完善权限管理子系统的各个部分（未完）;添加或完善用户、标签、功能性权限容器、范围性权限容器、功能接口;配置Spring Security角色管理;

2020-04-06 02:39:04 +08:00 · 2020-04-06 02:39:04 +08:00 · 9a24081050
commit 9a24081050
parent 2b5274c47d
33 changed files with 790 additions and 150 deletions
--- a/src/main/java/com/codesdream/ase/component/auth/ASEAccessDecisionManager.java
+++ b/src/main/java/com/codesdream/ase/component/auth/ASEAccessDecisionManager.java
@ -0,0 +1,42 @@
 package com.codesdream.ase.component.auth;
 import org.springframework.security.access.AccessDecisionManager;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.authentication.InsufficientAuthenticationException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.stereotype.Component;
 import java.util.Collection;
 import java.util.Iterator;
@Component
 public class ASEAccessDecisionManager implements AccessDecisionManager {
    @Override
    public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
        if(null == configAttributes || configAttributes.size() <= 0) {
            return;
        }
        for (ConfigAttribute c : configAttributes) {
            String needRole = c.getAttribute();
            for (GrantedAuthority ga : authentication.getAuthorities()) {
                if (needRole.trim().equals(ga.getAuthority())) {
                    return;
                }
            }
        }
        throw new AccessDeniedException("Access Denied");
    }
    @Override
    public boolean supports(ConfigAttribute attribute) {
        return true;
    }
    @Override
    public boolean supports(Class<?> clazz) {
        return true;
    }
 }
--- a/src/main/java/com/codesdream/ase/component/auth/ASEInvocationSecurityMetadataSource.java
+++ b/src/main/java/com/codesdream/ase/component/auth/ASEInvocationSecurityMetadataSource.java
@ -0,0 +1,65 @@
 package com.codesdream.ase.component.auth;
 import com.codesdream.ase.model.permission.Function;
 import com.codesdream.ase.repository.permission.FunctionRepository;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.web.FilterInvocation;
 import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.stereotype.Component;
 import javax.annotation.Resource;
 import javax.servlet.http.HttpServletRequest;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.Iterator;
@Component
 public class ASEInvocationSecurityMetadataSource implements FilterInvocationSecurityMetadataSource {
    private HashMap<String, Collection<ConfigAttribute>> map = null;
    @Resource
    private FunctionRepository functionRepository;
    private void loadFunctionDefine(){
        map = new HashMap<>();
        Iterable<Function> functions = functionRepository.findAll();
        for(Function function : functions) {
            Collection<ConfigAttribute> array = new ArrayList<>();
            ConfigAttribute cfg = new SecurityConfig(function.getName());
            array.add(cfg);
            map.put(function.getUrl(), array);
        }
    }
    @Override
    public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
        if(map == null) loadFunctionDefine();
        HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
        for (String url : map.keySet()) {
            AntPathRequestMatcher matcher = new AntPathRequestMatcher(url);
            if (matcher.matches(request)) {
                return map.get(url);
            }
        }
        return null;
    }
    @Override
    public Collection<ConfigAttribute> getAllConfigAttributes() {
        return null;
    }
    @Override
    public boolean supports(Class<?> clazz) {
        return true;
    }
 }
--- a/src/main/java/com/codesdream/ase/component/auth/ASEJSONTokenAuthenticationFilter.java
+++ b/src/main/java/com/codesdream/ase/component/auth/ASEJSONTokenAuthenticationFilter.java
@ -1,10 +1,5 @@
 package com.codesdream.ase.component.auth;
 import com.codesdream.ase.component.auth.AJAXRequestChecker;
 import com.codesdream.ase.component.auth.JSONRandomCodeGenerator;
 import com.codesdream.ase.component.auth.JSONSignedGenerator;
 import com.codesdream.ase.component.auth.JSONTokenAuthenticationToken;
 import com.codesdream.ase.component.datamanager.JSONParameter;
 import com.codesdream.ase.model.auth.JSONToken;
 import com.codesdream.ase.service.AuthService;
 import lombok.extern.slf4j.Slf4j;
--- a/src/main/java/com/codesdream/ase/component/auth/ASESecurityInterceptor.java
+++ b/src/main/java/com/codesdream/ase/component/auth/ASESecurityInterceptor.java
@ -0,0 +1,62 @@
 package com.codesdream.ase.component.auth;
 import javax.annotation.Resource;
 import javax.servlet.*;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.SecurityMetadataSource;
 import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
 import org.springframework.security.access.intercept.InterceptorStatusToken;
 import org.springframework.security.web.FilterInvocation;
 import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
 import org.springframework.stereotype.Component;
 import java.io.IOException;
@Component
 public class ASESecurityInterceptor extends AbstractSecurityInterceptor implements Filter {
    @Resource
    private FilterInvocationSecurityMetadataSource securityMetadataSource;
    @Resource
    public void setASEAccessDecisionManager(ASEAccessDecisionManager accessDecisionManager) {
        super.setAccessDecisionManager(accessDecisionManager);
    }
    @Override
    public Class<?> getSecureObjectClass() {
        return FilterInvocation.class;
    }
    @Override
    public SecurityMetadataSource obtainSecurityMetadataSource() {
        return this.securityMetadataSource;
    }
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }
    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        FilterInvocation fi = new FilterInvocation(request, response, chain);
        invoke(fi);
    }
    public void invoke(FilterInvocation fi) throws IOException, ServletException {
        InterceptorStatusToken token = super.beforeInvocation(fi);
        try {
            //执行下一个拦截器
            fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
        } finally {
            super.afterInvocation(token, null);
        }
    }
    @Override
    public void destroy() {
    }
 }
--- a/src/main/java/com/codesdream/ase/component/datamanager/JSONParameter.java
+++ b/src/main/java/com/codesdream/ase/component/datamanager/JSONParameter.java
@ -3,6 +3,12 @@ package com.codesdream.ase.component.datamanager;
 import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONObject;
 import com.codesdream.ase.component.json.respond.JSONBaseRespondObject;
 import com.codesdream.ase.exception.innerservererror.HandlingErrorsException;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.github.fge.jsonpatch.JsonPatch;
 import com.github.fge.jsonpatch.JsonPatchException;
 import org.springframework.stereotype.Component;
 import javax.servlet.http.HttpServletRequest;
@ -69,6 +75,15 @@ public class JSONParameter {
        return json.map(jsonObject -> getJavaObject(jsonObject, type));
    }
    public <T> T parsePathToObject(JsonPatch patch, T object){
        try {
