0.7.0 重构permission为authority并增加一些方法

2021-04-18 00:07:34 +08:00
parent 45d080b27c
commit d0807c56fa
30 changed files with 256 additions and 130 deletions
--- a/build.gradle
+++ b/build.gradle
@@ -21,7 +21,7 @@ allprojects {

 subprojects {
    ext {
-        version '0.6.3'
+        version '0.7.0'
        gaea_version = '0.10.3'
        spring_version = "2.3.0.RELEASE"
    }
--- a/settings.gradle
+++ b/settings.gradle
@@ -4,3 +4,5 @@ include 'src:zeus.app'
 include 'src:zeus.domain'
 include 'src:zeus.query'
 include 'src:zeus.env'
+include 'src:zeus.repository'
+
--- a/src/zeus.app/build.gradle
+++ b/src/zeus.app/build.gradle
@@ -13,6 +13,7 @@ jar.enabled = true    //jar SKIPPED问题,不设置可能会无法打jar
 dependencies {
    compile project(":src:zeus.domain")
    compile project(":src:zeus.query")
+    compile project(":src:zeus.repository")
    compile "com.synebula:gaea.app:$gaea_version"
    compile "com.synebula:gaea.mongo:$gaea_version"

--- a/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/config/ZeusServices.kt
+++ b/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/config/ZeusServices.kt
@@ -10,7 +10,8 @@ import org.springframework.stereotype.Component
@ComponentScan(
    basePackages = [
        "com.synebula.zeus.domain.service.impl",
-        "com.synebula.zeus.query.impl"
+        "com.synebula.zeus.query.impl",
+        "com.synebula.zeus.repository"
    ],
    includeFilters = [Filter(type = FilterType.CUSTOM, classes = [AllTypeFilter::class])]
 )
--- a/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/controller/rbac/AuthorityApp.kt
+++ b/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/controller/rbac/AuthorityApp.kt
@@ -0,0 +1,42 @@
+package com.synebula.zeus.app.controller.rbac
+
+import com.synebula.gaea.app.Application
+import com.synebula.gaea.app.component.aop.annotation.MethodName
+import com.synebula.gaea.app.struct.HttpMessage
+import com.synebula.gaea.log.ILogger
+import com.synebula.zeus.domain.service.cmd.rbac.AuthorityBatchAddCmd
+import com.synebula.zeus.domain.service.cmd.rbac.AuthorityCmd
+import com.synebula.zeus.domain.service.contr.rbac.IAuthorityService
+import com.synebula.zeus.env.ResourceType
+import com.synebula.zeus.query.contr.IAuthorityQuery
+import com.synebula.zeus.query.view.AuthorityView
+import org.springframework.web.bind.annotation.*
+
+@RestController
+@RequestMapping("/authorities")
+class AuthorityApp(
+    query: IAuthorityQuery,
+    logger: ILogger,
+    private var authorityService: IAuthorityService
+) : Application<AuthorityCmd, AuthorityView, String>(
+    "权限信息", AuthorityView::class.java,
+    authorityService, query, logger
+) {
+    @MethodName("批量添加权限信息")
+    @PostMapping("/batch")
+    fun add(@RequestBody cmd: AuthorityBatchAddCmd): HttpMessage {
+        this.authorityService.add(cmd)
+        return HttpMessage()
+    }
+
+    @MethodName("根据资源和角色删除权限")
+    @DeleteMapping("/{type}/role/{role}")
+    fun removeByResourceRole(
+        @PathVariable type: ResourceType,
+        @PathVariable role: String,
+        @RequestBody resource: List<String>
+    ): HttpMessage {
+        this.authorityService.removeByResourceRole(type, resource, role)
+        return HttpMessage()
+    }
+}
--- a/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/controller/rbac/resource/PermissionApp.kt
+++ b/src/zeus.app/src/main/kotlin/com/synebula/zeus/app/controller/rbac/resource/PermissionApp.kt
@@ -1,21 +0,0 @@
-package com.synebula.zeus.app.controller.rbac.resource
-
-import com.synebula.gaea.app.Application
-import com.synebula.gaea.log.ILogger
-import com.synebula.zeus.domain.service.cmd.rbac.resource.PermissionCmd
