Merge remote-tracking branch 'origin/4.0' into 4.0

2 years ago · f4fd27de1f
--- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/spring/controller/FileDownloadController.java
+++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/spring/controller/FileDownloadController.java
@@ -32,9 +32,6 @@ public class FileDownloadController {
    @Autowired
    private FilePathGenerator filePathGenerator;
    @Autowired
    private RedisManager redisManager;
    /**
     * path方式下载文件
     */
@@ -56,8 +53,6 @@ public class FileDownloadController {
                                                        @RequestParam(value = "noCache", required = false) Boolean noCache,
                                                        HttpServletRequest request
    ) throws FileNotFoundException {
        SessionUtil.checkSession(request, redisManager);
        File file = new File(filePathGenerator.getFileDiskPath(path));
        if (!file.exists()) {
--- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/spring/controller/FileUploadController.java
+++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/spring/controller/FileUploadController.java
@@ -30,9 +30,6 @@ public class FileUploadController {
    private DbEngine dbEngine;
    @Autowired
    private RedisManager redisManager;
    @Autowired
    private ImageAttachDao imageAttachDao;
    // TODO: 权限处理，临时文件处理
@@ -44,7 +41,6 @@ public class FileUploadController {
                    @RequestParam(value = "keepName", required = false) Boolean keepName,
                    HttpServletRequest request
    ) {
        SessionUtil.checkSession(request, redisManager);
        return uploadFile(path, file, ThumbImage.type(thumb), thumbHeight, insert, keepName);
    }
@@ -54,8 +50,6 @@ public class FileUploadController {
                    @RequestParam(value = "thumbHeight", required = false) Integer thumbHeight,
                    @RequestParam(value = "commit", required = false) Boolean insert,
                    HttpServletRequest request) {
        SessionUtil.checkSession(request, redisManager);
        MultipartFile file = MemMultipartFile.build(data.getData());
        if (file == null) {
            return R.error("数据内容格式有错");
@@ -70,7 +64,6 @@ public class FileUploadController {
                          @RequestParam(value = "commit", required = false) Boolean insert,
                          @RequestParam(value = "keepName", required = false) Boolean keepName,
                          HttpServletRequest request) {
        SessionUtil.checkSession(request, redisManager);
        return uploadFile(path, file, ThumbImage.TYPE_AVATAR, size, insert, keepName);
    }
@@ -81,7 +74,6 @@ public class FileUploadController {
                    @RequestParam(value = "thumbHeight", required = false) Integer thumbHeight,
                    @RequestParam(value = "keepName", required = false) Boolean keepName,
                    HttpServletRequest request) {
        SessionUtil.checkSession(request, redisManager);
        return uploadFile(path, file, ThumbImage.type(thumb), thumbHeight, true, keepName);
    }
@@ -143,8 +135,6 @@ public class FileUploadController {
    // TODO: 修改为安全的后台删除方式
    @PostMapping("/fs/remove")
    public R remove(@RequestParam(value = "filePath") String filePath, HttpServletRequest request) {
        SessionUtil.checkSession(request, redisManager);
        File file = new File(filePathGenerator.getFileDiskPath(filePath));
        if (file.exists() && file.isFile()) {
            if (file.delete()) {
--- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/spring/file/attach/AttachHelper.java
+++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/spring/file/attach/AttachHelper.java
@@ -97,7 +97,7 @@ public final class AttachHelper {
    //批量删除
    public boolean deleteAttachList(List<String> attachIdList) throws Exception {
        if (CommUtil.isEmpty(attachIdList)) return false;
        dbEngine.update("delete from " + AttachInfo.ENTITY_NAME + " where attach_id in(" + CommUtil.getSqlInStr(attachIdList) + ")");
        dbEngine.update("delete from " + AttachInfo.ENTITY_NAME + " where attach_id in(" + StringUtil.join(attachIdList,",") + ")");
        return true;
    }
--- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/design/preview/PreviewMenuTreeService.java
+++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/design/preview/PreviewMenuTreeService.java
@@ -21,6 +21,7 @@ import cc.smtweb.system.bpm.web.sys.user.menuPlan.MenuPlan;
 import cc.smtweb.system.bpm.web.sys.user.menuPlan.MenuPlanCache;
 import cc.smtweb.system.bpm.web.sys.user.menuPlan.MenuPlanContent;
 import cc.smtweb.system.bpm.web.sys.user.menuPlan.MenuPlanItem;
 import cc.smtweb.system.bpm.web.sys.user.role.RoleHelper;
 import org.apache.commons.lang3.StringUtils;
 import java.util.*;
@@ -33,9 +34,16 @@ public class PreviewMenuTreeService {
    public R treeAll(@SwParam("module") String module, UserSession us) {
        String prj_id = ModelProjectCache.getInstance().getIdByModule(module);
        if (!SwConsts.SysParam.SYS_DEBUG) {
            List<MenuVO> menuVOList = buildMenu(prj_id, module, us);
            MenuVO home = new MenuVO();
            List<MenuVO> menuVOList = buildMenu(prj_id, module, us,home);
            if (!CommUtil.isEmpty(menuVOList)) {
                return R.success(menuVOList);
                R r = R.success(menuVOList);
                if(home.getId()!=null&&home.getId()>0){
                    r.put("home",home);
                }
                return r;
            }else {
                return R.success(new ArrayList<>());
            }
        }
        List<ModelForm> listForm;
@@ -73,20 +81,30 @@ public class PreviewMenuTreeService {
        root.setPath(module);
        root.setId(-1L);
        List<MenuVO> data = TreeDataUtil.buildTree(root, list, MenuVO.createTreeHandler());
        return R.success(data);
        return  R.success(data);
    }
    public List<MenuVO> buildMenu(String prj_id, String module, UserSession us) {
        Set<MenuPlan> set = MenuPlanCache.getInstance().getByP(prj_id);
    public List<MenuVO> buildMenu(String prj_id, String module, UserSession us,MenuVO home) {
        Set<MenuPlan> set = RoleHelper.isAdmin(us.getUserId()) ? MenuPlanCache.getInstance().getByP(prj_id):RoleHelper.getMenuPlans(us.getUserId(),us.getPartyId());
