权限中台

a7dd5d04 · dong.an · 151a1d66 · a7dd5d04 · a7dd5d04 · a7dd5d04
--- a/client/src/main/java/com/pica/cloud/permission/permission/client/PermissionServiceClient.java
+++ b/client/src/main/java/com/pica/cloud/permission/permission/client/PermissionServiceClient.java
@@ -6,9 +6,7 @@ import com.pica.cloud.permission.permission.common.dto.AuthResultDto;
 import com.pica.cloud.permission.permission.common.dto.GrantDto;
 import com.pica.cloud.permission.permission.common.dto.UserRoleDto;
 import org.springframework.cloud.netflix.feign.FeignClient;
-import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.*;
-import org.springframework.web.bind.annotation.PutMapping;
-import org.springframework.web.bind.annotation.RequestBody;
 /**
 * @author andong
@@ -32,4 +30,8 @@ public interface PermissionServiceClient {
    //鉴权
    @PostMapping("/permission/permission/auth")
    PicaResponse<AuthResultDto> auth(@RequestBody AuthDto authDto);
+    //初始化用户-角色缓存信息
+    @GetMapping("/permission/permission/init/user")
+    PicaResponse initUserRole(@RequestParam("userId") int userId);
 }
--- a/common/src/main/java/com/pica/cloud/permission/permission/common/constants/AuthTypeEnum.java
+++ b/common/src/main/java/com/pica/cloud/permission/permission/common/constants/AuthTypeEnum.java
@@ -4,7 +4,6 @@ package com.pica.cloud.permission.permission.common.constants;
 * @author andong
 * @create 2019/9/5
 */
-@SuppressWarnings("unused")
 public enum AuthTypeEnum {
    ROLE(1, "角色鉴权"), URL(2, "url鉴权");

--- a/common/src/main/java/com/pica/cloud/permission/permission/common/constants/GrantCodeEnum.java
+++ b/common/src/main/java/com/pica/cloud/permission/permission/common/constants/GrantCodeEnum.java
@@ -14,6 +14,6 @@ public enum  GrantCodeEnum {
    ADMIN,  //成为机构管理员
    REMOVE_MAIN_ADMIN,  //移除机构主管理员
    REMOVE_ADMIN,  //移除机构管理员
-    CERTIFY;  //认证通过
+    CERTIFY  //认证通过
 }
--- a/common/src/main/java/com/pica/cloud/permission/permission/common/dto/AuthDto.java
+++ b/common/src/main/java/com/pica/cloud/permission/permission/common/dto/AuthDto.java
 package com.pica.cloud.permission.permission.common.dto;
-import com.pica.cloud.permission.permission.common.constants.AuthTypeEnum;
+import java.util.List;
 /**
 * @author andong
@@ -8,43 +8,54 @@ import com.pica.cloud.permission.permission.common.constants.AuthTypeEnum;
 */
 public class AuthDto {
-    private Integer productType;
+    private int productType;
-    private Integer userId;
+    private int userId;
-    private AuthTypeEnum authType;
+    private int authType;
-    private String roleCode;
+    private List<String> roleCodes;
    private String url;
-    private boolean dataAuth = false;
+    private boolean dataAuth;
+    private String sysCode;
-    public Integer getProductType() {
+    public AuthDto(int productType, int userId, int authType, List<String> roleCodes, String url, boolean dataAuth, String sysCode) {
+        this.productType = productType;
+        this.userId = userId;
+        this.authType = authType;
+        this.roleCodes = roleCodes;
+        this.url = url;
+        this.dataAuth = dataAuth;
+        this.sysCode = sysCode;
+    }
+    public int getProductType() {
        return productType;
    }
-    public void setProductType(Integer productType) {
+    public void setProductType(int productType) {
        this.productType = productType;
    }
-    public Integer getUserId() {
+    public int getUserId() {
        return userId;
    }
-    public void setUserId(Integer userId) {
+    public void setUserId(int userId) {
        this.userId = userId;
    }
-    public AuthTypeEnum getAuthType() {
+    public int getAuthType() {
        return authType;
    }
-    public void setAuthType(AuthTypeEnum authType) {
+    public void setAuthType(int authType) {
        this.authType = authType;
    }
-    public String getRoleCode() {
+    public List<String> getRoleCodes() {
-        return roleCode;