            ObjectMapper mapper = new ObjectMapper();
            JsonNode patched = patch.apply(mapper.convertValue(object, JsonNode.class));
            return (T) mapper.treeToValue(patched, object.getClass());
        } catch (JsonPatchException | JsonProcessingException e) {
            throw new HandlingErrorsException(e.getMessage());
        }
    }
 }
--- a/src/main/java/com/codesdream/ase/component/datamanager/JsonPathParameter.java
+++ b/src/main/java/com/codesdream/ase/component/datamanager/JsonPathParameter.java
@ -1,23 +0,0 @@
 package com.codesdream.ase.component.datamanager;
 import com.codesdream.ase.exception.innerservererror.HandlingErrorsException;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.github.fge.jsonpatch.JsonPatch;
 import com.github.fge.jsonpatch.JsonPatchException;
 import org.springframework.stereotype.Controller;
@Controller
 public class JsonPathParameter {
    public <T> T parsePathToObject(JsonPatch patch, T object){
        try {
            ObjectMapper mapper = new ObjectMapper();
            JsonNode patched = patch.apply(mapper.convertValue(object, JsonNode.class));
            return (T) mapper.treeToValue(patched, object.getClass());
        } catch (JsonPatchException | JsonProcessingException e) {
            throw new HandlingErrorsException(e.getMessage());
        }
    }
 }
--- a/src/main/java/com/codesdream/ase/component/json/form/RegisterForm.java
+++ b/src/main/java/com/codesdream/ase/component/json/form/RegisterForm.java
@ -0,0 +1,5 @@
 package com.codesdream.ase.component.json.form;
 public class RegisterForm {
 }
--- a/src/main/java/com/codesdream/ase/component/json/model/JsonableFPC.java
+++ b/src/main/java/com/codesdream/ase/component/json/model/JsonableFPC.java
@ -27,4 +27,12 @@ public class JsonableFPC {
        this.enabled = fpc.isEnabled();
        this.deleted = fpc.isDeleted();
    }
    public FunctionalPermissionContainer parseObject(FunctionalPermissionContainer fpc){
        fpc.setName(this.name);
        fpc.setDescription(this.description);
        fpc.setEnabled(this.enabled);
        fpc.setDeleted(this.deleted);
        return fpc;
    }
 }
--- a/src/main/java/com/codesdream/ase/component/json/model/JsonableFSR.java
+++ b/src/main/java/com/codesdream/ase/component/json/model/JsonableFSR.java
@ -0,0 +1,62 @@
 package com.codesdream.ase.component.json.model;
 import com.codesdream.ase.exception.notfound.NotFoundException;
 import com.codesdream.ase.model.permission.FunctionalPermissionContainer;
 import com.codesdream.ase.model.permission.FunctionalScopeRelation;
 import com.codesdream.ase.model.permission.ScopePermissionContainer;
 import com.codesdream.ase.service.IPermissionService;
 import com.codesdream.ase.service.PermissionService;
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
 import lombok.NoArgsConstructor;
 import org.springframework.web.bind.annotation.RequestParam;
 import javax.annotation.Resource;
 import java.util.Optional;
@Data
@NoArgsConstructor
@ApiModel("单项权力")
 public class JsonableFSR {
    private Integer id;
    private String name;
    private String description;
    private Integer fpcId;
    private Integer spcId;
    @Resource
    @ApiModelProperty(hidden = true)
    private IPermissionService permissionService;
    public JsonableFSR(FunctionalScopeRelation fsr){
        this.id = fsr.getId();
        this.name = fsr.getName();
        this.description = fsr.getDescription();
        this.fpcId = fsr.getFunctionalPermissionContainer().getId();
        this.spcId = fsr.getScopePermissionContainer().getId();
    }
    public FunctionalScopeRelation parseObject(FunctionalScopeRelation fsr){
        fsr.setName(this.name);
        fsr.setDescription(this.description);
        if(this.fpcId != null){
            Optional<FunctionalPermissionContainer> fpc = permissionService.findFPC(this.fpcId);
            if(!fpc.isPresent()) throw new NotFoundException(this.fpcId.toString());
            fsr.setFunctionalPermissionContainer(fpc.get());
        }
        if(this.spcId != null){
            Optional<ScopePermissionContainer> spc = permissionService.findSPC(this.spcId);
            if(!spc.isPresent()) throw new NotFoundException(this.spcId.toString());
            fsr.setScopePermissionContainer(spc.get());
        }
        return fsr;
    }
 }
--- a/src/main/java/com/codesdream/ase/component/json/model/JsonableFunction.java
+++ b/src/main/java/com/codesdream/ase/component/json/model/JsonableFunction.java
@ -0,0 +1,60 @@
 package com.codesdream.ase.component.json.model;
 import com.codesdream.ase.exception.notfound.NotFoundException;
 import com.codesdream.ase.model.permission.Function;
 import com.codesdream.ase.service.IPermissionService;
 import com.codesdream.ase.service.PermissionService;
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import io.swagger.annotations.ApiParam;
 import io.swagger.models.auth.In;
 import lombok.Data;
 import lombok.NoArgsConstructor;
 import springfox.documentation.annotations.ApiIgnore;
 import javax.annotation.Resource;
 import java.util.Optional;
@Data
@NoArgsConstructor
@ApiModel("功能")
 public class JsonableFunction {
    private Integer id;
    private String name;
    private String description;
    private Integer fatherId;
    private String url;
    @Resource
    @ApiModelProperty(hidden = true)
    private IPermissionService permissionService;
    public JsonableFunction(Function function){
        this.id = function.getId();
        this.name = function.getName();
        this.description = function.getDescription();
        if(function.getFather() != null) {
            this.fatherId = function.getFather().getId();
        }
        else this.fatherId = null;
        this.url = function.getUrl();
    }
    public Function parseObject(Function function){
        function.setName(this.name);
        function.setDescription(this.description);
        if(this.fatherId != null) {
            Optional<Function> fatherFunction = permissionService.findFunction(this.fatherId);
            if (!fatherFunction.isPresent()) throw new NotFoundException(fatherId.toString());
            function.setFather(fatherFunction.get());
        }
        function.setUrl(this.url);
        return function;
    }
 }
--- a/src/main/java/com/codesdream/ase/component/json/model/JsonableRoleList.java
+++ b/src/main/java/com/codesdream/ase/component/json/model/JsonableRoleList.java
@ -1,5 +1,6 @@
 package com.codesdream.ase.component.json.model;
 import com.codesdream.ase.model.permission.Function;
 import com.codesdream.ase.model.permission.FunctionalPermissionContainer;
 import io.swagger.annotations.ApiModel;
 import lombok.Data;
@ -13,12 +14,13 @@ import java.util.Set;
@ApiModel("功能性权限容器所属角色集合")
 public class JsonableRoleList {
    private Integer id;
-    private Set<String> roles = new HashSet<>();
+    private Set<Integer> functions = new HashSet<>();
    public JsonableRoleList(FunctionalPermissionContainer fpc){
        this.id = fpc.getId();
-        if(fpc.getRoles() != null) {
+        if(fpc.getFunctions() != null) {
