添加角色授权基本页面

2019-08-22 13:09:58 +08:00 · 2019-08-22 13:09:58 +08:00 · 8f06d530da
parent e1525a3e33
commit 8f06d530da
15 changed files with 502 additions and 82 deletions
--- a/datagear-management/src/main/java/org/datagear/management/domain/Authorization.java
+++ b/datagear-management/src/main/java/org/datagear/management/domain/Authorization.java
@ -16,17 +16,29 @@ public class Authorization extends AbstractStringIdEntity implements CreateUserE
 {
 	private static final long serialVersionUID = 1L;

-	/** 授权源对象类型：数据源实体 */
-	public static final String SOURCE_TYPE_DATA_SOURCE_ENTITY = "ST_DS_ENTITY";
+	/** 授权资源类型：数据源实体 */
+	public static final String RESOURCE_TYPE_DATA_SOURCE_ID = "DATA_SOURCE_ID";

-	/** 授权源对象类型：数据源匹配模式 */
-	public static final String SOURCE_TYPE_DATA_SOURCE_PATTERN = "ST_DS_PATTERN";
+	/** 授权资源类型：数据源通配符 */
+	public static final String RESOURCE_TYPE_DATA_SOURCE_PATTERN = "DATA_SOURCE_PATTERN";

-	/** 授权目标类型：用户 */
-	public static final String TARGET_TYPE_USER = "USER";
+	/** 授权主体类型：用户ID */
+	public static final String PRINCIPAL_TYPE_USER_ID = "USER_ID";

-	/** 授权目标类型：角色 */
-	public static final String TARGET_TYPE_ROLE = "ROLE";
+	/** 授权主体类型：角色ID */
+	public static final String PRINCIPAL_TYPE_ROLE_ID = "ROLE_ID";
+
+	/** 授权主体类型：匿名用户 */
+	public static final String PRINCIPAL_TYPE_ANONYMOUS = "ANONYMOUS";
+
+	/** 授权主体类型：全部注册用户 */
+	public static final String PRINCIPAL_TYPE_ALL_REG_USER = "ALL_REG_USER";
+
+	/** 授权主体：匿名用户 */
+	public static final String PRINCIPAL_ANONYMOUS = "anonymous";
+
+	/** 授权主体：全部注册用户 */
+	public static final String PRINCIPAL_ALL_REG_USER = "all_reg_user";

 	/** 权限：无 */
 	public static final String PERMISSION_NONE = "NONE";
@ -37,82 +49,88 @@ public class Authorization extends AbstractStringIdEntity implements CreateUserE
 	/** 权限：写 */
 	public static final String PERMISSION_WRITE = "WRITE";

-	/** 授权源对象 */
-	private String source;
+	/** 授权资源 */
+	private String resource;

-	/** 授权源对象类型 */
-	private String sourceType;
+	/** 授权资源类型 */
+	private String resourceType;

-	/** 授权目标 */
-	private String target;
+	/** 授权主体 */
+	private String principal;

-	/** 授权目标类型 */
-	private String targetType;
+	/** 授权主体类型 */
+	private String principalType;

 	/** 权限 */
 	private String permission;

-	/** 是否已禁用 */
-	private boolean enabled = false;
+	/** 是否启用 */
+	private boolean enabled = true;

 	/** 授权创建用户 */
 	private User createUser;

+	/** 授权资源名称 */
+	private String resourceName;
+
+	/** 授权主体名称 */
+	private String principalName;
+
 	public Authorization()
 	{
 		super();
 	}

-	public Authorization(String id, String source, String sourceType, String target, String targetType,
+	public Authorization(String resource, String resourceType, String principal, String principalType,
 			String permission, User createUser)
 	{
-		super(id);
-		this.source = source;
-		this.sourceType = sourceType;
-		this.target = target;
-		this.targetType = targetType;
+		super();
+		this.resource = resource;
+		this.resourceType = resourceType;
+		this.principal = principal;
+		this.principalType = principalType;
 		this.permission = permission;
 		this.createUser = createUser;
 	}

-	public String getSource()
+	public String getResource()
 	{
-		return source;
+		return resource;
 	}

-	public void setSource(String source)
+	public void setResource(String resource)
 	{
-		this.source = source;
+		this.resource = resource;
 	}

-	public String getSourceType()
+	public String getResourceType()
 	{
-		return sourceType;
+		return resourceType;
 	}