+        return roleCodes;
    }
-    public void setRoleCode(String roleCode) {
+    public void setRoleCodes(List<String> roleCodes) {
-        this.roleCode = roleCode;
+        this.roleCodes = roleCodes;
    }
    public String getUrl() {
@@ -62,4 +73,12 @@ public class AuthDto {
    public void setDataAuth(boolean dataAuth) {
        this.dataAuth = dataAuth;
    }
+    public String getSysCode() {
+        return sysCode;
+    }
+    public void setSysCode(String sysCode) {
+        this.sysCode = sysCode;
+    }
 }
--- a/common/src/main/java/com/pica/cloud/permission/permission/common/dto/GrantDto.java
+++ b/common/src/main/java/com/pica/cloud/permission/permission/common/dto/GrantDto.java
 package com.pica.cloud.permission.permission.common.dto;
-import com.pica.cloud.permission.permission.common.constants.GrantCodeEnum;
 /**
 * @author andong
 * @create 2019/9/4
 */
 public class GrantDto {
-    private Integer productType;
+    private int productType;
-    private Integer userId;
+    private int userId;
-    private GrantCodeEnum grantCode;
+    private String grantCode;
-    private Integer createdId;
+    private int createdId;
+    private String sysCode;
-    public Integer getProductType() {
+    public int getProductType() {
        return productType;
    }
-    public void setProductType(Integer productType) {
+    public void setProductType(int productType) {
        this.productType = productType;
    }
-    public Integer getUserId() {
+    public int getUserId() {
        return userId;
    }
-    public void setUserId(Integer userId) {
+    public void setUserId(int userId) {
        this.userId = userId;
    }
-    public GrantCodeEnum getGrantCode() {
+    public String getGrantCode() {
        return grantCode;
    }
-    public void setGrantCode(GrantCodeEnum grantCode) {
+    public void setGrantCode(String grantCode) {
        this.grantCode = grantCode;
    }
-    public Integer getCreatedId() {
+    public int getCreatedId() {
        return createdId;
    }
-    public void setCreatedId(Integer createdId) {
+    public void setCreatedId(int createdId) {
        this.createdId = createdId;
    }
+    public String getSysCode() {
+        return sysCode;
+    }
+    public void setSysCode(String sysCode) {
+        this.sysCode = sysCode;
+    }
 }
--- a/server/pom.xml
+++ b/server/pom.xml
@@ -85,10 +85,10 @@
            <artifactId>spring-cloud-starter-zipkin</artifactId>
        </dependency>
-        <dependency>
+        <!--  <dependency>
            <groupId>org.springframework.kafka</groupId>
            <artifactId>spring-kafka</artifactId>
-        </dependency>
+        </dependency>-->
        <dependency>
            <groupId>com.pica.cloud.permission</groupId>

--- a/server/src/main/java/com/pica/cloud/permission/permission/server/constants/Constants.java
+++ b/server/src/main/java/com/pica/cloud/permission/permission/server/constants/Constants.java
@@ -16,6 +16,9 @@ public class Constants {
    public static final String KEY_ROLE_URL = "perm_role_url_";  //角色-资源
    public static final String KEY_ROLE_DATA = "perm_role_data_";  //角色-资源-数据权限
+    //缓存失效时间
+    public static final int EXPIRE_TIMES = 2592000;  //30天
    //数据分割符
    public static final String DATA_SPLIT = ";;;";

--- a/server/src/main/java/com/pica/cloud/permission/permission/server/controller/DataPrivilegeController.java
+++ b/server/src/main/java/com/pica/cloud/permission/permission/server/controller/DataPrivilegeController.java
@@ -38,7 +38,7 @@ public class DataPrivilegeController {
    @ApiOperation("添加数据资源")
    @PostMapping("/data-privilege")
-    public PicaResponse addDataPrivilege(DataPrivilege dataPrivilege) {
+    public PicaResponse addDataPrivilege(@RequestBody DataPrivilege dataPrivilege) {
        DataPrivilegeValidation.addDataPrivilegeValidate(dataPrivilege);
        dataPrivilegeService.addDataPrivilege(dataPrivilege);
        return PicaResponse.toResponse();