-            this.roles.addAll(fpc.getRoles());
+            for(Function function : fpc.getFunctions())
            this.functions.add(function.getId());
        }
    }
 }
--- a/src/main/java/com/codesdream/ase/component/json/model/JsonableSPC.java
+++ b/src/main/java/com/codesdream/ase/component/json/model/JsonableSPC.java
@ -27,4 +27,13 @@ public class JsonableSPC {
        this.deleted = spc.isDeleted();
    }
    public ScopePermissionContainer parseObject(ScopePermissionContainer spc){
        spc.setName(this.name);
        spc.setDescription(this.description);
        spc.setEnabled(this.enabled);
        spc.setDeleted(this.deleted);
        return spc;
    }
 }
--- a/src/main/java/com/codesdream/ase/component/json/model/JsonableTag.java
+++ b/src/main/java/com/codesdream/ase/component/json/model/JsonableTag.java
@ -24,11 +24,25 @@ public class JsonableTag {
    @ApiModelProperty(value = "标签说明", example = "该系统的管理员")
    private String description;
    private boolean enabled;
    private boolean deleted;
    public JsonableTag(Tag tag){
        this.id = tag.getId();
        this.name = tag.getName();
        this.description = tag.getDescription();
        this.enabled = tag.isEnabled();
        this.deleted = tag.isDeleted();
    }
    public Tag parseObject(Tag tag){
        tag.setName(this.name);
        tag.setDescription(this.description);
        tag.setDeleted(this.deleted);
        tag.setEnabled(this.enabled);
        return tag;
    }
 }
--- a/src/main/java/com/codesdream/ase/component/json/model/JsonableUser.java
+++ b/src/main/java/com/codesdream/ase/component/json/model/JsonableUser.java
@ -1,6 +1,8 @@
 package com.codesdream.ase.component.json.model;
 import com.codesdream.ase.model.permission.User;
 import com.codesdream.ase.model.permission.UserAuth;
 import com.codesdream.ase.model.permission.UserDetail;
 import io.swagger.annotations.ApiModel;
 import lombok.Data;
 import lombok.NoArgsConstructor;
@ -11,9 +13,21 @@ import lombok.NoArgsConstructor;
 public class JsonableUser {
    private Integer id;
    private String username;
    private boolean enabled;
    private boolean deleted;
    public JsonableUser(User user){
        this.id = user.getId();
        this.username = user.getUsername();
        this.enabled = user.isEnabled();
        this.deleted= user.isDeleted();
    }
    public User parseObject(User user){
        user.setEnabled(this.enabled);
        user.setDeleted(this.deleted);
        return user;
    }
 }
--- a/src/main/java/com/codesdream/ase/component/json/model/JsonableUserList.java
+++ b/src/main/java/com/codesdream/ase/component/json/model/JsonableUserList.java
@ -1,26 +0,0 @@
 package com.codesdream.ase.component.json.model;
 import com.codesdream.ase.model.permission.Tag;
 import com.codesdream.ase.model.permission.User;
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
 import lombok.NoArgsConstructor;
 import java.util.List;
@Data
@NoArgsConstructor
@ApiModel("标签所属用户集合")
 public class JsonableUserList {
    @ApiModelProperty(name = "用户列表")
    private List<Integer> users;
    public JsonableUserList(Tag tag){
        for(User user : tag.getUsers()){
            users.add(user.getId());
        }
    }
 }
--- a/src/main/java/com/codesdream/ase/component/permission/UserAuthoritiesGenerator.java
+++ b/src/main/java/com/codesdream/ase/component/permission/UserAuthoritiesGenerator.java
@ -10,10 +10,10 @@ import java.util.Collection;
@Component
 public class UserAuthoritiesGenerator {
    @Resource
-    UserRolesListGenerator userRolesListGenerator;
+    UserFunctionsListGenerator userFunctionsListGenerator;
    public Collection<? extends GrantedAuthority> grantedAuthorities(User user){
-        return userRolesListGenerator.generateRoles(user);
+        return userFunctionsListGenerator.generateRoles(user);
    }
 }
--- a/src/main/java/com/codesdream/ase/component/permission/UserFunctionsListGenerator.java
+++ b/src/main/java/com/codesdream/ase/component/permission/UserFunctionsListGenerator.java
@ -1,5 +1,6 @@
 package com.codesdream.ase.component.permission;
 import com.codesdream.ase.model.permission.Function;
 import com.codesdream.ase.model.permission.FunctionalPermissionContainer;
 import com.codesdream.ase.model.permission.User;
 import org.springframework.security.core.GrantedAuthority;
@ -14,7 +15,7 @@ import java.util.Collection;
 * 生成用户访问权限角色列表
 */
@Component
-public class UserRolesListGenerator {
+public class UserFunctionsListGenerator {
    @Resource
    private UserFPCListGenerator fpcListGenerator;
@ -22,8 +23,8 @@ public class UserRolesListGenerator {
            Collection<FunctionalPermissionContainer> fpcs){
        Collection<GrantedAuthority> authorities = new ArrayList<>();
        for(FunctionalPermissionContainer fpc :fpcs){
-            for(String role :fpc.getRoles()){
+            for(Function function :fpc.getFunctions()){
-                authorities.add(new SimpleGrantedAuthority(role));
+                authorities.add(new SimpleGrantedAuthority(function.getName()));
            }
        }
        return authorities;
--- a/src/main/java/com/codesdream/ase/configure/CustomWebSecurityConfig.java
+++ b/src/main/java/com/codesdream/ase/configure/CustomWebSecurityConfig.java
@ -12,6 +12,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.session.SessionRegistry;
 import org.springframework.security.core.session.SessionRegistryImpl;
 import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy;
 import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
@ -48,6 +49,9 @@ public class CustomWebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Resource
    ASEAccessDeniedHandler accessDeniedHandler;
    @Resource
    ASESecurityInterceptor securityInterceptor;
    @Override
    protected void configure(HttpSecurity http) throws Exception {
@ -64,7 +68,8 @@ public class CustomWebSecurityConfig extends WebSecurityConfigurerAdapter {
        // 替换掉原有的UsernamePasswordAuthenticationFilter
        http.addFilterAt(aseUsernamePasswordAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
-            .addFilterBefore(asejsonTokenAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
+            .addFilterBefore(asejsonTokenAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
            .addFilterAt(securityInterceptor, FilterSecurityInterceptor.class);
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
--- a/src/main/java/com/codesdream/ase/controller/permission/FPCController.java
+++ b/src/main/java/com/codesdream/ase/controller/permission/FPCController.java
@ -1,18 +1,28 @@
 package com.codesdream.ase.controller.permission;
 import com.codesdream.ase.component.datamanager.JSONParameter;
 import com.codesdream.ase.component.json.model.JsonableFPC;
 import com.codesdream.ase.component.json.model.JsonableFunction;
 import com.codesdream.ase.component.json.model.JsonableRoleList;
 import com.codesdream.ase.component.json.model.JsonableUser;
 import com.codesdream.ase.exception.badrequest.AlreadyExistException;
 import com.codesdream.ase.exception.notfound.NotFoundException;
