Merge branch 'hotfix/内容管理设计权限修改' into 'wrdp'

hotfix/内容管理设计权限修改合并到master See merge request o2oa/o2oa!6351 (cherry picked from commit 3e3035a9) 2c56fcef 内容管理员设计权限修改 524b7c77 内容管理设计权限修改2

Merge branch 'hotfix/内容管理设计权限修改' into 'wrdp'
hotfix/内容管理设计权限修改合并到master See merge request o2oa/o2oa!6351 (cherry picked from commit 3e3035a9) 2c56fcef 内容管理员设计权限修改 524b7c77 内容管理设计权限修改2
5873f8dd · o2null · 3e7b2231 · 5873f8dd · 5873f8dd · 5873f8dd
Commit 5873f8dd authored 3 years ago by o2null
Hide whitespace changes
Inline Side-by-side

Showing

with 124 additions and 168 deletions
+124 -168
--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/Business.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/Business.java
@@ -310,21 +310,6 @@ public class Business {
 		return false;
 	}

-	/**
-	 * TODO (uncomplete)判断用户是否有权限进行：[文件或者附件管理]的操作
-	 *
-	 * @param person
-	 * @return
-	 * @throws Exception
-	 */
-	public boolean fileInfoEditAvailable( EffectivePerson person) throws Exception {
-		if ( isManager( person)) {
-			return true;
-		}
-		// 其他情况暂时全部不允许操作
-		return false;
-	}
-
 	/**
 	 * TODO (uncomplete)判断用户是否有权限进行：[表单模板管理]操作
 	 *
@@ -337,7 +322,7 @@ public class Business {
 			return true;
 		}
 		// 其他情况暂时全部不允许操作
-		return false;
+		return true;
 	}

 	/**
@@ -352,7 +337,7 @@ public class Business {
 			return true;
 		}
 		// 其他情况暂时全部不允许操作
-		return false;
+		return true;
 	}

 	public boolean editable( EffectivePerson effectivePerson, AppInfo appInfo ) throws Exception {

--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/appinfo/ActionDelete.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/appinfo/ActionDelete.java
@@ -2,11 +2,13 @@ package com.x.cms.assemble.control.jaxrs.appinfo;

 import com.x.base.core.project.annotation.AuditLog;
 import com.x.base.core.project.cache.CacheManager;
+import com.x.base.core.project.exception.ExceptionAccessDenied;
 import com.x.base.core.project.http.ActionResult;
 import com.x.base.core.project.http.EffectivePerson;
 import com.x.base.core.project.jaxrs.WoId;
 import com.x.base.core.project.logger.Logger;
 import com.x.base.core.project.logger.LoggerFactory;
+import com.x.cms.assemble.control.Business;
 import com.x.cms.assemble.control.service.CmsBatchOperationPersistService;
 import com.x.cms.assemble.control.service.CmsBatchOperationProcessService;
 import com.x.cms.assemble.control.service.LogService;
@@ -16,6 +18,10 @@ import org.apache.commons.lang3.StringUtils;

 import javax.servlet.http.HttpServletRequest;

+/**
+ * 删除栏目信息
+ * @author sword
+ */
 public class ActionDelete extends BaseAction {

 	private static  Logger logger = LoggerFactory.getLogger( ActionDelete.class );
@@ -23,46 +29,31 @@ public class ActionDelete extends BaseAction {
 	@AuditLog(operation = "删除栏目信息")
 	protected ActionResult<Wo> execute( HttpServletRequest request, EffectivePerson effectivePerson, String id ) throws Exception {
 		ActionResult<Wo> result = new ActionResult<>();
-		AppInfo appInfo = null;
 		Boolean check = true;

-		if( StringUtils.isEmpty( id ) ){
-			check = false;
-			Exception exception = new ExceptionAppInfoIdEmpty();
-			result.error( exception );
+		Business business = new Business(null);
+		if (!business.isManager( effectivePerson)) {
+			throw new ExceptionAccessDenied(effectivePerson);
 		}

