优化权限控制,简化数据级权限控制

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/Permission.java

@@ -18,7 +18,6 @@
 package org.hswebframework.web.authorization;
 
 import org.hswebframework.web.authorization.access.DataAccessConfig;
-import org.hswebframework.web.authorization.access.FieldAccessConfig;
 
 import java.io.Serializable;
 import java.util.Set;
@@ -81,12 +80,6 @@ public interface Permission extends Serializable {
      */
     Set<String> getActions();
 
-    /**
-     * @return 用户对此权限持有的字段权限信息, 用于字段级别的控制
-     * @see FieldAccessConfig
-     */
-    Set<FieldAccessConfig> getFieldAccesses();
-
     /**
      * @return 用户对此权限持有的数据权限信息, 用于数据级别的控制
      * @see DataAccessConfig

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/access/CustomDataAccess.java

@@ -6,7 +6,7 @@ package org.hswebframework.web.authorization.access;
  * @author zhouhao
  * @see DefaultType#CUSTOM
  */
-public interface CustomDataAccess extends DataAccessConfig {
+public interface CustomDataAccessConfig extends DataAccessConfig {
 
     /**
      * @return 自定义的控制器

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/access/DataAccessConfig.java

@@ -28,7 +28,7 @@ import java.io.Serializable;
  * 具体的控制逻辑由控制器{@link DataAccessController}实现
  *
  * @author zhouhao
- * @see org.hswebframework.web.authorization.access.CustomDataAccess
+ * @see CustomDataAccessConfig
  * @see OwnCreatedDataAccessConfig
  * @see ScriptDataAccessConfig
  */
@@ -55,14 +55,46 @@ public interface DataAccessConfig extends Serializable {
     String getType();
 
     /**
-     * 内置3中控制方式
+     * 内置的控制方式
      */
     interface DefaultType {
-        //自己创建的数据
+        /**
+         * 自己创建的数据
+         *
+         * @see OwnCreatedDataAccessConfig#getType()
+         */
         String OWN_CREATED = "OWN_CREATED";
-        //脚本
-        String SCRIPT      = "SCRIPT";
-        //自定义控制器
-        String CUSTOM      = "CUSTOM";
+        /**
+         * 字段值范围
+         *
+         * @see FieldScopeDataAccessConfig#getType()
+         */
+        String FIELD_SCOPE = "FIELD_SCOPE";
+
+        /**
+         * 字段过滤,黑名单
+         *
+         * @see FieldFilterDataAccessConfig#getType()
+         */
+        String DENY_FIELDS = "DENY_FIELDS";
+
+        /**
+         * 字段过滤,白名单
+         *
+         * @see FieldFilterDataAccessConfig#getType()
+         */
+        String ALLOW_FIELDS = "ALLOW_FIELDS";
+        /**
+         * 自定义脚本方式
+         *
+         * @see ScriptDataAccessConfig#getType()
+         */
+        String SCRIPT       = "SCRIPT";
+        /**
+         * 自定义控制器
+         *
+         * @see CustomDataAccessConfig#getType()
+         */
+        String CUSTOM       = "CUSTOM";
     }
 }

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/access/FieldAccessConfig.java

@@ -1,34 +0,0 @@
-package org.hswebframework.web.authorization.access;
-
-import java.io.Serializable;
-import java.util.Set;
-
-/**
- * 字段级别权限控制配置,表示此用户不能对字段{@link this#getField()} 执行 {@link this#getActions()}操作
- *
- * @author zhouhao
- * @see FieldAccessController
- */
-public interface FieldAccessConfig extends Serializable {
-
-    /**
-     * @return 要控制的字段名称, 字段名称支持嵌套如: user.info.name
-     */
-    String getField();
-
-    /**
-     * @return 对此字段的操作权限
-     * @see org.hswebframework.web.authorization.Permission#ACTION_QUERY
-     * @see org.hswebframework.web.authorization.Permission#ACTION_UPDATE
-     */
-    Set<String> getActions();
-
-    default Type getType() {
-        return Type.DENY;
-    }
-
-    enum Type {
-        //目前仅支持 deny
-        DENY
-    }
-}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/access/FieldAccessController.java

@@ -1,24 +0,0 @@
-package org.hswebframework.web.authorization.access;
-
-import org.hswebframework.web.authorization.Permission;
-import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
-
-import java.util.Set;
-
-/**
- * 字段级权限控制器,用于控制对字段的操作权限。如:不同角色,可操作的字段不同等
- *
- * @author zhouhao
- */
-public interface FieldAccessController {
-
-    /**
-     * 执行权限验证。根据当前被拦截的操作类型,以及此类型可操作的字段集合进行权限验证
-     *
-     * @param action   当前操作的类型 {@link Permission#getActions()}
-     * @param accesses 不可操作的字段
-     * @param params   参数上下文
-     * @return 验证是否通过
-     */
-    boolean doAccess(String action, Set<FieldAccessConfig> accesses, MethodInterceptorParamContext params);
-}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/access/FieldFilterDataAccessConfig.java

@@ -0,0 +1,12 @@
+package org.hswebframework.web.authorization.access;
+
+import java.util.Set;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface FieldFilterDataAccessConfig extends DataAccessConfig {
+    Set<String> getFields();
+}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/access/FieldScopeDataAccessConfig.java

@@ -0,0 +1,23 @@
+package org.hswebframework.web.authorization.access;
+
+
+import static org.hswebframework.web.authorization.access.DataAccessConfig.DefaultType.FIELD_SCOPE;
+
+/**
+ * 范围数据权限控制配置
+ *
+ * @author zhouhao
+ * @see ScopeDataAccessConfig
+ * @since 3.0
+ */
+public interface FieldScopeDataAccessConfig extends ScopeDataAccessConfig {
+    /**
+     * @return 字段信息
+     */
+    String getField();
+
+    @Override
+    default String getType() {
+        return FIELD_SCOPE;
+    }
+}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/access/ScopeDataAccessConfig.java

@@ -0,0 +1,23 @@
+package org.hswebframework.web.authorization.access;
+
+import java.util.Set;
+
+/**
+ * 范围数据权限控制配置
+ *
+ * @author zhouhao
+ * @see DataAccessConfig
+ * @since 3.0
+ */
+public interface ScopeDataAccessConfig extends DataAccessConfig {
+
+    /**
+     * @return 范围类型
+     */
+    String getScopeType();
+
+    /**
+     * @return 自定义的控制范围
+     */
+    Set<Object> getScope();
+}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/annotation/RequiresFieldAccess.java

@@ -1,56 +0,0 @@
-/*
- * Copyright 2016 http://www.hswebframework.org
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *       http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- */
-
-package org.hswebframework.web.authorization.annotation;
-
-import org.hswebframework.web.authorization.Permission;
-import org.hswebframework.web.authorization.access.FieldAccessConfig;
-
-import java.lang.annotation.*;
-
-/**
- * 字段级权限控制注解,用于进行需要字段级别权限控制的声明.
- * <p>
- * 此注解仅用于声明此方法需要进行字段级权限控制,具体权限控制方式由控制器实{@link org.hswebframework.web.authorization.access.FieldAccessController}现
- * </p>
- *
- * @author zhouhao
- * @see org.hswebframework.web.authorization.access.FieldAccessController
- * @since 3.0
- */
-@Target({ElementType.TYPE, ElementType.METHOD})
-@Retention(RetentionPolicy.RUNTIME)
-@Documented
-public @interface RequiresFieldAccess {
-
-    /**
-     * @return permission id
-     * @see Permission#getId()
-     */
-    String permission();
-
-    /**
-     * @return action
-     * @see FieldAccessConfig#getActions()
-     */
-    String action();
-
-    Logical logical() default Logical.OR;
-
-    String paramName() default "";
-
-}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/builder/FieldAccessConfigBuilder.java

@@ -1,14 +0,0 @@
-package org.hswebframework.web.authorization.builder;
-
-import org.hswebframework.web.authorization.access.FieldAccessConfig;
-
-/**
- * TODO 完成注释
- *
- * @author zhouhao
- */
-public interface FieldAccessConfigBuilder {
-    FieldAccessConfigBuilder fromJson(String json);
-
-    FieldAccessConfig build();
-}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/builder/FieldAccessConfigBuilderFactory.java

@@ -1,10 +0,0 @@
-package org.hswebframework.web.authorization.builder;
-
-/**
- * TODO 完成注释
- *
- * @author zhouhao
- */
-public interface FieldAccessConfigBuilderFactory {
-    FieldAccessConfigBuilder create();
-}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/simple/AuthorizationAutoConfiguration.java

@@ -2,11 +2,9 @@ package org.hswebframework.web.authorization.simple;
 
 import org.hswebframework.web.authorization.builder.AuthenticationBuilderFactory;
 import org.hswebframework.web.authorization.builder.DataAccessConfigBuilderFactory;
-import org.hswebframework.web.authorization.builder.FieldAccessConfigBuilderFactory;
 import org.hswebframework.web.authorization.simple.builder.DataAccessConfigConvert;
 import org.hswebframework.web.authorization.simple.builder.SimpleAuthenticationBuilderFactory;
 import org.hswebframework.web.authorization.simple.builder.SimpleDataAccessConfigBuilderFactory;
-import org.hswebframework.web.authorization.simple.builder.SimpleFieldAccessConfigBuilderFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.context.properties.ConfigurationProperties;
@@ -26,12 +24,6 @@ public class AuthorizationAutoConfiguration {
     @Autowired(required = false)
     private List<DataAccessConfigConvert> dataAccessConfigConverts;
 
-    @Bean
-    @ConditionalOnMissingBean(FieldAccessConfigBuilderFactory.class)
-    public FieldAccessConfigBuilderFactory fieldAccessConfigBuilderFactory() {
-        return new SimpleFieldAccessConfigBuilderFactory();
-    }
-
     @Bean
     @ConditionalOnMissingBean(DataAccessConfigBuilderFactory.class)
     @ConfigurationProperties(prefix = "hsweb.authorization.data-access", ignoreInvalidFields = true)
@@ -45,8 +37,7 @@ public class AuthorizationAutoConfiguration {
 
     @Bean
     @ConditionalOnMissingBean(AuthenticationBuilderFactory.class)
-    public AuthenticationBuilderFactory authenticationBuilderFactory(DataAccessConfigBuilderFactory dataAccessConfigBuilderFactory
-            , FieldAccessConfigBuilderFactory fieldAccessConfigBuilderFactory) {
-        return new SimpleAuthenticationBuilderFactory(fieldAccessConfigBuilderFactory, dataAccessConfigBuilderFactory);
+    public AuthenticationBuilderFactory authenticationBuilderFactory(DataAccessConfigBuilderFactory dataAccessConfigBuilderFactory) {
+        return new SimpleAuthenticationBuilderFactory(dataAccessConfigBuilderFactory);
     }
 }

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/simple/SimpleCustomDataAccessConfig.java

@@ -1,21 +1,21 @@
 package org.hswebframework.web.authorization.simple;
 
-import org.hswebframework.web.authorization.access.CustomDataAccess;
+import org.hswebframework.web.authorization.access.CustomDataAccessConfig;
 import org.hswebframework.web.authorization.access.DataAccessController;
 
 /**
  * @author zhouhao
  */
-public class SimpleCustomDataAccessConfig extends AbstractDataAccessConfig implements CustomDataAccess {
+public class SimpleCustomDataAccessConfigConfig extends AbstractDataAccessConfig implements CustomDataAccessConfig {
 
     private String classOrBeanName;
 
     private transient DataAccessController instance;
 
-    public SimpleCustomDataAccessConfig() {
+    public SimpleCustomDataAccessConfigConfig() {
     }
 
-    public SimpleCustomDataAccessConfig(String classOrBeanName) {
+    public SimpleCustomDataAccessConfigConfig(String classOrBeanName) {
         this.classOrBeanName = classOrBeanName;
     }
 

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/simple/SimpleFieldAccess.java

@@ -1,37 +0,0 @@
-package org.hswebframework.web.authorization.simple;
-
-import org.hswebframework.web.authorization.access.FieldAccessConfig;
-
-import java.util.HashSet;
-import java.util.Set;
-
-public class SimpleFieldAccess implements FieldAccessConfig {
-    private String      field;
-    private Set<String> actions;
-
-    public SimpleFieldAccess() {
-    }
-
-    public SimpleFieldAccess(String field, Set<String> actions) {
-        this.field = field;
-        this.actions = actions;
-    }
-
-    @Override
-    public String getField() {
-        return field;
-    }
-
-    @Override
-    public Set<String> getActions() {
-        return new HashSet<>(actions);
-    }
-
-    public void setField(String field) {
-        this.field = field;
-    }
-
-    public void setActions(Set<String> actions) {
-        this.actions = actions;
-    }
-}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/simple/SimpleFieldFilterDataAccessConfig.java