-	public void setSourceType(String sourceType)
+	public void setResourceType(String resourceType)
 	{
-		this.sourceType = sourceType;
+		this.resourceType = resourceType;
 	}

-	public String getTarget()
+	public String getPrincipal()
 	{
-		return target;
+		return principal;
 	}

-	public void setTarget(String target)
+	public void setPrincipal(String principal)
 	{
-		this.target = target;
+		this.principal = principal;
 	}

-	public String getTargetType()
+	public String getPrincipalType()
 	{
-		return targetType;
+		return principalType;
 	}

-	public void setTargetType(String targetType)
+	public void setPrincipalType(String principalType)
 	{
-		this.targetType = targetType;
+		this.principalType = principalType;
 	}

 	public String getPermission()
@ -125,21 +143,6 @@ public class Authorization extends AbstractStringIdEntity implements CreateUserE
 		this.permission = permission;
 	}

-	public boolean isPermissionNone()
-	{
-		return PERMISSION_NONE.equals(this.permission);
-	}
-
-	public boolean isPermissionRead()
-	{
-		return PERMISSION_READ.equals(this.permission);
-	}
-
-	public boolean isPermissionWrite()
-	{
-		return PERMISSION_WRITE.equals(this.permission);
-	}
-
 	public boolean isEnabled()
 	{
 		return enabled;
@ -162,10 +165,31 @@ public class Authorization extends AbstractStringIdEntity implements CreateUserE
 		this.createUser = createUser;
 	}

+	public String getResourceName()
+	{
+		return resourceName;
+	}
+
+	public void setResourceName(String resourceName)
+	{
+		this.resourceName = resourceName;
+	}
+
+	public String getPrincipalName()
+	{
+		return principalName;
+	}
+
+	public void setPrincipalName(String principalName)
+	{
+		this.principalName = principalName;
+	}
+
 	@Override
 	public String toString()
 	{
-		return getClass().getSimpleName() + " [id=" + getId() + ", source=" + source + ", sourceType=" + sourceType
-				+ ", target=" + target + ", targetType=" + targetType + ", permission=" + permission + "]";
+		return getClass().getSimpleName() + " [id=" + getId() + ", resource=" + resource + ", resourceType="
+				+ resourceType + ", principal=" + principal + ", principalType=" + principalType + ", permission="
+				+ permission + ", enabled=" + enabled + "]";
 	}
 }
--- a/datagear-management/src/main/java/org/datagear/management/service/RoleUserService.java
+++ b/datagear-management/src/main/java/org/datagear/management/service/RoleUserService.java
@ -4,9 +4,12 @@

 package org.datagear.management.service;

+import java.util.List;
+
 import org.datagear.management.domain.Role;
 import org.datagear.management.domain.RoleUser;
 import org.datagear.management.domain.User;
+import org.datagear.persistence.Query;

 /**
 * {@linkplain RoleUser}业务服务接口。
@ -41,4 +44,14 @@ public interface RoleUserService extends EntityService<String, RoleUser>
 	 * @return
 	 */
 	boolean[] addIfInexistence(RoleUser... roleUsers);
+
+	/**
+	 * 查询。
+	 * 
+	 * @param role
+	 * @param query
+	 * @return
+	 */
+	List<RoleUser> queryForRole(Role role, Query query);
+
 }
--- a/datagear-management/src/main/java/org/datagear/management/service/impl/RoleUserServiceImpl.java
+++ b/datagear-management/src/main/java/org/datagear/management/service/impl/RoleUserServiceImpl.java
@ -4,6 +4,7 @@

 package org.datagear.management.service.impl;

+import java.util.List;
 import java.util.Map;

 import org.apache.ibatis.session.SqlSessionFactory;
@ -11,6 +12,7 @@ import org.datagear.management.domain.Role;
 import org.datagear.management.domain.RoleUser;
 import org.datagear.management.domain.User;
 import org.datagear.management.service.RoleUserService;
+import org.datagear.persistence.Query;
 import org.mybatis.spring.SqlSessionTemplate;

 /**
@ -76,6 +78,15 @@ public class RoleUserServiceImpl extends AbstractMybatisEntityService<String, Ro
 		return re;
 	}