 import com.codesdream.ase.model.permission.Function;
 import com.codesdream.ase.model.permission.FunctionalPermissionContainer;
 import com.codesdream.ase.model.permission.Tag;
 import com.codesdream.ase.model.permission.User;
 import com.codesdream.ase.service.PermissionService;
 import com.github.fge.jsonpatch.JsonPatch;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.models.auth.In;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.*;
 import springfox.documentation.spring.web.json.Json;
 import javax.annotation.Resource;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Optional;
 import java.util.Set;
@ -24,6 +34,9 @@ public class FPCController {
    @Resource
    private PermissionService permissionService;
    @Resource
    private JSONParameter jsonParameter;
    @GetMapping("fpc")
    @ResponseStatus(HttpStatus.OK)
    @ApiOperation(value = "查找功能性权限容器")
@ -40,12 +53,8 @@ public class FPCController {
        if(permissionService.findFPC(fpc.getName()).isPresent()) throw new  AlreadyExistException(fpc.getName());
        FunctionalPermissionContainer functionalPermissionContainer = new FunctionalPermissionContainer();
        functionalPermissionContainer.setName(fpc.getName());
        functionalPermissionContainer.setDescription(fpc.getDescription());
        functionalPermissionContainer.setEnabled(fpc.isEnabled());
        functionalPermissionContainer.setDeleted(fpc.isDeleted());
-        return new JsonableFPC(permissionService.save(functionalPermissionContainer));
+        return new JsonableFPC(permissionService.save(fpc.parseObject(functionalPermissionContainer)));
    }
    @GetMapping("fpcs")
@ -60,7 +69,7 @@ public class FPCController {
        return jsonableFPCS;
    }
-    @GetMapping("fpc/role")
+    @GetMapping("fpc/roles")
    @ResponseStatus(HttpStatus.OK)
    @ApiOperation(value = "获得功能性权限容器所属角色")
    public JsonableRoleList getFPCRoleList(@RequestParam(value = "id") Integer id){
@ -71,7 +80,90 @@ public class FPCController {
        return new JsonableRoleList(functionalPermissionContainer.get());
    }
    @PatchMapping("fpc")
    @ResponseStatus(HttpStatus.CREATED)
    @ApiOperation(value = "更新标功能性权限容器内容")
    public JsonableFPC patchFPC(@RequestParam(value = "id") Integer id, @RequestBody JsonPatch patch){
        Optional<FunctionalPermissionContainer> fpc = permissionService.findFPC(id);
        if(!fpc.isPresent()) throw new NotFoundException(id.toString());
        JsonableFPC jsonableFPC = new JsonableFPC(fpc.get());
        jsonableFPC = jsonParameter.parsePathToObject(patch, jsonableFPC);
        return new JsonableFPC(permissionService.update(jsonableFPC.parseObject(fpc.get())));
    }
    @GetMapping("fpc/funcs")
    @ResponseStatus(HttpStatus.OK)
    @ApiOperation(value = "功能性权限容器所含功能集合")
    public Set<JsonableFunction> getFunctionFPC(@RequestParam(value = "id") Integer id){
        Optional<FunctionalPermissionContainer> fpc = permissionService.findFPC(id);
        if(!fpc.isPresent()) throw new NotFoundException(id.toString());
        Set<JsonableFunction> jsonableFunctions = new HashSet<>();
        for(Function function : fpc.get().getFunctions()){
            jsonableFunctions.add(new JsonableFunction(function));
        }
        return jsonableFunctions;
    }
    @PutMapping("fpc/funcs")
    @ApiOperation("搜索单个功能性权限容器所属功能集合信息")
    public Set<JsonableFunction> setFunctionFPC(@RequestParam(value = "id") Integer id,
                                        @RequestBody List<Integer> functionIdList){
        Optional<FunctionalPermissionContainer> fpc = permissionService.findFPC(id);
        if(!fpc.isPresent()) throw new NotFoundException(id.toString());
        Set<Integer> functionSet = new HashSet<>(functionIdList);
        fpc.get().setFunctions(permissionService.findFunctions(functionSet));
        Set<JsonableFunction> jsonableFunctions = new HashSet<>();
        for(Function function : permissionService.update(fpc.get()).getFunctions()){
            jsonableFunctions.add(new JsonableFunction(function));
        }
        return jsonableFunctions;
    }
    @PostMapping("fpc/funcs")
    @ApiOperation("从单个功能性权限容器所属功能集合中添加一个或多个功能")
    public Set<JsonableFunction> addFunctionFPC(@RequestParam(value = "id") Integer id,
                                        @RequestBody List<Integer> functionIdList){
        Optional<FunctionalPermissionContainer> fpc = permissionService.findFPC(id);
        if(!fpc.isPresent()) throw new NotFoundException(id.toString());
        Set<Function> newFunctionSet = permissionService.findFunctions(new HashSet<>(functionIdList));
        Set<Function> functionSet = fpc.get().getFunctions();
        functionSet.addAll(newFunctionSet);
        fpc.get().setFunctions(functionSet);
        Set<JsonableFunction> jsonableFunctions = new HashSet<>();
        for(Function function : permissionService.update(fpc.get()).getFunctions()){
            jsonableFunctions.add(new JsonableFunction(function));
        }
        return jsonableFunctions;
    }
    @DeleteMapping("fpc/funcs")
    @ResponseStatus(HttpStatus.OK)
    @ApiOperation("从单个功能性权限容器所属功能集合中删除一个或多个功能")
    public Set<JsonableFunction> deleteUserTag(@RequestParam Integer id,
                                           @RequestBody List<Integer> functionIdList){
        Optional<FunctionalPermissionContainer> fpc = permissionService.findFPC(id);
        if(!fpc.isPresent()) throw new NotFoundException(id.toString());
        Set<Function> functionSet = fpc.get().getFunctions();
        Set<Function> deleteFuncSet = permissionService.findFunctions(new HashSet<>(functionIdList));
        functionSet.removeAll(deleteFuncSet);
        fpc.get().setFunctions(functionSet);
        Set<JsonableFunction> jsonableFunctions = new HashSet<>();
        for(Function function : permissionService.update(fpc.get()).getFunctions()){
            jsonableFunctions.add(new JsonableFunction(function));
        }
        return jsonableFunctions;
    }
 }
--- a/src/main/java/com/codesdream/ase/controller/permission/FunctionController.java
+++ b/src/main/java/com/codesdream/ase/controller/permission/FunctionController.java
@ -0,0 +1,78 @@
 package com.codesdream.ase.controller.permission;
 import com.codesdream.ase.component.datamanager.JSONParameter;
 import com.codesdream.ase.component.json.model.JsonableFPC;
 import com.codesdream.ase.component.json.model.JsonableFunction;
 import com.codesdream.ase.component.json.model.JsonableRoleList;
 import com.codesdream.ase.exception.badrequest.AlreadyExistException;
 import com.codesdream.ase.exception.notfound.NotFoundException;
 import com.codesdream.ase.model.permission.Function;
 import com.codesdream.ase.model.permission.FunctionalPermissionContainer;
 import com.codesdream.ase.service.PermissionService;
 import com.github.fge.jsonpatch.JsonPatch;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.*;
 import javax.annotation.Resource;
 import java.util.HashSet;
 import java.util.Optional;
 import java.util.Set;
@RestController
@RequestMapping(value = "pmt")