-		if( check ){
-			try {
-				appInfo = appInfoServiceAdv.get( id );
-				if( appInfo == null ){
-					check = false;
-					Exception exception = new ExceptionAppInfoNotExists( id );
-					result.error( exception );
-				}
-			} catch (Exception e) {
-				check = false;
-				Exception exception = new ExceptionAppInfoProcess( e, "根据指定ID查询应用栏目信息对象时发生异常。ID:" + id );
-				result.error( exception );
-				logger.error( e, effectivePerson, request, null);
-			}
+		AppInfo appInfo = appInfoServiceAdv.get( id );
+		if( appInfo == null ){
+			throw new ExceptionAppInfoNotExists( id );
 		}

-		if( check ){
-			Long count = 0L;
-			try {
-				count = appInfoServiceAdv.countCategoryByAppId( id, "全部" );
-				if ( count > 0 ){
-					check = false;
-					Exception exception = new ExceptionAppInfoCanNotDelete( count);
-					result.error( exception );
-				}
-			} catch ( Exception e ) {
+		Long count = 0L;
+		try {
+			count = appInfoServiceAdv.countCategoryByAppId( id, "全部" );
+			if ( count > 0 ){
 				check = false;
-				Exception exception = new ExceptionAppInfoProcess( e, "系统在根据应用栏目ID查询应用下分类个数时发生异常。ID:" + id );
+				Exception exception = new ExceptionAppInfoCanNotDelete( count);
 				result.error( exception );
-				logger.error( e, effectivePerson, request, null);
 			}
+		} catch ( Exception e ) {
+			check = false;
+			Exception exception = new ExceptionAppInfoProcess( e, "系统在根据应用栏目ID查询应用下分类个数时发生异常。ID:" + id );
+			result.error( exception );
+			logger.error( e, effectivePerson, request, null);
 		}
 		if( check ){
 			try {

--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/appinfo/ActionSave.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/appinfo/ActionSave.java
@@ -6,12 +6,15 @@ import com.x.base.core.project.annotation.FieldDescribe;
 import com.x.base.core.project.bean.WrapCopier;
 import com.x.base.core.project.bean.WrapCopierFactory;
 import com.x.base.core.project.cache.CacheManager;
+import com.x.base.core.project.config.Token;
+import com.x.base.core.project.exception.ExceptionAccessDenied;
 import com.x.base.core.project.http.ActionResult;
 import com.x.base.core.project.http.EffectivePerson;
 import com.x.base.core.project.jaxrs.WoId;
 import com.x.base.core.project.logger.Logger;
 import com.x.base.core.project.logger.LoggerFactory;
 import com.x.base.core.project.tools.ListTools;
+import com.x.cms.assemble.control.Business;
 import com.x.cms.assemble.control.service.CmsBatchOperationPersistService;
 import com.x.cms.assemble.control.service.CmsBatchOperationProcessService;
 import com.x.cms.assemble.control.service.LogService;
@@ -26,7 +29,6 @@ public class ActionSave extends BaseAction {

 	private static  Logger logger = LoggerFactory.getLogger(ActionSave.class);

-	@AuditLog(operation = "保存栏目信息")
 	protected ActionResult<Wo> execute(HttpServletRequest request, EffectivePerson effectivePerson, JsonElement jsonElement ) throws Exception {
 		ActionResult<Wo> result = new ActionResult<>();
 		AppInfo old_appInfo = null;
@@ -35,49 +37,40 @@ public class ActionSave extends BaseAction {
 		String identityName = null;
 		String unitName = null;
 		String topUnitName = null;
-		Wi wi = null;
 		Boolean check = true;

