From: 刘洪青 Date: Mon, 19 Apr 2021 15:28:42 +0000 (+0800) Subject: docs: 整理数据初始化文档 X-Git-Url: https://source.supwisdom.com/gerrit/gitweb?a=commitdiff_plain;h=193c858ffe1a002609c5540f31ed20e6d2cae671;p=institute%2Fdeploy-authx-service.git docs: 整理数据初始化文档 --- diff --git "a/deploy-manifests/k8s-rancher/1.2.0001.\350\256\244\350\257\201\346\216\210\346\235\203-\346\216\210\346\235\203\346\234\215\345\212\241\346\225\260\346\215\256\345\210\235\345\247\213\345\214\226\357\274\210\350\247\222\350\211\262\357\274\211.md" "b/deploy-manifests/k8s-rancher/1.2.0001.\350\256\244\350\257\201\346\216\210\346\235\203-\346\216\210\346\235\203\346\234\215\345\212\241\346\225\260\346\215\256\345\210\235\345\247\213\345\214\226\357\274\210\350\247\222\350\211\262\357\274\211.md" new file mode 100644 index 0000000..5c148e3 --- /dev/null +++ "b/deploy-manifests/k8s-rancher/1.2.0001.\350\256\244\350\257\201\346\216\210\346\235\203-\346\216\210\346\235\203\346\234\215\345\212\241\346\225\260\346\215\256\345\210\235\345\247\213\345\214\226\357\274\210\350\247\222\350\211\262\357\274\211.md" @@ -0,0 +1,67 @@ + +# 认证授权-授权服务数据初始化.md + + +[TOC] + + +## 文档说明 + + + +## 操作指南 + + + + +## 初始化数据 + + +### 创建授权应用 + +```sql +INSERT INTO TB_APPLICATION (ID, COMPANY_ID, DELETED, ADD_ACCOUNT, ADD_TIME, + BUSINESS_DOMAIN_ID, SYSTEM_ID, + NAME, APPLICATION_ID, SYNC_URL, ENABLED) +VALUES ('20', '1', 0, 'admin', '2019-07-01 00:00:00', + '1', '1', + '用户授权', '20', '', 1); + +commit; +``` + +### 创建应用角色 + +#### 方式,SQL脚本 + +连接至 user_authz 数据库,执行以下 SQL脚本 + +```sql +use user_authz; + +INSERT INTO TB_ROLE (ID, COMPANY_ID, DELETED, ADD_ACCOUNT, ADD_TIME, APPLICATION_ID, CODE, NAME, DESCRIPTION, ENABLED, EXTERNAL_ID) +VALUES ('20', '1', 0, 'admin', '2019-07-01 00:00:00', '20', 'cas-admin', '认证管理员', '认证管理员', 1, '20'); + +INSERT INTO TB_ROLE (ID, COMPANY_ID, DELETED, ADD_ACCOUNT, ADD_TIME, APPLICATION_ID, CODE, NAME, DESCRIPTION, ENABLED, EXTERNAL_ID) +VALUES ('30', '1', 0, 'admin', '2019-07-01 00:00:00', '20', 'user-admin', '用户管理员', '用户管理员', 1, '30'); + +INSERT INTO TB_ROLE (ID, COMPANY_ID, DELETED, ADD_ACCOUNT, ADD_TIME, APPLICATION_ID, CODE, NAME, DESCRIPTION, ENABLED, EXTERNAL_ID) +VALUES ('40', '1', 0, 'admin', '2019-07-01 00:00:00', '20', 'user-authz-admin', '授权管理员', '授权管理员', 1, '40'); +INSERT INTO TB_ROLE (ID, COMPANY_ID, DELETED, ADD_ACCOUNT, ADD_TIME, APPLICATION_ID, CODE, NAME, DESCRIPTION, ENABLED, EXTERNAL_ID) +VALUES ('41', '1', 0, 'admin', '2019-07-01 00:00:00', '20', 'user-authz-grant-admin', '用户授权管理员', '用户授权管理员', 1, '41'); +INSERT INTO TB_ROLE (ID, COMPANY_ID, DELETED, ADD_ACCOUNT, ADD_TIME, APPLICATION_ID, CODE, NAME, DESCRIPTION, ENABLED, EXTERNAL_ID) +VALUES ('42', '1', 0, 'admin', '2019-07-01 00:00:00', '20', 'user-authz-man-grant-admin', '分级授权管理员', '分级授权管理员', 1, '42'); + +commit; +``` + +若角色已经存在,更新 + +```sql +use user_authz; + +UPDATE TB_ROLE SET APPLICATION_ID='20' WHERE ID IN ('20', '30', '40', '41', '42'); + +commit; +``` + diff --git "a/deploy-manifests/k8s-rancher/0.1.2.\350\256\244\350\257\201\346\216\210\346\235\203\350\217\234\345\215\225\357\274\210\344\272\221\345\271\263\345\217\260\345\206\205\357\274\211\345\210\235\345\247\213\345\214\226.md" "b/deploy-manifests/k8s-rancher/1.2.0002.\350\256\244\350\257\201\346\216\210\346\235\203-\344\272\221\345\271\263\345\217\260\346\225\260\346\215\256\345\210\235\345\247\213\345\214\226\357\274\210API\350\267\257\347\224\261\343\200\201\345\272\224\347\224\250\343\200\201\350\217\234\345\215\225\343\200\201\350\247\222\350\211\262\346\235\203\351\231\220\357\274\211.md" similarity index 77% rename from "deploy-manifests/k8s-rancher/0.1.2.\350\256\244\350\257\201\346\216\210\346\235\203\350\217\234\345\215\225\357\274\210\344\272\221\345\271\263\345\217\260\345\206\205\357\274\211\345\210\235\345\247\213\345\214\226.md" rename to "deploy-manifests/k8s-rancher/1.2.0002.\350\256\244\350\257\201\346\216\210\346\235\203-\344\272\221\345\271\263\345\217\260\346\225\260\346\215\256\345\210\235\345\247\213\345\214\226\357\274\210API\350\267\257\347\224\261\343\200\201\345\272\224\347\224\250\343\200\201\350\217\234\345\215\225\343\200\201\350\247\222\350\211\262\346\235\203\351\231\220\357\274\211.md" index 9d87b87..1d927fb 100644 --- "a/deploy-manifests/k8s-rancher/0.1.2.\350\256\244\350\257\201\346\216\210\346\235\203\350\217\234\345\215\225\357\274\210\344\272\221\345\271\263\345\217\260\345\206\205\357\274\211\345\210\235\345\247\213\345\214\226.md" +++ "b/deploy-manifests/k8s-rancher/1.2.0002.\350\256\244\350\257\201\346\216\210\346\235\203-\344\272\221\345\271\263\345\217\260\346\225\260\346\215\256\345\210\235\345\247\213\345\214\226\357\274\210API\350\267\257\347\224\261\343\200\201\345\272\224\347\224\250\343\200\201\350\217\234\345\215\225\343\200\201\350\247\222\350\211\262\346\235\203\351\231\220\357\274\211.md" @@ -1,5 +1,5 @@ -# 认证授权菜单初始化 +# 认证授权-云平台数据初始化 [TOC] @@ -14,63 +14,150 @@ -## 导入数据 +## 初始化数据 -### 应用 + +### 创建路由 + +#### 方式一,手动添加 + +进入 云平台 - 基础管理 - 路由管理,添加路由记录 + +注: +* 路由前缀 如:`/api/v1/sample/**`,确保与其他路由信息 **不存在冲突** +* 后端服务地址 如:`http://xxx.sample.edu.cn` +* 是否丢弃前缀,若是,转发到后端服务时的请求为 `http://xxx.sample.edu.cn/**`,否则为 `http://xxx.sample.edu.cn/api/v1/sample/**` + + +代码 | 名称 | 描述 | 是否启用 | 路由前缀 | 路由服务地址 | 是否丢弃前缀 +- | - | - | - | - | - | - | - +authx-service-user-api | 认证授权 - 用户接口 | | 是 | /api/v1/base | http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080 | 否 +authx-service-personal-api | 认证授权 - 个人信息接口 | | 是 | /api/v1/personal | http://personal-security-center-bff-svc.personal-security-center.svc.cluster.local:8080/api/v1 | 是 +authx-service-admin-api | 认证授权 - 聚合接口(认证、授权) | | 是 | /api/v2/admin | http://authx-service-bff-svc.authx-service.svc.cluster.local:8080 | 否 +authx-service-open-api | 认证授权 - 聚合接口(公开) | | 是 | /api/v2/open | http://authx-service-bff-svc.authx-service.svc.cluster.local:8080 | 否 + + +#### 方式二,bash脚本 + +```json +{"id": "20", "code": "authx-service-user-api", "name":"认证授权 - 用户接口", "memo":"", "status":"1", "pathPrefix":"/api/v1/base", "url":"http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080", "stripPrefix":false} + +{"id": "40", "code": "authx-service-personal-api", "name":"认证授权 - 个人信息接口", "memo":"", "status":"1", "pathPrefix":"/api/v1/personal", "url":"http://personal-security-center-bff-svc.personal-security-center.svc.cluster.local:8080/api/v1", "stripPrefix":true} + +{"id": "21", "code": "authx-service-admin-api", "name":"认证授权 - 聚合接口(认证、授权)", "memo":"", "status":"1", "pathPrefix":"/api/v2/admin", "url":"http://authx-service-bff-svc.authx-service.svc.cluster.local:8080", "stripPrefix":false} +{"id": "22", "code": "authx-service-open-api", "name":"认证授权 - 聚合接口(公开)", "memo":"", "status":"1", "pathPrefix":"/api/v2/open", "url":"http://authx-service-bff-svc.authx-service.svc.cluster.local:8080", "stripPrefix":false} +``` + +```bash +curl -i -s -X POST "http://admin-backend-sa-svc.admin-backend.svc.cluster.local:8080/v1/admin/routes" -H 'Content-Type: application/json' \ +-d \ +' +{"id": "20", "code": "authx-service-user-api", "name":"认证授权 - 用户接口", "memo":"", "status":"1", "pathPrefix":"/api/v1/base", "url":"http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080", "stripPrefix":false} +' + +curl -i -s -X POST "http://admin-backend-sa-svc.admin-backend.svc.cluster.local:8080/v1/admin/routes" -H 'Content-Type: application/json' \ +-d \ +' +{"id": "40", "code": "authx-service-personal-api", "name":"认证授权 - 个人信息接口", "memo":"", "status":"1", "pathPrefix":"/api/v1/personal", "url":"http://personal-security-center-bff-svc.personal-security-center.svc.cluster.local:8080/api/v1", "stripPrefix":true} +' + +curl -i -s -X POST "http://admin-backend-sa-svc.admin-backend.svc.cluster.local:8080/v1/admin/routes" -H 'Content-Type: application/json' \ +-d \ +' +{"id": "21", "code": "authx-service-admin-api", "name":"认证授权 - 聚合接口(认证、授权)", "memo":"", "status":"1", "pathPrefix":"/api/v2/admin", "url":"http://authx-service-bff-svc.authx-service.svc.cluster.local:8080", "stripPrefix":false} +' + +curl -i -s -X POST "http://admin-backend-sa-svc.admin-backend.svc.cluster.local:8080/v1/admin/routes" -H 'Content-Type: application/json' \ +-d \ +' +{"id": "22", "code": "authx-service-open-api", "name":"认证授权 - 聚合接口(公开)", "memo":"", "status":"1", "pathPrefix":"/api/v2/open", "url":"http://authx-service-bff-svc.authx-service.svc.cluster.local:8080", "stripPrefix":false} +' +``` + + +#### 方式三,SQL脚本 + +连接至 admin_center 数据库,执行以下 SQL脚本 ```sql -insert into TB_MGT_APPLICATION (ID, DELETED, CODE, NAME, STATUS) -values ('10', 0, '10', '认证授权', '1'); +use admin_center; + +insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX) +values ('20', 0, 'authx-service-user-api', '认证授权 - 用户接口', '1', '/api/v1/base', 'https://localhost:8022', 0); + +insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX) +values ('40', 0, 'authx-service-personal-api', '认证授权 - 个人信息接口', '1', '/api/v1/personal', 'http://localhost:8041/api/v1', 1); + +insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX) +values ('21', 0, 'authx-service-admin-api', '认证授权 - 聚合接口(认证、授权)', '1', '/api/v2/admin', 'http://localhost:8009', 0); +insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX) +values ('22', 0, 'authx-service-open-api', '认证授权 - 聚合接口(公开)', '1', '/api/v2/open', 'http://localhost:8009', 0); + +commit; + +update TB_MGT_ROUTE set URL='http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080' where ID='20'; + +update TB_MGT_ROUTE set URL='http://personal-security-center-bff-svc.personal-security-center.svc.cluster.local:8080/api/v1' where ID='40'; + +update TB_MGT_ROUTE set URL='http://authx-service-bff-svc.authx-service.svc.cluster.local:8080' where ID='21'; +update TB_MGT_ROUTE set URL='http://authx-service-bff-svc.authx-service.svc.cluster.local:8080' where ID='22'; + +commit; ``` +### 创建应用 + +#### 方式一,手动添加 + +进入 云平台 - 基础管理 - 应用管理,添加应用 + +应用标识 | 名称 | 描述 | 是否启用 | 应用访问地址 +- | - | - | - | - +20 | 用户授权 | | 是 | + + +#### 方式二,bash脚本 + ```json -{"id": "10", "code": "10", "name":"认证授权", "memo":"", "status":"1", "url":""} +{"id": "20", "code": "20", "name":"用户授权", "memo":"", "status":"1", "url":""} ``` ```bash -curl -i -s -X POST "http://admin-center-sa-svc.admin-center.svc.cluster.local:8080/v1/admin/applications" -H 'Content-Type: application/json' \ +curl -i -s -X POST "http://admin-backend-sa-svc.admin-backend.svc.cluster.local:8080/v1/admin/applications" -H 'Content-Type: application/json' \ -d \ ' -{"id": "10", "code": "10", "name":"认证授权", "memo":"", "status":"1", "url":""} +{"id": "20", "code": "20", "name":"用户授权", "memo":"", "status":"1", "url":""} ' ``` -### 菜单 +#### 方式三,SQL脚本 -* 认证管理 +连接至 admin_center 数据库,执行以下 SQL脚本 ```sql -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('20000', 0, 'cas-server', '认证管理', '1', '2', '', '/', '10', '1', 