+	@Override
+	public List<RoleUser> queryForRole(Role role, Query query)
+	{
+		Map<String, Object> param = buildParamMap();
+		param.put("role", role);
+
+		return query("queryForRole", query, param);
+	}
+
 	@Override
 	protected String getSqlNamespace()
 	{
--- a/datagear-management/src/main/resources/org/datagear/management/ddl/datagear.sql
+++ b/datagear-management/src/main/resources/org/datagear/management/ddl/datagear.sql
@ -131,10 +131,10 @@ ALTER TABLE DATAGEAR_ROLE_USER ADD CONSTRAINT UK_RU_ROLE_USER_ID UNIQUE (RU_ROLE
 CREATE TABLE DATAGEAR_AUTHORIZATION
 (
 	AUTH_ID VARCHAR(50) NOT NULL,
-	AUTH_SOURCE VARCHAR(200) NOT NULL,
-	AUTH_SOURCE_TYPE VARCHAR(50) NOT NULL,
-	AUTH_TARGET VARCHAR(200) NOT NULL,
-	AUTH_TARGET_TYPE VARCHAR(50) NOT NULL,
+	AUTH_RESOURCE VARCHAR(200) NOT NULL,
+	AUTH_RESOURCE_TYPE VARCHAR(50) NOT NULL,
+	AUTH_PRINCIPAL VARCHAR(200) NOT NULL,
+	AUTH_PRINCIPAL_TYPE VARCHAR(50) NOT NULL,
 	AUTH_PERMISSION VARCHAR(50) NOT NULL,
 	AUTH_ENABLED VARCHAR(10) NOT NULL,
 	AUTH_CREATE_TIME TIMESTAMP,
--- a/datagear-management/src/main/resources/org/datagear/management/mapper/AuthorizationMapper.xml
+++ b/datagear-management/src/main/resources/org/datagear/management/mapper/AuthorizationMapper.xml
@ -6,22 +6,22 @@
 	<insert id="insert">
 		INSERT INTO DATAGEAR_AUTHORIZATION
 			(
-			AUTH_ID, AUTH_SOURCE, AUTH_SOURCE_TYPE, AUTH_TARGET, AUTH_TARGET_TYPE,
+			AUTH_ID, AUTH_RESOURCE, AUTH_RESOURCE_TYPE, AUTH_PRINCIPAL, AUTH_PRINCIPAL_TYPE,
 			AUTH_PERMISSION, AUTH_ENABLED, AUTH_CREATE_USER_ID
 			)
 		VALUES
 			(
-			#{entity.id}, #{entity.source}, #{entity.sourceType}, #{entity.target}, #{entity.targetType},
+			#{entity.id}, #{entity.resource}, #{entity.resourceType}, #{entity.principal}, #{entity.principalType},
 			#{entity.permission}, #{entity.enabled},#{entity.createUser.id}
 			)
 	</insert>
 	
 	<update id="update">
 		UPDATE DATAGEAR_AUTHORIZATION SET
-			AUTH_SOURCE = #{entity.source},
-			AUTH_SOURCE_TYPE = #{entity.sourceType},
-			AUTH_TARGET = #{entity.target},
-			AUTH_TARGET_TYPE = #{entity.targetType},
+			AUTH_RESOURCE = #{entity.resource},
+			AUTH_RESOURCE_TYPE = #{entity.resourceType},
+			AUTH_PRINCIPAL = #{entity.principal},
+			AUTH_PRINCIPAL_TYPE = #{entity.principalType},
 			AUTH_PERMISSION = #{entity.permission},
 			AUTH_ENABLED = #{entity.enabled}
 		WHERE
@ -83,10 +83,10 @@
 	<sql id="queryView">
 		SELECT
 			A.AUTH_ID AS ${_iq_}id${_iq_},
-			A.AUTH_SOURCE AS ${_iq_}source${_iq_},
-			A.AUTH_SOURCE_TYPE AS ${_iq_}sourceType${_iq_},
-			A.AUTH_TARGET AS ${_iq_}target${_iq_},
-			A.AUTH_TARGET_TYPE AS ${_iq_}targetType${_iq_},
+			A.AUTH_RESOURCE AS ${_iq_}resource${_iq_},
+			A.AUTH_RESOURCE_TYPE AS ${_iq_}resourceType${_iq_},
+			A.AUTH_PRINCIPAL AS ${_iq_}principal${_iq_},
+			A.AUTH_PRINCIPAL_TYPE AS ${_iq_}principalType${_iq_},
 			A.AUTH_PERMISSION AS ${_iq_}permission${_iq_},
 			A.AUTH_ENABLED AS ${_iq_}enabled${_iq_},
 			A.AUTH_CREATE_TIME AS ${_iq_}ceateTime${_iq_},
@ -108,7 +108,7 @@
 		<if test="queryKeyword != null">
 		AND
 		(
-			${_iq_}source${_iq_} LIKE #{queryKeyword}
+			${_iq_}resource${_iq_} LIKE #{queryKeyword}
 		)
 		</if>
 		<include refid="common.queryCondition" />
--- a/datagear-management/src/main/resources/org/datagear/management/mapper/RoleUserMapper.xml
+++ b/datagear-management/src/main/resources/org/datagear/management/mapper/RoleUserMapper.xml
@ -63,6 +63,17 @@
 		<include refid="common.queryOrder" />
 	</select>
 	