@@ -0,0 +1,34 @@
+package org.hswebframework.web.authorization.simple;
+
+import org.hswebframework.web.authorization.access.FieldFilterDataAccessConfig;
+
+import java.util.Set;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class SimpleFieldFilterDataAccessConfig extends AbstractDataAccessConfig implements FieldFilterDataAccessConfig {
+    private Set<String> fields;
+
+    private String type;
+
+    @Override
+    public Set<String> getFields() {
+        return fields;
+    }
+
+    public void setFields(Set<String> fields) {
+        this.fields = fields;
+    }
+
+    @Override
+    public String getType() {
+        return type;
+    }
+
+    public void setType(String type) {
+        this.type = type;
+    }
+}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/simple/SimpleFiledScopeDataAccessConfig.java

@@ -0,0 +1,47 @@
+package org.hswebframework.web.authorization.simple;
+
+import org.hswebframework.web.authorization.access.FieldScopeDataAccessConfig;
+
+import java.util.Set;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class SimpleFiledScopeDataAccessConfig extends AbstractDataAccessConfig implements FieldScopeDataAccessConfig {
+
+    private String scopeType;
+
+    private Set<Object> scope;
+
+    private String field;
+
+    @Override
+    public String getScopeType() {
+        return scopeType;
+    }
+
+    public void setScopeType(String scopeType) {
+        this.scopeType = scopeType;
+    }
+
+    @Override
+    public Set<Object> getScope() {
+        return scope;
+    }
+
+    public void setScope(Set<Object> scope) {
+        this.scope = scope;
+    }
+
+    @Override
+    public String getField() {
+        return field;
+    }
+
+    public void setField(String field) {
+        this.field = field;
+    }
+
+}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/simple/SimplePermission.java

@@ -2,7 +2,6 @@ package org.hswebframework.web.authorization.simple;
 
 import org.hswebframework.web.authorization.Permission;
 import org.hswebframework.web.authorization.access.DataAccessConfig;
-import org.hswebframework.web.authorization.access.FieldAccessConfig;
 
 import java.util.Set;
 
@@ -17,8 +16,6 @@ public class SimplePermission implements Permission {
 
     private Set<String> actions;
 
-    private Set<FieldAccessConfig> fieldAccesses;
-
     private Set<DataAccessConfig> dataAccesses;
 
     public SimplePermission() {
@@ -47,15 +44,6 @@ public class SimplePermission implements Permission {
         this.actions = actions;
     }
 
-    @Override
-    public Set<FieldAccessConfig> getFieldAccesses() {
-        return fieldAccesses;
-    }
-
-    public void setFieldAccesses(Set<FieldAccessConfig> fieldAccesses) {
-        this.fieldAccesses = fieldAccesses;
-    }
-
     @Override
     public Set<DataAccessConfig> getDataAccesses() {
         return dataAccesses;

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/simple/builder/SimpleAuthenticationBuilder.java

@@ -9,7 +9,6 @@ import org.hswebframework.web.authorization.Role;
 import org.hswebframework.web.authorization.User;
 import org.hswebframework.web.authorization.builder.AuthenticationBuilder;
 import org.hswebframework.web.authorization.builder.DataAccessConfigBuilderFactory;
-import org.hswebframework.web.authorization.builder.FieldAccessConfigBuilderFactory;
 import org.hswebframework.web.authorization.simple.SimpleAuthentication;
 import org.hswebframework.web.authorization.simple.SimplePermission;
 import org.hswebframework.web.authorization.simple.SimpleRole;
@@ -27,18 +26,12 @@ import java.util.stream.Collectors;
 public class SimpleAuthenticationBuilder implements AuthenticationBuilder {
     private SimpleAuthentication authentication = new SimpleAuthentication();
 
-    private FieldAccessConfigBuilderFactory fieldBuilderFactory;
-    private DataAccessConfigBuilderFactory  dataBuilderFactory;
+    private DataAccessConfigBuilderFactory dataBuilderFactory;
 
-    public SimpleAuthenticationBuilder(FieldAccessConfigBuilderFactory fieldBuilderFactory, DataAccessConfigBuilderFactory dataBuilderFactory) {
-        this.fieldBuilderFactory = fieldBuilderFactory;
+    public SimpleAuthenticationBuilder(DataAccessConfigBuilderFactory dataBuilderFactory) {
         this.dataBuilderFactory = dataBuilderFactory;
     }
 
-    public void setFieldBuilderFactory(FieldAccessConfigBuilderFactory fieldBuilderFactory) {
-        this.fieldBuilderFactory = fieldBuilderFactory;
-    }
-
     public void setDataBuilderFactory(DataAccessConfigBuilderFactory dataBuilderFactory) {
         this.dataBuilderFactory = dataBuilderFactory;
     }
@@ -89,16 +82,11 @@ public class SimpleAuthenticationBuilder implements AuthenticationBuilder {
             SimplePermission permission = new SimplePermission();
             permission.setId(jsonObject.getString("id"));
             permission.setActions(new HashSet<>(jsonObject.getJSONArray("actions").toJavaList(String.class)));
-            permission.setFieldAccesses(jsonObject.getJSONArray("fieldAccesses").stream().map(JSONObject.class::cast)
-                    .map(fieldJson -> fieldBuilderFactory.create().fromJson(fieldJson.toJSONString()).build())
-                    .collect(Collectors.toSet()));
-
             permission.setDataAccesses(jsonObject.getJSONArray("dataAccesses").stream().map(JSONObject.class::cast)
                     .map(dataJson -> dataBuilderFactory.create().fromJson(dataJson.toJSONString()).build())
                     .collect(Collectors.toSet()));
             permissions.add(permission);
         }
-
         authentication.setPermissions(permissions);
         return this;
     }

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/simple/builder/SimpleAuthenticationBuilderFactory.java

@@ -3,7 +3,6 @@ package org.hswebframework.web.authorization.simple.builder;
 import org.hswebframework.web.authorization.builder.AuthenticationBuilder;
 import org.hswebframework.web.authorization.builder.AuthenticationBuilderFactory;
 import org.hswebframework.web.authorization.builder.DataAccessConfigBuilderFactory;
-import org.hswebframework.web.authorization.builder.FieldAccessConfigBuilderFactory;
 
 /**
  * TODO 完成注释
@@ -11,17 +10,15 @@ import org.hswebframework.web.authorization.builder.FieldAccessConfigBuilderFact
  * @author zhouhao
  */
 public class SimpleAuthenticationBuilderFactory implements AuthenticationBuilderFactory {
-    private FieldAccessConfigBuilderFactory fieldBuilderFactory;
 
     private DataAccessConfigBuilderFactory dataBuilderFactory;
 
-    public SimpleAuthenticationBuilderFactory(FieldAccessConfigBuilderFactory fieldBuilderFactory, DataAccessConfigBuilderFactory dataBuilderFactory) {
-        this.fieldBuilderFactory = fieldBuilderFactory;
+    public SimpleAuthenticationBuilderFactory(DataAccessConfigBuilderFactory dataBuilderFactory) {
         this.dataBuilderFactory = dataBuilderFactory;
     }
 
     @Override
     public AuthenticationBuilder create() {
-        return new SimpleAuthenticationBuilder(fieldBuilderFactory, dataBuilderFactory);
+        return new SimpleAuthenticationBuilder(dataBuilderFactory);
     }
 }

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/simple/builder/SimpleDataAccessConfigBuilderFactory.java

@@ -4,14 +4,18 @@ import com.alibaba.fastjson.JSON;
 import org.hswebframework.web.authorization.access.DataAccessConfig;
 import org.hswebframework.web.authorization.builder.DataAccessConfigBuilder;
 import org.hswebframework.web.authorization.builder.DataAccessConfigBuilderFactory;
-import org.hswebframework.web.authorization.simple.SimpleCustomDataAccessConfig;
-import org.hswebframework.web.authorization.simple.SimpleOwnCreatedDataAccessConfig;
+import org.hswebframework.web.authorization.simple.*;
 
 import javax.annotation.PostConstruct;
 import java.util.Arrays;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Objects;
+import java.util.function.BiFunction;
+
+import static org.hswebframework.web.authorization.access.DataAccessConfig.DefaultType.*;
+import static org.hswebframework.web.authorization.access.DataAccessConfig.DefaultType.CUSTOM;
+import static org.hswebframework.web.authorization.access.DataAccessConfig.DefaultType.OWN_CREATED;
 
 /**
  * TODO 完成注释
@@ -21,9 +25,12 @@ import java.util.Objects;
 public class SimpleDataAccessConfigBuilderFactory implements DataAccessConfigBuilderFactory {
 
     private List<String> defaultSupportConvert = Arrays.asList(
-            DataAccessConfig.DefaultType.CUSTOM
+            CUSTOM
 //            DataAccessConfig.DefaultType.SCRIPT
-            , DataAccessConfig.DefaultType.OWN_CREATED);
+            , OWN_CREATED,
+            FIELD_SCOPE,
+            DENY_FIELDS,
+            ALLOW_FIELDS);
 
     private List<DataAccessConfigConvert> converts = new LinkedList<>();
 
@@ -41,48 +48,48 @@ public class SimpleDataAccessConfigBuilderFactory implements DataAccessConfigBui
         return defaultSupportConvert;
     }
 
+    protected DataAccessConfigConvert createJsonConfig(String supportType, Class<? extends AbstractDataAccessConfig> clazz) {
+        return createConfig(supportType, (action, config) -> JSON.parseObject(config, clazz));
+    }
+
+
+    protected DataAccessConfigConvert createConfig(String supportType, BiFunction<String, String, ? extends DataAccessConfig> function) {
+        return new DataAccessConfigConvert() {
+            @Override
+            public boolean isSupport(String type, String action, String config) {
+                return supportType.equals(type);
+            }
+
+            @Override
+            public DataAccessConfig convert(String type, String action, String config) {
+                DataAccessConfig conf = function.apply(action, config);
+                if (conf instanceof AbstractDataAccessConfig) {
+                    ((AbstractDataAccessConfig) conf).setAction(action);
+                }
+                return conf;
+            }
+        };
+    }
+
     @PostConstruct
     public void init() {
-        if (defaultSupportConvert.contains(DataAccessConfig.DefaultType.OWN_CREATED))
-            converts.add(new DataAccessConfigConvert() {
-                @Override
-                public boolean isSupport(String type, String action, String config) {
-                    return DataAccessConfig.DefaultType.OWN_CREATED.equals(type);
-                }
+        if (defaultSupportConvert.contains(FIELD_SCOPE))
+            converts.add(createJsonConfig(FIELD_SCOPE, SimpleFiledScopeDataAccessConfig.class));
 
-                @Override
-                public DataAccessConfig convert(String type, String action, String config) {
-                    return new SimpleOwnCreatedDataAccessConfig(action);
-                }
-            });
-        if (defaultSupportConvert.contains(DataAccessConfig.DefaultType.SCRIPT))
-            converts.add(new DataAccessConfigConvert() {
-                @Override
-                public boolean isSupport(String type, String action, String config) {
-                    return DataAccessConfig.DefaultType.SCRIPT.equals(type);
-                }
+        if (defaultSupportConvert.contains(DENY_FIELDS))
+            converts.add(createJsonConfig(DENY_FIELDS, SimpleFieldFilterDataAccessConfig.class));
 
-                @Override
-                public DataAccessConfig convert(String type, String action, String config) {
-                    SimpleOwnCreatedDataAccessConfig access = JSON.parseObject(config, SimpleOwnCreatedDataAccessConfig.class);
-                    access.setAction(config);
-                    return access;
-                }
-            });
-        if (defaultSupportConvert.contains(DataAccessConfig.DefaultType.CUSTOM))
-            converts.add(new DataAccessConfigConvert() {
-                @Override
-                public boolean isSupport(String type, String action, String config) {
-                    return DataAccessConfig.DefaultType.CUSTOM.equals(type);
-                }
+        if (defaultSupportConvert.contains(ALLOW_FIELDS))
+            converts.add(createJsonConfig(ALLOW_FIELDS, SimpleFieldFilterDataAccessConfig.class));
 
-                @Override
-                public DataAccessConfig convert(String type, String action, String config) {
-                    SimpleCustomDataAccessConfig access = new SimpleCustomDataAccessConfig(config);
-                    access.setAction(action);
-                    return access;
-                }
-            });
+        if (defaultSupportConvert.contains(OWN_CREATED))
+            converts.add(createConfig(OWN_CREATED, (action, config) -> new SimpleOwnCreatedDataAccessConfig(action)));
+
+        if (defaultSupportConvert.contains(SCRIPT))
+            converts.add(createJsonConfig(SCRIPT, SimpleScriptDataAccessConfig.class));
+
+        if (defaultSupportConvert.contains(CUSTOM))
+            converts.add(createConfig(CUSTOM, (action, config) -> new SimpleCustomDataAccessConfigConfig(config)));
     }
 
     @Override

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/simple/builder/SimpleFieldAccessConfigBuilder.java

