开放所有系统Controller给您足够的自定义空间

modules/core/src/main/java/com/jeesite/modules/file/web/FileUploadController.java

@@ -0,0 +1,86 @@
+/**
+ * Copyright (c) 2013-Now http://jeesite.com All rights reserved.
+ * No deletion without permission, or be held responsible to law.
+ */
+package com.jeesite.modules.file.web;
+
+import com.jeesite.common.collect.MapUtils;
+import com.jeesite.common.config.Global;
+import com.jeesite.common.web.BaseController;
+import com.jeesite.modules.file.entity.FileUpload;
+import com.jeesite.modules.file.entity.FileUploadParams;
+import com.jeesite.modules.file.service.FileUploadService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.Map;
+
+/**
+ * 文件管理Controller
+ * @author ThinkGem
+ * @version 2019-12-23
+ */
+@Controller
+@RequestMapping(value = "${adminPath}/file")
+@ConditionalOnProperty(name={"file.enabled","web.core.enabled"}, havingValue="true", matchIfMissing=true)
+public class FileUploadController extends BaseController {
+
+	@Autowired
+	private FileUploadService fileUploadService;
+
+	/**
+	 * 上传文件参数
+	 */
+	@RequestMapping(value = "params")
+	@ResponseBody
+	public Map<String, Object> params() {
+		Map<String, Object> model = MapUtils.newHashMap();
+		model.put("imageAllowSuffixes", Global.getConfig("file.imageAllowSuffixes", FileUploadParams.DEFAULT_IMAGE_ALLOW_SUFFIXES));
+		model.put("mediaAllowSuffixes", Global.getConfig("file.mediaAllowSuffixes", FileUploadParams.DEFAULT_MEDIA_ALLOW_SUFFIXES));
+		model.put("fileAllowSuffixes", Global.getConfig("file.fileAllowSuffixes", FileUploadParams.DEFAULT_FILE_ALLOW_SUFFIXES));
+		model.put("chunked", Global.getConfig("file.chunked", "true"));
+		model.put("chunkSize", Global.getConfigToInteger("file.chunkSize", "10*1024*1024"));
+		model.put("threads", Global.getConfigToInteger("file.threads", "3"));
+		model.put("imageMaxWidth", Global.getConfigToInteger("file.imageMaxWidth", "1024"));
+		model.put("imageMaxHeight", Global.getConfigToInteger("file.imageMaxHeight", "768"));
+		return model;
+	}
+
+	/**
+	 * 上传文件
+	 */
+	@RequestMapping(value = "upload")
+	@ResponseBody
+	public Map<String, Object> uploadFile(FileUploadParams params) {
+		return fileUploadService.uploadFile(new FileUpload(), params);
+	}
+
+	/**
+	 * 下载文件
+	 */
+	@RequestMapping(value = "/download/{fileUploadId}")
+	public String downloadFile(@PathVariable("fileUploadId") String fileUploadId, String preview, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+		FileUpload fileUpload = fileUploadService.getFile(new FileUpload(fileUploadId));
+		return fileUploadService.downloadFile(fileUpload, preview, request, response);
+	}
+
+	/**
+	 * 获取文件列表
+	 * @param fileUpload bizKey 和 bizType 为必填参数
+	 * @param bizKeyIsLike 是否对 bizKey 使用 RightLike 右模糊查询
+	 */
+	@RequestMapping(value = "fileList")
+	@ResponseBody
+	public String getFileList(FileUpload fileUpload, Boolean bizKeyIsLike) {
+		return fileUploadService.getFileList(fileUpload, bizKeyIsLike);
+	}
+	
+}

modules/core/src/main/java/com/jeesite/modules/file/web/UserfilesController.java

@@ -0,0 +1,108 @@
+/**
+ * Copyright (c) 2013-Now http://jeesite.com All rights reserved.
+ * No deletion without permission, or be held responsible to law.
+ */
+package com.jeesite.modules.file.web;
+
+import com.jeesite.common.codec.EncodeUtils;
+import com.jeesite.common.config.Global;
+import com.jeesite.common.io.FileUtils;
+import com.jeesite.common.lang.StringUtils;
+import com.jeesite.common.web.BaseController;
+import org.apache.commons.lang3.math.NumberUtils;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import springfox.documentation.annotations.ApiIgnore;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.File;
+import java.io.IOException;
+
+/**
+ * 用户文件下载
+ * @author ThinkGem
+ * @version 2022-09-27
+ */
+@Controller
+@ConditionalOnProperty(name="file.isFileStreamDown", havingValue="true", matchIfMissing=true)
+@ApiIgnore
+public class UserfilesController extends BaseController {
+
+	@RequestMapping(value="/userfiles/**")
+	public String fileStreamDown(HttpServletRequest request, HttpServletResponse response)
+			throws ServletException, IOException {
+
+		// 获取相对文件地址
+		String fileUri = request.getRequestURI();
+		String filePath = StringUtils.substringAfter(fileUri, Global.USERFILES_BASE_URL);
+		String fileName = request.getParameter("fileName");
+		
+		// 如果开启了文件预览，则跳转到具体的文件预览组件地址。
+		String preview = request.getParameter("preview");
+		if (StringUtils.isNotBlank(preview)){
+			String fileUrl = request.getRequestURL() + "?source=preview";
+			String url = request.getParameter("url");
+			String uid = request.getParameter("uid");
+			if (StringUtils.isNotBlank(url) && StringUtils.isNotBlank(uid)){
+				fileUrl = url; //EncodeUtils.decodeUrl(url); 不用解码，否则腾讯云存储的时候预览不能显示
+				fileUri = Global.getCtxPath() + Global.getAdminPath() + "/file/download/" + uid;
+				filePath = fileName;
+			} else if (StringUtils.isNotBlank(fileName)){
+				fileUri += "?fileName=" + EncodeUtils.encodeUrl(fileName);
+			}
+			String previewUrl = "/file/" + preview + "/preview";
+			request.setAttribute("fileUrl", fileUrl);	// 文件访问地址
+			request.setAttribute("fileUri", fileUri);	// 文件下载地址（fileDown）
+			request.setAttribute("filePath", filePath);	// 文件相对路径或文件名
+			request.setAttribute("fileUrls", request.getParameter("urls"));	// 前后照片列表
+			request.setAttribute(RequestDispatcher.FORWARD_REQUEST_URI, previewUrl);
+			request.getRequestDispatcher(previewUrl).forward(request, response);
+			return null;
+		}
+
+		// 获取文件实际路径
+		filePath = Global.getUserfilesBaseDir(filePath);
+		
+		// 根据实际路径获取文件对象
+		File file = new File(EncodeUtils.decodeUrl(filePath));
+		
+		// 如果文件不存在，尝试下gbk编码
+		if (!file.exists()){
+			File gbkFile = new File(EncodeUtils.decodeUrl(filePath, "GBK"));
+			if (gbkFile.exists()){
+				file = gbkFile;
+			}
+		}
+		
+		// 下载文件，发送到客户浏览器
+		String range = request.getHeader("Range");
+		if (StringUtils.isNotBlank(range)){
+			logger.debug("File: {}  Range: {}", file, range);
+		}else{
+			logger.debug("File: {}", file);
+		}
+		if (StringUtils.isBlank(fileName)){
+			fileName = file.getName();
+		}
+		// 替换到百度编辑器上传的日期时间后缀
+		String filenameTimeSuffix = StringUtils.substringAfterLast(FileUtils.getFileNameWithoutExtension(fileName), "_$");
+		if (NumberUtils.isCreatable(filenameTimeSuffix)){
+			fileName = StringUtils.replace(fileName, "_$" + filenameTimeSuffix, "");
+		}
+		if (file.exists()){
+			FileUtils.downFile(file, request, response, fileName);
+			return null;
+		}
+
+		// 找不到下载文件，提示文件丢失或不存在
+		request.setAttribute("responseStatus", 200);
+		request.setAttribute("message", text("sys.file.downloadFileNotExist"));
+		request.getRequestDispatcher("/error/404").forward(request, response);
+		return null;
+	}
+	
+}

modules/core/src/main/java/com/jeesite/modules/sys/web/AreaController.java

@@ -14,7 +14,6 @@ import com.jeesite.common.web.BaseController;
 import com.jeesite.modules.sys.entity.Area;
 import com.jeesite.modules.sys.service.AreaService;
 import com.jeesite.modules.sys.utils.AreaUtils;
-import com.jeesite.modules.sys.utils.UserUtils;
 import io.swagger.annotations.Api;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -257,8 +256,8 @@ public class AreaController extends BaseController {
 	@RequiresPermissions("sys:area:edit")
 	@RequestMapping(value = "fixTreeData")
 	@ResponseBody
-	public String fixTreeData(){
+	public String fixTreeData(Area area){
-		if (!UserUtils.getUser().isAdmin()){
+		if (!area.currentUser().isAdmin()){
 			return renderResult(Global.FALSE, text("操作失败，只有管理员才能进行修复！"));
 		}
 		areaService.fixTreeData();

