修改集团和区域公司判断功能权限的逻辑，组织机构相关团队中增加附加角色的概念

backend/inz.authmgr/src/main/java/com/beecode/inz/authmgr/config/AuthMgrConfig.java

@@ -7,11 +7,14 @@ import com.beecode.inz.authmgr.dao.AuthManagerDao;
 import com.beecode.inz.authmgr.exception.ExceptionReaper;
 import com.beecode.inz.authmgr.internal.dao.AuthManagerDaoImpl;
 import com.beecode.inz.authmgr.internal.service.AuthManagerServiceImpl;
+import com.beecode.inz.authmgr.internal.service.FunctionTreeServiceImpl;
 import com.beecode.inz.authmgr.internal.service.RoleManagerServiceImpl;
 import com.beecode.inz.authmgr.log.AuthmgrLogAspect;
 import com.beecode.inz.authmgr.service.AuthManagerService;
+import com.beecode.inz.authmgr.service.FunctionTreeService;
 import com.beecode.inz.authmgr.service.RoleManagerService;
 import com.beecode.inz.authmgr.web.AuthMgrController;
+import com.beecode.inz.authmgr.web.FunctionTreeController;
 import com.beecode.inz.authmgr.web.RoleController;
 import com.beecode.inz.authmgr.web.SysAuthMgrController;
 
@@ -58,4 +61,15 @@ public class AuthMgrConfig {
 	public RoleManagerService createRoleManagerService(){
 		return new RoleManagerServiceImpl();
 	}
+	
+	@Bean
+	public FunctionTreeController createFunctionTreeController() {
+		return new FunctionTreeController();
+	}
+	
+	@Bean
+	public FunctionTreeService createFunctionTreeService(){
+		return new FunctionTreeServiceImpl();
+	}
+	
 }

backend/inz.authmgr/src/main/java/com/beecode/inz/authmgr/internal/service/FunctionTreeServiceImpl.java

