diff --git a/build.gradle b/build.gradle
index 726eea1..25ec641 100644
--- a/build.gradle
+++ b/build.gradle
@@ -1,11 +1,11 @@
 buildscript {
     ext {
-        kotlin_version = '1.3.72'
+        kotlin_version = '1.6.10'
     }
 
     repositories {
         mavenLocal()
-        maven { url 'http://maven.aliyun.com/nexus/content/groups/public/' }
+        maven { url 'https://maven.aliyun.com/nexus/content/groups/public/' }
         mavenCentral()
     }
 
@@ -14,42 +14,39 @@ buildscript {
     }
 }
 
-allprojects {
+subprojects {
     group 'com.synebula'
     version version
-}
 
-subprojects {
     ext {
-        version '0.5.2'
-        gaea_version = '0.6.1'
-        spring_version = "2.3.0.RELEASE"
+        version '0.9.0'
+        gaea_version = '1.4.0'
+        spring_version = "2.7.0"
     }
 
     buildscript {
         repositories {
             mavenLocal()
-            maven { url 'http://maven.aliyun.com/nexus/content/groups/public/' }
+            maven { url 'https://maven.aliyun.com/nexus/content/groups/public/' }
             mavenCentral()
         }
     }
 
     repositories {
         mavenLocal()
-        maven { url 'http://maven.aliyun.com/nexus/content/groups/public/' }
+        maven { url 'https://maven.aliyun.com/nexus/content/groups/public/' }
         mavenCentral()
     }
 
     apply plugin: 'idea'
     apply plugin: 'java'
     apply plugin: 'kotlin'
-    apply plugin: 'maven'
     apply plugin: 'maven-publish'
 
     dependencies {
-        compile "org.jetbrains.kotlin:kotlin-stdlib-jdk8:$kotlin_version"
-        compile "org.jetbrains.kotlin:kotlin-reflect:$kotlin_version"
-        testCompile group: 'junit', name: 'junit', version: '4.12'
+        api "org.jetbrains.kotlin:kotlin-stdlib-jdk8:$kotlin_version"
+        api "org.jetbrains.kotlin:kotlin-reflect:$kotlin_version"
+        testApi group: 'junit', name: 'junit', version: '4.12'
     }
 
     sourceCompatibility = 1.8
diff --git a/settings.gradle b/settings.gradle
index 4999cac..4afe6bd 100644
--- a/settings.gradle
+++ b/settings.gradle
@@ -4,3 +4,5 @@ include 'src:zeus.app'
 include 'src:zeus.domain'
 include 'src:zeus.query'
 include 'src:zeus.env'
+include 'src:zeus.repository'
+
diff --git a/src/zeus.app/build.gradle b/src/zeus.app/build.gradle
index 1662c1a..8e40c6a 100644
--- a/src/zeus.app/build.gradle
+++ b/src/zeus.app/build.gradle
@@ -1,20 +1,23 @@
 buildscript {
     dependencies {
         classpath("org.springframework.boot:spring-boot-gradle-plugin:$spring_version")
+        classpath("org.jetbrains.kotlin:kotlin-allopen:$kotlin_version")
     }
 }
 
 apply plugin: 'org.springframework.boot'
+apply plugin: 'kotlin-spring'
 
 jar.enabled = true    //jar SKIPPED问题,不设置可能会无法打jar
 
 dependencies {
-    compile project(":src:zeus.domain")
-    compile project(":src:zeus.query")
-    compile "com.synebula:gaea.app:$gaea_version"
-    compile "com.synebula:gaea.mongo:$gaea_version"
+    api project(":src:zeus.domain")
+    api project(":src:zeus.query")
+    api project(":src:zeus.repository")
+    api "com.synebula:gaea.app:$gaea_version"
+    api "com.synebula:gaea.spring:$gaea_version"
+    api "com.synebula:gaea.mongodb:$gaea_version"
 
-    compile group: 'com.google.code.gson', name: 'gson', version: '2.8.6'
 }
 
 publishing {
diff --git a/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/component/ZeusAspect.kt b/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/component/ZeusAspect.kt
new file mode 100644
index 0000000..bd24aff
--- /dev/null
+++ b/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/component/ZeusAspect.kt
@@ -0,0 +1,15 @@
+package com.synebula.zeus.app.component
+
+import com.synebula.gaea.spring.aop.AppAspect
+import org.aspectj.lang.annotation.Aspect
+import org.aspectj.lang.annotation.Pointcut
+import org.springframework.stereotype.Component
+
+@Aspect
+@Component
+class ZeusAspect : AppAspect() {
+
+    @Pointcut("target(com.synebula.gaea.app.IApplication)")
+    override fun func() {
+    }
+}
\ No newline at end of file
diff --git a/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/config/ZeusBeans.kt b/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/config/ZeusBeans.kt
index c49368c..51a7a56 100644
--- a/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/config/ZeusBeans.kt
+++ b/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/config/ZeusBeans.kt
@@ -1,37 +1,42 @@
 package com.synebula.zeus.app.config
 
 import com.google.gson.Gson
+import com.synebula.gaea.app.component.security.WebSecurity
 import com.synebula.gaea.data.serialization.json.IJsonSerializer
-import com.synebula.gaea.domain.model.IAggregateRoot
-import com.synebula.gaea.domain.repository.IRepository
-import com.synebula.gaea.log.ILogger
-import com.synebula.gaea.mongo.query.MongoQuery
-import com.synebula.gaea.mongo.repository.MongoRepository
-import com.synebula.gaea.query.IQuery
-import com.synebula.zeus.domain.service.contr.component.IUserNotifier
+import com.synebula.gaea.domain.repository.IRepositoryFactory
+import com.synebula.gaea.mongodb.query.MongodbQueryFactory
+import com.synebula.gaea.mongodb.repository.MongodbRepositoryFactory
+import com.synebula.gaea.query.IQueryFactory
 import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.ComponentScan
+import org.springframework.context.annotation.ComponentScan.Filter
 import org.springframework.context.annotation.Configuration
-import org.springframework.context.annotation.Primary
+import org.springframework.context.annotation.FilterType
 import org.springframework.data.mongodb.core.MongoTemplate
 
 
 @Configuration
-open class ZeusBeans {
-    @Bean
-    @Primary
-    open fun <T : IAggregateRoot<String>> repository(template: MongoTemplate)
-            : IRepository = MongoRepository(template)
+@ComponentScan(
+    basePackages = ["com.synebula.gaea.app.component"],
+    excludeFilters = [Filter(type = FilterType.ASSIGNABLE_TYPE, classes = [WebSecurity::class])]
+)
+class ZeusBeans {
 
     @Bean
-    @Primary
-    open fun <T> query(template: MongoTemplate, logger: ILogger? = null)
-            : IQuery = MongoQuery(template, logger)
+    fun repoFactory(template: MongoTemplate): IRepositoryFactory {
+        return MongodbRepositoryFactory(template)
+    }
 
     @Bean
-    open fun gson(): Gson = Gson()
+    fun queryFactory(template: MongoTemplate): IQueryFactory {
+        return MongodbQueryFactory(template)
+    }
 
     @Bean
-    open fun serializer(gson: Gson): IJsonSerializer {
+    fun gson(): Gson = Gson()
+
+    @Bean
+    fun serializer(gson: Gson): IJsonSerializer {
         return object : IJsonSerializer {
             override fun <S> serialize(src: S): String {
                 return gson.toJson(src)
diff --git a/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/config/ZeusServices.kt b/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/config/ZeusServices.kt
new file mode 100644
index 0000000..b54c90d
--- /dev/null
+++ b/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/config/ZeusServices.kt
@@ -0,0 +1,10 @@
+package com.synebula.zeus.app.config
+
+import com.synebula.gaea.app.autoconfig.service.ServiceScan
+import com.synebula.gaea.mongodb.autoconfig.MongodbRepositoryScan
+import org.springframework.stereotype.Component
+
+@Component
+@ServiceScan(basePackages = ["com.synebula.zeus.domain.service"])
+@MongodbRepositoryScan(basePackages = ["com.synebula.zeus.domain.repository", "com.synebula.zeus.repository", "com.synebula.zeus.query"])
+class ZeusServices
\ No newline at end of file
diff --git a/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/config/ZeusSpring.kt b/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/config/ZeusSpring.kt
deleted file mode 100644
index 59bed60..0000000
--- a/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/config/ZeusSpring.kt
+++ /dev/null
@@ -1,18 +0,0 @@
-package com.synebula.zeus.app.config
-
-import com.synebula.gaea.app.component.AllTypeFilter
-import org.springframework.context.annotation.ComponentScan
-import org.springframework.context.annotation.ComponentScan.Filter
-import org.springframework.context.annotation.FilterType
-import org.springframework.stereotype.Component
-
-@Component
-@ComponentScan(
-    basePackages = [
-        "com.synebula.gaea.app.component",
-        "com.synebula.zeus.domain.service.impl",
-        "com.synebula.zeus.query.impl"
-    ],
-    includeFilters = [Filter(type = FilterType.CUSTOM, classes = [AllTypeFilter::class])]
-)
-class ZeusSpring
\ No newline at end of file
diff --git a/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/controller/SignInOutApp.kt b/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/controller/SignInOutApp.kt
index cb5c0b6..54099d5 100644
--- a/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/controller/SignInOutApp.kt
+++ b/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/controller/SignInOutApp.kt
@@ -1,31 +1,73 @@
 package com.synebula.zeus.app.controller
 
 import com.synebula.gaea.app.IApplication
-import com.synebula.gaea.app.component.HttpMessage
+import com.synebula.gaea.app.component.security.TokenManager
+import com.synebula.gaea.data.message.HttpMessage
+import com.synebula.gaea.data.message.Status
+import com.synebula.gaea.data.serialization.json.IJsonSerializer
 import com.synebula.gaea.log.ILogger
+import com.synebula.gaea.spring.aop.annotation.Method
+import com.synebula.zeus.domain.service.cmd.rbac.UserCmd
+import com.synebula.zeus.domain.service.contr.rbac.IUserService
 import com.synebula.zeus.query.contr.IUserQuery
-import com.synebula.zeus.query.impl.UserQuery
-import org.springframework.data.mongodb.core.MongoTemplate
+import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.web.bind.annotation.PostMapping
+import org.springframework.web.bind.annotation.RequestBody
 import org.springframework.web.bind.annotation.RequestMapping
 import org.springframework.web.bind.annotation.RestController
 
