Merge remote-tracking branch 'origin/dev_govgrid' into dev_govgrid

epmet-admin/epmet-admin-server/docker-compose.yml

@@ -2,7 +2,7 @@ version: "3.7"
 services:
   epmet-admin-server:
     container_name: epmet-admin-server-dev
-    image: registry-vpc.cn-qingdao.aliyuncs.com/epmet-cloud-dev/epmet-admin-server:0.3.0
+    image: registry-vpc.cn-qingdao.aliyuncs.com/epmet-cloud-dev/epmet-admin-server:0.3.2
     ports:
       - "8082:8082"
     network_mode: host # 使用现有网络

epmet-admin/epmet-admin-server/pom.xml

@@ -2,7 +2,7 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
-    <version>0.3.0</version>
+    <version>0.3.2</version>
     <parent>
         <groupId>com.epmet</groupId>
         <artifactId>epmet-admin</artifactId>

epmet-admin/epmet-admin-server/src/main/java/com/epmet/service/impl/NewsServiceImpl.java

@@ -31,7 +31,7 @@ public class NewsServiceImpl extends BaseServiceImpl<NewsDao, NewsEntity> implem
      * mybatis数据权限演示
      */
     @Override
-    @DataFilter(prefix = "AND", isPendingCreator = false)
+    //@DataFilter(prefix = "AND", isPendingCreator = false)
     public PageData<NewsDTO> page(Map<String, Object> params) {
         paramsToLike(params, "title");
 

epmet-admin/epmet-admin-server/src/test/java/io/renren/service/DynamicDataSourceTest.java

@@ -1,48 +1,48 @@
-/**
- * Copyright 2018 人人开源 https://www.renren.io
- * <p>
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- * <p>
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- * <p>
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-
-package com.epmet.service;
-
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.test.context.junit4.SpringRunner;
-
-/**
- * 多数据源测试
- *
- * @author Mark sunlightcs@gmail.com
- * @since 1.0.0
- */
-@RunWith(SpringRunner.class)
-@SpringBootTest
-public class DynamicDataSourceTest {
-    @Autowired
-    private DynamicDataSourceTestService dynamicDataSourceTestService;
-
-    @Test
-    public void test(){
-        Long id = 1067246875800000001L;
-        dynamicDataSourceTestService.selectById(id);
-        dynamicDataSourceTestService.updateUser(id);
-        dynamicDataSourceTestService.updateUserBySlave1(id);
-        dynamicDataSourceTestService.updateUserBySlave2(id);
-    }
-
-
-}
+///**
+// * Copyright 2018 人人开源 https://www.renren.io
+// * <p>
+// * This program is free software: you can redistribute it and/or modify
+// * it under the terms of the GNU General Public License as published by
+// * the Free Software Foundation, either version 3 of the License, or
+// * (at your option) any later version.
+// * <p>
+// * This program is distributed in the hope that it will be useful,
+// * but WITHOUT ANY WARRANTY; without even the implied warranty of
+// * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// * GNU General Public License for more details.
+// * <p>
+// * You should have received a copy of the GNU General Public License
+// * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+// */
+//
+//package com.epmet.service;
+//
+//import org.junit.Test;
+//import org.junit.runner.RunWith;
+//import org.springframework.beans.factory.annotation.Autowired;
+//import org.springframework.boot.test.context.SpringBootTest;
+//import org.springframework.test.context.junit4.SpringRunner;
+//
+///**
+// * 多数据源测试
+// *
+// * @author Mark sunlightcs@gmail.com
+// * @since 1.0.0
+// */
+//@RunWith(SpringRunner.class)
+//@SpringBootTest
+//public class DynamicDataSourceTest {
+//    @Autowired
+//    private com.epmet.service.DynamicDataSourceTestService dynamicDataSourceTestService;
+//
+//    @Test
+//    public void test(){
+//        Long id = 1067246875800000001L;
+//        dynamicDataSourceTestService.selectById(id);
+//        dynamicDataSourceTestService.updateUser(id);
+//        dynamicDataSourceTestService.updateUserBySlave1(id);
+//        dynamicDataSourceTestService.updateUserBySlave2(id);
+//    }
+//
+//
+//}

epmet-auth/docker-compose.yml

@@ -2,7 +2,7 @@ version: "3.7"
 services:
   epmet-auth-server:
     container_name: epmet-auth-server-dev
-    image: registry-vpc.cn-qingdao.aliyuncs.com/epmet-cloud-dev/epmet-auth:0.3.0
+    image: registry-vpc.cn-qingdao.aliyuncs.com/epmet-cloud-dev/epmet-auth:0.3.2
     ports:
       - "8081:8081"
     network_mode: host # 使用现有网络

epmet-auth/pom.xml

@@ -2,7 +2,7 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
-    <version>0.3.0</version>
+    <version>0.3.2</version>
     <parent>
         <groupId>com.epmet</groupId>
         <artifactId>epmet-cloud</artifactId>
@@ -92,6 +92,12 @@
             <version>2.0.0</version>
             <scope>compile</scope>
         </dependency>
+        <dependency>
+            <groupId>com.epmet</groupId>
+            <artifactId>gov-org-client</artifactId>
+            <version>2.0.0</version>
+            <scope>compile</scope>
+        </dependency>
     </dependencies>
 
     <build>
@@ -129,7 +135,7 @@
 
                 <!-- redis配置 -->
                 <spring.redis.index>0</spring.redis.index>
-                <spring.redis.host>127.0.0.1</spring.redis.host>
+                <spring.redis.host>192.168.1.130</spring.redis.host>
                 <spring.redis.port>6379</spring.redis.port>
                 <spring.redis.password>123456</spring.redis.password>
                 <!-- nacos -->
@@ -150,8 +156,8 @@
                 <resi.wx.ma.appId>wx9b6102a8ee5add65</resi.wx.ma.appId>
                 <resi.wx.ma.secret>16fdb68bc2b3e732324ba5d8b8a9b5e2</resi.wx.ma.secret>
                 <!--政府端小程序配置-->
-                <resi.wx.ma.appId>wx3d1372029eb816a3</resi.wx.ma.appId>
-                <resi.wx.ma.secret>651f02d71ed3f123dfb584b8bf0f4d8b</resi.wx.ma.secret>
+                <gov.wx.ma.appId>wx3d1372029eb816a3</gov.wx.ma.appId>
+                <gov.wx.ma.secret>651f02d71ed3f123dfb584b8bf0f4d8b</gov.wx.ma.secret>
             </properties>
         </profile>
 
@@ -187,8 +193,8 @@
                 <resi.wx.ma.appId>wx9b6102a8ee5add65</resi.wx.ma.appId>
                 <resi.wx.ma.secret>16fdb68bc2b3e732324ba5d8b8a9b5e2</resi.wx.ma.secret>
                 <!--政府端小程序配置-->
-                <resi.wx.ma.appId>wx3d1372029eb816a3</resi.wx.ma.appId>
-                <resi.wx.ma.secret>651f02d71ed3f123dfb584b8bf0f4d8b</resi.wx.ma.secret>
+                <gov.wx.ma.appId>wx3d1372029eb816a3</gov.wx.ma.appId>
+                <gov.wx.ma.secret>651f02d71ed3f123dfb584b8bf0f4d8b</gov.wx.ma.secret>
             </properties>
         </profile>
 
@@ -224,8 +230,8 @@
                 <resi.wx.ma.appId>wx9b6102a8ee5add65</resi.wx.ma.appId>
                 <resi.wx.ma.secret>16fdb68bc2b3e732324ba5d8b8a9b5e2</resi.wx.ma.secret>
                 <!--政府端小程序配置-->
-                <resi.wx.ma.appId>wx3d1372029eb816a3</resi.wx.ma.appId>
-                <resi.wx.ma.secret>651f02d71ed3f123dfb584b8bf0f4d8b</resi.wx.ma.secret>
+                <gov.wx.ma.appId>wx3d1372029eb816a3</gov.wx.ma.appId>
+                <gov.wx.ma.secret>651f02d71ed3f123dfb584b8bf0f4d8b</gov.wx.ma.secret>
             </properties>
         </profile>
     </profiles>

epmet-auth/src/main/java/com/epmet/controller/GovLoginController.java

@@ -0,0 +1,97 @@
+package com.epmet.controller;
+
+import com.epmet.commons.tools.annotation.LoginUser;
+import com.epmet.commons.tools.security.dto.TokenDto;
+import com.epmet.commons.tools.utils.Result;
+import com.epmet.commons.tools.validator.ValidatorUtils;
+import com.epmet.dto.form.GovWxmpEnteOrgFormDTO;
+import com.epmet.dto.form.GovWxmpFormDTO;
+import com.epmet.dto.form.SendSmsCodeFormDTO;
+import com.epmet.dto.form.StaffOrgsFormDTO;
+import com.epmet.dto.result.StaffOrgsResultDTO;
+import com.epmet.dto.result.UserTokenResultDTO;
+import com.epmet.service.GovLoginService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.List;
+
+/**
+ * @Description 政府端登录
+ * @Author yinzuomei
+ * @Date 2020/4/20 10:54
+ */
+@RestController
+@RequestMapping("gov")
+public class GovLoginController {
+    @Autowired
+    private GovLoginService govLoginService;
+
+    /**
+     * @param formDTO
+     * @return com.epmet.commons.tools.utils.Result<com.epmet.dto.result.UserTokenResultDTO>
+     * @Author yinzuomei
+     * @Description 1、政府端小程序根据wxCode获取上一次登录信息，返回token
+     * @Date 2020/4/20 11:22
+     **/
+    @PostMapping(value = "/loginwxmp/loginbywxcode")
+    public Result<UserTokenResultDTO> loginByWxCode(@RequestBody GovWxmpFormDTO formDTO) {
+        ValidatorUtils.validateEntity(formDTO);
+        return govLoginService.loginByWxCode(formDTO);
+    }
+
+    /**
+     * @param formDTO 手机号
+     * @return com.epmet.commons.tools.utils.Result
+     * @Author yinzuomei
+     * @Description 2、政府端微信小程序登录-发送验证码
+     * @Date 2020/4/18 10:58
+     **/
+    @PostMapping(value = "/loginwxmp/sendsmscode")
+    public Result sendSmsCode(@RequestBody SendSmsCodeFormDTO formDTO) {
+        ValidatorUtils.validateEntity(formDTO);
+        return govLoginService.sendSmsCode(formDTO);
+    }
+
+    /**
+     * @param formDTO
+     * @return com.epmet.commons.tools.utils.Result<com.epmet.common.token.dto.result.UserTokenResultDTO>
+     * @Author yinzuomei
+     * @Description 3、手机验证码获取组织
+     * @Date 2020/4/18 21:14
+     **/
+    @PostMapping(value = "/loginwxmp/getmyorg")
+    public Result<List<StaffOrgsResultDTO>> getmyorg(@RequestBody StaffOrgsFormDTO formDTO) {
+        ValidatorUtils.validateEntity(formDTO);
+        return govLoginService.getMyOrg(formDTO);
+    }
+
+    /**
+     * @param formDTO
+     * @return com.epmet.commons.tools.utils.Result<com.epmet.dto.result.UserTokenResultDTO>
+     * @Author yinzuomei
+     * @Description 4、选择组织，进入首页
+     * @Date 2020/4/20 13:07
+     **/
+    @PostMapping(value = "/loginwxmp/enterorg")
+    public Result<UserTokenResultDTO> enterOrg(@RequestBody GovWxmpEnteOrgFormDTO formDTO) {
+        ValidatorUtils.validateEntity(formDTO);
+        return govLoginService.enterOrg(formDTO);
+    }
+
+    /**
+     * @param tokenDto
+     * @return com.epmet.commons.tools.utils.Result
+     * @Author yinzuomei
+     * @Description 政府端小程序退出
+     * @Date 2020/4/21 22:22
+     **/
+    @PostMapping("/loginwxmp/loginout")
+    public Result loginOut(@LoginUser TokenDto tokenDto) {
+        return govLoginService.loginOut(tokenDto);
+    }
+}
+

epmet-auth/src/main/java/com/epmet/controller/LoginController.java

@@ -7,9 +7,7 @@ import com.epmet.commons.tools.utils.Result;
 import com.epmet.commons.tools.validator.AssertUtils;
 import com.epmet.commons.tools.validator.ValidatorUtils;
 import com.epmet.dto.form.LoginByPassWordFormDTO;
-import com.epmet.dto.form.LoginByPhoneFormDTO;
 import com.epmet.dto.form.LoginByWxCodeFormDTO;
-import com.epmet.dto.form.SendSmsCodeFormDTO;
 import com.epmet.dto.result.UserTokenResultDTO;
 import com.epmet.service.CaptchaService;
 import com.epmet.service.LoginService;
@@ -99,30 +97,4 @@ public class LoginController {
 		//String token = request.getParameter(Constant.TOKEN_HEADER);
 		return loginService.logoutByToken(tokenDto);
 	}
-
-	/**
-	 * @param formDTO 手机号
-	 * @return com.epmet.commons.tools.utils.Result
-	 * @Author yinzuomei
-	 * @Description 政府端微信小程序登录-发送验证码
-	 * @Date 2020/4/18 10:58
-	 **/
-	@PostMapping(value = "/govwxmp/sendsmscode")
-	public Result sendSmsCode(@RequestBody SendSmsCodeFormDTO formDTO) {
-		ValidatorUtils.validateEntity(formDTO);
-		return loginService.sendSmsCode(formDTO);
-	}
-
-	/**
-	 * @param formDTO
-	 * @return com.epmet.commons.tools.utils.Result<com.epmet.common.token.dto.result.UserTokenResultDTO>
-	 * @Author yinzuomei
-	 * @Description 政府端微信小程序登录-手机验证码登录
-	 * @Date 2020/4/18 21:14
-	 **/
-	@PostMapping(value = "/govwxmp/loginbyphone")
-	public Result<UserTokenResultDTO> loginByPhone(LoginByPhoneFormDTO formDTO) {
-		ValidatorUtils.validateEntity(formDTO);
-		return loginService.loginByPhone(formDTO);
-	}
 }

epmet-auth/src/main/java/com/epmet/dto/form/GovWxmpEnteOrgFormDTO.java

@@ -0,0 +1,39 @@
+package com.epmet.dto.form;
+
+import lombok.Data;
+
+import javax.validation.constraints.NotBlank;
+import java.io.Serializable;
+
+/**
+ * @Description 选择组织，进入首页入参Dto
+ * @Author yinzuomei
+ * @Date 2020/4/20 13:03
+ */
+@Data
+public class GovWxmpEnteOrgFormDTO implements Serializable {
+    /**
+     * wxCode
+     */
+    @NotBlank(message = "wxCode不能为空")
+    private String wxCode;
+
+    /**
+     * 手机号
+     */
+    @NotBlank(message = "手机号不能为空")
+    private String mobile;
+
+    /**
+     * 选择的组织所属的id
+     */
+    @NotBlank(message = "客户id不能为空")
+    private String customerId;
+
+    /**
+     * 选择的要进入的组织(根组织id)
+     */
+    @NotBlank(message = "组织id不能为空")
+    private String rootAgencyId;
+}
+

epmet-auth/src/main/java/com/epmet/dto/form/GovWxmpFormDTO.java

@@ -0,0 +1,22 @@
+package com.epmet.dto.form;
+
+import lombok.Data;
+
+import javax.validation.constraints.NotBlank;
+import java.io.Serializable;
+
+/**
+ * @Description 政府端小程序根据wxCode获取上一次登录信息，返回token
+ * @Author yinzuomei
+ * @Date 2020/4/20 11:20
+ */
+@Data
+public class GovWxmpFormDTO extends LoginCommonFormDTO implements Serializable {
+    private static final long serialVersionUID = -207861963128774742L;
+    /**
+     * wxCode
+     */
+    @NotBlank(message = "wxCode不能为空")
+    private String wxCode;
+}
+

epmet-auth/src/main/java/com/epmet/dto/form/SendSmsCodeFormDTO.java

@@ -11,9 +11,9 @@ import java.io.Serializable;
  * @Date 2020/04/18 10:26
  */
 @Data
-public class SendSmsCodeFormDTO extends LoginCommonFormDTO implements Serializable {
+public class SendSmsCodeFormDTO implements Serializable {
     private static final long serialVersionUID = -1852541457359282018L;
 
     @NotBlank(message = "手机号不能为空")
-    private String phone;
+    private String mobile;
 }

epmet-auth/src/main/java/com/epmet/dto/form/LoginByPhoneFormDTO.java → epmet-auth/src/main/java/com/epmet/dto/form/StaffOrgsFormDTO.java

@@ -6,22 +6,24 @@ import javax.validation.constraints.NotBlank;
 import java.io.Serializable;
 
 /**
- * @Description 政府端手机号+验证码登录接口入参
+ * @Description 手机验证码获取组织接口入参
  * @Author yinzuomei
  * @Date 2020/4/18 10:38
  */
 @Data
-public class LoginByPhoneFormDTO extends LoginCommonFormDTO implements Serializable {
+public class StaffOrgsFormDTO implements Serializable {
     private static final long serialVersionUID = 4193133227120225342L;
 
-    @NotBlank(message = "wxCode不能为空")
-    private String wxCode;
-
+    /**
+     * 手机号
+     */
     @NotBlank(message = "手机号不能为空")
-    private String phone;
+    private String mobile;
 
+    /**
+     * 验证码
+     */
     @NotBlank(message="验证码不能为空")
     private String smsCode;
-
 }
 

epmet-auth/src/main/java/com/epmet/feign/EpmetUserFeignClient.java

@@ -5,10 +5,9 @@ import com.epmet.commons.tools.utils.Result;
 import com.epmet.dto.CustomerStaffDTO;
 import com.epmet.dto.UserDTO;
 import com.epmet.dto.UserWechatDTO;
-import com.epmet.dto.form.PasswordLoginUserInfoFormDTO;
-import com.epmet.dto.form.StaffWechatFormDTO;
-import com.epmet.dto.form.WxLoginUserInfoFormDTO;
+import com.epmet.dto.form.*;
 import com.epmet.dto.result.PasswordLoginUserInfoResultDTO;
+import com.epmet.dto.result.StaffLatestAgencyResultDTO;
 import com.epmet.feign.fallback.EpmetUserFeignClientFallback;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.http.MediaType;
@@ -17,6 +16,8 @@ import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 
+import java.util.List;
+
 /**
  * @Description
  * @Author yinzuomei
@@ -58,14 +59,14 @@ public interface EpmetUserFeignClient {
 	Result<PasswordLoginUserInfoResultDTO> selectLoginUserInfoByPassword(@RequestBody PasswordLoginUserInfoFormDTO passwordLoginUserInfoFormDTO);
 
 	/**
-	 * @param phone
+	 * @param mobile
 	 * @return com.epmet.commons.tools.utils.Result
 	 * @Author yinzuomei
 	 * @Description 根据手机号查询政府端工作人员基本信息，校验用户是否存在
 	 * @Date 2020/4/18 14:03
 	 **/
-	@GetMapping(value = "epmetuser/customerstaff/getcustsomerstaffbyphone/{phone}")
-	Result<CustomerStaffDTO> checkCustomerStaff(@PathVariable("phone") String phone);
+	@GetMapping(value = "epmetuser/customerstaff/getcustsomerstaffbyphone/{mobile}")
+	Result<List<CustomerStaffDTO>> checkCustomerStaff(@PathVariable("mobile") String mobile);
 
 	/**
 	 * @param staffWechatFormDTO
@@ -75,5 +76,35 @@ public interface EpmetUserFeignClient {
 	 * @Date 2020/4/18 22:44
 	 **/
 	@PostMapping(value = "epmetuser/staffwechat/savestaffwechat", consumes = MediaType.APPLICATION_JSON_VALUE)
-	Result savestaffwechat(@RequestBody StaffWechatFormDTO staffWechatFormDTO);
+	Result saveStaffWechat(@RequestBody StaffWechatFormDTO staffWechatFormDTO);
+
+	/**
+	 * @param openId
+	 * @return com.epmet.commons.tools.utils.Result<com.epmet.dto.result.LatestStaffWechatLoginDTO>
+	 * @Author yinzuomei
+	 * @Description 获取当前微信上次登录的账号信息
+	 * @Date 2020/4/20 12:53
+	 **/
+	@GetMapping(value = "epmetuser/staffagencyvisited/getlatest/{openId}")
+	Result<StaffLatestAgencyResultDTO> getLatestStaffWechatLoginRecord(@PathVariable("openId") String openId);
+
+	/**
+	 * @param customerStaffFormDTO
+	 * @return com.epmet.commons.tools.utils.Result<com.epmet.dto.CustomerStaffDTO>
+	 * @Author yinzuomei
+	 * @Description 根据手机号+客户id获取工作人员基本信息
+	 * @Date 2020/4/20 14:16
+	 **/
+	@PostMapping(value = "epmetuser/customerstaff/getcustomerstaffinfo", consumes = MediaType.APPLICATION_JSON_VALUE)
+	Result<CustomerStaffDTO> getCustomerStaffInfo(@RequestBody CustomerStaffFormDTO customerStaffFormDTO);
+
+	/**
+	 * @param staffLoginHistoryFormDTO
+	 * @return com.epmet.commons.tools.utils.Result
+	 * @Author yinzuomei
+	 * @Description 保存登录日志
+	 * @Date 2020/4/20 14:38
+	 **/
+	@PostMapping(value = "epmetuser/staffagencyvisited/saveStaffLoginRecord", consumes = MediaType.APPLICATION_JSON_VALUE)
+	Result saveStaffLoginRecord(StaffLoginAgencyRecordFormDTO staffLoginHistoryFormDTO);
 }

epmet-auth/src/main/java/com/epmet/feign/GovOrgFeignClient.java

@@ -0,0 +1,40 @@
+package com.epmet.feign;
+
+import com.epmet.commons.tools.constant.ServiceConstant;
+import com.epmet.commons.tools.utils.Result;
+import com.epmet.dto.form.StaffOrgFormDTO;
+import com.epmet.dto.result.DepartmentListResultDTO;
+import com.epmet.dto.result.StaffOrgsResultDTO;
+import com.epmet.feign.fallback.GovOrgFeignClientFallback;
+import org.springframework.cloud.openfeign.FeignClient;
+import org.springframework.http.MediaType;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+
+import java.util.List;
+
+/**
+ * @Description 政府端组织机构模块
+ * @Author yinzuomei
+ * @Date 2020/4/20 15:18
+ */
+@FeignClient(name = ServiceConstant.GOV_ORG_SERVER, fallback = GovOrgFeignClientFallback.class)
+public interface GovOrgFeignClient {
+    /**
+     * @return com.epmet.commons.tools.utils.Result<java.util.List<com.epmet.dto.result.StaffOrgsResultDTO>>
+     * @param staffOrgFormDTO
+     * @Author yinzuomei
+     * @Description 获取客户对应的根级组织名称
+     * @Date 2020/4/20 21:37
+     **/
+    @PostMapping(value = "/gov/org/customeragency/getStaffOrgList",consumes = MediaType.APPLICATION_JSON_VALUE)
+    Result<List<StaffOrgsResultDTO>> getStaffOrgList(StaffOrgFormDTO staffOrgFormDTO);
+
+    /**
+     * 查询人员部门列表
+     * @param staffId
+     * @return
+     */
+    @PostMapping("/gov/org/department/staff/{staffId}/departmentlist")
+    Result<List<DepartmentListResultDTO>> getDepartmentListByStaffId(@PathVariable("staffId") String staffId);
+}

epmet-auth/src/main/java/com/epmet/feign/fallback/EpmetUserFeignClientFallback.java

@@ -6,13 +6,14 @@ import com.epmet.commons.tools.utils.Result;
 import com.epmet.dto.CustomerStaffDTO;
 import com.epmet.dto.UserDTO;
 import com.epmet.dto.UserWechatDTO;
-import com.epmet.dto.form.PasswordLoginUserInfoFormDTO;
-import com.epmet.dto.form.StaffWechatFormDTO;
-import com.epmet.dto.form.WxLoginUserInfoFormDTO;
+import com.epmet.dto.form.*;
 import com.epmet.dto.result.PasswordLoginUserInfoResultDTO;
+import com.epmet.dto.result.StaffLatestAgencyResultDTO;
 import com.epmet.feign.EpmetUserFeignClient;
 import org.springframework.stereotype.Component;
 
+import java.util.List;
+
 /**
  * @Description
  * @Author yinzuomei
@@ -37,13 +38,28 @@ public class EpmetUserFeignClientFallback implements EpmetUserFeignClient {
 	}
 