-		try {
-			wi = this.convertToWrapIn( jsonElement, Wi.class );
-			identityName = wi.getIdentity();
-		} catch (Exception e) {
-			check = false;
-			Exception exception = new ExceptionAppInfoProcess(e, "系统在将JSON信息转换为对象时发生异常。JSON:" + jsonElement.toString());
-			result.error(exception);
-			logger.error(e, effectivePerson, request, null);
+		Business business = new Business(null);
+		if (!business.isManager( effectivePerson)) {
+			throw new ExceptionAccessDenied(effectivePerson);
 		}
-		
-		if (check) {
-			if ( StringUtils.isEmpty( wi.getAppName() ) ) {
-				check = false;
-				Exception exception = new ExceptionAppInfoNameEmpty();
-				result.error(exception);
-			}
+
+		Wi wi = this.convertToWrapIn( jsonElement, Wi.class );
+		identityName = wi.getIdentity();
+
+		if ( StringUtils.isEmpty( wi.getAppName() ) ) {
+			throw new ExceptionAppInfoNameEmpty();
 		}
-		
-		if (check) {//栏目不允许重名
-			try {
-				ids = appInfoServiceAdv.listByAppName( wi.getAppName());
-				if ( ListTools.isNotEmpty( ids ) ) {
-					for( String _id : ids ) {
-						if( !_id.equalsIgnoreCase( wi.getId() )) {
-							check = false;
-							Exception exception = new ExceptionAppInfoNameAlreadyExists( wi.getAppName());
-							result.error(exception);
-						}
+
+		try {
+			ids = appInfoServiceAdv.listByAppName( wi.getAppName());
+			if ( ListTools.isNotEmpty( ids ) ) {
+				for( String _id : ids ) {
+					if( !_id.equalsIgnoreCase( wi.getId() )) {
+						check = false;
+						Exception exception = new ExceptionAppInfoNameAlreadyExists( wi.getAppName());
+						result.error(exception);
 					}
 				}
-			} catch (Exception e) {
-				check = false;
-				Exception exception = new ExceptionAppInfoProcess(e, "系统根据应用栏目名称查询应用栏目信息对象时发生异常。AppName:" + wi.getAppName());
-				result.error(exception);
-				logger.error(e, effectivePerson, request, null);
 			}
+		} catch (Exception e) {
+			check = false;
+			Exception exception = new ExceptionAppInfoProcess(e, "系统根据应用栏目名称查询应用栏目信息对象时发生异常。AppName:" + wi.getAppName());
+			result.error(exception);
+			logger.error(e, effectivePerson, request, null);
 		}
-		
+
 		if (check) {
-			if ( !"xadmin".equalsIgnoreCase( effectivePerson.getDistinguishedName()) ) {
+			if ( !Token.defaultInitialManager.equalsIgnoreCase( effectivePerson.getDistinguishedName()) ) {
 				try {
 					identityName = userManagerService.getPersonIdentity( effectivePerson.getDistinguishedName(), identityName );
 				} catch (Exception e) {
@@ -87,13 +80,13 @@ public class ActionSave extends BaseAction {
 					logger.error(e, effectivePerson, request, null);
 				}
 			}else {
-				identityName = "xadmin";
-				unitName = "xadmin";
-				topUnitName = "xadmin";
+				identityName = Token.defaultInitialManager;
+				unitName = Token.defaultInitialManager;
+				topUnitName = Token.defaultInitialManager;
 			}
 		}