-import com.synebula.zeus.domain.service.contr.rbac.resource.IPermissionService
-import com.synebula.zeus.query.contr.resouce.IPermissionQuery
-import com.synebula.zeus.query.view.resource.PermissionView
-import org.springframework.web.bind.annotation.RequestMapping
-import org.springframework.web.bind.annotation.RestController
-
-@RestController
-@RequestMapping("/permissions")
-class PermissionApp(
-    service: IPermissionService,
-    query: IPermissionQuery,
-    logger: ILogger
-) : Application<PermissionCmd, PermissionView, String>(
-    "权限信息", PermissionView::class.java,
-    service, query, logger
-)
--- a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/model/rbac/Authority.kt
+++ b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/model/rbac/Authority.kt
@@ -0,0 +1,19 @@
+package com.synebula.zeus.domain.model.rbac
+
+import com.synebula.gaea.domain.model.AggregateRoot
+import com.synebula.zeus.env.AuthorityType
+import com.synebula.zeus.env.ResourceType
+
+class Authority(override var id: String? = null) : AggregateRoot<String>() {
+    var role = ""
+    var resource = ""
+    var type: ResourceType? = null
+    var authority = AuthorityType.Allow
+
+    constructor(role: String, resource: String, type: ResourceType?, authority: AuthorityType) : this() {
+        this.role = role
+        this.resource = resource
+        this.type = type
+        this.authority = authority
+    }
+}
--- a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/model/rbac/resource/Permission.kt
+++ b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/model/rbac/resource/Permission.kt
@@ -1,12 +0,0 @@
-package com.synebula.zeus.domain.model.rbac.resource
-
-import com.synebula.gaea.domain.model.AggregateRoot
-import com.synebula.zeus.env.PermissionType
-import com.synebula.zeus.env.ResourceType
-
-class Permission(override var id: String? = null) : AggregateRoot<String>() {
-    var role = ""
-    var resource = ""
-    var type: ResourceType? = null
-    var authority = PermissionType.Allow
-}
--- a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/repository/IAuthorityRepository.kt
+++ b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/repository/IAuthorityRepository.kt
@@ -0,0 +1,8 @@
+package com.synebula.zeus.domain.repository
+
+import com.synebula.gaea.domain.repository.IRepository
+import com.synebula.zeus.env.ResourceType
+
+interface IAuthorityRepository : IRepository {
+    fun removeByResourceRole(type: ResourceType, resource: List<String>, role: String)
+}
--- a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/cmd/rbac/AuthorityBatchAddCmd.kt
+++ b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/cmd/rbac/AuthorityBatchAddCmd.kt
@@ -0,0 +1,12 @@
+package com.synebula.zeus.domain.service.cmd.rbac
+
+import com.synebula.gaea.domain.service.Command
+import com.synebula.zeus.env.AuthorityType
+import com.synebula.zeus.env.ResourceType
+
+class AuthorityBatchAddCmd : Command() {
+    var role = ""
+    var resource = listOf<String>()
+    var type: ResourceType? = null
+    var authority = AuthorityType.Allow
+}
--- a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/cmd/rbac/resource/PermissionCmd.kt
+++ b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/cmd/rbac/resource/PermissionCmd.kt
@@ -1,13 +1,13 @@
-package com.synebula.zeus.domain.service.cmd.rbac.resource
+package com.synebula.zeus.domain.service.cmd.rbac

 import com.synebula.gaea.domain.service.Command
-import com.synebula.zeus.env.PermissionType
+import com.synebula.zeus.env.AuthorityType
 import com.synebula.zeus.env.ResourceType