modules/core/src/main/java/com/jeesite/modules/sys/web/AuditController.java

@@ -0,0 +1,148 @@
+/**
+ * Copyright (c) 2013-Now http://jeesite.com All rights reserved.
+ * No deletion without permission, or be held responsible to law.
+ */
+package com.jeesite.modules.sys.web;
+
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.shiro.authz.annotation.RequiresPermissions;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+import com.jeesite.common.collect.ListUtils;
+import com.jeesite.common.collect.MapUtils;
+import com.jeesite.common.entity.Page;
+import com.jeesite.common.lang.DateUtils;
+import com.jeesite.common.lang.ObjectUtils;
+import com.jeesite.common.lang.StringUtils;
+import com.jeesite.common.utils.excel.ExcelExport;
+import com.jeesite.common.web.BaseController;
+import com.jeesite.modules.sys.entity.Menu;
+import com.jeesite.modules.sys.entity.Audit;
+import com.jeesite.modules.sys.service.AuditService;
+
+import springfox.documentation.annotations.ApiIgnore;
+
+/**
+ * 安全审计Controller
+ * @author ThinkGem
+ * @version 2020-3-12
+ */
+@Controller
+@RequestMapping(value = "${adminPath}/sys/audit")
+@ConditionalOnProperty(name={"user.enabled","web.core.enabled"}, havingValue="true", matchIfMissing=true)
+@ApiIgnore
+public class AuditController extends BaseController {
+
+	@Autowired
+	private AuditService auditService;
+
+	/**
+	 * 安全审计列表
+	 */
+	@RequiresPermissions("sys:audit:pwd")
+	@RequestMapping(value = "list")
+	public String auditList(Audit audit, Model model) {
+		model.addAttribute("audit", audit);
+		return "modules/sys/auditList";
+	}
+
+	/**
+	 * 安全审计列表数据
+	 */
+	@RequiresPermissions("sys:audit:pwd")
+	@ResponseBody
+	@RequestMapping(value = "listData")
+	public Page<Audit> auditListData(Audit audit, HttpServletRequest request, HttpServletResponse response) {
+		audit.setPage(new Page<>(request, response));
+		Page<Audit> page = auditService.findAuditPage(audit);
+		return page;
+	}
+
+	/**
+	 * 安全审计数据导出
+	 */
+	@RequiresPermissions("sys:audit:pwd")
+	@RequestMapping(value = "exportData")
+	public void auditExportData(Audit audit, HttpServletRequest request, HttpServletResponse response) {
+		String fileName = "安全审计数据" + DateUtils.getDate("yyyyMMdd") + ".xlsx";
+		audit.setPage(new Page<>(1, Page.PAGE_SIZE_NOT_PAGING, Page.COUNT_NOT_COUNT));
+		List<Audit> list = auditService.findAuditPage(audit).getList();
+		try (ExcelExport ee = new ExcelExport("安全审计数据", Audit.class)) {
+			ee.setDataList(list).write(response, fileName);
+		}
+	}
+
+	/**
+	 * 根据权限查用户
+	 */
+	@RequiresPermissions("sys:audit:user")
+	@RequestMapping(value = "userList")
+	public String userList(Audit audit, Model model) {
+		model.addAttribute("audit", audit);
+		return "modules/sys/auditUserList";
+	}
+
+	/**
+	 * 根据权限查用户数据
+	 */
+	@RequiresPermissions("sys:audit:user")
+	@RequestMapping(value = "userListData")
+	@ResponseBody
+	public Page<Audit> userListData(Audit audit, HttpServletRequest request, HttpServletResponse response) {
+		audit.setPage(new Page<>(request, response));
+		Page<Audit> page = auditService.findUserPage(audit);
+		return page;
+	}
+	
+	/**
+	 * 根据用户查权限
+	 */
+	@RequiresPermissions("sys:audit:menu")
+	@RequestMapping(value = "menuList")
+	public String menuList(Audit audit, Model model) {
+		model.addAttribute("audit", audit);
+		return "modules/sys/auditMenuList";
+	}
+
+	/**
+	 * 根据用户查权限数据
+	 */
+	@RequiresPermissions("sys:audit:menu")
+	@ResponseBody
+	@RequestMapping(value = "menuTreeData")
+	public Map<String, Object> menuListData(Audit audit) {
+		Map<String, Object> model = MapUtils.newHashMap();
+		List<Menu> menuList = auditService.findMenuList(audit);
+		Map<String, List<Map<String, String>>> map = MapUtils.newLinkedHashMap();
+		for (Menu menu : menuList){
+			List<Map<String, String>> list = map.get(menu.getSysCode());
+			if (list == null){
+				list = ListUtils.newArrayList();
+				map.put(menu.getSysCode(), list);
+			}
+			Map<String, String> m = MapUtils.newHashMap();
+			m.put("id", menu.getMenuCode());
+			m.put("pId", menu.getParentCode());
+			m.put("name", menu.getMenuName() + "<font color=#888> &nbsp; &nbsp; "
+					+ StringUtils.abbr(ObjectUtils.toString(menu.getPermission()) + " &nbsp; "
+					+ ObjectUtils.toString(menu.getMenuHref()), 50) + "</font>");
+			m.put("title", menu.getMenuName() + "&nbsp;" 
+					+ ObjectUtils.toString(menu.getPermission()) + "\n"
+					+ ObjectUtils.toString(menu.getMenuHref()));
+			list.add(m);
+		}
+		model.put("menuMap", map);
+		return model;
+	}
+
+}

modules/core/src/main/java/com/jeesite/modules/sys/web/CompanyController.java

@@ -14,7 +14,6 @@ import com.jeesite.modules.sys.entity.Company;
 import com.jeesite.modules.sys.entity.Office;
 import com.jeesite.modules.sys.service.CompanyService;
 import com.jeesite.modules.sys.service.OfficeService;
-import com.jeesite.modules.sys.utils.UserUtils;
 import io.swagger.annotations.Api;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -271,8 +270,8 @@ public class CompanyController extends BaseController {
 	@RequiresPermissions("sys:company:edit")
 	@RequestMapping(value = "fixTreeData")
 	@ResponseBody
-	public String fixTreeData() {
+	public String fixTreeData(Company company) {
-		if (!UserUtils.getUser().isAdmin()){
+		if (!company.currentUser().isAdmin()){
 			return renderResult(Global.FALSE, text("操作失败，只有管理员才能进行修复！"));
 		}
 		companyService.fixTreeData();

modules/core/src/main/java/com/jeesite/modules/sys/web/ConfigController.java

@@ -0,0 +1,158 @@
+/**
+ * Copyright (c) 2013-Now http://jeesite.com All rights reserved.
+ * No deletion without permission, or be held responsible to law.
+ */
+package com.jeesite.modules.sys.web;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.shiro.authz.annotation.RequiresPermissions;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.ModelAttribute;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+import com.jeesite.common.config.Global;
+import com.jeesite.common.entity.Page;
+import com.jeesite.common.lang.StringUtils;
+import com.jeesite.common.web.BaseController;
+import com.jeesite.modules.sys.entity.Config;
+import com.jeesite.modules.sys.service.ConfigService;
+
+import springfox.documentation.annotations.ApiIgnore;
+
+/**
+ * 参数设置Controller
+ * @author ThinkGem
+ * @version 2014-07-31
+ */
+@Controller
+@RequestMapping(value = "${adminPath}/sys/config")
+@ConditionalOnProperty(name="web.core.enabled", havingValue="true", matchIfMissing=true)
+@ApiIgnore
+public class ConfigController extends BaseController {
+
+	@Autowired
+	private ConfigService configService;
+	
+	/**
+	 * 获取数据
+	 * @param id
+	 * @return
+	 */
+	@ModelAttribute
+	public Config get(String id, boolean isNewRecord) {
+		return configService.get(id, isNewRecord);
+	}
+	
+	/**
+	 * 查询列表
+	 * @param config
+	 * @param model
+	 * @return
+	 */
+	@RequiresPermissions("sys:config:view")
+	@RequestMapping(value = "list")
+	public String list(Config config, Model model) {
+		model.addAttribute("config", config);
+		return "modules/sys/configList";
+	}
+	
+	/**
+	 * 查询列表
+	 * @param config
+	 * @param request
+	 * @param response
+	 * @return
+	 */
+	@RequiresPermissions("sys:config:view")
+	@RequestMapping(value = "listData")
+	@ResponseBody
+	public Page<Config> listData(Config config, HttpServletRequest request, HttpServletResponse response) {
+		config.setPage(new Page<>(request, response));
+		Page<Config> page = configService.findPage(config); 
+		return page;
+	}
+
+	/**
+	 * 查看编辑表单
+	 * @param config
+	 * @param model
+	 * @return
+	 */
+	@RequiresPermissions("sys:config:view")
+	@RequestMapping(value = "form")
+	public String form(Config config, Model model) {
+		model.addAttribute("config", config);
+		return "modules/sys/configForm";
+	}
+	
+	/**
+	 * 保存数据
+	 * @param config
+	 * @return
+	 */
+	@RequiresPermissions("sys:config:edit")
+	@PostMapping(value = "save")
+	@ResponseBody
+	public String save(@Validated Config config, HttpServletRequest request) {
+		// 获取原数据的isSys状态，如果是系统数据，则必须超级管理员编辑
+		Config old = super.getWebDataBinderSource(request);
+		if (old != null && Global.YES.equals(old.getIsSys()) && !config.currentUser().isSuperAdmin()){
+			return renderResult(Global.FALSE, text("越权操作，只有超级管理员才能修改系统数据！"));
+		}
+		// 不是超级管理员，不能修改Name和Key
+		if (!config.currentUser().isSuperAdmin()){
+			config.setConfigName(old.getConfigName());
+			config.setConfigKey(old.getConfigKey());
+			config.setIsSys(Global.NO);
+		}
+		configService.save(config);
+		return renderResult(Global.TRUE, text("保存参数成功"));
+	}
+	
+	/**
+	 * 验证Key是否有效
+	 */
+	@RequiresPermissions("sys:config:edit")
+	@RequestMapping(value = "checkConfigKey")
+	@ResponseBody
+	public String checkConfigKey(String oldConfigKey, String configKey) {
+		Config where = new Config();
+		where.setConfigKey(configKey);
+		if (configKey != null && configKey.equals(oldConfigKey)) {
+			return Global.TRUE;
+		} else if (configKey != null && configService.findCount(where) == 0) {
+			return Global.TRUE;
+		}
+		return Global.FALSE;
+	}
+	
+	/**
+	 * 删除数据
+	 * @param config
+	 * @return
+	 */
+	@RequiresPermissions("sys:config:edit")
+	@RequestMapping(value = "delete")
+	@ResponseBody
+	public String delete(Config config, HttpServletRequest request) {
+		if (StringUtils.isNotBlank(request.getParameter("isSys"))){
+			return renderResult(Global.FALSE, text("越权操作，isSys非法参数"));
+		}
+		// 获取原数据的isSys状态，如果是系统数据，则必须超级管理员编辑
+		Config old = super.getWebDataBinderSource(request);
+		if (old != null && Global.YES.equals(old.getIsSys()) && !config.currentUser().isSuperAdmin()){
+			return renderResult(Global.FALSE, text("越权操作，只有超级管理员才能修改系统数据！"));
+		}
+		configService.delete(config);
+		return renderResult(Global.TRUE, text("删除参数成功"));
+	}
+
+}