 @RestController
 @RequestMapping("/sign")
-class SignInOutApp(template: MongoTemplate, override var logger: ILogger?) : IApplication {
-    var query: IUserQuery = UserQuery(template)
+class SignInOutApp(override var logger: ILogger) : IApplication {
+
+    @Autowired
+    lateinit var userQuery: IUserQuery
+
+    @Autowired
+    lateinit var userService: IUserService
+
+    @Autowired
+    lateinit var tokenHelper: TokenManager
+
+    @Autowired
+    lateinit var serializer: IJsonSerializer
 
     override var name: String = "用户登录管理"
 
+    @Method("用户登录")
     @PostMapping("/in")
-    fun signIn(name: String, password: String): HttpMessage {
+    fun signIn(name: String, password: String, remember: Boolean?): HttpMessage {
         return this.safeExecute("用户登录出现异常") {
-            it.load(this.query.signIn(name, password))
+            val message = this.userQuery.signIn(name, password)
+            if (message.data != null) {
+                val user = message.data
+                user!!.remember = remember ?: false
+                val token = tokenHelper.sign(message.data!!)
+                it.data = token
+            } else {
+                it.load(message)
+            }
         }
     }
 
+    @Method("用户登出")
     @PostMapping("/out")
     fun signOut(user: String): HttpMessage {
         return HttpMessage(user)
     }
+
+    @Method("用户注册")
+    @PostMapping("/up")
+    fun signUp(@RequestBody command: UserCmd): HttpMessage {
+        return this.safeExecute("用户注册出错, 用户信息: ${serializer.serialize(command)}") {
+            val list = this.userQuery.list(mapOf(Pair("name", command.name)))
+            if (list.isEmpty()) {
+                val message = userService.add(command)
+                it.data = message.data
+            } else {
+                it.status = Status.Failure
+                it.message = "系统中已存在该用户"
+            }
+        }
+    }
 }
\ No newline at end of file
diff --git a/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/controller/rbac/AuthorityApp.kt b/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/controller/rbac/AuthorityApp.kt
new file mode 100644
index 0000000..5ddee5b
--- /dev/null
+++ b/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/controller/rbac/AuthorityApp.kt
@@ -0,0 +1,41 @@
+package com.synebula.zeus.app.controller.rbac
+
+import com.synebula.gaea.app.Application
+import com.synebula.gaea.data.message.HttpMessage
+import com.synebula.gaea.log.ILogger
+import com.synebula.gaea.spring.aop.annotation.Method
+import com.synebula.zeus.domain.service.cmd.rbac.AuthorityBatchAddCmd
+import com.synebula.zeus.domain.service.cmd.rbac.AuthorityCmd
+import com.synebula.zeus.domain.service.contr.rbac.IAuthorityService
+import com.synebula.zeus.env.ResourceType
+import com.synebula.zeus.query.contr.IAuthorityQuery
+import com.synebula.zeus.query.view.AuthorityView
+import org.springframework.web.bind.annotation.*
+
+@RestController
+@RequestMapping("/authorities")
+class AuthorityApp(
+    query: IAuthorityQuery,
+    logger: ILogger,
+    private var authorityService: IAuthorityService
+) : Application<AuthorityCmd, AuthorityView, String>(
+    "权限信息", authorityService, query, logger
+) {
+    @Method("批量添加权限信息")
+    @PostMapping("/batch")
+    fun add(@RequestBody cmd: AuthorityBatchAddCmd): HttpMessage {
+        this.authorityService.add(cmd)
+        return HttpMessage()
+    }
+
+    @Method("根据资源和角色删除权限")
+    @DeleteMapping("/{type}/role/{role}")
+    fun removeByResourceRole(
+        @PathVariable type: ResourceType,
+        @PathVariable role: String,
+        @RequestBody resource: List<String>
+    ): HttpMessage {
+        this.authorityService.removeByResourceRole(type, resource, role)
+        return HttpMessage()
+    }
+}
\ No newline at end of file
diff --git a/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/controller/rbac/GroupApp.kt b/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/controller/rbac/GroupApp.kt
index 4e84b27..d965d48 100644
--- a/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/controller/rbac/GroupApp.kt
+++ b/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/controller/rbac/GroupApp.kt
@@ -2,7 +2,7 @@ package com.synebula.zeus.app.controller.rbac
 
 import com.synebula.gaea.app.Application
 import com.synebula.gaea.log.ILogger
-import com.synebula.gaea.query.IQuery
+import com.synebula.gaea.query.IQueryFactory
 import com.synebula.zeus.domain.service.cmd.rbac.GroupCmd
 import com.synebula.zeus.domain.service.contr.rbac.IGroupService
 import com.synebula.zeus.query.view.GroupView
@@ -13,9 +13,8 @@ import org.springframework.web.bind.annotation.RestController
 @RequestMapping("/groups")
 class GroupApp(
     service: IGroupService,
-    query: IQuery,
+    factory: IQueryFactory,
     logger: ILogger
 ) : Application<GroupCmd, GroupView, String>(
-    "分组信息", GroupView::class.java,
-    service, query, logger
+    "用户组信息", service, factory.createQuery(GroupView::class.java), logger
 )
\ No newline at end of file
diff --git a/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/controller/rbac/RoleApp.kt b/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/controller/rbac/RoleApp.kt
index 6354c7d..4198431 100644
--- a/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/controller/rbac/RoleApp.kt
+++ b/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/controller/rbac/RoleApp.kt
@@ -2,7 +2,7 @@ package com.synebula.zeus.app.controller.rbac
 
 import com.synebula.gaea.app.Application
 import com.synebula.gaea.log.ILogger
-import com.synebula.gaea.query.IQuery
+import com.synebula.gaea.query.IQueryFactory
 import com.synebula.zeus.domain.service.cmd.rbac.RoleCmd
 import com.synebula.zeus.domain.service.contr.rbac.IRoleService
 import com.synebula.zeus.query.view.RoleView
@@ -13,9 +13,8 @@ import org.springframework.web.bind.annotation.RestController
 @RequestMapping("/roles")
 class RoleApp(
     service: IRoleService,
-    query: IQuery,
+    factory: IQueryFactory,
     logger: ILogger
 ) : Application<RoleCmd, RoleView, String>(
-    "用户信息", RoleView::class.java,
-    service, query, logger
+    "用户信息", service, factory.createQuery(RoleView::class.java), logger
 )
\ No newline at end of file
diff --git a/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/controller/rbac/UserApp.kt b/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/controller/rbac/UserApp.kt
index f32e4b5..159e7d2 100644
--- a/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/controller/rbac/UserApp.kt
+++ b/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/controller/rbac/UserApp.kt
@@ -1,13 +1,13 @@
 package com.synebula.zeus.app.controller.rbac
 
 import com.synebula.gaea.app.Application
-import com.synebula.gaea.app.component.HttpMessage
+import com.synebula.gaea.data.message.HttpMessage
 import com.synebula.gaea.data.message.Status
 import com.synebula.gaea.data.serialization.json.IJsonSerializer
 import com.synebula.gaea.log.ILogger
-import com.synebula.gaea.query.IQuery
 import com.synebula.zeus.domain.service.cmd.rbac.UserCmd
 import com.synebula.zeus.domain.service.contr.rbac.IUserService
+import com.synebula.zeus.query.contr.IUserQuery
 import com.synebula.zeus.query.view.UserView
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.web.bind.annotation.*
@@ -16,11 +16,10 @@ import org.springframework.web.bind.annotation.*
 @RequestMapping("/users")
 class UserApp(
     service: IUserService,
-    query: IQuery,
+    query: IUserQuery,
     logger: ILogger
 ) : Application<UserCmd, UserView, String>(
-    "用户信息", UserView::class.java,
-    service, query, logger
+    "用户信息", service, query, logger
 ) {
 
     @Autowired
@@ -28,8 +27,8 @@ class UserApp(
 
     override fun add(command: UserCmd): HttpMessage {
         return this.safeExecute("查询重复用户信息出错, 用户信息: ${serializer.serialize(command)}") {
-            val list = this.query!!.list(mapOf(Pair("name", command.name)), UserView::class.java)
-            if (list.count() == 0)
+            val list = this.query.list(mapOf(Pair("name", command.name)))
+            if (list.isEmpty())
                 it.from(super.add(command))
             else {
                 it.status = Status.Failure
@@ -54,8 +53,8 @@ class UserApp(
     @GetMapping("/{name}/forgot")
     fun forgot(@PathVariable name: String): HttpMessage {
         return this.safeExecute("遗忘用户密码出现异常") {
-            val users = this.query?.list(mapOf(Pair("name", name)), UserView::class.java)
-            if (users != null && users.isNotEmpty()) {
+            val users = this.query.list(mapOf(Pair("name", name)))
+            if (users.isNotEmpty()) {
                 it.load((this.service as IUserService).forgotPassword(users[0].id))
 
             } else {
diff --git a/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/controller/rbac/resource/InterfaceApp.kt b/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/controller/rbac/resource/InterfaceApp.kt
index a20835a..10507d2 100644
--- a/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/controller/rbac/resource/InterfaceApp.kt
+++ b/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/controller/rbac/resource/InterfaceApp.kt
@@ -1,8 +1,9 @@
 package com.synebula.zeus.app.controller.rbac.resource
 
 import com.synebula.gaea.app.Application
-import com.synebula.gaea.app.component.HttpMessage
+import com.synebula.gaea.data.message.HttpMessage
 import com.synebula.gaea.log.ILogger
+import com.synebula.gaea.spring.aop.annotation.Method
 import com.synebula.zeus.domain.service.cmd.rbac.resource.InterfaceCmd
 import com.synebula.zeus.domain.service.contr.rbac.resource.IInterfaceService
 import com.synebula.zeus.query.contr.resouce.IInterfaceQuery
@@ -19,28 +20,30 @@ class InterfaceApp(
     logger: ILogger,
     var interfaceQuery: IInterfaceQuery
 ) : Application<InterfaceCmd, InterfaceView, String>(
-    "接口信息", InterfaceView::class.java,
-    service, interfaceQuery, logger
+    "接口信息", service, interfaceQuery, logger
 ) {
 
-    @GetMapping("/in-system/{system}/permission/{role}")
-    fun withSystemPermission(@PathVariable system: String, @PathVariable role: String): HttpMessage {
+    @Method("获取角色系统下有权接口")
+    @GetMapping("/in-system/{system}/authorized/{role}")
+    fun authorized(@PathVariable system: String, @PathVariable role: String): HttpMessage {
         return this.safeExecute("获取有权资源列表失败") { msg ->
-            msg.data = this.interfaceQuery.withPermission(role, system)
+            msg.data = this.interfaceQuery.authorized(role, system)
         }
     }
 