-class PermissionCmd : Command() {
+class AuthorityCmd : Command() {
    var id: String? = null
    var role = ""
    var resource = ""
    var type: ResourceType? = null
-    var authority = PermissionType.Allow
+    var authority = AuthorityType.Allow
 }
--- a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/contr/rbac/IAuthorityService.kt
+++ b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/contr/rbac/IAuthorityService.kt
@@ -0,0 +1,14 @@
+package com.synebula.zeus.domain.service.contr.rbac
+
+import com.synebula.gaea.domain.service.IService
+import com.synebula.zeus.domain.model.rbac.Authority
+import com.synebula.zeus.domain.service.cmd.rbac.AuthorityBatchAddCmd
+import com.synebula.zeus.env.ResourceType
+
+interface IAuthorityService : IService<String> {
+
+    fun add(cmd: AuthorityBatchAddCmd)
+
+    fun removeByResourceRole(type: ResourceType, resource: List<String>, role: String)
+
+}
--- a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/contr/rbac/resource/IPermissionService.kt
+++ b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/contr/rbac/resource/IPermissionService.kt
@@ -1,7 +0,0 @@
-package com.synebula.zeus.domain.service.contr.rbac.resource
-
-import com.synebula.gaea.domain.service.IService
-
-interface IPermissionService : IService<String> {
-
-}
--- a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/impl/rbac/AuthorityService.kt
+++ b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/impl/rbac/AuthorityService.kt
@@ -0,0 +1,26 @@
+package com.synebula.zeus.domain.service.impl.rbac
+
+import com.synebula.gaea.data.IObjectConverter
+import com.synebula.gaea.domain.service.Service
+import com.synebula.gaea.log.ILogger
+import com.synebula.zeus.domain.model.rbac.Authority
+import com.synebula.zeus.domain.repository.IAuthorityRepository
+import com.synebula.zeus.domain.service.cmd.rbac.AuthorityBatchAddCmd
+import com.synebula.zeus.domain.service.contr.rbac.IAuthorityService
+import com.synebula.zeus.env.ResourceType
+
+class AuthorityService(
+    private var authorityRepository: IAuthorityRepository,
+    converter: IObjectConverter, logger: ILogger
+) : Service<Authority, String>(Authority::class.java, authorityRepository, converter, logger),
+    IAuthorityService {
+
+    override fun add(cmd: AuthorityBatchAddCmd) {
+        val authorities = cmd.resource.map { Authority(cmd.role, it, cmd.type, cmd.authority) }
+        this.repository.add(authorities, this.clazz)
+    }
+
+    override fun removeByResourceRole(type: ResourceType, resource: List<String>, role: String) {
+        this.authorityRepository.removeByResourceRole(type, resource, role)
+    }
+}
--- a/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/impl/rbac/resource/PermissionService.kt
+++ b/src/zeus.domain/src/main/kotlin/com/synebula/zeus/domain/service/impl/rbac/resource/PermissionService.kt
@@ -1,13 +0,0 @@
-package com.synebula.zeus.domain.service.impl.rbac.resource
-
-import com.synebula.gaea.data.IObjectConverter
-import com.synebula.gaea.domain.repository.IRepository
-import com.synebula.gaea.domain.service.Service
-import com.synebula.gaea.log.ILogger
-import com.synebula.zeus.domain.model.rbac.resource.Permission
-import com.synebula.zeus.domain.service.contr.rbac.resource.IPermissionService
-
-class PermissionService(
-        repository: IRepository,
-        converter: IObjectConverter, logger: ILogger
-) : Service<Permission, String>(Permission::class.java, repository, converter, logger), IPermissionService
--- a/src/zeus.env/src/main/kotlin/com/synebula/zeus/env/PermissionType.kt
+++ b/src/zeus.env/src/main/kotlin/com/synebula/zeus/env/PermissionType.kt
@@ -1,6 +1,6 @@
 package com.synebula.zeus.env