modules/core/src/main/java/com/jeesite/modules/sys/web/DictDataController.java

@@ -0,0 +1,295 @@
+/**
+ * Copyright (c) 2013-Now http://jeesite.com All rights reserved.
+ * No deletion without permission, or be held responsible to law.
+ */
+package com.jeesite.modules.sys.web;
+
+import com.jeesite.common.collect.ListUtils;
+import com.jeesite.common.collect.MapUtils;
+import com.jeesite.common.config.Global;
+import com.jeesite.common.idgen.IdGen;
+import com.jeesite.common.lang.StringUtils;
+import com.jeesite.common.web.BaseController;
+import com.jeesite.modules.sys.entity.DictData;
+import com.jeesite.modules.sys.entity.DictType;
+import com.jeesite.modules.sys.service.DictDataService;
+import com.jeesite.modules.sys.service.DictTypeService;
+import com.jeesite.modules.sys.utils.DictUtils;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.ModelAttribute;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+import springfox.documentation.annotations.ApiIgnore;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * 字典管理Controller
+ * @author ThinkGem
+ * @version 2019-07-27
+ */
+@Controller
+@RequestMapping(value = "${adminPath}/sys/dictData")
+@ConditionalOnProperty(name="web.core.enabled", havingValue="true", matchIfMissing=true)
+@ApiIgnore
+public class DictDataController extends BaseController {
+
+	@Autowired
+	private DictDataService dictDataService;
+	@Autowired
+	private DictTypeService dictTypeService;
+	
+	/**
+	 * 获取数据
+	 */
+	@ModelAttribute
+	public DictData get(String dictCode, boolean isNewRecord) {
+		return dictDataService.get(dictCode, isNewRecord);
+	}
+	
+	/**
+	 * 查询列表
+	 */
+	@RequiresPermissions("sys:dictData:view")
+	@RequestMapping(value = "list")
+	public String list(DictData dictData, Model model) {
+		model.addAttribute("dictData", dictData);
+		return "modules/sys/dictDataList";
+	}
+
+	/**
+	 * 查询列表数据
+	 */
+	@RequiresPermissions("sys:dictData:view")
+	@RequestMapping(value = "listData")
+	@ResponseBody
+	public List<DictData> listData(DictData dictData) {
+		if (StringUtils.isBlank(dictData.getParentCode())) {
+			dictData.setParentCode(DictData.ROOT_CODE);
+		}
+		List<DictData> list = dictDataService.findList(dictData);
+		return list;
+	}
+	
+	/**
+	 * 查看编辑表单
+	 */
+	@RequiresPermissions("sys:dictData:view")
+	@RequestMapping(value = "form")
+	public String form(DictData dictData, Model model) {
+		// 创建并初始化下一个节点信息
+		dictData = createNextNode(dictData);
+		model.addAttribute("dictData", dictData);
+		return "modules/sys/dictDataForm";
+	}
+	
+	/**
+	 * 创建并初始化下一个节点信息，如：排序号、默认值
+	 */
+	@RequiresPermissions("sys:dictData:edit")
+	@RequestMapping(value = "createNextNode")
+	@ResponseBody
+	public DictData createNextNode(DictData dictData) {
+		if (StringUtils.isNotBlank(dictData.getParentCode())) {
+			dictData.setParent(dictDataService.get(dictData.getParentCode()));
+		}
+		if (dictData.getIsNewRecord()) {
+			DictData where = new DictData();
+			where.setDictType(dictData.getDictType());
+			where.setParentCode(dictData.getParentCode());
+			DictData last = dictDataService.getLastByParentCode(where);
+			// 获取到下级最后一个节点
+			if (last != null){
+				dictData.setTreeSort(last.getTreeSort() + 30);
+				dictData.setDictValue(IdGen.nextCode(last.getDictValue()));
+				// 默认设置是否系统
+				if (dictData.getIsSys() == null){
+					dictData.setIsSys(last.getIsSys());
+				}
+			}else if(dictData.getParent() != null){
+				dictData.setDictValue(dictData.getParent().getDictValue() + "001");
+				// 默认设置是否系统
+				if (dictData.getIsSys() == null){
+					// 验证字典类型是否设置正确，如果没有找到这个字典类型则不可保存
+					DictType dictType = new DictType();
+					dictType.setDictType(dictData.getDictType());
+					dictType = dictTypeService.get(dictType);
+					if (dictType != null){
+						dictData.setIsSys(dictType.getIsSys());
+					}
+				}
+			}
+		}
+		// 以下设置表单默认数据
+		if (dictData.getTreeSort() == null){
+			dictData.setTreeSort(DictData.DEFAULT_TREE_SORT);
+		}
+		return dictData;
+	}
+
+	/**
+	 * 保存数据
+	 */
+	@RequiresPermissions("sys:dictData:edit")
+	@PostMapping(value = "save")
+	@ResponseBody
+	public String save(@Validated DictData dictData, HttpServletRequest request) {
+		// 获取原数据的isSys状态，如果是系统数据，则必须超级管理员编辑
+		DictData old = super.getWebDataBinderSource(request);
+		if (old != null && Global.YES.equals(old.getIsSys()) && !dictData.currentUser().isSuperAdmin()){
+			return renderResult(Global.FALSE, text("越权操作，只有超级管理员才能修改系统数据！"));
+		}
+		// 只有系统管理员才能保存为系统字典！
+		if (!dictData.currentUser().isSuperAdmin() && Global.YES.equals(dictData.getIsSys())){
+			return renderResult(Global.FALSE, text("保存失败，只有系统管理员才能保存为系统字典！"));
+		}
+		// 验证字典类型是否设置正确，如果没有找到这个字典类型则不可保存
+		DictType dictType = new DictType();
+		dictType.setDictType(dictData.getDictType());
+		dictType = dictTypeService.get(dictType);
+		if (dictType == null){
+			return renderResult(Global.FALSE, text("保存失败，没有找到''{0}''字典类型！", dictData.getDictType()));
+		}
+		// 如果字段类型是系统字典类型，则它的字段数据也是系统的
+		if (Global.YES.equals(dictType.getIsSys()) && !Global.YES.equals(dictData.getIsSys())){
+			return renderResult(Global.FALSE, text("保存失败，字典类型是系统的，字典数据也必须是系统字典！"));
+		}
+		// 如果字典类型不是系统字典，则默认情况下字典数据的isSys使用字典类型的
+		if (StringUtils.isBlank(dictData.getIsSys())){
+			dictData.setIsSys(dictType.getIsSys());
+		}
+		dictDataService.save(dictData);
+		return renderResult(Global.TRUE, text("保存字典成功"));
+	}
+	
+	/**
+	 * 停用字典
+	 * @param dictData
+	 */
+	@RequiresPermissions("sys:dictData:edit")
+	@RequestMapping(value = "disable")
+	@ResponseBody
+	public String disable(DictData dictData, HttpServletRequest request) {
+		// 获取原数据的isSys状态，如果是系统数据，则必须超级管理员编辑
+		DictData old = super.getWebDataBinderSource(request);
+		if (old != null && Global.YES.equals(old.getIsSys()) && !dictData.currentUser().isSuperAdmin()){
+			return renderResult(Global.FALSE, text("越权操作，只有超级管理员才能修改系统数据！"));
+		}
+//		DictData where = new DictData();
+//		where.setStatus(DictData.STATUS_NORMAL);
+//		where.setParentCodes("," + dictData.getId() + ",");
+//		long count = dictDataService.findCount(where);
+//		if (count > 0) {
+//			return renderResult(Global.FALSE, text("该字典包含未停用的子字典！"));
+//		}
+		dictData.setStatus(DictData.STATUS_DISABLE);
+		dictDataService.updateStatus(dictData);
+		return renderResult(Global.TRUE, text("停用字典成功"));
+	}
+
+	/**
+	 * 启用字典
+	 * @param dictData
+	 */
+	@RequiresPermissions("sys:dictData:edit")
+	@RequestMapping(value = "enable")
+	@ResponseBody
+	public String enable(DictData dictData, HttpServletRequest request) {
+		// 获取原数据的isSys状态，如果是系统数据，则必须超级管理员编辑
+		DictData old = super.getWebDataBinderSource(request);
+		if (old != null && Global.YES.equals(old.getIsSys()) && !dictData.currentUser().isSuperAdmin()){
+			return renderResult(Global.FALSE, text("越权操作，只有超级管理员才能修改系统数据！"));
+		}
+		dictData.setStatus(DictData.STATUS_NORMAL);
+		dictDataService.updateStatus(dictData);
+		return renderResult(Global.TRUE, text("启用字典成功"));
+	}
+	
+	/**
+	 * 删除数据
+	 */
+	@RequiresPermissions("sys:dictData:edit")
+	@RequestMapping(value = "delete")
+	@ResponseBody
+	public String delete(DictData dictData, HttpServletRequest request) {
+		// 获取原数据的isSys状态，如果是系统数据，则必须超级管理员编辑
+		DictData old = super.getWebDataBinderSource(request);
+		if (old != null && Global.YES.equals(old.getIsSys()) && !dictData.currentUser().isSuperAdmin()){
+			return renderResult(Global.FALSE, text("越权操作，只有超级管理员才能修改系统数据！"));
+		}
+		dictDataService.delete(dictData);
+		return renderResult(Global.TRUE, text("删除字典成功"));
+	}
+	
+	/**
+	 * 获取树结构数据。
+	 * @param dictType 字典类型，加 __all（双下划线+all） 后缀，则返回停用的字典 v4.2.0
+	 * @param excludeCode 排除的ID
+	 * @param isShowCode 是否显示值（true or 1：显示在左侧；2：显示在右侧；false or null：不显示）
+	 * @param isShowRawName 是否显示原文（默认false）
+	 */
+	@RequestMapping(value = "treeData")
+	@ResponseBody
+	public List<Map<String, Object>> treeData(String dictType, String excludeCode,
+			String isShowCode, boolean isShowRawName) {
+		List<Map<String, Object>> mapList = ListUtils.newArrayList();
+		List<DictData> list = DictUtils.getDictList(dictType);
+		for (int i=0; i<list.size(); i++){
+			DictData e = list.get(i);
+			// 过滤非正常的数据（状态为空的除外）
+			if (!DictData.STATUS_NORMAL.equals(e.getStatus()) && e.getStatus() != null){
+				continue;
+			}
+			// 过滤被排除的编码（包括所有子级）
+			if (StringUtils.isNotBlank(excludeCode)){
+				if (e.getId().equals(excludeCode)){
+					continue;
+				}
+				if (e.getParentCodes().contains("," + excludeCode + ",")){
+					continue;
+				}
+			}
+			Map<String, Object> map = MapUtils.newHashMap();
+			map.put("id", e.getId());
+			map.put("pId", e.getParentCode());
+			map.put("name", StringUtils.getTreeNodeName(isShowCode, e.getDictValue(),
+					isShowRawName ? e.getDictLabelRaw() : e.getDictLabel()));
+			map.put("value", e.getDictValue());
+			if (StringUtils.isNotBlank(e.getDictIcon())) {
+				map.put("icon", e.getDictIcon());
+			}
+			if (StringUtils.isNotBlank(e.getCssClass())) {
+				map.put("cssClass", e.getCssClass());
+			}
+			if (StringUtils.isNotBlank(e.getCssStyle())) {
+				map.put("cssStyle", e.getCssStyle());
+			}
+			mapList.add(map);
+		}
+		return mapList;
+	}
+	
+	/**
+	 * 树结构数据修复
+	 * @return
+	 */
+	@RequiresPermissions("sys:dictData:edit")
+	@RequestMapping(value = "fixTreeData")
+	@ResponseBody
+	public String fixTreeData(DictData dictData){
+		if (!dictData.currentUser().isAdmin()){
+			return renderResult(Global.FALSE, text("操作失败，只有管理员才能进行修复！"));
+		}
+		dictDataService.fixTreeData();
+		return renderResult(Global.TRUE, text("数据修复成功"));
+	}
+	
+}