20000, 1, 18, 33); +use admin_center; -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('20100', 0, 'loginConfig', '登录方式配置', '1', '2', 'su-icon-denglupeizhi', '/cas-server/loginConfig', '10', '20000', 20100, 2, 19, 20); -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('20200', 0, 'safeLoginConfig', '账号安全配置', '1', '2', 'su-icon-config-security', '/cas-server/safeLoginConfig', '10', '20000', 20200, 2, 21, 22); -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('20300', 0, 'accountActivationConfiguration', '账号激活配置', '1', '2', 'su-icon-bulb', '/cas-server/accountActivationConfiguration', '10', '20000', 20300, 2, 23, 24); -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('20400', 0, 'safeConfig', '安全策略配置', '1', '2', 'su-icon-celuepeizhi', '/cas-server/safeConfig', '10', '20000', 20400, 2, 25, 26); -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('20500', 0, 'passwordConfig', '密码策略配置', '1', '2', 'su-icon-mimacelue', '/cas-server/passwordConfig', '10', '20000', 20500, 2, 27, 28); +insert into TB_MGT_APPLICATION (ID, DELETED, CODE, NAME, STATUS) +values ('20', 0, '20', '用户授权', '1'); -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('20600', 0, 'serverManagement', '应用对接配置', '1', '2', 'el-icon-service', '/cas-server/serverManagement', '10', '20000', 20600, 2, 29, 30); +commit; +``` -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('20700', 0, 'loginPageConfig', '登录页面配置', '1', '2', 'su-icon-tongxunxinxi', '/cas-server/loginPageConfig', '10', '20000', 20700, 2, 29, 30); -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('20800', 0, 'linkLoginConfig', '联合登录配置', '1', '2', 'su-icon-test', '/cas-server/linkLoginConfig', '10', '20000', 20800, 2, 29, 30); -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('21000', 0, 'lockManagement', '认证锁定管理', '1', '2', 'su-icon-shouquanjiguanli', '/cas-server/lockManagement', '10', '20000', 21000, 2, 31, 32); -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('21100', 0, 'analyze', '认证统计分析', '1', '2', 'su-icon-renzhengtongjifenxi', '/cas-server/analyze', '10', '20000', 21100, 2, 31, 32); -``` +### 创建菜单 + +#### 方式一,手动导入 + +进入 云平台 - 基础管理 - 菜单管理,导入 + +所属应用 选择 用户授权 + +菜单列表(JSON)如下,(复制后粘贴) +* 认证管理 ```json [ @@ -132,13 +219,146 @@ values ('21100', 0, 'analyze', '认证统计分析', '1', '2', 'su-icon-renzheng ] ``` +* 用户管理 + +```json +[ + { + "id": "30000", "parentIdOrCode":"1", "code": "user-server", "name": "用户管理", "memo": "", "status": "1", + "icon": "", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/", "target": "", + "order": 30000, "resourceIdOrCodes": [] + }, + { + "id": "30100", "parentIdOrCode":"30000", "code": "dictionary", "name": "字典管理", "memo": "", "status": "1", + "icon": "su-icon-zidian", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/dictionary", "target": "", + "order": 30100, "resourceIdOrCodes": [] + }, + { + "id": "30200", "parentIdOrCode":"30000", "code": "identity", "name": "身份管理", "memo": "", "status": "1", + "icon": "su-icon-shenfen", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/identity", "target": "", + "order": 30200, "resourceIdOrCodes": [] + }, + { + "id": "30300", "parentIdOrCode":"30000", "code": "mechanism", "name": "组织机构管理", "memo": "", "status": "1", + "icon": "su-icon-department", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/mechanism", "target": "", + "order": 30300, "resourceIdOrCodes": [] + }, + { + "id": "30400", "parentIdOrCode":"30000", "code": "person", "name": "人员管理", "memo": "", "status": "1", + "icon": "su-icon-people", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/person", "target": "", + "order": 30400, "resourceIdOrCodes": [] + }, + { + "id": "30500", "parentIdOrCode":"30000", "code": "label", "name": "标签管理", "memo": "", "status": "1", + "icon": "su-icon-biaoqian", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/label", "target": "", + "order": 30500, "resourceIdOrCodes": [] + }, + { + "id": "30600", "parentIdOrCode":"30000", "code": "simpleUserGroupManage", "name": "普通用户组管理", "memo": "", "status": "1", + "icon": "su-icon-portrait", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/simpleUserGroupManage", "target": "", + "order": 30600, "resourceIdOrCodes": [] + }, + { + "id": "30700", "parentIdOrCode":"30000", "code": "postUserGroupManage", "name": "岗位用户组管理", "memo": "", "status": "1", + "icon": "su-icon-personnel", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/postUserGroupManage", "target": "", + "order": 30700, "resourceIdOrCodes": [] + }, + { + "id": "30750", "parentIdOrCode":"30000", "code": "userScope", "name": "用户规则", "memo": "", "status": "1", + "icon": "el-icon-guide", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/userScope", "target": "", + "order": 30750, "resourceIdOrCodes": [] + }, + { + "id": "30800", "parentIdOrCode":"30000", "code": "assignation", "name": "人员分配", "memo": "", "status": "1", + "icon": "su-icon-tihuanbanliren", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/assignation", "target": "", + "order": 30800, "resourceIdOrCodes": [] + }, + { + "id": "31000", "parentIdOrCode":"30000", "code": "activateAccount", "name": "账号激活审核", "memo": "", "status": "1", + "icon": "su-icon-yonghushouquan", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/activateAccount", "target": "", + "order": 31000, "resourceIdOrCodes": [] + } +] +``` + +* 授权管理 + +```json +[ + { + "id": "40000", "parentIdOrCode":"1", "code": "authorization-server", "name": "授权管理", "memo": "", "status": "1", + "icon": "", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/", "target": "", + "order": 40000, "resourceIdOrCodes": [] + }, + { + "id": "40100", "parentIdOrCode":"40000", "code": "applicationRole", "name": "角色授权", "memo": "", "status": "1", + "icon": "su-icon-yingyongjuese", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/applicationRole", "target": "", + "order": 40100, "resourceIdOrCodes": [] + }, + { + "id": "40200", "parentIdOrCode":"40000", "code": "authorizationRoleComponent", "name": "角色组授权", "memo": "", "status": "1", + "icon": "su-icon-juesezu", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/authorizationRoleComponent", "target": "", + "order": 40200, "resourceIdOrCodes": [] + }, + { + "id": "40300", "parentIdOrCode":"40000", "code": "userAuthManagePeople", "name": "用户授权", "memo": "", "status": "1", + "icon": "su-icon-yonghushouquan", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/userAuthManagePeople", "target": "", + "order": 40300, "resourceIdOrCodes": [] + }, + { + "id": "40400", "parentIdOrCode":"40000", "code": "roleAuthManagement", "name": "用户规则授权", "memo": "", "status": "1", + "icon": "su-icon-yonghuguize", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/roleAuthManagement", "target": "", + "order": 40400, "resourceIdOrCodes": [] + }, + { + "id": "40500", "parentIdOrCode":"40000", "code": "userGroupAuth", "name": "用户组授权", "memo": "", "status": "1", + "icon": "su-icon-yonghuguize", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/userGroupAuth", "target": "", + "order": 40500, "resourceIdOrCodes": [] + }, + { + "id": "40900", "parentIdOrCode":"40000", "code": "authorizationAndManagement", "name": "分级授权管理", "memo": "", "status": "1", + "icon": "su-icon-shouquanjiguanli", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/authorizationAndManagement", "target": "", + "order": 40900, "resourceIdOrCodes": [] + }, + { + "id": "41100", "parentIdOrCode":"40000", "code": "accountAuthorizationAudit", "name": "账号授权审计", "memo": "", "status": "1", + "icon": "su-icon-zhsqsj", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/accountAuthorizationAudit", "target": "", + "order": 41100, "resourceIdOrCodes": [] + }, + { + "id": "41200", "parentIdOrCode":"40000", "code": "userAudit", "name": "用户规则权限审计", "memo": "", "status": "1", + "icon": "su-icon-yhgzqxsj", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/userAudit", "target": "", + "order": 41200, "resourceIdOrCodes": [] + }, + { + "id": "41300", "parentIdOrCode":"40000", "code": "rolePermissionAudit", "name": "角色/组授权审计", "memo": "", "status": "1", + "icon": "su-icon-jszsqsj", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/rolePermissionAudit", "target": "", + "order": 41300, "resourceIdOrCodes": [] + }, + { + "id": "41400", "parentIdOrCode":"40000", "code": "authOperationsAudit", "name": "权限操作审计", "memo": "", "status": "1", + "icon": "su-icon-qxczsj", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/authOperationsAudit", "target": "", + "order": 41400, "resourceIdOrCodes": [] + }, + { + "id": "41500", "parentIdOrCode":"40000", "code": "authStatisticalMonitor", "name": "授权统计监控", "memo": "", "status": "1", + "icon": "su-icon-sqtjjk", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/authStatisticalMonitor", "target": "", + "order": 41500, "resourceIdOrCodes": [] + } +] +``` + + +#### 方式二,bash脚本 + +* 认证管理 ```bash -curl -i -s -X POST "http://admin-center-sa-svc.admin-center.svc.cluster.local:8080/v1/admin/menus/importMenu" -H 'Content-Type: application/json' \ +curl -i -s -X POST "http://admin-backend-sa-svc.admin-backend.svc.cluster.local:8080/v1/admin/menus/importMenu" -H 'Content-Type: application/json' \ -d \ ' { - "applicationId": "10", + "applicationId": "20", "menuList": [ { @@ -201,109 +421,14 @@ curl -i -s -X POST "http://admin-center-sa-svc.admin-center.svc.cluster.local:80 ' ``` - * 用户管理 -```sql - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('30000', 0, 'user-server', '用户管理', '1', '2', '', '/', '10', '1', 30000, 1, 34, 53); - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('30100', 0, 'dictionary', '字典管理', '1', '2', 'su-icon-zidian', '/user-server/dictionary', '10', '30000', 30100, 2, 35, 36); -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('30200', 0, 'identity', '身份管理', '1', '2', 'su-icon-shenfen', '/user-server/identity', '10', '30000', 30200, 2, 37, 38); -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('30300', 0, 'mechanism', '组织机构管理', '1', '2', 'su-icon-department', '/user-server/mechanism', '10', '30000', 30300, 2, 39, 40); -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('30400', 0, 'person', '人员管理', '1', '2', 'su-icon-people', '/user-server/person', '10', '30000', 30400, 2, 41, 42); -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('30500', 0, 'label', '标签管理', '1', '2', 'su-icon-biaoqian', '/user-server/label', '10', '30000', 30500, 2, 43, 44); - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('30600', 0, 'simpleUserGroupManage', '普通用户组管理', '1', '2', 'su-icon-portrait', '/user-server/simpleUserGroupManage', '10', '30000', 30600, 2, 45, 46); -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('30700', 0, 'postUserGroupManage', '岗位用户组管理', '1', '2', 'su-icon-personnel', '/user-server/postUserGroupManage', '10', '30000', 