+package com.beecode.inz.authmgr.internal.service;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.UUID;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import com.beecode.amino.core.Amino;
+import com.beecode.bap.functree.FunctionNode;
+import com.beecode.bap.functree.FunctionTreeDefinition;
+import com.beecode.bap.functree.Mode;
+import com.beecode.bap.functree.service.FunctionNodeAuthentication;
+import com.beecode.bap.staff.BapContext;
+import com.beecode.bap.staff.service.StaffService;
+import com.beecode.bap2.common.license.LicenseProperty;
+import com.beecode.bap2.common.license.service.LicensePropertyService;
+import com.beecode.bcp.User;
+import com.beecode.bcp.authz.Privilege;
+import com.beecode.bcp.authz.Role;
+import com.beecode.bcp.authz.service.IdentityService;
+import com.beecode.bcp.authz.service.RoleService;
+import com.beecode.bcp.core.context.AminoContextHolder;
+import com.beecode.bcp.group.Group;
+import com.beecode.bcp.group.service.GroupService;
+import com.beecode.bcp.type.KClass;
+import com.beecode.bcp.type.KObject;
+import com.beecode.bcp.type.json.JSONObjectUtils;
+import com.beecode.inz.authmgr.domain.PrivilegeInfo;
+import com.beecode.inz.authmgr.domain.RoleGroupInfo;
+import com.beecode.inz.authmgr.exception.AuthDataMissingException;
+import com.beecode.inz.authmgr.service.AuthManagerService;
+import com.beecode.inz.authmgr.service.FunctionTreeService;
+import com.beecode.inz.basis.config.constants.AuthcMessageConstants.CommonRoleGroup;
+import com.beecode.inz.common.dao.FollowerDao;
+
+@Service
+public class FunctionTreeServiceImpl implements FunctionTreeService {
+	
+	@Autowired
+	private LicensePropertyService licensePropertyService;
+
+	@Autowired
+	private RoleService roleService;
+	
+	@Autowired
+	private StaffService staffService;
+	
+	@Autowired
+	private IdentityService identityService;
+	
+	@Autowired
+	private AuthManagerService authManagerService;
+	
+	@Autowired
+	private FollowerDao followerDao;
+	
+	@Autowired
+	private GroupService groupService;
+	
+	@Autowired
+	private BapContext bapContext;
+	
+	private static Logger logger = LoggerFactory.getLogger(FunctionTreeServiceImpl.class);
+
+	@Override
+	public FunctionTreeDefinition getFunctionTreeDefinition(String name) {
+		FunctionTreeDefinition definition = Amino.getApplicationMetadataContext().getExtendableBean(name,
+				FunctionTreeDefinition.class);
+		// 深拷贝功能树
+		FunctionTreeDefinition finalFunctionTreeDefinition = definition.clone().mergeParent();
+		List<FunctionNode> allFunctionNode = finalFunctionTreeDefinition.getFunctionNodes().getAllFunctionNode();
+		// 获得权限集合
+//		Set<Privilege> privilegeSet = finalFunctionTreeDefinition.getFunctionNodes().getPrivilegeSet();
+		
+		UUID identityId = null;
+		if(null!= AminoContextHolder.getContext().getIdentity()) {
+			identityId = AminoContextHolder.getContext().getIdentity().getId();
+		}
+		
+		//查询该用户拥有的功能权限列表
+		List<PrivilegeInfo> hasAuthSet = this.getCurrentStaffGrantAuth();
+		
+		// 获得对应权限map
+//		Map<UUID, Boolean> privilegeMap = privilegeService.canAccess(privilegeSet, identityId, null);
+		Map<UUID, Boolean> privilegeMap = new HashMap<UUID, Boolean>();
+		for(PrivilegeInfo privilege : hasAuthSet) {
+			privilegeMap.put(privilege.getId(), true);
+		}
+		// 获得当前角色
+		List<Role> roles = null;
+		if(null != identityId) {
+			roles = roleService.getByIdentity(identityId);
+		}
+		Map<String, Boolean> roleMap = new HashMap<String, Boolean>();
+		if (null != roles && !roles.isEmpty()) {
+			roles.forEach((role) -> roleMap.put(role.getName(), true));
+		}
+		Map<String, Boolean> LicenseResult = new HashMap<String, Boolean>();
+		// 获得所有功能类型校验接口
+		Collection<FunctionNodeAuthentication> functionNodeAuthentication = this.getAllAuthentication();
+		// 获得功能类型认证map
+		Map<FunctionNode, Boolean> authenticationMap = new HashMap<FunctionNode, Boolean>();
+		if (functionNodeAuthentication != null) {
+			this.pushAuthenticationMap(authenticationMap, functionNodeAuthentication, allFunctionNode, roles);
+		}
+		checkFunctionNodesAuth(allFunctionNode.iterator(), privilegeMap, roleMap, LicenseResult, authenticationMap);
+		return finalFunctionTreeDefinition;
+	}
+	
+	@Override
+	public List<PrivilegeInfo> getCurrentStaffGrantAuth() {
+		List<PrivilegeInfo> result = new ArrayList<PrivilegeInfo>();
+		//根据当前登录的组织机构id查询其自定义角色列表
+		List<Group> groups = groupService.getChildren(roleService.getRoleGroupCategoryId(), getRootGroup().getId());
+		if (groups != null) {
+			groups.forEach((children) -> {
+				RoleGroupInfo groupInfo = new RoleGroupInfo(children);
+				List<Role> roles = groupService.getItems(children.getId(), Role.class, null);
+				UUID currentRegionalCompany = getCurrentLoginRegionalCompany().getUuid("id");
+				
+				for(int i = 0; i < roles.size(); i++) {
+					List<User> user = identityService.getUsers(roles.get(i).getCreateUser());
+					KObject staff = staffService.getByUserId(user.get(0).getId());
+					List<String> ids = new ArrayList<String>();
+					ids.add(staff.getUuid("id").toString());
+					List<KObject> followingList = followerDao.loadByMemberIds("com.xyst.dinas.biz.follower.datamodel.OrganizationFollower", ids);
+					List<UUID> organizaitonList = new ArrayList<UUID>();
+					for(KObject following : followingList) {
+						organizaitonList.add(following.get("following").getUuid("id"));
+					}
+					if(!organizaitonList.contains(currentRegionalCompany)) {
+						roles.remove(i);
+						i--;
+					}
+				}
+				
+				groupInfo.setRoles(roles);
+				
+				//获取当前登录用户拥有的角色列表
+				KObject currentStaff = getCurrentStaff();
+				if(currentStaff != null) {
+					List<Role> staffRoleList = roleService.getByUser(currentStaff.get("user").getUuid("id"));
+					List<Role> commonRoleList = groupInfo.getRoles();
+					
+					//以上两个List取交集，得到当前登录用户在该组织机构内所拥有的角色
+					List<Role> resultRoleList = new ArrayList<Role>();
+					for(int i = 0; i < staffRoleList.size(); i++) {