+	<select id="queryForRole" resultType="org.datagear.management.domain.RoleUser">
+		SELECT
+			T.*
+		FROM
+			(<include refid="queryView" />) T
+		WHERE
+			<include refid="queryCondition" />
+			AND T.${_iq_}role.id${_iq_} = #{role.id}
+		<include refid="common.queryOrder" />
+	</select>
+	
 	<select id="pagingQueryCount" resultType="int">
 		SELECT
 			COUNT(*)
--- a/datagear-persistence/src/main/java/org/datagear/persistence/support/DefaultPersistenceManager.java
+++ b/datagear-persistence/src/main/java/org/datagear/persistence/support/DefaultPersistenceManager.java
@ -20,7 +20,6 @@ import org.datagear.persistence.PersistenceManager;
 import org.datagear.persistence.QueryResultMetaInfo;
 import org.datagear.persistence.SqlBuilder;
 import org.datagear.persistence.mapper.Mapper;
-import org.datagear.util.expression.ExpressionResolver;
 import org.springframework.core.convert.ConversionService;

 /**
@ -101,7 +100,7 @@ public class DefaultPersistenceManager extends AbstractModelDataAccessObject imp
 		this.updatePersistenceOperation.setConversionService(conversionService);
 	}

-	public ExpressionResolver getVariableExpressionResolver()
+	public NameExpressionResolver getVariableExpressionResolver()
 	{
 		return variableExpressionResolver;
 	}
@ -113,7 +112,7 @@ public class DefaultPersistenceManager extends AbstractModelDataAccessObject imp
 		this.updatePersistenceOperation.setVariableExpressionResolver(variableExpressionResolver);
 	}