@Api(tags = "功能接口")
 public class FunctionController {
    @Resource
    private PermissionService permissionService;
    @Resource
    private JSONParameter jsonParameter;
    @GetMapping("func")
    @ResponseStatus(HttpStatus.OK)
    @ApiOperation(value = "查找功能")
    public JsonableFunction getFunction(@RequestParam(value = "id") Integer id){
        Optional<Function> function = permissionService.findFunction(id);
        if(!function.isPresent()) throw new NotFoundException(id.toString());
        return new JsonableFunction(function.get());
    }
    @PostMapping("func")
    @ResponseStatus(HttpStatus.CREATED)
    @ApiOperation(value = "创建新的功能")
    public JsonableFunction createFunction(@RequestBody JsonableFunction function){
        if(permissionService.findFunction(function.getName()).isPresent())
            throw new AlreadyExistException(function.getName());
        return new JsonableFunction(permissionService.save(function.parseObject(new Function())));
    }
    @GetMapping("funcs")
    @ResponseStatus(HttpStatus.OK)
    @ApiOperation(value = "获得所有功能的信息")
    public Set<JsonableFunction> listFunction(){
        Iterable<Function> functions = permissionService.findAllFunction();
        Set<JsonableFunction> jsonableFunctions = new HashSet<>();
        for(Function function : functions){
            jsonableFunctions.add(new JsonableFunction(function));
        }
        return jsonableFunctions;
    }
    @PatchMapping("func")
    @ResponseStatus(HttpStatus.CREATED)
    @ApiOperation(value = "更新标功能内容")
    public JsonableFunction patchFunction(@RequestParam(value = "id") Integer id, @RequestBody JsonPatch patch){
        Optional<Function> function = permissionService.findFunction(id);
        if(!function.isPresent()) throw new NotFoundException(id.toString());
        JsonableFunction jsonableFunction = new JsonableFunction(function.get());
        jsonableFunction = jsonParameter.parsePathToObject(patch, jsonableFunction);
        return new JsonableFunction(permissionService.update(jsonableFunction.parseObject(function.get())));
    }
 }
--- a/src/main/java/com/codesdream/ase/controller/permission/SPCController.java
+++ b/src/main/java/com/codesdream/ase/controller/permission/SPCController.java
@ -1,5 +1,6 @@
 package com.codesdream.ase.controller.permission;
 import com.codesdream.ase.component.datamanager.JSONParameter;
 import com.codesdream.ase.component.json.model.JsonableSPC;
 import com.codesdream.ase.component.json.model.JsonableTag;
 import com.codesdream.ase.exception.badrequest.AlreadyExistException;
@ -7,6 +8,7 @@ import com.codesdream.ase.exception.notfound.NotFoundException;
 import com.codesdream.ase.model.permission.ScopePermissionContainer;
 import com.codesdream.ase.model.permission.Tag;
 import com.codesdream.ase.service.PermissionService;
 import com.github.fge.jsonpatch.JsonPatch;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import org.springframework.http.HttpStatus;
@ -25,6 +27,9 @@ public class SPCController {
    @Resource
    private PermissionService permissionService;
    @Resource
    private JSONParameter jsonParameter;
    @GetMapping(value = "spc")
    @ResponseStatus(HttpStatus.OK)
    @ApiOperation(value = "获得范围性权限容器信息")
@ -48,7 +53,7 @@ public class SPCController {
        return jsonableSPCS;
    }
-    @GetMapping(value = "spc/tag")
+    @GetMapping(value = "spc/tags")
    @ResponseStatus(HttpStatus.OK)
    @ApiOperation(value = "查询范围性权限容器下的所有标签集合")
    public Set<JsonableTag> listSPCTag(@RequestParam(value = "id") Integer id){
@ -68,12 +73,20 @@ public class SPCController {
    public JsonableSPC createSPC(@RequestBody JsonableSPC spc) {
        if(permissionService.findSPC(spc.getName()).isPresent()) throw new AlreadyExistException(spc.getName());
-        ScopePermissionContainer defaultSPC = permissionService.getDefaultSPC(spc.getName());
+        return new JsonableSPC(permissionService.save(spc.parseObject(permissionService.getDefaultSPC(spc.getName()))));
        defaultSPC.setDeleted(spc.isDeleted());
        defaultSPC.setEnabled(spc.isEnabled());
        defaultSPC.setDescription(spc.getDescription());
        return new JsonableSPC(permissionService.save(defaultSPC));
    }
    @PatchMapping(value = "spc")
    @ResponseStatus(HttpStatus.CREATED)
    @ApiOperation(value = "更新范围性权限容器信息")
    public JsonableSPC updateSPC(@RequestParam(value = "id") Integer id, @RequestBody JsonPatch patch){
        Optional<ScopePermissionContainer> spc = permissionService.findSPC(id);
        if(!spc.isPresent()) throw new NotFoundException(id.toString());
        JsonableSPC jsonableSPC = jsonParameter.parsePathToObject(patch, new JsonableSPC(spc.get()));
        return new JsonableSPC(permissionService.update(jsonableSPC.parseObject(spc.get())));
    }
 }
--- a/src/main/java/com/codesdream/ase/controller/permission/TagController.java
+++ b/src/main/java/com/codesdream/ase/controller/permission/TagController.java
@ -1,9 +1,8 @@
 package com.codesdream.ase.controller.permission;
-import com.codesdream.ase.component.datamanager.JsonPathParameter;
+import com.codesdream.ase.component.datamanager.JSONParameter;
 import com.codesdream.ase.component.json.model.JsonablePCCList;
 import com.codesdream.ase.component.json.model.JsonableTag;
 import com.codesdream.ase.component.json.model.JsonableUserList;
 import com.codesdream.ase.component.json.model.JsonableUser;
 import com.codesdream.ase.exception.badrequest.AlreadyExistException;
 import com.codesdream.ase.exception.conflict.RelatedObjectsExistException;
@ -16,15 +15,11 @@ import com.codesdream.ase.service.PermissionService;
 import com.github.fge.jsonpatch.JsonPatch;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiImplicitParam;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.models.auth.In;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.*;
 import springfox.documentation.spring.web.json.Json;
 import javax.annotation.Resource;
 import javax.jws.soap.SOAPBinding;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Optional;
@ -42,7 +37,7 @@ public class TagController {
    private IUserService userService;
    @Resource
-    private JsonPathParameter pathParameter;
+    private JSONParameter jsonParameter;
    // 根据名字创建新的标签
    @PostMapping("tag")
@ -52,11 +47,8 @@ public class TagController {
        String tagName = tag.getName();
        Optional<Tag> tagOptional = permissionService.findTag(tagName);
        if(tagOptional.isPresent()) throw new AlreadyExistException(tagName);
-        Tag newTag = permissionService.getDefaultTag(tagName);
+
-        if(tag.getDescription() != null) {
+        return new JsonableTag(permissionService.save(tag.parseObject(permissionService.getDefaultTag(tag.getName()))));
            newTag.setDescription(tag.getDescription());
        }
        return new JsonableTag(permissionService.save(newTag));
    }
    // 根据名字搜索标签的简要信息
@ -108,12 +100,9 @@ public class TagController {
        if(!tag.isPresent()) throw new NotFoundException(id.toString());
        JsonableTag jsonableTag = new JsonableTag(tag.get());
