add : partner Permission

6 years ago · 1adf649076
parent 57efcab231
commit 1adf649076
21 changed files with 1007 additions and 2 deletions
--- a/src/main/java/au/com/royalpay/payment/manage/management/sysconfig/beans/PartnerModuleInfo.java
+++ b/src/main/java/au/com/royalpay/payment/manage/management/sysconfig/beans/PartnerModuleInfo.java
@ -0,0 +1,67 @@
+package au.com.royalpay.payment.manage.management.sysconfig.beans;
+
+import com.alibaba.fastjson.JSONObject;
+import com.alibaba.fastjson.annotation.JSONField;
+import org.hibernate.validator.constraints.NotEmpty;
+
+/**
+ * Created by yangluo on 2018/07/05.
+ */
+public class PartnerModuleInfo {
+    @NotEmpty
+    @JSONField(name= "Module_id")
+    private String moduleId;
+    @JSONField(name = "js_module")
+    private String jsModule;
+    @JSONField(name = "js_path")
+    private String jsPath;
+    private String remark;
+    @JSONField(name = "initialize")
+    private Boolean initialize;
+
+    public String getModuleId() {
+        return moduleId;
+    }
+
+    public void setModuleId(String moduleId) {
+        this.moduleId = moduleId;
+    }
+    public String getJsModule() {
+        return jsModule;
+    }
+
+    public void setJsModule(String jsModule) {
+        this.jsModule = jsModule;
+    }
+
+    public String getJsPath() {
+        return jsPath;
+    }
+
+    public void setJsPath(String jsPath) {
+        this.jsPath = jsPath;
+    }
+
+    public String getRemark() {
+        return remark;
+    }
+
+    public void setRemark(String remark) {
+        this.remark = remark;
+    }
+
+    public Boolean getInitialize() {
+        return initialize;
+    }
+
+    public void setInitialize(Boolean initialize) {
+        this.initialize = initialize;
+    }
+
+    public void initObject(JSONObject mod) {
+        mod.put("id", getModuleId());
+        mod.put("js_module", getJsModule());
+        mod.put("js_path", getJsPath());
+        mod.put("remark", getRemark());
+    }
+}
--- a/src/main/java/au/com/royalpay/payment/manage/management/sysconfig/core/PartnerPermissionManager.java
+++ b/src/main/java/au/com/royalpay/payment/manage/management/sysconfig/core/PartnerPermissionManager.java
@ -0,0 +1,33 @@
+package au.com.royalpay.payment.manage.management.sysconfig.core;
+
+import au.com.royalpay.payment.manage.management.sysconfig.beans.FuncInfo;
+import au.com.royalpay.payment.manage.management.sysconfig.beans.PartnerModuleInfo;
+import au.com.royalpay.payment.tools.permission.enums.ManagerRole;
+import com.alibaba.fastjson.JSONObject;
+
+import java.util.List;
+
+/**
+ * Created by yangluo on 2018/07/05.
+ */
+public interface PartnerPermissionManager {
+    void synchronizeFunctions();
+
+    JSONObject listFunctions();
+
+    List<JSONObject> listModules();
+
+    void saveOrUpdateModule(String moduleName, PartnerModuleInfo module);
+
+    void checkAndDeleteModule(String moduleName);
+
+    void updateFuncInfo(String funcId, FuncInfo funcInfo);
+
+    void setFunctionModule(String funcId, String moduleName);
+
+    List<String> listRoleFunctions(ManagerRole role);
+
+    void authorizeRole(ManagerRole role, List<String> functions);
+
+    List<JSONObject> listUserFunctions(int role);
+}
--- a/src/main/java/au/com/royalpay/payment/manage/management/sysconfig/core/impls/PartnerPermissionManagerImpl.java
+++ b/src/main/java/au/com/royalpay/payment/manage/management/sysconfig/core/impls/PartnerPermissionManagerImpl.java
@ -0,0 +1,204 @@
+package au.com.royalpay.payment.manage.management.sysconfig.core.impls;
+
+import au.com.royalpay.payment.manage.management.sysconfig.beans.FuncInfo;
+import au.com.royalpay.payment.manage.management.sysconfig.beans.ModuleInfo;
+import au.com.royalpay.payment.manage.management.sysconfig.beans.PartnerModuleInfo;
+import au.com.royalpay.payment.manage.management.sysconfig.core.PartnerPermissionManager;
+import au.com.royalpay.payment.manage.management.sysconfig.core.PermissionManager;
+import au.com.royalpay.payment.manage.mappers.system.*;
+import au.com.royalpay.payment.manage.permission.manager.scanner.PermissionNode;
+import au.com.royalpay.payment.manage.permission.manager.scanner.PermissionReader;
+import au.com.royalpay.payment.tools.exceptions.BadRequestException;
+import au.com.royalpay.payment.tools.permission.enums.ManagerRole;
+import com.alibaba.fastjson.JSONObject;
+import org.springframework.cache.annotation.CacheEvict;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import javax.annotation.Resource;
+import java.util.*;
+
+/**
+ * Created by yangluo on 2018/07/05.