-		if (check && !"xadmin".equals(identityName)) {
+		if (check && !Token.defaultInitialManager.equals(identityName)) {
 			try {
 				unitName = userManagerService.getUnitNameByIdentity( identityName );
 			} catch (Exception e) {
@@ -103,7 +96,7 @@ public class ActionSave extends BaseAction {
 				logger.error(e, effectivePerson, request, null);
 			}
 		}
-		if (check && !"xadmin".equals(identityName)) {
+		if (check && !Token.defaultInitialManager.equals(identityName)) {
 			try {
 				topUnitName = userManagerService.getTopUnitNameByIdentity( identityName );
 			} catch (Exception e) {
@@ -112,7 +105,7 @@ public class ActionSave extends BaseAction {
 				result.error(exception);
 				logger.error(e, effectivePerson, request, null);
 			}
-		}		
+		}
 		if (check) {
 			if( StringUtils.isEmpty( wi.getDocumentType() ) ) {
 				wi.setDocumentType( "信息" );
@@ -122,7 +115,7 @@ public class ActionSave extends BaseAction {
 				}
 			}
 		}
-		
+
 		if (check) {//栏目不允许重名
 			if( StringUtils.isEmpty( wi.getId() )) {
 				wi.setId( AppInfo.createId() );
@@ -136,7 +129,7 @@ public class ActionSave extends BaseAction {
 				logger.error(e, effectivePerson, request, null);
 			}
 		}
-		
+
 		if (check) {
 			wi.setCreatorIdentity(identityName);
 			wi.setCreatorPerson(effectivePerson.getDistinguishedName());
@@ -146,32 +139,32 @@ public class ActionSave extends BaseAction {
 			if( StringUtils.equals( "信息", wi.getDocumentType() ) && wi.getSendNotify() == null ) {
 				wi.setSendNotify( true );
 			}
-			
+
 			try {
 				appInfo = appInfoServiceAdv.save( wi, wi.getConfig(), effectivePerson );
 				Wo wo = new Wo();
 				wo.setId( appInfo.getId() );
 				result.setData( wo );
-				
+
 				if( old_appInfo != null ) {
-					if( !old_appInfo.getAppName().equalsIgnoreCase( appInfo.getAppName() ) || 
+					if( !old_appInfo.getAppName().equalsIgnoreCase( appInfo.getAppName() ) ||
 						 !old_appInfo.getAppAlias().equalsIgnoreCase( appInfo.getAppAlias() )	) {
 						//修改了栏目名称或者别名，增加删除栏目批量操作（对分类和文档）的信息
-						new CmsBatchOperationPersistService().addOperation( 
-								CmsBatchOperationProcessService.OPT_OBJ_APPINFO, 
+						new CmsBatchOperationPersistService().addOperation(
+								CmsBatchOperationProcessService.OPT_OBJ_APPINFO,
 								CmsBatchOperationProcessService.OPT_TYPE_UPDATENAME,  appInfo.getId(), old_appInfo.getAppName(), "更新栏目名称：ID=" + appInfo.getId() );
 					}
 					if(  permissionQueryService.hasDiffrentViewPermissionInAppInfo( old_appInfo, appInfo )) {
 							//修改了栏目名称或者别名，增加删除栏目批量操作（对分类和文档）的信息
-							new CmsBatchOperationPersistService().addOperation( 
-									CmsBatchOperationProcessService.OPT_OBJ_APPINFO, 
+							new CmsBatchOperationPersistService().addOperation(
+									CmsBatchOperationProcessService.OPT_OBJ_APPINFO,
 									CmsBatchOperationProcessService.OPT_TYPE_PERMISSION,  appInfo.getId(), appInfo.getAppName(), "变更栏目可见权限：ID=" + appInfo.getId() );
 					}
 					new LogService().log(null, effectivePerson.getDistinguishedName(), appInfo.getAppName(), appInfo.getId(), "", "", "", "APPINFO", "更新");
 				}else {
 					new LogService().log(null, effectivePerson.getDistinguishedName(), appInfo.getAppName(), appInfo.getId(), "", "", "", "APPINFO", "新增");
 				}
-				
+
 				// 更新缓存
 				CacheManager.notify(AppInfo.class);
 				CacheManager.notify(AppDict.class);
@@ -190,9 +183,9 @@ public class ActionSave extends BaseAction {
 	}

 	public static class Wi extends AppInfo {
-		
+
 		private static final long serialVersionUID = -6314932919066148113L;
-		
+
 		@FieldDescribe("指定用于操作的身份，可选参数")
 		private String identity = null;

@@ -213,5 +206,5 @@ public class ActionSave extends BaseAction {
 	public static class Wo extends WoId {

 	}
-	
-}
\ No newline at end of file
+
+}
--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/fileinfo/ActionDelete.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/fileinfo/ActionDelete.java
@@ -38,9 +38,7 @@ public class ActionDelete extends BaseAction {
 				throw new Exception("document{id:" + fileInfo.getDocumentId() + "} 文档信息不存在，无法继续删除.");
 			}
 			// 如果信息存在，再判断用户是否有操作的权限，如果没权限不允许继续操作
-			if (!business.fileInfoEditAvailable( effectivePerson)) {
-				throw new Exception( "fileInfo{name:" + effectivePerson.getDistinguishedName() + "} ，用户没有内容管理应用信息操作的权限！");
-			}
+
 			// 删除文件，并且删除记录及文档的关联信息
 			StorageMapping mapping = ThisApplication.context().storageMappings().get(FileInfo.class, fileInfo.getStorage());