-        jsonableTag  = pathParameter.parsePathToObject(patch, jsonableTag);
+        jsonableTag  = jsonParameter.parsePathToObject(patch, jsonableTag);
-        tag.get().setName(jsonableTag.getName());
+        return new JsonableTag(permissionService.update(jsonableTag.parseObject(tag.get())));
        tag.get().setDescription(jsonableTag.getDescription());
        return new JsonableTag(permissionService.save(tag.get()));
    }
@ -131,29 +120,29 @@ public class TagController {
    }
    @PutMapping("tag/users")
-    @ApiOperation("更新索单个标签所属用户集合信息")
+    @ApiOperation("搜索单个标签所属用户集合信息")
    public Set<JsonableUser> setUserTag(@RequestParam(value = "id") Integer id,
-                                        @RequestBody JsonableUserList userList){
+                                        @RequestBody List<Integer> userIdList){
        Optional<Tag> tag = permissionService.findTag(id);
        if(!tag.isPresent()) throw new NotFoundException(id.toString());
-        Set<Integer> userSet = new HashSet<>(userList.getUsers());
+        Set<Integer> userSet = new HashSet<>(userIdList);
        tag.get().setUsers(userService.findUsersById(userSet));
        Set<JsonableUser> jsonableUsers = new HashSet<>();
-        for(User user : tag.get().getUsers()){
+        for(User user : permissionService.update(tag.get()).getUsers()){
            jsonableUsers.add(new JsonableUser(user));
        }
        return jsonableUsers;
    }
    @PostMapping("tag/users")
-    @ApiOperation("更新单个标签所属用户集合中添加一个或多个用户")
+    @ApiOperation("从单个标签所属用户集合中添加一个或多个用户")
    public Set<JsonableUser> addUserTag(@RequestParam(value = "id") Integer id,
-                                        @RequestBody JsonableUserList userList){
+                                        @RequestBody List<Integer> userIdList){
        Optional<Tag> tag = permissionService.findTag(id);
        if(!tag.isPresent()) throw new NotFoundException(id.toString());
-        Set<User> newUserSet = userService.findUsersById(new HashSet<>(userList.getUsers()));
+        Set<User> newUserSet = userService.findUsersById(new HashSet<>(userIdList));
        Set<User> userSet = tag.get().getUsers();
@ -161,7 +150,7 @@ public class TagController {
        tag.get().setUsers(userSet);
        Set<JsonableUser> jsonableUsers = new HashSet<>();
-        for(User user : tag.get().getUsers()){
+        for(User user : permissionService.update(tag.get()).getUsers()){
            jsonableUsers.add(new JsonableUser(user));
        }
        return jsonableUsers;
@ -171,17 +160,17 @@ public class TagController {
    @ResponseStatus(HttpStatus.OK)
    @ApiOperation("从单个标签所属用户集合中删除一个或多个用户")
    public Set<JsonableUser> deleteUserTag(@RequestParam Integer id,
-                                           @RequestBody JsonableUserList userList){
+                                           @RequestBody List<Integer> userIdList){
        Optional<Tag> tag = permissionService.findTag(id);
        if(!tag.isPresent()) throw new NotFoundException(id.toString());
        Set<User> userSet = tag.get().getUsers();
-        Set<User> deleteUserSet = userService.findUsersById(new HashSet<>(userList.getUsers()));
+        Set<User> deleteUserSet = userService.findUsersById(new HashSet<>(userIdList));
        userSet.removeAll(deleteUserSet);
        tag.get().setUsers(userSet);
        Set<JsonableUser> jsonableUsers = new HashSet<>();
-        for(User user : tag.get().getUsers()){
+        for(User user : permissionService.update(tag.get()).getUsers()){
            jsonableUsers.add(new JsonableUser(user));
        }
        return jsonableUsers;
@ -205,7 +194,7 @@ public class TagController {
    @GetMapping("tag/pcc")
    @ResponseStatus(HttpStatus.OK)
-    @ApiOperation("获取标签所含权限容器集合列表")
+    @ApiOperation("获取标签所含权力列表")
    public JsonablePCCList getPCCTag(@RequestParam(value = "id") Integer id){
        Optional<Tag> tagOptional = permissionService.findTag(id);
        if(!tagOptional.isPresent()) throw new NotFoundException(id.toString());
@ -221,7 +210,7 @@ public class TagController {
        if(!tagOptional.isPresent()) throw new NotFoundException(id.toString());
        Set<PermissionContainersCollection> pccs = tagOptional.get().getPermissionContainersCollections();
-        pccs.addAll(permissionService.findPCCs(new HashSet<Integer>(jsonablePCCList.getPccIdList())));
+        pccs.addAll(permissionService.findPCCs(new HashSet<>(jsonablePCCList.getPccIdList())));
        tagOptional.get().setPermissionContainersCollections(pccs);
--- a/src/main/java/com/codesdream/ase/controller/permission/UserController.java
+++ b/src/main/java/com/codesdream/ase/controller/permission/UserController.java
@ -0,0 +1,68 @@
 package com.codesdream.ase.controller.permission;
 import com.codesdream.ase.component.datamanager.JSONParameter;
 import com.codesdream.ase.component.json.model.JsonableFunction;
 import com.codesdream.ase.component.json.model.JsonableUser;
 import com.codesdream.ase.exception.badrequest.AlreadyExistException;
 import com.codesdream.ase.exception.notfound.NotFoundException;
 import com.codesdream.ase.model.permission.Function;
 import com.codesdream.ase.model.permission.User;
 import com.codesdream.ase.service.PermissionService;
 import com.codesdream.ase.service.UserService;
 import com.github.fge.jsonpatch.JsonPatch;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.*;
 import javax.annotation.Resource;
 import java.util.HashSet;
 import java.util.Optional;
 import java.util.Set;
@RestController
@RequestMapping(value = "pmt")
@Api(tags = "用户管理接口")
 public class UserController {
    @Resource
    private UserService userService;
    @Resource
    private JSONParameter jsonParameter;
    @GetMapping("user")
    @ResponseStatus(HttpStatus.OK)
    @ApiOperation(value = "查找用户")
    public JsonableUser getUser(@RequestParam(value = "id") Integer id){
        Optional<User> user = userService.findUserById(id);
        if(!user.isPresent()) throw new NotFoundException(id.toString());
        return new JsonableUser(user.get());
    }
    @GetMapping("users")
    @ResponseStatus(HttpStatus.OK)
    @ApiOperation(value = "获得所有用户的信息")
    public Set<JsonableUser> listUser(){
        Iterable<User> users = userService.findAll();
        Set<JsonableUser> jsonableUsers = new HashSet<>();
        for(User user : users){
            jsonableUsers.add(new JsonableUser(user));
        }
        return jsonableUsers;
    }
    @PatchMapping("user")
    @ResponseStatus(HttpStatus.CREATED)
    @ApiOperation(value = "更新标用户的部分信息")
    public JsonableUser patchUser(@RequestParam(value = "id") Integer id, @RequestBody JsonPatch patch){
        Optional<User> userOptional = userService.findUserById(id);
        if(!userOptional.isPresent()) throw new NotFoundException(id.toString());
        JsonableUser jsonableUser = new JsonableUser(userOptional.get());
        jsonableUser = jsonParameter.parsePathToObject(patch, jsonableUser);
        return new JsonableUser(userService.update(jsonableUser.parseObject(userOptional.get())));
    }