+						for(int j = 0; j < commonRoleList.size(); j++) {
+							if(commonRoleList.get(j).getId().equals(staffRoleList.get(i).getId())) {
+								resultRoleList.add(staffRoleList.get(i));
+								break;
+							}
+						}
+					}
+					
+					for(int i = 0; i < resultRoleList.size(); i++) {
+						result.addAll(authManagerService.getPrivilegeInfoByRole(resultRoleList.get(i).getId()));
+					}
+				}
+			});
+		}
+		return result;
+	}
+	
+	/**
+	 * 获取当前登录的区域公司
+	 * @return
+	 */
+	public KObject getCurrentLoginRegionalCompany() {
+		Map<String, String> map = bapContext.getCurrentUserDatas();
+		String currentRegionalCompany = map.get("currentRegionalCompany");
+
+		KClass kClass = Amino.getApplicationMetadataContext().getBean("com.xyst.dinas.biz.datamodel.xystOrganization",
+				KClass.class);
+		KObject regionalCompany = JSONObjectUtils.toObject(currentRegionalCompany, kClass);
+		return regionalCompany;
+	}
+	
+	/**
+	 * 获取当前登录的用户
+	 * @return
+	 */
+	public KObject getCurrentStaff() {
+		try {
+			return bapContext.getCurrentStaff();
+		} catch (Exception e) {
+			e.printStackTrace();
+		}
+		return null;
+	}
+	
+	private Group getRootGroup() {
+		List<Group> commonRoleGroups = groupService.getByName(roleService.getRoleGroupCategoryId(),
+				CommonRoleGroup.NAME);
+		if (commonRoleGroups != null && commonRoleGroups.size() == 1) {
+			return commonRoleGroups.get(0);
+		}
+		throw new AuthDataMissingException("无法获取普通分组的根分组！");
+	}
+	
+	private void checkFunctionNodesAuth(Iterator<FunctionNode> it, Map<UUID, Boolean> privilegeMap,
+			Map<String, Boolean> roleMap, Map<String, Boolean> LicenseResult,
+			Map<FunctionNode, Boolean> authenticationMap) {
+		if (null == it) {
+			return;
+		}
+
+		while (it.hasNext()) {
+			FunctionNode node = it.next();
+
+			if (Mode.DISABLED == node.getMode()) {
+				it.remove();
+				continue;
+			}
+
+			if (Mode.REMOVE == node.getMode()) {
+				it.remove();
+				continue;
+			}
+
+			if (!checkLicense(LicenseResult, node.getLicense())) {// 无License权限
+				it.remove();
+				continue;
+			}
+
+			if (!checkPrivilege(privilegeMap, node.getPrivilege())) {// 无功能权限
+				it.remove();
+				continue;
+			}
+
+			if (!checkCategory(authenticationMap, node)) {// 无功能类型权限
+				it.remove();
+				continue;
+			}
+
+			if (!checkRole(roleMap, node.getRole())) {
+				it.remove();
+				continue;
+			}
+
+			if (!node.getChildren().isEmpty()) {
+				Iterator<FunctionNode> childrenIt = node.getChildren().iterator();
+				checkFunctionNodesAuth(childrenIt, privilegeMap, roleMap, LicenseResult, authenticationMap);
+				if (node.getChildren().isEmpty()) {// 权限校验完毕，当前节点的子节点全部被移除，则移除该节点本身
+					it.remove();
+					continue;
+				}
+			} else if (node.getFunctionDefinition() == null) {
+				it.remove();
+				continue;
+			}
+
+		}
+	}
+
+	private void pushAuthenticationMap(Map<FunctionNode, Boolean> authenticationMap,
+			Collection<FunctionNodeAuthentication> functionNodeAuthentication, List<FunctionNode> allFunctionNode,
+			List<Role> roles) {
+		Map<String, List<FunctionNode>> categoryMap = new HashMap<String, List<FunctionNode>>();
+		this.pushCategoryMap(categoryMap, allFunctionNode);
+		for (FunctionNodeAuthentication authentication : functionNodeAuthentication) {
+			// 获得功能类型
+			List<FunctionNode> nodeList = categoryMap.get(authentication.getFunctionCategory());
+			if (nodeList != null && nodeList.size() > 0) {
+				authenticationMap.putAll(authentication.authentication(nodeList, roles));
+			}
+		}
+	}
+
+	private Collection<FunctionNodeAuthentication> getAllAuthentication() {
+		Map<String, FunctionNodeAuthentication> beans = Amino.getApplicationMetadataContext()
+				.getBeansOfType(FunctionNodeAuthentication.class);
+		if (beans != null && beans.size() > 0) {
+			return beans.values();
+		}
+		return null;
+	}
+
+	private void pushCategoryMap(Map<String, List<FunctionNode>> functionNodeMap, List<FunctionNode> functionNodeList) {
+		functionNodeList.forEach((node) -> {
+			String view = null;
+			if (node.getFunctionDefinition() != null) {
+				view = node.getFunctionDefinition().getView().trim();
+			}
+			List<FunctionNode> functionNode = functionNodeMap.get(view);
+			if (functionNode == null || functionNode.size() == 0) {
+				ArrayList<FunctionNode> tempList = new ArrayList<FunctionNode>();
+				tempList.add(node);
+				functionNodeMap.put(view, tempList);
+			} else {
+				functionNode.add(node);
+			}
+			List<FunctionNode> children = node.getChildren();
+			if (children != null && children.size() > 0) {
+				this.pushCategoryMap(functionNodeMap, children);
+			}
+		});
+	}
+
+	private boolean checkCategory(Map<FunctionNode, Boolean> authenticationMap, FunctionNode node) {
+		Boolean result = authenticationMap.get(node);
+		return result == null ? true : result;
+	}
+
+	private boolean checkLicense(Map<String, Boolean> LicenseResult, String license) {
+		if (null == license || license.trim().length() == 0) {
+			return true;
+		}
+		if (null != LicenseResult.get(license)) {
+			return LicenseResult.get(license);
+		}
+
+		LicenseProperty property = licensePropertyService.getLicenseProperty(license);
+		if (null == property) {
+			return false;
+		}
+		LicenseResult.put(license, property.getBooleanValue());
+
+		return LicenseResult.get(license);
+	}
+
+	private boolean checkRole(Map<String, Boolean> roleMap, String role) {
+		if (role == null || role.trim().length() == 0) {
+			return true;
+		}
+		if (null == roleMap.get(role)) {
+			return false;
+		}
+
+		return roleMap.get(role);
+	}
+
+	private boolean checkPrivilege(Map<UUID, Boolean> privilegeMap, Privilege privilege) {
+		if (null == privilege) {
+			return true;
+		}
+		if (null == privilegeMap.get(privilege.getId())) {
+			logger.error("Get privilege [ id :{},title:{} ] access auth error ! ", privilege.getId(),
+					privilege.getTitle());
+			return false;
+		}
+		return privilegeMap.get(privilege.getId());
+	}
+
+}