        if (CommUtil.isEmpty(set)) {
            return new ArrayList<>();
        }
        MenuPlan menuPlan = set.iterator().next();
        MenuPlanContent mpc = new MenuPlanContent(menuPlan.getContent());
        List<MenuVO> list = new ArrayList<>();
        Set<Long> rightMenuIds = RoleHelper.getRoleMenuIds(us.getUserId() , us.getPartyId(),menuPlan.getId(), true);
        for(MenuPlanItem item : mpc.getHomeList()){
            long id = item.getId();
            if(rightMenuIds.contains(id)){
                home.setId(item.getId());
                home.setName(item.getLabel());
                home.setIcon(item.getIcon());
                home.setPath(MenuCache.getInstance().getPath(item.getMenu()));
                break;
            }
        }
        for (MenuPlanItem mp : mpc.getChildren(0)) {
            List<MenuVO> menuVOList = buildMenu(-1, mp);
            List<MenuVO> menuVOList = RoleHelper.isAdmin(us.getUserId())? buildMenu(-1,mp):buildMenuWithRight(-1, mp,rightMenuIds);
            if (menuVOList == null) continue;
            list.addAll(menuVOList);
        }
@@ -118,7 +136,27 @@ public class PreviewMenuTreeService {
        list.add(menu);
        return list;
    }
    private List<MenuVO> buildMenuWithRight(long parent_id, MenuPlanItem mp,Set<Long> rightMenuIds) {
        if (mp == null || !rightMenuIds.contains(mp.getId())) return null;
        List<MenuVO> list = new ArrayList<>();
        MenuVO menu = new MenuVO();
        menu.setId(mp.getId());
        menu.setName(mp.getLabel());
        menu.setIcon(mp.getIcon());
        menu.setPath(MenuCache.getInstance().getPath(mp.getMenu()));
        menu.setParentId(parent_id);
        List<MenuVO> child = new ArrayList<>();
        if (!CommUtil.isEmpty(mp.getChildren())) {
            for (MenuPlanItem cmp : mp.getChildren()) {
                List<MenuVO> m = buildMenuWithRight(menu.getId(), cmp,rightMenuIds);
                if (m == null) continue;
                child.addAll(m);
            }
        }
        menu.setChildren(child);
        list.add(menu);
        return list;
    }
    private MenuVO setMenuParent(Long parent_id, Map<Long, MenuVO> map, List<MenuVO> list) {
        MenuVO parent = map.get(parent_id);
        if (parent != null) return parent;
--- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/engine/dynPage/DynPageHelper.java
+++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/engine/dynPage/DynPageHelper.java
@@ -14,6 +14,7 @@ import cc.smtweb.framework.core.exception.SwException;
 import cc.smtweb.framework.core.mvc.service.SqlNamedPara;
 import cc.smtweb.framework.core.util.MapUtil;
 import cc.smtweb.framework.core.util.NumberUtil;
 import cc.smtweb.framework.core.util.SqlUtil;
 import cc.smtweb.framework.core.util.StringUtil;
 import cc.smtweb.system.bpm.web.design.form.define.*;
 import org.apache.commons.lang3.StringUtils;
@@ -187,7 +188,7 @@ public class DynPageHelper {
            if (listener != null) listener.buildSelect(dataSet, sql);
            return sql.toString();
        } else {
            return dataSet.sql;
            return SqlUtil.replaceTable(dataSet.sql);
        }
    }
--- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/engine/dynPage/DynPageLoadHandler.java
+++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/engine/dynPage/DynPageLoadHandler.java
@@ -104,7 +104,7 @@ public class DynPageLoadHandler extends AbstractDynPageHandler {
        SwMap filter = params.readMap("filter");
        //对应的数据集定义
        PageDataset pageDataSet = readParamDs();
        DynRetBean bean = null;
        if (SwEnum.DatasetType.LIST.value.equals(pageDataSet.type)) {//列表类
            bean = DynRetBean.createList(getListWorker(filter, pageDataSet).buildListData());
--- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/login/AuthService.java
+++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/login/AuthService.java
@@ -2,7 +2,6 @@ package cc.smtweb.system.bpm.web.login;
 import cc.smtweb.framework.core.annotation.SwBody;
 import cc.smtweb.framework.core.annotation.SwParam;
 import cc.smtweb.framework.core.annotation.SwPerm;
 import cc.smtweb.framework.core.annotation.SwService;
 import cc.smtweb.framework.core.common.R;
 import cc.smtweb.framework.core.common.SwMap;
@@ -28,7 +27,6 @@ public class AuthService {
    @SwParam
    private SessionManager sessionManager;
    @SwPerm()
    public R getParty(@SwParam("username") String username) {
        Set<Party> partySet = PartyCache.getInstance().getTopSet();
        List<SwMap> list = new ArrayList<>();
@@ -43,7 +41,6 @@ public class AuthService {
        return R.success(list);
    }
    @SwPerm(SwPerm.NONE)
    public R login(@SwBody LoginVO loginPO) {
        SwMap data = new SwMap();
        User user = null;
@@ -55,7 +52,7 @@ public class AuthService {
 //                return new UserSession(1);
            } else {
                user = LoginHelper.login(loginPO);
                userSession = new UserSession(user.getId());
                userSession = LoginHelper.createUserSession(user);
            }
        } catch (BizException e) {
            data.put("isOk", false);
@@ -96,12 +93,10 @@ public class AuthService {
        return R.success(data);
    }
    @SwPerm()
    public R ping(@SwParam("msg") String msg) {
        return R.success(msg);
    }
    @SwPerm("user:edit")
    public R config(@SwParam("username") String username) {
        return R.success("config: " + username);
    }
--- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/login/LoginHelper.java
+++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/login/LoginHelper.java
@@ -8,10 +8,13 @@ import cc.smtweb.framework.core.exception.BizException;
 import cc.smtweb.framework.core.session.UserSession;
 import cc.smtweb.system.bpm.web.sys.user.user.User;
 import cc.smtweb.system.bpm.web.sys.user.user.UserCache;
 import cc.smtweb.system.bpm.web.sys.user.user.UserParty;
 import cc.smtweb.system.bpm.web.sys.user.user.UserPartyCache;
 import org.apache.commons.codec.digest.DigestUtils;
 import org.apache.commons.lang3.StringUtils;
 import java.util.List;
 import java.util.Set;
 /**
 * Created with IntelliJ IDEA.