--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/fileinfo/ActionListAll.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/fileinfo/ActionListAll.java
@@ -39,10 +39,6 @@ public class ActionListAll extends BaseAction {
 		} else {
 			try (EntityManagerContainer emc = EntityManagerContainerFactory.instance().create()) {
 				Business business = new Business(emc);
-				//如判断用户是否有查看所有文件或者附件的权限，如果没权限不允许继续操作
-				if (!business.fileInfoEditAvailable( effectivePerson )) {
-					throw new Exception("person{name:" + effectivePerson.getDistinguishedName() + "} 用户没有查询全部文件或者附件的权限！");
-				}
 				//如果有权限，继续操作
 				FileInfoFactory fileInfoFactory  = business.getFileInfoFactory();
 				List<String> ids = fileInfoFactory.listAll();//获取所有文件或者附件列表

--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/form/ActionDelete.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/form/ActionDelete.java
@@ -5,6 +5,7 @@ import com.x.base.core.container.factory.EntityManagerContainerFactory;
 import com.x.base.core.entity.annotation.CheckRemoveType;
 import com.x.base.core.project.annotation.AuditLog;
 import com.x.base.core.project.cache.CacheManager;
+import com.x.base.core.project.exception.ExceptionAccessDenied;
 import com.x.base.core.project.http.ActionResult;
 import com.x.base.core.project.http.EffectivePerson;
 import com.x.base.core.project.http.WrapOutId;
@@ -26,6 +27,9 @@ public class ActionDelete extends BaseAction {
 		WrapOutId wrap = null;
 		try ( EntityManagerContainer emc = EntityManagerContainerFactory.instance().create()) {
 			Business business = new Business( emc );
+			if (!business.isManager( effectivePerson)) {
+				throw new ExceptionAccessDenied(effectivePerson);
+			}
 			// 先判断需要操作的应用信息是否存在，根据ID进行一次查询，如果不存在不允许继续操作
 			Form form = business.getFormFactory().get( id );
 			List<String> viewIds = business.getViewFactory().listByFormId(id);
@@ -34,12 +38,12 @@ public class ActionDelete extends BaseAction {
 			List<String> viewCategoryIds = null;
 			List<ViewCategory> viewCategorys = null;
 			View view = null;
-			
+
 			emc.beginTransaction( Form.class );
 			emc.beginTransaction( View.class );
 			emc.beginTransaction( ViewFieldConfig.class );
 			emc.beginTransaction( ViewCategory.class );
-			
+
 			if( viewIds != null && !viewIds.isEmpty() ){
 				for( String viewId : viewIds ){
 					view = business.getViewFactory().get( viewId );
@@ -70,14 +74,14 @@ public class ActionDelete extends BaseAction {
 				emc.remove( form, CheckRemoveType.all );
 				emc.commit();
 				logService.log( emc, effectivePerson.getDistinguishedName(), form.getName(), form.getAppId(), "", "", form.getId(), "FORM", "删除");
-			}			
+			}
 			wrap = new WrapOutId( form.getId() );

 			CacheManager.notify( Form.class );
 			CacheManager.notify( View.class );
 			CacheManager.notify( ViewFieldConfig.class );
 			CacheManager.notify( ViewCategory.class );
-			
+
 			result.setData(wrap);
 		} catch (Throwable th) {
 			th.printStackTrace();
@@ -85,8 +89,8 @@ public class ActionDelete extends BaseAction {
 		}
 		return result;
 	}
-	
+
 	public static class Wo extends WoId {

 	}
-}
\ No newline at end of file
+}
--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/form/ActionSave.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/form/ActionSave.java
@@ -47,7 +47,7 @@ public class ActionSave extends BaseAction {
 		try (EntityManagerContainer emc = EntityManagerContainerFactory.instance().create()) {
 			Business business = new Business(emc);

-			if (!business.formEditAvailable( effectivePerson)) {
+			if (!business.isManager( effectivePerson)) {
 				throw new ExceptionAccessDenied(effectivePerson);
 			}
 			Form form = emc.find(wi.getId(), Form.class);