+ */
+@Service
+public class PartnerPermissionManagerImpl implements PartnerPermissionManager {
+    @Resource
+    private PartnerPermissionFunctionMapper partnerPermissionFunctionMapper;
+    @Resource
+    private PartnerPermissionModuleMapper partnerPermissionModuleMapper;
+    @Resource
+    private PermissionReader permissionReader;
+    @Resource
+    PermissionClientModuleMapper permissionClientModuleMapper;
+    @Resource
+    ClientMapper clientMapper;
+
+    @Override
+    public void synchronizeFunctions() {
+        List<JSONObject> functions = partnerPermissionFunctionMapper.listAll();
+        Map<String, JSONObject> funcMapFromDB = new HashMap<>();
+        for (JSONObject func : functions) {
+            funcMapFromDB.put(func.getString("func_id"), func);
+        }
+
+        List<PermissionNode> nodes = permissionReader.listFunctions();
+        for (PermissionNode node : nodes) {
+            String funcId = node.getFuncId();
+            if (funcMapFromDB.containsKey(funcId)) {
+                funcMapFromDB.remove(funcId);
+                JSONObject func = node.initFuncObject();
+                func.remove("role");
+                partnerPermissionFunctionMapper.update(func);
+            } else {
+                JSONObject func = node.initFuncObject();
+                partnerPermissionFunctionMapper.save(func);
+            }
+        }
+
+        for (String funcId : funcMapFromDB.keySet()) {
+            partnerPermissionFunctionMapper.delete(funcId);
+        }
+    }
+
+    @Override
+    public JSONObject listFunctions() {
+        List<JSONObject> funcs = partnerPermissionFunctionMapper.listAll();
+        Map<String, List<JSONObject>> moduleMap = new TreeMap<>();
+        List<JSONObject> noModule = new ArrayList<>();
+        for (JSONObject func : funcs) {
+            String module = func.getString("module");
+            if (module == null) {
+                noModule.add(func);
+                continue;
+            }
+            List<JSONObject> funcsInModule = moduleMap.get(module);
+            if (funcsInModule == null) {
+                funcsInModule = new ArrayList<>();
+                moduleMap.put(module, funcsInModule);
+            }
+            funcsInModule.add(func);
+        }
+        JSONObject report = new JSONObject();
+        report.put("no_module", noModule);
+        List<JSONObject> modules = new ArrayList<>();
+        for (String module : moduleMap.keySet()) {
+            JSONObject mod = new JSONObject();
+            mod.put("module_name", module);
+            List<JSONObject> funcList = moduleMap.get(module);
+            mod.put("remark", funcList.get(0).getString("mod_remark"));
+            mod.put("module_id", funcList.get(0).getString("module_id"));
+            mod.put("js_module", funcList.get(0).getString("js_module"));
+            mod.put("js_path", funcList.get(0).getString("js_path"));
+            mod.put("funcs", funcList);
+            modules.add(mod);
+        }
+
+        report.put("modules", modules);
+        return report;
+    }
+
+    @Override
+    public List<JSONObject> listModules() {
+        return partnerPermissionModuleMapper.list();
+    }
+
+    @Override
+    public void saveOrUpdateModule(String moduleName, PartnerModuleInfo module) {
+        JSONObject mod = partnerPermissionModuleMapper.find(moduleName);
+        if (mod == null) {
+            mod = new JSONObject();
+            mod.put("module_name", moduleName);
+            module.initObject(mod);
+            partnerPermissionModuleMapper.save(mod);
+            List<JSONObject> IdandMoniker = clientMapper.listClientsIdAndMoniker();
+            JSONObject nModuleId = partnerPermissionModuleMapper.listModuleId(moduleName);
+
+            if (module.getInitialize()) {
+                for (JSONObject clientMod : IdandMoniker) {
+                    clientMod.put("client_id", clientMod.getString("client_id"));
+                    clientMod.put("client_moniker", clientMod.getString("client_moniker"));
+                    clientMod.put("module_id", nModuleId.getString("id"));
+                    clientMod.put("is_valid", 1);
+                    permissionClientModuleMapper.save(clientMod);
+                }
+            }
+            if (!module.getInitialize()) {
+                for (JSONObject clientMod : IdandMoniker) {
+                    clientMod.put("client_id", clientMod.getString("client_id"));
+                    clientMod.put("client_moniker", clientMod.getString("client_moniker"));
+                    clientMod.put("module_id", nModuleId.getString("id"));
+                    clientMod.put("is_valid", 0);
+                    permissionClientModuleMapper.save(clientMod);
+                }
+            }
+        }
+            module.initObject(mod);
+            partnerPermissionModuleMapper.update(mod);
+
+        }
+
+
+    @Override
+    public void checkAndDeleteModule(String moduleName) {
+        List<JSONObject> funcs = partnerPermissionFunctionMapper.listByModule(moduleName);
+        if (funcs.isEmpty()) {
+            permissionClientModuleMapper.delete(moduleName);
+            partnerPermissionModuleMapper.delete(moduleName);
+
+        } else {
+            throw new BadRequestException("Module have functions. Move them first.");
+        }
+    }
+
+    @Override
+    public void updateFuncInfo(String funcId, FuncInfo funcInfo) {
+        JSONObject update = new JSONObject();
+        update.put("func_id", funcId);
+        update.put("name", funcInfo.getName());
+        update.put("remark", funcInfo.getRemark());
+        partnerPermissionFunctionMapper.update(update);
+    }
+
+    @Override
+    @CacheEvict(value = ":login:managers:",allEntries = true)
+    public void setFunctionModule(String funcId, String moduleName) {
+        if (moduleName == null) {
+            throw new BadRequestException("module name not provided");
+        }
+        JSONObject mod = partnerPermissionModuleMapper.find(moduleName);
+        if (mod == null) {
+            throw new BadRequestException("Module:" + moduleName + " not exists!");
+        }
+        JSONObject nModuleId = partnerPermissionModuleMapper.listModuleId(moduleName);
+        JSONObject update = new JSONObject();
+        update.put("func_id", funcId);
+        update.put("module", moduleName);
+        update.put("module_id",nModuleId.getString("id"));
+        partnerPermissionFunctionMapper.update(update);
+    }
+
+    @Override
+    public List<String> listRoleFunctions(ManagerRole role) {
+        List<JSONObject> funcs = partnerPermissionFunctionMapper.listByRoleMask(role.getMask());
+        List<String> funcIds = new ArrayList<>();
+        for (JSONObject func : funcs) {
+            funcIds.add(func.getString("func_id"));
+        }
+        return funcIds;
+    }
+
+    @Override
+    @Transactional
+    @CacheEvict(value = ":login:managers:",allEntries = true)
+    public void authorizeRole(ManagerRole role, List<String> functions) {
+        partnerPermissionFunctionMapper.clearRolePermission(role.getInverseMask());
+        partnerPermissionFunctionMapper.authorizeRole(role.getMask(), functions);
+    }
+
+    @Override
+    public List<JSONObject> listUserFunctions(int role) {
+        return partnerPermissionFunctionMapper.listByRoleMask(role);
+    }
+
+}
--- a/src/main/java/au/com/royalpay/payment/manage/management/sysconfig/web/SysPartnerPermission.java
+++ b/src/main/java/au/com/royalpay/payment/manage/management/sysconfig/web/SysPartnerPermission.java
@ -0,0 +1,90 @@
+package au.com.royalpay.payment.manage.management.sysconfig.web;
+
+import au.com.royalpay.payment.manage.management.sysconfig.beans.FuncInfo;
+import au.com.royalpay.payment.manage.management.sysconfig.beans.PartnerModuleInfo;
+import au.com.royalpay.payment.manage.management.sysconfig.core.PartnerPermissionManager;
+import au.com.royalpay.payment.manage.permission.manager.ManagerMapping;
+import au.com.royalpay.payment.tools.exceptions.BadRequestException;
+import au.com.royalpay.payment.tools.permission.enums.ManagerRole;
+import com.alibaba.fastjson.JSONObject;
+import org.springframework.web.bind.annotation.*;
+
+import javax.annotation.Resource;
+import java.util.List;
+
+/**
+ * Created by yangluo on 2018/07/05.