-	public ExpressionResolver getSqlExpressionResolver()
+	public NameExpressionResolver getSqlExpressionResolver()
 	{
 		return sqlExpressionResolver;
 	}
--- a/datagear-web/src/main/java/org/datagear/web/controller/AuthorizationController.java
+++ b/datagear-web/src/main/java/org/datagear/web/controller/AuthorizationController.java
@ -0,0 +1,169 @@
+/*
+ * Copyright 2018 datagear.tech. All Rights Reserved.
+ */
+
+package org.datagear.web.controller;
+
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.datagear.management.domain.Authorization;
+import org.datagear.management.domain.User;
+import org.datagear.management.service.AuthorizationService;
+import org.datagear.persistence.PagingQuery;
+import org.datagear.util.IDUtil;
+import org.datagear.web.OperationMessage;
+import org.datagear.web.util.WebUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.ResponseEntity;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+/**
+ * 授权管理控制器。
+ * 
+ * @author datagear@163.com
+ *
+ */
+@Controller
+@RequestMapping("/authorization")
+public class AuthorizationController extends AbstractController
+{
+	@Autowired
+	private AuthorizationService authorizationService;
+
+	public AuthorizationController()
+	{
+		super();
+	}
+
+	public AuthorizationController(AuthorizationService authorizationService)
+	{
+		super();
+		this.authorizationService = authorizationService;
+	}
+
+	public AuthorizationService getAuthorizationService()
+	{
+		return authorizationService;
+	}
+
+	public void setAuthorizationService(AuthorizationService authorizationService)
+	{
+		this.authorizationService = authorizationService;
+	}
+
+	@RequestMapping("/add")
+	public String add(HttpServletRequest request, org.springframework.ui.Model model)
+	{
+		Authorization authorization = new Authorization();
+
+		model.addAttribute("authorization", authorization);
+		model.addAttribute(KEY_TITLE_MESSAGE_KEY, "authorization.addAuthorization");
+		model.addAttribute(KEY_FORM_ACTION, "saveAdd");
+
+		return "/authorization/authorization_form";
+	}
+
+	@RequestMapping(value = "/saveAdd", produces = CONTENT_TYPE_JSON)
+	@ResponseBody
+	public ResponseEntity<OperationMessage> saveAdd(HttpServletRequest request, HttpServletResponse response,
+			Authorization authorization)
+	{
+		checkInput(authorization);
+
+		User user = WebUtils.getUser(request, response);
+
+		authorization.setId(IDUtil.uuid());
+		authorization.setCreateUser(user);
+
+		this.authorizationService.add(authorization);
+
+		return buildOperationMessageSaveSuccessResponseEntity(request);
+	}
+
+	@RequestMapping("/edit")
+	public String edit(HttpServletRequest request, HttpServletResponse response, org.springframework.ui.Model model,
+			@RequestParam("id") String id)
+	{
+		Authorization authorization = this.authorizationService.getById(id);
+
+		model.addAttribute("authorization", authorization);
+		model.addAttribute(KEY_TITLE_MESSAGE_KEY, "authorization.editAuthorization");
+		model.addAttribute(KEY_FORM_ACTION, "saveEdit");
+
+		return "/authorization/authorization_form";
+	}
+
+	@RequestMapping(value = "/saveEdit", produces = CONTENT_TYPE_JSON)
+	@ResponseBody
+	public ResponseEntity<OperationMessage> saveEdit(HttpServletRequest request, HttpServletResponse response,
+			Authorization authorization)
+	{
+		if (isEmpty(authorization.getId()))
+			throw new IllegalInputException();
+		checkInput(authorization);
+
+		this.authorizationService.update(WebUtils.getUser(request, response), authorization);
+
+		return buildOperationMessageSaveSuccessResponseEntity(request);
+	}
+
+	@RequestMapping("/view")
+	public String view(HttpServletRequest request, HttpServletResponse response, org.springframework.ui.Model model,
+			@RequestParam("id") String id)
+	{
+		Authorization authorization = this.authorizationService.getById(id);
+
+		if (authorization == null)
+			throw new RecordNotFoundException();
+
+		model.addAttribute("authorization", authorization);
+		model.addAttribute(KEY_TITLE_MESSAGE_KEY, "authorization.viewAuthorization");
+		model.addAttribute(KEY_READONLY, true);
+
+		return "/authorization/authorization_form";
+	}
+
+	@RequestMapping(value = "/delete", produces = CONTENT_TYPE_JSON)
+	@ResponseBody
+	public ResponseEntity<OperationMessage> delete(HttpServletRequest request, HttpServletResponse response,
+			@RequestParam("id") String[] ids)
+	{
+		this.authorizationService.deleteByIds(WebUtils.getUser(request, response), ids);
+
+		return buildOperationMessageDeleteSuccessResponseEntity(request);
+	}
+
+	@RequestMapping(value = "/query")
+	public String query(HttpServletRequest request, HttpServletResponse response, org.springframework.ui.Model model)
+	{
+		model.addAttribute(KEY_TITLE_MESSAGE_KEY, "authorization.manageAuthorization");
+
+		return "/authorization/authorization_grid";
+	}
+
+	@RequestMapping(value = "/queryData", produces = CONTENT_TYPE_JSON)
+	@ResponseBody
+	public List<Authorization> queryData(HttpServletRequest request, HttpServletResponse response) throws Exception
+	{
+		PagingQuery pagingQuery = getPagingQuery(request, null);
+
+		List<Authorization> authorizations = this.authorizationService.query(WebUtils.getUser(request, response),
+				pagingQuery);
+
+		return authorizations;
+	}
+
+	protected void checkInput(Authorization authorization) throws IllegalInputException
+	{
+		if (isEmpty(authorization.getResource()) || isEmpty(authorization.getResourceType())
+				|| isEmpty(authorization.getPrincipal()) || isEmpty(authorization.getPrincipalType())
+				|| isEmpty(authorization.getPermission()))
+			throw new IllegalInputException();
+	}
+}
--- a/datagear-web/src/main/java/org/datagear/web/controller/RoleController.java
+++ b/datagear-web/src/main/java/org/datagear/web/controller/RoleController.java
@ -198,11 +198,17 @@ public class RoleController extends AbstractController