30700, 2, 47, 48); - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('30750', 0, 'userScope', '用户规则', '1', '1', 'el-icon-guide', '/user-server/userScope', '1', '30000', 30750, 2, 51, 52); - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('30800', 0, 'assignation', '人员分配', '1', '2', 'su-icon-tihuanbanliren', '/user-server/assignation', '10', '30000', 30800, 2, 49, 50); -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('31000', 0, 'activateAccount', '账号激活审核', '1', '2', 'su-icon-yonghushouquan', '/user-server/activateAccount', '10', '30000', 31000, 2, 51, 52); - -``` - - - -```json -[ - { - "id": "30000", "parentIdOrCode":"1", "code": "user-server", "name": "用户管理", "memo": "", "status": "1", - "icon": "", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/", "target": "", - "order": 30000, "resourceIdOrCodes": [] - }, - { - "id": "30100", "parentIdOrCode":"30000", "code": "dictionary", "name": "字典管理", "memo": "", "status": "1", - "icon": "su-icon-zidian", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/dictionary", "target": "", - "order": 30100, "resourceIdOrCodes": [] - }, - { - "id": "30200", "parentIdOrCode":"30000", "code": "identity", "name": "身份管理", "memo": "", "status": "1", - "icon": "su-icon-shenfen", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/identity", "target": "", - "order": 30200, "resourceIdOrCodes": [] - }, - { - "id": "30300", "parentIdOrCode":"30000", "code": "mechanism", "name": "组织机构管理", "memo": "", "status": "1", - "icon": "su-icon-department", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/mechanism", "target": "", - "order": 30300, "resourceIdOrCodes": [] - }, - { - "id": "30400", "parentIdOrCode":"30000", "code": "person", "name": "人员管理", "memo": "", "status": "1", - "icon": "su-icon-people", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/person", "target": "", - "order": 30400, "resourceIdOrCodes": [] - }, - { - "id": "30500", "parentIdOrCode":"30000", "code": "label", "name": "标签管理", "memo": "", "status": "1", - "icon": "su-icon-biaoqian", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/label", "target": "", - "order": 30500, "resourceIdOrCodes": [] - }, - { - "id": "30600", "parentIdOrCode":"30000", "code": "simpleUserGroupManage", "name": "普通用户组管理", "memo": "", "status": "1", - "icon": "su-icon-portrait", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/simpleUserGroupManage", "target": "", - "order": 30600, "resourceIdOrCodes": [] - }, - { - "id": "30700", "parentIdOrCode":"30000", "code": "postUserGroupManage", "name": "岗位用户组管理", "memo": "", "status": "1", - "icon": "su-icon-personnel", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/postUserGroupManage", "target": "", - "order": 30700, "resourceIdOrCodes": [] - }, - { - "id": "30750", "parentIdOrCode":"30000", "code": "userScope", "name": "用户规则", "memo": "", "status": "1", - "icon": "el-icon-guide", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/userScope", "target": "", - "order": 30750, "resourceIdOrCodes": [] - }, - { - "id": "30800", "parentIdOrCode":"30000", "code": "assignation", "name": "人员分配", "memo": "", "status": "1", - "icon": "su-icon-tihuanbanliren", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/assignation", "target": "", - "order": 30800, "resourceIdOrCodes": [] - }, - { - "id": "31000", "parentIdOrCode":"30000", "code": "activateAccount", "name": "账号激活审核", "memo": "", "status": "1", - "icon": "su-icon-yonghushouquan", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/activateAccount", "target": "", - "order": 31000, "resourceIdOrCodes": [] - } -] -``` - - ```bash -curl -i -s -X POST "http://admin-center-sa-svc.admin-center.svc.cluster.local:8080/v1/admin/menus/importMenu" -H 'Content-Type: application/json' \ +curl -i -s -X POST "http://admin-backend-sa-svc.admin-backend.svc.cluster.local:8080/v1/admin/menus/importMenu" -H 'Content-Type: application/json' \ -d \ ' { - "applicationId": "10", + "applicationId": "20", "menuList": [ { @@ -366,116 +491,14 @@ curl -i -s -X POST "http://admin-center-sa-svc.admin-center.svc.cluster.local:80 ' ``` - * 授权管理 -```sql - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('40000', 0, 'authorization-server', '授权管理', '1', '2', '', '/', '10', '1', 40000, 1, 54, 77); - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('40100', 0, 'applicationRole', '角色授权', '1', '2', 'su-icon-yingyongjuese', '/auth-server/applicationRole', '10', '40000', 40100, 2, 55, 56); -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('40200', 0, 'authorizationRoleComponent', '角色组授权', '1', '2', 'su-icon-juesezu', '/auth-server/authorizationRoleComponent', '10', '40000', 40200, 2, 57, 58); - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('40300', 0, 'userAuthManagePeople', '用户授权', '1', '2', 'su-icon-yonghushouquan', '/auth-server/userAuthManagePeople', '10', '40000', 40300, 2, 59, 60); -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('40400', 0, 'roleAuthManagement', '用户规则授权', '1', '2', 'su-icon-yonghuguize', '/auth-server/roleAuthManagement', '10', '40000', 40400, 2, 61, 62); - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('40500', 0, 'userGroupAuth', '用户组授权', '1', '2', 'su-icon-yonghuguize', '/auth-server/userGroupAuth', '10', '40000', 40500, 2, 63, 64); - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('40900', 0, 'authorizationAndManagement', '分级授权管理', '1', '2', 