backend/inz.authmgr/src/main/java/com/beecode/inz/authmgr/service/FunctionTreeService.java

+package com.beecode.inz.authmgr.service;
+
+import java.util.List;
+
+import com.beecode.bap.functree.FunctionTreeDefinition;
+import com.beecode.inz.authmgr.domain.PrivilegeInfo;
+
+public interface FunctionTreeService {
+
+	FunctionTreeDefinition getFunctionTreeDefinition(String name);
+	
+	List<PrivilegeInfo> getCurrentStaffGrantAuth();
+}

backend/inz.authmgr/src/main/java/com/beecode/inz/authmgr/web/AuthMgrController.java

@@ -49,6 +49,7 @@ import com.beecode.inz.authmgr.domain.RoleGroupInfo;
 import com.beecode.inz.authmgr.domain.StaffInfo;
 import com.beecode.inz.authmgr.exception.AuthDataMissingException;
 import com.beecode.inz.authmgr.service.AuthManagerService;
+import com.beecode.inz.authmgr.service.FunctionTreeService;
 import com.beecode.inz.authmgr.vo.AccessorPrivilegePara;
 import com.beecode.inz.common.dao.FollowerDao;
 import com.beecode.inz.common.service.ByIdService;
@@ -78,6 +79,9 @@ public class AuthMgrController {
 	private FollowerPrivilegeService followerPrivilegeService;
 	