@@ -73,7 +76,17 @@ public class LoginHelper {
        if (user == null) {
            throw new BizException("账号或者密码出错");
        }
        return new UserSession(user.getId());
        return createUserSession(user);
    }
    public static UserSession createUserSession(User user){
        UserSession us = new UserSession(user.getId());
        Set<UserParty> ups = UserPartyCache.getInstance().getByUser(String.valueOf(us.getUserId()));
        if(ups!=null&&ups.size()>0){
           UserParty up = ups.iterator().next();
           us.setPartyId(up.getPartyId());
           us.setDeptId(up.getDeptId());
        }
        return us;
    }
 //    public static UserSession login(LoginVO loginPO) {
--- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/menu/MenuHandler.java
+++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/menu/MenuHandler.java
@@ -56,9 +56,9 @@ public class MenuHandler {
            }
            if (StringUtil.isNotEmpty(menu.getRight())) {
                Map<String, List<String>> rightMap = JsonUtil.parseMap(menu.getRight());
                bean.put("sm_right_data", CommUtil.getSqlInStr(rightMap.get("data")));
                bean.put("sm_right_func", CommUtil.getSqlInStr(rightMap.get("func")));
                bean.put("sm_right_field", CommUtil.getSqlInStr(rightMap.get("field")));
                bean.put("sm_right_data", StringUtil.join(rightMap.get("data"), ","));
                bean.put("sm_right_func", StringUtil.join(rightMap.get("func"), ","));
                bean.put("sm_right_field", StringUtil.join(rightMap.get("field"), ","));
            }
        }
    }
--- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/menuPlan/MenuPlanContent.java
+++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/menuPlan/MenuPlanContent.java
@@ -75,6 +75,7 @@ public class MenuPlanContent {
                oldItem.setMenu(item.getMenu());
                oldItem.setIcon(item.getIcon());
                oldItem.setSeq(item.getSeq());
                oldItem.setHome(item.getHome());
            }
        }
@@ -122,7 +123,21 @@ public class MenuPlanContent {
        MenuPlanItem parent = findById(parentId);
        return parent == null ? new ArrayList<>(): parent.getChildren();
    }
    // 获取主页
    public List<MenuPlanItem> getHomeList(){
        List<MenuPlanItem> homeList = new ArrayList<>();
        findHome(list,homeList);
        return homeList;
    }
    private void findHome(List<MenuPlanItem> source,List<MenuPlanItem> homeList){
        if(CommUtil.isEmpty(source))return;
        for(MenuPlanItem item: source){
            if(item.getHome() == 1){
                homeList.add(item);
            }
            findHome(item.getChildren(),homeList);
        }
    }
    private MenuPlanItem findById(long id, List<MenuPlanItem> itemList) {
        if (CommUtil.isEmpty(itemList)) {
            return null;
--- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/menuPlan/MenuPlanItem.java
+++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/menuPlan/MenuPlanItem.java
@@ -80,7 +80,19 @@ public class MenuPlanItem extends BaseBean {
    public void setSeq(int seq) {
        put("seq", seq);
    }
    /**
     * 排序码
     */
    public int getHome() {
        return getInt("home");
    }
    /**
     * 排序码
     */
    public void setHome(int home) {
        put("home", home);
    }
    public void setChildren(List<MenuPlanItem> children) {
        put("children", children);
    }
--- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/role/RoleCache.java
+++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/role/RoleCache.java
@@ -4,6 +4,7 @@ import cc.smtweb.framework.core.annotation.SwCache;
 import cc.smtweb.framework.core.cache.AbstractEntityCache;
 import cc.smtweb.framework.core.cache.CacheManager;
 import cc.smtweb.framework.core.util.CommUtil;
 import cc.smtweb.framework.core.util.StringUtil;
 import java.util.HashSet;
 import java.util.Set;
@@ -36,6 +37,6 @@ public class RoleCache extends AbstractEntityCache<Role> {
        key.forEach(k -> {
            names.add(get(k).getName());
        });
        return CommUtil.getSqlInStr(names);
        return StringUtil.join(names,",");
    }
 }
--- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/role/RoleHandler.java
+++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/role/RoleHandler.java
@@ -59,6 +59,7 @@ public class RoleHandler {
                //if (CommUtil.isEmpty(set)) return R.error("未选择菜单！");
                Role role = RoleCache.getInstance().get(role_id);
                RoleRightContent rc = new RoleRightContent(role.getPrivilege());
                rc.resetItem();
                for (Long menu_id : set) {
                    MenuPlanItem item = MenuPlanCache.getInstance().getById(role.getSmpId(), menu_id);
                    RoleRight right = rc.getRoleRight(item.getId());
@@ -77,8 +78,8 @@ public class RoleHandler {
                        right = new RoleRight();
                        right.setId(item.getId());
                        right.setMenuId(item.getMenu());
                        right.setMenu(1);
                    }
                    right.setMenu(1);
                    right.setFunc(formData.readStringSet("func"));
                    right.setData(formData.readListMap("data"));
                    if (item.getMenu() > 0L)
--- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/role/RoleHelper.java
+++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/role/RoleHelper.java
@@ -0,0 +1,130 @@
 package cc.smtweb.system.bpm.web.sys.user.role;
 import cc.smtweb.system.bpm.web.sys.user.menuPlan.MenuPlan;
 import cc.smtweb.system.bpm.web.sys.user.menuPlan.MenuPlanCache;
 import cc.smtweb.system.bpm.web.sys.user.menuPlan.MenuPlanContent;
 import cc.smtweb.system.bpm.web.sys.user.menuPlan.MenuPlanItem;
 import cc.smtweb.system.bpm.web.sys.user.user.User;
 import cc.smtweb.system.bpm.web.sys.user.user.UserCache;
 import cc.smtweb.system.bpm.web.sys.user.user.UserRoleCache;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
 /**
 * @Author: tanghp
 * @Date: 2022-09-06 18:35
 * @Desc: 角色辅助类
 */
 public final class RoleHelper {
    public static boolean isAdmin(long userId){
        if(userId ==1L) return true;
       User user = UserCache.getInstance().get(userId);
       if(user!=null){
           return "admin".equalsIgnoreCase(user.getNicky());
       }
       return false;
    }
    /**
     * 获取角色权限
     * @param userId 用户ID
     * @param menuPlanId 菜单方案ID
     * @return
     */
    public static List<RoleRight> getRoleRightList(long userId, long menuPlanId){
        return null;
    }
    /**
     * 获取用户的菜单权限
     * @param userId 用户ID
     * @param partyId 机构ID
     * @param incParent 是否包含父节点，（子节点配置了，把父节点也查出来）
     * @return
     */
    public static Set<Long> getRoleMenuIds(long userId,long partyId,boolean incParent){
        Set<Long> mpIds = getMenuPlanIds(userId,partyId);
        if(mpIds.size()==0){
            return  new HashSet<>();
        }
        return getRoleMenuIds(userId,partyId,mpIds.iterator().next(),incParent);