 	@Override
-	public Result<CustomerStaffDTO> checkCustomerStaff(String phone) {
+	public Result<List<CustomerStaffDTO>> checkCustomerStaff(String phone) {
 		return ModuleUtils.feignConError(ServiceConstant.EPMET_USER_SERVER, "getCustsomerStaffByPhone", phone);
 	}
 
 	@Override
-	public Result savestaffwechat(StaffWechatFormDTO staffWechatFormDTO) {
+	public Result saveStaffWechat(StaffWechatFormDTO staffWechatFormDTO) {
 		return ModuleUtils.feignConError(ServiceConstant.EPMET_USER_SERVER, "saveStaffWechat", staffWechatFormDTO);
 	}
 
+	@Override
+	public Result<StaffLatestAgencyResultDTO> getLatestStaffWechatLoginRecord(String openId) {
+		return ModuleUtils.feignConError(ServiceConstant.EPMET_USER_SERVER, "getLatestStaffWechatLoginRecord", openId);
+	}
+
+	@Override
+	public Result<CustomerStaffDTO> getCustomerStaffInfo(CustomerStaffFormDTO customerStaffFormDTO) {
+		return ModuleUtils.feignConError(ServiceConstant.EPMET_USER_SERVER, "getCustomerStaffInfo", customerStaffFormDTO);
+	}
+
+	@Override
+	public Result saveStaffLoginRecord(StaffLoginAgencyRecordFormDTO staffLoginHistoryFormDTO) {
+		return ModuleUtils.feignConError(ServiceConstant.EPMET_USER_SERVER, "saveStaffLoginRecord", staffLoginHistoryFormDTO);
+	}
+
 }

epmet-auth/src/main/java/com/epmet/feign/fallback/GovOrgFeignClientFallback.java

@@ -0,0 +1,32 @@
+package com.epmet.feign.fallback;
+
+import com.epmet.commons.tools.constant.ServiceConstant;
+import com.epmet.commons.tools.utils.ModuleUtils;
+import com.epmet.commons.tools.utils.Result;
+import com.epmet.dto.form.StaffOrgFormDTO;
+import com.epmet.dto.result.DepartmentListResultDTO;
+import com.epmet.dto.result.StaffOrgsResultDTO;
+import com.epmet.feign.GovOrgFeignClient;
+import org.springframework.stereotype.Component;
+
+import java.util.List;
+
+/**
+ * @Description 政府端组织机构模块
+ * @Author yinzuomei
+ * @Date 2020/4/20 15:19
+ */
+@Component
+public class GovOrgFeignClientFallback implements GovOrgFeignClient {
+
+    @Override
+    public Result<List<StaffOrgsResultDTO>> getStaffOrgList(StaffOrgFormDTO staffOrgFormDTO) {
+        return ModuleUtils.feignConError(ServiceConstant.GOV_ORG_SERVER, "getStaffOrgList", staffOrgFormDTO);
+    }
+
+    @Override
+    public Result<List<DepartmentListResultDTO>> getDepartmentListByStaffId(String staffId) {
+        return ModuleUtils.feignConError(ServiceConstant.GOV_ORG_SERVER, "getDepartmentListByStaffId", staffId);
+    }
+}
+

epmet-auth/src/main/java/com/epmet/redis/CaptchaRedis.java

@@ -8,9 +8,9 @@
 
 package com.epmet.redis;
 
+import com.epmet.common.token.constant.LoginConstant;
 import com.epmet.commons.tools.redis.RedisKeys;
 import com.epmet.commons.tools.redis.RedisUtils;
-import com.epmet.dto.form.LoginByPhoneFormDTO;
 import com.epmet.dto.form.SendSmsCodeFormDTO;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
@@ -65,20 +65,20 @@ public class CaptchaRedis {
      * @Date 2020/4/18 13:53
      **/
     public void saveSmsCode(SendSmsCodeFormDTO sendSmsCodeFormDTO, String smsCode) {
-        String smsCodeKey = RedisKeys.getLoginSmsCodeKey(sendSmsCodeFormDTO.getApp(), sendSmsCodeFormDTO.getClient(), sendSmsCodeFormDTO.getPhone());
+        String smsCodeKey = RedisKeys.getLoginSmsCodeKey(LoginConstant.APP_GOV, LoginConstant.CLIENT_WXMP, sendSmsCodeFormDTO.getMobile());
         logger.info(String.format("短信验证码key=%s", smsCodeKey));
         redisUtils.set(smsCodeKey, smsCode, MINUTE_THIRTY_EXPIRE);
     }
 
     /**
-     * @param formDTO
+     * @param mobile
      * @return java.lang.String
      * @Author yinzuomei
      * @Description 获取登录时发送的验证码
      * @Date 2020/4/18 21:33
      **/
-    public String getSmsCode(LoginByPhoneFormDTO formDTO) {
-        String smsCodeKey = RedisKeys.getLoginSmsCodeKey(formDTO.getApp(), formDTO.getClient(), formDTO.getPhone());
+    public String getSmsCode(String mobile) {
+        String smsCodeKey = RedisKeys.getLoginSmsCodeKey(LoginConstant.APP_GOV, LoginConstant.CLIENT_WXMP, mobile);
         String smsCode = (String) redisUtils.get(smsCodeKey);
         return smsCode;
     }

epmet-auth/src/main/java/com/epmet/service/GovLoginService.java

@@ -0,0 +1,64 @@
+package com.epmet.service;
+
+import com.epmet.commons.tools.security.dto.TokenDto;
+import com.epmet.commons.tools.utils.Result;
+import com.epmet.dto.form.GovWxmpEnteOrgFormDTO;
+import com.epmet.dto.form.GovWxmpFormDTO;
+import com.epmet.dto.form.SendSmsCodeFormDTO;
+import com.epmet.dto.form.StaffOrgsFormDTO;
+import com.epmet.dto.result.StaffOrgsResultDTO;
+import com.epmet.dto.result.UserTokenResultDTO;
+
+import java.util.List;
+
+/**
+ * @Description 政府端登录服务
+ * @Author yinzuomei
+ * @Date 2020/4/20 10:56
+ */
+public interface GovLoginService {
+    /**
+     * @param formDTO
+     * @return com.epmet.commons.tools.utils.Result
+     * @Author yinzuomei
+     * @Description 政府端微信小程序登录-发送验证码
+     * @Date 2020/4/18 10:59
+     **/
+    Result sendSmsCode(SendSmsCodeFormDTO formDTO);
+
+    /**
+     * @param formDTO
+     * @return com.epmet.commons.tools.utils.Result<com.epmet.common.token.dto.result.UserTokenResultDTO>
+     * @Author yinzuomei
+     * @Description 3、手机验证码获取组织
+     * @Date 2020/4/18 21:11
+     **/
+    Result<List<StaffOrgsResultDTO>> getMyOrg(StaffOrgsFormDTO formDTO);
+
+    /**
+     * @param formDTO
+     * @return com.epmet.commons.tools.utils.Result<com.epmet.dto.result.UserTokenResultDTO>
+     * @Author yinzuomei
+     * @Description 政府端小程序根据wxCode获取上一次登录信息，返回token
+     * @Date 2020/4/20 11:23
+     **/
+    Result<UserTokenResultDTO> loginByWxCode(GovWxmpFormDTO formDTO);
+
+    /**
+     * @param formDTO
+     * @return com.epmet.commons.tools.utils.Result<com.epmet.dto.result.UserTokenResultDTO>
+     * @Author yinzuomei
+     * @Description 4、选择组织，进入首页
+     * @Date 2020/4/20 13:08
+     **/
+    Result<UserTokenResultDTO> enterOrg(GovWxmpEnteOrgFormDTO formDTO);
+
+    /**
+     * @return com.epmet.commons.tools.utils.Result
+     * @param tokenDto
+     * @Author yinzuomei
+     * @Description 政府端工作人员退出登录
+     * @Date 2020/4/21 22:08
+     **/
+    Result loginOut(TokenDto tokenDto);
+}

epmet-auth/src/main/java/com/epmet/service/LoginService.java

@@ -4,9 +4,7 @@ import cn.binarywang.wx.miniapp.bean.WxMaJscode2SessionResult;
 import com.epmet.commons.tools.security.dto.TokenDto;
 import com.epmet.commons.tools.utils.Result;
 import com.epmet.dto.form.LoginByPassWordFormDTO;
-import com.epmet.dto.form.LoginByPhoneFormDTO;
 import com.epmet.dto.form.LoginByWxCodeFormDTO;
-import com.epmet.dto.form.SendSmsCodeFormDTO;
 import com.epmet.dto.result.UserTokenResultDTO;
 
 /**
@@ -52,21 +50,4 @@ public interface LoginService {
 	 **/
 	WxMaJscode2SessionResult getWxMaUser(String app, String wxCode);
 
-	/**
-	 * @param formDTO
-	 * @return com.epmet.commons.tools.utils.Result
-	 * @Author yinzuomei
-	 * @Description 政府端微信小程序登录-发送验证码
-	 * @Date 2020/4/18 10:59
-	 **/
-	Result sendSmsCode(SendSmsCodeFormDTO formDTO);
-
-	/**
-	 * @param formDTO
-	 * @return com.epmet.commons.tools.utils.Result<com.epmet.common.token.dto.result.UserTokenResultDTO>
-	 * @Author yinzuomei
-	 * @Description 政府端微信小程序登录-手机验证码登录
-	 * @Date 2020/4/18 21:11
-	 **/
-	Result<UserTokenResultDTO> loginByPhone(LoginByPhoneFormDTO formDTO);
 }

epmet-auth/src/main/java/com/epmet/service/impl/GovLoginServiceImpl.java

@@ -0,0 +1,307 @@
+package com.epmet.service.impl;
+
+import cn.binarywang.wx.miniapp.bean.WxMaJscode2SessionResult;
+import com.epmet.common.token.constant.LoginConstant;
+import com.epmet.commons.tools.exception.EpmetErrorCode;
+import com.epmet.commons.tools.exception.ExceptionUtils;
+import com.epmet.commons.tools.exception.RenException;
+import com.epmet.commons.tools.security.dto.GovTokenDto;
+import com.epmet.commons.tools.security.dto.TokenDto;
+import com.epmet.commons.tools.utils.CpUserDetailRedis;
+import com.epmet.commons.tools.utils.DateUtils;
+import com.epmet.commons.tools.utils.Result;
+import com.epmet.commons.tools.validator.PhoneValidatorUtils;
+import com.epmet.dto.CustomerStaffDTO;
+import com.epmet.dto.form.*;
+import com.epmet.dto.result.DepartmentListResultDTO;
+import com.epmet.dto.result.StaffLatestAgencyResultDTO;
+import com.epmet.dto.result.StaffOrgsResultDTO;
+import com.epmet.dto.result.UserTokenResultDTO;
+import com.epmet.feign.EpmetUserFeignClient;
+import com.epmet.feign.GovOrgFeignClient;
+import com.epmet.feign.MessageFeignClient;
+import com.epmet.jwt.JwtTokenProperties;
+import com.epmet.jwt.JwtTokenUtils;
+import com.epmet.redis.CaptchaRedis;
+import com.epmet.service.GovLoginService;
+import com.epmet.service.LoginService;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+import org.springframework.util.CollectionUtils;
+
+import java.util.*;
+import java.util.stream.Collectors;
+
+/**
+ * @Description 政府端登录服务
+ * @Author yinzuomei
+ * @Date 2020/4/20 10:56
+ */
+@Service
+public class GovLoginServiceImpl implements GovLoginService {
+    private static final Logger logger = LoggerFactory.getLogger(GovLoginServiceImpl.class);
+    private static final String SEND_SMS_CODE_ERROR = "发送短信验证码异常,手机号[%s],code[%s],msg[%s]";
+    @Autowired
+    private LoginService loginService;
+    @Autowired
+    private EpmetUserFeignClient epmetUserFeignClient;
+    @Autowired
+    private CaptchaRedis captchaRedis;
+    @Autowired
+    private MessageFeignClient messageFeignClient;
+    @Autowired
+    private JwtTokenUtils jwtTokenUtils;
+    @Autowired
+    private JwtTokenProperties jwtTokenProperties;
+    @Autowired
+    private CpUserDetailRedis cpUserDetailRedis;
+    @Autowired
+    private GovOrgFeignClient govOrgFeignClient;
+
+    /**
+     * @param formDTO
+     * @return com.epmet.commons.tools.utils.Result
+     * @Author yinzuomei
+     * @Description 政府端微信小程序登录-发送验证码
+     * @Date 2020/4/18 10:59
+     **/
+    @Override
+    public Result sendSmsCode(SendSmsCodeFormDTO formDTO) {
+        //1、校验手机号是否符合规范
+        if (!PhoneValidatorUtils.isMobile(formDTO.getMobile())) {
+            logger.error(String.format(SEND_SMS_CODE_ERROR, formDTO.getMobile(), EpmetErrorCode.ERROR_PHONE.getCode(), EpmetErrorCode.ERROR_PHONE.getMsg()));
+            return new Result().error(EpmetErrorCode.ERROR_PHONE.getCode());
+        }
+        //2、根据手机号校验用户是否存在
+        Result<List<CustomerStaffDTO>> customerStaffResult = epmetUserFeignClient.checkCustomerStaff(formDTO.getMobile());
+        if (!customerStaffResult.success()) {
+            logger.error(String.format(SEND_SMS_CODE_ERROR, formDTO.getMobile(), customerStaffResult.getCode(), customerStaffResult.getMsg()));
+            return new Result().error(customerStaffResult.getCode());
+        }
+        //3、发送短信验证码
+        Result<Map<String, String>> smsCodeResult = messageFeignClient.sendSmsCaptcha(formDTO.getMobile());
+        if (!smsCodeResult.success()) {
+            logger.error(String.format(SEND_SMS_CODE_ERROR, formDTO.getMobile(), smsCodeResult.getCode(), smsCodeResult.getMsg()));
+            return new Result().error(smsCodeResult.getCode());
+        }
+        //4、保存短信验证码(删除现有短信验证码、将新的短信验证码存入Redis)
+        captchaRedis.saveSmsCode(formDTO, smsCodeResult.getData().get("code"));
+        logger.info(String.format("发送短信验证码成功,手机号[%s]", formDTO.getMobile()));
+        return new Result();
+    }
+
+    /**
+     * @param formDTO
+     * @return com.epmet.commons.tools.utils.Result<com.epmet.common.token.dto.result.UserTokenResultDTO>
+     * @Author yinzuomei
+     * @Description 3、手机验证码获取组织
+     * @Date 2020/4/18 21:11
+     **/
+    @Override
+    public Result<List<StaffOrgsResultDTO>> getMyOrg(StaffOrgsFormDTO formDTO) {
+        //1、根据手机号查询到用户信息
+        Result<List<CustomerStaffDTO>> customerStaffResult = epmetUserFeignClient.checkCustomerStaff(formDTO.getMobile());
+        if (!customerStaffResult.success()) {
+            logger.error(String.format("手机验证码登录异常,手机号[%s],code[%s],msg[%s]", formDTO.getMobile(), customerStaffResult.getCode(), customerStaffResult.getMsg()));
+            return new Result().error(customerStaffResult.getCode());
+        }
+        //2、验证码是否正确
+        String rightSmsCode = captchaRedis.getSmsCode(formDTO.getMobile());
+        if (!formDTO.getSmsCode().equals(rightSmsCode)) {
+            logger.error(String.format("验证码错误code[%s],msg[%s]",EpmetErrorCode.MOBILE_CODE_ERROR.getCode(),EpmetErrorCode.MOBILE_CODE_ERROR.getMsg()));
+            return new Result<List<StaffOrgsResultDTO>>().error(EpmetErrorCode.MOBILE_CODE_ERROR.getCode());
+        }
+        //3、查询用户所有的组织信息
+        List<String> customerIdList = new ArrayList<>();
+        for (CustomerStaffDTO customerStaffDTO : customerStaffResult.getData()) {
+            customerIdList.add(customerStaffDTO.getCustomerId());
+        }
+        StaffOrgFormDTO staffOrgFormDTO = new StaffOrgFormDTO();
+        staffOrgFormDTO.setCustomerIdList(customerIdList);
+        Result<List<StaffOrgsResultDTO>> result = govOrgFeignClient.getStaffOrgList(staffOrgFormDTO);
+        return result;
+    }
+
+    @Override
+    public Result<UserTokenResultDTO> loginByWxCode(GovWxmpFormDTO formDTO) {
+        //1、解析微信用户
+        WxMaJscode2SessionResult wxMaJscode2SessionResult = loginService.getWxMaUser(formDTO.getApp(), formDTO.getWxCode());
+        if(null!=wxMaJscode2SessionResult){
+            logger.info(String.format("app=%s,wxCode=%s,openId=%s",formDTO.getApp(),formDTO.getWxCode(),wxMaJscode2SessionResult.getOpenid()));
+        }
+        Result<StaffLatestAgencyResultDTO> latestStaffWechat = epmetUserFeignClient.getLatestStaffWechatLoginRecord(wxMaJscode2SessionResult.getOpenid());
+        if (!latestStaffWechat.success() || null == latestStaffWechat.getData()) {
+            logger.error(String.format("没有获取到用户最近一次登录账户信息,code[%s],msg[%s]", EpmetErrorCode.PLEASE_LOGIN.getCode(), EpmetErrorCode.PLEASE_LOGIN.getMsg()));
+            return new Result<UserTokenResultDTO>().error(EpmetErrorCode.PLEASE_LOGIN.getCode());
+        }
+        StaffLatestAgencyResultDTO staffLatestAgencyResultDTO = latestStaffWechat.getData();
+        //2、记录staff_wechat
+        this.savestaffwechat(staffLatestAgencyResultDTO.getStaffId(), wxMaJscode2SessionResult.getOpenid());
+        //3、记录登录日志
+        this.saveStaffLoginRecord(staffLatestAgencyResultDTO);
+        //4、获取用户token
+        String token = this.generateGovWxmpToken(staffLatestAgencyResultDTO.getStaffId());
+        //5、保存到redis
+        this.saveLatestGovTokenDto(staffLatestAgencyResultDTO, wxMaJscode2SessionResult, token);
+        UserTokenResultDTO userTokenResultDTO = new UserTokenResultDTO();
+        userTokenResultDTO.setToken(token);
+        return new Result<UserTokenResultDTO>().ok(userTokenResultDTO);
+    }
+
+    //保存tokenDto到redis
+    private void saveLatestGovTokenDto(StaffLatestAgencyResultDTO staffLatestAgency,
+                                       WxMaJscode2SessionResult wxMaJscode2SessionResult,
+                                       String token) {
+        int expire = jwtTokenProperties.getExpire();
+        GovTokenDto govTokenDto = new GovTokenDto();
+        govTokenDto.setApp(LoginConstant.APP_GOV);
+        govTokenDto.setClient(LoginConstant.CLIENT_WXMP);
+        govTokenDto.setUserId(staffLatestAgency.getStaffId());
+        govTokenDto.setOpenId(wxMaJscode2SessionResult.getOpenid());
+        govTokenDto.setSessionKey(wxMaJscode2SessionResult.getSessionKey());
+        govTokenDto.setUnionId(wxMaJscode2SessionResult.getUnionid());
+        govTokenDto.setToken(token);
+        govTokenDto.setUpdateTime(System.currentTimeMillis());
+        govTokenDto.setExpireTime(jwtTokenUtils.getExpiration(token).getTime());
+        govTokenDto.setAgencyId(staffLatestAgency.getAgencyId());
+        govTokenDto.setCustomerId(staffLatestAgency.getCustomerId());
+
+        try {
+            Result<List<DepartmentListResultDTO>> deptListResult = govOrgFeignClient.getDepartmentListByStaffId(staffLatestAgency.getStaffId());
+            if (deptListResult.success()) {
+                if (!CollectionUtils.isEmpty(deptListResult.getData())) {
+                    Set<String> deptIdLists = deptListResult.getData().stream().map(dept -> dept.getDepartmentId()).collect(Collectors.toSet());
+                    govTokenDto.setDeptIdList(deptIdLists);
+                }
+            } else {
+                logger.error("登录:查询部门列表，远程调用返回错误:{}", deptListResult.getMsg());
+            }
+        } catch (Exception e) {
+            String errorStackTrace = ExceptionUtils.getErrorStackTrace(e);
+            logger.error("登录:查询部门列表异常:{}", errorStackTrace);
+        }
+
+        cpUserDetailRedis.set(govTokenDto, expire);
+        logger.info("截止时间：" + DateUtils.format(jwtTokenUtils.getExpiration(token), "yyyy-MM-dd HH:mm:ss"));
+    }
+
+    //保存登录日志
+    private Result saveStaffLoginRecord(StaffLatestAgencyResultDTO latestStaffWechatLoginDTO) {
+        StaffLoginAgencyRecordFormDTO staffLoginAgencyRecordFormDTO = new StaffLoginAgencyRecordFormDTO();
+        staffLoginAgencyRecordFormDTO.setCustomerId(latestStaffWechatLoginDTO.getCustomerId());
+        staffLoginAgencyRecordFormDTO.setStaffId(latestStaffWechatLoginDTO.getStaffId());
+        staffLoginAgencyRecordFormDTO.setWxOpenId(latestStaffWechatLoginDTO.getWxOpenId());
+        staffLoginAgencyRecordFormDTO.setMobile(latestStaffWechatLoginDTO.getMobile());
+        staffLoginAgencyRecordFormDTO.setAgencyId(latestStaffWechatLoginDTO.getAgencyId());
+        Result staffLoginRecordResult = epmetUserFeignClient.saveStaffLoginRecord(staffLoginAgencyRecordFormDTO);
+        return staffLoginRecordResult;
+    }
+
+    @Override
+    public Result<UserTokenResultDTO> enterOrg(GovWxmpEnteOrgFormDTO formDTO) {
+        //1、需要校验要登录的客户，是否被禁用
+        CustomerStaffFormDTO customerStaffFormDTO = new CustomerStaffFormDTO();
+        customerStaffFormDTO.setCustomerId(formDTO.getCustomerId());
+        customerStaffFormDTO.setMobile(formDTO.getMobile());
+        Result<CustomerStaffDTO> customerStaffDTOResult = epmetUserFeignClient.getCustomerStaffInfo(customerStaffFormDTO);
+        if (!customerStaffDTOResult.success() || null == customerStaffDTOResult.getData()) {
+            logger.error(String.format("获取工作人员信息失败,手机号[%s],客户id:[%s],code[%s],msg[%s]", formDTO.getMobile(), formDTO.getCustomerId(), customerStaffDTOResult.getCode(), customerStaffDTOResult.getMsg()));
+            return new Result().error(customerStaffDTOResult.getCode());
+        }
+        CustomerStaffDTO customerStaff = customerStaffDTOResult.getData();
+        //2、解析微信用户
+        WxMaJscode2SessionResult wxMaJscode2SessionResult = loginService.getWxMaUser(LoginConstant.APP_GOV, formDTO.getWxCode());
+        //3、记录staff_wechat,并记录用户激活状态，激活时间
+        this.savestaffwechat(customerStaff.getUserId(), wxMaJscode2SessionResult.getOpenid());
+        //4、记录登录日志
+        this.saveStaffLoginRecord(formDTO, customerStaff.getUserId(), wxMaJscode2SessionResult.getOpenid());
+        //5.1、获取用户token
+        String token = this.generateGovWxmpToken(customerStaff.getUserId());
+        //5.2、保存到redis
+        this.saveGovTokenDto(formDTO.getRootAgencyId(), formDTO.getCustomerId(), customerStaff.getUserId(), wxMaJscode2SessionResult, token);
+        UserTokenResultDTO userTokenResultDTO = new UserTokenResultDTO();
+        userTokenResultDTO.setToken(token);
+        return new Result<UserTokenResultDTO>().ok(userTokenResultDTO);
+    }
+
+    @Override
+    public Result loginOut(TokenDto tokenDto) {
+        if(null == tokenDto){
+            logger.error("token解析失败,直接跳转重新登录即可");
+            throw new RenException("当前用户信息获取失败");
+        }
+        cpUserDetailRedis.logout(tokenDto.getApp() , tokenDto.getClient() , tokenDto.getUserId());
+        return new Result();
+    }
+
+    //保存登录日志
+    private Result saveStaffLoginRecord(GovWxmpEnteOrgFormDTO formDTO, String staffId, String openId) {
+        StaffLoginAgencyRecordFormDTO staffLoginAgencyRecordFormDTO = new StaffLoginAgencyRecordFormDTO();
+        staffLoginAgencyRecordFormDTO.setCustomerId(formDTO.getCustomerId());
+        staffLoginAgencyRecordFormDTO.setStaffId(staffId);
+        staffLoginAgencyRecordFormDTO.setWxOpenId(openId);
+        staffLoginAgencyRecordFormDTO.setMobile(formDTO.getMobile());
+        staffLoginAgencyRecordFormDTO.setAgencyId(formDTO.getRootAgencyId());
+        Result staffLoginRecordResult = epmetUserFeignClient.saveStaffLoginRecord(staffLoginAgencyRecordFormDTO);
+        return staffLoginRecordResult;
+    }
+
+
+    /**
+     * @param userId
+     * @param openid
+     * @return com.epmet.commons.tools.utils.Result
+     * @Author yinzuomei
+     * @Description 保存微信和当前登录用户关系
+     * @Date 2020/4/18 22:54
+     **/
+    private Result savestaffwechat(String userId, String openid) {
+        StaffWechatFormDTO staffWechatFormDTO = new StaffWechatFormDTO();
+        staffWechatFormDTO.setUserId(userId);
+        staffWechatFormDTO.setWxOpenId(openid);
+        return epmetUserFeignClient.saveStaffWechat(staffWechatFormDTO);
+    }
+
+    /**
+     * @Description 生成token
+     * @Date 2020/4/18 23:04
+     **/
+    private String generateGovWxmpToken(String staffId) {
+        Map<String, Object> map = new HashMap<>();
+        map.put("app", LoginConstant.APP_GOV);
+        map.put("client", LoginConstant.CLIENT_WXMP);
+        map.put("userId", staffId);
+        String token = jwtTokenUtils.createToken(map);
+        logger.info("app:" + LoginConstant.APP_GOV + ";client:" + LoginConstant.CLIENT_WXMP + ";userId:" + staffId + ";生成token[" + token + "]");
+        return token;
+    }
+
+    /**
+     * @Description 生成token
+     * @Date 2020/4/18 23:04
+     **/
+    private void saveGovTokenDto(String orgId,
+                                 String customerId,
+                                 String staffId,
+                                 WxMaJscode2SessionResult wxMaJscode2SessionResult,
+                                 String token) {
+        int expire = jwtTokenProperties.getExpire();
+        GovTokenDto govTokenDto = new GovTokenDto();
+        govTokenDto.setApp(LoginConstant.APP_GOV);
+        govTokenDto.setClient(LoginConstant.CLIENT_WXMP);
+        govTokenDto.setUserId(staffId);
+        govTokenDto.setOpenId(wxMaJscode2SessionResult.getOpenid());
+        govTokenDto.setSessionKey(wxMaJscode2SessionResult.getSessionKey());
+        govTokenDto.setUnionId(wxMaJscode2SessionResult.getUnionid());
+        govTokenDto.setToken(token);
+        govTokenDto.setUpdateTime(System.currentTimeMillis());
+        govTokenDto.setExpireTime(jwtTokenUtils.getExpiration(token).getTime());
+        govTokenDto.setAgencyId(orgId);
+        govTokenDto.setCustomerId(customerId);
+        cpUserDetailRedis.set(govTokenDto, expire);
+        logger.info("截止时间：" + DateUtils.format(jwtTokenUtils.getExpiration(token), "yyyy-MM-dd HH:mm:ss"));
+    }
+}
+

