissionField(entity);//获取组织、部门预置属性
-        String keyFieldName=permissionField.get(keyFieldTag);
-        ServiceImpl service= SpringContextHolder.getBean(String.format("%s%s",entity.getClass().getSimpleName(),"ServiceImpl"));//获取实体service对象
-        //通过权限表达式来获取sql
-        String permissionSQL= String.format(" (%s) AND ( %s in (%s) ) ",getPermissionSQL(entity,dataRangeList),keyFieldName,getEntityKeyCond(ids)); //拼接权限条件-编辑
-        //执行sql进行权限检查
-        QueryWrapper permissionWrapper=getPermissionWrapper(permissionSQL);//构造权限条件
-        List list=service.list(permissionWrapper);
-        if(list.size() == ids.size()){
+    @Override
+    public boolean hasPermission(Authentication authentication, Serializable id, String action, Object params) {
         return true;
-        }else{
-            return false;
-        }
     }
 
     /**
-     * NoSQL批处理权限校验
-     * @param entity
-     * @param ids
-     * @param dataRange
+     * 获取用户权限资源
+     * @param authentication
+     * @param action
      * @return
      */
-    private boolean noSqlBatchPermissionValid(EntityBase entity, List<String> ids,  JSONArray dataRange) {
-
-        Map<String,String> permissionField=getPermissionField(entity);//获取组织、部门预置属性
-        String keyFieldName=permissionField.get(keyFieldTag);
-        //根据权限表达式填充权限条件
-        QueryBuilder permissionCond=getNoSqlPermissionCond(entity,dataRange);
-        //权限条件拼接主键
-        permissionCond.and(keyFieldName).in(ids);
-        //执行权限检查
-        Query query = new BasicQuery(permissionCond.get().toString());
-        List list=mongoTemplate.find(query,entity.getClass());
-        if(list.size()==ids.size()){
-            return true;
-        }
-        else{
-            return false;
+    private Set<String> getAuthorities(Authentication authentication , String action){
+        Collection authorities=authentication.getAuthorities();
+        Set<String> userAuthorities = new HashSet();
+        Iterator it = authorities.iterator();
+        while(it.hasNext()) {
+            GrantedAuthority authority = (GrantedAuthority)it.next();
+            if(authority.getAuthority().contains(action))
+                userAuthorities.add(authority.getAuthority());
         }
+        return userAuthorities;
     }
 
     /**
      * 是否为全部数据
-     * @param permissionList
-     * @param entityName
      * @param action
+     * @param entityDataRange
      * @return
      */
-    private boolean isAllData( String entityName, String action ,JSONObject permissionList) {
-
-        if(permissionList==null)
-            return false;
-        if(!permissionList.containsKey(entityName))
-            return false;
-        JSONObject entity=permissionList.getJSONObject(entityName);
-        if(!entity.containsKey(DEActionType))
-            return false;
-        JSONObject dataRange=entity.getJSONObject(DEActionType);//获取实体行为对应的数据范围
-        if(dataRange.containsKey(action) && dataRange.getJSONArray(action).contains("all"))
+    private boolean isAllData(String action , Set<String> entityDataRange) {
+        for(String dataRange : entityDataRange ){
+            if(dataRange.endsWith(String.format("%s-all",action))){
                 return true;
-
-        return false;
             }
-
-    /**
-     * 实体行为权限校验
-     * @param userPermission
-     * @param entityName
-     * @param action
-     * userPermission:{"ENTITY":{"DEACTION":{"READ":["CURORG"]},"DATASET":{"Default":["CURORG"]}}}
-     * @return
-     */
-    private boolean validDEActionHasPermission(String entityName , String action ,JSONObject userPermission){
-
-        boolean hasPermission=false;
-        if(userPermission==null)
-            return false;
-        if(!userPermission.containsKey(entityName))
-            return false;
-        JSONObject entity=userPermission.getJSONObject(entityName);//获取实体
-        if(!entity.containsKey(DEActionType))
-            return false;
-        JSONObject dataRange=entity.getJSONObject(DEActionType);//获取实体行为对应的数据范围
-        if(dataRange.containsKey(action)){
-            hasPermission=true;
         }
-        return hasPermission;
+        return false;
     }
 
     /**
-     * 新建行为校验
+     * 实体行为权限校验
      * @param entity
-     * @param dataRangeList
+     * @param userAuthorities
      * @return
      */
-    private boolean createActionPermissionValid(EntityBase entity, JSONArray dataRangeList){
+    private boolean actionValid(EntityBase entity, String action , Set<String> userAuthorities){
 