--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/templateform/ActionCreate.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/templateform/ActionCreate.java
@@ -3,6 +3,8 @@ package com.x.cms.assemble.control.jaxrs.templateform;
 import java.util.Arrays;

 import com.x.base.core.project.cache.CacheManager;
+import com.x.base.core.project.exception.ExceptionAccessDenied;
+import com.x.cms.assemble.control.Business;
 import org.apache.commons.lang3.StringUtils;

 import com.google.gson.JsonElement;
@@ -23,6 +25,10 @@ class ActionCreate extends BaseAction {
 		try (EntityManagerContainer emc = EntityManagerContainerFactory.instance().create()) {
 			Wi wi = this.convertToWrapIn(jsonElement, Wi.class);
 			ActionResult<Wo> result = new ActionResult<>();
+			Business business = new Business(emc);
+			if (!business.isManager( effectivePerson)) {
+				throw new ExceptionAccessDenied(effectivePerson);
+			}
 			if (!StringTools.isSimply(wi.getCategory())) {
 				throw new ExceptionInvalidCategory(wi.getCategory());
 			}

--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/templateform/ActionDelete.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/templateform/ActionDelete.java
@@ -4,6 +4,7 @@ import com.x.base.core.container.EntityManagerContainer;
 import com.x.base.core.container.factory.EntityManagerContainerFactory;
 import com.x.base.core.entity.annotation.CheckRemoveType;
 import com.x.base.core.project.cache.CacheManager;
+import com.x.base.core.project.exception.ExceptionAccessDenied;
 import com.x.base.core.project.http.ActionResult;
 import com.x.base.core.project.http.EffectivePerson;
 import com.x.base.core.project.jaxrs.WoId;
@@ -16,9 +17,8 @@ class ActionDelete extends BaseAction {
 		try (EntityManagerContainer emc = EntityManagerContainerFactory.instance().create()) {
 			Business business = new Business(emc);
 			/** 检查管理员和CMS管理员删除的权限 */
-			if (effectivePerson.isNotManager() && (!business.organization().person().hasRole(effectivePerson,
-					OrganizationDefinition.CMSManager))) {
-				throw new ExceptionInsufficientPermission(effectivePerson.getDistinguishedName());
+			if (!business.isManager( effectivePerson)) {
+				throw new ExceptionAccessDenied(effectivePerson);
 			}
 			ActionResult<Wo> result = new ActionResult<>();
 			TemplateForm template = emc.find(id, TemplateForm.class);

--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/view/ActionDelete.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/view/ActionDelete.java
@@ -8,6 +8,7 @@ import com.x.base.core.container.EntityManagerContainer;
 import com.x.base.core.container.factory.EntityManagerContainerFactory;
 import com.x.base.core.entity.annotation.CheckRemoveType;
 import com.x.base.core.project.cache.CacheManager;
+import com.x.base.core.project.exception.ExceptionAccessDenied;
 import com.x.base.core.project.http.ActionResult;
 import com.x.base.core.project.http.EffectivePerson;
 import com.x.base.core.project.jaxrs.WoId;
@@ -17,7 +18,7 @@ import com.x.cms.core.entity.element.ViewCategory;
 import com.x.cms.core.entity.element.ViewFieldConfig;

 public class ActionDelete extends BaseAction {
-	
+
 	protected ActionResult<Wo> execute( HttpServletRequest request, EffectivePerson effectivePerson, String id ) throws Exception {
 		ActionResult<Wo> result = new ActionResult<>();
 		try (EntityManagerContainer emc = EntityManagerContainerFactory.instance().create()) {
@@ -30,16 +31,16 @@ public class ActionDelete extends BaseAction {
 			//查询视图关联的所有分类关联配置
 			List<String> viewCategoryIds = business.getViewCategoryFactory().listByViewId(id);
 			List<ViewCategory> viewCategorys = emc.list( ViewCategory.class, viewCategoryIds );
-			
+
 			//如果信息存在，再判断用户是否有操作的权限，如果没权限不允许继续操作
-			if (!business.viewEditAvailable( effectivePerson )) {
-				throw new Exception("view{name:" + effectivePerson.getDistinguishedName() + "} 用户没有内容管理应用信息操作的权限！");
+			if (!business.isManager( effectivePerson)) {
+				throw new ExceptionAccessDenied(effectivePerson);
 			}
 			//进行数据库持久化操作
 			emc.beginTransaction( View.class );
 			emc.beginTransaction( ViewFieldConfig.class );
 			emc.beginTransaction( ViewCategory.class );
-			
+
 			//删除所有的viewFieldConfig
 			if( fieldConfigs != null && fieldConfigs.size() > 0 ){
 				for( ViewFieldConfig viewFieldConfig : fieldConfigs ){
@@ -55,11 +56,11 @@ public class ActionDelete extends BaseAction {
 				emc.remove( view, CheckRemoveType.all );
 			}
 			emc.commit();
-			
+
 			if( view != null ){
 				logService.log( emc,  effectivePerson.getDistinguishedName(), view.getName(), view.getAppId(), "", "", view.getId(), "VIEW", "删除" );
 			}
-			
+
 			Wo wo = new Wo();
 			wo.setId( view.getId() );
 			result.setData( wo );
@@ -73,8 +74,8 @@ public class ActionDelete extends BaseAction {
 		}
 		return result;
 	}
-	
+
 	public static class Wo extends WoId {