 }
--- a/src/main/java/com/codesdream/ase/model/permission/Function.java
+++ b/src/main/java/com/codesdream/ase/model/permission/Function.java
@ -0,0 +1,31 @@
 package com.codesdream.ase.model.permission;
 import io.swagger.models.auth.In;
 import lombok.Data;
 import org.hibernate.annotations.GeneratorType;
 import javax.persistence.*;
 /**
 * 功能
 */
@Data
@Entity
@Table(name = "function")
 public class Function {
    @Id
    @GeneratedValue(strategy = GenerationType.AUTO)
    private Integer id;
    // 功能名称
    private String name;
    // 功能描述
    private String description;
    @ManyToOne(cascade = CascadeType.MERGE, fetch = FetchType.LAZY)
    private Function father = null;
    // 授权url
    private String url;
 }
--- a/src/main/java/com/codesdream/ase/model/permission/FunctionalPermissionContainer.java
+++ b/src/main/java/com/codesdream/ase/model/permission/FunctionalPermissionContainer.java
@ -3,8 +3,10 @@ package com.codesdream.ase.model.permission;
 import lombok.Data;
 import javax.persistence.*;
 import java.util.HashSet;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Set;
 /**
@ -25,10 +27,10 @@ public class FunctionalPermissionContainer {
    // 功能性权限容器解释
    private String description = "";
-    // 对应访问控制角色列表
+    // 对应访问控制角色列表W
-    @ElementCollection
+    @ManyToMany(cascade = CascadeType.MERGE, fetch = FetchType.LAZY)
    @Column(nullable = false)
-    private List<String> roles = new LinkedList<>();
+    private Set<Function> functions = new HashSet<>();
    // 是否启用
    @Column(nullable = false)
--- a/src/main/java/com/codesdream/ase/model/permission/FunctionalScopeRelation.java
+++ b/src/main/java/com/codesdream/ase/model/permission/FunctionalScopeRelation.java
@ -6,7 +6,7 @@ import lombok.Data;
 import javax.persistence.*;
 /**
- * 功能性权限容器与范围性权限容器关联对
+ * 功能性权限容器与范围性权限容器关联对 (单项权力)
 */
@Data
@Entity
@ -17,6 +17,10 @@ public class FunctionalScopeRelation {
    @GeneratedValue(strategy = GenerationType.AUTO)
    private int id;
    private String name;
    private String description;
    // 对应功能性权限容器
    @OneToOne(cascade = CascadeType.PERSIST, fetch = FetchType.LAZY)
    private FunctionalPermissionContainer functionalPermissionContainer;
--- a/src/main/java/com/codesdream/ase/model/permission/PermissionContainersCollection.java
+++ b/src/main/java/com/codesdream/ase/model/permission/PermissionContainersCollection.java
@ -6,7 +6,7 @@ import java.util.HashSet;
 import java.util.Set;
 /**
- * 权限容器集合
+ * 权限容器集合（多项权力）
 */
@Data
@Entity
--- a/src/main/java/com/codesdream/ase/repository/permission/FunctionRepository.java
+++ b/src/main/java/com/codesdream/ase/repository/permission/FunctionRepository.java
@ -0,0 +1,12 @@
 package com.codesdream.ase.repository.permission;
 import com.codesdream.ase.model.permission.Function;
 import org.springframework.data.repository.CrudRepository;
 import org.springframework.stereotype.Repository;
 import java.util.Optional;
@Repository
 public interface FunctionRepository extends CrudRepository<Function, Integer> {
    Optional<Function> findByName(String name);
 }
--- a/src/main/java/com/codesdream/ase/service/AchievementService.java
+++ b/src/main/java/com/codesdream/ase/service/AchievementService.java
@ -1,22 +1,7 @@
 package com.codesdream.ase.service;
 import com.codesdream.ase.component.auth.ASEPasswordEncoder;
 import com.codesdream.ase.component.auth.ASEUsernameEncoder;
 import com.codesdream.ase.component.permission.UserRolesListGenerator;
 import com.codesdream.ase.exception.badrequest.UserInformationIllegalException;
 import com.codesdream.ase.exception.notfound.UserNotFoundException;
 import com.codesdream.ase.exception.badrequest.UsernameAlreadyExistException;
 import com.codesdream.ase.model.information.BaseStudentInfo;
 import com.codesdream.ase.model.permission.User;
 import com.codesdream.ase.repository.permission.UserRepository;
 import javafx.util.Pair;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.stereotype.Service;
 import javax.annotation.Resource;
 import java.util.*;
@Service
 public class AchievementService {
--- a/src/main/java/com/codesdream/ase/service/IPermissionService.java
+++ b/src/main/java/com/codesdream/ase/service/IPermissionService.java
@ -49,6 +49,17 @@ public interface IPermissionService {
    Optional<PermissionContainersCollection> findPCC(Integer id);
    // 查找功能
    Optional<Function> findFunction(Integer id);
    // 查找功能
    Optional<Function> findFunction(String name);
    // 根据序号列表寻找功能
    Set<Function> findFunctions(Set<Integer> funcs);
    Iterable<Function> findAllFunction();
    // 获得范围性权限容器下的所有标签列表
    Collection<Tag> getTagsFromSPC(
            ScopePermissionContainer spc);
@ -85,12 +96,12 @@ public interface IPermissionService {
    // 为功能性权限容器添加一个访问控制角色
    FunctionalPermissionContainer addRoleToFPC(
            FunctionalPermissionContainer fpc,
-            String role);
+            Function function);
    // 为功能性权限容器添加多个访问控制角色
    FunctionalPermissionContainer addRolesToFPC(
            FunctionalPermissionContainer fpc,
-            Collection<String> roles);
+            Collection<Function> functions);
    // 为范围性权限容器添加一个标签
    ScopePermissionContainer addTagToSPC(ScopePermissionContainer spc, Tag tag);
@ -106,6 +117,8 @@ public interface IPermissionService {
    Tag save(Tag tag);
    Function save(Function tag);
    void delete(Tag tag);
    FunctionalPermissionContainer save(FunctionalPermissionContainer fpc);
@ -116,6 +129,8 @@ public interface IPermissionService {
    Tag update(Tag tag);
    Function update(Function function);
    FunctionalPermissionContainer update(FunctionalPermissionContainer fpc);
    ScopePermissionContainer update(ScopePermissionContainer spc);
--- a/src/main/java/com/codesdream/ase/service/PermissionService.java
+++ b/src/main/java/com/codesdream/ase/service/PermissionService.java
@ -2,12 +2,10 @@ package com.codesdream.ase.service;
 import com.codesdream.ase.component.permission.UserFPCListGenerator;
 import com.codesdream.ase.component.permission.UserFSRGenerator;
 import com.codesdream.ase.exception.badrequest.AlreadyExistException;
 import com.codesdream.ase.exception.notfound.NotFoundException;
 import com.codesdream.ase.model.permission.*;
-import com.codesdream.ase.repository.permission.FunctionalPermissionContainerRepository;
+import com.codesdream.ase.repository.permission.*;
 import com.codesdream.ase.repository.permission.PermissionContainersCollectionRepository;
 import com.codesdream.ase.repository.permission.ScopePermissionContainerRepository;
 import com.codesdream.ase.repository.permission.TagRepository;
 import javafx.util.Pair;
 import org.springframework.stereotype.Service;
@ -38,6 +36,9 @@ public class PermissionService implements IPermissionService {
    @Resource
    private UserFSRGenerator userFSRGenerator;
    @Resource
    private FunctionRepository functionRepository;
    @Override
    public FunctionalPermissionContainer getDefaultFPC(String name) {
        return new FunctionalPermissionContainer(name);
@ -134,6 +135,32 @@ public class PermissionService implements IPermissionService {