-    @GetMapping("/permission/{role}")
-    fun withPermission(@PathVariable role: String): HttpMessage {
+    @Method("获取角色全部有权接口")
+    @GetMapping("/authorized/{role}")
+    fun authorized(@PathVariable role: String): HttpMessage {
         return this.safeExecute("获取有权资源列表失败") { msg ->
-            msg.data = this.interfaceQuery.withPermission(role)
+            msg.data = this.interfaceQuery.authorized(role)
         }
     }
 
-    @GetMapping("/{api}/authentication/{role}")
-    fun authentication(@PathVariable api: String, @PathVariable role: String): HttpMessage {
+    @Method("验证角色接口权限")
+    @GetMapping("/{api}/authorize/{role}")
+    fun authorize(@PathVariable api: String, @PathVariable role: String): HttpMessage {
         return this.safeExecute("获取权限信息失败") { msg ->
-            msg.data = this.interfaceQuery.authentication(api, role)
+            msg.data = this.interfaceQuery.authorize(api, role)
         }
     }
 }
\ No newline at end of file
diff --git a/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/controller/rbac/resource/PageApp.kt b/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/controller/rbac/resource/PageApp.kt
index 6120b98..e06928c 100644
--- a/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/controller/rbac/resource/PageApp.kt
+++ b/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/controller/rbac/resource/PageApp.kt
@@ -1,8 +1,10 @@
 package com.synebula.zeus.app.controller.rbac.resource
 
 import com.synebula.gaea.app.Application
-import com.synebula.gaea.app.component.HttpMessage
+import com.synebula.gaea.data.message.HttpMessage
 import com.synebula.gaea.log.ILogger
+import com.synebula.gaea.spring.aop.annotation.Method
+import com.synebula.gaea.spring.aop.annotation.Module
 import com.synebula.zeus.domain.service.cmd.rbac.resource.PageCmd
 import com.synebula.zeus.domain.service.contr.rbac.resource.IPageService
 import com.synebula.zeus.query.contr.resouce.IPageQuery
@@ -14,40 +16,44 @@ import org.springframework.web.bind.annotation.RestController
 
 @RestController
 @RequestMapping("/pages")
+@Module("页面")
 class PageApp(
     service: IPageService,
     logger: ILogger,
     var pageQuery: IPageQuery
 ) : Application<PageCmd, PageView, String>(
-    "页面信息", PageView::class.java,
-    service, pageQuery, logger
+    "页面信息", service, pageQuery, logger
 ) {
 
-    @GetMapping("/in-system/{system}/permission/{role}")
-    fun withSystemPermission(@PathVariable system: String, @PathVariable role: String): HttpMessage {
+    @Method("获取角色系统下有权页面")
+    @GetMapping("/in-system/{system}/authorized/{role}")
+    fun authorized(@PathVariable system: String, @PathVariable role: String): HttpMessage {
+        val msg = HttpMessage()
+        msg.data = this.pageQuery.authorized(role, system)
+        return msg
+    }
+
+    @Method("获取角色全部有权页面")
+    @GetMapping("/authorized/{role}")
+    fun authorized(@PathVariable role: String): HttpMessage {
         return this.safeExecute("获取有权资源列表失败") { msg ->
-            msg.data = this.pageQuery.withPermission(role, system)
+            msg.data = this.pageQuery.authorized(role)
         }
     }
 
-    @GetMapping("/permission/{role}")
-    fun withPermission(@PathVariable role: String): HttpMessage {
-        return this.safeExecute("获取有权资源列表失败") { msg ->
-            msg.data = this.pageQuery.withPermission(role)
-        }
-    }
-
-    @GetMapping("/{page}/authentication/{role}")
-    fun authentication(@PathVariable page: String, @PathVariable role: String): HttpMessage {
+    @Method("验证角色页面权限")
+    @GetMapping("/{page}/authorize/{role}")
+    fun authorize(@PathVariable page: String, @PathVariable role: String): HttpMessage {
         return this.safeExecute("获取权限信息失败") { msg ->
-            msg.data = this.pageQuery.authentication(page, role)
+            msg.data = this.pageQuery.authorize(page, role)
         }
     }
 
-    @GetMapping("/authentication/{role}")
-    fun uriAuthentication(@PathVariable role: String, uri: String): HttpMessage {
+    @Method("验证角色URL权限")
+    @GetMapping("/authorize/{role}")
+    fun uriAuthorize(@PathVariable role: String, uri: String): HttpMessage {
         return this.safeExecute("获取权限信息失败") { msg ->
-            msg.data = this.pageQuery.uriAuthentication(uri, role)
+            msg.data = this.pageQuery.uriAuthorize(uri, role)
         }
     }
 
diff --git a/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/controller/rbac/resource/PermissionApp.kt b/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/controller/rbac/resource/PermissionApp.kt
deleted file mode 100644
index fc0837d..0000000
--- a/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/controller/rbac/resource/PermissionApp.kt
+++ /dev/null
@@ -1,21 +0,0 @@
-package com.synebula.zeus.app.controller.rbac.resource
-
-import com.synebula.gaea.app.Application
-import com.synebula.gaea.log.ILogger
-import com.synebula.zeus.domain.service.cmd.rbac.resource.PermissionCmd
-import com.synebula.zeus.domain.service.contr.rbac.resource.IPermissionService
-import com.synebula.zeus.query.contr.resouce.IPermissionQuery
-import com.synebula.zeus.query.view.resource.PermissionView
-import org.springframework.web.bind.annotation.RequestMapping
-import org.springframework.web.bind.annotation.RestController
-
-@RestController
-@RequestMapping("/permissions")
-class PermissionApp(
-        service: IPermissionService,
-        query: IPermissionQuery,
-        logger: ILogger
-) : Application<PermissionCmd, PermissionView, String>(
-        "权限信息", PermissionView::class.java,
-        service, query, logger
-)
\ No newline at end of file
diff --git a/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/controller/rbac/resource/SystemApp.kt b/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/controller/rbac/resource/SystemApp.kt
index f49ea66..40e6082 100644
--- a/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/controller/rbac/resource/SystemApp.kt
+++ b/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/controller/rbac/resource/SystemApp.kt
@@ -1,8 +1,9 @@
 package com.synebula.zeus.app.controller.rbac.resource
 
 import com.synebula.gaea.app.Application
-import com.synebula.gaea.app.component.HttpMessage
+import com.synebula.gaea.data.message.HttpMessage
 import com.synebula.gaea.log.ILogger
+import com.synebula.gaea.spring.aop.annotation.Method
 import com.synebula.zeus.domain.service.cmd.rbac.resource.SystemCmd
 import com.synebula.zeus.domain.service.contr.rbac.resource.ISystemService
 import com.synebula.zeus.query.contr.resouce.ISystemQuery
@@ -19,20 +20,21 @@ class SystemApp(
     logger: ILogger,
     var systemQuery: ISystemQuery
 ) : Application<SystemCmd, SystemView, String>(
-    "系统信息", SystemView::class.java,
-    service, systemQuery, logger
+    "系统信息", service, systemQuery, logger
 ) {
-    @GetMapping("/permission/{role}")
-    fun withPermission(@PathVariable role: String): HttpMessage {
+    @Method("获取角色有权系统")
+    @GetMapping("/authorized/{role}")
+    fun authorized(@PathVariable role: String): HttpMessage {
         return this.safeExecute("获取有权资源列表失败") { msg ->
-            msg.data = this.systemQuery.withPermission(role)
+            msg.data = this.systemQuery.authorized(role)
         }
     }
 
-    @GetMapping("/{system}/authentication/{role}")
-    fun authentication(@PathVariable system: String, @PathVariable role: String): HttpMessage {
+    @Method("验证角色系统权限")
+    @GetMapping("/{system}/authorize/{role}")
+    fun authorize(@PathVariable system: String, @PathVariable role: String): HttpMessage {
         return this.safeExecute("获取权限信息失败") { msg ->
-            msg.data = this.systemQuery.authentication(system, role)
+            msg.data = this.systemQuery.authorize(system, role)
         }
     }
 }
\ No newline at end of file
diff --git a/src/zeus.domain/build.gradle b/src/zeus.domain/build.gradle
index 039e485..7878df1 100644
--- a/src/zeus.domain/build.gradle
+++ b/src/zeus.domain/build.gradle
@@ -1,6 +1,6 @@
 dependencies {
-    compile project(":src:zeus.env")
-    compile "com.synebula:gaea:$gaea_version"
+    api project(":src:zeus.env")
+    api "com.synebula:gaea:$gaea_version"
 }
 
 publishing {
diff --git a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/model/rbac/Authority.kt b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/model/rbac/Authority.kt
new file mode 100644
index 0000000..24947d6
--- /dev/null
+++ b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/model/rbac/Authority.kt
@@ -0,0 +1,19 @@
+package com.synebula.zeus.domain.model.rbac
+
+import com.synebula.gaea.domain.model.AggregateRoot
+import com.synebula.zeus.env.AuthorityType
+import com.synebula.zeus.env.ResourceType
+
+class Authority(override var id: String? = null) : AggregateRoot<String>() {
+    var role = ""
+    var resource = ""
+    var type: ResourceType? = null
+    var authority = AuthorityType.Allow
+
+    constructor(role: String, resource: String, type: ResourceType?, authority: AuthorityType) : this() {
+        this.role = role
+        this.resource = resource
+        this.type = type
+        this.authority = authority
+    }
+}
\ No newline at end of file
diff --git a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/model/rbac/Group.kt b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/model/rbac/Group.kt
index f0476f2..ce4af1d 100644
--- a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/model/rbac/Group.kt
+++ b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/model/rbac/Group.kt
@@ -4,4 +4,5 @@ import com.synebula.gaea.domain.model.AggregateRoot
 
 class Group(override var id: String? = null) : AggregateRoot<String>() {
     var name = ""
+    var desc = ""
 }
\ No newline at end of file
diff --git a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/model/rbac/Role.kt b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/model/rbac/Role.kt
index d8eebe6..841096e 100644
--- a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/model/rbac/Role.kt
+++ b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/model/rbac/Role.kt
@@ -2,6 +2,7 @@ package com.synebula.zeus.domain.model.rbac
 