modules/core/src/main/java/com/jeesite/modules/sys/web/DictTypeController.java

@@ -0,0 +1,205 @@
+/**
+ * Copyright (c) 2013-Now http://jeesite.com All rights reserved.
+ * No deletion without permission, or be held responsible to law.
+ */
+package com.jeesite.modules.sys.web;
+
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.shiro.authz.annotation.RequiresPermissions;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.ModelAttribute;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+import com.jeesite.common.collect.ListUtils;
+import com.jeesite.common.collect.MapUtils;
+import com.jeesite.common.config.Global;
+import com.jeesite.common.entity.Page;
+import com.jeesite.common.lang.StringUtils;
+import com.jeesite.common.web.BaseController;
+import com.jeesite.modules.sys.entity.DictType;
+import com.jeesite.modules.sys.service.DictTypeService;
+
+import springfox.documentation.annotations.ApiIgnore;
+
+/**
+ * 字典分类管理Controller
+ * @author ThinkGem
+ * @version 2017-3-24
+ */
+@Controller
+@RequestMapping(value = "${adminPath}/sys/dictType")
+@ConditionalOnProperty(name="web.core.enabled", havingValue="true", matchIfMissing=true)
+@ApiIgnore
+public class DictTypeController extends BaseController {
+
+	@Autowired
+	private DictTypeService dictTypeService;
+	
+	/**
+	 * 获取数据
+	 */
+	@ModelAttribute
+	public DictType get(String id, boolean isNewRecord) {
+		return dictTypeService.get(id, isNewRecord);
+	}
+	
+	/**
+	 * 查询列表
+	 */
+	@RequiresPermissions("sys:dictType:view")
+	@RequestMapping(value = "list")
+	public String list(DictType dictType, Model model) {
+		if (!dictType.currentUser().isSuperAdmin()){
+			dictType.setIsSys(Global.NO);
+		}
+		model.addAttribute("dictType", dictType);
+		return "modules/sys/dictTypeList";
+	}
+	
+	/**
+	 * 查询列表数据
+	 */
+	@RequiresPermissions("sys:dictType:view")
+	@RequestMapping(value = "listData")
+	@ResponseBody
+	public Page<DictType> listData(DictType dictType, HttpServletRequest request, HttpServletResponse response) {
+		dictType.setPage(new Page<>(request, response));
+		Page<DictType> page = dictTypeService.findPage(dictType); 
+		return page;
+	}
+
+	/**
+	 * 查看编辑表单
+	 */
+	@RequiresPermissions("sys:dictType:view")
+	@RequestMapping(value = "form")
+	public String form(DictType dictType, Model model) {
+		if (StringUtils.isBlank(dictType.getIsSys())){
+			dictType.setIsSys(Global.YES);
+		}
+		model.addAttribute("dictType", dictType);
+		return "modules/sys/dictTypeForm";
+	}
+
+	/**
+	 * 保存数据
+	 */
+	@RequiresPermissions("sys:dictType:edit")
+	@PostMapping(value = "save")
+	@ResponseBody
+	public String save(@Validated DictType dictType, HttpServletRequest request) {
+		// 获取老字典类型的isSys状态，如果是系统字典，则必须超级管理员编辑
+		DictType old = super.getWebDataBinderSource(request);
+		if (old != null && Global.YES.equals(old.getIsSys()) && !dictType.currentUser().isSuperAdmin()){
+			return renderResult(Global.FALSE, text("越权操作，只有超级管理员才能修改系统数据！"));
+		}
+		dictTypeService.save(dictType, old);
+		return renderResult(Global.TRUE, text("保存字典类型成功"));
+	}
+	
+	/**
+	 * 验证字段类型是否有效
+	 * @return
+	 */
+	@RequiresPermissions("sys:dictType:edit")
+	@RequestMapping(value = "checkDictType")
+	@ResponseBody
+	public String checkDictType(String oldDictType, String dictType) {
+		DictType where = new DictType();
+		where.setDictType(dictType);
+		if (dictType != null && dictType.equals(oldDictType)) {
+			return Global.TRUE;
+		} else if (dictType != null && dictTypeService.findCount(where) == 0) {
+			return Global.TRUE;
+		}
+		return Global.FALSE;
+	}
+	
+	/**
+	 * 停用字典类型
+	 */
+	@RequiresPermissions("sys:dictType:edit")
+	@RequestMapping(value = "disable")
+	@ResponseBody
+	public String disable(DictType dictType) {
+		dictType.setStatus(DictType.STATUS_DISABLE);
+		dictTypeService.updateStatus(dictType);
+		return renderResult(Global.TRUE, text("停用字典类型成功"));
+	}
+	
+	/**
+	 * 启用字典类型
+	 */
+	@RequiresPermissions("sys:dictType:edit")
+	@RequestMapping(value = "enable")
+	@ResponseBody
+	public String enable(DictType dictType) {
+		dictType.setStatus(DictType.STATUS_NORMAL);
+		dictTypeService.updateStatus(dictType);
+		return renderResult(Global.TRUE, text("启用字典类型成功"));
+	}
+	
+	/**
+	 * 删除数据
+	 */
+	@RequiresPermissions("sys:dictType:edit")
+	@RequestMapping(value = "delete")
+	@ResponseBody
+	public String delete(DictType dictType, HttpServletRequest request) {
+		// 获取老字典类型的isSys状态，如果是系统字典，则必须超级管理员编辑
+		DictType old = super.getWebDataBinderSource(request);
+		if (old != null && Global.YES.equals(old.getIsSys()) && !dictType.currentUser().isSuperAdmin()){
+			return renderResult(Global.FALSE, text("越权操作，只有超级管理员才能修改系统数据！"));
+		}
+		dictTypeService.delete(dictType);
+		return renderResult(Global.TRUE, text("删除字典类型成功"));
+	}
+
+	/**
+	 * 获取树结构数据。
+	 * @param dictType 字典类型
+	 * @param excludeCode 排除的ID
+	 * @param isShowCode 是否显示值（true or 1：显示在左侧；2：显示在右侧；false or null：不显示）
+	 */
+	@RequiresPermissions("sys:dictType:view")
+	@RequestMapping(value = "treeData")
+	@ResponseBody
+	public List<Map<String, Object>> treeData(String dictType, String excludeCode,
+			@RequestParam(defaultValue="1") String isShowCode) {
+		List<Map<String, Object>> mapList = ListUtils.newArrayList();
+		List<DictType> list = dictTypeService.findList(new DictType());
+		for (int i=0; i<list.size(); i++){
+			DictType e = list.get(i);
+			// 过滤非正常的数据
+			if (!DictType.STATUS_NORMAL.equals(e.getStatus())){
+				continue;
+			}
+			// 过滤被排除的编码（包括所有子级）
+			if (StringUtils.isNotBlank(excludeCode)){
+				if (e.getId().equals(excludeCode)){
+					continue;
+				}
+			}
+			Map<String, Object> map = MapUtils.newHashMap();
+			map.put("id", e.getId());
+			map.put("pId", "0");
+			map.put("name", StringUtils.getTreeNodeName(isShowCode, e.getDictType(), e.getDictName()));
+			map.put("value", e.getDictType());
+			mapList.add(map);
+		}
+		return mapList;
+	}
+	
+}