epmet-auth/src/main/java/com/epmet/service/impl/LoginServiceImpl.java

@@ -3,7 +3,6 @@ package com.epmet.service.impl;
 import cn.binarywang.wx.miniapp.bean.WxMaJscode2SessionResult;
 import cn.binarywang.wx.miniapp.bean.WxMaUserInfo;
 import com.epmet.common.token.constant.LoginConstant;
-import com.epmet.commons.tools.exception.EpmetErrorCode;
 import com.epmet.commons.tools.exception.ErrorCode;
 import com.epmet.commons.tools.exception.RenException;
 import com.epmet.commons.tools.security.dto.TokenDto;
@@ -11,18 +10,14 @@ import com.epmet.commons.tools.security.password.PasswordUtils;
 import com.epmet.commons.tools.utils.CpUserDetailRedis;
 import com.epmet.commons.tools.utils.DateUtils;
 import com.epmet.commons.tools.utils.Result;
-import com.epmet.commons.tools.validator.PhoneValidatorUtils;
-import com.epmet.dto.CustomerStaffDTO;
 import com.epmet.dto.UserDTO;
 import com.epmet.dto.UserWechatDTO;
 import com.epmet.dto.form.*;
 import com.epmet.dto.result.PasswordLoginUserInfoResultDTO;
 import com.epmet.dto.result.UserTokenResultDTO;
 import com.epmet.feign.EpmetUserFeignClient;
-import com.epmet.feign.MessageFeignClient;
 import com.epmet.jwt.JwtTokenProperties;
 import com.epmet.jwt.JwtTokenUtils;
-import com.epmet.redis.CaptchaRedis;
 import com.epmet.service.CaptchaService;
 import com.epmet.service.LoginService;
 import com.epmet.utils.WxMaServiceUtils;
@@ -65,12 +60,6 @@ public class LoginServiceImpl implements LoginService {
 	@Autowired
 	private CaptchaService captchaService;
 
-	@Autowired
-	private CaptchaRedis captchaRedis;
-
-	@Autowired
-	private MessageFeignClient messageFeignClient;
-
 	/**
 	 * 居民端微信小程序登录
 	 *
@@ -324,97 +313,9 @@ public class LoginServiceImpl implements LoginService {
 		}
 		cpUserDetailRedis.logout(tokenDto.getApp() , tokenDto.getClient() , tokenDto.getUserId());
 		//web端清空菜单栏和权限
-		return new Result().ok("退出登录！");
-	}
-
-	private static final String SEND_SMS_CODE_ERROR="发送短信验证码异常,手机号[%s],code[%s],msg[%s]";
-
-	/**
-	 * @param formDTO
-	 * @return com.epmet.commons.tools.utils.Result
-	 * @Author yinzuomei
-	 * @Description 政府端微信小程序登录-发送验证码
-	 * @Date 2020/4/18 10:59
-	 **/
-	@Override
-	public Result sendSmsCode(SendSmsCodeFormDTO formDTO) {
-		//1、校验手机号是否符合规范
-		if(!PhoneValidatorUtils.isMobile(formDTO.getPhone())){
-			logger.error(String.format(SEND_SMS_CODE_ERROR,formDTO.getPhone(), EpmetErrorCode.ERROR_PHONE.getCode(),EpmetErrorCode.ERROR_PHONE.getMsg()));
-			return new Result().error(EpmetErrorCode.ERROR_PHONE.getCode());
-		}
-		//2、根据手机号校验用户是否存在
-		Result<CustomerStaffDTO> customerStaffResult=epmetUserFeignClient.checkCustomerStaff(formDTO.getPhone());
-		if(!customerStaffResult.success()){
-			logger.error(String.format(SEND_SMS_CODE_ERROR,formDTO.getPhone(),customerStaffResult.getCode(),customerStaffResult.getMsg()));
-			return new Result().error(customerStaffResult.getCode());
-		}
-		//3、发送短信验证码
-		Result<Map<String, String>> smsCodeResult=messageFeignClient.sendSmsCaptcha(formDTO.getPhone());
-		if(!smsCodeResult.success()){
-			logger.error(String.format(SEND_SMS_CODE_ERROR,formDTO.getPhone(),smsCodeResult.getCode(),smsCodeResult.getMsg()));
-			return new Result().error(smsCodeResult.getCode());
-		}
-		//4、保存短信验证码(删除现有短信验证码、将新的短信验证码存入Redis)
-		captchaRedis.saveSmsCode(formDTO,smsCodeResult.getData().get("code"));
-		logger.info(String.format("发送短信验证码成功,手机号[%s]",formDTO.getPhone()));
 		return new Result();
 	}
 
-	/**
-	 * @param formDTO
-	 * @return com.epmet.commons.tools.utils.Result<com.epmet.common.token.dto.result.UserTokenResultDTO>
-	 * @Author yinzuomei
-	 * @Description 政府端微信小程序登录-手机验证码登录
-	 * @Date 2020/4/18 21:11
-	 **/
-	@Override
-	public Result<UserTokenResultDTO> loginByPhone(LoginByPhoneFormDTO formDTO) {
-		//1、根据手机号查询到用户信息
-		Result<CustomerStaffDTO> customerStaffResult=epmetUserFeignClient.checkCustomerStaff(formDTO.getPhone());
-		if(!customerStaffResult.success()){
-			logger.error(String.format("手机验证码登录异常,手机号[%s],code[%s],msg[%s]",formDTO.getPhone(),customerStaffResult.getCode(),customerStaffResult.getMsg()));
-			return new Result().error(customerStaffResult.getCode());
-		}
-		//2、验证码是否正确
-		String rightSmsCode=captchaRedis.getSmsCode(formDTO);
-		if(!formDTO.getSmsCode().equals(rightSmsCode)){
-			return new Result<UserTokenResultDTO>().error(EpmetErrorCode.MOBILE_CODE_ERROR.getCode());
-		}
-		//3、解析wxCode
-		UserTokenResultDTO userTokenResultDTO=this.getAuthorizationInfo(formDTO,customerStaffResult.getData());
-		return new Result<UserTokenResultDTO>().ok(userTokenResultDTO);
-	}
-
-	private UserTokenResultDTO getAuthorizationInfo(LoginByPhoneFormDTO formDTO, CustomerStaffDTO customerStaff) {
-		//1、解析微信用户
-		WxMaJscode2SessionResult wxMaJscode2SessionResult=this.getWxMaUser(formDTO.getApp(),formDTO.getWxCode());
-		//2、记录staff_wechat
-		this.savestaffwechat(customerStaff.getUserId(),wxMaJscode2SessionResult.getOpenid());
-		//3、获取用户token
-		String token=this.generateToken(formDTO,customerStaff.getUserId());
-		//4、保存到redis
-		this.saveTokenDto(formDTO,customerStaff.getUserId(),wxMaJscode2SessionResult,token);
-		UserTokenResultDTO userTokenResultDTO = new UserTokenResultDTO();
-		userTokenResultDTO.setToken(token);
-		return userTokenResultDTO;
-	}
-
-	/**
-	 * @return com.epmet.commons.tools.utils.Result
-	 * @param userId
-	 * @param openid
-	 * @Author yinzuomei
-	 * @Description 保存微信和当前登录用户关系
-	 * @Date 2020/4/18 22:54
-	 **/
-	private Result savestaffwechat(String userId, String openid) {
-		StaffWechatFormDTO staffWechatFormDTO = new StaffWechatFormDTO();
-		staffWechatFormDTO.setUserId(userId);
-		staffWechatFormDTO.setWxOpenId(openid);
-		return epmetUserFeignClient.savestaffwechat(staffWechatFormDTO);
-	}
-
 	/**
 	 * @Description  生成token
 	 * @Date 2020/4/18 23:04

epmet-auth/src/test/java/com/epmet/TokenGenTest.java

@@ -0,0 +1,66 @@
+package com.epmet;
+
+import com.epmet.common.token.constant.LoginConstant;
+import com.epmet.commons.tools.security.dto.GovTokenDto;
+import com.epmet.commons.tools.utils.CpUserDetailRedis;
+import com.epmet.jwt.JwtTokenProperties;
+import com.epmet.jwt.JwtTokenUtils;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.junit4.SpringRunner;
+
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest
+public class TokenGenTest {
+
+    @Autowired
+    private JwtTokenProperties jwtTokenProperties;
+
+    @Autowired
+    private JwtTokenUtils jwtTokenUtils;
+
+    @Autowired
+    private CpUserDetailRedis cpUserDetailRedis;
+
+    @Test
+    public void genToken() {
+        String staffId = "wxz";
+        String tokenStr = generateGovWxmpToken(staffId);
+        int expire = jwtTokenProperties.getExpire();
+        GovTokenDto govTokenDto = new GovTokenDto();
+        govTokenDto.setApp(LoginConstant.APP_GOV);
+        govTokenDto.setClient(LoginConstant.CLIENT_WXMP);
+        govTokenDto.setUserId(staffId);
+        govTokenDto.setOpenId("");
+        govTokenDto.setSessionKey("");
+        govTokenDto.setUnionId("");
+        govTokenDto.setToken(tokenStr);
+        govTokenDto.setUpdateTime(System.currentTimeMillis());
+        govTokenDto.setExpireTime(jwtTokenUtils.getExpiration(tokenStr).getTime());
+        govTokenDto.setAgencyId("1");
+        govTokenDto.setDeptIdList(new HashSet<>(Arrays.asList("1","2","3")));
+        govTokenDto.setCustomerId("f76def116c9c2dc0269cc17867af122c");
+        cpUserDetailRedis.set(govTokenDto, expire);
+    }
+
+    /**
+     * @Description 生成token
+     * @Date 2020/4/18 23:04
+     **/
+    private String generateGovWxmpToken(String staffId) {
+        Map<String, Object> map = new HashMap<>();
+        map.put("app", LoginConstant.APP_GOV);
+        map.put("client", LoginConstant.CLIENT_WXMP);
+        map.put("userId", staffId);
+        String token = jwtTokenUtils.createToken(map);
+        return token;
+    }
+
+}

epmet-cloud-generator/src/main/resources/application.yml

@@ -9,9 +9,9 @@ spring:
     type: com.alibaba.druid.pool.DruidDataSource
     #MySQL配置
     driverClassName: com.mysql.jdbc.Driver
-    url: jdbc:mysql://localhost:3306/epmet_user?useUnicode=true&characterEncoding=UTF-8&useSSL=false
-    username: epmet
-    password: elink@833066
+    url: jdbc:mysql://192.168.1.130:3306/epmet_user?useUnicode=true&characterEncoding=UTF-8&useSSL=false
+    username: epmet_dba
+    password: EpmEt-dbA-UsEr
     #oracle配置
 #    driverClassName: oracle.jdbc.OracleDriver
 #    url: jdbc:oracle:thin:@192.168.10.10:1521:helowin

epmet-commons/epmet-common-clienttoken/src/main/java/com/epmet/common/token/enums/ErrorCode.java

@@ -1,51 +0,0 @@
-package com.epmet.common.token.enums;
-
-
-import com.epmet.common.token.error.IErrorCode;
-
-/**
- * client token错误码
- *
- * @author rongchao
- * @Date 18-11-24
- */
-public enum ErrorCode implements IErrorCode {
-
-    SUCCESS(0, "请求成功"),
-
-    ERR10001(10001, "token解析失败"),
-    ERR10002(10002, "token失效"),
-    ERR10003(10003, "token生成失败，请重试。"),
-    ERR10004(10004, "返回的Object类型不是EsuaResponse，无法添加token!"),
-    ERR10005(10005, "token不能为空"),
-    ERR10006(10006, "登录超时，请重新登录"),
-    ERR10007(10007, "当前帐号已在别处登录"),
-
-    ERR500(500, "Internal Server Error"),
-    ERR501(501, "参数绑定异常"),
-    ERR401(401, "未授权"),
-
-
-    ERR(ErrorCode.COMMON_ERR_CODE, "其他异常");
-
-    private int code;
-
-    private String msg;
-
-    ErrorCode(final int code, final String msg) {
-        this.code = code;
-        this.msg = msg;
-    }
-
-    public static final int COMMON_ERR_CODE = -1;
-
-    @Override
-    public int getCode() {
-        return code;
-    }
-
-    @Override
-    public String getMsg() {
-        return msg;
-    }
-}

epmet-commons/epmet-common-clienttoken/src/main/java/com/epmet/common/token/error/IErrorCode.java

@@ -1,11 +0,0 @@
-package com.epmet.common.token.error;
-
-/**
- * @author rongchao
- * @Date 18-11-20
- */
-public interface IErrorCode {
-    int getCode();
-
-    String getMsg();
-}

epmet-commons/epmet-common-clienttoken/src/main/java/com/epmet/common/token/util/TokenUtil.java

@@ -25,11 +25,6 @@ public class TokenUtil {
     @Autowired
     private CpUserDetailRedis redisUtils;
 
-    public TokenDto getTokenInfo(String app, String client, String userId) {
-        TokenDto tokenDto = redisUtils.get(app,client,userId);
-        return tokenDto;
-    }
-
     public void expireToken(String app,String client,String userId) {
         redisUtils.logout(app,client,userId);
     }

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/annotation/DataFilter.java

@@ -23,26 +23,6 @@ public @interface DataFilter {
     /**
      * 表的别名
      */
-    String tableAlias() default "";
-
-    /**
-     * 查询条件前缀，可选值有：[where、and]
-     */
-    String prefix() default "";
-
-    /**
-     * 用户ID
-     */
-    String userId() default "creator";
-
-    /**
-     * 部门ID
-     */
-    String deptId() default "dept_id";
-
-    /**
-     * 是否拼接用户ID
-     */
-    boolean isPendingCreator() default true;
+    String[] tableAliases() default "";
 
 }

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/aspect/DataFilterAspect.java

@@ -1,32 +1,37 @@
 /**
  * Copyright (c) 2018 人人开源 All rights reserved.
- *
+ * <p>
  * https://www.renren.io
- *
+ * <p>
  * 版权所有，侵权必究！
  */
 
 package com.epmet.commons.mybatis.aspect;
 
-import cn.hutool.core.collection.CollUtil;
 import com.epmet.commons.mybatis.annotation.DataFilter;
+import com.epmet.commons.mybatis.constant.AccessSettingConstant;
+import com.epmet.commons.mybatis.constant.OpeScopeConstant;
+import com.epmet.commons.mybatis.dto.form.*;
 import com.epmet.commons.mybatis.entity.DataScope;
-import com.epmet.commons.tools.constant.Constant;
-import com.epmet.commons.tools.enums.SuperAdminEnum;
-import com.epmet.commons.tools.exception.ErrorCode;
+import com.epmet.commons.mybatis.feign.GovAccessFeignClient;
+import com.epmet.commons.mybatis.feign.GovOrgFeignClient;
+import com.epmet.commons.tools.aspect.AccessOpeAspect;
+import com.epmet.commons.tools.exception.EpmetErrorCode;
 import com.epmet.commons.tools.exception.RenException;
-import com.epmet.commons.tools.security.user.SecurityUser;
-import com.epmet.commons.tools.security.user.UserDetail;
+import com.epmet.commons.tools.security.user.LoginUserUtil;
+import com.epmet.commons.tools.utils.Result;
 import org.apache.commons.lang3.StringUtils;
 import org.aspectj.lang.JoinPoint;
 import org.aspectj.lang.annotation.Aspect;
 import org.aspectj.lang.annotation.Before;
-import org.aspectj.lang.annotation.Pointcut;
 import org.aspectj.lang.reflect.MethodSignature;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
+import org.springframework.util.CollectionUtils;
 
-import java.util.List;
-import java.util.Map;
+import java.util.*;
 
 /**
  * 数据过滤，切面处理类
@@ -37,69 +42,411 @@ import java.util.Map;
 @Aspect
 @Component
 public class DataFilterAspect {
-    @Pointcut("@annotation(com.epmet.commons.mybatis.annotation.DataFilter)")
-    public void dataFilterCut() {
 
-    }
+    private static final Logger log = LoggerFactory.getLogger(DataFilterAspect.class);
+
+    /**
+     * 线程变量，记录是否已经添加了至少一个过滤条件
+     */
+    private static final ThreadLocal<Boolean> hasConditions = new ThreadLocal();
 
-    @Before("dataFilterCut()")
+    public static final ThreadLocal<String> sqlFilter = new ThreadLocal();
+
+    @Autowired
+    private LoginUserUtil loginUserUtil;
+
+    @Autowired
+    private GovAccessFeignClient govAccessFeignClient;
+
+    @Autowired
+    private GovOrgFeignClient govOrgFeignClient;
+
+    public static final String orgIdPathSpliter = ":";
+
+    @Before("@annotation(com.epmet.commons.mybatis.annotation.DataFilter)")
     public void dataFilter(JoinPoint point) {
-        Object params = point.getArgs()[0];
-        if(params != null && params instanceof Map){
-            UserDetail user = SecurityUser.getUser();
 
-            //如果不是超级管理员，则进行数据过滤
-            if(user.getSuperAdmin() == SuperAdminEnum.NO.value()){
-                Map map = (Map)params;
-                String sqlFilter = getSqlFilter(user, point);
-                map.put(Constant.SQL_FILTER, new DataScope(sqlFilter));
+        //清空
+        sqlFilter.set(null);
+
+        // 通过反射，取到注解属性
+        DataFilter dataFilterAnno = ((MethodSignature) point.getSignature()).getMethod().getAnnotation(DataFilter.class);
+        String[] tableAliases = dataFilterAnno.tableAliases();
+        String tableAlias = tableAliases[0];
+
+        // 从ThreadLocal中取所需权限
+        String requirePermission = AccessOpeAspect.requirePermissionTl.get();
+        // 没有配置所需权限，不做操作，打印提示日志
+        if (StringUtils.isBlank(requirePermission)) {
+            log.warn("接口缺少所需权限配置，请在Controller方法上使用@RequirePermission注解完成所需权限配置");
+            return;
+        }
+
+        String app = loginUserUtil.getLoginUserApp();
+        String client = loginUserUtil.getLoginUserClient();
+        String userId = loginUserUtil.getLoginUserId();
+
+        StaffPermissionFormDTO staffPermissionFormDTO = new StaffPermissionFormDTO();
+        staffPermissionFormDTO.setApp(app);
+        staffPermissionFormDTO.setClient(client);
+        staffPermissionFormDTO.setStaffId(userId);
+        Result<StaffPermCacheResultDTO> result = govAccessFeignClient.getStaffCurrPermissions(staffPermissionFormDTO);
+
+        if (result.getCode() != 0) {
+            // 查询不到权限，记录日志，抛出8000异常
+            log.error("调用Access查询权限失败:{}", result.getMsg());
+            throw new RenException(EpmetErrorCode.SERVER_ERROR.getCode());
         }
 
-            return ;
+        StaffPermCacheResultDTO permCacheResultDTO = result.getData();
+
+        if (permCacheResultDTO == null || CollectionUtils.isEmpty(permCacheResultDTO.getPermissions())) {
+            log.error("操作权限不足，查询不到权限");
+            throw new RenException(EpmetErrorCode.REQUIRE_PERMISSION.getCode());
         }
 
-        throw new RenException(ErrorCode.DATA_SCOPE_PARAMS_ERROR);
+        // 校验操作权限
+        validateOpePermission(permCacheResultDTO.getPermissions(), requirePermission);
+
+        hasConditions.set(false);
+
+        // 生成过滤sql
+        String sqlFilterSegment = getSqlFilterSegment(userId, permCacheResultDTO.getRoleIdList(), requirePermission,
+                permCacheResultDTO.getOrgIdPath(), permCacheResultDTO.getGridId(), tableAlias, permCacheResultDTO.getDeptIdList());
+
+        // 方式1.填充到Service方法列表中的DataScope对象中。如果dao入参是用DTO的话，那么再加一个DataScope入参，sql中会报错提示#{}参数找不到，因此改用方法2
+        //Object[] methodArgs = point.getArgs();
+        //for (Object methodArg : methodArgs) {
+        //    if (methodArg instanceof DataScope) {
+        //        ((DataScope) methodArg).setSqlFilter(sqlFilterSegment);
+        //        return;
+        //    }
+        //}
+
+        // 方式2，采用ThreadLocal传参到DataFilterInterceptor中
+        if (StringUtils.isNotBlank(sqlFilterSegment)) {
+            sqlFilter.set(sqlFilterSegment);
+        }
     }
 
     /**
-     * 获取数据过滤的SQL
+     * 校验操作权限
      */
-    private String getSqlFilter(UserDetail user, JoinPoint point){
-        MethodSignature signature = (MethodSignature) point.getSignature();
-        DataFilter dataFilter = signature.getMethod().getAnnotation(DataFilter.class);
-        //获取表的别名
-        String tableAlias = dataFilter.tableAlias();
-        if(StringUtils.isNotBlank(tableAlias)){
-            tableAlias +=  ".";
+    private void validateOpePermission(Set<String> permissions, String reqiurePermission) {
+        if (!permissions.contains(reqiurePermission)) {
+            // 权限不足
+            log.error("操作权限不足");
+            throw new RenException(EpmetErrorCode.REQUIRE_PERMISSION.getCode());
+        }
     }
 
-        StringBuilder sqlFilter = new StringBuilder();
+    /**
+     * 生成过滤sql片段
+     *
+     * @return
+     */
+    private String getSqlFilterSegment(String userId, Set<String> roleIds, String reqiurePermission, String orgIdPath,
+                                       String gridId, String tableAlias, Set<String> deptIds) {
+
+        StringBuilder sb = new StringBuilder();
+
+        Map<String, String> accessSettings = listRoleAccessSettings(roleIds);
+
+        // 1.生成sql:组织范围过滤
+        genOrgScopeSql(sb, orgIdPath, roleIds, reqiurePermission, tableAlias);
 