 import com.synebula.gaea.domain.model.AggregateRoot
 
-class Role(override var id: String?) : AggregateRoot<String>() {
+class Role(override var id: String? = null) : AggregateRoot<String>() {
     var name = ""
+    var desc = ""
 }
\ No newline at end of file
diff --git a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/model/rbac/resource/Permission.kt b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/model/rbac/resource/Permission.kt
deleted file mode 100644
index e07d0a7..0000000
--- a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/model/rbac/resource/Permission.kt
+++ /dev/null
@@ -1,12 +0,0 @@
-package com.synebula.zeus.domain.model.rbac.resource
-
-import com.synebula.gaea.domain.model.AggregateRoot
-import com.synebula.zeus.env.PermissionType
-import com.synebula.zeus.env.ResourceType
-
-class Permission(override var id: String? = null) : AggregateRoot<String>() {
-    var role = ""
-    var resource = ""
-    var type: ResourceType? = null
-    var authority = PermissionType.Allow
-}
\ No newline at end of file
diff --git a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/repository/rbac/IAuthorityRepository.kt b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/repository/rbac/IAuthorityRepository.kt
new file mode 100644
index 0000000..4a5e268
--- /dev/null
+++ b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/repository/rbac/IAuthorityRepository.kt
@@ -0,0 +1,9 @@
+package com.synebula.zeus.domain.repository.rbac
+
+import com.synebula.gaea.domain.repository.IRepository
+import com.synebula.zeus.domain.model.rbac.Authority
+import com.synebula.zeus.env.ResourceType
+
+interface IAuthorityRepository : IRepository<Authority, String> {
+    fun removeByResourceRole(type: ResourceType, resource: List<String>, role: String)
+}
\ No newline at end of file
diff --git a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/repository/rbac/IUserRepository.kt b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/repository/rbac/IUserRepository.kt
new file mode 100644
index 0000000..2c59d0e
--- /dev/null
+++ b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/repository/rbac/IUserRepository.kt
@@ -0,0 +1,7 @@
+package com.synebula.zeus.domain.repository.rbac
+
+import com.synebula.gaea.domain.repository.IRepository
+import com.synebula.zeus.domain.model.rbac.User
+
+interface IUserRepository : IRepository<User, String> {
+}
\ No newline at end of file
diff --git a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/cmd/rbac/AuthorityBatchAddCmd.kt b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/cmd/rbac/AuthorityBatchAddCmd.kt
new file mode 100644
index 0000000..e3ed7f6
--- /dev/null
+++ b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/cmd/rbac/AuthorityBatchAddCmd.kt
@@ -0,0 +1,12 @@
+package com.synebula.zeus.domain.service.cmd.rbac
+
+import com.synebula.gaea.domain.service.Command
+import com.synebula.zeus.env.AuthorityType
+import com.synebula.zeus.env.ResourceType
+
+class AuthorityBatchAddCmd : Command() {
+    var role = ""
+    var resource = listOf<String>()
+    var type: ResourceType? = null
+    var authority = AuthorityType.Allow
+}
\ No newline at end of file
diff --git a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/cmd/rbac/resource/PermissionCmd.kt b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/cmd/rbac/AuthorityCmd.kt
similarity index 52%
rename from src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/cmd/rbac/resource/PermissionCmd.kt
rename to src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/cmd/rbac/AuthorityCmd.kt
index b23a80b..36cd3dc 100644
--- a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/cmd/rbac/resource/PermissionCmd.kt
+++ b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/cmd/rbac/AuthorityCmd.kt
@@ -1,13 +1,13 @@
-package com.synebula.zeus.domain.service.cmd.rbac.resource
+package com.synebula.zeus.domain.service.cmd.rbac
 
 import com.synebula.gaea.domain.service.Command
-import com.synebula.zeus.env.PermissionType
+import com.synebula.zeus.env.AuthorityType
 import com.synebula.zeus.env.ResourceType
 
-class PermissionCmd : Command() {
+class AuthorityCmd : Command() {
     var id: String? = null
     var role = ""
     var resource = ""
     var type: ResourceType? = null
-    var authority = PermissionType.Allow
+    var authority = AuthorityType.Allow
 }
\ No newline at end of file
diff --git a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/cmd/rbac/GroupCmd.kt b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/cmd/rbac/GroupCmd.kt
index c556215..2ceb6f4 100644
--- a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/cmd/rbac/GroupCmd.kt
+++ b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/cmd/rbac/GroupCmd.kt
@@ -5,4 +5,5 @@ import com.synebula.gaea.domain.service.Command
 class GroupCmd : Command() {
     var id: String? = null
     var name = ""
+    var desc = ""
 }
\ No newline at end of file
diff --git a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/cmd/rbac/RoleCmd.kt b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/cmd/rbac/RoleCmd.kt
index 589a389..b041a82 100644
--- a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/cmd/rbac/RoleCmd.kt
+++ b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/cmd/rbac/RoleCmd.kt
@@ -5,4 +5,5 @@ import com.synebula.gaea.domain.service.Command
 class RoleCmd : Command() {
     var id: String? = null
     var name = ""
+    var desc = ""
 }
\ No newline at end of file
diff --git a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/contr/component/IUserNotifier.kt b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/component/IUserNotifier.kt
similarity index 71%
rename from src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/contr/component/IUserNotifier.kt
rename to src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/component/IUserNotifier.kt
index 3138d19..0ab8a8c 100644
--- a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/contr/component/IUserNotifier.kt
+++ b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/component/IUserNotifier.kt
@@ -1,4 +1,4 @@
-package com.synebula.zeus.domain.service.contr.component
+package com.synebula.zeus.domain.service.component
 
 interface IUserNotifier {
     fun added(id: String, name: String, token: String)
diff --git a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/contr/rbac/IAuthorityService.kt b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/contr/rbac/IAuthorityService.kt
new file mode 100644
index 0000000..d9b698e
--- /dev/null
+++ b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/contr/rbac/IAuthorityService.kt
@@ -0,0 +1,13 @@
+package com.synebula.zeus.domain.service.contr.rbac
+
+import com.synebula.gaea.domain.service.IService
+import com.synebula.zeus.domain.service.cmd.rbac.AuthorityBatchAddCmd
+import com.synebula.zeus.env.ResourceType
+
+interface IAuthorityService : IService<String> {
+
+    fun add(cmd: AuthorityBatchAddCmd)
+
+    fun removeByResourceRole(type: ResourceType, resource: List<String>, role: String)
+
+}
\ No newline at end of file
diff --git a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/contr/rbac/IGroupService.kt b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/contr/rbac/IGroupService.kt
index 1d112cb..949f01f 100644
--- a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/contr/rbac/IGroupService.kt
+++ b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/contr/rbac/IGroupService.kt
@@ -1,7 +1,8 @@
 package com.synebula.zeus.domain.service.contr.rbac
 
+import com.synebula.gaea.domain.service.Domain
 import com.synebula.gaea.domain.service.IService
+import com.synebula.zeus.domain.model.rbac.Group
 
-interface IGroupService : IService<String> {
-
-}
\ No newline at end of file
+@Domain(clazz = Group::class)
+interface IGroupService : IService<String>
\ No newline at end of file
diff --git a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/contr/rbac/IRoleService.kt b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/contr/rbac/IRoleService.kt
index f4ad941..6dc0960 100644
--- a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/contr/rbac/IRoleService.kt
+++ b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/contr/rbac/IRoleService.kt
@@ -1,7 +1,8 @@
 package com.synebula.zeus.domain.service.contr.rbac
 
+import com.synebula.gaea.domain.service.Domain
 import com.synebula.gaea.domain.service.IService
+import com.synebula.zeus.domain.model.rbac.Role
 
-interface IRoleService : IService<String> {
-
-}
\ No newline at end of file
+@Domain(clazz = Role::class)
+interface IRoleService : IService<String>
\ No newline at end of file
diff --git a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/contr/rbac/resource/IInterfaceService.kt b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/contr/rbac/resource/IInterfaceService.kt
index d54c875..9b713d8 100644
--- a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/contr/rbac/resource/IInterfaceService.kt
+++ b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/contr/rbac/resource/IInterfaceService.kt
@@ -1,7 +1,8 @@
 package com.synebula.zeus.domain.service.contr.rbac.resource
 
+import com.synebula.gaea.domain.service.Domain
 import com.synebula.gaea.domain.service.IService
+import com.synebula.zeus.domain.model.rbac.resource.Interface
 
-interface IInterfaceService : IService<String> {
-
-}
\ No newline at end of file
+@Domain(clazz = Interface::class)
+interface IInterfaceService : IService<String>
\ No newline at end of file
diff --git a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/contr/rbac/resource/IPageService.kt b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/contr/rbac/resource/IPageService.kt
index d072b77..5cb9bf2 100644
--- a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/contr/rbac/resource/IPageService.kt
+++ b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/contr/rbac/resource/IPageService.kt
@@ -1,7 +1,8 @@
 package com.synebula.zeus.domain.service.contr.rbac.resource
 
+import com.synebula.gaea.domain.service.Domain
 import com.synebula.gaea.domain.service.IService
+import com.synebula.zeus.domain.model.rbac.resource.Page
 
-interface IPageService : IService<String> {
-
-}
\ No newline at end of file
+@Domain(clazz = Page::class)
+interface IPageService : IService<String>
\ No newline at end of file
diff --git a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/contr/rbac/resource/IPermissionService.kt b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/contr/rbac/resource/IPermissionService.kt
deleted file mode 100644
index 7ec3dbd..0000000
--- a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/contr/rbac/resource/IPermissionService.kt
+++ /dev/null
@@ -1,7 +0,0 @@
-package com.synebula.zeus.domain.service.contr.rbac.resource
-
-import com.synebula.gaea.domain.service.IService
-
-interface IPermissionService : IService<String> {
-
-}
\ No newline at end of file
diff --git a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/contr/rbac/resource/ISystemService.kt b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/contr/rbac/resource/ISystemService.kt
index 3ed21d8..7f696d1 100644
--- a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/contr/rbac/resource/ISystemService.kt
+++ b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/contr/rbac/resource/ISystemService.kt
@@ -1,7 +1,8 @@
 package com.synebula.zeus.domain.service.contr.rbac.resource
 
+import com.synebula.gaea.domain.service.Domain
 import com.synebula.gaea.domain.service.IService
+import com.synebula.zeus.domain.model.rbac.resource.System
 