modules/core/src/main/java/com/jeesite/modules/sys/web/MenuController.java

@@ -0,0 +1,282 @@
+/**
+ * Copyright (c) 2013-Now http://jeesite.com All rights reserved.
+ * No deletion without permission, or be held responsible to law.
+ */
+package com.jeesite.modules.sys.web;
+
+import com.jeesite.common.collect.ListUtils;
+import com.jeesite.common.collect.MapUtils;
+import com.jeesite.common.config.Global;
+import com.jeesite.common.lang.StringUtils;
+import com.jeesite.common.web.BaseController;
+import com.jeesite.modules.sys.entity.Menu;
+import com.jeesite.modules.sys.entity.Module;
+import com.jeesite.modules.sys.service.MenuService;
+import com.jeesite.modules.sys.service.ModuleService;
+import com.jeesite.modules.sys.utils.UserUtils;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.ModelAttribute;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+import springfox.documentation.annotations.ApiIgnore;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * 菜单管理Controller
+ * @author ThinkGem
+ * @version 2019-8-19
+ */
+@Controller
+@RequestMapping(value = "${adminPath}/sys/menu")
+@ConditionalOnProperty(name={"user.enabled","web.core.enabled"}, havingValue="true", matchIfMissing=true)
+@ApiIgnore
+public class MenuController extends BaseController {
+
+	@Autowired
+	private MenuService menuService;
+	@Autowired
+	private ModuleService moduleService;
+
+	@ModelAttribute
+	public Menu get(String menuCode, boolean isNewRecord) {
+		return menuService.get(menuCode, isNewRecord);
+	}
+	
+	@RequiresPermissions("sys:menu:view")
+	@RequestMapping(value = "index")
+	public String index(Menu menu, Model model) {
+		if (StringUtils.isBlank(menu.getSysCode())){
+			menu.setSysCode(Menu.SYS_CODE_DEFAULT);
+		}
+		model.addAttribute("menu", menu);
+		return "modules/sys/menuIndex";
+	}
+
+	@RequiresPermissions("sys:menu:view")
+	@RequestMapping(value = "list")
+	public String list(Menu menu, Model model) {
+		if (StringUtils.isBlank(menu.getSysCode())){
+			menu.setSysCode(Menu.SYS_CODE_DEFAULT);
+		}
+		model.addAttribute("menu", menu);
+		return "modules/sys/menuList";
+	}
+	
+	@RequiresPermissions("sys:menu:view")
+	@RequestMapping(value = "listData")
+	@ResponseBody
+	public List<Menu> listData(Menu menu) {
+		if (StringUtils.isBlank(menu.getParentCode())) {
+			menu.setParentCode(Menu.ROOT_CODE);
+		}
+		if (StringUtils.isNotBlank(menu.getMenuNameRaw())){
+			menu.setParentCode(null);
+		}
+		if (StringUtils.isNotBlank(menu.getMenuHref())){
+			menu.setParentCode(null);
+		}
+		if (StringUtils.isNotBlank(menu.getPermission())){
+			menu.setParentCode(null);
+		}
+		List<Menu> list = menuService.findList(menu);
+		return list;
+	}
+	
+	@RequiresPermissions("sys:menu:view")
+	@RequestMapping(value = "form")
+	public String form(Menu menu, Model model) {
+		// 创建并初始化下一个节点信息
+		menu = createNextNode(menu);
+		model.addAttribute("menu", menu);
+		// 获取所有模块列表
+		Module module = new Module();
+		List<Module> moduleList = moduleService.findList(module);
+		model.addAttribute("moduleList", moduleList);
+		return "modules/sys/menuForm";
+	}
+	
+	/**
+	 * 创建并初始化下一个节点信息，如：排序号、默认值
+	 */
+	@RequiresPermissions("sys:menu:edit")
+	@RequestMapping(value = "createNextNode")
+	@ResponseBody
+	public Menu createNextNode(Menu menu) {
+		if (StringUtils.isNotBlank(menu.getParentCode())) {
+			menu.setParent(menuService.get(menu.getParentCode()));
+		}
+		if (menu.getIsNewRecord()) {
+			Menu where = new Menu();
+			where.setParentCode(menu.getParentCode());
+			Menu last = menuService.getLastByParentCode(where);
+			// 获取到下级最后一个节点
+			if (last != null){
+				menu.setTreeSort(last.getTreeSort() + 30);
+				menu.setMenuType(last.getMenuType());
+				if (last.getIsRoot()) {
+					menu.setModuleCodes(Module.MODULE_CORE);
+				}else{
+					menu.setModuleCodes(last.getModuleCodes());
+				}
+			}else if(menu.getParent() != null){
+				menu.setMenuType(menu.getParent().getMenuType());
+				menu.setModuleCodes(menu.getParent().getModuleCodes());
+			}
+		}
+		// 以下设置表单默认数据
+		if (menu.getTreeSort() == null){
+			menu.setTreeSort(Menu.DEFAULT_TREE_SORT);
+		}
+		if (menu.getWeight() == null) {
+			menu.setWeight(Menu.WEIGHT_SEC_ADMIN);
+		}
+		if (StringUtils.isBlank(menu.getSysCode())){
+			menu.setSysCode(Menu.SYS_CODE_DEFAULT);
+		}
+		if (StringUtils.isBlank(menu.getMenuType())){
+			menu.setMenuType(Menu.TYPE_MENU);
+		}
+		if (StringUtils.isBlank(menu.getIsShow())){
+			menu.setIsShow(Global.YES);
+		}
+		return menu;
+	}
+
+	@RequiresPermissions("sys:menu:edit")
+	@PostMapping(value = "save")
+	@ResponseBody
+	public String save(@Validated Menu menu) {
+		if (!menu.currentUser().isSuperAdmin()){
+			return renderResult(Global.FALSE, text("越权操作，只有超级管理员才能修改此数据！"));
+		}
+		menuService.save(menu);
+		return renderResult(Global.TRUE, text("保存菜单''{0}''成功", menu.getMenuNameRaw()), menu);
+	}
+
+	@RequiresPermissions("sys:menu:edit")
+	@RequestMapping(value = "disable")
+	@ResponseBody
+	public String disable(Menu menu, HttpServletRequest request){
+		if (!menu.currentUser().isSuperAdmin()){
+			return renderResult(Global.FALSE, text("越权操作，只有超级管理员才能修改此数据！"));
+		}
+		menu.setStatus(Menu.STATUS_DISABLE);
+		menuService.updateStatus(menu);
+		return renderResult(Global.TRUE, text("停用菜单''{0}''成功", menu.getMenuName()));
+	}
+	
+	@RequiresPermissions("sys:menu:edit")
+	@RequestMapping(value = "enable")
+	@ResponseBody
+	public String enable(Menu menu, HttpServletRequest request){
+		if (!menu.currentUser().isSuperAdmin()){
+			return renderResult(Global.FALSE, text("越权操作，只有超级管理员才能修改此数据！"));
+		}
+		menu.setStatus(Menu.STATUS_NORMAL);
+		menuService.updateStatus(menu);
+		return renderResult(Global.TRUE, text("启用菜单''{0}''成功", menu.getMenuName()));
+	}
+
+	@RequiresPermissions("sys:menu:edit")
+	@RequestMapping(value = "delete")
+	@ResponseBody
+	public String delete(Menu menu) {
+		if (!menu.currentUser().isSuperAdmin()){
+			return renderResult(Global.FALSE, text("越权操作，只有超级管理员才能修改此数据！"));
+		}
+		menuService.delete(menu);
+		return renderResult(Global.TRUE, text("删除菜单''{0}''成功", menu.getMenuNameRaw()));
+	}
+
+	/**
+	 * 返回树结构数据
+	 * @param excludeCode 排除的编码
+	 * @param isShowRawName 是否显示原文（默认false）
+	 * @return
+	 */
+	@RequiresPermissions("sys:menu:view")
+	@RequestMapping(value = "treeData")
+	@ResponseBody
+	public List<Map<String, Object>> treeData(String excludeCode, String parentCode, String isShowHide,
+			String sysCode, boolean isShowRawName, HttpServletResponse response) {
+		List<Map<String, Object>> mapList = ListUtils.newArrayList();
+		Menu where = new Menu();
+		where.setStatus(Menu.STATUS_NORMAL);
+		if (StringUtils.isNotBlank(parentCode)){
+			where.setParentCode(parentCode);
+		}
+		List<Menu> list = menuService.findList(where);
+		for (int i = 0; i < list.size(); i++) {
+			Menu e = list.get(i);
+			// 过滤非正常的数据
+			if (!Menu.STATUS_NORMAL.equals(e.getStatus())){
+				continue;
+			}
+			// 过滤被排除的编码（包括所有子级）
+			if (StringUtils.isNotBlank(excludeCode)){
+				if (e.getId().equals(excludeCode)){
+					continue;
+				}
+				if (e.getParentCodes().contains("," + excludeCode + ",")){
+					continue;
+				}
+			}
+			// 是否隐藏（0：隐藏的不查询；1：查询隐藏的）
+			if (StringUtils.isNotBlank(isShowHide) && isShowHide.equals(Global.HIDE)
+					&& e.getIsShow().equals(Global.HIDE)) {
+				continue;
+			}
+			// 只查询该归属系统下的菜单
+			if (StringUtils.isNotBlank(sysCode) && !sysCode.equals(e.getSysCode())){
+				continue;
+			}
+			Map<String, Object> map = MapUtils.newHashMap();
+			map.put("id", e.getId());
+			map.put("pId", e.getParentCode());
+			map.put("name", isShowRawName ? e.getMenuNameRaw() : e.getMenuName());
+			map.put("isParent", !e.getIsTreeLeaf());
+			mapList.add(map);
+		}
+		return mapList;
+	}
+
+	/**
+	 * 批量修改菜单排序
+	 */
+	@RequiresPermissions("sys:menu:edit")
+	@RequestMapping(value = "updateTreeSort")
+	@ResponseBody
+	public String updateTreeSort(String[] ids, Integer[] sorts) {
+		if (!UserUtils.getUser().isSuperAdmin()){
+			return renderResult(Global.FALSE, text("越权操作，只有超级管理员才能修改此数据！"));
+		}
+		for (int i = 0; i < ids.length; i++) {
+			Menu menu = new Menu(ids[i]);
+			menu.setTreeSort(sorts[i]);
+			menuService.updateTreeSort(menu);
+		}
+		return renderResult(Global.TRUE, text("保存菜单排序成功"));
+	}
+
+	@RequiresPermissions("sys:menu:edit")
+	@RequestMapping(value = "fixTreeData")
+	@ResponseBody
+	public String fixTreeData(Menu menu){
+		if (!menu.currentUser().isAdmin()){
+			return renderResult(Global.FALSE, text("操作失败，只有管理员才能进行修复！"));
+		}
+		menuService.fixTreeData();
+		return renderResult(Global.TRUE, text("数据修复成功"));
+	}
+	
+}

