修改角色信息时，动态刷新用户的权限

968e543b · yadong.zhang · f0446192 · 968e543b · 968e543b · 968e543b
17 changed file
--- a/blog-admin/src/main/java/com/zyd/blog/controller/ErrorPagesController.java
+++ b/blog-admin/src/main/java/com/zyd/blog/controller/ErrorPagesController.java
+/**
+ * MIT License
+ * Copyright (c) 2018 yadong.zhang
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package com.zyd.blog.controller;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.web.ErrorAttributes;
+import org.springframework.boot.autoconfigure.web.ErrorController;
+import org.springframework.boot.autoconfigure.web.ErrorProperties;
+import org.springframework.boot.autoconfigure.web.ServerProperties;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
+import org.springframework.stereotype.Controller;
+import org.springframework.util.Assert;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.context.request.RequestAttributes;
+import org.springframework.web.context.request.ServletRequestAttributes;
+import org.springframework.web.servlet.ModelAndView;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.util.Map;
+
+/**
+ * 重写BasicErrorController,主要负责系统的异常页面的处理以及错误信息的显示
+ * <p/>
+ * 此处指需要记录
+ * @see org.springframework.boot.autoconfigure.web.BasicErrorController
+ * @see org.springframework.boot.autoconfigure.web.ErrorMvcAutoConfiguration
+ * <p/>
+ * 要注意，这个类里面的代码一定不能有异常或者潜在异常发生，否则可能会让程序陷入死循环。
+ * <p/>
+ *
+ * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
+ * @website https://www.zhyd.me
+ * @version 1.0
+ * @date 2018/4/16 16:26
+ * @since 1.0
+ */
+@Controller
+@RequestMapping("/error")
+@EnableConfigurationProperties({ServerProperties.class})
+public class ErrorPagesController implements ErrorController {
+    private static final Logger LOG = LoggerFactory.getLogger(ErrorPagesController.class);
+
+    private ErrorAttributes errorAttributes;
+
+    @Autowired
+    private ServerProperties serverProperties;
+
+    /**
+     * 初始化ExceptionController
+     *
+     * @param errorAttributes
+     */
+    @Autowired
+    public ErrorPagesController(ErrorAttributes errorAttributes) {
+        Assert.notNull(errorAttributes, "ErrorAttributes must not be null");
+        this.errorAttributes = errorAttributes;
+    }
+
+    @RequestMapping("/404")
+    public ModelAndView errorHtml404(HttpServletRequest request, HttpServletResponse response) {
+        response.setStatus(HttpStatus.NOT_FOUND.value());
+        Map<String, Object> model = getErrorAttributes(request, isIncludeStackTrace(request, MediaType.TEXT_HTML));
+
+        return new ModelAndView("error/404", model);
+    }
+
+    @RequestMapping("/403")
+    public ModelAndView errorHtml403(HttpServletRequest request, HttpServletResponse response) {
+        response.setStatus(HttpStatus.FORBIDDEN.value());
+        // 404拦截规则，如果是静态文件发生的404则不记录到DB
+        Map<String, Object> model = getErrorAttributes(request, isIncludeStackTrace(request, MediaType.TEXT_HTML));
+        if (!String.valueOf(model.get("path")).contains(".")) {
+            model.put("status", HttpStatus.FORBIDDEN.value());
+        }
+        return new ModelAndView("error/403", model);
+    }
+
+    @RequestMapping("/400")
+    public ModelAndView errorHtml400(HttpServletRequest request, HttpServletResponse response) {
+        response.setStatus(HttpStatus.BAD_REQUEST.value());
+        Map<String, Object> model = getErrorAttributes(request, isIncludeStackTrace(request, MediaType.TEXT_HTML));
+        return new ModelAndView("error/400", model);
+    }
+
+    @RequestMapping("/401")
+    public ModelAndView errorHtml401(HttpServletRequest request, HttpServletResponse response) {
+        response.setStatus(HttpStatus.UNAUTHORIZED.value());
+        Map<String, Object> model = getErrorAttributes(request, isIncludeStackTrace(request, MediaType.TEXT_HTML));
+        return new ModelAndView("error/401", model);
+    }
+
+    @RequestMapping("/500")
+    public ModelAndView errorHtml500(HttpServletRequest request, HttpServletResponse response) {
+        response.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
+        Map<String, Object> model = getErrorAttributes(request, isIncludeStackTrace(request, MediaType.TEXT_HTML));
+        return new ModelAndView("error/500", model);
+    }
+
+    /**
+     * Determine if the stacktrace attribute should be included.
+     *
+     * @param request
+     *         the source request
+     * @param produces
+     *         the media type produced (or {@code MediaType.ALL})
+     * @return if the stacktrace attribute should be included
+     */
+    protected boolean isIncludeStackTrace(HttpServletRequest request,
+                                          MediaType produces) {
+        ErrorProperties.IncludeStacktrace include = this.serverProperties.getError().getIncludeStacktrace();
+        if (include == ErrorProperties.IncludeStacktrace.ALWAYS) {
+            return true;
+        }
+        return include == ErrorProperties.IncludeStacktrace.ON_TRACE_PARAM && getTraceParameter(request);
+    }
+
+
+    /**
+     * 获取错误的信息
+     *
+     * @param request
+     * @param includeStackTrace
+     * @return
+     */
+    private Map<String, Object> getErrorAttributes(HttpServletRequest request,
+                                                   boolean includeStackTrace) {
+        RequestAttributes requestAttributes = new ServletRequestAttributes(request);
+        return this.errorAttributes.getErrorAttributes(requestAttributes,
+                includeStackTrace);
+    }
+
+    /**
+     * 是否包含trace
+     *
+     * @param request
+     * @return
+     */
+    private boolean getTraceParameter(HttpServletRequest request) {
+        String parameter = request.getParameter("trace");
+        return parameter != null && !"false".equalsIgnoreCase(parameter);
+    }
+
+    /**
+     * 获取错误编码
+     *
+     * @param request
+     * @return
+     */
+    private HttpStatus getStatus(HttpServletRequest request) {
+        Integer statusCode = (Integer) request
+                .getAttribute("javax.servlet.error.status_code");
+        if (statusCode == null) {
+            return HttpStatus.INTERNAL_SERVER_ERROR;
+        }
+        try {
+            return HttpStatus.valueOf(statusCode);
+        } catch (Exception ex) {
+            LOG.error("获取当前HttpStatus发生异常", ex);
+            return HttpStatus.INTERNAL_SERVER_ERROR;
+        }
+    }
+
+    /**
+     * 实现错误路径,暂时无用
+     *
+     * @return
+     */
+    @Override
+    public String getErrorPath() {
+        return "";
+    }
+}
--- a/blog-admin/src/main/java/com/zyd/blog/controller/PassportController.java
+++ b/blog-admin/src/main/java/com/zyd/blog/controller/PassportController.java
@@ -20,8 +20,8 @@
 package com.zyd.blog.controller;