-interface ISystemService : IService<String> {
-
-}
\ No newline at end of file
+@Domain(clazz = System::class)
+interface ISystemService : IService<String>
\ No newline at end of file
diff --git a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/impl/rbac/AuthorityService.kt b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/impl/rbac/AuthorityService.kt
new file mode 100644
index 0000000..9d712ac
--- /dev/null
+++ b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/impl/rbac/AuthorityService.kt
@@ -0,0 +1,25 @@
+package com.synebula.zeus.domain.service.impl.rbac
+
+import com.synebula.gaea.data.serialization.IObjectMapper
+import com.synebula.gaea.domain.service.Service
+import com.synebula.zeus.domain.model.rbac.Authority
+import com.synebula.zeus.domain.repository.rbac.IAuthorityRepository
+import com.synebula.zeus.domain.service.cmd.rbac.AuthorityBatchAddCmd
+import com.synebula.zeus.domain.service.contr.rbac.IAuthorityService
+import com.synebula.zeus.env.ResourceType
+
+class AuthorityService(
+    private var authorityRepository: IAuthorityRepository,
+    mapper: IObjectMapper
+) : Service<Authority, String>(Authority::class.java, authorityRepository, mapper),
+    IAuthorityService {
+
+    override fun add(cmd: AuthorityBatchAddCmd) {
+        val authorities = cmd.resource.map { Authority(cmd.role, it, cmd.type, cmd.authority) }
+        this.repository.add(authorities)
+    }
+
+    override fun removeByResourceRole(type: ResourceType, resource: List<String>, role: String) {
+        this.authorityRepository.removeByResourceRole(type, resource, role)
+    }
+}
\ No newline at end of file
diff --git a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/impl/rbac/GroupService.kt b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/impl/rbac/GroupService.kt
deleted file mode 100644
index d462d17..0000000
--- a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/impl/rbac/GroupService.kt
+++ /dev/null
@@ -1,13 +0,0 @@
-package com.synebula.zeus.domain.service.impl.rbac
-
-import com.synebula.gaea.data.IObjectConverter
-import com.synebula.gaea.domain.repository.IRepository
-import com.synebula.gaea.domain.service.Service
-import com.synebula.gaea.log.ILogger
-import com.synebula.zeus.domain.model.rbac.Group
-import com.synebula.zeus.domain.service.contr.rbac.IGroupService
-
-class GroupService(
-    repository: IRepository,
-    converter: IObjectConverter, logger: ILogger
-) : Service<Group, String>(Group::class.java, repository, converter, logger), IGroupService
\ No newline at end of file
diff --git a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/impl/rbac/RoleService.kt b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/impl/rbac/RoleService.kt
deleted file mode 100644
index fcfb274..0000000
--- a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/impl/rbac/RoleService.kt
+++ /dev/null
@@ -1,13 +0,0 @@
-package com.synebula.zeus.domain.service.impl.rbac
-
-import com.synebula.gaea.data.IObjectConverter
-import com.synebula.gaea.domain.repository.IRepository
-import com.synebula.gaea.domain.service.Service
-import com.synebula.gaea.log.ILogger
-import com.synebula.zeus.domain.model.rbac.Role
-import com.synebula.zeus.domain.service.contr.rbac.IRoleService
-
-class RoleService(
-    repository: IRepository,
-    converter: IObjectConverter, logger: ILogger
-) : Service<Role, String>(Role::class.java, repository, converter, logger), IRoleService
\ No newline at end of file
diff --git a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/impl/rbac/UserService.kt b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/impl/rbac/UserService.kt
index c6b6f8e..5b3fa5f 100644
--- a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/impl/rbac/UserService.kt
+++ b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/impl/rbac/UserService.kt
@@ -1,56 +1,49 @@
 package com.synebula.zeus.domain.service.impl.rbac
 
-import com.synebula.gaea.data.IObjectConverter
+import com.synebula.gaea.bus.Subscribe
 import com.synebula.gaea.data.message.DataMessage
-import com.synebula.gaea.data.message.Message
 import com.synebula.gaea.data.message.Status
-import com.synebula.gaea.domain.repository.IRepository
+import com.synebula.gaea.data.serialization.IObjectMapper
+import com.synebula.gaea.domain.event.BeforeRemoveEvent
+import com.synebula.gaea.domain.repository.IRepositoryFactory
 import com.synebula.gaea.domain.service.ICommand
 import com.synebula.gaea.domain.service.Service
+import com.synebula.gaea.exception.NoticeUserException
 import com.synebula.gaea.ext.toMd5
 import com.synebula.gaea.log.ILogger
+import com.synebula.zeus.domain.model.rbac.Group
+import com.synebula.zeus.domain.model.rbac.Role
 import com.synebula.zeus.domain.model.rbac.User
-import com.synebula.zeus.domain.service.contr.component.IUserNotifier
-import com.synebula.zeus.domain.service.contr.rbac.IGroupService
-import com.synebula.zeus.domain.service.contr.rbac.IRoleService
+import com.synebula.zeus.domain.service.component.IUserNotifier
 import com.synebula.zeus.domain.service.contr.rbac.IUserService
 import java.util.*
 
 class UserService(
-    repository: IRepository,
-    converter: IObjectConverter,
-    logger: ILogger,
-    groupService: IGroupService,
-    roleService: IRoleService,
-    var userNotifier: IUserNotifier
-) : Service<User, String>(User::class.java, repository, converter, logger), IUserService {
+    factory: IRepositoryFactory,
+    mapper: IObjectMapper,
+    var userNotifier: IUserNotifier?,
+    var logger: ILogger
+) : Service<User, String>(User::class.java, factory.createRepository(User::class.java), mapper), IUserService {
 
-    init {
-        groupService.addBeforeRemoveListener(this.clazz.name) { id ->
-            val msg = Message()
-            if (this.repository.count(mapOf(Pair("group", id)), this.clazz) > 0) {
-                msg.status = Status.Failure
-                msg.message = "组下还有用户"
-            }
-            msg
-        }
-        roleService.addBeforeRemoveListener(this.clazz.name) { id ->
-            val msg = Message()
-            if (this.repository.count(mapOf(Pair("role", id)), this.clazz) > 0) {
-                msg.status = Status.Failure
-                msg.message = "角色下还有用户"
-            }
-            msg
-        }
+    @Subscribe(["groupBeforeRemoveEvent"])
+    fun beforeRoleRemove(event: BeforeRemoveEvent<Role, String>) {
+        if (this.repository.count(mapOf(Pair("role", event.id!!))) > 0)
+            throw NoticeUserException("角色下还有用户")
+    }
+
+    @Subscribe(["groupBeforeRemoveEvent"])
+    fun beforeGroupRemove(event: BeforeRemoveEvent<Group, String>) {
+        if (this.repository.count(mapOf(Pair("group", event.id!!))) > 0)
+            throw NoticeUserException("用户组下还有用户")
     }
 
     override fun add(command: ICommand): DataMessage<String> {
-        val user = this.convert(command)
+        val user = this.map(command)
         user.password = user.password.toMd5()
         user.token = UUID.randomUUID().toString()
         user.alive = false
-        this.repository.add(user, this.clazz)
-        userNotifier.added(user.id!!, user.name, user.token!!)
+        this.repository.add(user)
+        userNotifier?.added(user.id!!, user.name, user.token!!)
         return DataMessage(user.id!!)
     }
 
@@ -60,28 +53,28 @@ class UserService(
      * @param key 用户ID
      */
     override fun active(key: String, token: String): DataMessage<Any> {
-        val user = this.repository.get(key, this.clazz)
+        val user = this.repository.get(key)!!
         return if (user.alive) {
             DataMessage("用户${user.name}无需重复激活")
         } else {
             if (token == user.token) {
                 user.alive = true
                 user.token = null
-                this.repository.update(user, this.clazz)
+                this.repository.update(user)
                 DataMessage(Status.Success, "用户${user.name}激活成功")
             } else {
-                logger.warn(this, "用户${user.name}激活失败, {key: ${key}, token: ${token}")
+                logger.warn(this, "用户${user.name}激活失败, {key: ${key}, token: $token")
                 DataMessage(Status.Failure, "用户${user.name}激活失败, 请从系统发送的邮件链接激活用户")
             }
         }
     }
 
     override fun changePassword(key: String, password: String, newPassword: String): DataMessage<Any> {
-        val user = this.repository.get(key, this.clazz)
+        val user = this.repository.get(key)!!
         return if (user.password == password.toMd5()) {
             user.password = newPassword.toMd5()
             user.token = null
-            this.repository.update(user, this.clazz)
+            this.repository.update(user)
             DataMessage()
         } else {
             logger.warn(this, "用户修改${user.name}密码失败, 旧密码验证不通过")
@@ -91,24 +84,27 @@ class UserService(
 
 
     override fun resetPassword(key: String, password: String, token: String?): DataMessage<Any> {
-        val user = this.repository.get(key, this.clazz)
+        val user = this.repository.get(key)!!
         return if (token == user.token) {
             user.password = password.toMd5()
             user.token = null
-            this.repository.update(user, this.clazz)
+            this.repository.update(user)
             DataMessage()
         } else {
-            logger.warn(this, "用户重置${user.name}密码失败, 系统密码修改令牌:${user.token}, {key: ${key} , token: ${token}")
+            logger.warn(
+                this,
+                "用户重置${user.name}密码失败, 系统密码修改令牌:${user.token}, {key: $key , token: $token"
+            )
             DataMessage(Status.Failure, "用户重置密码失败, 如需重置密码请从系统发送的邮件链接中重置")
         }
     }
 