 	}
-}
\ No newline at end of file
+}
--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/view/ActionSave.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/view/ActionSave.java
@@ -5,7 +5,11 @@ import java.util.List;

 import javax.servlet.http.HttpServletRequest;

+import com.x.base.core.container.EntityManagerContainer;
+import com.x.base.core.container.factory.EntityManagerContainerFactory;
 import com.x.base.core.project.cache.CacheManager;
+import com.x.base.core.project.exception.ExceptionAccessDenied;
+import com.x.cms.assemble.control.Business;
 import org.apache.commons.lang3.StringUtils;

 import com.google.gson.JsonElement;
@@ -30,6 +34,12 @@ public class ActionSave extends BaseAction {
 	protected ActionResult<Wo> execute(HttpServletRequest request, EffectivePerson effectivePerson,
 			JsonElement jsonElement) throws Exception {
 		ActionResult<Wo> result = new ActionResult<>();
+		try (EntityManagerContainer emc = EntityManagerContainerFactory.instance().create()) {
+			Business business = new Business(emc);
+			if (!business.isManager( effectivePerson)) {
+				throw new ExceptionAccessDenied(effectivePerson);
+			}
+		}
 		Wi wi = null;
 		View view = null;
 		Boolean check = true;

--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/viewcategory/ActionDelete.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/viewcategory/ActionDelete.java
@@ -6,6 +6,7 @@ import com.x.base.core.container.EntityManagerContainer;
 import com.x.base.core.container.factory.EntityManagerContainerFactory;
 import com.x.base.core.entity.annotation.CheckRemoveType;
 import com.x.base.core.project.cache.CacheManager;
+import com.x.base.core.project.exception.ExceptionAccessDenied;
 import com.x.base.core.project.http.ActionResult;
 import com.x.base.core.project.http.EffectivePerson;
 import com.x.base.core.project.jaxrs.WoId;
@@ -14,28 +15,23 @@ import com.x.cms.core.entity.element.View;
 import com.x.cms.core.entity.element.ViewCategory;

 public class ActionDelete extends BaseAction {
-	
+
 	protected ActionResult<Wo> execute( HttpServletRequest request, EffectivePerson effectivePerson, String id ) throws Exception {
 		ActionResult<Wo> result = new ActionResult<>();
 		try (EntityManagerContainer emc = EntityManagerContainerFactory.instance().create()) {
 			Business business = new Business(emc);
-			
+
 			//先判断需要操作的应用信息是否存在，根据ID进行一次查询，如果不存在不允许继续操作
 			ViewCategory viewCategory = business.getViewCategoryFactory().get(id);
 			if (null == viewCategory) {
 				throw new Exception("view{id:" + id + "} 应用信息不存在.");
 			}
-			
-			//如果信息存在，再判断用户是否有操作的权限，如果没权限不允许继续操作
-			if (!business.viewEditAvailable( effectivePerson )) {
-				throw new Exception("view{name:" + effectivePerson.getDistinguishedName() + "} 用户没有内容管理应用信息操作的权限！");
-			}
-			
+
 			//进行数据库持久化操作
 			emc.beginTransaction( ViewCategory.class );
 			emc.remove( viewCategory, CheckRemoveType.all );
 			emc.commit();
-			
+
 			Wo wo = new Wo();
 			wo.setId( viewCategory.getId() );
 			result.setData(wo);
@@ -48,8 +44,8 @@ public class ActionDelete extends BaseAction {
 		}
 		return result;
 	}
-	
+
 	public static class Wo extends WoId {