-        boolean isCreate=true;
         Map<String,String> permissionField=getPermissionField(entity);//获取组织、部门预置属性
         String orgField=permissionField.get("orgfield");
         String orgDeptField=permissionField.get("orgsecfield");
@@ -379,237 +126,47 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
         Set<String> userOrg = new HashSet<>();
         Set<String> userOrgDept = new HashSet<>();
 
-        for(int a=0;a<dataRangeList.size();a++){
-            String permissionCond=dataRangeList.getString(a);//权限配置条件
-            if(permissionCond.equals("curorg")){   //本单位
+        for(String authority:userAuthorities){
+            if(authority.endsWith("curorg")){   //本单位
                 userOrg.add(authenticationUser.getOrgid());
             }
-            else if(permissionCond.equals("porg")){//上级单位
+            else if(authority.endsWith("porg")){//上级单位
                 userOrg.addAll(orgParent);
             }
-            else if(permissionCond.equals("sorg")){//下级单位
+            else if(authority.endsWith("sorg")){//下级单位
                 userOrg.addAll(orgChild);
             }
-            else if(permissionCond.equals("curorgdept")){//本部门
+            else if(authority.endsWith("curorgdept")){//本部门
                 userOrgDept.add(authenticationUser.getMdeptid());
             }
-            else if(permissionCond.equals("porgdept")){//上级部门
+            else if(authority.endsWith("porgdept")){//上级部门
                 userOrgDept.addAll(orgDeptParent);
             }
-            else if(permissionCond.equals("sorgdept")){//下级部门
+            else if(authority.endsWith("sorgdept")){//下级部门
                 userOrgDept.addAll(orgDeptChild);
             }
         }
 
-        if(!ObjectUtils.isEmpty(orgFieldValue) && !userOrg.contains(orgFieldValue)){
+        if(action.endsWith("Create") || action.endsWith("Save")){
+            if(!ObjectUtils.isEmpty(orgFieldValue) && !userOrg.contains(orgFieldValue))
                 return false;
-        }
-        if(!ObjectUtils.isEmpty(orgDeptFieldValue) && !userOrgDept.contains(orgDeptFieldValue)){
+            if(!ObjectUtils.isEmpty(orgDeptFieldValue) && !userOrgDept.contains(orgDeptFieldValue))
                 return false;
-        }
-        if(!ObjectUtils.isEmpty(crateManFieldValue) && !crateManFieldValue.equals(authenticationUser.getUserid())){
+            if(!ObjectUtils.isEmpty(crateManFieldValue) && !authenticationUser.getUserid().equals(crateManFieldValue))
                 return false;
-        }
-
-        return isCreate;
-    }
-
-    /**
-     * 根据实体存储模式，进行鉴权
-     * @param deStorageMode
-     * @param entity
-     * @param id
-     * @param dataRangeList
-     * @return
-     */
-    private boolean otherActionPermissionValidRouter(String deStorageMode, EntityBase entity , Object id , JSONArray dataRangeList){
 