@@ -1,30 +0,0 @@
-package org.hswebframework.web.authorization.simple.builder;
-
-import com.alibaba.fastjson.JSON;
-import org.hswebframework.web.authorization.access.FieldAccessConfig;
-import org.hswebframework.web.authorization.builder.FieldAccessConfigBuilder;
-import org.hswebframework.web.authorization.simple.SimpleFieldAccess;
-
-import java.util.Objects;
-
-/**
- * TODO 完成注释
- *
- * @author zhouhao
- */
-public class SimpleFieldAccessConfigBuilder implements FieldAccessConfigBuilder {
-
-    private String json;
-
-    @Override
-    public FieldAccessConfigBuilder fromJson(String json) {
-        this.json = json;
-        return this;
-    }
-
-    @Override
-    public FieldAccessConfig build() {
-        Objects.requireNonNull(json);
-        return JSON.parseObject(json, SimpleFieldAccess.class);
-    }
-}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/simple/builder/SimpleFieldAccessConfigBuilderFactory.java

@@ -1,16 +0,0 @@
-package org.hswebframework.web.authorization.simple.builder;
-
-import org.hswebframework.web.authorization.builder.FieldAccessConfigBuilder;
-import org.hswebframework.web.authorization.builder.FieldAccessConfigBuilderFactory;
-
-/**
- * TODO 完成注释
- *
- * @author zhouhao
- */
-public class SimpleFieldAccessConfigBuilderFactory implements FieldAccessConfigBuilderFactory {
-    @Override
-    public FieldAccessConfigBuilder create() {
-        return new SimpleFieldAccessConfigBuilder();
-    }
-}

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/ShiroAutoConfiguration.java

@@ -35,17 +35,18 @@ import org.hswebframework.web.authorization.AuthenticationManager;
 import org.hswebframework.web.authorization.AuthenticationSupplier;
 import org.hswebframework.web.authorization.access.DataAccessController;
 import org.hswebframework.web.authorization.access.DataAccessHandler;
-import org.hswebframework.web.authorization.access.FieldAccessController;
 import org.hswebframework.web.authorization.shiro.boost.BoostAuthorizationAttributeSourceAdvisor;
 import org.hswebframework.web.authorization.shiro.boost.DefaultDataAccessController;
-import org.hswebframework.web.authorization.shiro.boost.DefaultFieldAccessController;
 import org.hswebframework.web.authorization.shiro.cache.SpringCacheManagerWrapper;
 import org.hswebframework.web.authorization.shiro.remember.SimpleRememberMeManager;
 import org.hswebframework.web.controller.message.ResponseMessage;
 import org.springframework.beans.BeansException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.config.BeanPostProcessor;
-import org.springframework.boot.autoconfigure.condition.*;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnNotWebApplication;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -160,17 +161,11 @@ public class ShiroAutoConfiguration {
         return accessController;
     }
 
-    @Bean
-    @ConditionalOnMissingBean
-    public DefaultFieldAccessController defaultFieldAccessController() {
-        return new DefaultFieldAccessController();
-    }
 
     @Bean
     public BoostAuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager,
-                                                                                        DataAccessController dataAccessController,
-                                                                                        FieldAccessController fieldAccessController) {
-        BoostAuthorizationAttributeSourceAdvisor advisor = new BoostAuthorizationAttributeSourceAdvisor(dataAccessController, fieldAccessController);
+                                                                                        DataAccessController dataAccessController) {
+        BoostAuthorizationAttributeSourceAdvisor advisor = new BoostAuthorizationAttributeSourceAdvisor(dataAccessController);
         advisor.setSecurityManager(securityManager);
         return advisor;
     }

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/boost/BoostAuthorizationAttributeSourceAdvisor.java

@@ -26,15 +26,11 @@ import org.apache.shiro.spring.security.interceptor.AopAllianceAnnotationsAuthor
 import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
 import org.hswebframework.web.AopUtils;
 import org.hswebframework.web.authorization.access.DataAccessController;
-import org.hswebframework.web.authorization.access.FieldAccessController;
 import org.hswebframework.web.authorization.annotation.Authorize;
 import org.hswebframework.web.authorization.annotation.RequiresDataAccess;
 import org.hswebframework.web.authorization.annotation.RequiresExpression;
-import org.hswebframework.web.authorization.annotation.RequiresFieldAccess;
 import org.hswebframework.web.boost.aop.context.MethodInterceptorHolder;
 import org.springframework.aop.support.StaticMethodMatcherPointcutAdvisor;
-import org.springframework.core.Ordered;
-import org.springframework.core.annotation.AnnotationUtils;
 
 import java.lang.annotation.Annotation;
 import java.lang.reflect.Method;
@@ -57,8 +53,7 @@ public class BoostAuthorizationAttributeSourceAdvisor extends StaticMethodMatche
                     //自定义
                     RequiresExpression.class,
                     Authorize.class,
-                    RequiresDataAccess.class,
-                    RequiresFieldAccess.class
+                    RequiresDataAccess.class
             };
 
     protected SecurityManager securityManager = null;
@@ -66,11 +61,9 @@ public class BoostAuthorizationAttributeSourceAdvisor extends StaticMethodMatche
     /**
      * Create a new AuthorizationAttributeSourceAdvisor.
      *
-     * @param dataAccessController  数据权限控制器
-     * @param fieldAccessController 字段权限控制器
+     * @param dataAccessController 数据权限控制器
      */
-    public BoostAuthorizationAttributeSourceAdvisor(DataAccessController dataAccessController,
-                                                    FieldAccessController fieldAccessController) {
+    public BoostAuthorizationAttributeSourceAdvisor(DataAccessController dataAccessController) {
         AopAllianceAnnotationsAuthorizingMethodInterceptor interceptor =
                 new AopAllianceAnnotationsAuthorizingMethodInterceptor() {
                     @Override
@@ -84,8 +77,6 @@ public class BoostAuthorizationAttributeSourceAdvisor extends StaticMethodMatche
         interceptor.getMethodInterceptors().add(new ExpressionAnnotationMethodInterceptor(resolver));
         // @RequiresDataAccess support
         interceptor.getMethodInterceptors().add(new DataAccessAnnotationMethodInterceptor(dataAccessController, resolver));
-        // @RequiresFieldAccess support
-        interceptor.getMethodInterceptors().add(new FieldAccessAnnotationMethodInterceptor(fieldAccessController, resolver));
         // @Authorize support
         interceptor.getMethodInterceptors().add(new SimpleAuthorizeMethodInterceptor(resolver));
         setAdvice(interceptor);

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/boost/DefaultDataAccessController.java

@@ -3,9 +3,7 @@ package org.hswebframework.web.authorization.shiro.boost;
 import org.hswebframework.web.authorization.access.DataAccessConfig;
 import org.hswebframework.web.authorization.access.DataAccessController;
 import org.hswebframework.web.authorization.access.DataAccessHandler;
-import org.hswebframework.web.authorization.shiro.boost.handler.CustomDataAccessHandler;
-import org.hswebframework.web.authorization.shiro.boost.handler.OwnCreatedDataAccessHandler;
-import org.hswebframework.web.authorization.shiro.boost.handler.ScriptDataAccessHandler;
+import org.hswebframework.web.authorization.shiro.boost.handler.*;
 import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
 
 import java.util.LinkedList;
@@ -34,6 +32,8 @@ public final class DefaultDataAccessController implements DataAccessController {
         addHandler(new CustomDataAccessHandler());
         addHandler(new OwnCreatedDataAccessHandler());
         addHandler(new ScriptDataAccessHandler());
+        addHandler(new FieldFilterDataAccessHandler());
+        addHandler(new FieldScopeDataAccessHandler());
     }
 
     @Override

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/boost/DefaultFieldAccessController.java

@@ -1,99 +0,0 @@
-package org.hswebframework.web.authorization.shiro.boost;
-
-import org.apache.commons.beanutils.BeanUtilsBean;
-import org.hswebframework.web.authorization.Permission;
-import org.hswebframework.web.authorization.access.FieldAccessConfig;
-import org.hswebframework.web.authorization.access.FieldAccessController;
-import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
-import org.hswebframework.web.commons.entity.Entity;
-import org.hswebframework.web.commons.entity.RecordCreationEntity;
-import org.hswebframework.web.commons.entity.param.QueryParamEntity;
-import org.hswebframework.web.commons.model.Model;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.util.Set;
-
-/**
- * 默认的字段级权限控制,目前已实现提供对查询(query),更新(update)的权限控制。
- * 控制方式主要是通过被拦截方法的参数类型进行识别,如果是可进行控制的参数类型,则通过修改参数属性等方式,进行控制。
- *
- * @author zhouhao
- * @see FieldAccessController
- * @since 3.0
- */
-public class DefaultFieldAccessController implements FieldAccessController {
-
-    private Logger logger = LoggerFactory.getLogger(DefaultFieldAccessController.class);
-
-    @Override
-    public boolean doAccess(String action, Set<FieldAccessConfig> accesses, MethodInterceptorParamContext params) {
-        //控制转发
-        switch (action) {
-            case Permission.ACTION_QUERY:
-                return doQueryAccess(accesses, params);
-            case Permission.ACTION_UPDATE:
-                return doUpdateAccess(accesses, params);
-            default:
-                logger.warn("action {} not support now!", action);
-        }
-        return false;
-    }
-
-    /**
-     * 执行更新操作的控制,此方法永远返回true.通过取得参数中实现{@link Entity}的参数,将把这个参数实体所对应不能操作的字段全部设置为null。 <br>
-     * 注意: 此方式还需要dao框架的支持(为null的字段不进行更新) <br>
-     * 如果没有{@link Entity}的参数,则不进行控制并给出警告信息
-     *
-     * @param accesses 不可操作的字段
-     * @param params   参数上下文
-     * @return true
-     * @see BeanUtilsBean
-     * @see org.apache.commons.beanutils.PropertyUtilsBean
-     */
-    protected boolean doUpdateAccess(Set<FieldAccessConfig> accesses, MethodInterceptorParamContext params) {
-        Object supportParam = params.getParams().values().stream()
-                .filter(param -> (param instanceof Entity) | (param instanceof Model))
-                .findAny().orElse(null);
-        if (null != supportParam) {
-            for (FieldAccessConfig access : accesses) {
-                try {
-                    //设置值为null,跳过修改
-                    BeanUtilsBean.getInstance()
-                            .getPropertyUtils()
-                            .setProperty(supportParam, access.getField(), null);
-                } catch (Exception e) {
-                }
-            }
-            if (supportParam instanceof RecordCreationEntity) {
-                RecordCreationEntity creationEntity = ((RecordCreationEntity) supportParam);
-                creationEntity.setCreateTime(null);
-                creationEntity.setCreatorId(null);
-            }
-        } else {
-            logger.warn("doUpdateAccess skip ,because can not found any entity in param!");
-        }
-        return true;
-    }
-
-    /**
-     * 执行查询的控制,查询主要针对参数为{@link QueryParamEntity}的动态条件查询,通过设置{@link QueryParamEntity#excludes(String...)}.指定不需要查询的字段
-     * 如果没有{@link QueryParamEntity}的参数,则不进行控制并给出警告信息
-     *
-     * @param accesses 不能查询的字段
-     * @param params   参数上下文
-     * @return true
-     */
-    protected boolean doQueryAccess(Set<FieldAccessConfig> accesses, MethodInterceptorParamContext params) {
-        QueryParamEntity paramEntity = params.getParams().values().stream()
-                .filter(QueryParamEntity.class::isInstance)
-                .map(QueryParamEntity.class::cast)
-                .findAny().orElse(null);
-        if (paramEntity != null) {
-            paramEntity.excludes(accesses.stream().map(FieldAccessConfig::getField).toArray(String[]::new));
-        } else {
-            logger.warn("doQueryAccess skip ,because can not found any QueryParamEntity in param!");
-        }
-        return true;
-    }
-}

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/boost/FieldAccessAnnotationMethodInterceptor.java

@@ -1,88 +0,0 @@
-/*
- * Copyright 2016 http://www.hswebframework.org
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *       http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- */
-
-package org.hswebframework.web.authorization.shiro.boost;
-
-import org.apache.shiro.aop.AnnotationResolver;
-import org.apache.shiro.authz.AuthorizationException;
-import org.apache.shiro.authz.aop.AuthorizingAnnotationHandler;
-import org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor;
-import org.hswebframework.web.authorization.Authentication;
-import org.hswebframework.web.authorization.AuthenticationHolder;
-import org.hswebframework.web.authorization.Permission;
-import org.hswebframework.web.authorization.access.FieldAccessConfig;
-import org.hswebframework.web.authorization.access.FieldAccessController;
-import org.hswebframework.web.authorization.annotation.RequiresFieldAccess;
-import org.hswebframework.web.boost.aop.context.MethodInterceptorHolder;
-import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.lang.annotation.Annotation;
-import java.util.Set;
-import java.util.stream.Collectors;
-
-/**
- * TODO 完成注释
- *
- * @author zhouhao
- */
-public class FieldAccessAnnotationMethodInterceptor extends AuthorizingAnnotationMethodInterceptor {
-
-    public FieldAccessAnnotationMethodInterceptor(FieldAccessController controller, AnnotationResolver resolver) {
-        super(new DataAccessAnnotationHandler(controller), resolver);
-    }
-
-    private static final Logger logger = LoggerFactory.getLogger(FieldAccessAnnotationMethodInterceptor.class);
-
-    static class DataAccessAnnotationHandler extends AuthorizingAnnotationHandler {
-        protected FieldAccessController fieldAccessController;
-
-        public DataAccessAnnotationHandler(FieldAccessController controller) {
-            super(RequiresFieldAccess.class);
-            this.fieldAccessController = controller;
-        }
-
-        @Override
-        public void assertAuthorized(Annotation a) throws AuthorizationException {
-            if (!(a instanceof RequiresFieldAccess)) return;
-            MethodInterceptorHolder holder = MethodInterceptorHolder.current();
-            if (null == holder) {
-                logger.warn("MethodInterceptorHolder is null!");
-                return;
-            }
-            RequiresFieldAccess accessAnn = ((RequiresFieldAccess) a);
-            MethodInterceptorParamContext context = holder.createParamContext();
-            Authentication authentication = Authentication
-                    .current()
-                    .orElseThrow(AuthorizationException::new);
-            
-            String permission = accessAnn.permission();
-            Permission permissionInfo = authentication.getPermission(permission);
-
-            Set<FieldAccessConfig> accesses = permissionInfo
-                    .getFieldAccesses()
-                    .stream()
-                    .filter(access -> access.getActions().contains(accessAnn.action()))
-                    .collect(Collectors.toSet());
-            boolean isAccess = fieldAccessController.doAccess(accessAnn.action(), accesses, context);
-            if (!isAccess) {
-                throw new AuthorizationException("{access_deny}");
-            }
-        }
-    }
-}

