1 Star 0 Fork 194

luomor / SAAS-UPMS

forked from LC / SAAS-UPMS 
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
贡献代码
同步代码
取消
提示: 由于 Git 不支持空文件夾,创建文件夹后会生成空的 .keep 文件
Loading...
README
Apache-2.0

SAAS权限管理系统

基于 Spring cloudnacosvue的前后端分离分布式微服务Saas权限管理系统。

一、演示地址

租的阿里云的服务器,内存有限,只搭了一套正式环境,下面运维/运营只给了查看权限,没有操作权限。更多的功能建议自己下载代码运行后试试吧。

基于该权限管理系统,配套开发了C端博客系统。

如果觉得不错的话,可以给我一个start嘛?

二、项目文件结构

  • server:后端工程
    • nacos:注册中心
    • tools:通用工具包
    • operate:运营/用户后端
    • gateway:接口网关
    • log:日志后端
    • sync:任务调度后端
    • chat:实时IM后端
    • tenant:租户管理后端
  • ui:前端工程
    • common:前端公用组件
    • operate:运营/运维前端
    • me:个人前端
    • tenant:租户权限管理前端
  • nginxnginx配置文件
  • sql: 初始化脚本

三、功能目录

运营/运维

  1. 管理员登录

  2. 导航栏功能

    • 顶部导航栏动态生成、左侧导航栏动态生成
    • 修改密码
    • 退出登录
      • 主动退出、超时自动退出
    • 修改默认配置
      • 显示所有角色菜单(是)、显示所有机构菜单(是)
        • 展示拥有的角色的所有菜单合集,拥有的所有机构的数据权限
      • 显示所有角色菜单(是)、显示所有机构菜单(否)
        • 拥有默认机构的数据权限,展示该机构所拥有的角色的所有菜单合集
      • 显示所有角色菜单(否)、显示所有机构菜单(是)
        • 展示默认角色的菜单,拥有该角色该用户所拥有的机构数据权限
      • 显示所有角色菜单(否)、显示所有机构菜单(是)
        • 展示默认角色的菜单,拥有默认角色、默认机构的数据权限
    • 切换机构
      • 显示所有机构菜单否时,能够切换,逻辑参考修改默认配置的说明
    • 切换角色
      • 显示所有角色菜单否是,能够切换,逻辑参考修改默认配置的说明
  3. 系统管理

    • 微服务接口管理
      • 微服务接口查询、访问统计显示
      • 访问授权编辑:无限制、内部调用、登录访问、授权访问
      • 刷新产品授权限制信息:根据产品中子产品绑定的菜单按钮信息,自动设置接口的访问授权信息
    • 前端管理
      • 前端查询、新增、编辑、删除
      • 前端页面查询、新增、编辑、删除
      • 页面按钮查询、新增、编辑、删除
        • 按钮请求链接选取微服务接口数据进行设置
    • 网关路由管理
      • 网关路由查询、新增、修改、删除
        • 服务内部路由,服务外部路由(TODO
      • 内置对外接口访问权限控制
    • 产品管理
      • 产品树查询、新增、修改、删除、清空产品树缓存
      • 产品树绑定菜单查询、新增、修改、删除
      • 支持运维/运营、C端用户、B端租户三种产品用途
      • 支持顶级产品、共存式子产品、排斥式子产品三种产品类型
        • 角色绑定菜单时,只能选取共存式子产品的菜单进行绑定
        • 多个共存式产品可以同时授权一个租户,租户拥有授权产品的菜单树合集
        • 排斥式子产品用于解决一个产品线需要拥有两套异构的菜单树的情况
    • 配置管理
      • 配置查询功能
      • 配置用途:系统配置、用户配置、机构配置、租户配置、机构-用户配置、租户-用户配置、租户-机构配置、租户-机构-用户配置
      • 配置类型:下拉多选、下拉单选、文本
      • 支持分组
    • 系统配置管理
      • 系统配置查询、更新
    • 预制配置管理:给租户提供预制配置信息,便于新增租户能够直接使用
      • 预制配置查询、更新
    • 文件管理:使用fastdfs进行存储
      • 文件查询
  4. 管理员/用户管理

    • 管理员/用户管理

      • 管理员/用户查询、新增、编辑、删除、重置密码、锁定
      • 绑定/解绑机构、授权角色查看
      • 授权菜单查看:切换机构、切换角色后能访问的菜单和接口,及接口能操作的数据权限
    • 管理员/用户机构管理

      • 机构树查询、新增、编辑、删除
      • 查询授权角色、查询绑定用户
    • 管理员/用户角色管理

      • 角色查询、新增、编辑、删除
    • 授权/解除授权菜单、机构、机构管理员

      • 角色类型
        • 机构角色:角色授权机构,则绑定该机构的所有用户拥有该角色权限,用于普通员工
        • 机构成员角色:角色授权机构且授权机构下具体用户,用户才拥有该角色权限,用于组长、部长、头目等
      • 数据权限(该角色绑定菜单范围内)
        • 所有机构:用户拥有该角色,则能够查询所有机构的数据
        • 所属机构及下级机构:用户拥有该角色,则能够查询该用户直接绑定的机构,及对应未绑定的所有下级机构的数据权限
        • 所属机构:用户拥有该角色,则能够查询该用户绑定的机构数据
        • 个人数据:只能查询管理员自己的数据
  5. 租户管理