-        if(deStorageMode.equalsIgnoreCase("sql")){
-            return sqlPermissionValid(entity , id, dataRangeList);
-        }
-        else if(deStorageMode.equalsIgnoreCase("nosql")){
-            return noSqlPermissionValid(entity , id, dataRangeList);
-        }
-        else if(deStorageMode.equalsIgnoreCase("serviceapi")){
             return true;
         }
-        else {
-            throw new RuntimeException(String.format("未能识别[%s]实体对应存储模式[%s]",entity.getClass().getSimpleName(),deStorageMode));
-        }
-    }
-
-    /**
-     * sql存储模式实体行为鉴权
-     * @param entity
-     * @param id
-     * @param dataRangeList
-     * @return
-     */
-    private boolean sqlPermissionValid(EntityBase entity , Object id, JSONArray dataRangeList){
-
-        ServiceImpl service= SpringContextHolder.getBean(String.format("%s%s",entity.getClass().getSimpleName(),"ServiceImpl"));//获取实体service对象
-        Map<String,String> permissionField=getPermissionField(entity);//获取组织、部门预置属性
-        //通过权限表达式来获取sql
-        String permissionSQL= String.format(" (%s) AND (%s='%s')",getPermissionSQL(entity,dataRangeList),permissionField.get(keyFieldTag),id); //拼接权限条件-编辑
-        //执行sql进行权限检查
-        QueryWrapper permissionWrapper=getPermissionWrapper(permissionSQL);//构造权限条件
-        List list=service.list(permissionWrapper);
-        if(list.size()>0){
+        else{
+            if(!ObjectUtils.isEmpty(orgFieldValue) && userOrg.contains(orgFieldValue))
                 return true;
-        }else{
-            return false;
-        }
-
-    }
-
-    /**
-     * NoSQL实体行为鉴权
-     * @param entity
-     * @param id
-     * @param dataRangeList
-     * @return
-     */
-    private boolean noSqlPermissionValid(EntityBase entity, Object id, JSONArray dataRangeList) {
-
-        Map<String,String> permissionField=getPermissionField(entity);//获取组织、部门预置属性
-        String keyField=permissionField.get(keyFieldTag);
-        //根据权限表达式填充权限条件
-        QueryBuilder permissionCond=getNoSqlPermissionCond(entity,dataRangeList);
-        //权限条件拼接主键
-        permissionCond.and(keyField).is(id);
-        //执行权限检查
-        Query query = new BasicQuery(permissionCond.get().toString());
-        List list=mongoTemplate.find(query,entity.getClass());
-        if(list.size()>0){
+            if(!ObjectUtils.isEmpty(orgDeptFieldValue) && userOrgDept.contains(orgDeptFieldValue))
+                return true;
+            if(!ObjectUtils.isEmpty(crateManFieldValue) && authenticationUser.getUserid().equals(crateManFieldValue))
                 return true;
-        }
-        else{
-            return false;
-        }
-    }
-
-
-    /**
-     * 为NoSQL存储模式的表格查询填充权限条件
-     * @param entity
-     * @param dataRangeList
-     * @return
-     */
-    private QueryBuilder getNoSqlPermissionCond( EntityBase entity ,JSONArray dataRangeList ){
-
-        QueryBuilder permissionSQL=new QueryBuilder();
-        Map<String,String> permissionField=getPermissionField(entity);//获取组织、部门预置属性
-        String orgField=permissionField.get("orgfield");
-        String orgDeptField=permissionField.get("orgsecfield");
-        String createManField=permissionField.get("createmanfield");
-        AuthenticationUser authenticationUser = AuthenticationUser.getAuthenticationUser();
-        Map<String, Set<String>> userInfo = authenticationUser.getOrgInfo();
-        Set<String> orgParent = userInfo.get("parentorg");
-        Set<String> orgChild = userInfo.get("suborg");
-        Set<String> orgDeptParent = userInfo.get("parentdept");
-        Set<String> orgDeptChild = userInfo.get("subdept");
-
-        for(int i=0;i<dataRangeList.size();i++){
-            String permissionCond=dataRangeList.getString(i);//权限配置条件
-            if(permissionCond.equals("curorg")){   //本单位
-                permissionSQL.or(new QueryBuilder().and(orgField).is(AuthenticationUser.getAuthenticationUser().getOrgid()).get());
-            }
-            else if(permissionCond.equals("porg")){//上级单位
-                permissionSQL.or(new QueryBuilder().and(orgField).in(formatStringArr(orgParent)).get());
-            }
-            else if(permissionCond.equals("sorg")){//下级单位