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/boost/handler/CustomDataAccessHandler.java

@@ -22,7 +22,7 @@ import org.hswebframework.web.authorization.access.*;
 import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
 
 /**
- * 当配置为自定义处理器时(实现{@link CustomDataAccess }接口),此处理器生效
+ * 当配置为自定义处理器时(实现{@link CustomDataAccessConfig }接口),此处理器生效
  *
  * @author zhouhao
  * @see 3.0
@@ -31,12 +31,12 @@ public class CustomDataAccessHandler implements DataAccessHandler {
 
     @Override
     public boolean isSupport(DataAccessConfig access) {
-        return access instanceof CustomDataAccess;
+        return access instanceof CustomDataAccessConfig;
     }
 
     @Override
     public boolean handle(DataAccessConfig access, MethodInterceptorParamContext context) {
-        CustomDataAccess custom = ((CustomDataAccess) access);
+        CustomDataAccessConfig custom = ((CustomDataAccessConfig) access);
         return custom.getController().doAccess(access, context);
     }
 }

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/boost/handler/FieldFilterDataAccessHandler.java

@@ -0,0 +1,85 @@
+package org.hswebframework.web.authorization.shiro.boost.handler;
+
+import org.apache.commons.beanutils.BeanUtilsBean;
+import org.hswebframework.web.authorization.Permission;
+import org.hswebframework.web.authorization.access.DataAccessConfig;
+import org.hswebframework.web.authorization.access.DataAccessHandler;
+import org.hswebframework.web.authorization.access.FieldFilterDataAccessConfig;
+import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
+import org.hswebframework.web.commons.entity.Entity;
+import org.hswebframework.web.commons.entity.param.QueryParamEntity;
+import org.hswebframework.web.commons.model.Model;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class FieldFilterDataAccessHandler implements DataAccessHandler {
+    private Logger logger = LoggerFactory.getLogger(this.getClass());
+
+    @Override
+    public boolean isSupport(DataAccessConfig access) {
+        return access instanceof FieldFilterDataAccessConfig;
+    }
+
+    @Override
+    public boolean handle(DataAccessConfig access, MethodInterceptorParamContext context) {
+        FieldFilterDataAccessConfig filterDataAccessConfig = ((FieldFilterDataAccessConfig) access);
+        switch (access.getAction()) {
+            case Permission.ACTION_QUERY:
+                return doQueryAccess(filterDataAccessConfig, context);
+            case Permission.ACTION_UPDATE:
+                return doUpdateAccess(filterDataAccessConfig, context);
+            default:
+                if (logger.isDebugEnabled())
+                    logger.debug("field filter not support for {}", access.getAction());
+                return true;
+        }
+    }
+
+    /**
+     * @param accesses 不可操作的字段
+     * @param params   参数上下文
+     * @return true
+     * @see BeanUtilsBean
+     * @see org.apache.commons.beanutils.PropertyUtilsBean
+     */
+    protected boolean doUpdateAccess(FieldFilterDataAccessConfig accesses, MethodInterceptorParamContext params) {
+        Object supportParam = params.getParams().values().stream()
+                .filter(param -> (param instanceof Entity) | (param instanceof Model))
+                .findAny().orElse(null);
+        if (null != supportParam) {
+            for (String field : accesses.getFields()) {
+                try {
+                    //设置值为null,跳过修改
+                    BeanUtilsBean.getInstance()
+                            .getPropertyUtils()
+                            .setProperty(supportParam, field, null);
+                } catch (Exception e) {
+                    logger.warn("can't set {} null", field, e);
+                }
+            }
+        } else {
+            logger.warn("doUpdateAccess skip ,because can not found any entity in param!");
+        }
+        return true;
+    }
+
+
+    protected boolean doQueryAccess(FieldFilterDataAccessConfig access, MethodInterceptorParamContext context) {
+        QueryParamEntity entity = context.getParams()
+                .values().stream()
+                .filter(QueryParamEntity.class::isInstance)
+                .map(QueryParamEntity.class::cast)
+                .findAny().orElse(null);
+        if (entity == null) {
+            logger.warn("try validate query access, but query entity is null or not instance of org.hswebframework.web.commons.entity.Entity");
+            return true;
+        }
+        entity.excludes(access.getFields().toArray(new String[access.getFields().size()]));
+        return true;
+    }
+}

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/boost/handler/FieldScopeDataAccessHandler.java

@@ -0,0 +1,114 @@
+package org.hswebframework.web.authorization.shiro.boost.handler;
+
+import org.apache.commons.beanutils.BeanUtilsBean;
+import org.apache.commons.beanutils.PropertyUtilsBean;
+import org.hsweb.ezorm.core.param.Term;
+import org.hsweb.ezorm.core.param.TermType;
+import org.hswebframework.web.authorization.Permission;
+import org.hswebframework.web.authorization.access.DataAccessConfig;
+import org.hswebframework.web.authorization.access.DataAccessHandler;
+import org.hswebframework.web.authorization.access.FieldScopeDataAccessConfig;
+import org.hswebframework.web.authorization.annotation.RequiresDataAccess;
+import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
+import org.hswebframework.web.commons.entity.param.QueryParamEntity;
+import org.hswebframework.web.controller.QueryController;
+import org.hswebframework.web.service.QueryService;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * @author zhouhao
+ */
+public class FieldScopeDataAccessHandler implements DataAccessHandler {
+    private PropertyUtilsBean propertyUtilsBean = BeanUtilsBean.getInstance().getPropertyUtils();
+
+    private final Logger logger = LoggerFactory.getLogger(this.getClass());
+
+    @Override
+    public boolean isSupport(DataAccessConfig access) {
+        return access instanceof FieldScopeDataAccessConfig;
+    }
+
+    @Override
+    public boolean handle(DataAccessConfig access, MethodInterceptorParamContext context) {
+        FieldScopeDataAccessConfig own = ((FieldScopeDataAccessConfig) access);
+        Object controller = context.getTarget();
+        if (controller != null) {
+            switch (access.getAction()) {
+                case Permission.ACTION_QUERY:
+                    return doQueryAccess(own, context);
+                case Permission.ACTION_GET:
+                case Permission.ACTION_DELETE:
+                case Permission.ACTION_UPDATE:
+                    return doRWAccess(own, context, controller);
+                case Permission.ACTION_ADD:
+                default:
+                    logger.warn("action: {} not support now!", access.getAction());
+            }
+        } else {
+            logger.warn("target is null!");
+        }
+        return true;
+    }
+
+    @SuppressWarnings("unchecked")
+    protected boolean doRWAccess(FieldScopeDataAccessConfig access, MethodInterceptorParamContext context, Object controller) {
+        //获取注解
+        RequiresDataAccess dataAccess = context.getAnnotation(RequiresDataAccess.class);
+        Object id = context.<String>getParameter(dataAccess.idParamName()).orElse(null);
+        //通过QueryController获取QueryService
+        //然后调用selectByPk 查询旧的数据,进行对比
+        if (controller instanceof QueryController) {
+            QueryService queryService = (QueryService) ((QueryController) controller).getService();
+            Object oldData = queryService.selectByPk(id);
+            if (oldData != null) {
+                try {
+                    Object value = propertyUtilsBean.getProperty(oldData, access.getField());
+                    return access.getScope().contains(value);
+                } catch (Exception e) {
+                    logger.error("can't read property {}", access.getField(), e);
+                }
+                return false;
+            }
+        } else {
+            logger.warn("controller is not instanceof QueryController");
+        }
+        return true;
+    }
+
+
+    protected boolean doQueryAccess(FieldScopeDataAccessConfig access, MethodInterceptorParamContext context) {
+        QueryParamEntity entity = context.getParams()
+                .values().stream()
+                .filter(QueryParamEntity.class::isInstance)
+                .map(QueryParamEntity.class::cast)
+                .findAny().orElse(null);
+        if (entity == null) {
+            logger.warn("try validate query access, but query entity is null or not instance of org.hswebframework.web.commons.entity.Entity");
+            return true;
+        }
+        //重构查询条件
+        //如: 旧的条件为 where column =? or column = ?
+        //重构后为: where creatorId=? and (column = ? or column = ?)
+        List<Term> oldParam = entity.getTerms();
+        //清空旧的查询条件
+        entity.setTerms(new ArrayList<>());
+        //添加一个查询条件
+        entity.addTerm(createQueryTerm(access))
+                //客户端提交的参数 作为嵌套参数
+                .nest().setTerms(oldParam);
+        return true;
+    }
+
+    protected Term createQueryTerm(FieldScopeDataAccessConfig access) {
+        Term term = new Term();
+        term.setType(Term.Type.and);
+        term.setColumn(access.getField());
+        term.setTermType(TermType.in);
+        term.setValue(access.getScope());
+        return term;
+    }
+}

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/boost/handler/OwnCreatedDataAccessHandler.java

@@ -53,7 +53,7 @@ public class OwnCreatedDataAccessHandler implements DataAccessHandler {
                     logger.warn("action: {} not support now!", access.getAction());
             }
         } else {
-            logger.warn("target is not instance of HswebController!");
+            logger.warn("target is null!");
         }
         return true;
     }
@@ -116,7 +116,7 @@ public class OwnCreatedDataAccessHandler implements DataAccessHandler {
             queryParamEntity.setTerms(new ArrayList<>());
             //添加一个查询条件
             queryParamEntity
-                    .where(RecordCreationEntity.creatorId,Authentication.current().orElseThrow(AuthorizeException::new).getUser().getId())
+                    .where(RecordCreationEntity.creatorId, Authentication.current().orElseThrow(AuthorizeException::new).getUser().getId())
                     //客户端提交的参数 作为嵌套参数
                     .nest().setTerms(oldParam);
         } else if (entity instanceof RecordCreationEntity) {

hsweb-boost/hsweb-boost-aop/src/main/java/org/hswebframework/web/boost/aop/context/MethodInterceptorHolder.java

@@ -36,6 +36,9 @@ import java.util.Optional;
  * @author zhouhao
  */
 public class MethodInterceptorHolder {
+    /**
+     * 参数名称获取器,用于获取方法参数的名称
+     */
     public static final ParameterNameDiscoverer nameDiscoverer = new LocalVariableTableParameterNameDiscoverer();
 
     public static MethodInterceptorHolder current() {
@@ -104,6 +107,14 @@ public class MethodInterceptorHolder {
         return args;
     }
 
+    public <T extends Annotation> T findMethodAnnotation(Class<T> annClass) {
+        return AopUtils.findMethodAnnotation(annClass, method, annClass);
+    }
+
+    public <T extends Annotation> T findClassAnnotation(Class<T> annClass) {
+        return AopUtils.findAnnotation(annClass, annClass);
+    }
+
     public <T extends Annotation> T findAnnotation(Class<T> annClass) {
         return AopUtils.findAnnotation(target.getClass(), method, annClass);
     }

hsweb-commons/hsweb-commons-utils/src/main/java/org/hswebframework/web/AopUtils.java

@@ -29,16 +29,25 @@ import java.util.Map;
 
 public class AopUtils {
 
-    public static <T extends Annotation> T findAnnotation(Class targetClass, Method method, Class<T> annClass) {
+    public static <T extends Annotation> T findMethodAnnotation(Class targetClass, Method method, Class<T> annClass) {
         Method m = method;
         T a = AnnotationUtils.findAnnotation(m, annClass);
         if (a != null) return a;
         m = ClassUtils.getMostSpecificMethod(m, targetClass);
         a = AnnotationUtils.findAnnotation(m, annClass);
-        if (a != null) return a;
+        return a;
+    }
+
+    public static <T extends Annotation> T findAnnotation(Class targetClass, Class<T> annClass) {
         return AnnotationUtils.findAnnotation(targetClass, annClass);
     }
 