    }
    /**
     * 获取用户的菜单权限
     * @param userId 用户ID
     * @param partyId 机构ID
     * @param menuPlanId 菜单方案ID
     * @param incParent 是否包含父节点，（子节点配置了，把父节点也查出来）
     * @return
     */
    public static Set<Long>  getRoleMenuIds(long userId,long partyId, long menuPlanId,boolean incParent){
        Set<Long> menuIds = new HashSet<>();
        MenuPlan menuPlan = MenuPlanCache.getInstance().get(menuPlanId);
        if(menuPlan==null)return menuIds;
        Set<Long> roleIds = UserRoleCache.getInstance().getRoleIdByUP(userId,partyId);
        RoleCache roleCache = RoleCache.getInstance();
        roleIds.forEach((roleId)-> {
            Role role = roleCache.get(roleId);
            if(role==null || role.getSmpId()!=menuPlanId){
                return;
            }
            RoleRightContent roleRightContent = new RoleRightContent(role.getPrivilege());
            menuIds.addAll(roleRightContent.getMenuRightIds());
        });
        MenuPlanContent menuPlanContent = new MenuPlanContent(menuPlan.getContent());
        if(incParent){
            Set<Long> tempIds = new HashSet<>(menuIds);
            tempIds.forEach(id->{
                fillMenuId(id,menuPlanContent,menuIds);
            });
        }
        return menuIds;
    }
    private static void fillMenuId(Long id,MenuPlanContent menuPlanContent, Set<Long> menuIds){
        menuIds.add(id);
        MenuPlanItem parent = menuPlanContent.findParentById(id);
        if(parent!=null){
            if(!menuIds.contains(parent.getId())){
                fillMenuId(parent.getId(),menuPlanContent,menuIds);
            }
        }
    }
    /**
     * 获取用户的菜单方案
     * @param userId 用户ID
     * @param partyId 机构ID
     * @return 菜单方案ID
     */
    public static Set<Long> getMenuPlanIds(long userId,long partyId){
        Set<Long> mpList = new HashSet<>();
        Set<Long> roleIds = UserRoleCache.getInstance().getRoleIdByUP(userId,partyId);
        RoleCache roleCache = RoleCache.getInstance();
        roleIds.forEach((roleId)-> {
            Role role = roleCache.get(roleId);
            if(role!=null&&role.getSmpId()>0L){
                mpList.add(role.getSmpId());
            }
        });
        return mpList;
    }
    /**
     * 获取用户的菜单方案
     * @param userId 用户ID
     * @param partyId 机构ID
     * @return 菜单方案
     */
    public static Set<MenuPlan> getMenuPlans(long userId,long partyId){
        Set<MenuPlan> mpList = new HashSet<>();
        Set<Long> roleIds = UserRoleCache.getInstance().getRoleIdByUP(userId,partyId);
        roleIds.forEach((roleId)-> {
            Role role =  RoleCache.getInstance().get(roleId);
            if(role!=null&&role.getSmpId()>0L){
                MenuPlan mp = MenuPlanCache.getInstance().get(role.getSmpId());
                if(mp!=null){
                    mpList.add(mp);
                }
            }
        });
        return mpList;
    }
 }
--- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/role/RoleRightContent.java
+++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/role/RoleRightContent.java
@@ -61,7 +61,7 @@ public class RoleRightContent {
    public String getFuncRight(long key) {
        RoleRight right = getRoleRight(key);
        if (right == null) return "";
        return CommUtil.getSqlInStr(right.getRightFunc());
        return StringUtil.join(right.getRightFunc(),",");
    }
    public String getMenuRight() {
@@ -70,9 +70,16 @@ public class RoleRightContent {
        map.values().forEach(roleRight -> {
            if (roleRight.getMenu() == 1) menus.add(roleRight.getId() + "");
        });
        return CommUtil.getSqlInStr(menus);
        return StringUtil.join(menus,",");
    }
    public Set<Long> getMenuRightIds() {
        Set<Long> ids = new HashSet<>();
        if (map.size() == 0) return ids;
        map.values().forEach(roleRight -> {
            if (roleRight.getMenu() == 1) ids.add(roleRight.getId());
        });
        return ids;
    }
    public String getFieldRight(long key, int type) {
        RoleRight right = getRoleRight(key);
        if (right == null) return "";
@@ -82,7 +89,7 @@ public class RoleRightContent {
        cache.forEach((k, v) -> {
            if (v == type) fields.add(k);
        });
        return CommUtil.getSqlInStr(fields);
        return StringUtil.join(fields,",");
    }
    public Map<String, Object> getDataRight(long key) {
--- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/CoreInterceptor.java
+++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/CoreInterceptor.java
@@ -1,7 +1,15 @@
 package cc.smtweb.framework.core;
 import cc.smtweb.framework.core.cache.redis.RedisManager;
 import cc.smtweb.framework.core.common.SwConsts;
 import cc.smtweb.framework.core.exception.BizException;
 import cc.smtweb.framework.core.mvc.controller.IEditor;
 import cc.smtweb.framework.core.mvc.realm.exception.ForbiddenException;
 import cc.smtweb.framework.core.mvc.realm.exception.UnauthenticatedException;
 import cc.smtweb.framework.core.session.SessionUtil;
 import cc.smtweb.framework.core.session.UserSession;
 import cc.smtweb.framework.core.util.NumberUtil;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.web.servlet.HandlerInterceptor;
 import org.springframework.web.servlet.ModelAndView;
@@ -15,6 +23,7 @@ public class CoreInterceptor implements HandlerInterceptor {
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        if (!SwConsts.SysParam.SYS_STARTED) throw new BizException("系统启动中，请稍候...");
        SessionUtil.checkSession(request);
        return HandlerInterceptor.super.preHandle(request, response, handler);
    }
--- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/annotation/SwPerm.java
+++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/annotation/SwPerm.java
@@ -1,26 +0,0 @@
 package cc.smtweb.framework.core.annotation;
 import java.lang.annotation.ElementType;
 import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
 import java.lang.annotation.Target;
 /**
 * 被该注释修饰的方法都会经过切面拦截校验权限，默认是需要已登录权限
 *
 * @author kevin
 */
@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.METHOD, ElementType.TYPE})
 public @interface SwPerm {
    /**
     * 无权限控制的值，在函数上注解@SwPerm(SwPerm.NONE)
     */
    static final String NONE = "*";
    static final String SESSION = "";
    /**
     * 权限定义值
     */
    String value() default SESSION;
 }
--- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/cache/SessionCacheFactory.java
+++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/cache/SessionCacheFactory.java
@@ -8,7 +8,7 @@ import java.util.concurrent.ConcurrentHashMap;
 */
 public class SessionCacheFactory {
    private static SessionCacheFactory INSTANCE = null;
    private Map<Long, SessionCache> buffer = new ConcurrentHashMap<>();
    private Map<String, SessionCache> buffer = new ConcurrentHashMap<>();
    private SessionCacheFactory() {
    }
@@ -27,10 +27,10 @@ public class SessionCacheFactory {
    //得到用户缓存对象
    public SessionCache getUserCache(long userId) {
        return getUserCache(userId, 0L);
        return getCache(String.valueOf(userId), 0L);