-enum class PermissionType {
+enum class AuthorityType {
    Default,
    Deny,
    Allow
--- a/src/zeus.query/build.gradle
+++ b/src/zeus.query/build.gradle
@@ -7,7 +7,7 @@ publishing {
    publications {
        publish(MavenPublication) {
            group 'com.synebula'
-            artifactId 'zeus.view'
+            artifactId 'zeus.query'
            version "$version"
            from components.java
        }
--- a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/contr/IAuthorityQuery.kt
+++ b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/contr/IAuthorityQuery.kt
@@ -0,0 +1,26 @@
+package com.synebula.zeus.query.contr
+
+import com.synebula.gaea.query.IQuery
+import com.synebula.zeus.env.AuthorityType
+import com.synebula.zeus.env.ResourceType
+import com.synebula.zeus.query.view.AuthorityView
+
+interface IAuthorityQuery : IQuery {
+
+    /**
+     * 获取角色已授权的资源
+     *
+     * @param resourceType 资源类型
+     * @param role 角色id
+     */
+    fun authorized(resourceType: ResourceType, role: String): List<AuthorityView>
+
+    /**
+     * 获取角色资源的授权信息
+     *
+     * @param resourceType 资源里欸选哪个
+     * @param resource 资源id
+     * @param role 角色id
+     */
+    fun authorize(resourceType: ResourceType, resource: String, role: String): AuthorityType
+}
--- a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/contr/resouce/IInterfaceQuery.kt
+++ b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/contr/resouce/IInterfaceQuery.kt
@@ -1,7 +1,7 @@
 package com.synebula.zeus.query.contr.resouce

 import com.synebula.gaea.query.IQuery
-import com.synebula.zeus.env.PermissionType
+import com.synebula.zeus.env.AuthorityType
 import com.synebula.zeus.query.view.resource.InterfaceView

 interface IInterfaceQuery : IQuery {
@@ -10,5 +10,5 @@ interface IInterfaceQuery : IQuery {

    fun authorized(role: String, system: String?): List<InterfaceView>

-    fun authorize(resource: String, role: String): PermissionType?
+    fun authorize(resource: String, role: String): AuthorityType?
 }
--- a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/contr/resouce/IPageQuery.kt
+++ b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/contr/resouce/IPageQuery.kt
@@ -1,7 +1,7 @@
 package com.synebula.zeus.query.contr.resouce

 import com.synebula.gaea.query.IQuery
-import com.synebula.zeus.env.PermissionType
+import com.synebula.zeus.env.AuthorityType
 import com.synebula.zeus.query.view.resource.PageView

 interface IPageQuery : IQuery {
@@ -10,7 +10,7 @@ interface IPageQuery : IQuery {

    fun authorized(role: String, system: String? ): List<PageView>

-    fun authorize(resource: String, role: String): PermissionType?
+    fun authorize(resource: String, role: String): AuthorityType?

-    fun uriAuthorize(path: String, role: String): PermissionType?
+    fun uriAuthorize(path: String, role: String): AuthorityType?
 }
--- a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/contr/resouce/IPermissionQuery.kt
+++ b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/contr/resouce/IPermissionQuery.kt
@@ -1,13 +0,0 @@
-package com.synebula.zeus.query.contr.resouce
-
-import com.synebula.gaea.query.IQuery
-import com.synebula.zeus.env.PermissionType
-import com.synebula.zeus.env.ResourceType
-import com.synebula.zeus.query.view.resource.PermissionView
-
-interface IPermissionQuery : IQuery {
-
-    fun resourcePermissions(resourceType: ResourceType, role: String): List<PermissionView>
-
-    fun authentication(resourceType: ResourceType, resource: String, role: String): PermissionType
-}
--- a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/contr/resouce/ISystemQuery.kt
+++ b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/contr/resouce/ISystemQuery.kt
@@ -1,12 +1,12 @@
 package com.synebula.zeus.query.contr.resouce

 import com.synebula.gaea.query.IQuery
-import com.synebula.zeus.env.PermissionType
+import com.synebula.zeus.env.AuthorityType
 import com.synebula.zeus.query.view.resource.SystemView

 interface ISystemQuery : IQuery {

    fun authorized(role: String): List<SystemView>

-    fun authorize(resource: String, role: String): PermissionType?
+    fun authorize(resource: String, role: String): AuthorityType?
 }
--- a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/impl/resouce/PermissionQuery.kt
+++ b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/impl/resouce/PermissionQuery.kt
@@ -1,19 +1,20 @@
-package com.synebula.zeus.query.impl.resouce
+package com.synebula.zeus.query.impl