 	@Autowired
+	private FunctionTreeService functionTreeService;
+	
+	@Autowired
 	private FollowerDao followerDao;
 
 	@Autowired
@@ -148,11 +152,21 @@ public class AuthMgrController {
 		} else {
 			Privilege privilege = Amino.getApplicationMetadataContext().getBean(privilegeName, Privilege.class);
 			Assert.notNull(privilege, "没有找到对应的权限项：" + privilegeName);
-			if (roleId == null) {
-				return privilegeService.canAccess(privilege.getId(), null);
-			} else {
-				return privilegeService.canAccess(privilege.getId(), roleId, null);
+			//修改判断单个功能权限的逻辑
+			List<PrivilegeInfo> privilegeInfoList = functionTreeService.getCurrentStaffGrantAuth();
+			boolean result = false;
+			for(PrivilegeInfo privilegeInfo : privilegeInfoList) {
+				if(privilegeInfo.getId().equals(privilege.getId())) {
+					result = true;
+					break;
+				}
 			}
+			return result;
+//			if (roleId == null) {
+//				return privilegeService.canAccess(privilege.getId(), null);
+//			} else {
+//				return privilegeService.canAccess(privilege.getId(), roleId, null);
+//			}
 		}
 
 	}
@@ -215,11 +229,19 @@ public class AuthMgrController {
 		boolean canAccess = false;
 		try {
 			Privilege privilege = Amino.getApplicationMetadataContext().getBean(privilegeName, Privilege.class);
-			if (roleId == null) {
-				canAccess = privilegeService.canAccess(privilege.getId(), null);
-			} else {
-				canAccess = privilegeService.canAccess(privilege.getId(), roleId, null);
+			//修改判断单个功能权限的逻辑
+			List<PrivilegeInfo> privilegeInfoList = functionTreeService.getCurrentStaffGrantAuth();
+			for(PrivilegeInfo privilegeInfo : privilegeInfoList) {
+				if(privilegeInfo.getId().equals(privilege.getId())) {
+					canAccess = true;
+					break;
+				}
 			}
+//			if (roleId == null) {
+//				canAccess = privilegeService.canAccess(privilege.getId(), null);
+//			} else {
+//				canAccess = privilegeService.canAccess(privilege.getId(), roleId, null);
+//			}
 		} catch (Exception e) {
 			logger.warn(MessageFormat.format("查询标志权限出错，具体参数为：权限项名称：【{0}】,角色id：【{1}】", privilegeName, roleId), e);
 			canAccess = false;
@@ -228,14 +250,19 @@ public class AuthMgrController {
 	}
 
 	@RequestMapping(value = "rolegroups/commongroup", method = RequestMethod.GET)
-	public List<RoleGroupInfo> getCommonRoleGroups() {
+	public List<RoleGroupInfo> getCommonRoleGroups(@RequestParam(name = "regionalCompanyId", required = false) UUID regionalCompanyId) {
 		List<RoleGroupInfo> roleGroupInfos = new ArrayList<>();
 		List<Group> groups = groupService.getChildren(roleService.getRoleGroupCategoryId(), getRootGroup().getId());
 		if (groups != null) {
 			groups.forEach((children) -> {
 				RoleGroupInfo groupInfo = new RoleGroupInfo(children);
 				List<Role> roles = groupService.getItems(children.getId(), Role.class, null);
-				KObject currentRegionalCompany = getCurrentLoginRegionalCompany();
+				UUID currentRegionalCompany = null;
+				if(regionalCompanyId != null) {
+					currentRegionalCompany = regionalCompanyId;
+				} else {
+					currentRegionalCompany = getCurrentLoginRegionalCompany().getUuid("id");
+				}
 				
 				for(int i = 0; i < roles.size(); i++) {
 					List<User> user = identityService.getUsers(roles.get(i).getCreateUser());
@@ -247,7 +274,7 @@ public class AuthMgrController {
 					for(KObject following : followingList) {
 						organizaitonList.add(following.get("following").getUuid("id"));
 					}
-					if(!organizaitonList.contains(currentRegionalCompany.getUuid("id"))) {
+					if(!organizaitonList.contains(currentRegionalCompany)) {
 						roles.remove(i);
 						i--;
 					}

backend/inz.authmgr/src/main/java/com/beecode/inz/authmgr/web/FunctionTreeController.java