     override fun forgotPassword(key: String): DataMessage<String> {
-        val user = this.repository.get(key, this.clazz)
+        val user = this.repository.get(key)!!
         return if (user.alive) {
             user.token = UUID.randomUUID().toString()
-            this.repository.update(user, this.clazz)
-            userNotifier.forgot(user.id!!, user.name, user.token!!)
+            this.repository.update(user)
+            userNotifier?.forgot(user.id!!, user.name, user.token!!)
             DataMessage()
         } else
             DataMessage(Status.Failure, "用户还未激活, 请先激活用户")
diff --git a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/impl/rbac/resource/InterfaceService.kt b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/impl/rbac/resource/InterfaceService.kt
deleted file mode 100644
index 3036f71..0000000
--- a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/impl/rbac/resource/InterfaceService.kt
+++ /dev/null
@@ -1,13 +0,0 @@
-package com.synebula.zeus.domain.service.impl.rbac.resource
-
-import com.synebula.gaea.data.IObjectConverter
-import com.synebula.gaea.domain.repository.IRepository
-import com.synebula.gaea.domain.service.Service
-import com.synebula.gaea.log.ILogger
-import com.synebula.zeus.domain.model.rbac.resource.Interface
-import com.synebula.zeus.domain.service.contr.rbac.resource.IInterfaceService
-
-class InterfaceService(
-        repository: IRepository,
-        converter: IObjectConverter, logger: ILogger
-) : Service<Interface, String>(Interface::class.java, repository, converter, logger), IInterfaceService
\ No newline at end of file
diff --git a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/impl/rbac/resource/PageService.kt b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/impl/rbac/resource/PageService.kt
deleted file mode 100644
index e2746f5..0000000
--- a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/impl/rbac/resource/PageService.kt
+++ /dev/null
@@ -1,13 +0,0 @@
-package com.synebula.zeus.domain.service.impl.rbac.resource
-
-import com.synebula.gaea.data.IObjectConverter
-import com.synebula.gaea.domain.repository.IRepository
-import com.synebula.gaea.domain.service.Service
-import com.synebula.gaea.log.ILogger
-import com.synebula.zeus.domain.model.rbac.resource.Page
-import com.synebula.zeus.domain.service.contr.rbac.resource.IPageService
-
-class PageService(
-        repository: IRepository,
-        converter: IObjectConverter, logger: ILogger
-) : Service<Page, String>(Page::class.java, repository, converter, logger), IPageService
\ No newline at end of file
diff --git a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/impl/rbac/resource/PermissionService.kt b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/impl/rbac/resource/PermissionService.kt
deleted file mode 100644
index 6f57fcd..0000000
--- a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/impl/rbac/resource/PermissionService.kt
+++ /dev/null
@@ -1,13 +0,0 @@
-package com.synebula.zeus.domain.service.impl.rbac.resource
-
-import com.synebula.gaea.data.IObjectConverter
-import com.synebula.gaea.domain.repository.IRepository
-import com.synebula.gaea.domain.service.Service
-import com.synebula.gaea.log.ILogger
-import com.synebula.zeus.domain.model.rbac.resource.Permission
-import com.synebula.zeus.domain.service.contr.rbac.resource.IPermissionService
-
-class PermissionService(
-        repository: IRepository,
-        converter: IObjectConverter, logger: ILogger
-) : Service<Permission, String>(Permission::class.java, repository, converter, logger), IPermissionService
\ No newline at end of file
diff --git a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/impl/rbac/resource/SystemService.kt b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/impl/rbac/resource/SystemService.kt
deleted file mode 100644
index 7dac050..0000000
--- a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/impl/rbac/resource/SystemService.kt
+++ /dev/null
@@ -1,13 +0,0 @@
-package com.synebula.zeus.domain.service.impl.rbac.resource
-
-import com.synebula.gaea.data.IObjectConverter
-import com.synebula.gaea.domain.repository.IRepository
-import com.synebula.gaea.domain.service.Service
-import com.synebula.gaea.log.ILogger
-import com.synebula.zeus.domain.model.rbac.resource.System
-import com.synebula.zeus.domain.service.contr.rbac.resource.ISystemService
-
-class SystemService(
-        repository: IRepository,
-        converter: IObjectConverter, logger: ILogger
-) : Service<System, String>(System::class.java, repository, converter, logger), ISystemService
\ No newline at end of file
diff --git a/src/zeus.env/build.gradle b/src/zeus.env/build.gradle
index d6be859..95d531a 100644
--- a/src/zeus.env/build.gradle
+++ b/src/zeus.env/build.gradle
@@ -1,5 +1,5 @@
 dependencies {
-    compile "com.synebula:gaea:$gaea_version"
+    api "com.synebula:gaea:$gaea_version"
 }
 
 publishing {
diff --git a/src/zeus.env/src/main/kotlin/com/synebula/zeus/env/PermissionType.kt b/src/zeus.env/src/main/kotlin/com/synebula/zeus/env/AuthorityType.kt
similarity index 70%
rename from src/zeus.env/src/main/kotlin/com/synebula/zeus/env/PermissionType.kt
rename to src/zeus.env/src/main/kotlin/com/synebula/zeus/env/AuthorityType.kt
index 845023d..c080c85 100644
--- a/src/zeus.env/src/main/kotlin/com/synebula/zeus/env/PermissionType.kt
+++ b/src/zeus.env/src/main/kotlin/com/synebula/zeus/env/AuthorityType.kt
@@ -1,6 +1,6 @@
 package com.synebula.zeus.env
 
-enum class PermissionType {
+enum class AuthorityType {
     Default,
     Deny,
     Allow
diff --git a/src/zeus.query/build.gradle b/src/zeus.query/build.gradle
index 2d2cafd..3bd4a66 100644
--- a/src/zeus.query/build.gradle
+++ b/src/zeus.query/build.gradle
@@ -1,13 +1,13 @@
 dependencies {
-    compile project(":src:zeus.env")
-    compile "com.synebula:gaea.mongo:$gaea_version"
+    api project(":src:zeus.env")
+    api "com.synebula:gaea.mongodb:$gaea_version"
 }
 
 publishing {
     publications {
         publish(MavenPublication) {
             group 'com.synebula'
-            artifactId 'zeus.view'
+            artifactId 'zeus.query'
             version "$version"
             from components.java
         }
diff --git a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/contr/IAuthorityQuery.kt b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/contr/IAuthorityQuery.kt
new file mode 100644
index 0000000..cebfbf8
--- /dev/null
+++ b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/contr/IAuthorityQuery.kt
@@ -0,0 +1,26 @@
+package com.synebula.zeus.query.contr
+
+import com.synebula.gaea.query.IQuery
+import com.synebula.zeus.env.AuthorityType
+import com.synebula.zeus.env.ResourceType
+import com.synebula.zeus.query.view.AuthorityView
+
+interface IAuthorityQuery : IQuery<AuthorityView, String>  {
+
+    /**
+     * 获取角色已授权的资源
+     *
+     * @param resourceType 资源类型
+     * @param role 角色id
+     */
+    fun authorized(resourceType: ResourceType, role: String): List<AuthorityView>
+
+    /**
+     * 获取角色资源的授权信息
+     *
+     * @param resourceType 资源里欸选哪个
+     * @param resource 资源id
+     * @param role 角色id
+     */
+    fun authorize(resourceType: ResourceType, resource: String, role: String): AuthorityType
+}
diff --git a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/contr/IUserQuery.kt b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/contr/IUserQuery.kt
index 9e6e0e3..2f48903 100644
--- a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/contr/IUserQuery.kt
+++ b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/contr/IUserQuery.kt
@@ -1,10 +1,11 @@
 package com.synebula.zeus.query.contr
 
 import com.synebula.gaea.data.message.DataMessage
+import com.synebula.gaea.query.IQuery
 import com.synebula.zeus.query.view.SignUserView
 import com.synebula.zeus.query.view.UserView
 
-interface IUserQuery {
+interface IUserQuery : IQuery<UserView, String> {
     /**
      * 登录接口
      *
diff --git a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/contr/resouce/IInterfaceQuery.kt b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/contr/resouce/IInterfaceQuery.kt
index 8380b4f..43c69d8 100644
--- a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/contr/resouce/IInterfaceQuery.kt
+++ b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/contr/resouce/IInterfaceQuery.kt
@@ -1,14 +1,14 @@
 package com.synebula.zeus.query.contr.resouce
 
 import com.synebula.gaea.query.IQuery
-import com.synebula.zeus.env.PermissionType
+import com.synebula.zeus.env.AuthorityType
 import com.synebula.zeus.query.view.resource.InterfaceView
 
-interface IInterfaceQuery : IQuery {
+interface IInterfaceQuery : IQuery<InterfaceView, String>  {
 
-    fun withPermission(role: String): List<InterfaceView>
+    fun authorized(role: String): List<InterfaceView>
 
-    fun withPermission(role: String, system: String?): List<InterfaceView>
+    fun authorized(role: String, system: String?): List<InterfaceView>
 
-    fun authentication(resource: String, role: String): PermissionType?
+    fun authorize(resource: String, role: String): AuthorityType?
 }
\ No newline at end of file
diff --git a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/contr/resouce/IPageQuery.kt b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/contr/resouce/IPageQuery.kt
index 9681ebf..af1d25b 100644
--- a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/contr/resouce/IPageQuery.kt
+++ b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/contr/resouce/IPageQuery.kt
@@ -1,16 +1,16 @@
 package com.synebula.zeus.query.contr.resouce
 
 import com.synebula.gaea.query.IQuery
-import com.synebula.zeus.env.PermissionType
+import com.synebula.zeus.env.AuthorityType
 import com.synebula.zeus.query.view.resource.PageView
 
-interface IPageQuery : IQuery {
+interface IPageQuery : IQuery<PageView, String>  {
 
-    fun withPermission(role: String): List<PageView>
+    fun authorized(role: String): List<PageView>
 
-    fun withPermission(role: String, system: String? ): List<PageView>
+    fun authorized(role: String, system: String? ): List<PageView>
 
-    fun authentication(resource: String, role: String): PermissionType?
+    fun authorize(resource: String, role: String): AuthorityType?
 