    }
    public SessionCache getUserCache(long userId, long timeout) {
    public SessionCache getCache(String userId, long timeout) {
        SessionCache cache;
        cache = buffer.get(userId);
@@ -41,11 +41,12 @@ public class SessionCacheFactory {
            buffer.put(userId, cache);
        }
        return cache;
    }
    //删除用户缓存
    public void remove(String userId) {
        buffer.remove(userId);
    }
 }
--- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/cache/redis/RedisSysTask.java
+++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/cache/redis/RedisSysTask.java
@@ -38,8 +38,6 @@ public class RedisSysTask implements ISysTask {
                        RedisBroadcastEvent redisBroadcast = JsonUtil.parse(message, RedisBroadcastEvent.class);
                        applicationContext.publishEvent(redisBroadcast);
 //          log.debug("Redis [" + channel + "] message:" + redisBroadcast);
                    }
                });
--- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/common/SwConsts.java
+++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/common/SwConsts.java
@@ -13,8 +13,17 @@ public interface SwConsts {
        public static String RUN_PROJECTS = "";
    }
    //错误码
    interface ErrorCode {
        //未登录
        int NO_LOGIN = 101;
        //指纹错误
        int TOKEN_INVALID = 102;
    }
    //启动顺序默认值
    int DEFAULT_ORDER = 1;
    //缓存中：树节点按parent的key
    String KEY_PARENT_ID = "pr";
    //级次码、字符串连接符
--- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/db/cache/ModelDatabaseCache.java
+++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/db/cache/ModelDatabaseCache.java
@@ -9,6 +9,7 @@ import cc.smtweb.framework.core.db.EntityDao;
 import cc.smtweb.framework.core.db.vo.ModelDatabase;
 import cc.smtweb.framework.core.db.vo.ModelProject;
 import cc.smtweb.framework.core.util.CommUtil;
 import cc.smtweb.framework.core.util.StringUtil;
 import org.apache.commons.lang3.StringUtils;
 import java.util.List;
@@ -47,6 +48,6 @@ public class ModelDatabaseCache extends AbstractCache<ModelDatabase> {
    public final String getName(long id) {
        ModelDatabase db = get(id);
        return db != null ? db.getName(): "";
        return db != null ? db.getName() : "";
    }
 }
--- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/exception/BizException.java
+++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/exception/BizException.java
@@ -10,6 +10,8 @@ public class BizException extends RuntimeException {
     *
     */
    private static final long serialVersionUID = 1L;
    //错误编号
    private int code = 0;
    public BizException() {
        super();
@@ -23,7 +25,20 @@ public class BizException extends RuntimeException {
        super(message);
    }
    public BizException(int code) {
        super();
        this.code = code;
    }
    public BizException(int code, String message) {
        super(message);
        this.code = code;
    }
    public BizException(Throwable cause) {
        super(cause.getMessage(), cause);
    }
    public int getCode() {
        return code;
    }
 }
--- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/exception/SwExceptionHandler.java
+++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/exception/SwExceptionHandler.java
@@ -0,0 +1,29 @@
 package cc.smtweb.framework.core.exception;
 import cc.smtweb.framework.core.common.R;
 import org.springframework.web.bind.annotation.ControllerAdvice;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.ResponseBody;
 /**
 * Created by Akmm at 2022-09-07 20:13
 * 异常统一处理
 */
@ControllerAdvice
 public class SwExceptionHandler {
    /**
     * 系统异常处理
     *
     * @param e
     * @return
     */
    @ExceptionHandler(Exception.class)
    @ResponseBody
    public R error(Exception e) {
        if (e instanceof BizException) {
            return R.error(((BizException) e).getCode(), e.getMessage());
        }
        e.printStackTrace();
        return R.error("系统异常，请联系技术支持人员！");
    }
 }
--- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/config/WebMvcConfig.java
+++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/config/WebMvcConfig.java
@@ -64,7 +64,7 @@ public class WebMvcConfig implements WebMvcConfigurer {
    @Bean
    public MethodAccessManager methodAccessManager(CacheManager cacheManager) {
        return new MethodAccessManager(redisManager, cacheManager);
        return new MethodAccessManager(cacheManager);
    }
    @Override
--- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/controller/MethodAccessManager.java
+++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/controller/MethodAccessManager.java
@@ -8,7 +8,6 @@ import cc.smtweb.framework.core.mvc.SchedulerManager;
 import cc.smtweb.framework.core.mvc.controller.access.IMethodAccess;
 import cc.smtweb.framework.core.mvc.controller.access.MethodAccess;
 import cc.smtweb.framework.core.mvc.controller.scan.BeanManager;
 import cc.smtweb.framework.core.mvc.realm.interceptor.PermInterceptor;
 import cc.smtweb.framework.core.mvc.realm.service.PermChecker;
 import cc.smtweb.framework.core.mvc.scheduler.SchedulerTaskManager;
 import lombok.Getter;
@@ -27,15 +26,13 @@ import java.util.Map;
 public class MethodAccessManager {
    private Map<String, IMethodAccess> controllers;
    private IBeanContext beanContext;
    private PermInterceptor permInterceptor;
    private SchedulerTaskManager schedulerTaskManager;
    private MethodAccess[] destroyMethods;
    @Getter
    private CacheManager cacheManager;
    public MethodAccessManager(RedisManager redisManager, CacheManager cacheManager) {
        permInterceptor = new PermInterceptor(redisManager);
    public MethodAccessManager(CacheManager cacheManager) {
        this.cacheManager = cacheManager;
    }
@@ -47,8 +44,6 @@ public class MethodAccessManager {
        IMethodAccess methodAccess = controllers.get(url);
        if (methodAccess != null) {
            permInterceptor.preHandle(request, methodAccess.getPerm());
            return methodAccess.invoke(beanContext, params, body, request);
        }
@@ -71,7 +66,6 @@ public class MethodAccessManager {
        this.beanContext = beanManager.getBeanContext();
        this.controllers = beanManager.getControllers();
        this.destroyMethods = beanManager.loadDestroyMethods();
        this.permInterceptor.setCache(cache);
        // 启动定时任务
        this.schedulerTaskManager = SchedulerTaskManager.build(beanContext, beanManager.getTasks());
--- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/controller/SwResponseBodyAdvice.java
+++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/controller/SwResponseBodyAdvice.java
@@ -0,0 +1,34 @@
 package cc.smtweb.framework.core.mvc.controller;
 import cc.smtweb.framework.core.common.R;
 import cc.smtweb.framework.core.session.SessionUtil;
 import org.springframework.core.MethodParameter;
 import org.springframework.http.MediaType;
 import org.springframework.http.server.ServerHttpRequest;
 import org.springframework.http.server.ServerHttpResponse;