+package com.beecode.inz.authmgr.web;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.util.StringUtils;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+
+import com.beecode.bap.functree.FunctionTreeDefinition;
+import com.beecode.bap.functree.util.FunctionTreeConstants;
+import com.beecode.bap.functree.vo.FunctionTreeObj;
+import com.beecode.inz.authmgr.service.FunctionTreeService;
+
+@RestController
+public class FunctionTreeController {
+	
+	@Autowired
+	private FunctionTreeService functionTreeService;
+
+	/**
+	 * 将BAP中的逻辑复制出来，修改其中逻辑
+	 * @param name
+	 * @return
+	 */
+	@RequestMapping(value = "/basis/xyst/functionTree", method = RequestMethod.GET)
+	public Object getFunctionTreeByName(@RequestParam(required = false) String name) {
+		
+		String functreeName = FunctionTreeConstants.DEFAULT_FUNCTION_TREE_METADATA_NAME;
+		if(StringUtils.hasLength(name)) {
+			functreeName = name;
+		}
+		FunctionTreeDefinition functionDefinition = functionTreeService.getFunctionTreeDefinition(functreeName);
+		return new FunctionTreeObj(functionDefinition);
+	}
+}

backend/inz.common/src/main/java/com/beecode/inz/common/internal/service/FollowerServiceImpl.java

@@ -5,6 +5,7 @@ import java.util.Arrays;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Optional;
 import java.util.UUID;
 
 import javax.transaction.Transactional;
@@ -13,6 +14,8 @@ import org.springframework.beans.factory.annotation.Autowired;
 
 import com.beecode.amino.metadata.context.support.ApplicationMetadataObjectSupport;
 import com.beecode.bap.staff.service.StaffService;
+import com.beecode.bcp.authz.Role;
+import com.beecode.bcp.authz.service.RoleService;
 import com.beecode.bcp.type.KClass;
 import com.beecode.bcp.type.KObject;
 import com.beecode.inz.common.dao.FollowerDao;
@@ -33,6 +36,9 @@ public class FollowerServiceImpl extends ApplicationMetadataObjectSupport implem
 	private StaffService staffService;
 	
 	@Autowired
+	private RoleService roleService;
+	
+	@Autowired
 	private ByIdService byIdService;
 
 	@Override
@@ -59,6 +65,10 @@ public class FollowerServiceImpl extends ApplicationMetadataObjectSupport implem
 				KObject kobject = type.newInstance();
 				kobject.set("role", body.getRole());
 				kobject.set("member", staff);
+				if(!body.getAttachRole().equals("")) {
+					Optional<Role> role = roleService.get(UUID.fromString(body.getAttachRole()));
+					kobject.set("attachRole", role.get().getId());
+				}
 				kobject.set(body.getEntityFieldName(), byIdService.byId(body.getEntityModelName(), UUID.fromString(body.getEntityIds()[i])));
 				kobject.set("readonly", body.getReadonly());
 				kobject.validate();

backend/inz.common/src/main/java/com/beecode/inz/common/pojo/FollowerEntityBatchAdd.java

@@ -4,6 +4,8 @@ public class FollowerEntityBatchAdd {
 	
 	private String role;
 	
+	private String attachRole;
+	
 	private String[][] staffIds;
 	
 	private Boolean readonly;
@@ -25,6 +27,14 @@ public class FollowerEntityBatchAdd {
 	}
 
 
+	public String getAttachRole() {
+		return attachRole;
+	}
+
+	public void setAttachRole(String attachRole) {
+		this.attachRole = attachRole;
+	}
+
 	public Boolean getReadonly() {
 		return readonly;
 	}

backend/inz.common/src/main/java/com/beecode/inz/common/web/FollowerController.java

@@ -4,8 +4,11 @@ package com.beecode.inz.common.web;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
+import java.util.Optional;
 import java.util.UUID;
 
+import org.json.JSONArray;
+import org.json.JSONObject;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -14,6 +17,8 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RestController;
 