 	@RequestMapping(value = "/user/queryData", produces = CONTENT_TYPE_JSON)
 	@ResponseBody
-	public List<RoleUser> userQueryData(HttpServletRequest request, HttpServletResponse response) throws Exception
+	public List<RoleUser> userQueryData(HttpServletRequest request, HttpServletResponse response,
+			@RequestParam("roleId") String roleId) throws Exception
 	{
+		Role role = this.roleService.getById(roleId);
+
+		if (role == null)
+			throw new RecordNotFoundException();
+
 		PagingQuery pagingQuery = getPagingQuery(request, null);

-		List<RoleUser> roleUsers = this.roleUserService.query(pagingQuery);
+		List<RoleUser> roleUsers = this.roleUserService.queryForRole(role, pagingQuery);

 		return roleUsers;
 	}
@ -244,7 +250,7 @@ public class RoleController extends AbstractController
 	@Override
 	protected String buildMessageCode(String code)
 	{
-		return buildMessageCode("user", code);
+		return buildMessageCode("role", code);
 	}

 	public static class RoleUsersForm
--- a/datagear-web/src/main/resources/datagear-security.xml
+++ b/datagear-web/src/main/resources/datagear-security.xml
@ -44,6 +44,9 @@
 		<intercept-url pattern="/role/select" access="ROLE_USER" />
 		<intercept-url pattern="/role/**" access="ROLE_ADMIN" />
 		
+		<!-- 权限管理 -->
+		<intercept-url pattern="/authorization/**" access="ROLE_USER" />
+		
 		<!-- 全局设置 -->
 		<intercept-url pattern="/globalSetting/**" access="ROLE_ADMIN" />
 		