@@ -46,7 +46,7 @@ public class DataPrivilegeController {
    @ApiOperation("修改数据资源")
    @PutMapping("/data-privilege")
-    public PicaResponse updateDataPrivilege(DataPrivilege dataPrivilege) {
+    public PicaResponse updateDataPrivilege(@RequestBody DataPrivilege dataPrivilege) {
        DataPrivilegeValidation.updateDataPrivilegeValidate(dataPrivilege);
        dataPrivilegeService.updateDataPrivilege(dataPrivilege);
        return PicaResponse.toResponse();

--- a/server/src/main/java/com/pica/cloud/permission/permission/server/controller/PermissionController.java
+++ b/server/src/main/java/com/pica/cloud/permission/permission/server/controller/PermissionController.java
 package com.pica.cloud.permission.permission.server.controller;
 import com.pica.cloud.foundation.entity.PicaResponse;
+import com.pica.cloud.foundation.redis.ICacheClient;
 import com.pica.cloud.permission.permission.common.dto.AuthDto;
 import com.pica.cloud.permission.permission.common.dto.AuthResultDto;
 import com.pica.cloud.permission.permission.common.dto.GrantDto;
+import com.pica.cloud.permission.permission.server.service.PermissionCacheService;
 import com.pica.cloud.permission.permission.server.service.PermissionService;
 import com.pica.cloud.permission.permission.server.validation.PermissionValidation;
 import io.swagger.annotations.Api;
@@ -11,6 +13,9 @@ import io.swagger.annotations.ApiOperation;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
+import java.util.Set;
 /**
 * @author andong
 * @create 2019/8/29
@@ -22,10 +27,15 @@ public class PermissionController {
    @Autowired
    private PermissionService permissionService;
+    @Autowired
+    private PermissionCacheService permissionCacheService;
+    @Autowired
+    private ICacheClient cacheClient;
    @GetMapping("/test")
-    public PicaResponse<String> test() {
+    public PicaResponse test(@RequestParam("key") String key) {
-        return PicaResponse.toResponse("test");
+        Set<String> set = cacheClient.smembers(key);
+        return PicaResponse.toResponse(set);
    }
    @ApiOperation("授权")
@@ -44,4 +54,18 @@ public class PermissionController {
        return PicaResponse.toResponse(result);
    }
+    @ApiOperation("初始化角色-资源缓存信息")
+    @GetMapping("/init/role-res")
+    public PicaResponse initAllRoleResource() {
+        permissionCacheService.initAllRoleResource();
+        return PicaResponse.toResponse();
+    }
+    @ApiOperation("初始化用户-角色缓存信息")
+    @GetMapping("/init/user")
+    public PicaResponse initUserRole(@RequestParam("userId") int userId) {
+        permissionCacheService.initUserRole(userId);
+        return PicaResponse.toResponse();
+    }
 }
--- a/server/src/main/java/com/pica/cloud/permission/permission/server/exception/GlobalExceptionHandler.java
+++ b/server/src/main/java/com/pica/cloud/permission/permission/server/exception/GlobalExceptionHandler.java
-//package com.pica.cloud.permission.permission.server.exception;
+package com.pica.cloud.permission.permission.server.exception;
-//
-//
+import com.pica.cloud.foundation.entity.PicaException;
-//import com.pica.cloud.foundation.entity.PicaResponse;
+import com.pica.cloud.foundation.entity.PicaResponse;
-//import org.slf4j.Logger;
+import org.slf4j.Logger;
-//import org.slf4j.LoggerFactory;
+import org.slf4j.LoggerFactory;
-//import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.bind.annotation.ExceptionHandler;
-//import org.springframework.web.bind.annotation.RestControllerAdvice;
+import org.springframework.web.bind.annotation.RestControllerAdvice;
-//import javax.servlet.http.HttpServletRequest;
-//import javax.servlet.http.HttpServletResponse;
+@RestControllerAdvice
-//
+public class GlobalExceptionHandler {
-//@RestControllerAdvice
+    public static final Logger logger =  LoggerFactory.getLogger(GlobalExceptionHandler.class);
-//public class GlobalExceptionHandler {