+ */
+@RestController
+@ManagerMapping(role = ManagerRole.ADMIN, value = "/sys/partnerPermission")
+public class SysPartnerPermission {
+    @Resource
+    private PartnerPermissionManager patnerPermissionManager;
+
+    @RequestMapping(value = "/synchronize", method = RequestMethod.POST)
+    public void synchronizeFunctions() {
+        patnerPermissionManager.synchronizeFunctions();
+    }
+
+    @RequestMapping(value = "/functions", method = RequestMethod.GET)
+    public JSONObject listFunctions() {
+        return patnerPermissionManager.listFunctions();
+    }
+
+    @RequestMapping(value = "/functions/{funcId}.end", method = RequestMethod.PUT)
+    public void updateFunctionInfo(@PathVariable String funcId, @RequestBody FuncInfo funcInfo) {
+        patnerPermissionManager.updateFuncInfo(funcId, funcInfo);
+    }
+
+    @RequestMapping(value = "/functions/{funcId}/modules", method = RequestMethod.PUT)
+    public void setFuncModule(@PathVariable String funcId, @RequestBody JSONObject module) {
+        patnerPermissionManager.setFunctionModule(funcId, module.getString("module_name"));
+    }
+
+    @RequestMapping(value = "/modules", method = RequestMethod.GET)
+    public List<JSONObject> listModuless() {
+        return patnerPermissionManager.listModules();
+    }
+
+    @RequestMapping(value = "/modules/{moduleName}.end", method = RequestMethod.PUT)
+    public void updateModulee(@PathVariable String moduleName, @RequestBody PartnerModuleInfo module) {
+        patnerPermissionManager.saveOrUpdateModule(moduleName, module);
+    }
+
+    @RequestMapping(value = "/modules/{moduleName}.end", method = RequestMethod.DELETE)
+    public void deleteModulee(@PathVariable String moduleName) {
+        patnerPermissionManager.checkAndDeleteModule(moduleName);
+    }
+
+    @RequestMapping(value = "/roles/{roleMask}/functions", method = RequestMethod.GET)
+    public List<String> listRoleAuthorizedFunctions(@PathVariable String roleMask) {
+        try {
+            int mask = Integer.parseInt(roleMask, 2);
+            for (ManagerRole role : ManagerRole.values()) {
+                if (mask == role.getMask()) {
+                    return patnerPermissionManager.listRoleFunctions(role);
+                }
+            }
+
+        } catch (NumberFormatException ignored) {
+        }
+        throw new BadRequestException("Invalid role mask:" + roleMask);
+    }
+
+    @RequestMapping(value = "/roles/{roleMask}/functions",method = RequestMethod.PUT)
+    public void authorizeRole(@PathVariable String roleMask, @RequestBody List<String> functions){
+        try {
+            int mask = Integer.parseInt(roleMask, 2);
+            for (ManagerRole role : ManagerRole.values()) {
+                if (mask == role.getMask()) {
+                    patnerPermissionManager.authorizeRole(role,functions);
+                    return;
+                }
+            }
+
+        } catch (NumberFormatException ignored) {
+        }
+        throw new BadRequestException("Invalid role mask:" + roleMask);
+    }
+
+}
--- a/src/main/java/au/com/royalpay/payment/manage/mappers/system/ClientMapper.java
+++ b/src/main/java/au/com/royalpay/payment/manage/mappers/system/ClientMapper.java
@ -34,6 +34,9 @@ public interface ClientMapper {

    PageList<JSONObject> listPartners(JSONObject params, PageBounds pagination);

+    List<JSONObject> listClientsIdAndMoniker();
+
+
    List<JSONObject> passPartners(JSONObject params);

    List<JSONObject> listClients();
--- a/src/main/java/au/com/royalpay/payment/manage/mappers/system/PartnerPermissionFunctionMapper.java
+++ b/src/main/java/au/com/royalpay/payment/manage/mappers/system/PartnerPermissionFunctionMapper.java
@ -0,0 +1,39 @@
+package au.com.royalpay.payment.manage.mappers.system;
+
+import cn.yixblog.support.mybatis.autosql.annotations.AutoMapper;
+import cn.yixblog.support.mybatis.autosql.annotations.AutoSql;
+import cn.yixblog.support.mybatis.autosql.annotations.SqlType;
+import com.alibaba.fastjson.JSONObject;
+import org.apache.ibatis.annotations.Param;
+
+import java.util.List;
+
+/**
+ * Created by yixian on 2017-02-28.