-    fun uriAuthentication(path: String, role: String): PermissionType?
+    fun uriAuthorize(path: String, role: String): AuthorityType?
 }
\ No newline at end of file
diff --git a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/contr/resouce/IPermissionQuery.kt b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/contr/resouce/IPermissionQuery.kt
deleted file mode 100644
index 3e66d9a..0000000
--- a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/contr/resouce/IPermissionQuery.kt
+++ /dev/null
@@ -1,13 +0,0 @@
-package com.synebula.zeus.query.contr.resouce
-
-import com.synebula.gaea.query.IQuery
-import com.synebula.zeus.env.PermissionType
-import com.synebula.zeus.env.ResourceType
-import com.synebula.zeus.query.view.resource.PermissionView
-
-interface IPermissionQuery : IQuery {
-
-    fun resourcePermissions(resourceType: ResourceType, role: String): List<PermissionView>
-
-    fun authentication(resourceType: ResourceType, resource: String, role: String): PermissionType
-}
diff --git a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/contr/resouce/ISystemQuery.kt b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/contr/resouce/ISystemQuery.kt
index 6b3c130..e467978 100644
--- a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/contr/resouce/ISystemQuery.kt
+++ b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/contr/resouce/ISystemQuery.kt
@@ -1,12 +1,12 @@
 package com.synebula.zeus.query.contr.resouce
 
 import com.synebula.gaea.query.IQuery
-import com.synebula.zeus.env.PermissionType
+import com.synebula.zeus.env.AuthorityType
 import com.synebula.zeus.query.view.resource.SystemView
 
-interface ISystemQuery : IQuery {
+interface ISystemQuery : IQuery<SystemView, String>  {
 
-    fun withPermission(role: String): List<SystemView>
+    fun authorized(role: String): List<SystemView>
 
-    fun authentication(resource: String, role: String): PermissionType?
+    fun authorize(resource: String, role: String): AuthorityType?
 }
\ No newline at end of file
diff --git a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/impl/AuthorityQuery.kt b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/impl/AuthorityQuery.kt
new file mode 100644
index 0000000..93f79ef
--- /dev/null
+++ b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/impl/AuthorityQuery.kt
@@ -0,0 +1,35 @@
+package com.synebula.zeus.query.impl
+
+import com.synebula.gaea.mongodb.query.MongodbQuery
+import com.synebula.zeus.env.AuthorityType
+import com.synebula.zeus.env.ResourceType
+import com.synebula.zeus.query.contr.IAuthorityQuery
+import com.synebula.zeus.query.view.AuthorityView
+import org.springframework.data.mongodb.core.MongoTemplate
+import org.springframework.data.mongodb.core.query.Criteria
+import org.springframework.data.mongodb.core.query.Query
+
+class AuthorityQuery(template: MongoTemplate) :
+    MongodbQuery<AuthorityView, String>(AuthorityView::class.java, template), IAuthorityQuery {
+    var collection = this.collection(this.clazz)
+
+    override fun authorized(resourceType: ResourceType, role: String): List<AuthorityView> {
+        return this.template.find(
+            Query.query(
+                Criteria.where("type").`is`(resourceType)
+                    .and("role").`is`(role)
+            ), this.clazz, this.collection
+        )
+    }
+
+    override fun authorize(resourceType: ResourceType, resource: String, role: String): AuthorityType {
+        val authority = this.template.findOne(
+            Query.query(
+                Criteria.where("type").`is`(resourceType)
+                    .and("resource").`is`(resource)
+                    .and("role").`is`(role)
+            ), this.clazz, this.collection
+        )
+        return authority?.authority ?: AuthorityType.Default
+    }
+}
diff --git a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/impl/UserQuery.kt b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/impl/UserQuery.kt
index 3f297f3..6a18d0b 100644
--- a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/impl/UserQuery.kt
+++ b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/impl/UserQuery.kt
@@ -3,7 +3,8 @@ package com.synebula.zeus.query.impl
 import com.synebula.gaea.data.message.DataMessage
 import com.synebula.gaea.data.message.Status
 import com.synebula.gaea.ext.toMd5
-import com.synebula.gaea.mongo.whereId
+import com.synebula.gaea.mongodb.query.MongodbQuery
+import com.synebula.gaea.mongodb.whereId
 import com.synebula.zeus.query.contr.IUserQuery
 import com.synebula.zeus.query.view.GroupView
 import com.synebula.zeus.query.view.RoleView
@@ -14,8 +15,8 @@ import org.springframework.data.mongodb.core.query.Criteria
 import org.springframework.data.mongodb.core.query.Query
 import org.springframework.data.mongodb.core.query.isEqualTo
 
-class UserQuery(var template: MongoTemplate) : IUserQuery {
-    private val clazz = UserView::class.java
+class UserQuery(template: MongoTemplate) :
+    MongodbQuery<UserView, String>(UserView::class.java, template), IUserQuery {
 
     override fun signIn(name: String, password: String): DataMessage<SignUserView> {
         val query = Query.query(
@@ -29,7 +30,7 @@ class UserQuery(var template: MongoTemplate) : IUserQuery {
             val group = this.template.findOne(whereId(user.group), GroupView::class.java, "group")
             DataMessage(
                 SignUserView(
-                    user.id, user.name, user.realName ?: "",
+                    user.id, user.realName ?: "",
                     user.role ?: "", role?.name ?: "",
                     user.group ?: "", group?.name ?: ""
                 )
diff --git a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/impl/resouce/InterfaceQuery.kt b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/impl/resouce/InterfaceQuery.kt
index b8d2252..a251713 100644
--- a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/impl/resouce/InterfaceQuery.kt
+++ b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/impl/resouce/InterfaceQuery.kt
@@ -1,42 +1,42 @@
 package com.synebula.zeus.query.impl.resouce
 
-import com.synebula.gaea.mongo.query.MongoQuery
-import com.synebula.zeus.env.PermissionType
+import com.synebula.gaea.mongodb.query.MongodbQuery
+import com.synebula.zeus.env.AuthorityType
 import com.synebula.zeus.env.ResourceType
+import com.synebula.zeus.query.contr.IAuthorityQuery
 import com.synebula.zeus.query.contr.resouce.IInterfaceQuery
-import com.synebula.zeus.query.contr.resouce.IPermissionQuery
 import com.synebula.zeus.query.contr.resouce.ISystemQuery
 import com.synebula.zeus.query.view.resource.InterfaceView
 import org.springframework.data.mongodb.core.MongoTemplate
 
-class InterfaceQuery(template: MongoTemplate, var permissionQuery: IPermissionQuery, var systemQuery: ISystemQuery) :
-    MongoQuery(template),
-    IInterfaceQuery {
+class InterfaceQuery(
+    template: MongoTemplate,
+    var authorityQuery: IAuthorityQuery,
+    var systemQuery: ISystemQuery
+) : MongodbQuery<InterfaceView, String>(InterfaceView::class.java, template), IInterfaceQuery {
 
-    private val clazz = InterfaceView::class.java
-
-    override fun withPermission(role: String): List<InterfaceView> {
-        return this.withPermission(role, null)
+    override fun authorized(role: String): List<InterfaceView> {
+        return this.authorized(role, null)
 
     }
 
-    override fun withPermission(role: String, system: String?): List<InterfaceView> {
+    override fun authorized(role: String, system: String?): List<InterfaceView> {
         if (system != null) {
-            val permission = this.systemQuery.authentication(system, role)
-            if (permission == PermissionType.Deny)
+            val authority = this.systemQuery.authorize(system, role)
+            if (authority == AuthorityType.Deny)
                 return listOf()
         }
-        val params = mutableMapOf<String, Any>()
+        val params = mutableMapOf<String, String>()
         if (system != null) params["system"] = system
-        val interfaces = this.list(params, this.clazz)
-        val permissions = this.permissionQuery.resourcePermissions(ResourceType.Interface, role)
+        val interfaces = this.list(params)
+        val authorities = this.authorityQuery.authorized(ResourceType.Interface, role)
         return interfaces.filter { i ->
-            val permission = permissions.find { p -> i.id == p.resource }
-            permission == null || permission.authority == PermissionType.Allow
+            val authority = authorities.find { p -> i.id == p.resource }
+            authority == null || authority.authority == AuthorityType.Allow
         }
     }
 
-    override fun authentication(resource: String, role: String): PermissionType? {
-        return this.permissionQuery.authentication(ResourceType.Interface, resource, role)
+    override fun authorize(resource: String, role: String): AuthorityType {
+        return this.authorityQuery.authorize(ResourceType.Interface, resource, role)
     }
 }
\ No newline at end of file
diff --git a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/impl/resouce/PageQuery.kt b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/impl/resouce/PageQuery.kt
index d40c1c2..d9b9436 100644
--- a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/impl/resouce/PageQuery.kt
+++ b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/impl/resouce/PageQuery.kt
@@ -1,47 +1,48 @@
 package com.synebula.zeus.query.impl.resouce
 
-import com.synebula.gaea.mongo.query.MongoQuery
-import com.synebula.zeus.env.PermissionType
+import com.synebula.gaea.mongodb.query.MongodbQuery
+import com.synebula.zeus.env.AuthorityType
 import com.synebula.zeus.env.ResourceType
+import com.synebula.zeus.query.contr.IAuthorityQuery
 import com.synebula.zeus.query.contr.resouce.IPageQuery
-import com.synebula.zeus.query.contr.resouce.IPermissionQuery
 import com.synebula.zeus.query.contr.resouce.ISystemQuery
 import com.synebula.zeus.query.view.resource.PageView
 import org.springframework.data.mongodb.core.MongoTemplate
 import org.springframework.data.mongodb.core.query.Criteria
 import org.springframework.data.mongodb.core.query.Query
 
-class PageQuery(template: MongoTemplate, var permissionQuery: IPermissionQuery, var systemQuery: ISystemQuery) :
-        MongoQuery(template), IPageQuery {
-    private val clazz = PageView::class.java
+class PageQuery(template: MongoTemplate, var authorityQuery: IAuthorityQuery, var systemQuery: ISystemQuery) :
+    MongodbQuery<PageView, String>(PageView::class.java, template), IPageQuery {
 
-    override fun withPermission(role: String): List<PageView> {
-        return this.withPermission(role, null)
+    override fun authorized(role: String): List<PageView> {
+        return this.authorized(role, null)
     }
 
-    override fun withPermission(role: String, system: String?): List<PageView> {
+    override fun authorized(role: String, system: String?): List<PageView> {
         if (system != null) {
-            val permission = this.systemQuery.authentication(system, role)
-            if (permission == PermissionType.Deny)
+            val authority = this.systemQuery.authorize(system, role)
+            if (authority == AuthorityType.Deny)
                 return listOf()
         }
-        val params = mutableMapOf<String, Any>()
+        val params = mutableMapOf<String, String>()
         if (system != null) params["system"] = system
-        val pages = this.list(params, this.clazz)
-        val permissions = this.permissionQuery.resourcePermissions(ResourceType.Page, role)
+        val pages = this.list(params)
+        val authorities = this.authorityQuery.authorized(ResourceType.Page, role)
         return pages.filter { i ->
-            val permission = permissions.find { p -> i.id == p.resource }
-            permission != null && permission.authority == PermissionType.Allow
+            val authority = authorities.find { p -> i.id == p.resource }
+            authority != null && authority.authority == AuthorityType.Allow
         }
     }
 
-    override fun authentication(resource: String, role: String): PermissionType? {
-        return this.permissionQuery.authentication(ResourceType.Page, resource, role)
+    override fun authorize(resource: String, role: String): AuthorityType {
+        return this.authorityQuery.authorize(ResourceType.Page, resource, role)
     }
 