-//    public static final Logger logger =  LoggerFactory.getLogger(GlobalExceptionHandler.class);
+    @ExceptionHandler(Exception.class)
-//
+    public PicaResponse defaultErrorHandler(Throwable t){
-//    @ExceptionHandler(Exception.class)
+        if (t instanceof PicaException) {
-//    public PicaResponse defaultErrorHandler(HttpServletRequest request , HttpServletResponse response, Throwable e){
+            PicaException ex = (PicaException) t;
-//        logger.error(e.getMessage(), e);
+            return PicaResponse.toResponse(null, ex.getCode(), ex.getMsg());
-//        return PicaResponse.toResponse(null, "500005", "服务内部异常");
+        }
-//    }
+        logger.error(t.getMessage(), t);
-//}
+        return PicaResponse.toResponse(null, "500005", "服务内部异常");
\ No newline at end of file
+    }
+}
\ No newline at end of file
--- a/server/src/main/java/com/pica/cloud/permission/permission/server/mapper/RoleResourceMapper.java
+++ b/server/src/main/java/com/pica/cloud/permission/permission/server/mapper/RoleResourceMapper.java
@@ -19,9 +19,9 @@ public interface RoleResourceMapper {
    int deleteAll(@Param("roleId") int roleId, @Param("modifiedId") int modifiedId);
-    int checkResourceUsed(int resourceId);
+    Integer checkResourceUsed(int resourceId);
-    int checkDataPrivilegeUsed(int dataPrivilegeId);
+    Integer checkDataPrivilegeUsed(int dataPrivilegeId);
    List<RoleResourceDto> getByResourceId(int resourceId);

--- a/server/src/main/java/com/pica/cloud/permission/permission/server/mapper/UserRoleMapper.java
+++ b/server/src/main/java/com/pica/cloud/permission/permission/server/mapper/UserRoleMapper.java
@@ -19,6 +19,6 @@ public interface UserRoleMapper {
    int deleteUserRole(UserRole userRole);
-    int checkRoleUsed(int roleId);
+    Integer checkRoleUsed(int roleId);
 }
\ No newline at end of file
--- a/server/src/main/java/com/pica/cloud/permission/permission/server/service/impl/PermissionCacheServiceImpl.java
+++ b/server/src/main/java/com/pica/cloud/permission/permission/server/service/impl/PermissionCacheServiceImpl.java
@@ -206,6 +206,7 @@ public class PermissionCacheServiceImpl implements PermissionCacheService {
            for (UserRoleDto dto : list) {
                cacheClient.sadd(key, dto.getRoleCode());
            }
+            cacheClient.expire(key, Constants.EXPIRE_TIMES);  //缓存过期时间30天
        } catch (Exception ex) {
            logger.error(ex.getMessage(), ex);
        }

--- a/server/src/main/java/com/pica/cloud/permission/permission/server/service/impl/PermissionServiceImpl.java
+++ b/server/src/main/java/com/pica/cloud/permission/permission/server/service/impl/PermissionServiceImpl.java
@@ -33,14 +33,14 @@ public class PermissionServiceImpl implements PermissionService {
    @Override
    public AuthResultDto auth(AuthDto authDto) {
-        if (authDto.getAuthType() == AuthTypeEnum.ROLE) {  //判断用户是否具有角色
+        if (authDto.getAuthType() == AuthTypeEnum.ROLE.code()) {  //判断用户是否具有角色
-            if (authDto.getProductType().intValue() == ProductTypeEnum.DOCTOR.code()) {
+            if (authDto.getProductType() == ProductTypeEnum.DOCTOR.code()) {
                return this.doctorRoleAuth(authDto);
            } else {
                //TODO
            }
-        } else if (authDto.getAuthType() == AuthTypeEnum.URL) {  //判断用户是否具有该url访问权限
+        } else if (authDto.getAuthType() == AuthTypeEnum.URL.code()) {  //判断用户是否具有该url访问权限
-            if (authDto.getProductType().intValue() == ProductTypeEnum.DOCTOR.code()) {
+            if (authDto.getProductType() == ProductTypeEnum.DOCTOR.code()) {
                return this.doctorUrlAuth(authDto);
            } else {
                //TODO
@@ -51,13 +51,18 @@ public class PermissionServiceImpl implements PermissionService {
    //医生角色鉴权
    private AuthResultDto doctorRoleAuth(AuthDto authDto) {
-        boolean access = cacheClient.sismember(Constants.KEY_DOCTOR_ROLE + authDto.getUserId().toString(), authDto.getRoleCode());