'su-icon-shouquanjiguanli', '/auth-server/authorizationAndManagement', '10', '40000', 40900, 2, 65, 66); - -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('41100', 0, 'accountAuthorizationAudit', '账号授权审计', '1', '2', 'su-icon-zhsqsj', '/auth-server/accountAuthorizationAudit', '10', '40000', 41100, 2, 67, 68); -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('41200', 0, 'userAudit', '用户规则权限审计', '1', '2', 'su-icon-yhgzqxsj', '/auth-server/userAudit', '10', '40000', 41200, 2, 69, 70); -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('41300', 0, 'rolePermissionAudit', '角色/组授权审计', '1', '2', 'su-icon-jszsqsj', '/auth-server/rolePermissionAudit', '10', '40000', 41300, 2, 71, 72); -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('41400', 0, 'authOperationsAudit', '权限操作审计', '1', '2', 'su-icon-qxczsj', '/auth-server/authOperationsAudit', '10', '40000', 41400, 2, 73, 74); -insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) -values ('41500', 0, 'authStatisticalMonitor', '授权统计监控', '1', '2', 'su-icon-sqtjjk', '/auth-server/authStatisticalMonitor', '10', '40000', 41500, 2, 75, 76); - -``` - - -```json -[ - { - "id": "40000", "parentIdOrCode":"1", "code": "authorization-server", "name": "授权管理", "memo": "", "status": "1", - "icon": "", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/", "target": "", - "order": 40000, "resourceIdOrCodes": [] - }, - { - "id": "40100", "parentIdOrCode":"40000", "code": "applicationRole", "name": "角色授权", "memo": "", "status": "1", - "icon": "su-icon-yingyongjuese", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/applicationRole", "target": "", - "order": 40100, "resourceIdOrCodes": [] - }, - { - "id": "40200", "parentIdOrCode":"40000", "code": "authorizationRoleComponent", "name": "角色组授权", "memo": "", "status": "1", - "icon": "su-icon-juesezu", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/authorizationRoleComponent", "target": "", - "order": 40200, "resourceIdOrCodes": [] - }, - { - "id": "40300", "parentIdOrCode":"40000", "code": "userAuthManagePeople", "name": "用户授权", "memo": "", "status": "1", - "icon": "su-icon-yonghushouquan", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/userAuthManagePeople", "target": "", - "order": 40300, "resourceIdOrCodes": [] - }, - { - "id": "40400", "parentIdOrCode":"40000", "code": "roleAuthManagement", "name": "用户规则授权", "memo": "", "status": "1", - "icon": "su-icon-yonghuguize", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/roleAuthManagement", "target": "", - "order": 40400, "resourceIdOrCodes": [] - }, - { - "id": "40500", "parentIdOrCode":"40000", "code": "userGroupAuth", "name": "用户组授权", "memo": "", "status": "1", - "icon": "su-icon-yonghuguize", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/userGroupAuth", "target": "", - "order": 40500, "resourceIdOrCodes": [] - }, - { - "id": "40900", "parentIdOrCode":"40000", "code": "authorizationAndManagement", "name": "分级授权管理", "memo": "", "status": "1", - "icon": "su-icon-shouquanjiguanli", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/authorizationAndManagement", "target": "", - "order": 40900, "resourceIdOrCodes": [] - }, - { - "id": "41100", "parentIdOrCode":"40000", "code": "accountAuthorizationAudit", "name": "账号授权审计", "memo": "", "status": "1", - "icon": "su-icon-zhsqsj", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/accountAuthorizationAudit", "target": "", - "order": 41100, "resourceIdOrCodes": [] - }, - { - "id": "41200", "parentIdOrCode":"40000", "code": "userAudit", "name": "用户规则权限审计", "memo": "", "status": "1", - "icon": "su-icon-yhgzqxsj", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/userAudit", "target": "", - "order": 41200, "resourceIdOrCodes": [] - }, - { - "id": "41300", "parentIdOrCode":"40000", "code": "rolePermissionAudit", "name": "角色/组授权审计", "memo": "", "status": "1", - "icon": "su-icon-jszsqsj", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/rolePermissionAudit", "target": "", - "order": 41300, "resourceIdOrCodes": [] - }, - { - "id": "41400", "parentIdOrCode":"40000", "code": "authOperationsAudit", "name": "权限操作审计", "memo": "", "status": "1", - "icon": "su-icon-qxczsj", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/authOperationsAudit", "target": "", - "order": 41400, "resourceIdOrCodes": [] - }, - { - "id": "41500", "parentIdOrCode":"40000", "code": "authStatisticalMonitor", "name": "授权统计监控", "memo": "", "status": "1", - "icon": "su-icon-sqtjjk", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/authStatisticalMonitor", "target": "", - "order": 41500, "resourceIdOrCodes": [] - } -] -``` - - ```bash -curl -i -s -X POST "http://admin-center-sa-svc.admin-center.svc.cluster.local:8080/v1/admin/menus/importMenu" -H 'Content-Type: application/json' \ +curl -i -s -X POST "http://admin-backend-sa-svc.admin-backend.svc.cluster.local:8080/v1/admin/menus/importMenu" -H 'Content-Type: application/json' \ -d \ ' { - "applicationId": "10", + "applicationId": "20", "menuList": [ { @@ -544,25 +567,125 @@ curl -i -s -X POST "http://admin-center-sa-svc.admin-center.svc.cluster.local:80 ``` -### 角色 +#### 方式三,SQL脚本 + +连接至 admin_center 数据库,执行以下 SQL脚本 + +* 认证管理 + +```sql +use admin_center; + +insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) +values ('20000', 0, 'cas-server', '认证管理', '1', '2', '', '/', '20', '1', 20000, 1, 18, 