modules/core/src/main/java/com/jeesite/modules/sys/web/ModuleController.java

@@ -0,0 +1,234 @@
+/**
+ * Copyright (c) 2013-Now http://jeesite.com All rights reserved.
+ * No deletion without permission, or be held responsible to law.
+ */
+package com.jeesite.modules.sys.web;
+
+import com.jeesite.common.config.Global;
+import com.jeesite.common.entity.Page;
+import com.jeesite.common.lang.StringUtils;
+import com.jeesite.common.utils.SpringUtils;
+import com.jeesite.common.web.BaseController;
+import com.jeesite.modules.gen.entity.config.GenConfig;
+import com.jeesite.modules.gen.utils.GenModuleUtils;
+import com.jeesite.modules.gen.utils.GenUtils;
+import com.jeesite.modules.sys.entity.Module;
+import com.jeesite.modules.sys.service.ModuleService;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.ModelAttribute;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+import springfox.documentation.annotations.ApiIgnore;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+/**
+ * 模块管理Controller
+ * @author ThinkGem
+ * @version 2020-3-21
+ */
+@Controller
+@RequestMapping(value = "${adminPath}/sys/module")
+@ConditionalOnProperty(name="web.core.enabled", havingValue="true", matchIfMissing=true)
+@ApiIgnore
+public class ModuleController extends BaseController {
+
+	@Autowired
+	private ModuleService moduleService;
+
+	/**
+	 * 获取数据
+	 * @param moduleCode
+	 * @return
+	 */
+	@ModelAttribute
+	public Module get(String moduleCode, boolean isNewRecord) {
+		return moduleService.get(moduleCode, isNewRecord);
+	}
+
+	/**
+	 * 查询列表
+	 * @param module
+	 * @param model
+	 * @return
+	 */
+	@RequiresPermissions("sys:module:view")
+	@RequestMapping(value = "list")
+	public String list(Module module, Model model) {
+		module.setStatus(StringUtils.EMPTY);
+		model.addAttribute("module", module);
+		return "modules/sys/moduleList";
+	}
+
+	/**
+	 * 查询列表
+	 * @param module
+	 * @param request
+	 * @param response
+	 * @return
+	 */
+	@RequiresPermissions("sys:module:view")
+	@RequestMapping(value = "listData")
+	@ResponseBody
+	public Page<Module> listData(Module module, HttpServletRequest request, HttpServletResponse response) {
+		module.setPage(new Page<>(request, response));
+		Page<Module> page = moduleService.findPage(module);
+		return page;
+	}
+
+	/**
+	 * 仅用来测试使用
+	 */
+	@RequiresPermissions("sys:module:view")
+	@RequestMapping(value = "selectData")
+	@ResponseBody
+	public List<Map<String, Object>> selectData(Module module) {
+		return moduleService.findList(module).stream().map(m -> {
+			Map<String, Object> map = new HashMap<>();
+			map.put("label", m.getModuleName());
+			map.put("value", m.getModuleCode());
+			return map;
+		}).collect(Collectors.toList());
+	}
+
+	/**
+	 * 查看编辑表单
+	 * @param module
+	 * @param model
+	 * @return
+	 */
+	@RequiresPermissions("sys:module:view")
+	@RequestMapping(value = "form")
+	public String form(Module module, Model model) {
+		if (StringUtils.isBlank(module.getMainClassName())){
+			module.setMainClassName("com.jeesite.modules.sys.web.LoginController");
+		}
+		if (StringUtils.isBlank(module.getCurrentVersion())) {
+			module.setCurrentVersion(SpringUtils.getLastVersion());
+		}
+		GenConfig config = GenUtils.getConfig();
+		model.addAttribute("config", config);
+		List<String> genBaseDirList = GenModuleUtils.getGenBaseDirList();
+		model.addAttribute("genBaseDirList", genBaseDirList);
+		if (StringUtils.isNotBlank(module.getGenBaseDir())) {
+			model.addAttribute("genBaseDir", module.getGenBaseDir());
+		} else {
+			model.addAttribute("genBaseDir", genBaseDirList.get(0));
+		}
+		model.addAttribute("module", module);
+		return "modules/sys/moduleForm";
+	}
+
+	/**
+	 * 保存数据
+	 * @param module
+	 * @return
+	 */
+	@RequiresPermissions("sys:module:edit")
+	@PostMapping(value = "save")
+	@ResponseBody
+	public String save(@Validated Module module) {
+		if (!module.currentUser().isSuperAdmin()){
+			return renderResult(Global.FALSE, text("越权操作，只有超级管理员才能修改此数据！"));
+		}
+		if (StringUtils.equals(module.getGenFlag(), "2") && StringUtils.isBlank(module.getTplCategory())) {
+			return renderResult(Global.FALSE, text("请选择代码生成模板！"));
+		}
+		moduleService.save(module);
+		// 如果设置生成标记，则编译或生成代码   1编译输出到控制台  2生成文件
+		if (StringUtils.inString(module.getGenFlag(), "1", "2") && StringUtils.isNotBlank(module.getTplCategory())){
+			String result = GenModuleUtils.generateCode(module);
+			String flagMsg = ("1".equals(module.getGenFlag()) ? "编译" : "生成");
+			String msg = "posfull:保存模块并" + flagMsg + "成功: <br/>" + result;
+			return renderResult(Global.TRUE, msg);
+		}else {
+			return renderResult(Global.TRUE, text("保存模块成功"));
+		}
+	}
+	
+	/**
+	 * 验证编码是否有效
+	 * @return
+	 */
+	@RequiresPermissions("sys:module:edit")
+	@RequestMapping(value = "checkModuleCode")
+	@ResponseBody
+	public String checkModuleCode(String oldCode, String moduleCode) {
+		Module module = new Module();
+		module.setModuleCode(moduleCode);
+		if (moduleCode != null && moduleCode.equals(oldCode)) {
+			return Global.TRUE;
+		} else if (moduleCode != null && moduleService.get(module) == null) {
+			return Global.TRUE;
+		}
+		return Global.FALSE;
+	}
+
+	/**
+	 * 停用数据
+	 * @param module
+	 * @return
+	 */
+	@RequiresPermissions("sys:module:edit")
+	@RequestMapping(value = "disable")
+	@ResponseBody
+	public String disable(Module module) {
+		if (!module.currentUser().isSuperAdmin()){
+			return renderResult(Global.FALSE, text("越权操作，只有超级管理员才能修改此数据！"));
+		}
+		if (Module.MODULE_CORE.equals(module.getModuleCode())){
+			return renderResult(Global.FALSE, text("核心模块，不允许停用"));
+		}
+		module.setStatus(Module.STATUS_DISABLE);
+		moduleService.updateStatus(module);
+		return renderResult(Global.TRUE, text("停用模块成功"));
+	}
+
+	/**
+	 * 启用数据
+	 * @param module
+	 * @return
+	 */
+	@RequiresPermissions("sys:module:edit")
+	@RequestMapping(value = "enable")
+	@ResponseBody
+	public String enable(Module module) {
+		if (!module.currentUser().isSuperAdmin()){
+			return renderResult(Global.FALSE, text("越权操作，只有超级管理员才能修改此数据！"));
+		}
+		module.setStatus(Module.STATUS_NORMAL);
+		moduleService.updateStatus(module);
+		return renderResult(Global.TRUE, text("启用模块成功"));
+	}
+	
+	/**
+	 * 删除数据
+	 * @param module
+	 * @return
+	 */
+	@RequiresPermissions("sys:module:edit")
+	@RequestMapping(value = "delete")
+	@ResponseBody
+	public String delete(Module module) {
+		if (!module.currentUser().isSuperAdmin()){
+			return renderResult(Global.FALSE, text("越权操作，只有超级管理员才能修改此数据！"));
+		}
+		if (Module.MODULE_CORE.equals(module.getModuleCode())){
+			return renderResult(Global.FALSE, text("核心模块，不允许删除"));
+		}
+		moduleService.delete(module);
+		return renderResult(Global.TRUE, text("删除模块成功"));
+	}
+
+}

modules/core/src/main/java/com/jeesite/modules/sys/web/OfficeController.java

@@ -15,7 +15,6 @@ import com.jeesite.common.utils.excel.annotation.ExcelField.Type;
 import com.jeesite.common.web.BaseController;
 import com.jeesite.modules.sys.entity.Office;
 import com.jeesite.modules.sys.service.OfficeService;
-import com.jeesite.modules.sys.utils.UserUtils;
 import com.jeesite.modules.sys.web.user.EmpUserController;
 import io.swagger.annotations.Api;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
@@ -352,8 +351,8 @@ public class OfficeController extends BaseController {
 	@RequiresPermissions("sys:office:edit")
 	@RequestMapping(value = "fixTreeData")
 	@ResponseBody
-	public String fixTreeData() {
+	public String fixTreeData(Office office) {
-		if (!UserUtils.getUser().isAdmin()){
+		if (!office.currentUser().isAdmin()){
 			return renderResult(Global.FALSE, text("操作失败，只有管理员才能进行修复！"));
 		}
 		officeService.fixTreeData();