-        //查询条件前缀
-        String prefix = dataFilter.prefix();
-        if(StringUtils.isNotBlank(prefix)){
-            sqlFilter.append(" ").append(prefix);
+        // 2.生成sql:我发起的
+        String iCreated = accessSettings.get(AccessSettingConstant.I_CREATED_KEY);
+        if (StringUtils.isNotBlank(iCreated) && AccessSettingConstant.I_CREATED_YES.equals(iCreated)) {
+            genICreatedSql(sb, userId, tableAlias);
         }
 
-        sqlFilter.append(" (");
+        // 3.生成sql:本网格的
+        String inGrid = accessSettings.get(AccessSettingConstant.IN_GRID_KEY);
+        if (StringUtils.isNotBlank(inGrid) && AccessSettingConstant.IN_GRID_YES.equals(inGrid)) {
+            genInGrid(sb, gridId, tableAlias);
+        }
+
+        // 4.生成sql:根据部门列表
+        String inDept = accessSettings.get(AccessSettingConstant.IN_DEPARTMENT_KEY);
+        if (StringUtils.isNotBlank(inDept) && AccessSettingConstant.IN_DEPARTMENT_YES.equals(inDept)) {
+            genDepartmentFilterSql(sb, deptIds);
+        }
 
-        //部门ID列表
-        List<Long> deptIdList = user.getDeptIdList();
-        if(CollUtil.isNotEmpty(deptIdList)){
-            sqlFilter.append(tableAlias).append(dataFilter.deptId());
+        return sb.toString();
+    }
 
-            sqlFilter.append(" in(").append(StringUtils.join(deptIdList, ",")).append(")");
+    /**
+     * 列出角色对应的权限设置项
+     * @param roleIds
+     * @return
+     */
+    private Map<String, String> listRoleAccessSettings(Set<String> roleIds) {
+        Map<String, String> settings = new HashMap<>();
+        roleIds.forEach(roleId -> {
+            settings.putAll(listRoleAccessSettings(roleId));
+        });
+        return settings;
     }
 
-        //查询本人数据
-        if (dataFilter.isPendingCreator()) {
-            if(CollUtil.isNotEmpty(deptIdList)){
-                sqlFilter.append(" or ");
+    private Map<String, String> listRoleAccessSettings(String roleId) {
+        Result<Map<String, String>> result = govAccessFeignClient.listAccessSettings(roleId);
+        if (result.success()) {
+            return result.getData();
+        } else {
+            log.error("角色[{}]查询权限配置AccessSettings失败:{}", roleId, result.getMsg());
         }
-            sqlFilter.append(tableAlias).append(dataFilter.userId()).append("=").append(user.getId());
+        return new HashMap<>();
+    }
+    /**
+     * 生成部门过滤sql
+     *
+     * @param sb
+     */
+    private void genDepartmentFilterSql(StringBuilder sb, Set<String> deptIdList) {
+        //Result<List<DepartmentListResultDTO>> deptListResult = govOrgFeignClient.getDepartmentListByStaffId(staffId);
+        if (CollectionUtils.isEmpty(deptIdList)) {
+            return;
+        }
+        deptIdList.forEach(deptId -> {
+            sb.append(hasConditions.get() ? " OR " : "").append(" DEPARTMENT_ID = '").append(deptId).append("' ");
+        });
+        hasConditions.set(true);
     }
-        sqlFilter.append(")");
 
-        return sqlFilter.toString();
+    /**
+     * 网格sql
+     *
+     * @param sb
+     * @param gridId
+     * @param tableAlias
+     */
+    private void genInGrid(StringBuilder sb, String gridId, String tableAlias) {
+        if (StringUtils.isBlank(tableAlias)) {
+            sb.append(hasConditions.get() ? " OR " : "").append(" GRID_ID ='").append(gridId).append("' ");
+        } else {
+            sb.append(hasConditions.get() ? " OR " : "").append(tableAlias).append(".GRID_ID ='").append(gridId).append("' ");
+        }
+        hasConditions.set(true);
     }
+
+    /**
+     * sql：我发起的
+     *
+     * @param userId
+     */
+    private void genICreatedSql(StringBuilder sb, String userId, String tableAlias) {
+        if (StringUtils.isBlank(tableAlias)) {
+            sb.append(hasConditions.get() ? " OR " : " ").append(" CREATED_BY ='").append(userId).append("'");
+        } else {
+            sb.append(hasConditions.get() ? " OR " : " ").append(tableAlias).append(".CREATED_BY ='").append(userId).append("'");
+        }
+        hasConditions.set(true);
+    }
+
+    /**
+     * 计算组织范围过滤sql，整体入口
+     *
+     * @param sb
+     * @param orgIdPath
+     */
+    public void genOrgScopeSql(StringBuilder sb, String orgIdPath, Set<String> roleIds, String reqiurePermission, String tableAlias) {
+
+        // 根据角色列表查询操作范围列表
+        Set<OperationScopeDTO> scopeDTOS = new HashSet<>();
+        roleIds.forEach(roleId -> {
+            OperationScopeFormDTO osformDto = new OperationScopeFormDTO();
+            osformDto.setRoleId(roleId);
+            osformDto.setOperationKey(reqiurePermission);
+            Result<Set<OperationScopeDTO>> result = govAccessFeignClient.getOperationScopesByRoleId(osformDto);
+            if (result.success()) {
+                scopeDTOS.addAll(result.getData());
+            }
+        });
+
+        // 过滤范围
+        HashSet<String> scopes = filteScopes(scopeDTOS);
+        if (CollectionUtils.isEmpty(scopes)) {
+            // 没有范围限制
+            return;
+        }
+
+        // 取出父组织ID path 和当前组织ID
+        String pOrgPath = orgIdPath.substring(0, orgIdPath.lastIndexOf(orgIdPathSpliter));
+        String currOrgPath = orgIdPath.substring(orgIdPath.lastIndexOf(orgIdPathSpliter) + 1);
+        genOrgScopeSql(sb, scopes, currOrgPath, pOrgPath, tableAlias);
+        sb.replace(sb.lastIndexOf("OR"), sb.lastIndexOf("OR") + 3, "");
+        hasConditions.set(true);
+    }
+
+    /**
+     * 计算组织范围过滤sql
+     *
+     * @param scopes
+     * @param currOrg
+     * @param pOrgPath
+     * @return
+     */
+    private void genOrgScopeSql(StringBuilder sb, HashSet<String> scopes, String currOrg, String pOrgPath, String tableAlias) {
+        for (String scope : scopes) {
+            switch (scope) {
+                case OpeScopeConstant.ORG_CURR:
+                    if (StringUtils.isBlank(tableAlias)) {
+                        sb.append(" ORG_ID = '").append(currOrg).append("' OR ");
+                    } else {
+                        sb.append(" ").append(tableAlias).append(".ORG_ID = '").append(currOrg).append("' OR ");
+                    }
+                    break;
+                case OpeScopeConstant.ORG_CURR_AND_SUB:
+                    if (StringUtils.isBlank(tableAlias)) {
+                        sb.append(" ORG_ID_PATH like '").append(pOrgPath).append("%' ").append(" OR ");
+                    } else {
+                        sb.append(" ").append(tableAlias).append(".ORG_ID_PATH like '").append(pOrgPath).append("%' ").append(" OR ");
+                    }
+                    break;
+                case OpeScopeConstant.ORG_CURR_SUB:
+                    if (StringUtils.isBlank(tableAlias)) {
+                        sb.append(" ORG_ID_PATH like '").append(pOrgPath).append(orgIdPathSpliter).append(currOrg).append("%' ").append(" OR ");
+                    } else {
+                        sb.append(" ").append(tableAlias).append(".ORG_ID_PATH like '").append(pOrgPath).append(orgIdPathSpliter).append(currOrg).append("%' ").append(" OR ");
+                    }
+                    break;
+                case OpeScopeConstant.ORG_EQUAL:
+                    // todo 同级
+                    //sb.append(" OR ");
+                    break;
+                case OpeScopeConstant.ORG_EQUAL_AND_SUB:
+                    // todo 同级及其子级
+                    //sb.append(" OR ");
+                    break;
+                case OpeScopeConstant.ORG_EQUAL_SUB:
+                    // todo 同级的子级
+                    //sb.append(" OR ");
+                    break;
+            }
+        }
+    }
+
+    /**
+     * 过滤有效范围
+     *
+     * @param scopeDTOS
+     * @return
+     */
+    private HashSet<String> filteScopes(Set<OperationScopeDTO> scopeDTOS) {
+        HashMap<String, OperationScopeDTO> filtedScopes = new HashMap<>();
+
+        for (OperationScopeDTO scope : scopeDTOS) {
+            String scopeIndex = scope.getScopeIndex();
+            if (StringUtils.isBlank(scopeIndex)) {
+                continue;
+            }
+            String[] currArr = scopeIndex.split("_");
+            if ("0".equals(currArr[1])) {
+                // 为0，说明没有包含关系，直接放入
+                filtedScopes.put(scopeIndex, scope);
+                continue;
+            }
+
+            OperationScopeDTO tempScope = filtedScopes.get(currArr[0]);
+            if (tempScope != null) {
+                // 已经有ac开头的了
+                String tempScopeIndex = tempScope.getScopeIndex();
+                if (Integer.valueOf(currArr[1]) < Integer.valueOf(tempScopeIndex.split("_")[1])) {
+                    filtedScopes.put(currArr[0], scope);
+                }
+            } else {
+                filtedScopes.put(currArr[0], scope);
+            }
+        }
+        HashSet<String> scopeStrs = new HashSet<>();
+        Set<Map.Entry<String, OperationScopeDTO>> entries = filtedScopes.entrySet();
+        for (Map.Entry<String, OperationScopeDTO> entry : entries) {
+            scopeStrs.add(entry.getValue().getScopeKey());
+        }
+        return scopeStrs;
+    }
+
+    /**
+     * 模拟范围数据
+     *
+     * @return
+     */
+    private Set<OperationScopeDTO> genScopeDtos() {
+        OperationScopeDTO scopeDTO1 = new OperationScopeDTO();
+        scopeDTO1.setScopeKey("org_curr");
+        scopeDTO1.setScopeName("本机关");
+        scopeDTO1.setScopeIndex("ac_0");
+
+        OperationScopeDTO scopeDTO2 = new OperationScopeDTO();
+        scopeDTO2.setScopeKey("org_curr_and_sub");
+        scopeDTO2.setScopeName("本机关及下级");
+        scopeDTO2.setScopeIndex("ac_501");
+
+        OperationScopeDTO scopeDTO3 = new OperationScopeDTO();
+        scopeDTO3.setScopeKey("org_curr_sub");
+        scopeDTO3.setScopeName("本机关的下级");
+        scopeDTO3.setScopeIndex("ac_502");
+
+        OperationScopeDTO scopeDTO4 = new OperationScopeDTO();
+        scopeDTO4.setScopeKey("org_equal_and_sub");
+        scopeDTO4.setScopeName("同级机关及下级");
+        scopeDTO4.setScopeIndex("ae_601");
+
+        OperationScopeDTO scopeDTO5 = new OperationScopeDTO();
+        scopeDTO5.setScopeKey("org_equal_sub");
+        scopeDTO5.setScopeName("同级机关的下级");
+        scopeDTO5.setScopeIndex("ae_602");
+
+        Set<OperationScopeDTO> scopeDTOS = new HashSet<>();
+        scopeDTOS.add(scopeDTO1);
+        scopeDTOS.add(scopeDTO2);
+        scopeDTOS.add(scopeDTO3);
+        scopeDTOS.add(scopeDTO4);
+        scopeDTOS.add(scopeDTO5);
+        return scopeDTOS;
+    }
+
+    ///**
+    // * 获取数据过滤的SQL
+    // */
+    //@Deprecated
+    //private String getSqlFilter(UserDetail user, JoinPoint point){
+    //    MethodSignature signature = (MethodSignature) point.getSignature();
+    //    DataFilter dataFilter = signature.getMethod().getAnnotation(DataFilter.class);
+    //    //获取表的别名
+    //    String tableAlias = dataFilter.tableAlias();
+    //    if(StringUtils.isNotBlank(tableAlias)){
+    //        tableAlias +=  ".";
+    //    }
+    //
+    //    StringBuilder sqlFilter = new StringBuilder();
+    //
+    //    //查询条件前缀
+    //    String prefix = dataFilter.prefix();
+    //    if(StringUtils.isNotBlank(prefix)){
+    //        sqlFilter.append(" ").append(prefix);
+    //    }
+    //
+    //    sqlFilter.append(" (");
+    //
+    //    //部门ID列表
+    //    List<Long> deptIdList = user.getDeptIdList();
+    //    if(CollUtil.isNotEmpty(deptIdList)){
+    //        sqlFilter.append(tableAlias).append(dataFilter.deptId());
+    //
+    //        sqlFilter.append(" in(").append(StringUtils.join(deptIdList, ",")).append(")");
+    //    }
+    //
+    //    //查询本人数据
+    //    if (dataFilter.isPendingCreator()) {
+    //        if(CollUtil.isNotEmpty(deptIdList)){
+    //            sqlFilter.append(" or ");
+    //        }
+    //        sqlFilter.append(tableAlias).append(dataFilter.userId()).append("=").append(user.getId());
+    //    }
+    //    sqlFilter.append(")");
+    //
+    //    return sqlFilter.toString();
+    //}
 }

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/aspect/DataFilterAspectBak.java

@@ -0,0 +1,106 @@
+///**
+// * Copyright (c) 2018 人人开源 All rights reserved.
+// *
+// * https://www.renren.io
+// *
+// * 版权所有，侵权必究！
+// */
+//
+//package com.epmet.commons.mybatis.aspect;
+//
+//import cn.hutool.core.collection.CollUtil;
+//import com.epmet.commons.mybatis.annotation.DataFilter;
+//import com.epmet.commons.mybatis.entity.DataScope;
+//import com.epmet.commons.tools.constant.Constant;
+//import com.epmet.commons.tools.enums.SuperAdminEnum;
+//import com.epmet.commons.tools.exception.ErrorCode;
+//import com.epmet.commons.tools.exception.RenException;
+//import com.epmet.commons.tools.security.user.SecurityUser;
+//import com.epmet.commons.tools.security.user.UserDetail;
+//import org.apache.commons.lang3.StringUtils;
+//import org.aspectj.lang.JoinPoint;
+//import org.aspectj.lang.annotation.Aspect;
+//import org.aspectj.lang.annotation.Before;
+//import org.aspectj.lang.annotation.Pointcut;
+//import org.aspectj.lang.reflect.MethodSignature;
+//import org.springframework.stereotype.Component;
+//
+//import java.util.Arrays;
+//import java.util.List;
+//import java.util.Map;
+//
+///**
+// * 数据过滤，切面处理类
+// *
+// * @author Mark sunlightcs@gmail.com
+// * @since 1.0.0
+// */
+//@Aspect
+//@Component
+//public class DataFilterAspectBak {
+//    @Pointcut("@annotation(com.epmet.commons.mybatis.annotation.DataFilter)")
+//    public void dataFilterCut() {
+//
+//    }
+//
+//    @Before("dataFilterCut()")
+//    public void dataFilter(JoinPoint point) {
+//        Object params = point.getArgs()[0];
+//        if(params != null && params instanceof Map){
+//            UserDetail user = SecurityUser.getUser();
+//
+//            //如果不是超级管理员，则进行数据过滤
+//            if(user.getSuperAdmin() == SuperAdminEnum.NO.value()){
+//                Map map = (Map)params;
+//                String sqlFilter = getSqlFilter(user, point);
+//                map.put(Constant.SQL_FILTER, new DataScope(sqlFilter));
+//            }
+//
+//            return ;
+//        }
+//
+//        throw new RenException(ErrorCode.DATA_SCOPE_PARAMS_ERROR);
+//    }
+//
+//    /**
+//     * 获取数据过滤的SQL
+//     */
+//    private String getSqlFilter(UserDetail user, JoinPoint point){
+//        MethodSignature signature = (MethodSignature) point.getSignature();
+//        DataFilter dataFilter = signature.getMethod().getAnnotation(DataFilter.class);
+//        //获取表的别名
+//        String tableAlias = dataFilter.tableAlias();
+//        if(StringUtils.isNotBlank(tableAlias)){
+//            tableAlias +=  ".";
+//        }
+//
+//        StringBuilder sqlFilter = new StringBuilder();
+//
+//        //查询条件前缀
+//        String prefix = dataFilter.prefix();
+//        if(StringUtils.isNotBlank(prefix)){
+//            sqlFilter.append(" ").append(prefix);
+//        }
+//
+//        sqlFilter.append(" (");
+//
+//        //部门ID列表
+//        List<Long> deptIdList = user.getDeptIdList();
+//        if(CollUtil.isNotEmpty(deptIdList)){
+//            sqlFilter.append(tableAlias).append(dataFilter.deptId());
+//
+//            sqlFilter.append(" in(").append(StringUtils.join(deptIdList, ",")).append(")");
+//        }
+//
+//        //查询本人数据
+//        if (dataFilter.isPendingCreator()) {
+//            if(CollUtil.isNotEmpty(deptIdList)){
+//                sqlFilter.append(" or ");
+//            }
+//            sqlFilter.append(tableAlias).append(dataFilter.userId()).append("=").append(user.getId());
+//        }
+//        sqlFilter.append(")");
+//
+//        return sqlFilter.toString();
+//    }
+//}

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/constant/AccessSettingConstant.java

@@ -0,0 +1,15 @@
+package com.epmet.commons.mybatis.constant;
+
+public class AccessSettingConstant {
+    public static final String I_CREATED_KEY = "I_CREATED";
+    public static final String I_CREATED_YES = "YES";
+
+    public static final String I_PART_KEY = "I_PART";
+    public static final String I_PART_YES = "YES";
+
+    public static final String IN_GRID_KEY = "IN_GRID";
+    public static final String IN_GRID_YES = "YES";
+
+    public static final String IN_DEPARTMENT_KEY = "IN_DEPARTMENT";
+    public static final String IN_DEPARTMENT_YES = "YES";
+}

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/constant/OpeScopeConstant.java

@@ -0,0 +1,17 @@
+package com.epmet.commons.mybatis.constant;
+
+public class OpeScopeConstant {
+    //"同级组织的下级"
+    public static final String ORG_EQUAL_SUB = "org_equal_sub";
+    //"同级组织及下级"
+    public static final String ORG_EQUAL_AND_SUB = "org_equal_and_sub";
+    //"同级组织"
+    public static final String ORG_EQUAL = "org_equal";
+    //"本组织的下级"
+    public static final String ORG_CURR_SUB = "org_curr_sub";
+    //"本组织及下级"
+    public static final String ORG_CURR_AND_SUB = "org_curr_and_sub";
+    //"本组织"
+    public static final String ORG_CURR = "org_curr";
+
+}

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/dto/form/DepartmentListResultDTO.java

@@ -0,0 +1,49 @@
+/**
+ * Copyright 2018 人人开源 https://www.renren.io
+ * <p>
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.epmet.commons.mybatis.dto.form;
+
+import lombok.Data;
+
+import java.io.Serializable;
+
+
+/**
+ * 组织首页-获取机关下部门列表-部门详情数据
+ *
+ * @author sun
+ */
+@Data
+public class DepartmentListResultDTO implements Serializable {
+
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * 部门Id
+     */
+    private String departmentId;
+
+    /**
+     * 部门名称
+     */
+    private String departmentName;
+
+    /**
+     * 部门下总人数
+     */
+    private Integer totalUser;
+}

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/dto/form/OperationScopeDTO.java

@@ -0,0 +1,92 @@
+/**
+ * Copyright 2018 人人开源 https://www.renren.io
+ * <p>
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.epmet.commons.mybatis.dto.form;
+
+import lombok.Data;
+
+import java.io.Serializable;
+import java.util.Date;
+
+
+/**
+ * 权限范围表
+ *
+ * @author generator generator@elink-cn.com
+ * @since v1.0.0 2020-04-24
+ */
+@Data
+public class OperationScopeDTO implements Serializable {
+
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * id
+     */
+	private String id;
+
+    /**
+     * 角色id
+     */
+    private String roleId;
+
+    /**
+     * 范围key
+     */
+	private String scopeKey;
+
+    /**
+     * 范围名称
+     */
+	private String scopeName;
+
+    /**
+     * 范围序号
+     */
+	private String scopeIndex;
+
+    /**
+     * 是否删除，0：未删除，1：已删除
+     */
+	private Integer delFlag;
+
+    /**
+     * 乐观锁
+     */
+	private Integer revision;
+
+    /**
+     * 创建者id
+     */
+	private String createdBy;
+
+    /**
+     * 创建时间
+     */
+	private Date createdTime;
+
+    /**
+     * 更新者id
+     */
+	private String updatedBy;
+
+    /**
+     * 更新时间
+     */
+	private Date updatedTime;
+
+}

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/dto/form/OperationScopeFormDTO.java

@@ -0,0 +1,18 @@
+package com.epmet.commons.mybatis.dto.form;
+
+import lombok.Data;
+
+import javax.validation.constraints.NotBlank;
+
+@Data
+public class OperationScopeFormDTO {
+
+    public interface ListOperationScopeGroup {}
+
+    @NotBlank(message = "角色ID不能为空", groups = {ListOperationScopeGroup.class})
+    private String roleId;
+
+    @NotBlank(message = "操作的key不能为空", groups = {ListOperationScopeGroup.class})
+    private String operationKey;
+
+}

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/dto/form/RoleAccessSettingResultDTO.java

@@ -0,0 +1,13 @@
+package com.epmet.commons.mybatis.dto.form;
+
+import lombok.Data;
+
+@Data
+public class RoleAccessSettingResultDTO {
+
+    private String settingKey;
+    private String id;
+    private String settingName;
+    private String roleId;
+
+}

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/dto/form/StaffPermCacheResultDTO.java

@@ -0,0 +1,35 @@
+package com.epmet.commons.mybatis.dto.form;
+
+import lombok.Data;
+
+import java.util.Set;
+
+@Data
+public class StaffPermCacheResultDTO {
+
+    /**
+     * 权限列表
+     */
+    private Set<String> permissions;
+
+    /**
+     * 角色列表
+     */
+    private Set<String> roleIdList;
+
+    /**
+     * 部门id列表
+     */
+    private Set<String> deptIdList;
+
+    /**
+     * 机构Id
+     */
+    private String orgIdPath;
+
+    /**
+     * 网格ID
+     */
+    private String gridId;
+
+}

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/dto/form/StaffPermissionFormDTO.java

@@ -0,0 +1,26 @@
+package com.epmet.commons.mybatis.dto.form;
+
+import lombok.Data;
+
+import javax.validation.constraints.NotBlank;
+import java.util.Set;
+
+@Data
+public class StaffPermissionFormDTO {
+
+    /**
+     * 工作人员 id
+     */
+    private String staffId;
+
+    /**
+     * 登录头信息app
+     */
+    private String app;
+
+    /**
+     * 登录头信息client
+     */
+    private String client;
+
+}

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/entity/DataScope.java

@@ -1,8 +1,8 @@
 /**
  * Copyright (c) 2018 人人开源 All rights reserved.
- *
+ * <p>
  * https://www.renren.io
- *
+ * <p>
  * 版权所有，侵权必究！
  */
 
@@ -15,8 +15,13 @@ package com.epmet.commons.mybatis.entity;
  * @since 1.0.0
  */
 public class DataScope {
+
     private String sqlFilter;
 
+    public static DataScope getDefault() {
+        return new DataScope("");
+    }
+
     public DataScope(String sqlFilter) {
         this.sqlFilter = sqlFilter;
     }

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/GovAccessFeignClient.java

@@ -0,0 +1,46 @@
+package com.epmet.commons.mybatis.feign;
+
+import com.epmet.commons.mybatis.dto.form.*;
+import com.epmet.commons.mybatis.feign.fallback.GovAccessFeignClientFallback;
+import com.epmet.commons.tools.constant.ServiceConstant;
+import com.epmet.commons.tools.utils.Result;
+import org.springframework.cloud.openfeign.FeignClient;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * @Description
+ * @Author sun
+ */
+//, url = "localhost:8099"
+@FeignClient(name = ServiceConstant.GOV_ACCESS_SERVER, fallback = GovAccessFeignClientFallback.class)
+public interface GovAccessFeignClient {
+
+    /**
+     * 查询用户当前权限列表
+     * @return
+     */
+    @PostMapping("/gov/access/access/getcurrpermissions")
+    Result<StaffPermCacheResultDTO> getStaffCurrPermissions(StaffPermissionFormDTO dto);
+
+    /**
+     * 查询角色的操作key对应操作范围列表
+     * @param operationScopeFormDTO
+     * @return
+     */
+    @PostMapping("/gov/access/access/operationscopes")
+    Result<Set<OperationScopeDTO>> getOperationScopesByRoleId(OperationScopeFormDTO operationScopeFormDTO);
+
+    /**
+     * 查询角色的权限相关配置
+     * @param roleId
+     * @return
+     */
+    @PostMapping("/gov/access/access/role/{roleId}/accesssettings")
+    Result<Map<String, String>> listAccessSettings(@PathVariable("roleId") String roleId);
+}