+import com.beecode.bcp.authz.Role;
+import com.beecode.bcp.authz.service.RoleService;
 import com.beecode.bcp.type.KObject;
 import com.beecode.bcp.type.json.JSONObjectUtils;
 import com.beecode.inz.common.pojo.FollowerEntity;
@@ -22,6 +27,7 @@ import com.beecode.inz.common.pojo.FollowerEntityBatchDelete;
 import com.beecode.inz.common.pojo.FollowerEntityBatchEdit;
 import com.beecode.inz.common.pojo.FollowerEntityDelete;
 import com.beecode.inz.common.service.FollowerService;
+import com.fasterxml.jackson.databind.JsonNode;
 
 @RestController
 public class FollowerController {
@@ -29,17 +35,31 @@ public class FollowerController {
 	@Autowired
 	private FollowerService service;
 	
+	@Autowired
+	private RoleService roleService;
+	
 	@RequestMapping(value = "/common/followers/query", method = RequestMethod.POST, consumes = "application/json")
 	public Object query(@RequestBody FollowerEntity body) {
 		List<KObject> o = service.query(body);
+		JSONArray result = new JSONArray();
 		String s="";
 		if(o.size()<1){
 			s="[]";
 		}else{
 			for(KObject kObject : o){
 				kObject.setNull(body.getEntityFieldName());//断开json的死循环，这样做可能不妥
+				JsonNode node = JSONObjectUtils.toJson(kObject);
+				JSONObject obj = new JSONObject(node.toString());
+				UUID attachRole = kObject.getUuid("attachRole");
+				if(attachRole != null) {
+					Optional<Role> role = roleService.get(attachRole);
+					if(role.isPresent()) {
+						obj.put("attachRoleName", role.get().getTitle());
+					}
+				}
+				result.put(obj);
 			}
-			s = JSONObjectUtils.toJson(o, true, false).toString();
+			s = result.toString();
 		}
 	
 		return s;

backend/xyst.dinas.biz/src/main/model/com/xyst/dinas/biz/follower/datamodel/OrganizationFollower.mk

@@ -16,6 +16,10 @@
  				<annotation id='f4ec7a01-60f9-4da3-b262-7503c331d6f3' attributeId='6e6fec32-e8c0-4cca-acce-6fb94301355c' name='length' value='undefined'>
  				</annotation>
 			</attribute>
+			<attribute id='c2e179a2-a40b-421e-9665-0b3b6c9ca626' name='attachRole' columnName='attach_role' title='附加角色' type='uuid' default='' precision='' isArray='false'>
+ 				<annotation id='313c2ab2-5408-4252-b873-08c0fb9dd2a7' attributeId='9d00a458-100b-4b74-8a97-11bdda45a50a' name='length' value='undefined'>
+ 				</annotation>
+			</attribute>
 			<hibernate>/xyst.dinas.biz/src/main/resources/config/OrganizationFollower.hbm.xml</hibernate>
 		</dataModel>
 	</content>

backend/xyst.dinas.biz/src/main/resources/com/xyst/dinas/biz/follower/datamodel/OrganizationFollower.jmx

@@ -60,6 +60,25 @@
 					<m:description></m:description>
 					<m:default></m:default>
 				</m:attribute>
+				<m:attribute>
+					<m:annotations>
+						<m:annotation>
+							<m:type>javax.persistence.Column</m:type>
+							<m:properties>
+								<m:property>
+									<m:key>name</m:key>
+									<m:value>attach_role</m:value>
+								</m:property>
+							</m:properties>
+						</m:annotation>
+					</m:annotations>
+					<m:id>c2e179a2-a40b-421e-9665-0b3b6c9ca626</m:id>
+					<m:name>attachRole</m:name>
+					<m:title>附加角色</m:title>
+					<m:type>uuid</m:type>
+					<m:description></m:description>
+					<m:default></m:default>
+				</m:attribute>
 			</m:attributes>
 		</m:class>
 	</content>

backend/xyst.dinas.biz/src/main/resources/config/OrganizationFollower.hbm.xml

@@ -20,5 +20,8 @@
 		<many-to-one name="following" entity-name="com.xyst.dinas.biz.datamodel.xystOrganization" fetch="select">
 			<column name="following"  not-null="false"/>
 		</many-to-one>
+		<property name="attachRole" type="uuid-binary" not-null="false">
+			<column name="attach_role" length="16"></column>
+		</property>
 	</class>
 </hibernate-mapping>
\ No newline at end of file