modules/core/src/main/java/com/jeesite/modules/sys/web/RoleController.java

@@ -0,0 +1,372 @@
+/**
+ * Copyright (c) 2013-Now http://jeesite.com All rights reserved.
+ * No deletion without permission, or be held responsible to law.
+ */
+package com.jeesite.modules.sys.web;
+
+import com.jeesite.common.collect.ListUtils;
+import com.jeesite.common.collect.MapUtils;
+import com.jeesite.common.config.Global;
+import com.jeesite.common.entity.Page;
+import com.jeesite.common.lang.ObjectUtils;
+import com.jeesite.common.lang.StringUtils;
+import com.jeesite.common.mapper.JsonMapper;
+import com.jeesite.common.web.BaseController;
+import com.jeesite.modules.sys.entity.*;
+import com.jeesite.modules.sys.service.MenuService;
+import com.jeesite.modules.sys.service.RoleService;
+import com.jeesite.modules.sys.utils.DictUtils;
+import com.jeesite.modules.sys.utils.ModuleUtils;
+import com.jeesite.modules.sys.utils.RoleUtils;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.ModelAttribute;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+import springfox.documentation.annotations.ApiIgnore;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * 角色Controller
+ * @author ThinkGem
+ * @version 2020-3-20
+ */
+@Controller
+@RequestMapping(value = "${adminPath}/sys/role")
+@ConditionalOnProperty(name={"user.enabled","web.core.enabled"}, havingValue="true", matchIfMissing=true)
+@ApiIgnore
+public class RoleController extends BaseController {
+
+	@Autowired
+	private RoleService roleService;
+
+	@Autowired
+	private MenuService menuService;
+
+	@ModelAttribute
+	public Role get(String roleCode, boolean isNewRecord) {
+		return roleService.get(roleCode, isNewRecord);
+	}
+
+	@RequiresPermissions("sys:role:view")
+	@RequestMapping(value = "list")
+	public String list(Role role, Model model) {
+		model.addAttribute("role", role);
+		model.addAttribute("ctrlPermi", Global.getConfig("user.adminCtrlPermi", "2"));
+		return "modules/sys/roleList";
+	}
+
+	@RequiresPermissions("sys:role:view")
+	@RequestMapping(value = "listData")
+	@ResponseBody
+	public Page<Role> listData(Role role, String ctrlPermi, HttpServletRequest request, HttpServletResponse response) {
+		// 不是超级管理员，则添加数据权限过滤
+		if (!role.currentUser().isSuperAdmin()){
+			roleService.addDataScopeFilter(role, ctrlPermi);
+		}
+		role.setPage(new Page<>(request, response));
+		Page<Role> page = roleService.findPage(role);
+		return page;
+	}
+
+	@RequiresPermissions("sys:role:view")
+	@RequestMapping(value = "form")
+	public String form(Role role, String op, Model model) {
+		if(role.getIsNewRecord()){
+			role.setRoleSort(((int)roleService.findCount(role) + 1) * 10);
+			role.setUserType(User.USER_TYPE_EMPLOYEE);
+			role.setIsSys(Global.NO);
+			role.setIsShow(Global.SHOW);
+		}
+		// 操作类型：add: 全部； edit: 编辑； auth: 授权；
+		model.addAttribute("op", op);
+		model.addAttribute("role", role);
+		return "modules/sys/roleForm";
+	}
+
+	@RequiresPermissions("sys:role:edit")
+	@PostMapping(value = "save")
+	@ResponseBody
+	public String save(@Validated Role role, String op, HttpServletRequest request) {
+		// 获取原数据的isSys状态，如果是系统数据，则必须超级管理员编辑
+		Role old = super.getWebDataBinderSource(request);
+		if (old != null && Global.YES.equals(old.getIsSys()) && !role.currentUser().isSuperAdmin()){
+			return renderResult(Global.FALSE, text("越权操作，只有超级管理员才能修改系统数据！"));
+		}
+		// 只有系统管理员才能保存为系统角色！
+		if (!role.currentUser().isSuperAdmin() && Global.YES.equals(role.getIsSys())){
+			return renderResult(Global.FALSE, text("保存失败，只有系统管理员才能保存为系统角色！"));
+		}
+		if (!Global.TRUE.equals(checkRoleName(old != null ? old.getRoleName() : "", role.getRoleName()))) {
+			return renderResult(Global.FALSE, text("保存角色''{0}''失败，角色名称已存在", role.getRoleName()));
+		}
+		if (StringUtils.inString(op, Global.OP_ADD, Global.OP_EDIT)){
+			roleService.save(role);
+		}
+		if (StringUtils.inString(op, Global.OP_ADD, Global.OP_AUTH)){
+			roleService.saveAuth(role);
+		}
+		return renderResult(Global.TRUE, text("保存角色''{0}''成功", role.getRoleName()));
+	}
+
+	/**
+	 * 验证角色名是否有效
+	 * @param oldRoleName
+	 * @param roleName
+	 * @return
+	 */
+	@RequiresPermissions("user")
+	@RequestMapping(value = "checkRoleName")
+	@ResponseBody
+	public String checkRoleName(String oldRoleName, String roleName) {
+		Role role = new Role();
+		role.setRoleName(roleName);
+		if (roleName != null && roleName.equals(oldRoleName)) {
+			return Global.TRUE;
+		} else if (roleName != null && roleService.getByRoleName(role) == null) {
+			return Global.TRUE;
+		}
+		return Global.FALSE;
+	}
+
+	/**
+	 * 停用角色
+	 * @param role
+	 * @return
+	 */
+	@RequiresPermissions("sys:role:edit")
+	@RequestMapping(value = "disable")
+	@ResponseBody
+	public String disable(Role role, HttpServletRequest request){
+		// 获取原数据的isSys状态，如果是系统数据，则必须超级管理员编辑
+		Role old = super.getWebDataBinderSource(request);
+		if (old != null && Global.YES.equals(old.getIsSys()) && !role.currentUser().isSuperAdmin()){
+			return renderResult(Global.FALSE, text("越权操作，只有超级管理员才能修改系统数据！"));
+		}
+		role.setStatus(Role.STATUS_DISABLE);
+		roleService.updateStatus(role);
+		return renderResult(Global.TRUE, text("停用角色''{0}''成功", role.getRoleName()));
+	}
+
+	/**
+	 * 启用角色
+	 * @param role
+	 * @return
+	 */
+	@RequiresPermissions("sys:role:edit")
+	@RequestMapping(value = "enable")
+	@ResponseBody
+	public String enable(Role role, HttpServletRequest request){
+		// 获取原数据的isSys状态，如果是系统数据，则必须超级管理员编辑
+		Role old = super.getWebDataBinderSource(request);
+		if (old != null && Global.YES.equals(old.getIsSys()) && !role.currentUser().isSuperAdmin()){
+			return renderResult(Global.FALSE, text("越权操作，只有超级管理员才能修改系统数据！"));
+		}
+		role.setStatus(Role.STATUS_NORMAL);
+		roleService.updateStatus(role);
+		return renderResult(Global.TRUE, text("启用角色''{0}''成功", role.getRoleName()));
+	}
+
+	/**
+	 * 删除角色
+	 * @param role
+	 * @return
+	 */
+	@RequiresPermissions("sys:role:edit")
+	@RequestMapping(value = "delete")
+	@ResponseBody
+	public String delete(Role role, HttpServletRequest request) {
+		if (Role.CORP_ADMIN_ROLE_CODE.equals(role.getRoleCode())){
+			return renderResult(Global.FALSE, text("非法操作，此角色为内置角色，不允许删除！"));
+		}
+		// 获取原数据的isSys状态，如果是系统数据，则必须超级管理员编辑
+		Role old = super.getWebDataBinderSource(request);
+		if (old != null && Global.YES.equals(old.getIsSys()) && !role.currentUser().isSuperAdmin()){
+			return renderResult(Global.FALSE, text("越权操作，只有超级管理员才能修改系统数据！"));
+		}
+		//if(roleService.hasUserRoleByRoleCode(role)){
+		//	return renderResult(Global.FALSE, text("删除角色''{0}''失败，角色关联了用户", role.getRoleName()));
+		//}
+		roleService.delete(role);
+		return renderResult(Global.TRUE, text("删除角色''{0}''成功", role.getRoleName()));
+	}
+
+	/**
+	 * 判断某用户是包含某角色
+	 * @param userCode
+	 * @param roleCode
+	 * @return
+	 */
+	@RequiresPermissions("user")
+	@RequestMapping(value = "hasUserRole")
+	@ResponseBody
+	public Boolean hasUserRole(String userCode, String roleCode){
+		if (StringUtils.isNotBlank(userCode)){
+			return RoleUtils.hasUserRole(userCode, roleCode);
+		}else{
+			return RoleUtils.hasCurrentUserRole(roleCode);
+		}
+	}
+
+	/**
+	 * 查询菜单的树结构数据
+	 * @param role
+	 */
+	@RequiresPermissions("sys:role:view")
+	@RequestMapping(value = "menuTreeData")
+	@ResponseBody
+	public Map<String, Object> menuTreeData(Role role) {
+		Map<String, Object> model = MapUtils.newHashMap();
+		List<String> sysCodes = ListUtils.newArrayList();
+		for (DictData sysCode : DictUtils.getDictList("sys_menu_sys_code")) {
+			sysCodes.add(sysCode.getDictValue());
+		}
+		List<Menu> menuList = roleService.findManageMenuList(role);
+		Map<String, List<Map<String, String>>> map = MapUtils.newLinkedHashMap();
+		for (Menu menu : menuList){
+			// 过滤已经禁用的子系统
+			if (!sysCodes.contains(menu.getSysCode())) {
+				continue;
+			}
+			List<Map<String, String>> list = map.get(menu.getSysCode());
+			if (list == null){
+				list = ListUtils.newArrayList();
+				map.put(menu.getSysCode(), list);
+			}
+			Map<String, String> m = MapUtils.newHashMap();
+			m.put("id", menu.getMenuCode());
+			m.put("pId", menu.getParentCode());
+			m.put("name", menu.getMenuName() + "<font color=#888> &nbsp; &nbsp; "
+					+ StringUtils.abbr(ObjectUtils.toString(menu.getPermission()) + " &nbsp; "
+					+ ObjectUtils.toString(menu.getMenuHref()), 50) + "</font>");
+			m.put("title", menu.getMenuName() + "&nbsp;"
+					+ ObjectUtils.toString(menu.getPermission()) + "\n"
+					+ ObjectUtils.toString(menu.getMenuHref()));
+			list.add(m);
+		}
+		model.put("menuMap", map);
+		if (StringUtils.isNotBlank(role.getRoleCode())) {
+			Menu menuWhere = new Menu();
+			menuWhere.setRoleCode(role.getRoleCode());
+			List<Menu> roleMenuList = menuService.findByRoleCode(menuWhere);
+			model.put("roleMenuList", roleMenuList);
+		}
+		return model;
+	}
+
+	/** 
+	 * 角色授权数据权限
+	 */
+	@RequiresPermissions("sys:role:edit")
+	@RequestMapping(value = "formAuthDataScope")
+	public String formAuthDataScope(Role role, String checkbox, Model model, HttpServletRequest request) {
+		RoleDataScope roleDataScope = new RoleDataScope();
+		roleDataScope.setRoleCode(role.getRoleCode());
+		List<RoleDataScope> roleDataScopeList = roleService.findDataScopeList(roleDataScope);
+		model.addAttribute("roleDataScopeList", roleDataScopeList);
+		model.addAttribute("role", role);
+		model.addAttribute("moduleCodes", ModuleUtils.getEnableModuleCodes());
+		model.addAttribute("dataScopes", JsonMapper.fromJson(Global.getConfig("user.dataScopes", "[]"), List.class));
+		return "modules/sys/roleFormAuthDataScope";
+	}
+	
+	/** 
+	 * 保存角色授权数据权限
+	 */
+	@RequiresPermissions("sys:role:edit")
+	@RequestMapping(value = "saveAuthDataScope")
+	@ResponseBody
+	public String saveAuthDataScope(Role role, HttpServletRequest request) {
+		// 获取原数据的isSys状态，如果是系统数据，则必须超级管理员编辑
+		Role old = super.getWebDataBinderSource(request);
+		if (old != null && Global.YES.equals(old.getIsSys()) && !role.currentUser().isSuperAdmin()){
+			return renderResult(Global.FALSE, text("越权操作，只有超级管理员才能修改系统数据！"));
+		}
+		roleService.saveAuthDataScope(role);
+		return renderResult(Global.TRUE, text("角色授权数据权限成功"));
+	}
+
+	/**
+	 * 获取角色树结构数据
+	 * @param isAll			是否显示所有机构（true：不进行权限过滤）
+	 * @param isShowCode	是否显示编码（true or 1：显示在左侧；2：显示在右侧；false or null：不显示）
+	 * @return
+	 */
+	@RequiresPermissions("user")
+	@RequestMapping(value = "treeData")
+	@ResponseBody
+	public List<Map<String, Object>> treeData(String userType, Boolean isAll, String isShowCode, String ctrlPermi) {
+		List<Map<String, Object>> mapList = ListUtils.newArrayList();
+		Role where = new Role();
+		where.setStatus(Role.STATUS_NORMAL);
+		if (!(isAll != null && isAll) || Global.isStrictMode()){
+			if (!"__all".equals(userType)) {
+				where.setUserType(StringUtils.defaultIfBlank(userType, User.USER_TYPE_EMPLOYEE));
+			}
+			roleService.addDataScopeFilter(where, ctrlPermi);
+		}
+		List<Role> list = roleService.findList(where);
+		list.forEach(e -> {
+			Map<String, Object> map = MapUtils.newHashMap();
+			map.put("id", e.getId());
+			map.put("pId", "0");
+			map.put("code", e.getViewCode());
+			map.put("name", StringUtils.getTreeNodeName(isShowCode, e.getViewCode(), e.getRoleName()) + (!"__all".equals(userType)
+					? "" : "(" + DictUtils.getDictLabel("sys_user_type", e.getUserType(), text("未知")) + ")"));
+			mapList.add(map);
+		});
+		return mapList;
+	}
+	
+	/** 
+	 * 角色授权给用户
+	 */
+	@RequiresPermissions("sys:role:edit")
+	@RequestMapping(value = "formAuthUser")
+	public String formAuthUser(Role role, Model model, HttpServletRequest request) {
+		model.addAttribute("role", role);
+		return "modules/sys/roleFormAuthUser";
+	}
+	
+	/** 
+	 * 保存角色授权给用户
+	 */
+	@RequiresPermissions("sys:role:edit")
+	@RequestMapping(value = "saveAuthUser")
+	@ResponseBody
+	public String saveAuthUser(Role role, HttpServletRequest request) {
+//		// 获取原数据的isSys状态，如果是系统数据，则必须超级管理员编辑
+//		Role old = super.getWebDataBinderSource(request);
+//		if (old != null && Global.YES.equals(old.getIsSys()) && !role.currentUser().isSuperAdmin()){
+//			return renderResult(Global.FALSE, text("越权操作，只有超级管理员才能修改系统数据！"));
+//		}
+		roleService.saveAuthUser(role);
+		return renderResult(Global.TRUE, text("角色授权给用户成功"));
+	}
+	
+	/** 
+	 * 删除角色授权给用户
+	 */
+	@RequiresPermissions("sys:role:edit")
+	@RequestMapping(value = "deleteAuthUser")
+	@ResponseBody
+	public String deleteAuthUser(Role role, HttpServletRequest request) {
+//		// 获取原数据的isSys状态，如果是系统数据，则必须超级管理员编辑
+//		Role old = super.getWebDataBinderSource(request);
+//		if (old != null && Global.YES.equals(old.getIsSys()) && !role.currentUser().isSuperAdmin()){
+//			return renderResult(Global.FALSE, text("越权操作，只有超级管理员才能修改系统数据！"));
+//		}
+		roleService.deleteAuthUser(role);
+		return renderResult(Global.TRUE, text("取消用户角色授权成功"));
+	}
+	
+}