+ */
+@AutoMapper(tablename = "sys_permission_partner_functions", pkName = "func_id")
+public interface PartnerPermissionFunctionMapper {
+
+    @AutoSql(type = SqlType.INSERT)
+    void save(JSONObject func);
+
+    @AutoSql(type = SqlType.UPDATE)
+    void update(JSONObject func);
+
+    List<JSONObject> listByRoleMask(@Param("mask") int mask);
+
+    List<JSONObject> listAll();
+
+    @AutoSql(type = SqlType.SELECT)
+    List<JSONObject> listByModule(@Param("module") String moduleName);
+
+    @AutoSql(type = SqlType.DELETE)
+    void delete(@Param("func_id") String funcId);
+
+    void clearRolePermission(@Param("mask") int mask);
+
+    void authorizeRole(@Param("mask") int mask, @Param("func_ids") List<String> functions);
+
+    @AutoSql(type = SqlType.SELECT)
+    JSONObject find(@Param("func_id") String funcId);
+}
--- a/src/main/java/au/com/royalpay/payment/manage/mappers/system/PartnerPermissionModuleMapper.java
+++ b/src/main/java/au/com/royalpay/payment/manage/mappers/system/PartnerPermissionModuleMapper.java
@ -0,0 +1,32 @@
+package au.com.royalpay.payment.manage.mappers.system;
+
+import cn.yixblog.support.mybatis.autosql.annotations.AutoMapper;
+import cn.yixblog.support.mybatis.autosql.annotations.AutoSql;
+import cn.yixblog.support.mybatis.autosql.annotations.SqlType;
+import com.alibaba.fastjson.JSONObject;
+import org.apache.ibatis.annotations.Param;
+
+import java.util.List;
+
+/**
+ * Created by yixian on 2017-02-28.
+ */
+@AutoMapper(tablename = "sys_permission_partner_modules", pkName = "module_name")
+public interface PartnerPermissionModuleMapper {
+
+    void save(JSONObject module);
+
+    JSONObject listModuleId(@Param("module_name") String moduleName);
+
+    @AutoSql(type = SqlType.UPDATE)
+    void update(JSONObject module);
+
+    @AutoSql(type = SqlType.DELETE)
+    void delete(@Param("module_name") String moduleName);
+
+    @AutoSql(type = SqlType.SELECT)
+    List<JSONObject> list();
+
+    @AutoSql(type = SqlType.SELECT)
+    JSONObject find(@Param("module_name") String moduleName);
+}
--- a/src/main/java/au/com/royalpay/payment/manage/mappers/system/PermissionClientModuleMapper.java
+++ b/src/main/java/au/com/royalpay/payment/manage/mappers/system/PermissionClientModuleMapper.java
@ -0,0 +1,29 @@
+package au.com.royalpay.payment.manage.mappers.system;
+
+import cn.yixblog.support.mybatis.autosql.annotations.AdvanceSelect;
+import cn.yixblog.support.mybatis.autosql.annotations.AutoMapper;
+import cn.yixblog.support.mybatis.autosql.annotations.AutoSql;
+import cn.yixblog.support.mybatis.autosql.annotations.SqlType;
+import com.alibaba.fastjson.JSONObject;
+import com.fasterxml.jackson.databind.jsonFormatVisitors.JsonAnyFormatVisitor;
+import org.apache.ibatis.annotations.Param;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import java.util.List;
+
+/**
+ * Created by yixian on 2017-02-28.
+ */
+@AutoMapper(tablename = "sys_permission_partner_modules_clients", pkName = "client_moniker")
+public interface PermissionClientModuleMapper {
+    @AutoSql(type = SqlType.INSERT)
+    void save(JSONObject clientmodules);
+
+    @AutoSql(type = SqlType.COUNT)
+    @AdvanceSelect(addonWhereClause = "is_valid=1")
+    int count(@Param("id") String moduleId);
+
+    void delete(@Param("module_name") String moduleName);
+
+
+}
--- a/src/main/resources/au/com/royalpay/payment/manage/mappers/system/ClientMapper.xml
+++ b/src/main/resources/au/com/royalpay/payment/manage/mappers/system/ClientMapper.xml
@ -180,6 +180,11 @@
            </if>
        </where>
    </select>
+    <select id="listClientsIdAndMoniker" resultType="com.alibaba.fastjson.JSONObject">
+        SELECT
+        client_id,client_moniker
+        from sys_clients
+    </select>
    <select id="listPartnerSelection" resultType="com.alibaba.fastjson.JSONObject">
        SELECT c.*,o.name org_name FROM sys_clients c
        inner join sys_org o on o.org_id=c.org_id
--- a/src/main/resources/au/com/royalpay/payment/manage/mappers/system/PartnerPermissionFunctionMapper.xml
+++ b/src/main/resources/au/com/royalpay/payment/manage/mappers/system/PartnerPermissionFunctionMapper.xml
@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
+<mapper namespace="au.com.royalpay.payment.manage.mappers.system.PartnerPermissionFunctionMapper">
+    <sql id="joinModule">
+        SELECT
+            f.*,
+            m.js_module,
+            m.js_path,
+            m.remark mod_remark
+        FROM sys_permission_partner_functions f
+            LEFT JOIN sys_permission_partner_modules m ON m.module_name and  m.id = f.module_id
+    </sql>
+    <update id="clearRolePermission">
+        <![CDATA[
+        UPDATE sys_permission_partner_functions
+        SET role = role & #{mask}
+        ]]>
+    </update>
+    <update id="authorizeRole">
+        <![CDATA[
+        UPDATE sys_permission_partner_functions
+        SET role = role | #{mask}
+        WHERE func_id in
+        ]]>
+        <foreach collection="func_ids" item="id" open="(" close=")" separator=",">
+            #{id}
+        </foreach>
+    </update>
+    <select id="listByRoleMask" resultType="com.alibaba.fastjson.JSONObject">
+        <include refid="joinModule"/>
+        <![CDATA[
+        WHERE f.role & #{mask} >0
+        ]]>
+    </select>
+    <select id="listAll" resultType="com.alibaba.fastjson.JSONObject">
+        <include refid="joinModule"/>
+        ORDER BY f.module ASC,f.func_id ASC,f.module_id ASC
+    </select>
+</mapper>
--- a/src/main/resources/au/com/royalpay/payment/manage/mappers/system/PartnerPermissionModuleMapper.xml
+++ b/src/main/resources/au/com/royalpay/payment/manage/mappers/system/PartnerPermissionModuleMapper.xml