+        for (String roleCode : authDto.getRoleCodes()) {
-        return new AuthResultDto(access, null);
+            boolean access = cacheClient.sismember(Constants.KEY_DOCTOR_ROLE + authDto.getUserId(), roleCode);
+            if (access) {
+                return new AuthResultDto(true, null);
+            }
+        }
+        return new AuthResultDto(false, null);
    }
    //医生url鉴权
    private AuthResultDto doctorUrlAuth(AuthDto authDto) {
-        Set<String> roleCodes = cacheClient.smembers(Constants.KEY_DOCTOR_ROLE + authDto.getUserId().toString());
+        Set<String> roleCodes = cacheClient.smembers(Constants.KEY_DOCTOR_ROLE + authDto.getUserId());
        if (CollectionUtils.isEmpty(roleCodes)) {  //用户无任何角色
            return new AuthResultDto(false, null);
        }

--- a/server/src/main/java/com/pica/cloud/permission/permission/server/service/impl/RoleServiceImpl.java
+++ b/server/src/main/java/com/pica/cloud/permission/permission/server/service/impl/RoleServiceImpl.java
@@ -70,5 +70,6 @@ public class RoleServiceImpl implements RoleService {
        role.setDeleteFlag(Constants.DELETE_FLAG_INVALID);
        role.setModifiedId(modifiedId);
        role.setModifiedTime(new Date());
+        roleMapper.updateByPrimaryKeySelective(role);
    }
 }
--- a/server/src/main/java/com/pica/cloud/permission/permission/server/validation/DataPrivilegeValidation.java
+++ b/server/src/main/java/com/pica/cloud/permission/permission/server/validation/DataPrivilegeValidation.java
@@ -33,8 +33,8 @@ public class DataPrivilegeValidation {
        if (dataPrivilege.getModifiedId() == null) {
            throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "操作人ID为空");
        }
-        if (dataPrivilege.getResourceId() == null && StringUtils.isBlank(dataPrivilege.getDescription())
+        if (StringUtils.isBlank(dataPrivilege.getDescription()) && StringUtils.isBlank(dataPrivilege.getConfig())
-                && StringUtils.isBlank(dataPrivilege.getConfig()) && StringUtils.isBlank(dataPrivilege.getConfigExt())) {
+                && StringUtils.isBlank(dataPrivilege.getConfigExt())) {
            throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "缺少必要参数");
        }
    }

--- a/server/src/main/java/com/pica/cloud/permission/permission/server/validation/PermissionValidation.java
+++ b/server/src/main/java/com/pica/cloud/permission/permission/server/validation/PermissionValidation.java
@@ -3,9 +3,11 @@ package com.pica.cloud.permission.permission.server.validation;
 import com.pica.cloud.foundation.entity.PicaException;
 import com.pica.cloud.foundation.entity.PicaResultCode;
 import com.pica.cloud.permission.permission.common.constants.AuthTypeEnum;
+import com.pica.cloud.permission.permission.common.constants.ProductTypeEnum;
 import com.pica.cloud.permission.permission.common.dto.AuthDto;
 import com.pica.cloud.permission.permission.common.dto.GrantDto;
 import org.apache.commons.lang.StringUtils;
+import org.springframework.util.CollectionUtils;
 /**
 * @author andong
@@ -14,34 +16,38 @@ import org.apache.commons.lang.StringUtils;
 public class PermissionValidation {
    public static void grantValidate(GrantDto grantDto) {
-        if (grantDto.getProductType() == null) {
+        int productType = grantDto.getProductType();
-            throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "产品线类型为空");
+        if (productType != ProductTypeEnum.DOCTOR.code() && productType != ProductTypeEnum.HEALTH.code()
+                && productType != ProductTypeEnum.ADMIN.code()) {
+            throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "产品线类型不正确");
        }
-        if (grantDto.getUserId() == null) {
+        if (grantDto.getUserId() <= 0) {
-            throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "用户ID为空");
+            throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "用户ID不正确");
        }
-        if (grantDto.getGrantCode() == null) {