-                permissionSQL.or(new QueryBuilder().and(orgField).in(formatStringArr(orgChild)).get());
-            }
-            else if(permissionCond.equals("createman")){//建立人
-                permissionSQL.or(new QueryBuilder().and(createManField).is(AuthenticationUser.getAuthenticationUser().getUserid()).get());
-            }
-            else if(permissionCond.equals("curorgdept")){//本部门
-                permissionSQL.or(new QueryBuilder().and(orgDeptField).is(AuthenticationUser.getAuthenticationUser().getMdeptid()).get());
-            }
-            else if(permissionCond.equals("porgdept")){//上级部门
-                permissionSQL.or(new QueryBuilder().and(orgDeptField).in(formatStringArr(orgDeptParent)).get());
-            }
-            else if(permissionCond.equals("sorgdept")){//下级部门
-                permissionSQL.or(new QueryBuilder().and(orgDeptField).in(formatStringArr(orgDeptChild)).get());
-            }
-            else if(permissionCond.equals("all")){
-                permissionSQL.or(new QueryBuilder().get());
-            }
-        }
-
-        return permissionSQL;
-    }
-
-    /**
-     * SQL获取权限条件
-     * @param entity
-     * @param oppriList
-     * @return
-     */
-    private String  getPermissionSQL(EntityBase entity, JSONArray oppriList){
-
-        Map<String,String> permissionField=getPermissionField(entity);//获取组织、部门预置属性
-        String nPermissionSQL = "1<>1";
-        String orgField=permissionField.get("orgfield");
-        String orgDeptField=permissionField.get("orgsecfield");
-        String createManField=permissionField.get("createmanfield");
-        StringBuffer permissionSQL=new StringBuffer();
-        AuthenticationUser authenticationUser = AuthenticationUser.getAuthenticationUser();
-        Map<String, Set<String>> userInfo = authenticationUser.getOrgInfo();
-        Set<String> orgParent = userInfo.get("parentorg");
-        Set<String> orgChild = userInfo.get("suborg");
-        Set<String> orgDeptParent = userInfo.get("parentdept");
-        Set<String> orgDeptChild = userInfo.get("subdept");
-
-        for(int i=0;i<oppriList.size();i++){
-            permissionSQL.append("OR");
-            String permissionCond=oppriList.getString(i);//权限配置条件
-            if(permissionCond.equals("curorg")){   //本单位
-                permissionSQL.append(String.format("(%s='%s')",orgField,AuthenticationUser.getAuthenticationUser().getOrgid()));
-            }
-            else if(permissionCond.equals("porg")){//上级单位
-                permissionSQL.append(String.format(" %s in(%s) ", orgField, formatStringArr(orgParent)));
-            }
-            else if(permissionCond.equals("sorg")){//下级单位
-                permissionSQL.append(String.format(" %s in(%s) ", orgField, formatStringArr(orgChild)));
-            }
-            else if(permissionCond.equals("createman")){//建立人
-                permissionSQL.append(String.format("(%s='%s')",createManField,AuthenticationUser.getAuthenticationUser().getUserid()));
-            }
-            else if(permissionCond.equals("curorgdept")){//本部门
-                permissionSQL.append(String.format("(%s='%s')",orgDeptField,AuthenticationUser.getAuthenticationUser().getMdeptid()));
-            }
-            else if(permissionCond.equals("porgdept")){//上级部门
-                permissionSQL.append(String.format(" %s in (%s) ", orgDeptField, formatStringArr(orgDeptParent)));
-            }
-            else if(permissionCond.equals("sorgdept")){//下级部门
-                permissionSQL.append(String.format(" %s in (%s) ", orgDeptField, formatStringArr(orgDeptChild)));
-            }
-            else if(permissionCond.equals("all")){//全部数据
-                permissionSQL.append("(1=1)");
-            }
-            else{
-                permissionSQL.append(nPermissionSQL);
-            }
-        }
-        if(StringUtils.isEmpty(permissionSQL.toString()))
-            return "";
-        String resultCond=parseResult(permissionSQL, "OR");
-        return  resultCond;
-    }
-
-    /**
-     * 构造 wrapper
-     * @param whereCond
-     * @return
-     */
-    private QueryWrapper getPermissionWrapper(String whereCond){
 