@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
+<mapper namespace="au.com.royalpay.payment.manage.mappers.system.PartnerPermissionModuleMapper">
+
+
+    <select id="listModuleId" resultType="com.alibaba.fastjson.JSONObject" >
+        select id from sys_permission_partner_modules where module_name=#{module_name}
+    </select>
+
+    <update id="update">
+        update sys_permission_partner_modules set js_module=#{js_module},remark=#{remark},js_path=#{js_path}
+ where module_name = #{module_name}
+    </update>
+
+    <insert id="save">
+        insert into sys_permission_partner_modules(module_name,js_module,js_path,remark) value (#{module_name},#{js_module},#{js_path},#{remark})
+    </insert>
+
+
+</mapper>
--- a/src/main/resources/au/com/royalpay/payment/manage/mappers/system/PermissionClientModuleMapper.xml
+++ b/src/main/resources/au/com/royalpay/payment/manage/mappers/system/PermissionClientModuleMapper.xml
@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
+<mapper namespace="au.com.royalpay.payment.manage.mappers.system.PermissionClientModuleMapper">
+ <delete id="delete">
+     delete from sys_permission_partner_modules_clients
+     where sys_permission_partner_modules_clients.module_id = (SELECT module_id from sys_permission_partner_modules where module_name=#{module_name})
+ </delete>
+</mapper>
--- a/src/main/ui/static/config/sysconfigs/sysconfigs.js
+++ b/src/main/ui/static/config/sysconfigs/sysconfigs.js
@ -39,6 +39,24 @@ define(['angular', 'uiRouter'], function (angular) {
            templateUrl: '/static/config/sysconfigs/templates/payemnt_config.html',
            controller: 'paymentConfigCtrl'
        })*/
+            .state('sysconfig.partnerPermission', {
+                url: '/partnerPermission',
+                templateUrl: '/static/config/sysconfigs/templates/partnerPermission_config.html',
+                controller: 'partnerPermissionConfigRootCtrl'
+            }).state('sysconfig.partnerPermission.functions', {
+            url: '/partnerFunctions',
+            templateUrl: '/static/config/sysconfigs/templates/partnerPermission_functions.html',
+            controller: 'partnerPermissionFuncCtrl'
+        }).state('sysconfig.partnerPermission.modules', {
+            url: '/partnerModules',
+            templateUrl: '/static/config/sysconfigs/templates/partnerPermission_modules.html',
+            controller: 'partnerPermissionModuleCtrl',
+            resolve: {
+                modules: ['$http', function ($http) {
+                    return $http.get('/sys/partnerPermission/modules')
+                }]
+            }
+        })
    }]);
    app.controller('sysConfigCtrl', ['$scope', function ($scope) {

@ -118,6 +136,7 @@ define(['angular', 'uiRouter'], function (angular) {
                    $scope.modules = modules.data;
                })
            };
+
            $scope.loadModules();


@ -181,7 +200,7 @@ define(['angular', 'uiRouter'], function (angular) {
            $scope.newModule = function () {
                $uibModal.open({
                    templateUrl: '/static/config/sysconfigs/templates/permission_module_dialog.html',
-                    controller: 'moduleEditCtrl',
+                    controller: 'moduleNewCtrl',
                    resolve: {
                        module: function () {
                            return {};
@ -203,6 +222,7 @@ define(['angular', 'uiRouter'], function (angular) {
                }).result.then(function () {
                    $state.reload();
                })
+
            };
            $scope.deleteModule = function (mod) {
                commonDialog.confirm({
@ -230,7 +250,18 @@ define(['angular', 'uiRouter'], function (angular) {
            })
        };
    }]);
-
+    app.controller('moduleNewCtrl', ['$scope', '$http', 'module', function ($scope, $http, module) {
+        $scope.module = angular.copy(module);
+        $scope.nameEditable = !module.module_name;
+        $scope.save = function () {
+            $scope.errmsg = null;
+            $http.put('/sys/permission/modules/' + $scope.module.module_name + '.end', $scope.module).then(function () {
+                $scope.$close();
+            }, function (resp) {
+                $scope.errmsg = resp.data.message;
+            })
+        };
+    }]);
    app.controller('mailSubscribeCtrl', ['$scope', '$http','commonDialog','$uibModal',function ($scope, $http,commonDialog,$uibModal) {
        $scope.params = {};
        $scope.pagination = {};
@ -295,5 +326,207 @@ define(['angular', 'uiRouter'], function (angular) {
            })
        }
    }]);*/
+    app.controller('partnerPermissionConfigRootCtrl', ['$scope', '$http', '$uibModal', function ($scope, $http, $uibModal) {
+        $scope.authorizeRole = function (roleMask) {
+            $uibModal.open({
+                templateUrl: '/static/config/sysconfigs/templates/PartnerPermission_authorize_dialog.html',
+                controller: 'partnerPermissionAuthorizeDialogCtrl',
+                size: 'lg',
+                resolve: {
+                    authorized: ['$http', function ($http) {
+                        return $http.get('/sys/partnerPermission/roles/' + roleMask + '/functions');
+                    }],
+                    modules: ['$http', function ($http) {
+                        return $http.get('/sys/partnerPermission/functions');
+                    }],
+                    role: function () {
+                        return roleMask
+                    }
+                }
+            });
+        }
+    }]);
+    app.controller('partnerPermissionAuthorizeDialogCtrl', ['$scope', '$http', 'authorized', 'modules', 'role',