 import com.synebula.gaea.mongo.query.MongoQuery
-import com.synebula.zeus.env.PermissionType
+import com.synebula.zeus.env.AuthorityType
 import com.synebula.zeus.env.ResourceType
-import com.synebula.zeus.query.contr.resouce.IPermissionQuery
-import com.synebula.zeus.query.view.resource.PermissionView
+import com.synebula.zeus.query.contr.IAuthorityQuery
+import com.synebula.zeus.query.view.AuthorityView
 import org.springframework.data.mongodb.core.MongoTemplate
 import org.springframework.data.mongodb.core.query.Criteria
 import org.springframework.data.mongodb.core.query.Query

-class PermissionQuery(template: MongoTemplate) : MongoQuery(template), IPermissionQuery {
-    var clazz = PermissionView::class.java
+class AuthorityQuery(template: MongoTemplate) : MongoQuery(template),
+    IAuthorityQuery {
+    var clazz = AuthorityView::class.java
    var collection = this.collection(this.clazz)

-    override fun resourcePermissions(resourceType: ResourceType, role: String): List<PermissionView> {
+    override fun authorized(resourceType: ResourceType, role: String): List<AuthorityView> {
        return this.template.find(
                Query.query(
                        Criteria.where("type").`is`(resourceType)
@@ -21,13 +22,13 @@ class PermissionQuery(template: MongoTemplate) : MongoQuery(template), IPermissi
                ), this.clazz, this.collection)
    }

-    override fun authentication(resourceType: ResourceType, resource: String, role: String): PermissionType {
-        val permission = this.template.findOne(
+    override fun authorize(resourceType: ResourceType, resource: String, role: String): AuthorityType {
+        val authority = this.template.findOne(
                Query.query(
                        Criteria.where("type").`is`(resourceType)
                                .and("resource").`is`(resource)
                                .and("role").`is`(role)
                ), this.clazz, this.collection)
-        return permission?.authority ?: PermissionType.Default
+        return authority?.authority ?: AuthorityType.Default
    }
 }
--- a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/impl/resouce/InterfaceQuery.kt
+++ b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/impl/resouce/InterfaceQuery.kt
@@ -1,15 +1,15 @@
 package com.synebula.zeus.query.impl.resouce

 import com.synebula.gaea.mongo.query.MongoQuery
-import com.synebula.zeus.env.PermissionType
+import com.synebula.zeus.env.AuthorityType
 import com.synebula.zeus.env.ResourceType
 import com.synebula.zeus.query.contr.resouce.IInterfaceQuery
-import com.synebula.zeus.query.contr.resouce.IPermissionQuery
+import com.synebula.zeus.query.contr.IAuthorityQuery
 import com.synebula.zeus.query.contr.resouce.ISystemQuery
 import com.synebula.zeus.query.view.resource.InterfaceView
 import org.springframework.data.mongodb.core.MongoTemplate

-class InterfaceQuery(template: MongoTemplate, var permissionQuery: IPermissionQuery, var systemQuery: ISystemQuery) :
+class InterfaceQuery(template: MongoTemplate, var authorityQuery: IAuthorityQuery, var systemQuery: ISystemQuery) :
    MongoQuery(template),
    IInterfaceQuery {

@@ -22,21 +22,21 @@ class InterfaceQuery(template: MongoTemplate, var permissionQuery: IPermissionQu

    override fun authorized(role: String, system: String?): List<InterfaceView> {
        if (system != null) {
-            val permission = this.systemQuery.authorize(system, role)
-            if (permission == PermissionType.Deny)
+            val authority = this.systemQuery.authorize(system, role)
+            if (authority == AuthorityType.Deny)
                return listOf()
        }
        val params = mutableMapOf<String, Any>()
        if (system != null) params["system"] = system
        val interfaces = this.list(params, this.clazz)
-        val permissions = this.permissionQuery.resourcePermissions(ResourceType.Interface, role)
+        val authorities = this.authorityQuery.authorized(ResourceType.Interface, role)
        return interfaces.filter { i ->
-            val permission = permissions.find { p -> i.id == p.resource }
-            permission == null || permission.authority == PermissionType.Allow
+            val authority = authorities.find { p -> i.id == p.resource }
+            authority == null || authority.authority == AuthorityType.Allow
        }
    }