+        if (StringUtils.isBlank(grantDto.getGrantCode())) {
            throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "授权场景编码为空");
        }
-        if (grantDto.getCreatedId() == null) {
+        if (grantDto.getCreatedId() <= 0) {
            throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "操作人ID为空");
        }
    }
    public static void authValidate(AuthDto authDto) {
-        if (authDto.getProductType() == null) {
+        int productType = authDto.getProductType();
-            throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "产品线类型为空");
+        if (productType != ProductTypeEnum.DOCTOR.code() && productType != ProductTypeEnum.HEALTH.code()
+                && productType != ProductTypeEnum.ADMIN.code()) {
+            throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "产品线类型不正确");
        }
-        if (authDto.getUserId() == null) {
+        if (authDto.getUserId() <= 0) {
-            throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "用户ID为空");
+            throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "用户ID不正确");
        }
-        if (authDto.getAuthType() == null) {
+        if (authDto.getAuthType() != AuthTypeEnum.ROLE.code() && authDto.getAuthType() != AuthTypeEnum.URL.code()) {
-            throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "鉴权类型为空");
+            throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "鉴权类型不正确");
        }
-        if (authDto.getAuthType() == AuthTypeEnum.ROLE && StringUtils.isBlank(authDto.getRoleCode())) {
+        if (authDto.getAuthType() == AuthTypeEnum.ROLE.code() && CollectionUtils.isEmpty(authDto.getRoleCodes())) {
            throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "角色编码为空");
        }
-        if (authDto.getAuthType() == AuthTypeEnum.URL && StringUtils.isBlank(authDto.getUrl())) {
+        if (authDto.getAuthType() == AuthTypeEnum.URL.code() && StringUtils.isBlank(authDto.getUrl())) {
            throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "资源url为空");
        }
    }

--- a/server/src/main/java/com/pica/cloud/permission/permission/server/validation/ResourceValidation.java
+++ b/server/src/main/java/com/pica/cloud/permission/permission/server/validation/ResourceValidation.java
@@ -2,6 +2,7 @@ package com.pica.cloud.permission.permission.server.validation;
 import com.pica.cloud.foundation.entity.PicaException;
 import com.pica.cloud.foundation.entity.PicaResultCode;
+import com.pica.cloud.permission.permission.common.constants.ProductTypeEnum;
 import com.pica.cloud.permission.permission.common.constants.ResourceTypeEnum;
 import com.pica.cloud.permission.permission.server.entity.Resource;
 import org.apache.commons.lang.StringUtils;
@@ -14,14 +15,23 @@ public class ResourceValidation {
    //添加资源校验
    public static void addResourceValidate(Resource resource) {
-        if (resource.getProductType() == null) {
+        Integer productType = resource.getProductType();
-            throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "产品线类型为空");
+        if (productType == null || (productType.intValue() != ProductTypeEnum.DOCTOR.code()
+                && productType.intValue() != ProductTypeEnum.HEALTH.code()
+                && productType.intValue() != ProductTypeEnum.ADMIN.code())) {
+            throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "产品线类型不正确");
        }
-        if (resource.getCategory() == null) {
+        if (resource.getCategory() == null || resource.getCategory().intValue() <= 0) {
-            throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "系统分类为空");
+            throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "系统分类不正确");
        }
-        if (resource.getType() == null) {
+        Integer type = resource.getType();
-            throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "资源类型为空");
+        if (type == null || (type.intValue() != ResourceTypeEnum.SYSTEM.code()