+        function ($scope, $http, authorized, modules, role) {
+            $scope.authorized = authorized.data;
+            $scope.modules = modules.data;
+            $scope.submitAuthorize = function () {
+                $scope.errmsg = null;
+                $http.put('/sys/partnerPermission/roles/' + role + '/functions', $scope.authorized).then(function () {
+                    $scope.$close();
+                }, function (resp) {
+                    $scope.errmsg = resp.data.message;
+                })
+            };
+            $scope.toggleAuthorize = function (func) {
+                var idx = $scope.authorized.indexOf(func.func_id);
+                if (idx >= 0) {
+                    $scope.authorized.splice(idx, 1);
+                } else {
+                    $scope.authorized.push(func.func_id);
+                }
+            }
+        }]
+    );
+    app.controller('partnerPermissionFuncCtrl', ['$scope', '$http', '$state', '$uibModal', 'commonDialog',
+        function ($scope, $http, $state, $uibModal, commonDialog) {
+            $scope.loadFunctions = function () {
+                $http.get('/sys/partnerPermission/functions').then(function (functions) {
+                    $scope.modFunctions = functions.data;
+                })
+            };
+            $scope.loadFunctions();
+
+            $scope.loadModules = function () {
+                $http.get('/sys/partnerPermission/modules').then(function (modules) {
+                    $scope.modules = modules.data;
+                })
+            };
+
+            $scope.loadModules();
+
+
+            $scope.syncFunctions = function () {
+                $http.post('/sys/partnerPermission/synchronize').then(function () {
+                    $scope.loadFunctions();
+                })
+            };
+            $scope.moveFunction = function (func) {
+                $uibModal.open({
+                    templateUrl: '/static/config/sysconfigs/templates/partnerPermission_choose_module.html',
+                    controller: 'partnerPermissionChooseModuleDialogCtrl',
+                    resolve: {
+                        modules: function () {
+                            return $scope.modules;
+                        }
+                    }
+                }).result.then(function (modName) {
+                    $http.put('/sys/partnerPermission/functions/' + func.func_id + '/modules', {module_name: modName}).then(function () {
+                        $scope.loadFunctions();
+                    }, function (resp) {
+                        commonDialog.alert({title: 'Error', content: resp.data.message, type: 'error'})
+                    })
+                })
+            };
+            $scope.editFunctionInfo = function (func) {
+                $uibModal.open({
+                    templateUrl: '/static/config/sysconfigs/templates/PartnerFunc_info_edit.html',
+                    controller: 'partnerPermissionFuncEditDialogCtrl',
+                    resolve: {
+                        func: function () {
+                            return angular.copy(func);
+                        }
+                    }
+                }).result.then(function () {
+                    $scope.loadFunctions();
+                })
+            }
+        }]
+    );
+    app.controller('partnerPermissionChooseModuleDialogCtrl', ['$scope', '$http', 'modules', function ($scope, $http, modules) {
+        $scope.modules = modules;
+        $scope.chooseModule = function (mod) {
+            $scope.$close(mod.module_name);
+        }
+    }]);
+    app.controller('partnerPermissionFuncEditDialogCtrl', ['$scope', '$http', 'func', function ($scope, $http, func) {
+        $scope.func = func;
+        $scope.modifyFunction = function () {
+            $scope.errmsg = null;
+            $http.put('/sys/partnerPermission/functions/' + func.func_id + '.end', $scope.func).then(function () {
+                $scope.$close();
+            }, function (resp) {
+                $scope.errmsg = resp.data.message;
+            })
+        };
+    }]);
+    app.controller('partnerPermissionModuleCtrl', ['$scope', '$http', '$state', '$uibModal', 'commonDialog', 'modules',
+        function ($scope, $http, $state, $uibModal, commonDialog, modules) {
+            $scope.modules = modules.data;
+            $scope.newPartnerModule = function () {
+                $uibModal.open({
+                    templateUrl: '/static/config/sysconfigs/templates/PartnerPermission_module_dialog.html',
+                    controller: 'partnerModuleNewCtrl',
+                    resolve: {
+                        module: function () {
+                            return {};
+                        }
+                    }
+                }).result.then(function () {
+                    $state.reload();
+                })
+            };
+            $scope.editPartnerModule = function (mod) {
+                $uibModal.open({
+                    templateUrl: '/static/config/sysconfigs/templates/PartnerPermission_module_dialog.html',
+                    controller: 'partnerModuleEditCtrl',
+                    resolve: {
+                        module: function () {
+                            return mod;
+                        }
+                    }
+                }).result.then(function () {
+                    $state.reload();
+                })
+
+            };
+            $scope.deletePartnerModule = function (mod) {
+                commonDialog.confirm({
+                    title: 'Warning',
+                    content: 'You are deleting an exists module. Confirm?'