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/GovOrgFeignClient.java

@@ -0,0 +1,30 @@
+package com.epmet.commons.mybatis.feign;
+
+import com.epmet.commons.mybatis.dto.form.*;
+import com.epmet.commons.mybatis.feign.fallback.GovAccessFeignClientFallback;
+import com.epmet.commons.mybatis.feign.fallback.GovOrgFeignClientFallback;
+import com.epmet.commons.tools.constant.ServiceConstant;
+import com.epmet.commons.tools.utils.Result;
+import org.springframework.cloud.openfeign.FeignClient;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+
+import java.util.List;
+import java.util.Set;
+
+/**
+ * @Description
+ * @Author sun
+ */
+//, url = "localhost:8092"
+@FeignClient(name = ServiceConstant.GOV_ORG_SERVER, fallback = GovOrgFeignClientFallback.class)
+public interface GovOrgFeignClient {
+
+    /**
+     * 查询人员部门列表
+     * @param staffId
+     * @return
+     */
+    @PostMapping("/gov/org/department/staff/{staffId}/departmentlist")
+    Result<List<DepartmentListResultDTO>> getDepartmentListByStaffId(@PathVariable("staffId") String staffId);
+}

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/fallback/GovAccessFeignClientFallback.java

@@ -0,0 +1,37 @@
+package com.epmet.commons.mybatis.feign.fallback;
+
+import com.epmet.commons.mybatis.dto.form.*;
+import com.epmet.commons.mybatis.feign.GovAccessFeignClient;
+import com.epmet.commons.tools.constant.ServiceConstant;
+import com.epmet.commons.tools.utils.ModuleUtils;
+import com.epmet.commons.tools.utils.Result;
+import org.springframework.stereotype.Component;
+
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * 调用政府端权限
+ * @Author wxz
+ * @Description
+ * @Date 2020/4/24 11:17
+ **/
+@Component
+public class GovAccessFeignClientFallback implements GovAccessFeignClient {
+
+    @Override
+    public Result<StaffPermCacheResultDTO> getStaffCurrPermissions(StaffPermissionFormDTO dto) {
+        return ModuleUtils.feignConError(ServiceConstant.GOV_ACCESS_SERVER, "getStaffCurrPermissions", dto);
+    }
+
+    @Override
+    public Result<Set<OperationScopeDTO>> getOperationScopesByRoleId(OperationScopeFormDTO operationScopeFormDTO) {
+        return ModuleUtils.feignConError(ServiceConstant.GOV_ACCESS_SERVER, "getOperationScopesByRoleId", operationScopeFormDTO);
+    }
+
+    @Override
+    public Result<Map<String, String>> listAccessSettings(String roleId) {
+        return ModuleUtils.feignConError(ServiceConstant.GOV_ACCESS_SERVER, "listAccessSettings", roleId);
+    }
+}

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/fallback/GovOrgFeignClientFallback.java

@@ -0,0 +1,27 @@
+package com.epmet.commons.mybatis.feign.fallback;
+
+import com.epmet.commons.mybatis.dto.form.*;
+import com.epmet.commons.mybatis.feign.GovAccessFeignClient;
+import com.epmet.commons.mybatis.feign.GovOrgFeignClient;
+import com.epmet.commons.tools.constant.ServiceConstant;
+import com.epmet.commons.tools.utils.ModuleUtils;
+import com.epmet.commons.tools.utils.Result;
+import org.springframework.stereotype.Component;
+
+import java.util.List;
+import java.util.Set;
+
+/**
+ * 调用政府端权限
+ * @Author wxz
+ * @Description
+ * @Date 2020/4/24 11:17
+ **/
+@Component
+public class GovOrgFeignClientFallback implements GovOrgFeignClient {
+
+    @Override
+    public Result<List<DepartmentListResultDTO>> getDepartmentListByStaffId(String staffId) {
+        return ModuleUtils.feignConError(ServiceConstant.GOV_ACCESS_SERVER, "getDepartmentListByStaffId", staffId);
+    }
+}

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/handler/FieldMetaObjectHandler.java

@@ -22,6 +22,7 @@ import com.epmet.commons.tools.security.user.SecurityUser;
 import com.epmet.commons.tools.security.user.UserDetail;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.ibatis.reflection.MetaObject;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
 import java.util.Date;
@@ -40,11 +41,14 @@ public class FieldMetaObjectHandler implements MetaObjectHandler {
     private final static String UPDATER = "updater";
     private final static String DEPT_ID = "deptId";
 
+    @Autowired
+    private LoginUserUtil loginUserUtil;
+
     @Override
     public void insertFill(MetaObject metaObject) {
         Date date = new Date();
         if (metaObject.getOriginalObject() instanceof BaseEpmetEntity) {
-            String loginUserId = LoginUserUtil.getLoginUserId();
+            String loginUserId = loginUserUtil.getLoginUserId();
             // epmet项目新增的
             loginUserId = StringUtils.isBlank(loginUserId) ? Constant.APP_USER_FLAG : loginUserId;
             //Long deptId = user == null ? null : user.getDeptId();
@@ -107,7 +111,7 @@ public class FieldMetaObjectHandler implements MetaObjectHandler {
             //更新时间
             setFieldValByName(UPDATE_DATE, new Date(), metaObject);
         } else if (fillEsuaEntity) {
-            String loginUserId = LoginUserUtil.getLoginUserId();
+            String loginUserId = loginUserUtil.getLoginUserId();
             String userId = StringUtils.isBlank(loginUserId) ? Constant.APP_USER_FLAG : loginUserId;
             setFieldValByName(FieldConstant.UPDATED_BY_HUMP, userId, metaObject);
             setFieldValByName(FieldConstant.UPDATED_TIME_HUMP, new Date(), metaObject);

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/interceptor/DataFilterInterceptor.java

@@ -8,10 +8,12 @@
 
 package com.epmet.commons.mybatis.interceptor;
 
+import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.core.toolkit.PluginUtils;
-import com.baomidou.mybatisplus.core.toolkit.StringUtils;
 import com.baomidou.mybatisplus.extension.handlers.AbstractSqlParserHandler;
+import com.epmet.commons.mybatis.aspect.DataFilterAspect;
 import com.epmet.commons.mybatis.entity.DataScope;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.ibatis.executor.statement.StatementHandler;
 import org.apache.ibatis.mapping.BoundSql;
 import org.apache.ibatis.mapping.MappedStatement;
@@ -42,25 +44,30 @@ public class DataFilterInterceptor extends AbstractSqlParserHandler implements I
         this.sqlParser(metaObject);
 
         // 先判断是不是SELECT操作
-        MappedStatement mappedStatement = (MappedStatement) metaObject.getValue("delegate.mappedStatement");
-        if (!SqlCommandType.SELECT.equals(mappedStatement.getSqlCommandType())) {
-            return invocation.proceed();
-        }
+        //MappedStatement mappedStatement = (MappedStatement) metaObject.getValue("delegate.mappedStatement");
+        //if (!SqlCommandType.SELECT.equals(mappedStatement.getSqlCommandType())) {
+        //    return invocation.proceed();
+        //}
 
         // 针对定义了rowBounds，做为mapper接口方法的参数
         BoundSql boundSql = (BoundSql) metaObject.getValue("delegate.boundSql");
         String originalSql = boundSql.getSql();
         Object paramObj = boundSql.getParameterObject();
 
-        // 判断参数里是否有DataScope对象
-        DataScope scope = null;
+        // 方式1.判断参数里是否有DataScope对象
+        /*DataScope scope = null;
         if (paramObj instanceof DataScope) {
+            // 直接传入DataScope，不分页？
             scope = (DataScope) paramObj;
         } else if (paramObj instanceof Map) {
+            // 入参是一个Map
             for (Object arg : ((Map) paramObj).values()) {
                 if (arg instanceof DataScope) {
                     scope = (DataScope) arg;
                     break;
+                } else if (arg instanceof QueryWrapper) {
+                    // 通过Mybatis-plus封装的通用方法进行查询
+                    break;
                 }
             }
         }
@@ -69,16 +76,34 @@ public class DataFilterInterceptor extends AbstractSqlParserHandler implements I
         if (scope == null) {
             return invocation.proceed();
         }
+        String sqlFilter = scope.getSqlFilter();
+         */
+
+        // 方式2.从ThreadLocal中取sqlFilter
+        String sqlFilter = DataFilterAspect.sqlFilter.get();
+
+        if (StringUtils.isBlank(sqlFilter)) {
+            return invocation.proceed();
+        }
+
+        // 没有where就拼接where，有了where就拼接AND
+        if (originalSql.indexOf("WHERE") == 0) {
+            // 不包含where，需要手动拼接上
+            sqlFilter = " WHERE ".concat(sqlFilter);
+        } else {
+            sqlFilter = " AND (".concat(sqlFilter).concat(")");
+        }
 
         // 拼接新SQL
         String orderBy = "ORDER BY";
         String groupBy = "GROUP BY";
+
         if (originalSql.indexOf(groupBy) > -1) {
-            originalSql = originalSql.replace(groupBy, scope.getSqlFilter() + groupBy);
+            originalSql = originalSql.replace(groupBy, sqlFilter + groupBy);
         } else if (originalSql.indexOf(orderBy) > -1) {
-            originalSql = originalSql.replace(orderBy, scope.getSqlFilter() + orderBy);
+            originalSql = originalSql.replace(orderBy, sqlFilter + orderBy);
         } else {
-            originalSql = originalSql + scope.getSqlFilter();
+            originalSql = originalSql.concat(sqlFilter);
         }
 
         // 重写SQL

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/interceptor/DataFilterInterceptorBak.java

@@ -0,0 +1,100 @@
+///**
+// * Copyright (c) 2018 人人开源 All rights reserved.
+// * <p>
+// * https://www.renren.io
+// * <p>
+// * 版权所有，侵权必究！
+// */
+//
+//package com.epmet.commons.mybatis.interceptor;
+//
+//import com.baomidou.mybatisplus.core.toolkit.PluginUtils;
+//import com.baomidou.mybatisplus.extension.handlers.AbstractSqlParserHandler;
+//import com.epmet.commons.mybatis.entity.DataScope;
+//import org.apache.ibatis.executor.statement.StatementHandler;
+//import org.apache.ibatis.mapping.BoundSql;
+//import org.apache.ibatis.mapping.MappedStatement;
+//import org.apache.ibatis.mapping.SqlCommandType;
+//import org.apache.ibatis.plugin.*;
+//import org.apache.ibatis.reflection.MetaObject;
+//import org.apache.ibatis.reflection.SystemMetaObject;
+//
+//import java.sql.Connection;
+//import java.util.Map;
+//import java.util.Properties;
+//
+///**
+// * 数据过滤
+// *
+// * @author Mark sunlightcs@gmail.com
+// * @since 1.0.0
+// */
+//@Intercepts({@Signature(type = StatementHandler.class, method = "prepare", args = {Connection.class, Integer.class})})
+//public class DataFilterInterceptorBak extends AbstractSqlParserHandler implements Interceptor {
+//
+//    @Override
+//    public Object intercept(Invocation invocation) throws Throwable {
+//        StatementHandler statementHandler = (StatementHandler) PluginUtils.realTarget(invocation.getTarget());
+//        MetaObject metaObject = SystemMetaObject.forObject(statementHandler);
+//
+//        // SQL解析
+//        this.sqlParser(metaObject);
+//
+//        // 先判断是不是SELECT操作
+//        MappedStatement mappedStatement = (MappedStatement) metaObject.getValue("delegate.mappedStatement");
+//        if (!SqlCommandType.SELECT.equals(mappedStatement.getSqlCommandType())) {
+//            return invocation.proceed();
+//        }
+//
+//        // 针对定义了rowBounds，做为mapper接口方法的参数
+//        BoundSql boundSql = (BoundSql) metaObject.getValue("delegate.boundSql");
+//        String originalSql = boundSql.getSql();
+//        Object paramObj = boundSql.getParameterObject();
+//
+//        // 判断参数里是否有DataScope对象
+//        DataScope scope = null;
+//        if (paramObj instanceof DataScope) {
+//            scope = (DataScope) paramObj;
+//        } else if (paramObj instanceof Map) {
+//            for (Object arg : ((Map) paramObj).values()) {
+//                if (arg instanceof DataScope) {
+//                    scope = (DataScope) arg;
+//                    break;
+//                }
+//            }
+//        }
+//
+//        // 不用数据过滤
+//        if (scope == null) {
+//            return invocation.proceed();
+//        }
+//
+//        // 拼接新SQL
+//        String orderBy = "ORDER BY";
+//        String groupBy = "GROUP BY";
+//        if (originalSql.indexOf(groupBy) > -1) {
+//            originalSql = originalSql.replace(groupBy, scope.getSqlFilter() + groupBy);
+//        } else if (originalSql.indexOf(orderBy) > -1) {
+//            originalSql = originalSql.replace(orderBy, scope.getSqlFilter() + orderBy);
+//        } else {
+//            originalSql = originalSql + scope.getSqlFilter();
+//        }
+//
+//        // 重写SQL
+//        metaObject.setValue("delegate.boundSql.sql", originalSql);
+//        return invocation.proceed();
+//    }
+//
+//    @Override
+//    public Object plugin(Object target) {
+//        if (target instanceof StatementHandler) {
+//            return Plugin.wrap(target, this);
+//        }
+//        return target;
+//    }
+//
+//    @Override
+//    public void setProperties(Properties properties) {
+//
+//    }
+//}

epmet-commons/epmet-commons-tools-wx-ma/src/main/java/com/epmet/utils/WxMaServiceUtils.java

@@ -17,10 +17,10 @@ public class WxMaServiceUtils {
     @Value("${wx.ma.appId.resi}")
     private String APPID_RESI;
 
-    /*@Value("${wx.ma.appId.gov}")
+    @Value("${wx.ma.appId.gov}")
     private String APPID_GOV;
 
-    @Value("${wx.ma.appId.oper}")
+    /*@Value("${wx.ma.appId.oper}")
     private String APPID_OPER;*/
 
     /**
@@ -43,8 +43,7 @@ public class WxMaServiceUtils {
      * @date 2020/03/13 10:44
      */
     public final WxMaService govWxMaService() {
-//        final WxMaService wxMaService = WxMaConfig.getMaService(APPID_GOV);
-        final WxMaService wxMaService = WxMaConfig.getMaService(APPID_RESI);
+        final WxMaService wxMaService = WxMaConfig.getMaService(APPID_GOV);
         return wxMaService;
     }
 

epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/annotation/LoginUser.java

@@ -19,7 +19,7 @@ package com.epmet.commons.tools.annotation;
 import java.lang.annotation.*;
 
 /**
- * 登录用户信息
+ * 居民登录用户信息
  *
  * @author chenshun
  * @email sunlightcs@gmail.com

epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/annotation/RequirePermission.java

@@ -0,0 +1,34 @@
+/**
+ * Copyright 2018 人人开源 http://www.renren.io
+ * <p>
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package com.epmet.commons.tools.annotation;
+
+import com.epmet.commons.tools.enums.RequirePermissionEnum;
+
+import java.lang.annotation.*;
+
+/**
+ * 权限注解
+ * @Author wxz
+ * @Description
+ * @Date 2020/4/23 16:17
+ **/
+@Target(ElementType.METHOD)
+@Retention(RetentionPolicy.RUNTIME)
+@Documented
+public @interface RequirePermission {
+    RequirePermissionEnum requirePermission();
+}

epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/aspect/AccessOpeAspect.java

@@ -0,0 +1,45 @@
+/**
+ * Copyright (c) 2018 人人开源 All rights reserved.
+ *
+ * https://www.renren.io
+ *
+ * 版权所有，侵权必究！
+ */
+
+package com.epmet.commons.tools.aspect;
+
+import com.epmet.commons.tools.annotation.RequirePermission;
+import com.epmet.commons.tools.enums.RequirePermissionEnum;
+import org.aspectj.lang.JoinPoint;
+import org.aspectj.lang.annotation.Aspect;
+import org.aspectj.lang.annotation.Before;
+import org.aspectj.lang.reflect.MethodSignature;
+import org.springframework.stereotype.Component;
+
+/**
+ * 每次请求，过滤Api中配置的权限key出来
+ * @Author wxz
+ * @Description
+ * @Date 2020/4/23 16:16
+ **/
+@Aspect
+@Component
+public class AccessOpeAspect {
+
+    /**
+     * 存储所需操作权限的 ThreadLocal
+     */
+    public static final ThreadLocal<String> requirePermissionTl = new ThreadLocal<>();
+
+    @Before("@annotation(com.epmet.commons.tools.annotation.RequirePermission)")
+    public void before(JoinPoint point) throws Throwable {
+        // 取RequirePermission注解
+        MethodSignature methodSignature = (MethodSignature) point.getSignature();
+        RequirePermission requirePermissionAnno = methodSignature.getMethod().getAnnotation(RequirePermission.class);
+        RequirePermissionEnum requirePermissionEnum = requirePermissionAnno.requirePermission();
+        String key = requirePermissionEnum.getKey();
+
+        // 放入ThreadLocal，供DataFilterAspect中使用
+        requirePermissionTl.set(key);
+    }
+}

epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/config/PermissionInitializer.java

@@ -0,0 +1,30 @@
+//package com.epmet.commons.tools.config;
+//
+//import com.epmet.commons.tools.annotation.RequirePermission;
+//import org.springframework.beans.factory.annotation.Autowired;
+//import org.springframework.context.ApplicationContext;
+//import org.springframework.context.annotation.Configuration;
+//
+//import javax.annotation.PostConstruct;
+//import java.util.Map;
+//
+//@Configuration
+//public class PermissionInitializer {
+//
+//    @Autowired
+//    private ApplicationContext applicationContext;
+//
+//    /**
+//     * 初始化操作权限
+//     */
+//    @PostConstruct
+//    public void initOpePermissions() {
+//        Map<String, Object> beanMap = applicationContext.getBeansWithAnnotation(RequirePermission.class);
+//        for (Map.Entry<String, Object> entry : beanMap.entrySet()) {
+//            System.out.println(entry);
+//        }
+//
+//    }
+//
+//
+//}

epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/constant/ServiceConstant.java

@@ -78,4 +78,9 @@ public interface ServiceConstant {
      * 楼院小组
      */
     String RESI_GROUP_SERVER ="resi-group-server";
+
+    /**
+     * 政府端权限服务
+     */
+    String GOV_ACCESS_SERVER = "gov-access-server";
 }

epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/enums/RequirePermissionEnum.java

@@ -0,0 +1,69 @@
+package com.epmet.commons.tools.enums;
+
+public enum RequirePermissionEnum {
+
+    WORK_GRASSROOTS_GROUP_AUDITINGLIST("work_grassroots_group_auditinglist", "基层治理-群组管理-待审核列表", "基层治理-群组管理-待审核列表"),
+    WORK_GRASSROOTS_GROUP_AUDIT("work_grassroots_group_audit", "基层治理-群组管理-审核建组", "基层治理-群组管理-审核建组"),
+    WORK_GRASSROOTS_GROUP_GROUPSINTHEGRID("work_grassroots_group_groupsinthegrid", "基层治理-群组管理-本网格小组列表", "基层治理-群组管理-本网格小组列表"),
+    WORK_GRASSROOTS_RESI_WARMHEARTED_AUDITINGLIST("work_grassroots_resi_warmhearted_auditinglist", "基层治理-居民管理-热心居民待审核列表", "基层治理-居民管理-热心居民待审核列表"),
+    WORK_GRASSROOTS_RESI_WARMHEARTED_AUDITHISTORYLIST("work_grassroots_resi_warmhearted_audithistorylist", "基层治理-居民管理-热心审核历史", "基层治理-居民管理-热心审核历史"),
+    WORK_GRASSROOTS_RESI_WARMHEARTED_AUDIT("work_grassroots_resi_warmhearted_audit", "基层治理-居民管理-热心居民审核", "基层治理-居民管理-热心居民审核"),
+    ORG_AGENCY_TRACE("org_agency_trace", "组织-查看上级机关", "组织-查看上级机关"),
+    ORG_AGENCY_UPDATE("org_agency_update", "组织-机关单位-编辑", "组织-机关单位-编辑"),
+    ORG_SUBAGENCY_LIST("org_subagency_list", "组织-下级机关-列表", "组织-下级机关-列表"),
+    ORG_SUBAGENCY_CREATE("org_subagency_create", "组织-下级机关-新增", "组织-下级机关-新增"),
+    ORG_SUBAGENCY_DELETE("org_subagency_delete", "组织-下级机关-删除", "组织-下级机关-删除"),
+    ORG_STAFF_DETAIL("org_staff_detail", "组织-工作人员-详情", "组织-工作人员-详情"),
+    ORG_STAFF_LIST("org_staff_list", "组织-工作人员-列表", "组织-工作人员-列表"),
+    ORG_STAFF_CREATE("org_staff_create", "组织-工作人员-新增", "组织-工作人员-新增"),
+    ORG_STAFF_UPDATE("org_staff_update", "组织-工作人员-编辑", "组织-工作人员-编辑"),
+    ORG_STAFF_FORBIDDEN("org_staff_forbidden", "组织-工作人员-禁用", "组织-工作人员-禁用"),
+    ORG_DEPARTMENT_LIST("org_department_list", "组织-直属部门-部门列表", "组织-直属部门-部门列表"),
+    ORG_DEPARTMENT_CREATE("org_department_create", "组织-直属部门-新增部门", "组织-直属部门-新增部门"),
+    ORG_DEPARTMENT_UPDATE("org_department_update", "组织-直属部门-编辑部门", "组织-直属部门-编辑部门"),
+    ORG_DEPARTMENT_DELETE("org_department_delete", "组织-直属部门-删除", "组织-直属部门-删除"),
+    ORG_DEPARTMENT_STAFF_ADD("org_department_staff_add", "组织-直属部门-添加人员", "组织-直属部门-添加人员"),
+    ORG_DEPARTMENT_STAFF_REMOVE("org_department_staff_remove", "组织-直属部门-移除人员", "组织-直属部门-移除人员"),
+    ORG_DEPARTMENT_STAFF_LIST("org_department_staff_list", "组织-直属部门-人员列表", "组织-直属部门-人员列表"),
+    ORG_GRID_LIST("org_grid_list", "组织-治理网格-网格列表", "组织-治理网格-网格列表"),
+    ORG_GRID_CREATE("org_grid_create", "组织-治理网格-新增网格", "组织-治理网格-新增网格"),
+    ORG_GRID_UPDATE("org_grid_update", "组织-治理网格-编辑网格", "组织-治理网格-编辑网格"),
+    ORG_GRID_DELETE("org_grid_delete", "组织-治理网格-删除", "组织-治理网格-删除"),
+    ORG_GRID_STAFF_ADD("org_grid_staff_add", "组织-治理网格-新增网格工作人员", "组织-治理网格-新增网格工作人员"),
+    ORG_GRID_STAFF_REMOVE("org_grid_staff_remove", "组织-治理网格-移除网格工作人员", "组织-治理网格-移除网格工作人员"),
+    ORG_PARTYMEMBER_SUMMARY("org_partymember_summary", "组织-党员-汇总信息", "组织-党员-汇总信息");
+
+    private String key;
+    private String name;
+    private String brief;
+
+    RequirePermissionEnum(String key, String name, String brief) {
+        this.key = key;
+        this.name = name;
+        this.brief = brief;
+    }
+
+    public String getKey() {
+        return key;
+    }
+
+    public void setKey(String key) {
+        this.key = key;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public String getBrief() {
+        return brief;
+    }
+
+    public void setBrief(String brief) {
+        this.brief = brief;
+    }
+}

epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/exception/EpmetErrorCode.java