    • 租户申请工单:申请工单查询、审核/驳回
    • 租户管理:租户查询、应用开通/关闭、编辑
  6. 日志管理

    • 系统日志管理:日志查询
      • 请求id、链路id、请求时间、访问来源、服务名称、是否成功、耗时、真实访问ip、入参出参
      • 每个接口调用成功(业务成功或失败)返回体中拥有请求id,根据这个请求id在该页面能查询到该请求所有的链路信息,及成功失败信息
  7. 任务管理

    • 定时任务管理
      • 任务查询、复制、编辑、启用/暂停、删除、执行日志
        • 任务参数:自定义任务参数,用于任务需求变化后快速修改
        • 原始任务通过编码实现,服务启动时自动入库更新
        • 可以通过复制获取任务的多个副本,修改自定义参数实现扩展的功能
      • 执行日志:获取定时任务运行日志
    • 任务日志管理:
      • 任务日志查询
        • 名称、消息、耗时、是否成功、时间
  8. 数据权限管理

    • 数据权限查询、新增、编辑
      • 用途:运维/运营、C端用户
      • 数据权限类型:
        • 机构:机构拥有该数据权限,则该机构下的用户用户该数据权限
        • 机构成员:机构拥有该数据权限,并且机构下的用户绑定该数据权限,则用户才拥有该数据权限
      • 数据选项:自定义或者通过编码进行动态插入,如数据权限、微服务数据权限、前端工程数据权限,就是通过编码掉接口动态获取的数据
    • 机构授权信息:数据权限类型为机构时显示
      • 机构授权查询、编辑、授权/解除
    • 机构成员授权信息:数据权限类型为机构成员时显示
      • 机构成员授权查询、授权/解除
  9. 访问统计信息

    • 当天访问数据:微服务、接口/小时 访问数据查询
    • 历史访问数据:微服务、接口/天 访问数据查询

C端用户

  1. 用户注册、登录
  2. 导航栏功能
    • 顶部导航栏动态生成、左侧导航栏动态生成、修改密码、退出登录、修改默认配置、切换机构、切换角色
      • 参照运营/运维导航栏功能说明
    • 企业
      • 查询拥有的企业列表
      • 跳转进入其中一个企业(租户)首页
  3. 个人中心
    • 我的信息:我的信息查询、编辑、头像变更
    • 企业信息:拥有企业列表查询、设置默认登录企业
    • 企业注册申请:企业注册申请查询、申请注册企业
  4. 聊天室:使用nettywebSocket实现
    • 最新消息
      • 最新消息列表
        • 群信息
          • 查询近期消息列表、发送信息、实时获取最新消息
          • 群名称修改
          • 群成员展示、添加、移除
          • 我在本群的昵称编辑
          • 聊天设置:正常、屏蔽
        • 私聊信息
          • 查询近期消息列表、发送信息、实时获取最新消息
          • 聊天设置:正常、屏蔽
    • 通讯录
      • 我的好友:好友列表查询、添加好友、发送消息
      • 新的好友:好友申请查询、同意/拒绝
      • 我的群组:群组查询、新建、发消息

B端租户

  1. 租户登录
    • 以三级域名作为租户代码

      • 登录验证租户代码、成员账号、成员密码
      • 租户间数据隔离
    • 密码RSA前端加密,后端解密

    • 根据权限生成授权菜单树

  2. 导航栏功能:
    • 参照运营/运维导航栏功能说明
    • 个人中心:从C端用户账号登录后通过企业下拉选框进入的拥有该功能,用于返回C端用户界面
  3. 系统管理
    • 机构管理:参照管理员/用户管理
    • 用户管理:管理员/用户管理
    • 角色管理:管理员/用户管理
    • 配置管理
      • 配置查询、编辑
      • 原始配置数据来自 运维/运营预制配置中的数据

四、设计与技巧文档

五、架构

技术架构

技术架构图.jpg

业务架构

业务概述.jpg

服务对应功能

前后端服务 对应功能 是否开源
/server/operate
/server/gateway
/ui/operate
管理员权限管理
微服务接口管理
前端管理
产品管理
网关管理
配置管理
文件管理
/server/log
/server/sync
系统日志管理
任务管理
任务日志管理
/ui/me 用户权限管理
/server/chat 聊天系统
通讯录
/server/tenant
/ui/tenant
租户权限管理
/server/worldTree
/ui/web
世界树和辩论堂相关功能
/server/article
/ui/article
/ui/article-info
文章相关功能

/server/nacosoperategateway/me/operate是基础微服务,只运行这四个服务,即可拥有运维运营及管理员主要功能。

/server/logsync这两个后端服务,提供日志和任务调度功能,不启动这两个微服务的情况下,请确保其他服务配置文件中日志推送标志不为true(默认为false) log.posh=false ,为true的情况下,每个微服务都会将各自的日志信息存储到redis中,然后靠synclog服务从redis中取出进行消费。