--- a/datagear-web/src/main/resources/locales/datagear.properties
+++ b/datagear-web/src/main/resources/locales/datagear.properties
@ -209,6 +209,7 @@ main.manageDriverEntity=\u7BA1\u7406\u9A71\u52A8\u7A0B\u5E8F
 main.manageUser=\u7BA1\u7406\u7528\u6237
 main.addUser=\u6DFB\u52A0\u7528\u6237
 main.manageRole=\u7BA1\u7406\u7528\u6237\u7EC4
+main.manageAuthorization=\u7BA1\u7406\u6743\u9650
 main.personalSet=\u4E2A\u4EBA\u8BBE\u7F6E
 main.changeTheme=\u5207\u6362\u80A4\u8272
 main.changeTheme.lightness=\u6D45\u8272
@ -520,11 +521,24 @@ role.viewRole=\u67E5\u770B\u7528\u6237\u7EC4
 role.manageRole=\u7BA1\u7406\u7528\u6237\u7EC4
 role.selectRole=\u9009\u62E9\u7528\u6237\u7EC4
 role.editUser=\u7BA1\u7406\u7528\u6237
-role.editAuthorization=\u8BBE\u7F6E\u6743\u9650
 role.roleEditUser=\u7528\u6237\u7EC4 - \u7BA1\u7406\u7528\u6237
 role.roleEditAuthorization=\u7528\u6237\u7EC4 - \u8BBE\u7F6E\u6743\u9650
 role.id=ID
 role.name=\u540D\u79F0
 role.description=\u63CF\u8FF0
 role.enabled=\u662F\u5426\u542F\u7528
-role.confirmDelete=\u786E\u5B9A\u5220\u9664\u9009\u4E2D\u7684\u7528\u6237\u7EC4\u5417\uFF1F
+role.confirmDelete=\u786E\u5B9A\u5220\u9664\u9009\u4E2D\u7684\u7528\u6237\u7EC4\u5417\uFF1F
+
+#authorization
+authorization.resource=\u6388\u6743\u8D44\u6E90
+authorization.resourceType=\u6388\u6743\u8D44\u6E90\u7C7B\u578B
+authorization.principal=\u6388\u6743\u4E3B\u4F53
+authorization.principalType=\u6388\u6743\u4E3B\u4F53\u7C7B\u578B
+authorization.permission=\u6743\u9650
+authorization.permission.NONE=\u65E0
+authorization.permission.READ=\u53EA\u8BFB
+authorization.permission.WRITE=\u53EF\u5199
+authorization.enabled=\u662F\u5426\u542F\u7528
+authorization.createUser=\u521B\u5EFA\u7528\u6237
+authorization.resourceName=\u6388\u6743\u8D44\u6E90\u540D\u79F0
+authorization.principalName=\u6388\u6743\u4E3B\u4F53\u540D\u79F0
--- a/datagear-web/src/main/webapp/WEB-INF/view/authorization/authorization_grid.ftl
+++ b/datagear-web/src/main/webapp/WEB-INF/view/authorization/authorization_grid.ftl
@ -0,0 +1,164 @@
+<#include "../include/import_global.ftl">
+<#include "../include/html_doctype.ftl">
+<#--
+String titleMessageKey 标题标签I18N关键字，不允许null
+String authorizationSource 固定授权源，允许为null
+String authorizationSourceType 固定授权源类型，允许为null
+-->
+<#assign selectonly=(selectonly!false)>
+<#assign dataModel=(dataModel!"full")>
+<html>
+<head>
+<#include "../include/html_head.ftl">
+<title><#include "../include/html_title_app_name.ftl"><@spring.message code='${titleMessageKey}' /></title>
+</head>
+<body class="fill-parent">
+<#if !isAjaxRequest>
+<div class="fill-parent">
+</#if>
+<div id="${pageId}" class="page-grid page-grid-hidden-foot page-grid-authorization">
+	<div class="head">
+		<div class="search">
+			<#include "../include/page_obj_searchform.html.ftl">
+		</div>
+		<div class="operation">
+			<input name="addButton" type="button" value="<@spring.message code='add' />" />
+			<input name="editButton" type="button" value="<@spring.message code='edit' />" />
+			<input name="viewButton" type="button" value="<@spring.message code='view' />" />
+			<input name="deleteButton" type="button" value="<@spring.message code='delete' />" />
+		</div>
+	</div>
+	<div class="content">
+		<table id="${pageId}-table" width="100%" class="hover stripe">
+		</table>
+	</div>
+	<div class="foot">
+		<div class="pagination-wrapper">
+			<div id="${pageId}-pagination" class="pagination"></div>
+		</div>
+	</div>
+</div>
+<#if !isAjaxRequest>
+</div>
+</#if>
+<#include "../include/page_js_obj.ftl">
+<#include "../include/page_obj_searchform_js.ftl">
+<#include "../include/page_obj_grid.ftl">
+<script type="text/javascript">
+(function(po)
+{
+	$.initButtons(po.element(".operation"));
+	
+	po.url = function(action)
+	{
+		return "${contextPath}/authorization/" + action;
+	};
+	
+	po.element("input[name=addButton]").click(function()
+	{
+		po.open(po.url("add"),
+		{
+			pageParam :
+			{
+				afterSave : function()
+				{
+					po.refresh();
+				}
+			}
+		});
+	});
+	
+	po.element("input[name=editButton]").click(function()
+	{
+		po.executeOnSelect(function(row)
+		{
+			var data = {"id" : row.id};
+			
+			po.open(po.url("edit"),
+			{
+				data : data,
+				pageParam :
+				{
+					afterSave : function()
+					{
+						po.refresh();
+					}
+				}
+			});
+		});
+	});
+	
+	po.element("input[name=viewButton]").click(function()
+	{
+		po.executeOnSelect(function(row)
+		{
+			var data = {"id" : row.id};
+			
+			po.open(po.url("view"),
+			{
+				data : data
+			});
+		});
+	});
+	