+                && type.intValue() != ResourceTypeEnum.PAGE.code()
+                && type.intValue() != ResourceTypeEnum.MENU.code()
+                && type.intValue() != ResourceTypeEnum.BUTTON.code()
+                && type.intValue() != ResourceTypeEnum.API.code()
+                && type.intValue() != ResourceTypeEnum.FILE.code())) {
+            throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "资源类型不正确");
        }
        if (StringUtils.isBlank(resource.getCode())) {
            throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "资源编码为空");

--- a/server/src/main/java/com/pica/cloud/permission/permission/server/validation/RoleValidation.java
+++ b/server/src/main/java/com/pica/cloud/permission/permission/server/validation/RoleValidation.java
@@ -2,6 +2,7 @@ package com.pica.cloud.permission.permission.server.validation;
 import com.pica.cloud.foundation.entity.PicaException;
 import com.pica.cloud.foundation.entity.PicaResultCode;
+import com.pica.cloud.permission.permission.common.constants.ProductTypeEnum;
 import com.pica.cloud.permission.permission.server.entity.Role;
 import org.apache.commons.lang.StringUtils;
@@ -12,8 +13,11 @@ import org.apache.commons.lang.StringUtils;
 public class RoleValidation {
    public static void addRoleValidate(Role role) {
-        if (role.getProductType() == null) {
+        Integer productType = role.getProductType();
-            throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "产品线类型为空");
+        if (productType == null || (productType.intValue() != ProductTypeEnum.DOCTOR.code()
+                && productType.intValue() != ProductTypeEnum.HEALTH.code()
+                && productType.intValue() != ProductTypeEnum.ADMIN.code())) {
+            throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "产品线类型不正确");
        }
        if (StringUtils.isBlank(role.getCode())) {
            throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "角色编码为空");

--- a/server/src/main/resources/bootstrap-dev.properties
+++ b/server/src/main/resources/bootstrap-dev.properties
@@ -26,4 +26,7 @@ logging.path=c:/tomcat_log/${spring.application.name}
 feign.hystrix.enabled=false
 ribbon.ReadTimeout=120000
 ribbon.ConnectTimeout=60000
 #------------ Please don't change above configurations ------------
\ No newline at end of file
+spring.jackson.date-format=yyyy-MM-dd HH:mm:ss
+spring.jackson.time-zone=GMT+8
\ No newline at end of file
--- a/server/src/main/resources/bootstrap-prod.properties
+++ b/server/src/main/resources/bootstrap-prod.properties
@@ -27,3 +27,6 @@ feign.hystrix.enabled=false
 ribbon.ReadTimeout=120000
 ribbon.ConnectTimeout=60000
 #------------ Please don't change above configurations ------------
+spring.jackson.date-format=yyyy-MM-dd HH:mm:ss
+spring.jackson.time-zone=GMT+8
--- a/server/src/main/resources/bootstrap-test1.properties
+++ b/server/src/main/resources/bootstrap-test1.properties
@@ -27,3 +27,6 @@ feign.hystrix.enabled=false
 ribbon.ReadTimeout=120000
 ribbon.ConnectTimeout=60000
 #------------ Please don't change above configurations ------------
+spring.jackson.date-format=yyyy-MM-dd HH:mm:ss
+spring.jackson.time-zone=GMT+8
--- a/server/src/main/resources/bootstrap-test2.properties
+++ b/server/src/main/resources/bootstrap-test2.properties
@@ -27,3 +27,6 @@ feign.hystrix.enabled=false
 ribbon.ReadTimeout=120000
 ribbon.ConnectTimeout=60000
 #------------ Please don't change above configurations ------------
+spring.jackson.date-format=yyyy-MM-dd HH:mm:ss
+spring.jackson.time-zone=GMT+8
--- a/server/src/main/resources/bootstrap-uat.properties
+++ b/server/src/main/resources/bootstrap-uat.properties
@@ -27,3 +27,6 @@ feign.hystrix.enabled=false
 ribbon.ReadTimeout=120000
 ribbon.ConnectTimeout=60000
 #------------ Please don't change above configurations ------------
+spring.jackson.date-format=yyyy-MM-dd HH:mm:ss
+spring.jackson.time-zone=GMT+8