+    public static <T extends Annotation> T findAnnotation(Class targetClass, Method method, Class<T> annClass) {
+        T a = findMethodAnnotation(targetClass, method, annClass);
+        if (a != null) return a;
+        return findAnnotation(targetClass, annClass);
+    }
+
     public static <T extends Annotation> T findAnnotation(JoinPoint pjp, Class<T> annClass) {
         MethodSignature signature = (MethodSignature) pjp.getSignature();
         Method m = signature.getMethod();

hsweb-commons/hsweb-commons-utils/src/main/java/org/hswebframework/web/ThreadLocalUtils.java

@@ -23,6 +23,16 @@ import java.util.Map;
 import java.util.function.Supplier;
 
 /**
+ * ThreadLocal 工具类,通过在ThreadLocal存储map信息,来实现在ThreadLocal中维护多个信息
+ * <br>e.g.<code>
+ * ThreadLocalUtils.put("key",value);<br>
+ * ThreadLocalUtils.get("key");<br>
+ * ThreadLocalUtils.remove("key");<br>
+ * ThreadLocalUtils.getAndRemove("key");<br>
+ * ThreadLocalUtils.get("key",()->defaultValue);<br>
+ * ThreadLocalUtils.clear();<br>
+ * </code>
+ *
  * @author zhouhao
  * @since 2.0
  */
@@ -30,39 +40,77 @@ import java.util.function.Supplier;
 public class ThreadLocalUtils {
     private static final ThreadLocal<Map<String, Object>> local = ThreadLocal.withInitial(HashMap::new);
 
+    /**
+     * 设置一个值到ThreadLocal
+     *
+     * @param key   键
+     * @param value 值
+     * @param <T>   值的类型
+     * @return 被放入的值
+     * @see Map#put(Object, Object)
+     */
     public static <T> T put(String key, T value) {
         local.get().put(key, value);
         return value;
     }
 
+    /**
+     * 删除参数对应的值
+     *
+     * @param key
+     * @see Map#remove(Object)
+     */
     public static void remove(String key) {
         local.get().remove(key);
     }
 
+    /**
+     * 清空ThreadLocal
+     *
+     * @see Map#clear()
+     */
     public static void clear() {
         local.remove();
     }
 
+    /**
+     * 从ThreadLocal中获取值
+     *
+     * @param key 键
+     * @param <T> 值泛型
+     * @return 值, 不存在则返回null, 如果类型与泛型不一致, 可能抛出{@link ClassCastException}
+     * @see Map#get(Object)
+     * @see ClassCastException
+     */
     public static <T> T get(String key) {
         return ((T) local.get().get(key));
     }
 
     /**
+     * 从ThreadLocal中获取值,并指定一个当值不存在的提供者
+     *
+     * @see Supplier
      * @since 3.0
      */
-    public static <T> T get(String key, Supplier<T> other) {
-        T val = ((T) local.get().get(key));
-        if (null != val) return val;
-        val = other.get();
-        local.get().put(key, val);
-        return val;
+    public static <T> T get(String key, Supplier<T> supplierOnNull) {
+        return ((T) local.get().computeIfAbsent(key, k -> supplierOnNull.get()));
     }
 
+    /**
+     * 获取一个值后然后删除掉
+     *
+     * @param key 键
+     * @param <T> 值类型
+     * @return 值, 不存在则返回null
+     * @see this#get(String)
+     * @see this#remove(String)
+     */
     public static <T> T getAndRemove(String key) {
         try {
-            return ((T) local.get().get(key));
+            return get(key);
         } finally {
-            local.get().remove(key);
+            remove(key);
         }
     }
+
 }

hsweb-examples/hsweb-examples-oauth2/hsweb-examples-oauth2-server/src/main/java/org/hswebframework/web/example/oauth2/OAuth2ServerApplication.java

@@ -104,10 +104,6 @@ public class OAuth2ServerApplication implements CommandLineRunner {
 //                "return true;" +
 //                "","groovy")));
 
-        //password 属性不能读取和修改
-        FieldAccessEntity fieldAccessEntity = new FieldAccessEntity();
-        fieldAccessEntity.setField("password");
-        fieldAccessEntity.setActions(Arrays.asList(Permission.ACTION_QUERY, Permission.ACTION_UPDATE));
 
         PermissionEntity permission = entityFactory.newInstance(PermissionEntity.class);
         permission.setName("测试");
@@ -115,7 +111,6 @@ public class OAuth2ServerApplication implements CommandLineRunner {
         permission.setStatus((byte) 1);
         permission.setActions(ActionEntity.create(Permission.ACTION_QUERY, Permission.ACTION_UPDATE));
         permission.setDataAccess(Arrays.asList(accessEntity, updateAccessEntity));
-        permission.setFieldAccess(Arrays.asList(fieldAccessEntity));
         permissionService.insert(permission);
 
         BindPermissionRoleEntity<PermissionRoleEntity> roleEntity = entityFactory.newInstance(BindPermissionRoleEntity.class);
@@ -124,7 +119,6 @@ public class OAuth2ServerApplication implements CommandLineRunner {
         permissionRoleEntity.setPermissionId("test");
         permissionRoleEntity.setActions(Arrays.asList(Permission.ACTION_QUERY, Permission.ACTION_UPDATE));
         permissionRoleEntity.setDataAccesses(permission.getDataAccess());
-        permissionRoleEntity.setFieldAccesses(permission.getFieldAccess());
         roleEntity.setId("admin");
         roleEntity.setName("test");
         roleEntity.setPermissions(Arrays.asList(permissionRoleEntity));

hsweb-examples/hsweb-examples-simple/src/main/java/org/hswebframework/web/example/simple/SpringBootExample.java

@@ -149,26 +149,20 @@ public class SpringBootExample implements CommandLineRunner {
         DataAccessEntity updateAccessEntity = new DataAccessEntity();
         updateAccessEntity.setType(DataAccessConfig.DefaultType.OWN_CREATED);
         updateAccessEntity.setAction(Permission.ACTION_UPDATE);
-        //脚本方式自定义控制
-//        updateAccessEntity.setConfig(JSON.toJSONString(new SimpleScriptDataAccess("" +
-//                "println(id);" +
-//                "println(entity);" +
-//                "println('脚本权限控制');" +
-//                "return true;" +
-//                "","groovy")));
-
-        //password 属性不能读取和修改
-        FieldAccessEntity fieldAccessEntity = new FieldAccessEntity();
-        fieldAccessEntity.setField("password");
-        fieldAccessEntity.setActions(Arrays.asList(Permission.ACTION_QUERY, Permission.ACTION_UPDATE));
+
+        //只能修改自己创建的数据
+        DataAccessEntity queryFieldsEntity = new DataAccessEntity();
+        updateAccessEntity.setType(DataAccessConfig.DefaultType.DENY_FIELDS);
+        updateAccessEntity.setAction(Permission.ACTION_UPDATE);
+        updateAccessEntity.setConfig("");
+
 
         PermissionEntity permission = entityFactory.newInstance(PermissionEntity.class);
         permission.setName("测试");
         permission.setId("test");
         permission.setStatus((byte) 1);
         permission.setActions(ActionEntity.create(Permission.ACTION_QUERY, Permission.ACTION_UPDATE));
-        permission.setDataAccess(Arrays.asList(accessEntity, updateAccessEntity));
-        permission.setFieldAccess(Arrays.asList(fieldAccessEntity));
+        permission.setDataAccess(Arrays.asList(accessEntity, updateAccessEntity, queryFieldsEntity));
         permissionService.insert(permission);
 
         BindPermissionRoleEntity<PermissionRoleEntity> roleEntity = entityFactory.newInstance(BindPermissionRoleEntity.class);
@@ -177,7 +171,6 @@ public class SpringBootExample implements CommandLineRunner {
         permissionRoleEntity.setPermissionId("test");
         permissionRoleEntity.setActions(Arrays.asList(Permission.ACTION_QUERY, Permission.ACTION_UPDATE));
         permissionRoleEntity.setDataAccesses(permission.getDataAccess());
-        permissionRoleEntity.setFieldAccesses(permission.getFieldAccess());
         roleEntity.setId("admin");
         roleEntity.setName("test");
         roleEntity.setPermissions(Arrays.asList(permissionRoleEntity));

hsweb-examples/hsweb-examples-simple/src/main/java/org/hswebframework/web/example/simple/TestController.java

@@ -6,7 +6,6 @@ import org.hswebframework.web.authorization.Authentication;
 import org.hswebframework.web.authorization.Permission;
 import org.hswebframework.web.authorization.annotation.Authorize;
 import org.hswebframework.web.authorization.annotation.RequiresDataAccess;
-import org.hswebframework.web.authorization.annotation.RequiresFieldAccess;
 import org.hswebframework.web.commons.entity.Entity;
 import org.hswebframework.web.commons.entity.PagerResult;
 import org.hswebframework.web.commons.entity.param.QueryParamEntity;
@@ -17,12 +16,8 @@ import org.hswebframework.web.entity.authorization.UserEntity;
 import org.hswebframework.web.model.authorization.UserModel;
 import org.hswebframework.web.service.QueryByEntityService;
 import org.hswebframework.web.service.QueryService;
-import org.hswebframework.web.service.authorization.UserService;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
-import org.springframework.web.context.ContextLoader;
 
-import javax.annotation.PostConstruct;
 import java.util.List;
 
 /**
@@ -50,7 +45,6 @@ public class TestController implements QueryController<UserEntity, String, Query
     @GetMapping("/testQuery")
     @Authorize
     @RequiresDataAccess(permission = "test", action = Permission.ACTION_QUERY)
-    @RequiresFieldAccess(permission = "test", action = Permission.ACTION_QUERY)
     @ApiOperation("测试查询")
     public ResponseMessage<QueryParamEntity> testQuery(QueryParamEntity entity) {
 
@@ -68,7 +62,6 @@ public class TestController implements QueryController<UserEntity, String, Query
 
     @PutMapping("/testUpdate/{id}")
     @RequiresDataAccess(permission = "test", action = Permission.ACTION_UPDATE)
-    @RequiresFieldAccess(permission = "test", action = Permission.ACTION_UPDATE)
     public ResponseMessage<UserModel> testUpdate(@PathVariable String id, @RequestBody UserModel model) {
         return ResponseMessage.ok(model);
     }

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-dao/hsweb-system-authorization-dao-mybatis/src/main/resources/org/hswebframework/web/dao/mybatis/mappers/authorization/PermissionMapper.xml

@@ -27,7 +27,7 @@
         <result property="describe" column="describe" javaType="string" jdbcType="VARCHAR"/>
         <result property="status" column="status" javaType="Byte" jdbcType="NUMERIC"/>
         <result property="actions" column="actions" javaType="java.util.List" jdbcType="VARCHAR"/>
-        <result property="fieldAccess" column="field_access" javaType="java.util.List" jdbcType="CLOB"/>
+        <result property="optionalFields" column="optional_fields" javaType="java.util.List" jdbcType="CLOB"/>
         <result property="dataAccess" column="data_access" javaType="java.util.List" jdbcType="CLOB"/>
 
     </resultMap>

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-dao/hsweb-system-authorization-dao-mybatis/src/main/resources/org/hswebframework/web/dao/mybatis/mappers/authorization/PermissionRoleMapper.xml

@@ -25,7 +25,6 @@
         <result property="roleId" column="role_id" javaType="string" jdbcType="VARCHAR"/>
         <result property="permissionId" column="permission_id" javaType="string" jdbcType="VARCHAR"/>
         <result property="actions" column="actions" javaType="java.util.List" jdbcType="VARCHAR"/>
-        <result property="fieldAccesses" column="field_access" javaType="java.util.List" jdbcType="CLOB"/>
         <result property="dataAccesses" column="data_access" javaType="java.util.List" jdbcType="CLOB"/>
     </resultMap>
 

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-entity/src/main/java/org/hswebframework/web/entity/authorization/FieldAccessEntity.java

@@ -1,71 +0,0 @@
-package org.hswebframework.web.entity.authorization;
-
-import org.hswebframework.web.commons.entity.CloneableEntity;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.List;
-import java.util.stream.Collectors;
-
-
-/**
- * TODO 完成注释
- *
- * @author zhouhao
- */
-public class FieldAccessEntity implements CloneableEntity {
-    private String field;
-
-    private String describe;
-
-    private List<String> actions;
-
-    private boolean defaultCheck;
-
-    public String getField() {
-        return field;
-    }
-
-    public void setField(String field) {
-        this.field = field;
-    }
-
-    public String getDescribe() {
-        return describe;
-    }
-
-    public void setDescribe(String describe) {
-        this.describe = describe;
-    }
-
-    public boolean isDefaultCheck() {
-        return defaultCheck;
-    }
-
-    public void setDefaultCheck(boolean defaultCheck) {
-        this.defaultCheck = defaultCheck;
-    }
-
-    public List<String> getActions() {
-        if (actions == null) actions = Collections.emptyList();
-        return actions;
-    }
-
-    public void setActions(List<String> actions) {
-        this.actions = actions;
-    }
-
-    @Override
-    public FieldAccessEntity clone() {
-        FieldAccessEntity target = new FieldAccessEntity();
-        target.setField(getField());
-        target.setDescribe(getDescribe());
-        target.setDefaultCheck(isDefaultCheck());
-        if (actions != null) {
-            target.setActions(new ArrayList<>(actions));
-        }
-        return target;
-    }
-
-}