-    override fun uriAuthentication(path: String, role: String): PermissionType? {
-        val page = this.template.findOne(Query.query(Criteria.where("uri").`is`(path)),
-                this.clazz, this.collection(this.clazz)) ?: return null
-        return this.authentication(page.id!!, role)
+    override fun uriAuthorize(path: String, role: String): AuthorityType? {
+        val page = this.template.findOne(
+            Query.query(Criteria.where("uri").`is`(path)),
+            this.clazz, this.collection(this.clazz)
+        ) ?: return null
+        return this.authorize(page.id!!, role)
     }
 }
diff --git a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/impl/resouce/PermissionQuery.kt b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/impl/resouce/PermissionQuery.kt
deleted file mode 100644
index 24f176b..0000000
--- a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/impl/resouce/PermissionQuery.kt
+++ /dev/null
@@ -1,33 +0,0 @@
-package com.synebula.zeus.query.impl.resouce
-
-import com.synebula.gaea.mongo.query.MongoQuery
-import com.synebula.zeus.env.PermissionType
-import com.synebula.zeus.env.ResourceType
-import com.synebula.zeus.query.contr.resouce.IPermissionQuery
-import com.synebula.zeus.query.view.resource.PermissionView
-import org.springframework.data.mongodb.core.MongoTemplate
-import org.springframework.data.mongodb.core.query.Criteria
-import org.springframework.data.mongodb.core.query.Query
-
-class PermissionQuery(template: MongoTemplate) : MongoQuery(template), IPermissionQuery {
-    var clazz = PermissionView::class.java
-    var collection = this.collection(this.clazz)
-
-    override fun resourcePermissions(resourceType: ResourceType, role: String): List<PermissionView> {
-        return this.template.find(
-                Query.query(
-                        Criteria.where("type").`is`(resourceType)
-                                .and("role").`is`(role)
-                ), this.clazz, this.collection)
-    }
-
-    override fun authentication(resourceType: ResourceType, resource: String, role: String): PermissionType {
-        val permission = this.template.findOne(
-                Query.query(
-                        Criteria.where("type").`is`(resourceType)
-                                .and("resource").`is`(resource)
-                                .and("role").`is`(role)
-                ), this.clazz, this.collection)
-        return permission?.authority ?: PermissionType.Default
-    }
-}
diff --git a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/impl/resouce/SystemQuery.kt b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/impl/resouce/SystemQuery.kt
index 3610547..783e1ad 100644
--- a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/impl/resouce/SystemQuery.kt
+++ b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/impl/resouce/SystemQuery.kt
@@ -1,22 +1,23 @@
 package com.synebula.zeus.query.impl.resouce
 
-import com.synebula.gaea.mongo.query.MongoQuery
-import com.synebula.zeus.env.PermissionType
+import com.synebula.gaea.mongodb.query.MongodbQuery
+import com.synebula.zeus.env.AuthorityType
 import com.synebula.zeus.env.ResourceType
+import com.synebula.zeus.query.contr.IAuthorityQuery
 import com.synebula.zeus.query.contr.resouce.ISystemQuery
 import com.synebula.zeus.query.view.resource.SystemView
 import org.springframework.data.mongodb.core.MongoTemplate
 
-class SystemQuery(template: MongoTemplate, var permissionQuery: PermissionQuery) : MongoQuery(template), ISystemQuery {
-    private val clazz = SystemView::class.java
+class SystemQuery(template: MongoTemplate, var authorityQuery: IAuthorityQuery) :
+    MongodbQuery<SystemView, String>(SystemView::class.java, template), ISystemQuery {
 
-    override fun withPermission(role: String): List<SystemView> {
-        val systems = this.list(mapOf(), this.clazz)
-        val permissions = this.permissionQuery.resourcePermissions(ResourceType.System, role)
-        return systems.filter { i -> permissions.find { p -> i.id == p.resource }?.authority == PermissionType.Allow }
+    override fun authorized(role: String): List<SystemView> {
+        val systems = this.list(mapOf())
+        val authorities = this.authorityQuery.authorized(ResourceType.System, role)
+        return systems.filter { i -> authorities.find { p -> i.id == p.resource }?.authority == AuthorityType.Allow }
     }
 
-    override fun authentication(resource: String, role: String): PermissionType? {
-        return this.permissionQuery.authentication(ResourceType.System, resource, role)
+    override fun authorize(resource: String, role: String): AuthorityType {
+        return this.authorityQuery.authorize(ResourceType.System, resource, role)
     }
 }
\ No newline at end of file
diff --git a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/view/AuthorityView.kt b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/view/AuthorityView.kt
new file mode 100644
index 0000000..1613030
--- /dev/null
+++ b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/view/AuthorityView.kt
@@ -0,0 +1,12 @@
+package com.synebula.zeus.query.view
+
+import com.synebula.zeus.env.AuthorityType
+import com.synebula.zeus.env.ResourceType
+
+class AuthorityView() {
+    var id: String? = null
+    var role = ""
+    var resource = ""
+    var type: ResourceType? = null
+    var authority = AuthorityType.Allow
+}
\ No newline at end of file
diff --git a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/view/GroupView.kt b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/view/GroupView.kt
index a8f3e9c..91e601c 100644
--- a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/view/GroupView.kt
+++ b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/view/GroupView.kt
@@ -1,13 +1,16 @@
 package com.synebula.zeus.query.view
 
-import com.synebula.gaea.query.annotation.Table
-import com.synebula.gaea.query.annotation.Where
-import com.synebula.gaea.query.type.Operator
+import com.synebula.gaea.query.Operator
+import com.synebula.gaea.query.Table
+import com.synebula.gaea.query.Where
+
 
 @Table("group")
 class GroupView {
     var id: String? = null
 
-    @Where(Operator.like)
+    @Where(Operator.Like)
     var name = ""
+
+    var desc = ""
 }
diff --git a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/view/RoleView.kt b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/view/RoleView.kt
index 0846d7f..0894ae2 100644
--- a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/view/RoleView.kt
+++ b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/view/RoleView.kt
@@ -1,9 +1,10 @@
 package com.synebula.zeus.query.view
 
-import com.synebula.gaea.query.annotation.Table
+import com.synebula.gaea.query.Table
 
 @Table("role")
 class RoleView {
     var id: String? = null
     var name = ""
+    var desc = ""
 }
\ No newline at end of file
diff --git a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/view/SignUserView.kt b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/view/SignUserView.kt
index 14d68d6..4fe7275 100644
--- a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/view/SignUserView.kt
+++ b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/view/SignUserView.kt
@@ -1,11 +1,34 @@
 package com.synebula.zeus.query.view
 
 class SignUserView(
-    var id: String = "",
-    var name: String = "",
-    var realName: String = "",
-    var role: String = "",
-    var roleName: String = "",
-    var group: String = "",
-    var groupName: String = ""
+    /**
+     * 用户id
+     */
+    var uid: String = "",
+
+    /**
+     * 用户名称
+     */
+    var uname: String = "",
+
+    /**
+     * 角色id
+     */
+    var rid: String = "",
+
+    /**
+     * 角色名称
+     */
+    var rname: String = "",
+
+    /**
+     * 组id
+     */
+    var gid: String = "",
+
+    /**
+     * 组名称
+     */
+    var gname: String = "",
+    var remember: Boolean = false
 )
\ No newline at end of file
diff --git a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/view/UserView.kt b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/view/UserView.kt
index 364b97f..2ff38a1 100644
--- a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/view/UserView.kt
+++ b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/view/UserView.kt
@@ -1,8 +1,8 @@
 package com.synebula.zeus.query.view
 
-import com.synebula.gaea.query.annotation.Table
-import com.synebula.gaea.query.annotation.Where
-import com.synebula.gaea.query.type.Operator
+import com.synebula.gaea.query.Operator
+import com.synebula.gaea.query.Table
+import com.synebula.gaea.query.Where
 
 @Table("user")
 class UserView {
@@ -12,7 +12,7 @@ class UserView {
 
     var password: String = ""
 
-    @Where(Operator.like)
+    @Where(Operator.Like)
     var realName: String? = null
 
     var phone: String? = null
diff --git a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/view/resource/PermissionView.kt b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/view/resource/PermissionView.kt
deleted file mode 100644
index 2031afd..0000000
--- a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/view/resource/PermissionView.kt
+++ /dev/null
@@ -1,12 +0,0 @@
-package com.synebula.zeus.query.view.resource
-
-import com.synebula.zeus.env.PermissionType
-import com.synebula.zeus.env.ResourceType
-
-class PermissionView() {
-    var id: String? = null
-    var role = ""
-    var resource = ""
-    var type: ResourceType? = null
-    var authority = PermissionType.Allow
-}
\ No newline at end of file
diff --git a/src/zeus.repository/build.gradle b/src/zeus.repository/build.gradle
new file mode 100644
index 0000000..87ae0c6
--- /dev/null
+++ b/src/zeus.repository/build.gradle
@@ -0,0 +1,17 @@
+dependencies {
+    api project(":src:zeus.env")
+    api project(":src:zeus.domain")
+    api "com.synebula:gaea.mongodb:$gaea_version"
+}
+
+publishing {
+    publications {
+        publish(MavenPublication) {
+            group 'com.synebula'
+            artifactId 'zeus.repository'
+            version "$version"
+            from components.java
+        }
+    }
+}
+
diff --git a/src/zeus.repository/src/main/kotlin/com/synebula/zeus/repository/AuthorityRepository.kt b/src/zeus.repository/src/main/kotlin/com/synebula/zeus/repository/AuthorityRepository.kt
new file mode 100644
index 0000000..6430e75
--- /dev/null
+++ b/src/zeus.repository/src/main/kotlin/com/synebula/zeus/repository/AuthorityRepository.kt
@@ -0,0 +1,23 @@
+package com.synebula.zeus.repository
+
+import com.synebula.gaea.mongodb.repository.MongodbRepository
+import com.synebula.zeus.domain.model.rbac.Authority
+import com.synebula.zeus.domain.repository.rbac.IAuthorityRepository
+import com.synebula.zeus.env.ResourceType
+import org.springframework.data.mongodb.core.MongoTemplate
+import org.springframework.data.mongodb.core.query.Criteria
+import org.springframework.data.mongodb.core.query.Query
+
+class AuthorityRepository(var template: MongoTemplate) :
+    MongodbRepository<Authority, String>(Authority::class.java, template), IAuthorityRepository {
+    override fun removeByResourceRole(type: ResourceType, resource: List<String>, role: String) {
+        this.template.remove(
+            Query.query(
+                Criteria.where("type").`is`(type)
+                    .and("resource").`in`(resource)
+                    .and("role").`is`(role)
+            ),
+            Authority::class.java
+        )
+    }
+}
\ No newline at end of file