modules/core/src/main/java/com/jeesite/modules/sys/web/TagsController.java

@@ -0,0 +1,57 @@
+/**
+ * Copyright (c) 2013-Now http://jeesite.com All rights reserved.
+ * No deletion without permission, or be held responsible to law.
+ */
+package com.jeesite.modules.sys.web;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+import com.jeesite.common.web.BaseController;
+import com.jeesite.common.web.http.ServletUtils;
+
+import springfox.documentation.annotations.ApiIgnore;
+
+/**
+ * 公共标签Controller
+ * @author ThinkGem
+ * @version 2017-5-7
+ */
+@Controller
+@RequestMapping(value = "tags")
+@ConditionalOnProperty(name="web.core.enabled", havingValue="true", matchIfMissing=true)
+@ApiIgnore
+public class TagsController extends BaseController {
+
+	/**
+	 * 树结构选择标签使用
+	 */
+	@RequestMapping(value = "treeselect")
+	public String treeselect(HttpServletRequest request, Model model) {
+		model.addAllAttributes(ServletUtils.getParameters(request));
+		return "tagsview/form/treeselect";
+	}
+	
+	/**
+	 * 图标选择标签
+	 */
+	@RequestMapping(value = "iconselect")
+	public String iconselect(HttpServletRequest request, Model model) {
+		model.addAllAttributes(ServletUtils.getParameters(request));
+		return "tagsview/form/iconselect";
+	}
+	
+	/**
+	 * 图片裁剪标签
+	 */
+	@RequestMapping(value = "imageclip")
+	public String imageclip(HttpServletRequest request, Model model) {
+		model.addAllAttributes(ServletUtils.getParameters(request));
+		return "tagsview/form/imageclip";
+	}
+	
+}

modules/core/src/main/java/com/jeesite/modules/sys/web/ValidCodeController.java

@@ -0,0 +1,57 @@
+/**
+ * Copyright (c) 2013-Now http://jeesite.com All rights reserved.
+ * No deletion without permission, or be held responsible to law.
+ */
+package com.jeesite.modules.sys.web;
+
+import com.jeesite.common.config.Global;
+import com.jeesite.modules.sys.utils.UserUtils;
+import com.jeesite.modules.sys.utils.ValidCodeUtils;
+import io.swagger.annotations.Api;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.shiro.session.Session;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * 验证码控制器
+ * @author ThinkGem
+ * @version 2019年12月17日
+ */
+@Controller
+@Api(tags = "ValidCode - 验证码服务")
+public class ValidCodeController {
+	
+	@RequestMapping(value="/validCode")
+	public void validCode(HttpServletRequest request, HttpServletResponse response)
+			throws ServletException, IOException {
+		// 如果传递了validCode参数，则代表是验证方法，成功返回true，失败返回false
+		String validCode = request.getParameter(ValidCodeUtils.VALID_CODE);
+		if (StringUtils.isNotBlank(validCode)){
+			boolean result = ValidCodeUtils.validate(request, ValidCodeUtils.VALID_CODE, validCode, false);
+			response.getOutputStream().print(result ? Global.TRUE : Global.FALSE);
+		}
+		else{
+			// 生成会话
+			Session session = UserUtils.getSession();
+			// 设置响应头
+			response.setContentType("image/png");
+	        response.setHeader("Cache-Control", "no-cache, no-store");
+	        response.setHeader("Pragma", "no-cache");
+	        long time = System.currentTimeMillis();
+	        response.setDateHeader("Last-Modified", time);
+	        response.setDateHeader("Date", time);
+	        response.setDateHeader("Expires", time);
+	        // 生成输出验证码
+	        String s = ValidCodeUtils.generateCaptcha(response.getOutputStream());
+			session.setAttribute(ValidCodeUtils.VALID_CODE, s);
+//	        System.out.println(s);
+		}
+	}
+	
+}

modules/core/src/main/java/com/jeesite/modules/sys/web/user/CorpAdminController.java

@@ -4,26 +4,6 @@
  */
 package com.jeesite.modules.sys.web.user;
 
-import java.util.List;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import io.swagger.annotations.Api;
-import org.apache.shiro.authz.annotation.RequiresPermissions;
-import org.apache.shiro.session.Session;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
-import org.springframework.stereotype.Controller;
-import org.springframework.ui.Model;
-import org.springframework.validation.annotation.Validated;
-import org.springframework.web.bind.annotation.ModelAttribute;
-import org.springframework.web.bind.annotation.PathVariable;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.ResponseBody;
-
 import com.jeesite.common.collect.ListUtils;
 import com.jeesite.common.collect.MapUtils;
 import com.jeesite.common.config.Global;
@@ -37,6 +17,20 @@ import com.jeesite.modules.sys.entity.User;
 import com.jeesite.modules.sys.service.RoleService;
 import com.jeesite.modules.sys.service.UserService;
 import com.jeesite.modules.sys.utils.UserUtils;
+import io.swagger.annotations.Api;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
+import org.apache.shiro.session.Session;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.*;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.util.List;
+import java.util.Map;
 
 /**
  * 租户和系统管理员Controller
@@ -138,7 +132,7 @@ public class CorpAdminController extends BaseController {
 			User where = new User();
 			where.setCorpCode_(user.getCorpCode_());
 			List<User> list = userService.findCorpList(where);
-			if (list.size() > 0){
+			if (!list.isEmpty()){
 				// 新增租户，如果已存在，则不能保存
 				if ("addCorp".equals(op)){
 					return renderResult(Global.FALSE, text("保存租户失败，租户代码已存在"));
@@ -157,7 +151,7 @@ public class CorpAdminController extends BaseController {
 		userService.save(user);
 		userService.saveAuth(user);
 		// 如果修改的是当前用户，则清除当前用户缓存
-		if (user.getUserCode().equals(UserUtils.getUser().getUserCode())) {
+		if (user.getUserCode().equals(user.currentUser().getUserCode())) {
 			UserUtils.clearCache();
 		}
 		return renderResult(Global.TRUE, text("保存管理员''{0}''成功", user.getLoginCode()));
@@ -281,7 +275,7 @@ public class CorpAdminController extends BaseController {
 			where.setCorpCode_(corpCode);
 			where.setPage(new Page<>(1, 1, -1));
 			List<User> list = userService.findCorpList(where);
-			if (list.size() > 0){
+			if (!list.isEmpty()){
 				User user = list.get(0);
 				Session session = UserUtils.getSession();
 				session.setAttribute("corpCode", user.getCorpCode_());