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-entity/src/main/java/org/hswebframework/web/entity/authorization/OptionalField.java

@@ -0,0 +1,38 @@
+package org.hswebframework.web.entity.authorization;
+
+import org.hswebframework.web.commons.entity.CloneableEntity;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class OptionalField implements CloneableEntity {
+    private String name;
+
+    private String describe;
+
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public String getDescribe() {
+        return describe;
+    }
+
+    public void setDescribe(String describe) {
+        this.describe = describe;
+    }
+
+    @Override
+    public OptionalField clone() {
+        OptionalField optionalField = new OptionalField();
+        optionalField.setName(name);
+        optionalField.setDescribe(describe);
+        return optionalField;
+    }
+}

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-entity/src/main/java/org/hswebframework/web/entity/authorization/PermissionEntity.java

@@ -51,9 +51,10 @@ public interface PermissionEntity extends GenericEntity<String> {
 
     List<DataAccessEntity> getDataAccess();
 
-    List<FieldAccessEntity> getFieldAccess();
-
     void setDataAccess(List<DataAccessEntity> dataAccess);
 
-    void setFieldAccess(List<FieldAccessEntity> fieldAccess);
+    void setOptionalFields(List<OptionalField> fields);
+
+    List<OptionalField> getOptionalFields();
+
 }

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-entity/src/main/java/org/hswebframework/web/entity/authorization/PermissionRoleEntity.java

@@ -25,9 +25,5 @@ public interface PermissionRoleEntity extends CloneableEntity {
 
     List<DataAccessEntity> getDataAccesses();
 
-    List<FieldAccessEntity> getFieldAccesses();
-
     void setDataAccesses(List<DataAccessEntity> dataAccesses);
-
-    void setFieldAccesses(List<FieldAccessEntity> fieldAccesses);
 }

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-entity/src/main/java/org/hswebframework/web/entity/authorization/SimplePermissionEntity.java

@@ -24,7 +24,7 @@ public class SimplePermissionEntity extends SimpleGenericEntity<String> implemen
 
     private List<DataAccessEntity> dataAccess;
 
-    private List<FieldAccessEntity> fieldAccess;
+    private List<OptionalField> optionalFields;
 
     public String getName() {
         return this.name;
@@ -66,18 +66,18 @@ public class SimplePermissionEntity extends SimpleGenericEntity<String> implemen
     }
 
     @Override
-    public List<FieldAccessEntity> getFieldAccess() {
-        return this.fieldAccess;
+    public void setDataAccess(List<DataAccessEntity> dataAccess) {
+        this.dataAccess = dataAccess;
     }
 
     @Override
-    public void setDataAccess(List<DataAccessEntity> dataAccess) {
-        this.dataAccess = dataAccess;
+    public void setOptionalFields(List<OptionalField> optionalFields) {
+        this.optionalFields = optionalFields;
     }
 
     @Override
-    public void setFieldAccess(List<FieldAccessEntity> fieldAccess) {
-        this.fieldAccess = fieldAccess;
+    public List<OptionalField> getOptionalFields() {
+        return optionalFields;
     }
 
     @Override
@@ -85,6 +85,12 @@ public class SimplePermissionEntity extends SimpleGenericEntity<String> implemen
         SimplePermissionEntity target = (SimplePermissionEntity) super.clone();
         if (actions != null)
             target.setActions(getActions().stream().map(ActionEntity::clone).collect(Collectors.toList()));
+        if (optionalFields != null) {
+            target.setOptionalFields(getOptionalFields().stream().map(OptionalField::clone).collect(Collectors.toList()));
+        }
+        if (dataAccess != null) {
+            target.setDataAccess(getDataAccess().stream().map(DataAccessEntity::clone).collect(Collectors.toList()));
+        }
         return target;
     }
 

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-entity/src/main/java/org/hswebframework/web/entity/authorization/SimplePermissionRoleEntity.java

@@ -18,8 +18,6 @@ public class SimplePermissionRoleEntity implements PermissionRoleEntity {
 
     private List<DataAccessEntity> dataAccesses;
 
-    private List<FieldAccessEntity> fieldAccesses;
-
     @Override
     public String getRoleId() {
         return roleId;
@@ -55,21 +53,11 @@ public class SimplePermissionRoleEntity implements PermissionRoleEntity {
         return this.dataAccesses;
     }
 
-    @Override
-    public List<FieldAccessEntity> getFieldAccesses() {
-        return this.fieldAccesses;
-    }
-
     @Override
     public void setDataAccesses(List<DataAccessEntity> dataAccesses) {
         this.dataAccesses = dataAccesses;
     }
 
-    @Override
-    public void setFieldAccesses(List<FieldAccessEntity> fieldAccesses) {
-        this.fieldAccesses = fieldAccesses;
-    }
-
     @Override
     public SimplePermissionRoleEntity clone() {
         SimplePermissionRoleEntity target = new SimplePermissionRoleEntity();
@@ -79,8 +67,6 @@ public class SimplePermissionRoleEntity implements PermissionRoleEntity {
             target.setActions(new ArrayList<>(getActions()));
         if (dataAccesses != null)
             target.setDataAccesses(dataAccesses.stream().map(DataAccessEntity::clone).collect(Collectors.toList()));
-        if (fieldAccesses != null)
-            target.setFieldAccesses(fieldAccesses.stream().map(FieldAccessEntity::clone).collect(Collectors.toList()));
         return target;
     }
 }

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-entity/src/main/java/org/hswebframework/web/entity/authorization/bind/SimpleBindPermissionRoleEntity.java

@@ -27,9 +27,6 @@ public class SimpleBindPermissionRoleEntity extends SimpleRoleEntity implements
     @Override
     public SimpleBindPermissionRoleEntity clone() {
         SimpleBindPermissionRoleEntity target = ((SimpleBindPermissionRoleEntity) super.clone());
-//        target.setId(getId());
-//        target.setName(getName());
-//        target.setDescribe(getDescribe());
         if (permissions != null && !permissions.isEmpty()) {
             target.permissions = permissions.stream().map(SimplePermissionRoleEntity::clone).collect(Collectors.toList());
         }

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-entity/src/main/java/org/hswebframework/web/entity/authorization/bind/SimpleBindRoleUserEntity.java

@@ -27,14 +27,6 @@ public class SimpleBindRoleUserEntity extends SimpleUserEntity implements BindRo
     @Override
     public SimpleBindRoleUserEntity clone() {
         SimpleBindRoleUserEntity target = ((SimpleBindRoleUserEntity) super.clone());
-//        target.setId(getId());
-//        target.setName(getName());
-//        target.setCreateTime(getCreateTime());
-//        target.setCreatorId(getCreatorId());
-//        target.setEnabled(isEnabled());
-//        target.setLastLoginIp(getLastLoginIp());
-//        target.setLastLoginTime(getLastLoginTime());
-//        target.setSalt(getSalt());
         if (roles != null)
             target.setRoles(new ArrayList<>(getRoles()));
         if (getProperties() != null)

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-service/hsweb-system-authorization-service-simple/src/main/java/org/hswebframework/web/service/authorization/simple/SimpleAuthenticationBuilder.java

@@ -18,7 +18,10 @@
 package org.hswebframework.web.service.authorization.simple;
 
 import org.hswebframework.web.authorization.Authentication;
-import org.hswebframework.web.authorization.simple.*;
+import org.hswebframework.web.authorization.simple.SimpleAuthentication;
+import org.hswebframework.web.authorization.simple.SimplePermission;
+import org.hswebframework.web.authorization.simple.SimpleRole;
+import org.hswebframework.web.authorization.simple.SimpleUser;
 import org.hswebframework.web.entity.authorization.PermissionRoleEntity;
 import org.hswebframework.web.entity.authorization.RoleEntity;
 import org.hswebframework.web.entity.authorization.UserEntity;
@@ -54,13 +57,6 @@ public class SimpleAuthenticationBuilder {
                                 .map(dataAccessFactory::create)
                                 .collect(Collectors.toSet()));
                     }
-                    if (null != permissionRoleEntity.getFieldAccesses()) {
-                        permission.setFieldAccesses(permissionRoleEntity
-                                .getFieldAccesses()
-                                .stream()
-                                .map(entity -> new SimpleFieldAccess(entity.getField(), new HashSet<>(entity.getActions())))
-                                .collect(Collectors.toSet()));
-                    }
                     return permission;
                 })
                 .collect(Collectors.toList()));

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-starter/src/main/resources/hsweb-starter.js

@@ -63,7 +63,7 @@ function install(context) {
         .addColumn().name("status").number(4).notNull().comment("状态").commit()
         .addColumn().name("actions").clob().notNull().comment("可选操作(按钮)").commit()
         .addColumn().name("data_access").clob().notNull().comment("数据级控制配置").commit()
-        .addColumn().name("field_access").clob().notNull().comment("字段级控制配置").commit()
+        .addColumn().name("optional_fields").clob().notNull().comment("可选字段").commit()
         .comment("权限表").commit();
 
     database.createOrAlter("s_permission_role")
@@ -71,7 +71,6 @@ function install(context) {
         .addColumn().name("permission_id").varchar(32).notNull().comment("权限ID").commit()
         .addColumn().name("actions").clob().notNull().comment("可选操作").commit()
         .addColumn().name("data_access").clob().notNull().comment("数据级控制配置").commit()
-        .addColumn().name("field_access").clob().notNull().comment("字段级控制配置").commit()
         .comment("权限与角色关联表").commit();
 
     database.createOrAlter("s_user_role")

hsweb-system/hsweb-system-menu/hsweb-system-menu-dao/hsweb-system-menu-dao-mybatis/src/main/resources/org/hswebframework/web/dao/mybatis/mappers/menu/MenuGroupBindMapper.xml

@@ -21,16 +21,15 @@
 <mapper namespace="org.hswebframework.web.dao.menu.MenuGroupBindDao">
     <resultMap id="MenuGroupBindResultMap" type="org.hswebframework.web.entity.menu.SimpleMenuGroupBindEntity">
         <id property="id" column="u_id" javaType="string" jdbcType="VARCHAR"/>
-            <result property="path" column="path" javaType="String" jdbcType="VARCHAR"/>
-            <result property="parentId" column="parent_id" javaType="String" jdbcType="VARCHAR"/>
-            <result property="level" column="level" javaType="Integer" jdbcType="DECIMAL"/>
-            <result property="sortIndex" column="sort_index" javaType="Long" jdbcType="DECIMAL"/>
-            <result property="enabled" column="enabled" javaType="Boolean" jdbcType="DECIMAL"/>
-            <result property="menuId" column="menu_id" javaType="String" jdbcType="VARCHAR"/>
-            <result property="groupId" column="group_id" javaType="String" jdbcType="VARCHAR"/>
-            <result property="actions" column="actions" javaType="java.util.List" jdbcType="VARCHAR"/>
-            <result property="dataAccesses" column="data_accesses" javaType="java.util.List" jdbcType="CLOB"/>
-            <result property="fieldAccesses" column="field_accesses" javaType="java.util.List" jdbcType="CLOB"/>
+        <result property="path" column="path" javaType="String" jdbcType="VARCHAR"/>
+        <result property="parentId" column="parent_id" javaType="String" jdbcType="VARCHAR"/>
+        <result property="level" column="level" javaType="Integer" jdbcType="DECIMAL"/>
+        <result property="sortIndex" column="sort_index" javaType="Long" jdbcType="DECIMAL"/>
+        <result property="enabled" column="enabled" javaType="Boolean" jdbcType="DECIMAL"/>
+        <result property="menuId" column="menu_id" javaType="String" jdbcType="VARCHAR"/>
+        <result property="groupId" column="group_id" javaType="String" jdbcType="VARCHAR"/>
+        <result property="actions" column="actions" javaType="java.util.List" jdbcType="VARCHAR"/>
+        <result property="dataAccesses" column="data_accesses" javaType="java.util.List" jdbcType="CLOB"/>
     </resultMap>
 
     <!--用于动态生成sql所需的配置-->
@@ -38,8 +37,8 @@
         <bind name="resultMapId" value="'MenuGroupBindResultMap'"/>
         <bind name="tableName" value="'S_MENU_GROUP_BIND'"/>
     </sql>
-  
-    <insert id="insert" parameterType="org.hswebframework.web.entity.menu.SimpleMenuGroupBindEntity" >
+
+    <insert id="insert" parameterType="org.hswebframework.web.entity.menu.SimpleMenuGroupBindEntity">
         <include refid="config"/>
         <include refid="BasicMapper.buildInsertSql"/>
     </insert>

hsweb-system/hsweb-system-menu/hsweb-system-menu-entity/src/main/java/org/hswebframework/web/entity/menu/MenuGroupBindEntity.java