+	po.element("input[name=deleteButton]").click(
+	function()
+	{
+		po.executeOnSelects(function(rows)
+		{
+			po.confirm("<@spring.message code='confirmDelete' />",
+			{
+				"confirm" : function()
+				{
+					var data = $.getPropertyParamString(rows, "id");
+					
+					$.post(po.url("delete"), data, function()
+					{
+						po.refresh();
+					});
+				}
+			});
+		});
+	});
+	
+	var columnEnabled = $.buildDataTablesColumnSimpleOption("<@spring.message code='authorization.enabled' />", "enabled");
+	columnEnabled.render = function(data, type, row, meta)
+	{
+		if(data == true)
+			data = "<@spring.message code='yes' />";
+		else
+			data = "<@spring.message code='no' />";
+		
+		return data;
+	};
+	
+	var columnPermission = $.buildDataTablesColumnSimpleOption("<@spring.message code='authorization.permission' />", "permission");
+	columnPermission.render = function(data, type, row, meta)
+	{
+		if(data == "NONE")
+			data = "<@spring.message code='authorization.permission.NONE' />";
+		else if(data == "READ")
+			data = "<@spring.message code='authorization.permission.READ' />";
+		else if(data == "WRITE")
+			data = "<@spring.message code='authorization.permission.WRITE' />";
+		else
+			data = "";
+		
+		return data;
+	};
+	
+	var tableColumns = [
+		$.buildDataTablesColumnSimpleOption("<@spring.message code='authorization.id' />", "id", true),
+		$.buildDataTablesColumnSimpleOption("<@spring.message code='authorization.resourceName' />", "resourceName"),
+		$.buildDataTablesColumnSimpleOption("<@spring.message code='authorization.principalName' />", "principalName"),
+		columnPermission,
+		columnEnabled,
+		$.buildDataTablesColumnSimpleOption("<@spring.message code='authorization.createUser' />", "createUser.nameLabel")
+	];
+	var tableSettings = po.buildDataTableSettingsAjax(tableColumns, po.url("queryData"));
+	po.initDataTable(tableSettings);
+})
+(${pageId});
+</script>
+</body>
+</html>
--- a/datagear-web/src/main/webapp/WEB-INF/view/main.ftl
+++ b/datagear-web/src/main/webapp/WEB-INF/view/main.ftl
@ -393,6 +393,12 @@
 					$.setGridPageHeightOption(options);
 					po.open(contextPath+"/role/query", options);
 				}
+				else if($item.hasClass("system-set-authorization-manage"))
+				{
+					var options = {};
+					$.setGridPageHeightOption(options);
+					po.open(contextPath+"/authorization/query", options);
+				}
 				else if($item.hasClass("system-set-personal-set"))
 				{
 					po.open(contextPath+"/user/personalSet");
@ -1032,6 +1038,7 @@
 					<li class="system-set-user-manage"><a href="javascript:void(0);"><@spring.message code='main.manageUser' /></a></li>
 					<li class="system-set-user-add"><a href="javascript:void(0);"><@spring.message code='main.addUser' /></a></li>
 					<li class="system-set-rold-manage"><a href="javascript:void(0);"><@spring.message code='main.manageRole' /></a></li>
+					<li class="system-set-authorization-manage"><a href="javascript:void(0);"><@spring.message code='main.manageAuthorization' /></a></li>
 					<li class="ui-widget-header"></li>
 					</#if>
 					<li class="system-set-personal-set"><a href="javascript:void(0);"><@spring.message code='main.personalSet' /></a></li>
--- a/datagear-web/src/main/webapp/WEB-INF/view/role/role_grid.ftl
+++ b/datagear-web/src/main/webapp/WEB-INF/view/role/role_grid.ftl
@ -27,7 +27,6 @@ selectonly 是否选择操作，允许为null
 				<input name="addButton" type="button" value="<@spring.message code='add' />" />
 				<input name="editButton" type="button" value="<@spring.message code='edit' />" />
 				<input name="editUserButton" type="button" value="<@spring.message code='role.editUser' />" />
-				<input name="editAuthorizationButton" type="button" value="<@spring.message code='role.editAuthorization' />" />
 				<input name="viewButton" type="button" value="<@spring.message code='view' />" />
 				<input name="deleteButton" type="button" value="<@spring.message code='delete' />" />
 			</#if>
--- a/datagear-web/src/main/webapp/WEB-INF/view/role/role_user_grid.ftl
+++ b/datagear-web/src/main/webapp/WEB-INF/view/role/role_user_grid.ftl
@ -96,7 +96,7 @@
 		$.buildDataTablesColumnSimpleOption("<@spring.message code='user.name' />", "user.name"),
 		$.buildDataTablesColumnSimpleOption("<@spring.message code='user.realName' />", "user.realName")
 	];
-	var tableSettings = po.buildDataTableSettingsAjax(tableColumns, po.url("queryData"));
+	var tableSettings = po.buildDataTableSettingsAjax(tableColumns, po.url("queryData?roleId=" + po.role.id));
 	po.initDataTable(tableSettings);
 })
 (${pageId});