-    override fun authorize(resource: String, role: String): PermissionType {
-        return this.permissionQuery.authentication(ResourceType.Interface, resource, role)
+    override fun authorize(resource: String, role: String): AuthorityType {
+        return this.authorityQuery.authorize(ResourceType.Interface, resource, role)
    }
 }
--- a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/impl/resouce/PageQuery.kt
+++ b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/impl/resouce/PageQuery.kt
@@ -1,17 +1,17 @@
 package com.synebula.zeus.query.impl.resouce

 import com.synebula.gaea.mongo.query.MongoQuery
-import com.synebula.zeus.env.PermissionType
+import com.synebula.zeus.env.AuthorityType
 import com.synebula.zeus.env.ResourceType
 import com.synebula.zeus.query.contr.resouce.IPageQuery
-import com.synebula.zeus.query.contr.resouce.IPermissionQuery
+import com.synebula.zeus.query.contr.IAuthorityQuery
 import com.synebula.zeus.query.contr.resouce.ISystemQuery
 import com.synebula.zeus.query.view.resource.PageView
 import org.springframework.data.mongodb.core.MongoTemplate
 import org.springframework.data.mongodb.core.query.Criteria
 import org.springframework.data.mongodb.core.query.Query

-class PageQuery(template: MongoTemplate, var permissionQuery: IPermissionQuery, var systemQuery: ISystemQuery) :
+class PageQuery(template: MongoTemplate, var authorityQuery: IAuthorityQuery, var systemQuery: ISystemQuery) :
    MongoQuery(template), IPageQuery {
    private val clazz = PageView::class.java

@@ -21,25 +21,25 @@ class PageQuery(template: MongoTemplate, var permissionQuery: IPermissionQuery,

    override fun authorized(role: String, system: String?): List<PageView> {
        if (system != null) {
-            val permission = this.systemQuery.authorize(system, role)
-            if (permission == PermissionType.Deny)
+            val authority = this.systemQuery.authorize(system, role)
+            if (authority == AuthorityType.Deny)
                return listOf()
        }
        val params = mutableMapOf<String, Any>()
        if (system != null) params["system"] = system
        val pages = this.list(params, this.clazz)
-        val permissions = this.permissionQuery.resourcePermissions(ResourceType.Page, role)
+        val authorities = this.authorityQuery.authorized(ResourceType.Page, role)
        return pages.filter { i ->
-            val permission = permissions.find { p -> i.id == p.resource }
-            permission != null && permission.authority == PermissionType.Allow
+            val authority = authorities.find { p -> i.id == p.resource }
+            authority != null && authority.authority == AuthorityType.Allow
        }
    }

-    override fun authorize(resource: String, role: String): PermissionType {
-        return this.permissionQuery.authentication(ResourceType.Page, resource, role)
+    override fun authorize(resource: String, role: String): AuthorityType {
+        return this.authorityQuery.authorize(ResourceType.Page, resource, role)
    }

-    override fun uriAuthorize(path: String, role: String): PermissionType? {
+    override fun uriAuthorize(path: String, role: String): AuthorityType? {
        val page = this.template.findOne(
            Query.query(Criteria.where("uri").`is`(path)),
            this.clazz, this.collection(this.clazz)
--- a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/impl/resouce/SystemQuery.kt
+++ b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/impl/resouce/SystemQuery.kt
@@ -1,22 +1,23 @@
 package com.synebula.zeus.query.impl.resouce

 import com.synebula.gaea.mongo.query.MongoQuery
-import com.synebula.zeus.env.PermissionType
+import com.synebula.zeus.env.AuthorityType
 import com.synebula.zeus.env.ResourceType
 import com.synebula.zeus.query.contr.resouce.ISystemQuery
+import com.synebula.zeus.query.impl.AuthorityQuery
 import com.synebula.zeus.query.view.resource.SystemView
 import org.springframework.data.mongodb.core.MongoTemplate