/ui/me,运行这个前端服务,即可使用C端用户功能。

/server/chat,运行这个后端服务,C端用户即可使用聊天和通讯录功能,前端在/ui/me

/server/tenant/ui/tenant,运行这两个服务后,可以使用租户管理相关功能。租户功能除了依赖之前的基础服务外,还依赖C端用户的功能,因为租户成员账号是 C端用户的一个身份,一个C端用户可以有多个租户成员账号。

:当然要使用上述的功能,还得开通相应的权限才行

六、运行和部署

serverui文件内的工程都是独立的,正规公司都是每个工程都单独一个git工程,我这为了方便放一个git里了。

  1. 创建数据库、导入数据

  2. 启动redisnacos

    # redis自行启动,nacos在/server/nacos/bin/ 目录中有配套的启动文件 
    # 注意linux下单机启动命令如下
    sh startup.sh -m standalone
  3. 配置启动/server/operate、gateway

    operate是基础核心服务,gateway是接口网关,所有前端接口调用都走gateway,gateway是动态网关,网关信息从redis中的获取(operate启动时将网关信息从数据库读取然后存储到redis中)。

  4. 启动/ui/operate

    # /ui/operate
    npm install
    npm run dev

    启动成功后访问 http://localhost:8081/admin/login 登录即可 运维运营用户名/密码 admin/123456aA. 此时除了日志功能、任务调用功能访问会报404,租户功能不能正常使用外,其他功能都能正常使用了。

  5. 启动/ui/me

    # /ui/me
    npm install
    npm run dev

    启动成功后访问 http://localhost:8083/me/login 登录 C端用户名/密码 15739575703/123456aA. 此时处理聊天功能、租户功能外,C端功能都能使用。

  6. 配置启动/server/chat

    启动成功后,C端聊天功能能够正常使用

  7. 配置启动/server/log、sync

    启动成功后,运维运营端日志功能和任务调度功能能够正常使用了

  8. 配置启动/server/tenant

  9. 启动/ui/tenant

    启动成功后访问,http://localhost:8084/tenant/login 租户成员账号/密码 15739575703/a123456 此时,租户功能能够正常使用了。

    注意:这是多租户系统,所以每个租户的登录地址都应该是这样的 http://{租户代码}.域名.com/tenant/login,通过二级域名的方式进行登录,然后将二级域名作为一个参数传递给后端服务,用于辨识是那个租户,所以本地启动时,需要在/ui/tenant/config/index.js文件中,将要用于登录的租户成员账号对应的租户代码进行手动填入,模拟二级域名缺失的参数

    'use strict'
    // Template version: 1.3.1
    // see http://vuejs-templates.github.io/webpack for documentation.
    
    const path = require('path')
    
    function onProxyReq (proxyReq, req, res) {
      // 本地开发时,只能使用 如下设置的 B端租户代码 对应的B端账号进行登录
      proxyReq.setHeader('LOGIN-TENANT-CODE', 'applyTenantTest13');
      proxyReq.setHeader('ACCESS-SOURCE', 'nc-nginx');
    }
    module.exports = {
      dev: {
        // Paths
        assetsSubDirectory: 'static',
        assetsPublicPath: '/',
        proxyTable: {
          '/tenantApi': {
            target: 'http://localhost:1081/',
            changeOrigin: true,
            // 代理响应事件
            onProxyReq: onProxyReq,
            pathRewrite: {
              '^/': '/'
            }
          }
        },
    
        // Various Dev Server settings
        host: 'localhost', // can be overwritten by process.env.HOST
        port: 8084, // can be overwritten by process.env.PORT, if port is in use, a free one will be determined
    ...
    }

七、结束

有啥通用的权限相关的需求可以提供给我,能力范围内会尽力实现

有啥问题可以加我微信问我

微信图片_20201231163736.jpg

如果觉得不错的话,可以给我一个start嘛?

Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

简介

基于 Spring cloud、nacos、vue的前后端分离分布式微服务Saas权限管理系统。包含运维/运营、C端用户、B端租户成员三套用户体系的权限管理,切换机构、切换角色,支持四个级别的页面接口访问权限校验、四个级别的数据权限的设置和校验,机构角色和机构用户两种用户授权模式,微服务接口管理、接口访问权限动态设置、接口访问量统计功能,前端工程、前端页面、页面按钮管理配置功能,产品线管理功能,租户开通工单功能,租户预制角色管理功能,系统、用户、机构、租户配置功能,预制配置功能,日志管理功能,任务调度功能,微服接口访问量统计功能,C端用户实时IM功能。 展开 收起
Java
Apache-2.0
取消

发行版

暂无发行版

贡献者

全部

近期动态

加载更多
不能加载更多了
Java
1
https://gitee.com/luomor/nodecollege-upms.git
git@gitee.com:luomor/nodecollege-upms.git
luomor
nodecollege-upms
SAAS-UPMS
master

搜索帮助

14c37bed 8189591 565d56ea 8189591