 import org.springframework.web.bind.annotation.ControllerAdvice;
 import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
 import org.springframework.web.servlet.mvc.method.annotation.ResponseBodyAdvice;
 /**
 * Created by Akmm at 2022-09-08 16:03
 * 统一添加指纹
 */
@ControllerAdvice
 public class SwResponseBodyAdvice implements ResponseBodyAdvice {
    @Override
    public boolean supports(MethodParameter returnType, Class converterType) {
        Class targetClass = returnType.getMethod().getDeclaringClass();
        return true;
    }
    @Override
    public Object beforeBodyWrite(Object body, MethodParameter returnType, MediaType selectedContentType, Class selectedConverterType, ServerHttpRequest request, ServerHttpResponse response) {
        if (body instanceof R) {
            SessionUtil.setFingerValue(((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest(), (R)body);
        }
        return body;
    }
 }
--- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/controller/access/IMethodAccess.java
+++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/controller/access/IMethodAccess.java
@@ -46,10 +46,4 @@ public interface IMethodAccess {
     */
    String fullName();
    /**
     * API权限
     *
     * @return 权限串
     */
    String getPerm();
 }
--- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/controller/access/MethodAccess.java
+++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/controller/access/MethodAccess.java
@@ -22,14 +22,12 @@ import java.util.Map;
 public class MethodAccess implements IMethodAccess {
    private final ControllerAccess controllerAccess;
    private final Method method;
    @Getter
    private final String perm;
    private final MethodParamAccess[] paramBinds;
    public MethodAccess(ControllerAccess controllerAccess, Method method, String perm, MethodParamAccess[] paramBinds) {
    public MethodAccess(ControllerAccess controllerAccess, Method method, MethodParamAccess[] paramBinds) {
        this.controllerAccess = controllerAccess;
        this.method = method;
        this.perm = perm;
        this.paramBinds = paramBinds;
    }
--- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/controller/scan/MethodParser.java
+++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/controller/scan/MethodParser.java
@@ -35,20 +35,13 @@ public class MethodParser {
    public void parse(Class<?> clazz, ControllerAccess controllerAccess, boolean isApi) throws ParseException {
 //    this.controllerAccess = controllerAccess;
        // 服务的默认权限
        String classPerm = "";
        SwPerm swPerm = clazz.getAnnotation(SwPerm.class);
        if (swPerm != null) {
            classPerm = swPerm.value();
        }
        // 扫描方法注解
        for (Method m : clazz.getMethods()) {
            int modifier = m.getModifiers();
            // && (R.class.isAssignableFrom(m.getReturnType()))
            if (Modifier.isPublic(modifier) && !Modifier.isStatic(modifier) && !Object.class.equals(m.getDeclaringClass())) {
                MethodAccess methodAccess = parseMethod(controllerAccess, m, classPerm);
                MethodAccess methodAccess = parseMethod(controllerAccess, m);
                if (scanContext.dealMethod(m, methodAccess)) {
                    if (isApi) {
@@ -81,7 +74,7 @@ public class MethodParser {
        }
    }
    private MethodAccess parseMethod(ControllerAccess controllerAccess, Method method, String defaultPerm) {
    private MethodAccess parseMethod(ControllerAccess controllerAccess, Method method) {
        Class<?>[] paramTypes = method.getParameterTypes();
        Annotation[][] paramAnnotations = method.getParameterAnnotations();
@@ -146,14 +139,7 @@ public class MethodParser {
            }
        }
        // 得到权限注解
        String perm = defaultPerm;
        SwPerm swPerm = method.getAnnotation(SwPerm.class);
        if (swPerm != null) {
            perm = swPerm.value();
        }
        return new MethodAccess(controllerAccess, method, perm, paramBinds);
        return new MethodAccess(controllerAccess, method, paramBinds);
    }
 }
--- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/realm/interceptor/AbstractPermInterceptor.java
+++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/realm/interceptor/AbstractPermInterceptor.java
@@ -1,110 +0,0 @@
 package cc.smtweb.framework.core.mvc.realm.interceptor;
 import cc.smtweb.framework.core.annotation.SwPerm;
 import cc.smtweb.framework.core.cache.ISwCache;
 import cc.smtweb.framework.core.cache.redis.RedisManager;
 import cc.smtweb.framework.core.mvc.controller.IEditor;
 import cc.smtweb.framework.core.mvc.realm.exception.ForbiddenException;
 import cc.smtweb.framework.core.mvc.realm.exception.UnauthenticatedException;
 import cc.smtweb.framework.core.mvc.realm.service.PermCheckItem;
 import cc.smtweb.framework.core.mvc.realm.service.PermChecker;
 import cc.smtweb.framework.core.session.SessionUtil;
 import cc.smtweb.framework.core.session.UserSession;
 import org.apache.commons.lang3.StringUtils;
 import javax.servlet.http.HttpServletRequest;
 public class AbstractPermInterceptor {
    private final RedisManager redisManager;
    private ISwCache<Long, PermChecker> cacheService;
    public AbstractPermInterceptor(RedisManager redisManager) {
        this.redisManager = redisManager;
    }
    public void setCache(ISwCache<Long, PermChecker> cacheService) {
        this.cacheService = cacheService;
    }
    protected boolean handle(HttpServletRequest request, String permissionValue) {
        // 如果注解为null, 说明不需要拦截, 直接放过
        if (SwPerm.NONE.equals(permissionValue)) {
            return true;
        }
        // redis读取session，判断是否登录
        String token = SessionUtil.readToken(request);
        if ("design".equals(token)) return true;
        if (StringUtils.isBlank(token)) {
            throw new UnauthenticatedException("not find Auth-Token in header");
        }
        UserSession us = redisManager.get(token, UserSession.class);
        if (us == null) {
            throw new UnauthenticatedException("not find UserSession by token: " + token);
        }
        request.setAttribute(IEditor.USER_TOKEN, token);
        request.setAttribute(IEditor.USER_SESSION, us);
        // 如果标记了权限注解，则判断权限
        if (checkPermission(permissionValue, us)) {
            // 更新Token redis TTL
            redisManager.expire(token, RedisManager.SESSION_EXPIRE_SEC);
            return true;
        } else {
            throw new ForbiddenException("user not permission: " + permissionValue);
        }
    }
    /**
     * 权限检查
     */
    private boolean checkPermission(String permissionValue, UserSession us) {
        if (StringUtils.isBlank(permissionValue)) {
            return true;
        }
        // 从本地缓存或数据库中获取该用户的权限信息
        PermChecker permissionSet = cacheService.get(us.getUserId());
 //    if (MapUtils.isEmpty(permissionSet)) {
 //      throw new ForbiddenException("empty permission");
 //    }
        PermCheckItem permChecker = permissionSet.get(permissionValue);
        if (permChecker != null) {
            return true;
        }