-class SystemQuery(template: MongoTemplate, var permissionQuery: PermissionQuery) : MongoQuery(template), ISystemQuery {
+class SystemQuery(template: MongoTemplate, var authorityQuery: AuthorityQuery) : MongoQuery(template), ISystemQuery {
    private val clazz = SystemView::class.java

    override fun authorized(role: String): List<SystemView> {
        val systems = this.list(mapOf(), this.clazz)
-        val permissions = this.permissionQuery.resourcePermissions(ResourceType.System, role)
-        return systems.filter { i -> permissions.find { p -> i.id == p.resource }?.authority == PermissionType.Allow }
+        val authorities = this.authorityQuery.authorized(ResourceType.System, role)
+        return systems.filter { i -> authorities.find { p -> i.id == p.resource }?.authority == AuthorityType.Allow }
    }

-    override fun authorize(resource: String, role: String): PermissionType {
-        return this.permissionQuery.authentication(ResourceType.System, resource, role)
+    override fun authorize(resource: String, role: String): AuthorityType {
+        return this.authorityQuery.authorize(ResourceType.System, resource, role)
    }
 }
--- a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/view/AuthorityView.kt
+++ b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/view/AuthorityView.kt
@@ -0,0 +1,12 @@
+package com.synebula.zeus.query.view
+
+import com.synebula.zeus.env.AuthorityType
+import com.synebula.zeus.env.ResourceType
+
+class AuthorityView() {
+    var id: String? = null
+    var role = ""
+    var resource = ""
+    var type: ResourceType? = null
+    var authority = AuthorityType.Allow
+}
--- a/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/view/resource/PermissionView.kt
+++ b/src/zeus.query/src/main/kotlin/com/synebula/zeus/query/view/resource/PermissionView.kt
@@ -1,12 +0,0 @@
-package com.synebula.zeus.query.view.resource
-
-import com.synebula.zeus.env.PermissionType
-import com.synebula.zeus.env.ResourceType
-
-class PermissionView() {
-    var id: String? = null
-    var role = ""
-    var resource = ""
-    var type: ResourceType? = null
-    var authority = PermissionType.Allow
-}
--- a/src/zeus.repository/build.gradle
+++ b/src/zeus.repository/build.gradle
@@ -0,0 +1,17 @@
+dependencies {
+    compile project(":src:zeus.env")
+    compile project(":src:zeus.domain")
+    compile "com.synebula:gaea.mongo:$gaea_version"
+}
+
+publishing {
+    publications {
+        publish(MavenPublication) {
+            group 'com.synebula'
+            artifactId 'zeus.repository'
+            version "$version"
+            from components.java
+        }
+    }
+}
+
--- a/src/zeus.repository/src/main/kotlin/com/synebula/zeus/repository/AuthorityRepository.kt
+++ b/src/zeus.repository/src/main/kotlin/com/synebula/zeus/repository/AuthorityRepository.kt
@@ -0,0 +1,22 @@
+package com.synebula.zeus.repository
+
+import com.synebula.gaea.mongo.repository.MongoRepository
+import com.synebula.zeus.domain.model.rbac.Authority
+import com.synebula.zeus.domain.repository.IAuthorityRepository
+import com.synebula.zeus.env.ResourceType
+import org.springframework.data.mongodb.core.MongoTemplate
+import org.springframework.data.mongodb.core.query.Criteria
+import org.springframework.data.mongodb.core.query.Query
+
+class AuthorityRepository(var template: MongoTemplate) : MongoRepository(template), IAuthorityRepository {
+    override fun removeByResourceRole(type: ResourceType, resource: List<String>, role: String) {
+        this.template.remove(
+            Query.query(
+                Criteria.where("type").`is`(type)
+                    .and("resource").`in`(resource)
+                    .and("role").`is`(role)
+            ),
+            Authority::class.java
+        )
+    }
+}