+                }).then(function () {
+                    $http.delete('/sys/partnerPermission/modules/' + mod.module_name + '.end').then(function () {
+                        $state.reload();
+                    }, function (resp) {
+                        commonDialog.alert({title: 'Error', content: resp.data.message, type: 'error'})
+                    })
+                });
+            }
+        }]
+    );
+    app.controller('partnerModuleEditCtrl', ['$scope', '$http', 'module', function ($scope, $http, module) {
+        $scope.module = angular.copy(module);
+        $scope.nameEditable = !module.module_name;
+        $http.get('/sys/partnerPermission/modules/'+ $scope.module.module_id + '.num').then(function (num) {
+            $scope.module.initialize = num.data.bool;
+        })
+        $scope.save = function () {
+            $scope.errmsg = null;
+            $http.put('/sys/partnerPermission/modules/' + $scope.module.module_name + '.end', $scope.module).then(function () {
+                $scope.$close();
+            }, function (resp) {
+                $scope.errmsg = resp.data.message;
+            })
+        };
+    }]);
+    app.controller('partnerModuleNewCtrl', ['$scope', '$http', 'module', function ($scope, $http, module) {
+        $scope.module = angular.copy(module);
+        $scope.nameEditable = !module.module_name;
+        $scope.module.initialize = false;
+        $scope.save = function () {
+            $scope.errmsg = null;
+            $http.put('/sys/partnerPermission/modules/' + $scope.module.module_name + '.end', $scope.module).then(function () {
+                $scope.$close();
+            }, function (resp) {
+                $scope.errmsg = resp.data.message;
+            })
+        };
+    }]);
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
    return app;
 });
--- a/src/main/ui/static/config/sysconfigs/templates/PartnerFunc_info_edit.html
+++ b/src/main/ui/static/config/sysconfigs/templates/PartnerFunc_info_edit.html
@ -0,0 +1,20 @@
+<div class="modal-header">
+    <h4>Edit Function Detail</h4>
+</div>
+<div class="modal-body">
+    <div class="form-group">
+        <p class="form-control-static text-bold" ng-bind="func.func_id"></p>
+    </div>
+    <div class="form-group">
+        <label class="control-label" for="name-input">Name</label>
+        <input class="form-control" id="name-input" ng-model="func.name">
+    </div>
+    <div class="form-group">
+        <label class="control-label" for="remark-input">Remark</label>
+        <input class="form-control" id="remark-input" ng-model="func.remark">
+    </div>
+</div>
+<div class="modal-footer">
+    <button class="btn btn-success" ng-click="modifyFunction()">Save</button>
+    <button class="btn btn-danger" ng-click="$dismiss()">Cancel</button>
+</div>
--- a/src/main/ui/static/config/sysconfigs/templates/PartnerPermission_authorize_dialog.html
+++ b/src/main/ui/static/config/sysconfigs/templates/PartnerPermission_authorize_dialog.html
@ -0,0 +1,16 @@
+<div class="modal-header">
+    <h4>Authorize To Role</h4>
+</div>
+<div class="modal-body">
+    <div ng-repeat="mod in modules.modules" class="list-group">
+        <div class="list-group-item list-group-item-info" ng-bind="mod.module_name+' - '+mod.remark"></div>
+        <a role="button" class="list-group-item" ng-repeat="func in mod.funcs" ng-bind="func.func_id+(func.remark?'('+func.remark+')':'')"
+           ng-class="{active:authorized.indexOf(func.func_id)>=0}" ng-click="toggleAuthorize(func)">
+        </a>
+    </div>
+    <div class="alert alert-danger" ng-if="errmsg" ng-bind="errmsg"></div>
+</div>
+<div class="modal-footer">
+    <button class="btn btn-success" ng-click="submitAuthorize()">Submit</button>
+    <button class="btn btn-danger" ng-click="$dismiss()">Cancel</button>
+</div>
--- a/src/main/ui/static/config/sysconfigs/templates/partnerPermission_choose_module.html
+++ b/src/main/ui/static/config/sysconfigs/templates/partnerPermission_choose_module.html
@ -0,0 +1,16 @@
+<div class="modal-header">
+    <h4>Choose Module</h4>
+</div>
+<div class="modal-body">
+    <div class="list-group">
+        <a class="list-group-item" ng-repeat="mod in modules" ng-click="chooseModule(mod)" role="button">
+            <p>
+                <span class="pull-left" ng-bind="mod.module_name"></span>
+                <span class="pull-right" ng-bind="mod.remark"></span>
+            </p>
+        </a>
+    </div>
+</div>
+<div class="modal-footer">
+    <button class="btn btn-danger" ng-click="$dismiss()">Cancel</button>
+</div>
--- a/src/main/ui/static/config/sysconfigs/templates/partnerPermission_config.html
+++ b/src/main/ui/static/config/sysconfigs/templates/partnerPermission_config.html
@ -0,0 +1,38 @@
+<section class="content-header">
+    <h1>Permission Config</h1>
+    <ol class="breadcrumb">
+        <li>
+            <a ui-sref="^"><i class="fa fa-cog"></i> System Config</a>
+        </li>
+        <li>Partner Permission Config</li>
+    </ol>
+</section>
+<section class="content">
+    <div class="row">
+        <div class="col-sm-12">
+            <div class="nav-tabs-custom">
+                <ul class="nav nav-tabs">
+                    <li ui-sref-active-eq="active">
+                        <a ui-sref="sysconfig.partnerPermission">Permissions</a>
+                    </li>
+                    <li ui-sref-active="active">
+                        <a ui-sref=".functions">Functions</a>
+                    </li>
+                    <li ui-sref-active="active">
+                        <a ui-sref=".modules">Modules</a>
+                    </li>
+                </ul>
+                <div class="tab-content" ui-view>
+                    <a class="btn btn-app" role="button" ng-click="authorizeRole('1')">
+                        <i class="fa fa-user-secret"></i>
+                        Administrator
+                    </a>
+                    <a class="btn btn-app" role="button" ng-click="authorizeRole('10')">