        return pccRepository.findById(id);
    }
    @Override
    public Optional<Function> findFunction(Integer id) {
        return functionRepository.findById(id);
    }
    @Override
    public Optional<Function> findFunction(String name) {
        return functionRepository.findByName(name);
    }
    @Override
    public Set<Function> findFunctions(Set<Integer> funcs) {
        Set<Function> set = new HashSet<>();
        for(Integer id : funcs){
            Optional<Function> function = findFunction(id);
            if(!function.isPresent()) throw new NotFoundException(id.toString());
            set.add(function.get());
        }
        return set;
    }
    @Override
    public Iterable<Function> findAllFunction() {
        return functionRepository.findAll();
    }
    @Override
    public Collection<Tag> getTagsFromSPC(ScopePermissionContainer spc) {
        return new ArrayList<>(spc.getTags());
@ -212,15 +239,15 @@ public class PermissionService implements IPermissionService {
    }
    @Override
-    public FunctionalPermissionContainer addRoleToFPC(FunctionalPermissionContainer fpc, String role) {
+    public FunctionalPermissionContainer addRoleToFPC(FunctionalPermissionContainer fpc, Function function) {
-        fpc.getRoles().add(role);
+        fpc.getFunctions().add(function);
        return update(fpc);
    }
    @Override
-    public FunctionalPermissionContainer addRolesToFPC(FunctionalPermissionContainer fpc, Collection<String> roles) {
+    public FunctionalPermissionContainer addRolesToFPC(FunctionalPermissionContainer fpc, Collection<Function> functions) {
-        for(String role : roles){
+        for(Function function : functions){
-            fpc = addRoleToFPC(fpc, role);
+            fpc = addRoleToFPC(fpc, function);
        }
        return fpc;
    }
@ -260,10 +287,17 @@ public class PermissionService implements IPermissionService {
    @Override
    public Tag save(Tag tag) {
        if(tagRepository.findByName(tag.getName()).isPresent())
-            throw new RuntimeException("Tag Already Exist");
+            throw new AlreadyExistException(tag.getName());
        return tagRepository.save(tag);
    }
    @Override
    public Function save(Function function) {
        if(functionRepository.findByName(function.getName()).isPresent())
            throw new AlreadyExistException(function.getName());
        return functionRepository.save(function);
    }
    @Override
    public void delete(Tag tag) {
        tagRepository.delete(tag);
@ -272,49 +306,56 @@ public class PermissionService implements IPermissionService {
    @Override
    public FunctionalPermissionContainer save(FunctionalPermissionContainer fpc) {
        if(fpcRepository.findByName(fpc.getName()).isPresent())
-            throw new RuntimeException("FPC Already Exist");
+            throw new AlreadyExistException(fpc.getName());
        return fpcRepository.save(fpc);
    }
    @Override
    public ScopePermissionContainer save(ScopePermissionContainer spc) {
        if(spcRepository.findByName(spc.getName()).isPresent())
-            throw new RuntimeException("SPC Already Exist");
+            throw new AlreadyExistException(spc.getName());
        return spcRepository.save(spc);
    }
    @Override
    public PermissionContainersCollection save(PermissionContainersCollection pcc) {
        if(pccRepository.findByName(pcc.getName()).isPresent())
-            throw new  RuntimeException("PCC Already Exist");
+            throw new  RuntimeException(pcc.getName());
        return pccRepository.save(pcc);
    }
    @Override
    public Tag update(Tag tag) {
        if(!tagRepository.findByName(tag.getName()).isPresent())
-            throw new RuntimeException(("Tag Not Exist"));
+            throw new NotFoundException(tag.getName());
        return tagRepository.save(tag);
    }
    @Override
    public Function update(Function function) {
        if(!functionRepository.findByName(function.getName()).isPresent())
            throw new NotFoundException(function.getName());
        return functionRepository.save(function);
    }
    @Override
    public FunctionalPermissionContainer update(FunctionalPermissionContainer fpc) {
        if(!fpcRepository.findByName(fpc.getName()).isPresent())
-            throw new RuntimeException("FPC Not Exist");
+            throw new NotFoundException(fpc.getName());
        return fpcRepository.save(fpc);
    }
    @Override
    public ScopePermissionContainer update(ScopePermissionContainer spc) {
        if(!spcRepository.findByName(spc.getName()).isPresent())
-            throw new RuntimeException("SPC Not Exist");
+            throw new NotFoundException(spc.getName());
        return spcRepository.save(spc);
    }
    @Override
    public PermissionContainersCollection update(PermissionContainersCollection pcc) {
        if(!pccRepository.findByName(pcc.getName()).isPresent())
-            throw new RuntimeException("PCC Not Exist");
+            throw new NotFoundException(pcc.getName());
        return pccRepository.save(pcc);
    }
 }
--- a/src/main/java/com/codesdream/ase/service/UserService.java
+++ b/src/main/java/com/codesdream/ase/service/UserService.java
@ -2,7 +2,7 @@ package com.codesdream.ase.service;
 import com.codesdream.ase.component.auth.ASEPasswordEncoder;
 import com.codesdream.ase.component.auth.ASEUsernameEncoder;
-import com.codesdream.ase.component.permission.UserRolesListGenerator;
+import com.codesdream.ase.component.permission.UserFunctionsListGenerator;
 import com.codesdream.ase.exception.badrequest.UserInformationIllegalException;
 import com.codesdream.ase.exception.notfound.UserNotFoundException;
 import com.codesdream.ase.exception.badrequest.UsernameAlreadyExistException;
@ -20,7 +20,7 @@ import java.util.*;
@Service
 public class UserService implements IUserService {
    @Resource
-    UserRolesListGenerator userRolesListGenerator;
+    UserFunctionsListGenerator userFunctionsListGenerator;
    @Resource
    UserRepository userRepository;
@ -56,7 +56,7 @@ public class UserService implements IUserService {
    @Override
    public Collection<? extends GrantedAuthority> getUserAuthorities(User user) {
-        return userRolesListGenerator.generateRoles(user);
+        return userFunctionsListGenerator.generateRoles(user);
    }
    @Override
--- a/src/test/java/com/codesdream/ase/test/PermissionServiceTest.java
+++ b/src/test/java/com/codesdream/ase/test/PermissionServiceTest.java
@ -41,9 +41,9 @@ public class PermissionServiceTest {
        pcc = permissionService.save(pcc);
        // 给活动管理权赋予添加/参与/管理的权力
-        fpc = permissionService.addRoleToFPC(fpc, "activity_create");
+/*        fpc = permissionService.addRoleToFPC(fpc, "activity_create");
        fpc = permissionService.addRoleToFPC(fpc, "activity_participate");
-        fpc = permissionService.addRoleToFPC(fpc, "activity_manage");
+        fpc = permissionService.addRoleToFPC(fpc, "activity_manage");*/
        // 把九班班委加入到九班全体学生中
        spc = permissionService.addTagToSPC(spc, tag2);