@@ -18,7 +18,6 @@ package org.hswebframework.web.entity.menu;
 
 import org.hswebframework.web.commons.entity.TreeSortSupportEntity;
 import org.hswebframework.web.entity.authorization.DataAccessEntity;
-import org.hswebframework.web.entity.authorization.FieldAccessEntity;
 
 import java.util.List;
 
@@ -67,10 +66,6 @@ public interface MenuGroupBindEntity extends TreeSortSupportEntity<String> {
      * 行级权限控制配置
      */
     String dataAccesses  = "dataAccesses";
-    /**
-     * 列级权限控制
-     */
-    String fieldAccesses = "fieldAccesses";
 
     /**
      * @return 是否启用
@@ -122,15 +117,5 @@ public interface MenuGroupBindEntity extends TreeSortSupportEntity<String> {
      */
     void setDataAccesses(java.util.List<DataAccessEntity> dataAccesses);
 
-    /**
-     * @return 列级权限控制
-     */
-    java.util.List<FieldAccessEntity> getFieldAccesses();
-
-    /**
-     * 设置 列级权限控制
-     */
-    void setFieldAccesses(java.util.List<FieldAccessEntity> fieldAccesses);
-
     void setChildren(List<MenuGroupBindEntity> children);
 }

hsweb-system/hsweb-system-menu/hsweb-system-menu-entity/src/main/java/org/hswebframework/web/entity/menu/SimpleMenuGroupBindEntity.java

@@ -18,7 +18,6 @@ package org.hswebframework.web.entity.menu;
 
 import org.hswebframework.web.commons.entity.SimpleTreeSortSupportEntity;
 import org.hswebframework.web.entity.authorization.DataAccessEntity;
-import org.hswebframework.web.entity.authorization.FieldAccessEntity;
 
 import java.util.ArrayList;
 import java.util.List;
@@ -39,8 +38,6 @@ public class SimpleMenuGroupBindEntity extends SimpleTreeSortSupportEntity<Strin
     private java.util.List<String>            actions;
     //行级权限控制配置
     private java.util.List<DataAccessEntity>  dataAccesses;
-    //列级权限控制
-    private java.util.List<FieldAccessEntity> fieldAccesses;
     //子节点
     private List<SimpleMenuGroupBindEntity>   children;
 
@@ -114,20 +111,6 @@ public class SimpleMenuGroupBindEntity extends SimpleTreeSortSupportEntity<Strin
         this.dataAccesses = dataAccesses;
     }
 
-    /**
-     * @return 列级权限控制
-     */
-    public java.util.List<FieldAccessEntity> getFieldAccesses() {
-        return this.fieldAccesses;
-    }
-
-    /**
-     * 设置 列级权限控制
-     */
-    public void setFieldAccesses(java.util.List<FieldAccessEntity> fieldAccesses) {
-        this.fieldAccesses = fieldAccesses;
-    }
-
 
     public List<SimpleMenuGroupBindEntity> getChildren() {
         return children;

hsweb-system/hsweb-system-menu/hsweb-system-menu-starter/src/main/resources/hsweb-starter.js

@@ -72,7 +72,6 @@ function install(context) {
         .addColumn().name("enabled").alias("enabled").comment("是否启用").jdbcType(java.sql.JDBCType.DECIMAL).length(4, 0).commit()
         .addColumn().name("actions").alias("actions").comment("可选按钮").jdbcType(java.sql.JDBCType.VARCHAR).length(4000).commit()
         .addColumn().name("data_accesses").alias("dataAccesses").comment("行级权限控制配置").jdbcType(java.sql.JDBCType.CLOB).commit()
-        .addColumn().name("field_accesses").alias("fieldAccesses").comment("列级权限控制").jdbcType(java.sql.JDBCType.CLOB).commit()
         .comment("菜单分组关联").commit();
 }
 

hsweb-system/hsweb-system-oauth2-client/hsweb-system-oauth2-client-service/hsweb-system-oauth2-client-service-simple/src/main/java/org/hswebframework/web/service/oauth2/client/simple/provider/RemoteAuthenticationBuilder.java

@@ -1,42 +0,0 @@
-/*
- *  Copyright 2016 http://www.hswebframework.org
- *
- *  Licensed under the Apache License, Version 2.0 (the "License");
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *
- */
-
-package org.hswebframework.web.service.oauth2.client.simple.provider;
-
-import com.alibaba.fastjson.JSONObject;
-import org.hswebframework.web.authorization.Authentication;
-import org.hswebframework.web.authorization.Permission;
-import org.hswebframework.web.authorization.Role;
-import org.hswebframework.web.authorization.User;
-import org.hswebframework.web.authorization.access.DataAccessConfig;
-import org.hswebframework.web.authorization.access.FieldAccessConfig;
-import org.hswebframework.web.authorization.simple.SimpleAuthentication;
-
-import java.io.Serializable;
-import java.util.*;
-import java.util.stream.Collectors;
-
-/**
- * @author zhouhao
- */
-public class RemoteAuthenticationBuilder {
-
-    public static Authentication fromJson(String json) {
-        return JSONObject.parseObject(json, SimpleAuthentication.class);
-    }
-}

hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/DefaultPersonnelAuthorizationSupplier.java

@@ -8,9 +8,10 @@ import org.hswebframework.web.organizational.authorization.entity.PersonAttachEn
 import java.util.Objects;
 
 /**
- * TODO 完成注释
+ * 默认人员权限提供者,通过{@link PersonnelAuthorizationManager}获取,并提供ThreadLocal缓存
  *
  * @author zhouhao
+ * @see 3.0
  */
 public class DefaultPersonnelAuthorizationSupplier implements PersonnelAuthorizationSupplier {
     private PersonnelAuthorizationManager personnelAuthorizationManager;
@@ -18,6 +19,7 @@ public class DefaultPersonnelAuthorizationSupplier implements PersonnelAuthoriza
     private static final String threadLocalCacheKey = DefaultPersonnelAuthorizationSupplier.class.getName() + "_CACHE";
 
     public DefaultPersonnelAuthorizationSupplier(PersonnelAuthorizationManager personnelAuthorizationManager) {
+        Objects.requireNonNull(personnelAuthorizationManager);
         this.personnelAuthorizationManager = personnelAuthorizationManager;
     }
 
@@ -33,6 +35,10 @@ public class DefaultPersonnelAuthorizationSupplier implements PersonnelAuthoriza
 
     @Override
     public PersonnelAuthorization get() {
+        /*
+            获取逻辑: 优先获取登录用户的权限信息中Authentication的personId属性;
+            如果不存在,则根据用户id获取.如果还不存在则返回null
+         */
         //TreadLocal Cache
         return ThreadLocalUtils.get(threadLocalCacheKey, () ->
                 Authentication.current().map(authentication ->

hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/PersonnelAuthorizationSupplier.java

@@ -3,9 +3,10 @@ package org.hswebframework.web.organizational.authorization;
 import java.util.function.Supplier;
 
 /**
- * TODO 完成注释
+ * 人员权限提供者,用于根据人员或者用户id获取权限信息
  *
  * @author zhouhao
+ * @see 3.0
  */
 public interface PersonnelAuthorizationSupplier extends Supplier<PersonnelAuthorization> {
     PersonnelAuthorization getByPersonId(String personId);

hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/access/DataAccessType.java

@@ -12,32 +12,34 @@ public interface DataAccessType extends Serializable {
     /**
      * 控制地区
      */
-    String AREA_SCOPE       = "AREA_SCOPE";
+    String AREA_SCOPE           = "AREA_SCOPE";
     /**
      * 控制机构
      */
-    String ORG_SCOPE        = "ORG_SCOPE";
+    String ORG_SCOPE            = "ORG_SCOPE";
     /**
      * 控制部门
      */
-    String DEPARTMENT_SCOPE = "DEPARTMENT_SCOPE";
+    String DEPARTMENT_SCOPE     = "DEPARTMENT_SCOPE";
     /**
      * 控制职位
      */
-    String POSITION_SCOPE   = "POSITION_SCOPE";
+    String POSITION_SCOPE       = "POSITION_SCOPE";
     /**
      * 控制人员
      */
-    String PERSON_SCOPE     = "PERSON_SCOPE";
-
-    enum ScopeType implements Serializable {
-        ONLY_SELF("只能查看自己"),
-        CHILDREN("包含子级"),
-        CUSTOM("自定义");
-        final String comment;
+    String PERSON_SCOPE         = "PERSON_SCOPE";
+    /**
+     * 只能查看自己
+     */
+    String SCOPE_TYPE_ONLY_SELF = "ONLY_SELF";
+    /**
+     * 包含子级
+     */
+    String SCOPE_TYPE_CHILDREN  = "CHILDREN";
+    /**
+     * 自定义范围
+     */
+    String SCOPE_TYPE_CUSTOM    = "CUSTOM";
 
-        ScopeType(String comment) {
-            this.comment = comment;
-        }
-    }
 }

hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/access/ScopeDataAccessConfig.java

@@ -1,27 +0,0 @@
-package org.hswebframework.web.organizational.authorization.access;
-
-import org.hswebframework.web.authorization.access.DataAccessConfig;
-
-import java.util.Set;
-
-/**
- * 范围数据权限控制配置
- *
- * @author zhouhao
- * @see DataAccessConfig
- * @since 3.0
- */
-public interface ScopeDataAccessConfig extends DataAccessConfig {
-
-    /**
-     * @return 范围类型
-     * @see DataAccessType.ScopeType
-     */
-    DataAccessType.ScopeType getScopeType();
-
-    /**
-     * @return 自定义的控制范围, 仅在scopeType为CUSTOM的时候有效
-     * @see DataAccessType.ScopeType#CUSTOM
-     */
-    Set<String> getScope();
-}

hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/SimplePersonnelAuthorization.java

@@ -4,6 +4,7 @@ import org.hswebframework.web.organizational.authorization.Personnel;
 import org.hswebframework.web.organizational.authorization.PersonnelAuthorization;
 import org.hswebframework.web.organizational.authorization.TreeNode;
 
+import java.util.Collections;
 import java.util.Set;
 
 /**
@@ -29,6 +30,7 @@ public class SimplePersonnelAuthorization implements PersonnelAuthorization {
 
     @Override
     public Set<TreeNode<String>> getAreaIds() {
+        if (areaIds == null) areaIds = Collections.emptySet();
         return areaIds;
     }
 
@@ -38,6 +40,7 @@ public class SimplePersonnelAuthorization implements PersonnelAuthorization {
 
     @Override
     public Set<TreeNode<String>> getOrgIds() {
+        if (orgIds == null) orgIds = Collections.emptySet();
         return orgIds;
     }
 
@@ -47,6 +50,7 @@ public class SimplePersonnelAuthorization implements PersonnelAuthorization {
 
     @Override
     public Set<TreeNode<String>> getPositionIds() {
+        if (positionIds == null) positionIds = Collections.emptySet();
         return positionIds;
     }
 
@@ -56,6 +60,7 @@ public class SimplePersonnelAuthorization implements PersonnelAuthorization {
 
     @Override
     public Set<TreeNode<String>> getDepartmentIds() {
+        if (departmentIds == null) departmentIds = Collections.emptySet();
         return departmentIds;
     }
 

hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/SimpleScopeDataAccessConfig.java

@@ -2,7 +2,7 @@ package org.hswebframework.web.organizational.authorization.simple;
 
 import org.hswebframework.web.authorization.simple.AbstractDataAccessConfig;
 import org.hswebframework.web.organizational.authorization.access.DataAccessType;
-import org.hswebframework.web.organizational.authorization.access.ScopeDataAccessConfig;
+import org.hswebframework.web.authorization.access.ScopeDataAccessConfig;
 
 import java.util.Set;
 
@@ -12,25 +12,25 @@ import java.util.Set;
  * @author zhouhao
  */
 public class SimpleScopeDataAccessConfig extends AbstractDataAccessConfig implements ScopeDataAccessConfig {
-    private DataAccessType.ScopeType scopeType;
-    private Set<String>              scope;
-    private String                   type;
+    private String      scopeType;
+    private Set<Object> scope;
+    private String      type;
 
     @Override
-    public DataAccessType.ScopeType getScopeType() {
+    public String getScopeType() {
         return scopeType;
     }
 
-    public void setScopeType(DataAccessType.ScopeType scopeType) {
+    public void setScopeType(String scopeType) {
         this.scopeType = scopeType;
     }
 
     @Override
-    public Set<String> getScope() {
+    public Set<Object> getScope() {
         return scope;
     }
 
-    public void setScope(Set<String> scope) {
+    public void setScope(Set<Object> scope) {
         this.scope = scope;
     }
 

hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/AbstractScopeDataAccessHander.java