-        QueryWrapper permissionWrapper=new QueryWrapper();
-        if(!StringUtils.isEmpty(whereCond)){
-            permissionWrapper.apply(whereCond);
+            return false;
         }
-        return permissionWrapper;
     }
 
     /**
@@ -623,120 +180,24 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
         String orgField="orgid";  //组织属性
         String orgDeptField="orgsecid"; //部门属性
         String createManField="createman"; //创建人属性
-        String keyField="";//主键属性
 
         DEFieldCacheMap.getFieldMap(entityBase.getClass().getName());
-        Map <Field, DEField> preFields= SearchDEField(entityBase.getClass().getName()); //从缓存中获取当前类预置属性
+        Map <String, DEField> preFields= DEFieldCacheMap.getDEFields(entityBase.getClass()); //从缓存中获取当前类预置属性
 
-        for (Map.Entry<Field,DEField> entry : preFields.entrySet()){
-            Field preField=entry.getKey();//获取注解字段
+        for (Map.Entry<String,DEField> entry : preFields.entrySet()){
+            String fieldName=entry.getKey();//获取注解字段
             DEField fieldAnnotation=entry.getValue();//获取注解值
             DEPredefinedFieldType prefieldType=fieldAnnotation.preType();
             if(prefieldType==prefieldType.ORGID)//用户配置系统预置属性-组织机构标识
-                orgField=preField.getName();
+                orgField=fieldName;
             if(prefieldType==prefieldType.ORGSECTORID)//用户配置系统预置属性-部门标识
-                orgDeptField=preField.getName();
-            if(fieldAnnotation.isKeyField())//用户配置系统预置属性-部门标识
-                keyField=preField.getName();
+                orgDeptField=fieldName;
+            if(prefieldType==prefieldType.CREATEMAN)//用户配置系统预置属性-部门标识
+                createManField=fieldName;
         }
         permissionFiled.put("orgfield",orgField);
         permissionFiled.put("orgsecfield",orgDeptField);
         permissionFiled.put("createmanfield",createManField);
-        permissionFiled.put("keyfield",keyField);
         return permissionFiled;
     }
-
-    /**
-     *获取含有@DEField注解的实体属性
-     * @param className do对象类名
-     * @return
-     */
-    private Map <Field, DEField> SearchDEField(String className){
-
-        List<Field> fields =  DEFieldCacheMap.getFields(className);
-        Map <Field, DEField> deFieldMap =new HashMap<>();
-        for(Field field:fields){
-            DEField deField=field.getAnnotation(DEField.class);
-            if(!ObjectUtils.isEmpty(deField)) {
-                deFieldMap.put(field,deField);
-            }
-        }
-        return deFieldMap;
-    }
-
-    /**
-     * 转换[a,b]格式字符串到 'a','b'格式
-     * @return
-     */
-    private String formatStringArr(Set<String> array) {
-
-        String[] arr = array.toArray(new String[array.size()]);
-        return "'" + String.join("','", arr) + "'";
-    }
-
-    /**
-     * 格式转换
-     * @param cond
-     * @param operator
-     * @return
-     */
-    private String parseResult(StringBuffer cond, String operator) {
-
-        String resultCond = cond.toString();
-        if (resultCond.startsWith(operator))
-            resultCond = resultCond.replaceFirst(operator, "");
-        if (resultCond.endsWith(operator))
-            resultCond = resultCond.substring(0, resultCond.lastIndexOf(operator));
-        return resultCond;
-    }
-
-
-    /**
-     * 转换[a,b]格式字符串到 'a','b'格式
-     *
-     * @return
-     */
-    private String getEntityKeyCond(List<String> array) {
-        String[] arr = array.toArray(new String[array.size()]);
-        return "'" + String.join("','", arr) + "'";
-    }
-
-    /**
-     * 获取数据范围
-     * @param entityName
-     * @param action
-     * @param permissionList
-     * @return
-     */
-    private JSONArray getDataRange(String entityName, String action , JSONObject permissionList){
-        //获取权限表达式[全部数据、本单位、本部门等]
-        JSONObject entityObj=permissionList.getJSONObject(entityName);//获取实体
-        JSONObject permissionType= entityObj.getJSONObject(DEActionType);
-        JSONArray  dataRangeList=permissionType.getJSONArray(action);//行为：read；insert...
-        return dataRangeList;
-    }
-
-    /**
-     * 获取实体主键集合
-     * @param entityBase
-     * @param entityList
-     * @return
-     */
-    private List<String> getIds(EntityBase entityBase ,List<EntityBase> entityList) {
-
-        List<String> entityKeyList=new ArrayList<>();
-        Map<String,String> permissionField=getPermissionField(entityBase);//获取组织、部门预置属性
-        String keyFieldName=permissionField.get(keyFieldTag);
-        if(StringUtils.isEmpty(keyFieldName))
-            return entityKeyList;
-
-        for(EntityBase entity: entityList){
-            Object objEntityKey = entity.get(keyFieldName);
-            if(!ObjectUtils.isEmpty(objEntityKey)){
-                entityKeyList.add(String.valueOf(objEntityKey));
-            }
-        }
-        return entityKeyList;
-    }
-
 }
\ No newline at end of file

ibzwf-util/src/main/java/cn/ibizlab/util/service/IBZUSERServiceImpl.java

@@ -14,6 +14,7 @@ import cn.ibizlab.util.domain.IBZUSER;
 import org.springframework.util.DigestUtils;
 import org.springframework.util.StringUtils;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
+import org.springframework.security.core.authority.AuthorityUtils;
 
 /**
  * 实体[IBZUSER] 服务对象接口实现
@@ -72,6 +73,9 @@ public class IBZUSERServiceImpl extends ServiceImpl<IBZUSERMapper, IBZUSER> impl
 	public  AuthenticationUser createUserDetails(IBZUSER user) {
 		AuthenticationUser userdatail = new AuthenticationUser();
 		CachedBeanCopier.copy(user,userdatail);
+    	if(userdatail.getSuperuser()==1){
+    		userdatail.setAuthorities(AuthorityUtils.createAuthorityList("ROLE_SUPERADMIN"));
+    	}
 		return userdatail;
 	}
 }
\ No newline at end of file