@@ -6,6 +6,11 @@ package com.epmet.commons.tools.exception;
  * @Description:
  */
 public enum EpmetErrorCode {
+	ERR10005(10005, "token不能为空"),
+	ERR10006(10006, "登录超时，请重新登录"),
+	ERR10007(10007, "当前帐号已在别处登录"),
+	ERR401(401, "未授权"),
+
 	SERVER_ERROR(8000, "服务器开小差了..."),
 	CANNOT_JOIN_GROUP(8001, "只有认证党员和居民才可以加入小组，请选择您的身份"),
 	CANNOT_CREATE_GROUP(8002, "只有党员和热心居民才能创建小组，请选择您的身份"),
@@ -14,14 +19,27 @@ public enum EpmetErrorCode {
 	GOV_STAFF_DISABLED(8005,"您好，您的账户已被冻结，请联系管理员。"),
 	LOSE_EFFICACY(8006,"此邀请链接已过期"),
 	ERROR_PHONE(8007,"请输入正确的手机号"),
+	PLEASE_LOGIN(8008,"请重新登录"),
 	MOBILE_HAS_BEEN_USED(8101, "该手机号已注册，请更换手机号或使用原绑定的微信账号登录"),
 	MOBILE_CODE_ERROR(8102, "验证码错误"),
 	AUTO_CONFIRM_FAILED(8103, "党员注册失败"),
 	MOBILE_GET_CODE_ERROR(8104,"获取验证码失败"),
 	MESSAGE_SMS_SEND_ERROR(8105, "短信发送失败"),
+	NOT_DEL_GRID(8106,"该网格存在工作人员，不允许删除"),
+	ORG_IS_NOT_NULL(8107,"党组织关系不能为空"),
+
+    CANNOT_AUDIT_WARM(8201, "请完善居民信息"),
+	NOT_DEL_AGENCY(8202, "该机关存在下级机关，不允许删除"),
+	NOT_DEL_AGENCY_PER(8205, "该机关存在工作人员，不允许删除"),
+	NOT_DEL_DEPARTMENT(8206, "该部门存在工作人员，不允许删除"),
 
-    CANNOT_AUDIT_WARM(8201, "请完善居民信息");
+	REQUIRE_PERMISSION(8301, "没有足够的操作权限"),
 
+	NOT_ADD_GRID(8401,"您当前的网格名称已存在，请重新修改"),
+	MOBILE_USED(8402,"该手机号已注册"),
+	STAFF_ADD_FAILED(8403,"人员添加失败"),
+	STAFF_EDIT_FAILED(8404,"人员编辑失败"),
+	CANNOT_DISABLE_YOURSELF(8405,"您不能禁用自己"),;
 
 	private int code;
 	private String msg;

epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/exception/RenExceptionHandler.java

@@ -44,6 +44,8 @@ public class RenExceptionHandler {
 	private ModuleConfig moduleConfig;
 	@Autowired
 	private LogProducer logProducer;
+	@Autowired
+	private LoginUserUtil loginUserUtil;
 
 	/**
 	 * 处理自定义异常
@@ -53,7 +55,10 @@ public class RenExceptionHandler {
 	@ExceptionHandler(RenException.class)
 	public Result handleRRException(RenException ex){
 		logger.error(ExceptionUtils.getErrorStackTrace(ex));
-		return new Result().error();
+		Result result=new Result().error();
+		result.setData(ex.getMsg());
+		return result;
+//		return new Result().error();
 	}
 
 	/**
@@ -64,7 +69,10 @@ public class RenExceptionHandler {
 	@ExceptionHandler(RuntimeException.class)
 	public Result handleRuntimeException(RuntimeException ex){
 		logger.error(ExceptionUtils.getErrorStackTrace(ex));
-		return new Result().error();
+		Result result=new Result().error();
+		result.setData(ex.getMessage());
+		return result;
+//		return new Result().error();
 	}
 
 	/**
@@ -87,7 +95,10 @@ public class RenExceptionHandler {
 	public Result handleException(Exception ex){
 		logger.error(ExceptionUtils.getErrorStackTrace(ex));
 //		saveLog(ex);
-		return new Result().error();
+		Result result=new Result().error();
+		result.setData(ex.getMessage());
+		return result;
+//		return new Result().error();
 	}
 
 	/**
@@ -111,7 +122,7 @@ public class RenExceptionHandler {
 
 		//登录用户ID
 
-		log.setCreator(LoginUserUtil.getLoginUserId());
+		log.setCreator(loginUserUtil.getLoginUserId());
 		//异常信息
 		log.setErrorInfo(ExceptionUtils.getErrorStackTrace(ex));
 

epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java

@@ -207,4 +207,23 @@ public class RedisKeys {
 	public static String getLoginSmsCodeKey(String app, String client, String phone) {
 		return String.format(rootPrefix+"smsCode:login:%s:%s:%s",app,client,phone);
 	}
+
+	/**
+	 * 角色的操作权限对应的可操作范围
+	 * @param roleId 角色ID
+	 * @param opeKey 操作Key
+	 * @return
+	 */
+	public static String getRoleOpeScopesKey(String roleId, String opeKey) {
+		return rootPrefix.concat("gov:access:role:opescopes:").concat(roleId).concat(":").concat(opeKey);
+	}
+
+	/**
+	 * 角色ID对应的权限配置
+	 * @param roleId
+	 * @return
+	 */
+	public static String getRoleAccessSettingKey(String roleId) {
+		return rootPrefix.concat("gov:access:role:accesssettings:").concat(roleId);
+	}
 }

epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/security/dto/BaseTokenDto.java

@@ -0,0 +1,42 @@
+package com.epmet.commons.tools.security.dto;
+
+import lombok.Data;
+
+@Data
+public class BaseTokenDto {
+    /**
+     * 政府端:gov、居民端:resi、运营端:oper
+     */
+    private String app;
+
+    /**
+     * PC端:web、微信小程序:wxmp
+     */
+    private String client;
+
+    /**
+     * 用户ID
+     */
+    private String userId;
+
+    /**
+     * token字符串
+     */
+    private String token;
+
+    public BaseTokenDto() {
+    }
+
+    public BaseTokenDto(String app, String client, String userId) {
+        this.app = app;
+        this.client = client;
+        this.userId = userId;
+    }
+
+    public BaseTokenDto(String app, String client, String userId, String token) {
+        this.app = app;
+        this.client = client;
+        this.userId = userId;
+        this.token = token;
+    }
+}

epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/security/dto/GovTokenDto.java

@@ -0,0 +1,77 @@
+package com.epmet.commons.tools.security.dto;
+
+import lombok.Data;
+
+import java.io.Serializable;
+import java.util.List;
+import java.util.Set;
+
+/**
+ * @Description 政府端登录信息
+ * @Author yinzuomei
+ * @Date 2020/4/20 11:01
+ */
+@Data
+public class GovTokenDto extends BaseTokenDto implements Serializable {
+
+    /**
+     * sessionKey
+     */
+    private String sessionKey;
+
+    /**
+     * openId
+     */
+    private String openId;
+
+    /**
+     * unionId
+     */
+    private String unionId;
+
+    /**
+     * 当前工作人员进入的客户id
+     */
+    private String customerId;
+
+    /**
+     * 过期时间戳
+     */
+    private Long expireTime;
+
+    /**
+     * 最后一次更新时间
+     */
+    private long updateTime;
+
+    /**
+     * 当前登录的组织id(顶级)
+     */
+    private String agencyId;
+
+    /**
+     * 当前网格对应的组织结构id的全路径用:隔开
+     */
+    private String orgIdPath;
+
+    /**
+     * 当前所在网格id
+     */
+    private String gridId;
+
+    /**
+     * 部门id列表
+     */
+    private Set<String> deptIdList;
+
+    /**
+     * 功能权限列表，实际上是gov_staff => staff_role => role_operation查询到的operationKey
+     */
+    private Set<String> permissions;
+
+    /**
+     * 角色ID列表
+     */
+    private Set<String> roleIdList;
+}
+

epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/security/dto/TokenDto.java

@@ -11,22 +11,8 @@ import java.io.Serializable;
  * @Date 2020-03-14
  */
 @Data
-public class TokenDto implements Serializable {
+public class TokenDto extends BaseTokenDto implements Serializable {
 	private static final long serialVersionUID = 8883581762088390769L;
-	/**
-	 * 政府端:gov、居民端:resi、运营端:oper
-	 */
-	private String app;
-
-	/**
-	 * PC端:web、微信小程序:wxmp
-	 */
-	private String client;
-
-	/**
-	 * 用户ID
-	 */
-	private String userId;
 
 	/**
 	 * sessionKey
@@ -43,11 +29,6 @@ public class TokenDto implements Serializable {
 	 */
 	private String unionId;
 
-	/**
-	 * token字符串
-	 */
-	private String token;
-
 	/**
 	 * 过期时间戳
 	 */
@@ -57,4 +38,5 @@ public class TokenDto implements Serializable {
 	 * 最后一次更新时间
 	 */
 	private long updateTime;
+
 }

epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/security/resolver/LoginUserHandlerMethodArgumentResolver.java

@@ -72,12 +72,11 @@ public class LoginUserHandlerMethodArgumentResolver implements HandlerMethodArgu
         if (StringUtils.isEmpty(redisKey)) {
             throw new RenException(ErrorCode.UNAUTHORIZED);
         }
-        String[] keyArray=redisKey.split("-");
-        String app=keyArray[0];
-        String client=keyArray[1];
-        String userId=keyArray[2];
-
-        //TokenDto tokenDto = cpUserDetailRedis.get(app,client,userId);
+//        String[] keyArray=redisKey.split("-");
+//        String app=keyArray[0];
+//        String client=keyArray[1];
+//        String userId=keyArray[2];
+//        TokenDto tokenDto = cpUserDetailRedis.get(app,client,userId);
         TokenDto tokenDto = new TokenDto();
         tokenDto.setUserId(request.getHeader("userId"));
         tokenDto.setApp(request.getHeader("app"));

epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/security/user/LoginUserUtil.java

@@ -1,33 +1,82 @@
 package com.epmet.commons.tools.security.user;
 
-import com.epmet.commons.tools.constant.Constant;
+import com.epmet.commons.tools.constant.AppClientConstant;
 import com.epmet.commons.tools.utils.HttpContextUtils;
 import org.apache.commons.lang3.StringUtils;
-import org.springframework.web.context.request.RequestAttributes;
-import org.springframework.web.context.request.RequestContextHolder;
-import org.springframework.web.context.request.ServletRequestAttributes;
+import org.springframework.stereotype.Component;
 
 import javax.servlet.http.HttpServletRequest;
+import java.util.List;
 
 /**
  * 登录用户相关工具
  */
+@Component
 public class LoginUserUtil {
 
+    //@Autowired
+    //private
+
     /**
      * 查询登录用户的id
      * @return
      */
-    public static String getLoginUserId() {
+    public String getLoginUserId() {
         HttpServletRequest request = HttpContextUtils.getHttpServletRequest();
         if (request == null) {
             return null;
         }
 
-        String userId = request.getHeader(Constant.USER_KEY);
+        String userId = request.getHeader(AppClientConstant.USER_ID);
         if (StringUtils.isBlank(userId)) {
             return null;
         }
         return userId;
     }
+
+    /**
+     * 登录用户的App头信息
+     * @return
+     */
+    public String getLoginUserApp() {
+        HttpServletRequest request = HttpContextUtils.getHttpServletRequest();
+        if (request == null) {
+            return null;
+        }
+
+        String app = request.getHeader(AppClientConstant.APP);
+        if (StringUtils.isBlank(app)) {
+            return null;
+        }
+        return app;
+    }
+
+    /**
+     * 获取登录用户client头信息
+     * @return
+     */
+    public String getLoginUserClient() {
+        HttpServletRequest request = HttpContextUtils.getHttpServletRequest();
+        if (request == null) {
+            return null;
+        }
+
+        String client = request.getHeader(AppClientConstant.CLIENT);
+        if (StringUtils.isBlank(client)) {
+            return null;
+        }
+        return client;
+    }
+
+    /**
+     * 获取用户的部门ID列表
+     * @return
+     */
+    public List<String> getLoginUserDepartments() {
+        String loginUserId = getLoginUserId();
+        String loginUserApp = getLoginUserApp();
+        String loginUserClient = getLoginUserClient();
+        // todo
+        return null;
+    }
 }

epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/utils/CpUserDetailRedis.java

@@ -12,6 +12,7 @@ import cn.hutool.core.bean.BeanUtil;
 import cn.hutool.core.map.MapUtil;
 import com.epmet.commons.tools.redis.RedisKeys;
 import com.epmet.commons.tools.redis.RedisUtils;
+import com.epmet.commons.tools.security.dto.GovTokenDto;
 import com.epmet.commons.tools.security.dto.TokenDto;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
@@ -48,7 +49,7 @@ public class CpUserDetailRedis {
 	 * @param userId oper_user、customer_user、customer_staff表主键
 	 * @return
 	 */
-	public TokenDto get(String app, String client, String userId) {
+	public <T> T get(String app, String client, String userId, Class<T> clz) {
 		String key = RedisKeys.getCpUserKey(app,client,userId);
 
 		Map<String, Object> map = redisUtils.hGetAll(key);
@@ -57,9 +58,7 @@ public class CpUserDetailRedis {
 		}
 
 		//map to bean
-		TokenDto user = BeanUtil.mapToBean(map, TokenDto.class, true);
-
-		return user;
+		return BeanUtil.mapToBean(map, clz, true);
 	}
 
 	/**
@@ -99,4 +98,34 @@ public class CpUserDetailRedis {
 	public long getExpire(String app, String client, String userId) {
 		return redisUtils.getExpire(RedisKeys.getCpUserKey(app, client, userId));
 	}
+
+	public void set(GovTokenDto user, long expire) {
+		if (user == null) {
+			return;
+		}
+		String key = RedisKeys.getCpUserKey(user.getApp(), user.getClient(), user.getUserId());
+		//bean to map
+		Map<String, Object> map = BeanUtil.beanToMap(user, false, true);
+		redisUtils.hMSet(key, map, expire);
+	}
+
+	/**
+	 * 获取token信息
+	 *
+	 * @param app 居民端resi;政府端gov;运营端oper
+	 * @param client PC端：web;微信小程序端：wxmp
+	 * @param userId oper_user、customer_user、customer_staff表主键
+	 * @return
+	 */
+	public GovTokenDto getGovTokenDto(String app, String client, String userId) {
+		String key = RedisKeys.getCpUserKey(app,client,userId);
+
+		Map<String, Object> map = redisUtils.hGetAll(key);
+		if (MapUtil.isEmpty(map)) {
+			return null;
+		}
+		//map to bean
+		GovTokenDto govTokenDto = BeanUtil.mapToBean(map, GovTokenDto.class, true);
+		return govTokenDto;
+	}
 }

epmet-gateway/docker-compose.yml

@@ -2,7 +2,7 @@ version: "3.7"
 services:
   epmet-gateway-server:
     container_name: epmet-gateway-server-dev
-    image: registry-vpc.cn-qingdao.aliyuncs.com/epmet-cloud-dev/epmet-gateway:0.3.0
+    image: registry-vpc.cn-qingdao.aliyuncs.com/epmet-cloud-dev/epmet-gateway:0.3.3
     ports:
       - "8080:8080"
     network_mode: host # 使用现有网络

epmet-gateway/pom.xml

@@ -2,7 +2,7 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
-    <version>0.3.0</version>
+    <version>0.3.3</version>
     <parent>
         <groupId>com.epmet</groupId>
         <artifactId>epmet-cloud</artifactId>
@@ -95,7 +95,7 @@
 
                 <!-- redis配置 -->
                 <spring.redis.index>0</spring.redis.index>
-                <spring.redis.host>127.0.0.1</spring.redis.host>
+                <spring.redis.host>192.168.1.130</spring.redis.host>
                 <spring.redis.port>6379</spring.redis.port>
                 <spring.redis.password>123456</spring.redis.password>
                 <!-- nacos -->
@@ -108,55 +108,63 @@
                 <nacos.ip></nacos.ip>
                 <!-- gateway routes -->
                 <!--  1、认证服务  -->
-<!--                <gateway.routes.epmet-auth-server.uri>lb://epmet-auth-server</gateway.routes.epmet-auth-server.uri>-->
-                <gateway.routes.epmet-auth-server.uri>http://127.0.0.1:8081</gateway.routes.epmet-auth-server.uri>
+                <gateway.routes.epmet-auth-server.uri>lb://epmet-auth-server</gateway.routes.epmet-auth-server.uri>
+<!--                <gateway.routes.epmet-auth-server.uri>http://127.0.0.1:8081</gateway.routes.epmet-auth-server.uri>-->
                 <!--  2、Admin服务  -->
-<!--                <gateway.routes.epmet-admin-server.uri>lb://epmet-admin-server</gateway.routes.epmet-admin-server.uri>-->
-                <gateway.routes.epmet-admin-server.uri>http://127.0.0.1:8082</gateway.routes.epmet-admin-server.uri>
+                <gateway.routes.epmet-admin-server.uri>lb://epmet-admin-server</gateway.routes.epmet-admin-server.uri>
+<!--                <gateway.routes.epmet-admin-server.uri>http://127.0.0.1:8082</gateway.routes.epmet-admin-server.uri>-->
                 <!--  4、OSS服务 -->
-<!--                <gateway.routes.epmet-oss-server.uri>lb://epmet-oss-server</gateway.routes.epmet-oss-server.uri>-->
-                <gateway.routes.epmet-oss-server.uri>http://127.0.0.1:8083</gateway.routes.epmet-oss-server.uri>
+                <gateway.routes.epmet-oss-server.uri>lb://epmet-oss-server</gateway.routes.epmet-oss-server.uri>
+<!--                <gateway.routes.epmet-oss-server.uri>http://127.0.0.1:8083</gateway.routes.epmet-oss-server.uri>-->
                 <!--  5、消息服务  -->
-<!--                <gateway.routes.epmet-message-server.uri>lb://epmet-message-server</gateway.routes.epmet-message-server.uri>-->
-                <gateway.routes.epmet-message-server.uri>http://127.0.0.1:8085</gateway.routes.epmet-message-server.uri>
+                <gateway.routes.epmet-message-server.uri>lb://epmet-message-server</gateway.routes.epmet-message-server.uri>
+<!--                <gateway.routes.epmet-message-server.uri>http://127.0.0.1:8085</gateway.routes.epmet-message-server.uri>-->
                 <!--   6、工作流服务 -->
-<!--                <gateway.routes.epmet-activiti-server.uri>lb://epmet-activiti-server</gateway.routes.epmet-activiti-server.uri>-->
-                <gateway.routes.epmet-activiti-server.uri>http://127.0.0.1:8086</gateway.routes.epmet-activiti-server.uri>
+                <gateway.routes.epmet-activiti-server.uri>lb://epmet-activiti-server</gateway.routes.epmet-activiti-server.uri>
+<!--                <gateway.routes.epmet-activiti-server.uri>http://127.0.0.1:8086</gateway.routes.epmet-activiti-server.uri>-->
                 <!--  7、定时任务服务  -->
-<!--                <gateway.routes.epmet-job-server.uri>lb://epmet-job-server</gateway.routes.epmet-job-server.uri>-->
-                <gateway.routes.epmet-job-server.uri>http://127.0.0.1:8084</gateway.routes.epmet-job-server.uri>
+                <gateway.routes.epmet-job-server.uri>lb://epmet-job-server</gateway.routes.epmet-job-server.uri>
+<!--                <gateway.routes.epmet-job-server.uri>http://127.0.0.1:8084</gateway.routes.epmet-job-server.uri>-->
                 <!--  8、用户模块              -->
-                <!--                <gateway.routes.epmet-user-server.uri>lb://epmet-user-server</gateway.routes.epmet-user-server.uri>-->
-                <gateway.routes.epmet-user-server.uri>http://127.0.0.1:8087</gateway.routes.epmet-user-server.uri>
+                                <gateway.routes.epmet-user-server.uri>lb://epmet-user-server</gateway.routes.epmet-user-server.uri>
+<!--                <gateway.routes.epmet-user-server.uri>http://127.0.0.1:8087</gateway.routes.epmet-user-server.uri>-->
                 <!--  9、新模块结构demo  -->
 <!--                <gateway.routes.epmet-demo-server.uri>lb://epmet-demo-server</gateway.routes.epmet-demo-server.uri>-->
                 <gateway.routes.epmet-demo-server.uri>http://127.0.0.1:8088</gateway.routes.epmet-demo-server.uri>
                 <!--   10、运营端客户定制化服务             -->
-<!--                <gateway.routes.epmet-oper-customize-server.uri>lb://oper-customize-server</gateway.routes.epmet-oper-customize-server.uri>-->
-                <gateway.routes.oper-customize-server.uri>http://127.0.0.1:8089</gateway.routes.oper-customize-server.uri>
+                <gateway.routes.oper-customize-server.uri>lb://oper-customize-server</gateway.routes.oper-customize-server.uri>
+<!--                <gateway.routes.oper-customize-server.uri>http://127.0.0.1:8089</gateway.routes.oper-customize-server.uri>-->
                 <!--   11、运营端客户定制化服务             -->
-<!--                <gateway.routes.oper-crm-server.uri>lb://oper-crm-server</gateway.routes.oper-crm-server.uri>-->
-                <gateway.routes.oper-crm-server.uri>http://127.0.0.1:8090</gateway.routes.oper-crm-server.uri>
+                <gateway.routes.oper-crm-server.uri>lb://oper-crm-server</gateway.routes.oper-crm-server.uri>
+<!--                <gateway.routes.oper-crm-server.uri>http://127.0.0.1:8090</gateway.routes.oper-crm-server.uri>-->
                 <!--   12、居民端陌生人导览             -->
-<!--                <gateway.routes.resi-guide-server.uri>lb://oper-crm-server</gateway.routes.resi-guide-server.uri>-->
-                <gateway.routes.resi-guide-server.uri>http://127.0.0.1:8091</gateway.routes.resi-guide-server.uri>
+                <gateway.routes.resi-guide-server.uri>lb://resi-guide-server</gateway.routes.resi-guide-server.uri>
+<!--                <gateway.routes.resi-guide-server.uri>http://127.0.0.1:8091</gateway.routes.resi-guide-server.uri>-->
                 <!--   13、政府组织管理   -->
-<!--                <gateway.routes.gov-org-server.uri>lb://gov-org-server</gateway.routes.gov-org-server.uri>-->
-                <gateway.routes.gov-org-server.uri>http://127.0.0.1:8092</gateway.routes.gov-org-server.uri>
+                <gateway.routes.gov-org-server.uri>lb://gov-org-server</gateway.routes.gov-org-server.uri>
+<!--                <gateway.routes.gov-org-server.uri>http://127.0.0.1:8092</gateway.routes.gov-org-server.uri>-->
                 <!--   14、#运营端访问权限控制   -->
-<!--                <gateway.routes.oper-access-server.uri>lb://oper-access-server</gateway.routes.oper-access-server.uri>-->
-                <gateway.routes.oper-access-server.uri>http://127.0.0.1:8093</gateway.routes.oper-access-server.uri>
+                <gateway.routes.oper-access-server.uri>lb://oper-access-server</gateway.routes.oper-access-server.uri>
+<!--                <gateway.routes.oper-access-server.uri>http://127.0.0.1:8093</gateway.routes.oper-access-server.uri>-->
                 <!--   15、居民端个人信息            -->
-<!--                <gateway.routes.resi-mine-server.uri>lb://resi-mine-server</gateway.routes.resi-mine-server.uri>-->
-                <gateway.routes.resi-mine-server.uri>http://127.0.0.1:8094</gateway.routes.resi-mine-server.uri>
+                <gateway.routes.resi-mine-server.uri>lb://resi-mine-server</gateway.routes.resi-mine-server.uri>
+<!--                <gateway.routes.resi-mine-server.uri>http://127.0.0.1:8094</gateway.routes.resi-mine-server.uri>-->
                 <!--   16、居民端楼院校组             -->
-<!--                <gateway.routes.resi-group-server.uri>lb://resi-group-server</gateway.routes.resi-group-server.uri>-->
-                <gateway.routes.resi-group-server.uri>http://127.0.0.1:8095</gateway.routes.resi-group-server.uri>
+                <gateway.routes.resi-group-server.uri>lb://resi-group-server</gateway.routes.resi-group-server.uri>
+<!--                <gateway.routes.resi-group-server.uri>http://127.0.0.1:8095</gateway.routes.resi-group-server.uri>-->
                 <!--   17、党员认证、热心居民申请             -->
+<!--                <gateway.routes.resi-partymember-server.uri>http://127.0.0.1:8096</gateway.routes.resi-partymember-server.uri>-->
                 <gateway.routes.resi-partymember-server.uri>http://127.0.0.1:8096</gateway.routes.resi-partymember-server.uri>
+<!--                <gateway.routes.resi-partymember-server.uri>lb://resi-partymember-server</gateway.routes.resi-partymember-server.uri>-->
                 <!--   18、政府端网格管理             -->
                 <gateway.routes.gov-grid-server.uri>http://127.0.0.1:8097</gateway.routes.gov-grid-server.uri>
-<!--                <gateway.routes.resi-partymember-server.uri>lb://resi-partymember-server</gateway.routes.resi-partymember-server.uri>-->
+<!--                <gateway.routes.gov-grid-server.uri>lb://gov-grid-server</gateway.routes.gov-grid-server.uri>-->
+                <!--19.政府端-我的-服务-->
+                <gateway.routes.gov-mine-server.uri>http://127.0.0.1:8098</gateway.routes.gov-mine-server.uri>
+                <!--<gateway.routes.gov-mine-server.uri>lb://gov-mine-server</gateway.routes.gov-mine-server.uri>-->
+                <!--20.政府端-权限-服务-->
+                <gateway.routes.gov-access-server.uri>http://127.0.0.1:8099</gateway.routes.gov-access-server.uri>
+                <!--<gateway.routes.gov-access-server.uri>lb://gov-access-server</gateway.routes.gov-access-server.uri>-->
             </properties>
         </profile>
         <profile>
@@ -215,6 +223,12 @@
                 <gateway.routes.resi-partymember-server.uri>lb://resi-partymember-server</gateway.routes.resi-partymember-server.uri>
                 <!--   18、政府端网格管理             -->
                 <gateway.routes.gov-grid-server.uri>lb://gov-grid-server</gateway.routes.gov-grid-server.uri>
+
+                <!--18.政府端-权限-服务-->
+                <gateway.routes.gov-access-server.uri>lb://gov-access-server</gateway.routes.gov-access-server.uri>
+
+                <!--19.政府端-我的-服务-->
+                <gateway.routes.gov-mine-server.uri>lb://gov-mine-server</gateway.routes.gov-mine-server.uri>
             </properties>
         </profile>
         <profile>
@@ -271,6 +285,11 @@
                 <gateway.routes.resi-group-server.uri>lb://resi-group-server</gateway.routes.resi-group-server.uri>
                 <!--   17、党员认证、热心居民申请             -->
                 <gateway.routes.resi-partymember-server.uri>lb://resi-partymember-server</gateway.routes.resi-partymember-server.uri>
+                <!--18.政府端-权限-服务-->
+                <gateway.routes.gov-access-server.uri>lb://gov-access-server</gateway.routes.gov-access-server.uri>
+
+                <!--19.政府端-我的-服务-->
+                <gateway.routes.gov-mine-server.uri>lb://gov-mine-server</gateway.routes.gov-mine-server.uri>
                 <!--   18、政府端网格管理             -->
                 <gateway.routes.gov-grid-server.uri>lb://gov-grid-server</gateway.routes.gov-grid-server.uri>
             </properties>