@@ -4,15 +4,15 @@ import org.hsweb.ezorm.core.param.Term;
 import org.hswebframework.web.authorization.Permission;
 import org.hswebframework.web.authorization.access.DataAccessConfig;
 import org.hswebframework.web.authorization.access.DataAccessHandler;
+import org.hswebframework.web.authorization.access.ScopeDataAccessConfig;
 import org.hswebframework.web.authorization.annotation.RequiresDataAccess;
-import org.hswebframework.web.organizational.authorization.access.DataAccessType;
-import org.hswebframework.web.organizational.authorization.PersonnelAuthorization;
-import org.hswebframework.web.organizational.authorization.access.ScopeDataAccessConfig;
-import org.hswebframework.web.organizational.authorization.entity.OrgAttachEntity;
 import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
 import org.hswebframework.web.commons.entity.Entity;
 import org.hswebframework.web.commons.entity.param.QueryParamEntity;
 import org.hswebframework.web.controller.QueryController;
+import org.hswebframework.web.organizational.authorization.PersonnelAuthorization;
+import org.hswebframework.web.organizational.authorization.access.DataAccessType;
+import org.hswebframework.web.organizational.authorization.entity.OrgAttachEntity;
 import org.hswebframework.web.service.QueryService;
 import org.hswebframwork.utils.ClassUtils;
 import org.slf4j.Logger;
@@ -21,13 +21,14 @@ import org.slf4j.LoggerFactory;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Set;
+import java.util.stream.Collectors;
 
 /**
  * TODO 完成注释
  *
  * @author zhouhao
  */
-public abstract class AbstractScopeDataAccessHander<E> implements DataAccessHandler {
+public abstract class AbstractScopeDataAccessHandler<E> implements DataAccessHandler {
     protected Logger logger = LoggerFactory.getLogger(this.getClass());
 
     private boolean defaultSuccessOnError = true;
@@ -40,7 +41,7 @@ public abstract class AbstractScopeDataAccessHander<E> implements DataAccessHand
 
     protected abstract Term applyQueryTerm(Set<String> scope);
 
-    protected abstract Set<String> getTryOperationScope(DataAccessType.ScopeType scopeType, PersonnelAuthorization authorization);
+    protected abstract Set<String> getTryOperationScope(String scopeType, PersonnelAuthorization authorization);
 
     @Override
     public boolean isSupport(DataAccessConfig access) {
@@ -75,7 +76,7 @@ public abstract class AbstractScopeDataAccessHander<E> implements DataAccessHand
         if (scopes.size() == 0) return true;
         else if (scopes.size() == 1) scope = scopes.iterator().next();
         else logger.warn("existing many scope :{} , try use config.", scopes);
-        scopes = access.getScope();
+        scopes = access.getScope().stream().map(String::valueOf).collect(Collectors.toSet());
         if (scope == null && scopes.size() == 1) {
             scope = scopes.iterator().next();
         }
@@ -123,8 +124,8 @@ public abstract class AbstractScopeDataAccessHander<E> implements DataAccessHand
     }
 
     protected Set<String> getTryOperationScope(ScopeDataAccessConfig access) {
-        if (access.getScopeType() == DataAccessType.ScopeType.CUSTOM)
-            return access.getScope();
+        if (DataAccessType.SCOPE_TYPE_CUSTOM.equals(access.getScopeType()))
+            return access.getScope().stream().map(String::valueOf).collect(Collectors.toSet());
         return getTryOperationScope(access.getScopeType(), getPersonnelAuthorization());
     }
 

hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/AreaScopeDataAccessHandler.java

@@ -3,18 +3,19 @@ package org.hswebframework.web.organizational.authorization.simple.handler;
 import org.hsweb.ezorm.core.param.Term;
 import org.hsweb.ezorm.core.param.TermType;
 import org.hswebframework.web.organizational.authorization.PersonnelAuthorization;
-import org.hswebframework.web.organizational.authorization.access.DataAccessType;
 import org.hswebframework.web.organizational.authorization.entity.AreaAttachEntity;
 
 import java.util.Collections;
 import java.util.Set;
 
+import static org.hswebframework.web.organizational.authorization.access.DataAccessType.*;
+
 /**
  * TODO 完成注释
  *
  * @author zhouhao
  */
-public class AreaScopeDataAccessHandler extends AbstractScopeDataAccessHander<AreaAttachEntity> {
+public class AreaScopeDataAccessHandler extends AbstractScopeDataAccessHandler<AreaAttachEntity> {
     @Override
     protected Class<AreaAttachEntity> getEntityClass() {
         return AreaAttachEntity.class;
@@ -22,7 +23,7 @@ public class AreaScopeDataAccessHandler extends AbstractScopeDataAccessHander<Ar
 
     @Override
     protected String getSupportScope() {
-        return DataAccessType.DEPARTMENT_SCOPE;
+        return DEPARTMENT_SCOPE;
     }
 
     @Override
@@ -31,11 +32,11 @@ public class AreaScopeDataAccessHandler extends AbstractScopeDataAccessHander<Ar
     }
 
     @Override
-    protected Set<String> getTryOperationScope(DataAccessType.ScopeType scopeType, PersonnelAuthorization authorization) {
+    protected Set<String> getTryOperationScope(String scopeType, PersonnelAuthorization authorization) {
         switch (scopeType) {
-            case CHILDREN:
+            case SCOPE_TYPE_CHILDREN:
                 return authorization.getAllAreaId();
-            case ONLY_SELF:
+            case SCOPE_TYPE_ONLY_SELF:
                 return authorization.getRootAreaId();
             default:
                 return Collections.emptySet();

hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/DepartmentScopeDataAccessHandler.java

@@ -9,12 +9,15 @@ import org.hswebframework.web.organizational.authorization.entity.DepartmentAtta
 import java.util.Collections;
 import java.util.Set;
 
+import static org.hswebframework.web.organizational.authorization.access.DataAccessType.SCOPE_TYPE_CHILDREN;
+import static org.hswebframework.web.organizational.authorization.access.DataAccessType.SCOPE_TYPE_ONLY_SELF;
+
 /**
  * TODO 完成注释
  *
  * @author zhouhao
  */
-public class DepartmentScopeDataAccessHandler extends AbstractScopeDataAccessHander<DepartmentAttachEntity> {
+public class DepartmentScopeDataAccessHandler extends AbstractScopeDataAccessHandler<DepartmentAttachEntity> {
     @Override
     protected Class<DepartmentAttachEntity> getEntityClass() {
         return DepartmentAttachEntity.class;
@@ -31,11 +34,11 @@ public class DepartmentScopeDataAccessHandler extends AbstractScopeDataAccessHan
     }
 
     @Override
-    protected Set<String> getTryOperationScope(DataAccessType.ScopeType scopeType, PersonnelAuthorization authorization) {
+    protected Set<String> getTryOperationScope(String scopeType, PersonnelAuthorization authorization) {
         switch (scopeType) {
-            case CHILDREN:
+            case SCOPE_TYPE_CHILDREN:
                 return authorization.getAllDepartmentId();
-            case ONLY_SELF:
+            case SCOPE_TYPE_ONLY_SELF:
                 return authorization.getRootDepartmentId();
             default:
                 return Collections.emptySet();

hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/OrgScopeDataAccessHandler.java

@@ -9,12 +9,15 @@ import org.hswebframework.web.organizational.authorization.entity.OrgAttachEntit
 import java.util.Collections;
 import java.util.Set;
 
+import static org.hswebframework.web.organizational.authorization.access.DataAccessType.SCOPE_TYPE_CHILDREN;
+import static org.hswebframework.web.organizational.authorization.access.DataAccessType.SCOPE_TYPE_ONLY_SELF;
+
 /**
  * TODO 完成注释
  *
  * @author zhouhao
  */
-public class OrgScopeDataAccessHandler extends AbstractScopeDataAccessHander<OrgAttachEntity> {
+public class OrgScopeDataAccessHandler extends AbstractScopeDataAccessHandler<OrgAttachEntity> {
     @Override
     protected Class<OrgAttachEntity> getEntityClass() {
         return OrgAttachEntity.class;
@@ -26,11 +29,11 @@ public class OrgScopeDataAccessHandler extends AbstractScopeDataAccessHander<Org
     }
 
     @Override
-    protected Set<String> getTryOperationScope(DataAccessType.ScopeType scopeType, PersonnelAuthorization authorization) {
+    protected Set<String> getTryOperationScope(String scopeType, PersonnelAuthorization authorization) {
         switch (scopeType) {
-            case CHILDREN:
+            case SCOPE_TYPE_CHILDREN:
                 return authorization.getAllOrgId();
-            case ONLY_SELF:
+            case SCOPE_TYPE_ONLY_SELF:
                 return authorization.getRootOrgId();
             default:
                 return Collections.emptySet();

hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/PersonScopeDataAccessHandler.java

@@ -2,19 +2,22 @@ package org.hswebframework.web.organizational.authorization.simple.handler;
 
 import org.hsweb.ezorm.core.param.Term;
 import org.hsweb.ezorm.core.param.TermType;
-import org.hswebframework.web.organizational.authorization.access.DataAccessType;
 import org.hswebframework.web.organizational.authorization.PersonnelAuthorization;
+import org.hswebframework.web.organizational.authorization.access.DataAccessType;
 import org.hswebframework.web.organizational.authorization.entity.PersonAttachEntity;
 
 import java.util.Collections;
 import java.util.Set;
 
+import static org.hswebframework.web.organizational.authorization.access.DataAccessType.SCOPE_TYPE_CHILDREN;
+import static org.hswebframework.web.organizational.authorization.access.DataAccessType.SCOPE_TYPE_ONLY_SELF;
+
 /**
  * TODO 完成注释
  *
  * @author zhouhao
  */
-public class PersonScopeDataAccessHandler extends AbstractScopeDataAccessHander<PersonAttachEntity> {
+public class PersonScopeDataAccessHandler extends AbstractScopeDataAccessHandler<PersonAttachEntity> {
     @Override
     protected Class<PersonAttachEntity> getEntityClass() {
         return PersonAttachEntity.class;
@@ -26,11 +29,11 @@ public class PersonScopeDataAccessHandler extends AbstractScopeDataAccessHander<
     }
 
     @Override
-    protected Set<String> getTryOperationScope(DataAccessType.ScopeType scopeType, PersonnelAuthorization authorization) {
+    protected Set<String> getTryOperationScope(String scopeType, PersonnelAuthorization authorization) {
         switch (scopeType) {
-            case CHILDREN:
+            case SCOPE_TYPE_CHILDREN:
                 logger.warn("not support person children control!");
-            case ONLY_SELF:
+            case SCOPE_TYPE_ONLY_SELF:
                 return Collections.singleton(authorization.getPersonnel().getId());
             default:
                 return Collections.emptySet();

hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/PositionScopeDataAccessHandler.java

@@ -2,19 +2,22 @@ package org.hswebframework.web.organizational.authorization.simple.handler;
 
 import org.hsweb.ezorm.core.param.Term;
 import org.hsweb.ezorm.core.param.TermType;
-import org.hswebframework.web.organizational.authorization.access.DataAccessType;
 import org.hswebframework.web.organizational.authorization.PersonnelAuthorization;
+import org.hswebframework.web.organizational.authorization.access.DataAccessType;
 import org.hswebframework.web.organizational.authorization.entity.PositionAttachEntity;
 
 import java.util.Collections;
 import java.util.Set;
 
+import static org.hswebframework.web.organizational.authorization.access.DataAccessType.SCOPE_TYPE_CHILDREN;
+import static org.hswebframework.web.organizational.authorization.access.DataAccessType.SCOPE_TYPE_ONLY_SELF;
+
 /**
  * TODO 完成注释
  *
  * @author zhouhao
  */
-public class PositionScopeDataAccessHandler extends AbstractScopeDataAccessHander<PositionAttachEntity> {
+public class PositionScopeDataAccessHandler extends AbstractScopeDataAccessHandler<PositionAttachEntity> {
     @Override
     protected Class<PositionAttachEntity> getEntityClass() {
         return PositionAttachEntity.class;
@@ -26,11 +29,11 @@ public class PositionScopeDataAccessHandler extends AbstractScopeDataAccessHande
     }
 
     @Override
-    protected Set<String> getTryOperationScope(DataAccessType.ScopeType scopeType, PersonnelAuthorization authorization) {
+    protected Set<String> getTryOperationScope(String scopeType, PersonnelAuthorization authorization) {
         switch (scopeType) {
-            case CHILDREN:
+            case SCOPE_TYPE_CHILDREN:
                 return authorization.getAllPositionId();
-            case ONLY_SELF:
+            case SCOPE_TYPE_ONLY_SELF:
                 return authorization.getRootPositionId();
             default:
                 return Collections.emptySet();

hsweb-system/hsweb-system-organizational/hsweb-system-organizational-controller/src/main/java/org/hswebframework/web/controller/organizational/PositionController.java

@@ -22,7 +22,6 @@ import org.hswebframework.web.authorization.annotation.Authorize;
 import org.hswebframework.web.authorization.annotation.RequiresDataAccess;
 import org.hswebframework.web.commons.entity.param.QueryParamEntity;
 import org.hswebframework.web.controller.GenericEntityController;
-import org.hswebframework.web.controller.QueryController;
 import org.hswebframework.web.controller.message.ResponseMessage;
 import org.hswebframework.web.entity.organizational.DepartmentEntity;
 import org.hswebframework.web.entity.organizational.PositionEntity;