        while (true) {
            permissionValue = getParentPermValue(permissionValue);
            if (permissionValue != null) {
                permChecker = permissionSet.get(permissionValue);
                if (permChecker != null && permChecker.isPerfixMath()) {
                    return true;
                }
            } else {
                break;
            }
        }
        return false;
    }
    private static String getParentPermValue(String permissionValue) {
        if (permissionValue.length() > 0) {
            int pos = permissionValue.lastIndexOf(':');
            if (pos > 0) {
                return permissionValue.substring(0, pos);
            }
            return "";
        }
        return null;
    }
 }
--- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/realm/interceptor/AuthorizationInterceptor.java
+++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/realm/interceptor/AuthorizationInterceptor.java
@@ -1,42 +0,0 @@
 package cc.smtweb.framework.core.mvc.realm.interceptor;
 import cc.smtweb.framework.core.annotation.SwPerm;
 import cc.smtweb.framework.core.cache.redis.RedisManager;
 import org.springframework.web.method.HandlerMethod;
 import org.springframework.web.servlet.HandlerInterceptor;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 /**
 * 暂时未使用，spring的拦截器方式判断权限
 */
 public class AuthorizationInterceptor extends AbstractPermInterceptor implements HandlerInterceptor {
    public AuthorizationInterceptor(RedisManager redisManager) {
        super(redisManager);
    }
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
            throws Exception {
        if (handler instanceof HandlerMethod) {
            HandlerMethod handlerMethod = (HandlerMethod) handler;
            // 获取方法上的注解
            SwPerm requiredSwPerm = handlerMethod.getMethod().getAnnotation(SwPerm.class);
            // 如果方法上的注解为空 则获取类的注解
            if (requiredSwPerm == null) {
                requiredSwPerm = handlerMethod.getMethod().getDeclaringClass().getAnnotation(SwPerm.class);
            }
            String requiredValue = null;
            if (requiredSwPerm != null) {
                requiredValue = requiredSwPerm.value();
            }
            return super.handle(request, requiredValue);
        }
        return true;
    }
 }
--- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/realm/interceptor/PermInterceptor.java
+++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/mvc/realm/interceptor/PermInterceptor.java
@@ -1,27 +0,0 @@
 package cc.smtweb.framework.core.mvc.realm.interceptor;
 import cc.smtweb.framework.core.cache.redis.RedisManager;
 import javax.servlet.http.HttpServletRequest;
 /**
 * 权限拦截器，在API请求处理中一起完成
 *
 * @author xkliu
 */
 public class PermInterceptor extends AbstractPermInterceptor {
    public PermInterceptor(RedisManager redisManager) {
        super(redisManager);
    }
    /**
     * 校验用户是否有API权限
     *
     * @param request         http请求
     * @param permissionValue 权限值
     * @return 是否有权限
     */
    public boolean preHandle(HttpServletRequest request, String permissionValue) {
        return super.handle(request, permissionValue);
    }
 }
--- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/session/SessionUtil.java
+++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/session/SessionUtil.java
@@ -1,12 +1,22 @@
 package cc.smtweb.framework.core.session;
 import cc.smtweb.framework.core.cache.SessionCache;
 import cc.smtweb.framework.core.cache.SessionCacheFactory;
 import cc.smtweb.framework.core.cache.redis.RedisManager;
 import cc.smtweb.framework.core.common.R;
 import cc.smtweb.framework.core.common.SwConsts;
 import cc.smtweb.framework.core.exception.BizException;
 import cc.smtweb.framework.core.mvc.controller.IEditor;
 import cc.smtweb.framework.core.mvc.realm.exception.UnauthenticatedException;
 import cc.smtweb.framework.core.util.NumberUtil;
 import cc.smtweb.framework.core.util.StringUtil;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.web.context.request.RequestContextHolder;
 import javax.servlet.http.HttpServletRequest;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.concurrent.atomic.AtomicInteger;
 /**
 * 〈session工具类〉
@@ -15,6 +25,96 @@ import javax.servlet.http.HttpServletRequest;
 * @since 1.0.0
 */
 public class SessionUtil {
    //登录令牌header名
    private final static String KEY_HEADER_SESSION = "Auth-Token";
    //url参数名
    private final static String KEY_PARAM_SESSION = "auth_token";
    //防止重复提交指纹-header名
    private final static String KEY_HEADER_FP_KEY = "Fpk_Token";
    private final static String KEY_HEADER_FP_VAL = "Fpv_Token";
    //url参数名
    private final static String KEY_PARAM_FP_KEY = "fpk";
    private final static String KEY_PARAM_FP_VAL = "fpv";
    //不需要校验登录的url
    public static List<String> notLoginUrl = new ArrayList<>();
    /*//不需要切换数据源的url，强制用主库
    public static List<String> notSetDbUrl = new ArrayList<>();*/
    //不需要验证合法性的url
    public static List<String> notCheckUrlValid = new ArrayList<>();
    //不算用户交互操作的url，用于管理session失效
    public static List<String> notInterActiveUrl = new ArrayList<>();
    static {
        notLoginUrl.add("/api/getVerifyCode");
        notLoginUrl.add("/api/bpm/auth/login");
        notLoginUrl.add("/fs/static/*");
        notLoginUrl.add("/custdb/*.do");
        notLoginUrl.add("/attach/upload.do");
        notLoginUrl.add("/attach/download.do");
        notLoginUrl.add("/attach/uploadBase64.do");
        notCheckUrlValid.add("/db/*.do");
        notCheckUrlValid.add("/custdb/*.do");
        notCheckUrlValid.add("/cust/common/httpService/service.do");
        notCheckUrlValid.add("/attach/upload.do");
        notCheckUrlValid.add("/attach/uploadBase64.do");
    }
    private static void addUrl(String url, List<String> list) {
        list.add(url);
    }
    //是否不需要url校验
    private static boolean isMatchUrl(String lasturi, List<String> list) {
        if (list.contains(lasturi)) return true;
        for (String s: list){
            if (StringUtil.match(s, lasturi)) return true;
        }
        return false;
    }
    //是否不需要登录验证
    public static boolean isNoLogin(String lasturi) {
        return isMatchUrl(lasturi, notLoginUrl);
    }
    //增加不需要登录的Uri
    public static void addNoLoginUri(String uri) {
        addUrl(uri, notLoginUrl);
    }
    /*//是否不需要切换库
    public static boolean isNoSetDb(String lasturi) {
        return isMatchUrl(lasturi, notSetDbUrl);
    }
    //增加不需要登录的Uri
    public static void addNoSetDbUrl(String uri) {
        addUrl(uri, notSetDbUrl);
    }*/
    //是否不需要url校验
    public static boolean isNoCheckValid(String lasturi) {
        return isMatchUrl(lasturi, notCheckUrlValid);
    }
    //增加不需要校验合法性的Uri
    public static void addNoCheckValidUri(String uri) {
        addUrl(uri, notCheckUrlValid);
    }
    //不算用户交互操作
    public static boolean isNoInterActive(String lasturi) {
        return isMatchUrl(lasturi, notInterActiveUrl);
    }
    //不算用户交互操作
    public static void addNoInterActiveUri(String uri) {
        addUrl(uri, notInterActiveUrl);
    }