 	}
-}
\ No newline at end of file
+}
--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/viewcategory/ActionSave.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/viewcategory/ActionSave.java
@@ -6,6 +6,7 @@ import java.util.List;
 import javax.servlet.http.HttpServletRequest;

 import com.x.base.core.project.cache.CacheManager;
+import com.x.base.core.project.exception.ExceptionAccessDenied;
 import org.apache.commons.lang3.StringUtils;

 import com.google.gson.JsonElement;
@@ -55,10 +56,6 @@ public class ActionSave extends BaseAction {
 		if(check ){
 			try (EntityManagerContainer emc = EntityManagerContainerFactory.instance().create()) {
 				Business business = new Business(emc);
-				//看看用户是否有权限进行应用信息新增操作
-				if (!business.viewEditAvailable( effectivePerson )) {
-					throw new Exception("person{name:" + effectivePerson.getDistinguishedName() + "} 用户没有内容管理视图分类关联信息信息操作的权限！");
-				}
 				viewCategory = business.getViewCategoryFactory().getByViewAndCategory( wrapIn.getViewId(), wrapIn.getCategoryId() );
 				if( viewCategory == null ){
 					viewCategory = Wi.copier.copy( wrapIn );

--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/viewfieldconfig/ActionDelete.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/viewfieldconfig/ActionDelete.java
@@ -8,6 +8,7 @@ import com.x.base.core.container.EntityManagerContainer;
 import com.x.base.core.container.factory.EntityManagerContainerFactory;
 import com.x.base.core.entity.annotation.CheckRemoveType;
 import com.x.base.core.project.cache.CacheManager;
+import com.x.base.core.project.exception.ExceptionAccessDenied;
 import com.x.base.core.project.http.ActionResult;
 import com.x.base.core.project.http.EffectivePerson;
 import com.x.base.core.project.jaxrs.WoId;
@@ -34,11 +35,6 @@ public class ActionDelete extends BaseAction {
 			if (null == viewFieldConfig) {
 				logger.warn("viewFieldConfig{id:" + id + "} 应用信息不存在.");
 			}
-			// 如果信息存在，再判断用户是否有操作的权限，如果没权限不允许继续操作
-			if (!business.viewEditAvailable(effectivePerson)) {
-				throw new Exception(
-						"viewFieldConfig{name:" + effectivePerson.getDistinguishedName() + "} 用户没有内容管理应用信息操作的权限！");
-			}
 			// 查询视图信息
 			View view = business.getViewFactory().get(viewFieldConfig.getViewId());
 			if (view == null) {
@@ -86,4 +82,4 @@ public class ActionDelete extends BaseAction {

 	}

-}
\ No newline at end of file
+}
--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/viewfieldconfig/ActionSave.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/viewfieldconfig/ActionSave.java
@@ -6,6 +6,7 @@ import java.util.List;
 import javax.servlet.http.HttpServletRequest;

 import com.x.base.core.project.cache.CacheManager;
+import com.x.base.core.project.exception.ExceptionAccessDenied;
 import org.apache.commons.lang3.StringUtils;

 import com.google.gson.JsonElement;
@@ -57,24 +58,6 @@ public class ActionSave extends BaseAction {
 			}
 		}

-		if( check ){
-			//先看看视图信息是否存在，如果不存在
-			try (EntityManagerContainer emc = EntityManagerContainerFactory.instance().create()) {
-				Business business = new Business(emc);
-				//看看用户是否有权限进行应用信息新增操作
-				if (!business.viewEditAvailable( effectivePerson )) {
-					check = false;
-					Exception exception = new ExceptionNoPermission( effectivePerson.getDistinguishedName() );
-					result.error( exception );
-				}
-			} catch (Exception e) {
-				check = false;
-				Exception exception = new ExceptionViewQueryByIdEmpty( e, wi.getViewId() );
-				result.error( exception );
-				logger.error( e, effectivePerson, request, null);
-			}
-		}
-
 		if( check ){
 			//先看看视图信息是否存在，如果不存在
 			try ( EntityManagerContainer emc = EntityManagerContainerFactory.instance().create() ) {