epmet-gateway/src/main/java/com/epmet/filter/CpAuthGatewayFilterFactory.java

@@ -2,15 +2,16 @@
 package com.epmet.filter;
 
 import com.alibaba.fastjson.JSON;
-import com.epmet.common.token.enums.ErrorCode;
 import com.epmet.commons.tools.constant.AppClientConstant;
 import com.epmet.commons.tools.constant.Constant;
+import com.epmet.commons.tools.exception.EpmetErrorCode;
 import com.epmet.commons.tools.exception.RenException;
+import com.epmet.commons.tools.security.dto.BaseTokenDto;
+import com.epmet.commons.tools.security.dto.GovTokenDto;
 import com.epmet.commons.tools.security.dto.TokenDto;
 import com.epmet.commons.tools.utils.CpUserDetailRedis;
 import com.epmet.commons.tools.utils.Result;
 import com.epmet.jwt.JwtTokenUtils;
-import io.jsonwebtoken.Claims;
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -31,7 +32,6 @@ import reactor.core.publisher.Mono;
 import java.nio.charset.StandardCharsets;
 import java.util.Arrays;
 import java.util.List;
-import java.util.function.Consumer;
 
 /**
  * app接口权限过滤器
@@ -88,27 +88,33 @@ public class CpAuthGatewayFilterFactory extends AbstractGatewayFilterFactory<CpA
 				logger.info("params token：" + token);
 			}
 			if (StringUtils.isBlank(token)) {
-				return response(exchange,new Result<>().error(ErrorCode.ERR10005.getCode(),ErrorCode.ERR10005.getMsg()));
+				return response(exchange,new Result<>().error(EpmetErrorCode.ERR10005.getCode(),EpmetErrorCode.ERR10005.getMsg()));
 			}
 			try {
+				BaseTokenDto baseTokenDto = getBaseTokenDto(token, jwtTokenUtils);
+				if (AppClientConstant.APP_RESI.equals(baseTokenDto.getApp())) {
+					// 居民端
+					TokenDto resiTokenDto = getLoginUserInfoByToken(token, jwtTokenUtils, cpUserDetailRedis, TokenDto.class);
+					validateTokenDto(resiTokenDto, token);
+				} else if (AppClientConstant.APP_GOV.equals(baseTokenDto.getApp())) {
+					// 政府端
+					GovTokenDto govTokenDto = getLoginUserInfoByToken(token, jwtTokenUtils, cpUserDetailRedis, GovTokenDto.class);
+					validateTokenDto(govTokenDto, token);
+				}
+
 				//当前登录用户userId，添加到header中
-				TokenDto user = getLoginUserInfoByToken(token, jwtTokenUtils, cpUserDetailRedis);
-				if (user != null) {
-					String redisKey = user.getApp() + "-" + user.getClient() + "-" + user.getUserId();
+				String redisKey = baseTokenDto.getApp() + "-" + baseTokenDto.getClient() + "-" + baseTokenDto.getUserId();
 				logger.info("redisKey=" + redisKey);
 				ServerHttpRequest build = exchange.getRequest().mutate()
 						.header(Constant.APP_USER_KEY, redisKey)
-							.header(AppClientConstant.APP,user.getApp())
-							.header(AppClientConstant.CLIENT,user.getClient())
-							.header(AppClientConstant.USER_ID,user.getUserId())
+						.header(AppClientConstant.APP,baseTokenDto.getApp())
+						.header(AppClientConstant.CLIENT,baseTokenDto.getClient())
+						.header(AppClientConstant.USER_ID,baseTokenDto.getUserId())
 						.build();
 				return chain.filter(exchange.mutate().request(build).build());
-				}
 			}catch(RenException e){
 				return response(exchange,new Result<>().error(e.getCode(),e.getMsg()));
 			}
-
-			return chain.filter(exchange);
 		};
 	}
 
@@ -182,4 +188,25 @@ public class CpAuthGatewayFilterFactory extends AbstractGatewayFilterFactory<CpA
 			this.enabled = enabled;
 		}
 	}
+
+	/**
+	 * 校验Token是否异常
+	 * @param tokenDto
+	 * @param tokenStr
+	 */
+	public void validateTokenDto(BaseTokenDto tokenDto, String tokenStr) {
+		if (null == tokenDto) {
+		    //说明登录状态时效（超时）
+		    throw new RenException(EpmetErrorCode.ERR10006.getCode());
+		}else{
+		    //Redis中存在数据，取出token，进行比对
+		    if(StringUtils.equals(tokenDto.getToken(),tokenStr)){
+		        //用户携带token与Redis中一致
+
+		    }else{
+		        //用户携带token与Redis中不一致，说明当前用户此次会话失效，提示重新登陆
+		        throw new RenException(EpmetErrorCode.ERR10007.getCode());
+		    }
+		}
+	}
 }

epmet-gateway/src/main/java/com/epmet/filter/FeignRequestFilter.java

@@ -1,7 +1,8 @@
 package com.epmet.filter;
 
+import com.epmet.commons.tools.constant.AppClientConstant;
 import com.epmet.commons.tools.constant.Constant;
-import com.epmet.commons.tools.security.dto.TokenDto;
+import com.epmet.commons.tools.security.dto.BaseTokenDto;
 import com.epmet.commons.tools.utils.CpUserDetailRedis;
 import com.epmet.jwt.JwtTokenUtils;
 import org.apache.commons.lang3.StringUtils;
@@ -50,10 +51,11 @@ public class FeignRequestFilter implements GlobalFilter, UserTokenFilter {
             return chain.filter(exchange);
         }
 
-        TokenDto loginUserInfo = getLoginUserInfoByToken(token, jwtTokenUtils, cpUserDetailRedis);
-        if (loginUserInfo != null) {
+        BaseTokenDto baseTokenDto = getBaseTokenDto(token, jwtTokenUtils);
+
+        if (baseTokenDto != null) {
             ServerHttpRequest build = exchange.getRequest().mutate()
-                    .header(Constant.USER_KEY, new String[]{loginUserInfo.getUserId()}).build();
+                    .header(AppClientConstant.USER_ID, new String[]{baseTokenDto.getUserId()}).build();
             return chain.filter(exchange.mutate().request(build).build());
         }
 

epmet-gateway/src/main/java/com/epmet/filter/UserTokenFilter.java

@@ -1,8 +1,8 @@
 package com.epmet.filter;
 
-import com.epmet.common.token.enums.ErrorCode;
+import com.epmet.commons.tools.exception.EpmetErrorCode;
 import com.epmet.commons.tools.exception.RenException;
-import com.epmet.commons.tools.security.dto.TokenDto;
+import com.epmet.commons.tools.security.dto.BaseTokenDto;
 import com.epmet.commons.tools.utils.CpUserDetailRedis;
 import com.epmet.jwt.JwtTokenUtils;
 import io.jsonwebtoken.Claims;
@@ -12,34 +12,23 @@ import io.jsonwebtoken.Claims;
  */
 public interface UserTokenFilter {
 
-    default TokenDto getLoginUserInfoByToken(String token, JwtTokenUtils jwtTokenUtils, CpUserDetailRedis cpUserDetailRedis) {
+    default BaseTokenDto getBaseTokenDto(String token, JwtTokenUtils jwtTokenUtils) {
         //是否过期
         Claims claims = jwtTokenUtils.getClaimByToken(token);
         if (claims == null || jwtTokenUtils.isTokenExpired(claims.getExpiration())) {
-            throw new RenException(ErrorCode.ERR401.getCode(),ErrorCode.ERR401.getMsg());
+            throw new RenException(EpmetErrorCode.ERR401.getCode());
         }
         //获取用户ID
         String app = (String) claims.get("app");
         String client = (String) claims.get("client");
         String userId = (String) claims.get("userId");
-        //查询Redis
-        TokenDto tokenDto = cpUserDetailRedis.get(app, client, userId);
-        //if (null == tokenDto) {
-        //    //说明登录状态时效（超时）
-        //    throw new RenException(ErrorCode.ERR10006.getCode(),ErrorCode.ERR10006.getMsg());
-        //}else{
-        //    //Redis中存在数据，取出token，进行比对
-        //    if(StringUtils.equals(tokenDto.getToken(),token)){
-        //        //用户携带token与Redis中一致
-        //
-        //    }else{
-        //        //用户携带token与Redis中不一致，说明当前用户此次会话失效，提示重新登陆
-        //        throw new RenException(ErrorCode.ERR10007.getCode(),ErrorCode.ERR10007.getMsg());
-        //    }
-        //
-        //}
+        return new BaseTokenDto(app, client, userId, token);
+    }
 
-        return tokenDto;
+    default <T> T getLoginUserInfoByToken(String token, JwtTokenUtils jwtTokenUtils, CpUserDetailRedis cpUserDetailRedis, Class<T> clz) {
+        BaseTokenDto baseTokenDto = getBaseTokenDto(token, jwtTokenUtils);
+        //查询Redis
+        return cpUserDetailRedis.get(baseTokenDto.getApp(), baseTokenDto.getClient(), baseTokenDto.getUserId(), clz);
     }
 
 }

epmet-gateway/src/main/resources/bootstrap.yml

@@ -176,6 +176,27 @@ spring:
           filters:
             - StripPrefix=1
             - CpAuth=true
+
+
+        #政府端权限服务
+        - id: gov-access-server
+          uri: @gateway.routes.gov-access-server.uri@
+          order: 18
+          predicates:
+            - Path=${server.servlet.context-path}/gov/access/**
+          filters:
+            - StripPrefix=1
+            - CpAuth=true
+
+        #政府端-我的-服务
+        - id: gov-mine-server
+          uri: @gateway.routes.gov-mine-server.uri@
+          order: 19
+          predicates:
+            - Path=${server.servlet.context-path}/gov/mine/**
+          filters:
+            - StripPrefix=1
+            - CpAuth=true
     nacos:
       discovery:
         server-addr: @nacos.server-addr@
@@ -279,10 +300,13 @@ epmet:
     - /resi/guide/stranger/getgridhome
     - /resi/guide/user/entergrid
     - /auth/login/logout
+    - /auth/gov/loginwxmp/loginout
     - /resi/mine/**
     - /resi/group/**
     - /resi/partymember/**
     - /gov/grid/**
+    - /gov/mine/**
+    - /gov/access/**
   swaggerUrls:
 
 jwt:

epmet-module/epmet-message/epmet-message-server/docker-compose.yml

@@ -2,7 +2,7 @@ version: "3.7"
 services:
   epmet-message-server:
     container_name: epmet-message-server-dev
-    image: registry-vpc.cn-qingdao.aliyuncs.com/epmet-cloud-dev/epmet-message-server:0.3.0
+    image: registry-vpc.cn-qingdao.aliyuncs.com/epmet-cloud-dev/epmet-message-server:0.3.2
     ports:
       - "8085:8085"
     network_mode: host # 使用现有网络

epmet-module/epmet-message/epmet-message-server/pom.xml

@@ -2,7 +2,7 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
-    <version>0.3.0</version>
+    <version>0.3.2</version>
     <parent>
         <groupId>com.epmet</groupId>
         <artifactId>epmet-message</artifactId>

epmet-module/epmet-message/epmet-message-server/src/main/java/com/epmet/controller/UserMessageController.java

@@ -132,4 +132,15 @@ public class UserMessageController {
 	public Result<List<UserMessageDTO>> getMyMessageList(@RequestBody MymessageFormDTO params){
 		return userMessageService.getMyMessageList(params);
 	}
+
+    /**
+     * @param msgList
+     * @return com.epmet.commons.tools.utils.Result
+     * @Author sun
+     * @Description 批量插入未读消息
+     **/
+    @PostMapping("saveusermessagelist")
+    public Result saveUserMessageList(@RequestBody List<UserMessageFormDTO> msgList) {
+        return userMessageService.saveUserMessageList(msgList);
+    }
 }

epmet-module/epmet-message/epmet-message-server/src/main/java/com/epmet/service/UserMessageService.java

@@ -127,4 +127,12 @@ public interface UserMessageService extends BaseService<UserMessageEntity> {
 	 * @return
 	 */
 	Result<List<UserMessageDTO>> getMyMessageList(MymessageFormDTO param);
+
+	/**
+	 * @param msgList
+	 * @return com.epmet.commons.tools.utils.Result
+	 * @Author sun
+	 * @Description 批量插入未读消息
+	 **/
+	Result saveUserMessageList(List<UserMessageFormDTO> msgList);
 }

epmet-module/epmet-message/epmet-message-server/src/main/java/com/epmet/service/impl/UserMessageServiceImpl.java

@@ -165,4 +165,10 @@ public class UserMessageServiceImpl extends BaseServiceImpl<UserMessageDao, User
 		return new Result<List<UserMessageDTO>>().ok(ConvertUtils.sourceToTarget(myMessageList, UserMessageDTO.class));
 	}
 
+	@Override
+	public Result saveUserMessageList(List<UserMessageFormDTO> msgList) {
+		List<UserMessageEntity> entityList = ConvertUtils.sourceToTarget(msgList, UserMessageEntity.class);
+		insertBatch(entityList);
+		return new Result();
+	}
 }

epmet-module/gov-access/gov-access-client/pom.xml

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>gov-access</artifactId>
+        <groupId>com.epmet</groupId>
+        <version>2.0.0</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>gov-access-client</artifactId>
+
+    <dependencies>
+        <dependency>
+            <groupId>com.epmet</groupId>
+            <artifactId>epmet-commons-tools</artifactId>
+            <version>2.0.0</version>
+        </dependency>
+    </dependencies>
+</project>

epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/OperationScopeDTO.java

@@ -0,0 +1,81 @@
+/**
+ * Copyright 2018 人人开源 https://www.renren.io
+ * <p>
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.epmet.dto;
+
+import java.io.Serializable;
+import java.util.Date;
+import lombok.Data;
+
+
+/**
+ * 权限范围表
+ *
+ * @author generator generator@elink-cn.com
+ * @since v1.0.0 2020-04-24
+ */
+@Data
+public class OperationScopeDTO implements Serializable {
+
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * id
+     */
+	private String id;
+
+    /**
+     * 范围key
+     */
+	private String scopeKey;
+
+    /**
+     * 范围名称
+     */
+	private String scopeName;
+
+    /**
+     * 是否删除，0：未删除，1：已删除
+     */
+	private Integer delFlag;
+
+    /**
+     * 乐观锁
+     */
+	private Integer revision;
+
+    /**
+     * 创建者id
+     */
+	private String createdBy;
+
+    /**
+     * 创建时间
+     */
+	private Date createdTime;
+
+    /**
+     * 更新者id
+     */
+	private String updatedBy;
+
+    /**
+     * 更新时间
+     */
+	private Date updatedTime;
+
+}

epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/RoleOperationDTO.java

@@ -0,0 +1,82 @@
+/**
+ * Copyright 2018 人人开源 https://www.renren.io
+ * <p>
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.epmet.dto;
+
+import lombok.Data;
+
+import java.io.Serializable;
+import java.util.Date;
+
+
+/**
+ * 角色能进行那些操作
+ *
+ * @author generator generator@elink-cn.com
+ * @since v1.0.0 2020-04-22
+ */
+@Data
+public class RoleOperationDTO implements Serializable {
+
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * 
+     */
+	private String id;
+
+    /**
+     * 角色ID
+     */
+	private String roleId;
+
+    /**
+     * 操作key
+     */
+	private String operationKey;
+
+    /**
+     * 是否删除，0：未删除，1：已删除
+     */
+	private Integer delFlag;
+
+    /**
+     * 乐观锁
+     */
+	private Integer revision;
+
+    /**
+     * 创建者id
+     */
+	private String createdBy;
+
+    /**
+     * 创建时间
+     */
+	private Date createdTime;
+
+    /**
+     * 更新者id
+     */
+	private String updatedBy;
+
+    /**
+     * 更新时间
+     */
+	private Date updatedTime;
+
+}

epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/RoleScopeDTO.java

@@ -0,0 +1,86 @@
+/**
+ * Copyright 2018 人人开源 https://www.renren.io
+ * <p>
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.epmet.dto;
+
+import java.io.Serializable;
+import java.util.Date;
+import lombok.Data;
+
+
+/**
+ * 角色能操作哪些范围
+ *
+ * @author generator generator@elink-cn.com
+ * @since v1.0.0 2020-04-24
+ */
+@Data
+public class RoleScopeDTO implements Serializable {
+
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * 
+     */
+	private String id;
+
+    /**
+     * 角色ID
+     */
+	private String roleId;
+
+    /**
+     * 操作key
+     */
+	private String operationKey;
+
+    /**
+     * 范围Key
+     */
+	private String scopeKey;
+
+    /**
+     * 是否删除，0：未删除，1：已删除
+     */
+	private Integer delFlag;
+
+    /**
+     * 乐观锁
+     */
+	private Integer revision;
+
+    /**
+     * 创建者id
+     */
+	private String createdBy;
+
+    /**
+     * 创建时间
+     */
+	private Date createdTime;
+
+    /**
+     * 更新者id
+     */
+	private String updatedBy;
+
+    /**
+     * 更新时间
+     */
+	private Date updatedTime;
+
+}

epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/OperationScopeFormDTO.java

@@ -0,0 +1,18 @@
+package com.epmet.dto.form;
+
+import lombok.Data;
+
+import javax.validation.constraints.NotBlank;
+
+@Data
+public class OperationScopeFormDTO {
+
+    public interface ListOperationScopeGroup {}
+
+    @NotBlank(message = "角色ID不能为空", groups = {ListOperationScopeGroup.class})
+    private String roleId;
+
+    @NotBlank(message = "操作的key不能为空", groups = {ListOperationScopeGroup.class})
+    private String operationKey;
+
+}

epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/StaffPermCacheFormDTO.java

@@ -0,0 +1,59 @@
+package com.epmet.dto.form;
+
+import lombok.Data;
+
+import javax.validation.constraints.NotBlank;
+import java.util.Set;
+
+@Data
+public class StaffPermCacheFormDTO {
+
+    /**
+     * 更新权限缓存分组
+     */
+    public interface UpdatePermissionCache {}
+
+    /**
+     * 查询当前权限列表
+     */
+    public interface GetStaffCurrPermissions {}
+
+    /**
+     * 工作人员 id
+     */
+    @NotBlank(message = "工作人员ID不能为空", groups = {UpdatePermissionCache.class, GetStaffCurrPermissions.class})
+    private String staffId;
+
+    /**
+     * 登录头信息app
+     */
+    @NotBlank(message = "登录头信息app不能为空", groups = {UpdatePermissionCache.class, GetStaffCurrPermissions.class})
+    private String app;
+
+    /**
+     * 登录头信息client
+     */
+    @NotBlank(message = "登录头信息client不能为空", groups = {UpdatePermissionCache.class, GetStaffCurrPermissions.class})
+    private String client;
+
+    /**
+     * 组织ID路径
+     */
+    private String orgIdPath;
+
+    /**
+     * 权限列表
+     */
+    private Set<String> permissions;
+
+    /**
+     * 角色列表
+     */
+    private Set<String> roleIdList;
+
+    /**
+     * 当前所在网格id
+     */
+    private String gridId;
+
+}

epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/result/RoleAccessSettingResultDTO.java

@@ -0,0 +1,14 @@
+package com.epmet.dto.result;
+
+import lombok.Data;
+
+@Data
+public class RoleAccessSettingResultDTO {
+
+    private String settingKey;
+    private String id;
+    private String settingName;
+    private String settingValue;
+    private String roleId;
+
+}

epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/result/RoleOpeScopeResultDTO.java

@@ -0,0 +1,28 @@
+package com.epmet.dto.result;
+
+import lombok.Data;
+
+@Data
+public class RoleOpeScopeResultDTO {
+
+    /**
+     * 角色ID
+     */
+    private String roleId;
+
+    /**
+     * 范围key
+     */
+    private String scopeKey;
+
+    /**
+     * 范围名称
+     */
+    private String scopeName;
+
+    /**
+     * 范围序号
+     */
+    private String scopeIndex;
+
+}

epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/result/RoleOperationResultDTO.java

@@ -0,0 +1,87 @@
+/**
+ * Copyright 2018 人人开源 https://www.renren.io
+ * <p>
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.epmet.dto.result;
+
+import lombok.Data;
+
+import java.io.Serializable;
+import java.util.Date;
+
+
+/**
+ * 角色能进行那些操作
+ *
+ * @author generator generator@elink-cn.com
+ * @since v1.0.0 2020-04-22
+ */
+@Data
+public class RoleOperationResultDTO implements Serializable {
+
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * 
+     */
+	private String id;
+
+    /**
+     * 角色ID
+     */
+	private String roleId;
+
+    /**
+     * 操作key
+     */
+	private String operationKey;
+
+    /**
+     * 操作名称
+     */
+	private String operationName;
+
+    /**
+     * 是否删除，0：未删除，1：已删除
+     */
+	private String delFlag;
+
+    /**
+     * 乐观锁
+     */
+	private Integer revision;
+
+    /**
+     * 创建者id
+     */
+	private String createdBy;
+
+    /**
+     * 创建时间
+     */
+	private Date createdTime;
+
+    /**
+     * 更新者id
+     */
+	private String updatedBy;
+
+    /**
+     * 更新时间
+     */
+	private Date updatedTime;
+
+}

epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/result/StaffPermCacheResultDTO.java