    private SessionUtil() {
    }
@@ -23,41 +123,95 @@ public class SessionUtil {
    }
    public static String readToken(HttpServletRequest request) {
        String token = request.getHeader("Auth-Token");
        return readToken(request, KEY_HEADER_SESSION, KEY_PARAM_SESSION);
    }
    public static String readFingerKey(HttpServletRequest request) {
        return readToken(request, KEY_HEADER_FP_KEY, KEY_PARAM_FP_KEY);
    }
    public static int readFingerVal(HttpServletRequest request) {
        return NumberUtil.getIntIgnoreErr(readToken(request, KEY_HEADER_FP_VAL, KEY_PARAM_FP_VAL));
    }
    private static String readToken(HttpServletRequest request, String headerName, String paramName) {
        String token = request.getHeader(headerName);
        if (token == null) {
            token = request.getParameter("auth_token");
            token = request.getParameter(paramName);
        }
        return token;
    }
    public static UserSession checkSession(HttpServletRequest request, RedisManager redisManager) {
        String token = readToken(request);
    //无效登录异常
    public static void throwNoLogin() {
        throw new BizException(SwConsts.ErrorCode.NO_LOGIN);
    }
        if (StringUtils.isBlank(token)) {
            throw new UnauthenticatedException("not find Auth-Token in header");
    public static void checkSession(HttpServletRequest request) {
        //校验登录
        String lasturi = getUriLast(request.getContextPath(), request.getServletPath());
        String token = readToken(request);
        UserSession us = null;
        if (StringUtils.isNotBlank(token)) {
            us = RedisManager.getInstance().get(token, UserSession.class);
        }
        //校验登录
        final boolean isNologin ="design".equals(token) || isNoLogin(lasturi);
        if (!isNologin) {
            if (us == null) {
                throwNoLogin();
            }
        UserSession us = redisManager.get(token, UserSession.class);
        if (us == null) {
            throw new UnauthenticatedException("not find UserSession by token: " + token);
            request.setAttribute(IEditor.USER_TOKEN, token);
            request.setAttribute(IEditor.USER_SESSION, us);
        }
        return us;
        String fpk = readFingerKey(request);
        if (!StringUtil.isEmpty(fpk)) {
            //校验指纹
            String fpKey = us != null ? String.valueOf(us.getUserId()): request.getSession(true).getId();
            int fpv = readFingerVal(request);
            if (fpv > 0) {
                SessionCache cache = SessionCacheFactory.getInstance().getCache(KEY_PARAM_FP_KEY, 1200L);
                AtomicInteger ai = cache.get(fpKey + "_" + fpk);
                int bv = ai != null ? ai.get(): 0;
                if (fpv != bv) {
                    throw new BizException(SwConsts.ErrorCode.TOKEN_INVALID, "指纹错误，请勿重复提交！");
                }
            }
        }
    }
    //设置指纹
    public static void setFingerValue(HttpServletRequest request, R r) {
        String fpk = readFingerKey(request);
        if (!StringUtil.isEmpty(fpk)) {
            UserSession us = (UserSession) request.getAttribute(IEditor.USER_SESSION);
            String fpKey = us != null ? String.valueOf(us.getUserId()): request.getSession(true).getId();
            SessionCache cache = SessionCacheFactory.getInstance().getCache(KEY_PARAM_FP_KEY, 1200L);
    public static UserSession checkSession(String accessToken, RedisManager redisManager) {
        if (StringUtils.isBlank(accessToken)) {
            throw new UnauthenticatedException("not find Auth-Token in header");
        }
        UserSession us = redisManager.get(accessToken, UserSession.class);
        if (us == null) {
            throw new UnauthenticatedException("not find UserSession by token: " + accessToken);
            AtomicInteger ai = cache.get(fpKey + "_" + fpk);
            if (ai == null) {
                ai = new AtomicInteger(0);
                cache.put(fpKey + "_" + fpk, ai);
            }
            r.put(KEY_PARAM_FP_KEY, fpk);
            r.put(KEY_PARAM_FP_VAL, ai.incrementAndGet());
        }
    }
        return us;
    /**
     * 截取请求名称，如重 /${contextPath}/framework/loginpage.do中截出loginpage.do;
     *
     * @param contextPath /dfp
     * @param uri         /dfp/framework/loginpage.do
     */
    private static String getUriLast(String contextPath, String uri) {
        int index = uri.indexOf(contextPath+"/");
        if (index < 0) return uri;
        if (index > 1) return uri;
        return uri.substring(index + contextPath.length());
    }
 //    private static Session getShiroSession() {
--- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/util/SqlUtil.java
+++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/util/SqlUtil.java
@@ -3,6 +3,7 @@ package cc.smtweb.framework.core.util;
 import cc.smtweb.framework.core.common.AbstractEnum;
 import cc.smtweb.framework.core.common.IntEnum;
 import cc.smtweb.framework.core.common.StrEnum;
 import cc.smtweb.framework.core.db.EntityHelper;
 import org.apache.commons.lang3.StringUtils;
 import java.util.List;
@@ -22,7 +23,14 @@ public abstract class SqlUtil {
     * @return
     */
    public static String replaceTable(String sql) {
        return sql;
        return StringUtil.myReplaceStrEx(sql, "[#", "#]", new StringUtil.IStrHanlder() {
            @Override
            public String work(String src) {
                src = src.toUpperCase();
                return EntityHelper.getSchemaTableName(src);
            }
        });
    }
    /**
--- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/util/StringUtil.java
+++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/util/StringUtil.java
@@ -240,7 +240,7 @@ public class StringUtil {
     * @param delim the delimiter character(s) to use. (null value will join with no delimiter)
     * @return a String of all values in the list seperated by the delimiter
     */
    public static String join(List<String> list, String delim) {
    public static String join(Collection<String> list, String delim) {
        if (list == null || list.size() < 1)
            return null;
        StringBuffer buf = new StringBuffer();
@@ -254,6 +254,11 @@ public class StringUtil {
        return buf.toString();
    }
    public static String join(String[] list, String delim) {
        return join(Arrays.asList(list), delim);
    }
    /**
     * Splits a String on a delimiter into a List of Strings.
     *
@@ -490,7 +495,7 @@ public class StringUtil {
     * @return str
     */
    public static String checkNull(String strValue, String defaultValue) {
        return strValue == null ? defaultValue: strValue;
        return strValue == null ? defaultValue : strValue;
    }
    /**
--- a/smtweb-framework/pom.xml
+++ b/smtweb-framework/pom.xml
@@ -27,5 +27,10 @@
    <modules>
        <module>core</module>
        <module>bpm</module>
        <!--<module>../biz/qhcs-parent/qhcs</module>
        <module>../biz/pgzx-parent/wx-api</module>
        <module>../biz/pgzx-parent/pgzx</module>-->
    </modules>
 </project>