33); + +insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) +values ('20100', 0, 'loginConfig', '登录方式配置', '1', '2', 'su-icon-denglupeizhi', '/cas-server/loginConfig', '20', '20000', 20100, 2, 19, 20); +insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) +values ('20200', 0, 'safeLoginConfig', '账号安全配置', '1', '2', 'su-icon-config-security', '/cas-server/safeLoginConfig', '20', '20000', 20200, 2, 21, 22); +insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) +values ('20300', 0, 'accountActivationConfiguration', '账号激活配置', '1', '2', 'su-icon-bulb', '/cas-server/accountActivationConfiguration', '20', '20000', 20300, 2, 23, 24); +insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) +values ('20400', 0, 'safeConfig', '安全策略配置', '1', '2', 'su-icon-celuepeizhi', '/cas-server/safeConfig', '20', '20000', 20400, 2, 25, 26); +insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) +values ('20500', 0, 'passwordConfig', '密码策略配置', '1', '2', 'su-icon-mimacelue', '/cas-server/passwordConfig', '20', '20000', 20500, 2, 27, 28); + +insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) +values ('20600', 0, 'serverManagement', '应用对接配置', '1', '2', 'el-icon-service', '/cas-server/serverManagement', '20', '20000', 20600, 2, 29, 30); + +insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) +values ('20700', 0, 'loginPageConfig', '登录页面配置', '1', '2', 'su-icon-tongxunxinxi', '/cas-server/loginPageConfig', '20', '20000', 20700, 2, 29, 30); +insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) +values ('20800', 0, 'linkLoginConfig', '联合登录配置', '1', '2', 'su-icon-test', '/cas-server/linkLoginConfig', '20', '20000', 20800, 2, 29, 30); + +insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) +values ('21000', 0, 'lockManagement', '认证锁定管理', '1', '2', 'su-icon-shouquanjiguanli', '/cas-server/lockManagement', '20', '20000', 21000, 2, 31, 32); +insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) +values ('21100', 0, 'analyze', '认证统计分析', '1', '2', 'su-icon-renzhengtongjifenxi', '/cas-server/analyze', '20', '20000', 21100, 2, 31, 32); + +commit; +``` + +* 用户管理 + +```sql +use admin_center; + +insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) +values ('30000', 0, 'user-server', '用户管理', '1', '2', '', '/', '20', '1', 30000, 1, 34, 53); + +insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) +values ('30100', 0, 'dictionary', '字典管理', '1', '2', 'su-icon-zidian', '/user-server/dictionary', '20', '30000', 30100, 2, 35, 36); +insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) +values ('30200', 0, 'identity', '身份管理', '1', '2', 'su-icon-shenfen', '/user-server/identity', '20', '30000', 30200, 2, 37, 38); +insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) +values ('30300', 0, 'mechanism', '组织机构管理', '1', '2', 'su-icon-department', '/user-server/mechanism', '20', '30000', 30300, 2, 39, 40); +insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) +values ('30400', 0, 'person', '人员管理', '1', '2', 'su-icon-people', '/user-server/person', '20', '30000', 30400, 2, 41, 42); +insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) +values ('30500', 0, 'label', '标签管理', '1', '2', 'su-icon-biaoqian', '/user-server/label', '20', '30000', 30500, 2, 43, 44); + +insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) +values ('30600', 0, 'simpleUserGroupManage', '普通用户组管理', '1', '2', 'su-icon-portrait', '/user-server/simpleUserGroupManage', '20', '30000', 30600, 2, 45, 46); +insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) +values ('30700', 0, 'postUserGroupManage', '岗位用户组管理', '1', '2', 'su-icon-personnel', '/user-server/postUserGroupManage', '20', '30000', 30700, 2, 47, 48); + +insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) +values ('30750', 0, 'userScope', '用户规则', '1', '1', 'el-icon-guide', '/user-server/userScope', '1', '30000', 30750, 2, 51, 52); + +insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) +values ('30800', 0, 'assignation', '人员分配', '1', '2', 'su-icon-tihuanbanliren', '/user-server/assignation', '20', '30000', 30800, 2, 49, 50); +insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) +values ('31000', 0, 'activateAccount', '账号激活审核', '1', '2', 'su-icon-yonghushouquan', '/user-server/activateAccount', '20', '30000', 31000, 2, 51, 52); + +commit; +``` + +* 授权管理 ```sql +use admin_center; + +insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) +values ('40000', 0, 'authorization-server', '授权管理', '1', '2', '', '/', '20', '1', 40000, 1, 54, 77); + +insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) +values ('40100', 0, 'applicationRole', '角色授权', '1', '2', 'su-icon-yingyongjuese', '/auth-server/applicationRole', '20', '40000', 40100, 2, 55, 56); +insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) +values ('40200', 0, 'authorizationRoleComponent', '角色组授权', '1', '2', 'su-icon-juesezu', '/auth-server/authorizationRoleComponent', '20', '40000', 40200, 2, 57, 58); + +insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) +values ('40300', 0, 'userAuthManagePeople', '用户授权', '1', '2', 'su-icon-yonghushouquan', '/auth-server/userAuthManagePeople', '20', '40000', 40300, 2, 59, 60); +insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) +values ('40400', 0, 'roleAuthManagement', '用户规则授权', '1', '2', 'su-icon-yonghuguize', '/auth-server/roleAuthManagement', '20', '40000', 40400, 2, 61, 62); -insert into TB_MGT_ROLE (ID, DELETED, CODE, NAME, STATUS) -values ('20', 0, 'cas-admin', '认证管理员', '1'); +insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) +values ('40500', 0, 'userGroupAuth', '用户组授权', '1', '2', 'su-icon-yonghuguize', '/auth-server/userGroupAuth', '20', '40000', 40500, 2, 63, 64); -insert into TB_MGT_ROLE (ID, DELETED, CODE, NAME, STATUS) -values ('30', 0, 'user-admin', '用户管理员', '1'); +insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) +values ('40900', 0, 'authorizationAndManagement', '分级授权管理', '1', '2', 'su-icon-shouquanjiguanli', '/auth-server/authorizationAndManagement', '20', '40000', 40900, 2, 65, 66); -insert into TB_MGT_ROLE (ID, DELETED, CODE, NAME, STATUS) -values ('40', 0, 'user-authz-admin', '授权管理员', '1'); -insert into TB_MGT_ROLE (ID, DELETED, CODE, NAME, STATUS) -values ('41', 0, 'user-authz-use-admin', '用户授权管理员', '1'); -insert into TB_MGT_ROLE (ID, DELETED, CODE, NAME, STATUS) -values ('42', 0, 'user-authz-man-admin', '分级授权管理员', '1'); +insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) +values ('41100', 0, 'accountAuthorizationAudit', '账号授权审计', '1', '2', 'su-icon-zhsqsj', '/auth-server/accountAuthorizationAudit', '20', '40000', 41100, 2, 67, 68); +insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) +values ('41200', 0, 'userAudit', '用户规则权限审计', '1', '2', 'su-icon-yhgzqxsj', '/auth-server/userAudit', '20', '40000', 41200, 2, 69, 70); +insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) +values ('41300', 0, 'rolePermissionAudit', '角色/组授权审计', '1', '2', 'su-icon-jszsqsj', '/auth-server/rolePermissionAudit', '20', '40000', 41300, 2, 71, 72); +insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) +values ('41400', 0, 'authOperationsAudit', '权限操作审计', '1', '2', 'su-icon-qxczsj', '/auth-server/authOperationsAudit', '20', '40000', 41400, 2, 73, 74); +insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT) +values ('41500', 0, 'authStatisticalMonitor', '授权统计监控', '1', '2', 'su-icon-sqtjjk', '/auth-server/authStatisticalMonitor', '20', '40000', 41500, 2, 75, 76); commit; +``` + + +### 关联角色权限 +角色由授权服务进行初始化 + + +```sql insert into TB_MGT_ROLE_PERMISSION (ID, DELETED, ROLE_ID, PERMISSION_ID) @@ -609,23 +732,23 @@ commit; ```json [ { - "id": "20", "code": "cas-admin", "name":"认证管理员", "memo":"", "status":"1", + "roleId": "20", "roleCode":"cas-admin", "permissionIdOrCodes": ["20000", "20100", "20200", "20300", "20400", "20500", "20600", "20700", "20800", "21000", "21100"] }, { - "id": "30", "code": "user-admin", "name":"用户管理员", "memo":"", "status":"1", - "permissionIdOrCodes": ["30000", "30100", "30200", "30300", "30400", "30500", "30600", "30700", "30750", "30800", "31000"] + "roleId": "30", "roleCode": "user-admin", + "permissionIdOrCodes": ["30000", "30100", "30200", "30300", "30400", "30500", "30600", "30700", "30800", "31000"] }, { - "id": "40", "code": "user-authz-admin", "name":"授权管理员", "memo":"", "status":"1", + "roleId": "40", "roleCode": "user-authz-admin", "permissionIdOrCodes": ["40000", "40100", "40200", "40300", "40400", "40500", "40900", "41100", "41200", "41300", "41400", "41500"] }, { - "id": "41", "code": "user-authz-grant-admin", "name":"用户授权管理员", "memo":"", "status":"1", + "roleId": "41", "roleCode": "user-authz-grant-admin", "permissionIdOrCodes": ["40000", "40100", "40300", "40400", "40500"] }, { - "id": "42", "code": "user-authz-man-grant-admin", "name":"分级授权管理员", "memo":"", "status":"1", + "roleId": "42", "roleCode": "user-authz-man-grant-admin", "permissionIdOrCodes": ["40000", "40900"] } ] @@ -633,31 +756,30 @@ commit; ```bash -curl -i -s -X POST "http://admin-center-sa-svc.admin-center.svc.cluster.local:8080/v1/admin/roles/importRole" -H 'Content-Type: application/json' \ +curl -i -s -X POST "http://admin-backend-sa-svc.admin-backend.svc.cluster.local:8080/v1/admin/rolePermissions/importRolePermission" -H 'Content-Type: application/json' \ -d \ ' { - "applicationId": "10", - "roleList": + "rolePermissionList": [ { - "id": "20", "code": "cas-admin", "name":"认证管理员", "memo":"", "status":"1", + "roleId": "20", "roleCode":"cas-admin", "permissionIdOrCodes": ["20000", "20100", "20200", "20300", "20400", "20500", "20600", "20700", "20800", "21000", "21100"] }, { - "id": "30", "code": "user-admin", "name":"用户管理员", "memo":"", "status":"1", + "roleId": "30", "roleCode": "user-admin", "permissionIdOrCodes": ["30000", "30100", "30200", "30300", "30400", "30500", "30600", "30700", "30800", "31000"] }, { - "id": "40", "code": "user-authz-admin", "name":"授权管理员", "memo":"", "status":"1", + "roleId": "40", "roleCode": "user-authz-admin", "permissionIdOrCodes": ["40000", "40100", "40200", "40300", "40400", "40500", "40900", "41100", "41200", "41300", "41400", "41500"] }, { - "id": "41", "code": "user-authz-grant-admin", "name":"用户授权管理员", "memo":"", "status":"1", + "roleId": "41", "roleCode": "user-authz-grant-admin", "permissionIdOrCodes": ["40000", "40100", "40300", "40400", "40500"] }, { - "id": "42", "code": "user-authz-man-grant-admin", "name":"分级授权管理员", "memo":"", "status":"1", + "roleId": "42", "roleCode": "user-authz-man-grant-admin", "permissionIdOrCodes": ["40000", "40900"] } ] diff --git a/deploy-manifests/k8s-rancher/authx-platform.png b/deploy-manifests/k8s-rancher/authx-platform.png new file mode 100644 index 0000000..169a3f3 Binary files /dev/null and b/deploy-manifests/k8s-rancher/authx-platform.png differ