+                        <i class="fa fa-eye"></i>
+                        Compliance
+                    </a>
+                </div>
+            </div>
+        </div>
+    </div>
+</section>
--- a/src/main/ui/static/config/sysconfigs/templates/partnerPermission_functions.html
+++ b/src/main/ui/static/config/sysconfigs/templates/partnerPermission_functions.html
@ -0,0 +1,43 @@
+<div class="row margin-bottom">
+    <div class="col-xs-12">
+        <button class="btn btn-primary" ng-click="syncFunctions()">
+            <i class="fa fa-refresh"></i> Synchronize Code
+        </button>
+    </div>
+</div>
+
+<div class="panel panel-warning" ng-if="modFunctions.no_module.length">
+    <div class="panel-heading">Functions With No Modules</div>
+    <div class="panel-body table-responsive">
+        <table class="table table-hover">
+            <tbody>
+            <tr ng-repeat="func in modFunctions.no_module">
+                <th ng-bind="func.func_id" title="{{func.remark}}"></th>
+                <td ng-bind="func.uri+'['+func.req_methods+']'" title="{{func.remark}}"></td>
+                <td ng-bind="func.name"></td>
+                <td>
+                    <a role="button" ng-click="moveFunction(func)" title="Move"><i class="fa fa-arrows"></i></a>
+                    <a role="button" ng-click="editFunctionInfo(func)" title="Edit"><i class="fa fa-edit"></i></a>
+                </td>
+            </tr>
+            </tbody>
+        </table>
+    </div>
+</div>
+<uib-accordion>
+    <uib-accordion-group ng-repeat="mod in modFunctions.modules" heading="{{mod.module_name+' - '+mod.remark}}">
+        <table class="table table-hover">
+            <tbody>
+            <tr ng-repeat="func in mod.funcs">
+                <th ng-bind="func.func_id+(func.remark?'('+func.remark+')':'')" title="{{func.remark}}"></th>
+                <td ng-bind="func.uri+'['+func.req_methods+']'" title="{{func.remark}}"></td>
+                <td ng-bind="func.name"></td>
+                <td>
+                    <a role="button" ng-click="moveFunction(func)" title="Move"><i class="fa fa-arrows"></i></a>
+                    <a role="button" ng-click="editFunctionInfo(func)" title="Edit"><i class="fa fa-edit"></i></a>
+                </td>
+            </tr>
+            </tbody>
+        </table>
+    </uib-accordion-group>
+</uib-accordion>
--- a/src/main/ui/static/config/sysconfigs/templates/partnerPermission_module_dialog.html
+++ b/src/main/ui/static/config/sysconfigs/templates/partnerPermission_module_dialog.html
@ -0,0 +1,35 @@
+<div class="modal-header">
+    <h4 ng-if="!nameEditable">Edit Module</h4>
+    <h4 ng-if="nameEditable">New Module</h4>
+</div>
+<div class="modal-body">
+    <div class="alert alert-danger" ng-if="errmsg" ng-bind="errmsg"></div>
+    <div class="form-group">
+        <label class="control-label">Module Name</label>
+        <input ng-if="nameEditable" class="form-control" ng-model="module.module_name" placeholder="Module Name">
+        <p class="form-control-static" ng-bind="module.module_name" ng-if="!nameEditable"></p>
+    </div>
+    <div class="form-group">
+        <label class="control-label" for="jsModule">Js Module</label>
+        <input class="form-control" id="jsModule" ng-model="module.js_module">
+    </div>
+    <div class="form-group">
+        <label class="control-label" for="jsPath">Js Path</label>
+        <input class="form-control" id="jsPath" ng-model="module.js_path">
+    </div>
+    <div class="form-group">
+        <label class="control-label" for="remark">Remark</label>
+        <input class="form-control" id="remark" ng-model="module.remark">
+    </div>
+    <div class="form-group" ng-if="nameEditable">
+        <label class="control-label">是否初始化</label>
+        <input class="control-in" type="checkbox" ng-model="module.initialize" bs-switch
+               switch-change="init()">
+    </div>
+
+
+</div>
+<div class="modal-footer">
+    <button class="btn btn-success" ng-click="save()">Submit</button>
+    <button class="btn btn-danger" ng-click="$dismiss()">Cancel</button>
+</div>
--- a/src/main/ui/static/config/sysconfigs/templates/partnerPermission_modules.html
+++ b/src/main/ui/static/config/sysconfigs/templates/partnerPermission_modules.html
@ -0,0 +1,30 @@
+<div class="row margin-bottom">
+    <div class="col-xs-12">
+        <button class="btn btn-success" type="button" ng-click="newPartnerModule()"><i class="fa fa-plus"></i> Add Module</button>
+    </div>
+</div>
+<div class="table-responsive">
+    <table class="table table-bordered table-hover">
+        <thead>
+        <tr>
+            <th>Module ID</th>
+            <th>Module Name</th>
+            <th>Js Module</th>
+            <th>Remark</th>
+            <th>Operation</th>
+        </tr>
+        </thead>
+        <tbody>
+        <tr ng-repeat="mod in modules">
+            <td ng-bind="mod.id"></td>
+            <td ng-bind="mod.module_name"></td>
+            <td ng-bind="mod.js_module"></td>
+            <td ng-bind="mod.remark|limitTo:20" title="{{mod.remark}}"></td>
+            <td>
+                <a role="button" ng-click="editPartnerModule(mod)" title="Edit"><i class="fa fa-edit"></i></a>
+                <a role="button" class="text-danger" ng-click="deletePartnerModule(mod)" title="Delete"><i class="fa fa-trash"></i></a>
+            </td>
+        </tr>
+        </tbody>
+    </table>
+</div>
--- a/src/main/ui/static/config/sysconfigs/templates/sysconfig.html
+++ b/src/main/ui/static/config/sysconfigs/templates/sysconfig.html
@ -25,6 +25,11 @@
                    Mail Subscriptions
                </a>

+                <a class="btn btn-app" role="button" ui-sref=".partnerPermission">
+                    <i class="fa fa-key"></i>
+                    Partner Permission Config
+                </a>
+
                <!--<a class="btn btn-app" role="button" ui-sref=".payment_config">
                    <i class="fa fa-edit"></i>
                    Payment Config