@@ -0,0 +1,36 @@
+package com.epmet.dto.result;
+
+import lombok.Data;
+
+import javax.validation.constraints.NotBlank;
+import java.util.Set;
+
+@Data
+public class StaffPermCacheResultDTO {
+
+    /**
+     * 权限列表
+     */
+    private Set<String> permissions;
+
+    /**
+     * 角色列表
+     */
+    private Set<String> roleIdList;
+
+    /**
+     * 部门id列表
+     */
+    private Set<String> deptIdList;
+
+    /**
+     * 组织ID
+     */
+    private String orgIdPath;
+
+    /**
+     * 网格ID
+     */
+    private String gridId;
+
+}

epmet-module/gov-access/gov-access-server/Dockerfile

@@ -0,0 +1,11 @@
+FROM java:8
+
+RUN export LANG="zh_CN.UTF-8"
+RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
+RUN echo 'Asia/Shanghai' > /etc/timezone
+
+COPY ./target/*.jar ./app.jar
+
+EXPOSE 8099
+
+ENTRYPOINT ["java","-Xms32m","-Xmx200m","-jar","./app.jar"]

epmet-module/gov-access/gov-access-server/docker-compose.yml

@@ -0,0 +1,15 @@
+version: "3.7"
+services:
+  gov-access-server:
+    container_name: gov-access-server-dev
+    image: registry-vpc.cn-qingdao.aliyuncs.com/epmet-cloud-dev/gov-access-server:0.3.3
+    ports:
+      - "8099:8099"
+    network_mode: host # 使用现有网络
+    volumes:
+      - "/opt/epmet-cloud-logs/dev:/logs"
+    deploy:
+      resources:
+        limits:
+          cpus: '0.1'
+          memory: 250M

epmet-module/gov-access/gov-access-server/pom.xml

@@ -0,0 +1,182 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <version>0.3.3</version>
+    <parent>
+        <artifactId>gov-access</artifactId>
+        <groupId>com.epmet</groupId>
+        <version>2.0.0</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>gov-access-server</artifactId>
+    <packaging>jar</packaging>
+
+    <dependencies>
+        <dependency>
+            <groupId>com.epmet</groupId>
+            <artifactId>gov-access-client</artifactId>
+            <version>2.0.0</version>
+        </dependency>
+        <dependency>
+            <groupId>com.epmet</groupId>
+            <artifactId>epmet-commons-tools</artifactId>
+            <version>2.0.0</version>
+        </dependency>
+        <dependency>
+            <groupId>com.epmet</groupId>
+            <artifactId>epmet-commons-mybatis</artifactId>
+            <version>2.0.0</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-context-support</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-actuator</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>de.codecentric</groupId>
+            <artifactId>spring-boot-admin-starter-client</artifactId>
+            <version>${spring.boot.admin.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>com.alibaba.cloud</groupId>
+            <artifactId>spring-cloud-starter-alibaba-nacos-discovery</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.alibaba.cloud</groupId>
+            <artifactId>spring-cloud-starter-alibaba-nacos-config</artifactId>
+        </dependency>
+        <!-- 替换Feign原生httpclient -->
+        <dependency>
+            <groupId>io.github.openfeign</groupId>
+            <artifactId>feign-httpclient</artifactId>
+            <version>10.3.0</version>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <finalName>${project.artifactId}</finalName>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <configuration>
+                    <skipTests>true</skipTests>
+                </configuration>
+            </plugin>
+        </plugins>
+        <sourceDirectory>${project.basedir}/src/main/java</sourceDirectory>
+        <resources>
+            <resource>
+                <filtering>true</filtering>
+                <directory>${basedir}/src/main/resources</directory>
+            </resource>
+        </resources>
+    </build>
+
+    <profiles>
+        <profile>
+            <id>dev-local</id>
+            <activation>
+                <activeByDefault>true</activeByDefault>
+            </activation>
+            <properties>
+                <server.port>8099</server.port>
+                <spring.profiles.active>dev</spring.profiles.active>
+
+                <!-- 数据库配置-->
+                <spring.datasource.druid.url>
+                    <![CDATA[jdbc:mysql://192.168.1.130:3306/epmet_gov_access?allowMultiQueries=true&useUnicode=true&characterEncoding=UTF-8&useSSL=false&serverTimezone=Asia/Shanghai]]>
+                </spring.datasource.druid.url>
+                <spring.datasource.druid.username>epmet_gov_access_user</spring.datasource.druid.username>
+                <spring.datasource.druid.password>EpmEt-db-UsEr</spring.datasource.druid.password>
+                <!-- redis配置 -->
+                <spring.redis.index>0</spring.redis.index>
+                <spring.redis.host>192.168.1.130</spring.redis.host>
+                <spring.redis.port>6379</spring.redis.port>
+                <spring.redis.password>123456</spring.redis.password>
+                <!-- nacos -->
+                <nacos.register-enabled>false</nacos.register-enabled>
+                <nacos.server-addr>122.152.200.70:8848</nacos.server-addr>
+                <nacos.discovery.namespace>fcd6fc8f-ca3a-4b01-8026-2b05cdc5976b</nacos.discovery.namespace>
+                <nacos.config.namespace></nacos.config.namespace>
+                <nacos.config.group></nacos.config.group>
+                <nacos.config-enabled>false</nacos.config-enabled>
+                <nacos.ip/>
+            </properties>
+        </profile>
+        <profile>
+            <id>dev</id>
+            <!--<activation>
+                <activeByDefault>true</activeByDefault>
+            </activation>-->
+            <properties>
+                <server.port>8099</server.port>
+                <spring.profiles.active>dev</spring.profiles.active>
+
+                <!-- 数据库配置-->
+                <spring.datasource.druid.url>
+                    <![CDATA[jdbc:mysql://rm-m5ef9t617j6o5eup7.mysql.rds.aliyuncs.com:3306/epmet_gov_access_dev?allowMultiQueries=true&useUnicode=true&characterEncoding=UTF-8&useSSL=false&serverTimezone=Asia/Shanghai]]>
+                </spring.datasource.druid.url>
+                <spring.datasource.druid.username>epmet</spring.datasource.druid.username>
+                <spring.datasource.druid.password>elink@833066</spring.datasource.druid.password>
+                <!-- redis配置 -->
+                <spring.redis.index>0</spring.redis.index>
+                <spring.redis.host>r-m5eoz5b6tkx09y6bpz.redis.rds.aliyuncs.com</spring.redis.host>
+                <spring.redis.port>6379</spring.redis.port>
+                <spring.redis.password>EpmEtrEdIs!q@w</spring.redis.password>
+                <!-- nacos -->
+                <nacos.register-enabled>true</nacos.register-enabled>
+                <nacos.server-addr>192.168.10.150:8848</nacos.server-addr>
+                <nacos.discovery.namespace>67e3c350-533e-4d7c-9f8f-faf1b4aa82ae</nacos.discovery.namespace>
+                <nacos.config.namespace></nacos.config.namespace>
+                <nacos.config.group></nacos.config.group>
+                <nacos.config-enabled>false</nacos.config-enabled>
+                <nacos.ip/>
+            </properties>
+        </profile>
+        <profile>
+            <id>test</id>
+            <!--<activation>
+                <activeByDefault>true</activeByDefault>
+            </activation>-->
+            <properties>
+                <server.port>8099</server.port>
+                <spring.profiles.active>test</spring.profiles.active>
+
+                <!-- 数据库配置-->
+                <spring.datasource.druid.url>
+                    <![CDATA[jdbc:mysql://47.104.224.45:3308/epmet_gov_access?allowMultiQueries=true&useUnicode=true&characterEncoding=UTF-8&useSSL=false&serverTimezone=Asia/Shanghai]]>
+                </spring.datasource.druid.url>
+                <spring.datasource.druid.username>epmet</spring.datasource.druid.username>
+                <spring.datasource.druid.password>elink@833066</spring.datasource.druid.password>
+                <!-- redis配置 -->
+                <spring.redis.index>0</spring.redis.index>
+                <spring.redis.host>10.10.10.248</spring.redis.host>
+                <spring.redis.port>6379</spring.redis.port>
+                <spring.redis.password>123456</spring.redis.password>
+                <!-- nacos -->
+                <nacos.register-enabled>true</nacos.register-enabled>
+                <nacos.server-addr>122.152.200.70:8848</nacos.server-addr>
+                <nacos.discovery.namespace>fcd6fc8f-ca3a-4b01-8026-2b05cdc5976b</nacos.discovery.namespace>
+                <nacos.config.namespace></nacos.config.namespace>
+                <nacos.config.group></nacos.config.group>
+                <nacos.config-enabled>false</nacos.config-enabled>
+                <nacos.ip/>
+            </properties>
+        </profile>
+    </profiles>
+
+</project>

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/GovAccessApplication.java

@@ -0,0 +1,20 @@
+package com.epmet;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
+import org.springframework.cloud.openfeign.EnableFeignClients;
+
+/**
+ *
+ * @author Mark sunlightcs@gmail.com
+ * @since 1.0.0
+ */
+@SpringBootApplication
+@EnableDiscoveryClient
+@EnableFeignClients
+public class GovAccessApplication {
+	public static void main(String[] args) {
+		SpringApplication.run(GovAccessApplication.class, args);
+	}
+}

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/config/ModuleConfigImpl.java

@@ -0,0 +1,26 @@
+/**
+ * Copyright (c) 2018 人人开源 All rights reserved.
+ * <p>
+ * https://www.renren.io
+ * <p>
+ * 版权所有，侵权必究！
+ */
+
+package com.epmet.config;
+
+import com.epmet.commons.tools.config.ModuleConfig;
+import org.springframework.stereotype.Service;
+
+/**
+ * 模块配置信息-新闻公告模块
+ *
+ * @author Mark sunlightcs@gmail.com
+ * @since 1.0.0
+ */
+@Service
+public class ModuleConfigImpl implements ModuleConfig {
+    @Override
+    public String getName() {
+        return "govaccess";
+    }
+}

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/controller/AccessController.java

@@ -0,0 +1,96 @@
+package com.epmet.controller;
+
+import com.epmet.commons.tools.security.dto.GovTokenDto;
+import com.epmet.commons.tools.utils.Result;
+import com.epmet.commons.tools.validator.ValidatorUtils;
+import com.epmet.dto.OperationScopeDTO;
+import com.epmet.dto.form.OperationScopeFormDTO;
+import com.epmet.dto.form.StaffPermCacheFormDTO;
+import com.epmet.dto.result.RoleAccessSettingResultDTO;
+import com.epmet.dto.result.RoleOpeScopeResultDTO;
+import com.epmet.dto.result.StaffPermCacheResultDTO;
+import com.epmet.entity.OperationScopeEntity;
+import com.epmet.service.AccessService;
+import org.springframework.beans.BeanUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * 权限相关Api
+ * @Author wxz
+ * @Description
+ * @Date 2020/4/23 17:54
+ **/
+@RestController
+@RequestMapping("access")
+public class AccessController {
+
+    @Autowired
+    private AccessService accessService;
+
+    /**
+     * 更新工作人员权限缓存(前端查询权限时候gov-mine会调用此处)
+     * @param staffPermCacheFormDTO
+     * @return
+     */
+    @PostMapping("updatepermissioncache")
+    public Result updatePermissionCache(@RequestBody StaffPermCacheFormDTO staffPermCacheFormDTO) {
+        ValidatorUtils.validateEntity(staffPermCacheFormDTO, StaffPermCacheFormDTO.UpdatePermissionCache.class);
+        String staffId = staffPermCacheFormDTO.getStaffId();
+        String app = staffPermCacheFormDTO.getApp();
+        String client = staffPermCacheFormDTO.getClient();
+        Set<String> permissions = staffPermCacheFormDTO.getPermissions();
+        Set<String> roleIdList = staffPermCacheFormDTO.getRoleIdList();
+        String orgId = staffPermCacheFormDTO.getOrgIdPath();
+        String gridId = staffPermCacheFormDTO.getGridId();
+        accessService.updatePermissionCache(staffId, app, client, permissions, roleIdList, orgId, gridId);
+        return new Result();
+    }
+
+    /**
+     * 从缓存中查询用户当前权限列表(DataFilterAspect中用到)
+     * @return
+     */
+    @PostMapping("getcurrpermissions")
+    public Result<StaffPermCacheResultDTO> getStaffCurrPermissions(@RequestBody StaffPermCacheFormDTO dto) {
+        ValidatorUtils.validateEntity(dto, StaffPermCacheFormDTO.GetStaffCurrPermissions.class);
+        GovTokenDto govTokenDto = accessService.listStaffCurrPermissions(dto.getApp(), dto.getClient(), dto.getStaffId());
+        StaffPermCacheResultDTO resultDTO = null;
+        if (govTokenDto != null) {
+            resultDTO = new StaffPermCacheResultDTO();
+            resultDTO.setPermissions(govTokenDto.getPermissions());
+            resultDTO.setRoleIdList(govTokenDto.getRoleIdList());
+            resultDTO.setOrgIdPath(govTokenDto.getOrgIdPath());
+            resultDTO.setGridId(govTokenDto.getGridId());
+            resultDTO.setDeptIdList(govTokenDto.getDeptIdList());
+        }
+        return new Result<StaffPermCacheResultDTO>().ok(resultDTO);
+    }
+
+    /**
+     * 查询角色的操作key对应操作范围列表(缓存)
+     * @return
+     */
+    @PostMapping("operationscopes")
+    public Result<Set<RoleOpeScopeResultDTO>> getOperationScopesByRoleId(@RequestBody OperationScopeFormDTO operationScopeFormDTO) {
+        ValidatorUtils.validateEntity(operationScopeFormDTO, OperationScopeFormDTO.ListOperationScopeGroup.class);
+        Set<RoleOpeScopeResultDTO> scopes = accessService.listOperationScopesByRoleId(operationScopeFormDTO.getRoleId(), operationScopeFormDTO.getOperationKey());
+        return new Result<Set<RoleOpeScopeResultDTO>>().ok(scopes);
+    }
+
+    /**
+     * 查询角色的权限相关配置
+     * @param roleId
+     * @return
+     */
+    @PostMapping("/role/{roleId}/accesssettings")
+    public Result<Map<String, String>> listAccessSettings(@PathVariable("roleId") String roleId) {
+        Map<String, String> settings = accessService.listAccessSettings(roleId);
+        return new Result<Map<String, String>>().ok(settings);
+    }
+}

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/controller/RoleController.java

@@ -0,0 +1,33 @@
+package com.epmet.controller;
+
+import com.epmet.commons.tools.utils.Result;
+import com.epmet.dto.result.RoleOperationResultDTO;
+import com.epmet.service.RoleOperationService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.List;
+
+@RestController
+@RequestMapping("role")
+public class RoleController {
+
+    @Autowired
+    private RoleOperationService roleOperationService;
+
+    /**
+     * 查询角色对应的操作列表
+     * @param roleId
+     * @return
+     */
+    @PostMapping("operations/{roleId}")
+    public Result<List<RoleOperationResultDTO>> listOperationsByRoleId(@PathVariable("roleId") String roleId) {
+        List<RoleOperationResultDTO> roleOperationResultDTOS = roleOperationService.listOperationsByRoleId(roleId);
+        return new Result<List<RoleOperationResultDTO>>().ok(roleOperationResultDTOS);
+    }
+
+
+}

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/controller/TestController.java

@@ -0,0 +1,17 @@
+package com.epmet.controller;
+
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@RequestMapping("test")
+public class TestController {
+
+    @GetMapping("test")
+    public void test() {
+        System.out.println(666);
+    }
+
+}

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/OperationScopeDao.java

@@ -0,0 +1,47 @@
+/**
+ * Copyright 2018 人人开源 https://www.renren.io
+ * <p>
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.epmet.dao;
+
+import com.epmet.commons.mybatis.dao.BaseDao;
+import com.epmet.dto.result.RoleOpeScopeResultDTO;
+import com.epmet.entity.OperationScopeEntity;
+import org.apache.ibatis.annotations.Mapper;
+import org.apache.ibatis.annotations.Param;
+import org.springframework.context.annotation.Scope;
+
+import java.util.List;
+import java.util.Set;
+
+/**
+ * 权限范围表
+ *
+ * @author generator generator@elink-cn.com
+ * @since v1.0.0 2020-04-24
+ */
+@Mapper
+public interface OperationScopeDao extends BaseDao<OperationScopeEntity> {
+
+    /**
+     * 查询角色的操作key对应操作范围列表
+     * @param roleId 角色id
+     * @param operationKey 操作key
+     * @return
+     */
+    Set<RoleOpeScopeResultDTO> listOperationScopesByRoleId(@Param("roleId") String roleId,
+                                            @Param("operationKey") String operationKey);
+}

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/RoleAccessSettingDao.java

@@ -0,0 +1,37 @@
+/**
+ * Copyright 2018 人人开源 https://www.renren.io
+ * <p>
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.epmet.dao;
+
+import com.epmet.commons.mybatis.dao.BaseDao;
+import com.epmet.dto.result.RoleAccessSettingResultDTO;
+import com.epmet.entity.RoleAccessSettingEntity;
+import org.apache.ibatis.annotations.Mapper;
+
+import java.util.List;
+
+/**
+ * 权限配置
+ *
+ * @author generator generator@elink-cn.com
+ * @since v1.0.0 2020-04-26
+ */
+@Mapper
+public interface RoleAccessSettingDao extends BaseDao<RoleAccessSettingEntity> {
+
+    List<RoleAccessSettingResultDTO> listRoleAccessSettingsByRoleId(String roleId);
+}

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/RoleOperationDao.java

@@ -0,0 +1,38 @@
+/**
+ * Copyright 2018 人人开源 https://www.renren.io
+ * <p>
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.epmet.dao;
+
+import com.epmet.commons.mybatis.dao.BaseDao;
+import com.epmet.dto.result.RoleOperationResultDTO;
+import com.epmet.entity.RoleOperationEntity;
+import org.apache.ibatis.annotations.Mapper;
+import org.apache.ibatis.annotations.Param;
+
+import java.util.List;
+
+/**
+ * 角色能进行那些操作
+ *
+ * @author generator generator@elink-cn.com
+ * @since v1.0.0 2020-04-22
+ */
+@Mapper
+public interface RoleOperationDao extends BaseDao<RoleOperationEntity> {
+
+    List<RoleOperationResultDTO> listOperationsByRoleId(@Param("roleId") String roleId);
+}

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/RoleScopeDao.java

@@ -0,0 +1,33 @@
+/**
+ * Copyright 2018 人人开源 https://www.renren.io
+ * <p>
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.epmet.dao;
+
+import com.epmet.commons.mybatis.dao.BaseDao;
+import com.epmet.entity.RoleScopeEntity;
+import org.apache.ibatis.annotations.Mapper;
+
+/**
+ * 角色能操作哪些范围
+ *
+ * @author generator generator@elink-cn.com
+ * @since v1.0.0 2020-04-24
+ */
+@Mapper
+public interface RoleScopeDao extends BaseDao<RoleScopeEntity> {
+	
+}

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/entity/OperationScopeEntity.java

@@ -0,0 +1,51 @@
+/**
+ * Copyright 2018 人人开源 https://www.renren.io
+ * <p>
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.epmet.entity;
+
+import com.baomidou.mybatisplus.annotation.TableName;
+
+import com.epmet.commons.mybatis.entity.BaseEpmetEntity;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+
+import java.util.Date;
+
+/**
+ * 权限范围表
+ *
+ * @author generator generator@elink-cn.com
+ * @since v1.0.0 2020-04-24
+ */
+@Data
+@EqualsAndHashCode(callSuper=false)
+@TableName("operation_scope")
+public class OperationScopeEntity extends BaseEpmetEntity {
+
+	private static final long serialVersionUID = 1L;
+
+    /**
+     * 范围key
+     */
+	private String scopeKey;
+
+    /**
+     * 范围名称
+     */
+	private String scopeName;
+
+}

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/entity/RoleAccessSettingEntity.java

@@ -0,0 +1,65 @@
+/**
+ * Copyright 2018 人人开源 https://www.renren.io
+ * <p>
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.epmet.entity;
+
+import com.baomidou.mybatisplus.annotation.TableName;
+
+import com.epmet.commons.mybatis.entity.BaseEpmetEntity;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+
+import java.util.Date;
+
+/**
+ * 权限配置
+ *
+ * @author generator generator@elink-cn.com
+ * @since v1.0.0 2020-04-26
+ */
+@Data
+@EqualsAndHashCode(callSuper=false)
+@TableName("role_access_setting")
+public class RoleAccessSettingEntity extends BaseEpmetEntity {
+
+	private static final long serialVersionUID = 1L;
+
+    /**
+     * 配置KEY
+     */
+	private String settingKey;
+
+    /**
+     * 配置name
+     */
+	private String settingName;
+	/**
+	 * 配置值
+	 */
+	private String settingValue;
+
+    /**
+     * 角色ID
+     */
+	private String roleId;
+
+    /**
+     * 操作简介
+     */
+	private String brief;
+
+}

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/entity/RoleOperationEntity.java

@@ -0,0 +1,51 @@
+/**
+ * Copyright 2018 人人开源 https://www.renren.io
+ * <p>
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.epmet.entity;
+
+import com.baomidou.mybatisplus.annotation.TableName;
+
+import com.epmet.commons.mybatis.entity.BaseEpmetEntity;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+
+import java.util.Date;
+
+/**
+ * 角色能进行那些操作
+ *
+ * @author generator generator@elink-cn.com
+ * @since v1.0.0 2020-04-22
+ */
+@Data
+@EqualsAndHashCode(callSuper=false)
+@TableName("role_operation")
+public class RoleOperationEntity extends BaseEpmetEntity {
+
+	private static final long serialVersionUID = 1L;
+
+    /**
+     * 角色ID
+     */
+	private String roleId;
+
+    /**
+     * 操作key
+     */
+	private String operationKey;
+
+}

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/entity/RoleScopeEntity.java

@@ -0,0 +1,56 @@
+/**
+ * Copyright 2018 人人开源 https://www.renren.io
+ * <p>
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.epmet.entity;
+
+import com.baomidou.mybatisplus.annotation.TableName;
+
+import com.epmet.commons.mybatis.entity.BaseEpmetEntity;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+
+import java.util.Date;
+
+/**
+ * 角色能操作哪些范围
+ *
+ * @author generator generator@elink-cn.com
+ * @since v1.0.0 2020-04-24
+ */
+@Data
+@EqualsAndHashCode(callSuper=false)
+@TableName("role_scope")
+public class RoleScopeEntity extends BaseEpmetEntity {
+
+	private static final long serialVersionUID = 1L;
+
+    /**
+     * 角色ID
+     */
+	private String roleId;
+
+    /**
+     * 操作key
+     */
+	private String operationKey;
+
+    /**
+     * 范围Key
+     */
+	private String scopeKey;
+
+}

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/excel/RoleOperationExcel.java

@@ -0,0 +1,62 @@
+/**
+ * Copyright 2018 人人开源 https://www.renren.io
+ * <p>
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.epmet.excel;
+
+import cn.afterturn.easypoi.excel.annotation.Excel;
+import lombok.Data;
+
+import java.util.Date;
+
+/**
+ * 角色能进行那些操作
+ *
+ * @author generator generator@elink-cn.com
+ * @since v1.0.0 2020-04-22
+ */
+@Data
+public class RoleOperationExcel {
+
+    @Excel(name = "")
+    private String id;
+
+    @Excel(name = "角色ID")
+    private String roleId;
+
+    @Excel(name = "操作key")
+    private String operationKey;
+
+    @Excel(name = "是否删除，0：未删除，1：已删除")
+    private Integer delFlag;
+
+    @Excel(name = "乐观锁")
+    private Integer revision;
+
+    @Excel(name = "创建者id")
+    private String createdBy;
+
+    @Excel(name = "创建时间")
+    private Date createdTime;
+
+    @Excel(name = "更新者id")
+    private String updatedBy;
+
+    @Excel(name = "更新时间")
+    private Date updatedTime;
+
+
+}

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/redis/RoleAccessSettingRedis.java

@@ -0,0 +1,37 @@
+package com.epmet.redis;
+
+import com.epmet.commons.tools.redis.RedisKeys;
+import com.epmet.commons.tools.redis.RedisUtils;
+import com.epmet.dto.result.RoleAccessSettingResultDTO;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.function.BiConsumer;
+
+@Component
+public class RoleAccessSettingRedis {
+
+    @Autowired
+    private RedisUtils redisUtils;
+
+    public void set(Map<String, Object> settings, String roleId) {
+        String roleAccessSettingKey = RedisKeys.getRoleAccessSettingKey(roleId);
+        redisUtils.hMSet(roleAccessSettingKey, settings);
+    }
+
+    public Map<String, String> get(String roleId) {
+        String roleAccessSettingKey = RedisKeys.getRoleAccessSettingKey(roleId);
+        Map<String, Object> s = redisUtils.hGetAll(roleAccessSettingKey);
+        Map<String, String> settings = new HashMap<>();
+        s.forEach((s1, o) -> {
+            if (o != null) {
+                settings.put(s1, String.valueOf(o));
+            }
+        });
+        return settings;
+    }
+
+}