 import com.zyd.blog.business.annotation.BussinessLog;
-import com.zyd.blog.framework.property.AppProperties;
 import com.zyd.blog.framework.object.ResponseVO;
+import com.zyd.blog.framework.property.AppProperties;
 import com.zyd.blog.util.ResultUtil;
 import com.zyd.blog.util.SessionUtil;
 import org.apache.shiro.SecurityUtils;
@@ -60,6 +60,10 @@ public class PassportController {
    @BussinessLog("进入登录页面")
    @GetMapping("/login")
    public ModelAndView login(Model model) {
+        Subject subject = SecurityUtils.getSubject();
+        if (subject.isAuthenticated()||subject.isRemembered()){
+            return ResultUtil.redirect("/index");
+        }
        model.addAttribute("enableKaptcha", config.getEnableKaptcha());
        return ResultUtil.view("/login");
    }

--- a/blog-admin/src/main/java/com/zyd/blog/controller/RestArticleController.java
+++ b/blog-admin/src/main/java/com/zyd/blog/controller/RestArticleController.java
@@ -33,6 +33,7 @@ import com.zyd.blog.framework.object.ResponseVO;
 import com.zyd.blog.util.FileUtil;
 import com.zyd.blog.util.ResultUtil;
 import com.zyd.blog.util.SessionUtil;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -58,6 +59,7 @@ public class RestArticleController {
    @Autowired
    private BizArticleTagsService articleTagsService;

+    @RequiresPermissions("articles")
    @PostMapping("/list")
    public PageResult list(ArticleConditionVO vo) {
        PageHelper.startPage(vo.getPageNumber() - 1, vo.getPageSize());

--- a/blog-admin/src/main/java/com/zyd/blog/controller/RestCommentController.java
+++ b/blog-admin/src/main/java/com/zyd/blog/controller/RestCommentController.java
@@ -36,6 +36,7 @@ import com.zyd.blog.framework.object.PageResult;
 import com.zyd.blog.framework.object.ResponseVO;
 import com.zyd.blog.util.ResultUtil;
 import com.zyd.blog.util.SessionUtil;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -61,6 +62,7 @@ public class RestCommentController {
    @Autowired
    private MailService mailService;

+    @RequiresPermissions("comments")
    @PostMapping("/list")
    public PageResult list(CommentConditionVO vo) {
        PageHelper.startPage(vo.getPageNumber() - 1, vo.getPageSize());

--- a/blog-admin/src/main/java/com/zyd/blog/controller/RestResourcesController.java
+++ b/blog-admin/src/main/java/com/zyd/blog/controller/RestResourcesController.java
@@ -29,7 +29,6 @@ import com.zyd.blog.core.shiro.ShiroService;
 import com.zyd.blog.framework.object.PageResult;
 import com.zyd.blog.framework.object.ResponseVO;
 import com.zyd.blog.util.ResultUtil;
-import com.zyd.blog.util.SessionUtil;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.cache.annotation.CacheEvict;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -37,9 +36,7 @@ import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;

-import java.util.HashMap;
 import java.util.List;
-import java.util.Map;

 /**
 * 系统资源管理
@@ -71,15 +68,6 @@ public class RestResourcesController {
        return ResultUtil.success(null, resourcesService.queryResourcesListWithSelected(rid));
    }

-    @PostMapping("/loadMenu")
-    public List<Resources> loadMenu() {
-        Map<String, Object> map = new HashMap<>();
-        Long userId = SessionUtil.getUser().getId();
-        map.put("type", "menu");
-        map.put("userId", userId);
-        return resourcesService.listUserResources(map);
-    }
-
    @PostMapping("/listParents")
    public List<Resources> listParents() {
        return resourcesService.listAllParentResource();

--- a/blog-admin/src/main/java/com/zyd/blog/controller/RestRoleController.java
+++ b/blog-admin/src/main/java/com/zyd/blog/controller/RestRoleController.java
@@ -26,6 +26,7 @@ import com.zyd.blog.business.enums.ResponseStatus;
 import com.zyd.blog.business.service.SysRoleResourcesService;
 import com.zyd.blog.business.service.SysRoleService;
 import com.zyd.blog.business.vo.RoleConditionVO;
+import com.zyd.blog.core.shiro.ShiroService;
 import com.zyd.blog.framework.object.PageResult;
 import com.zyd.blog.framework.object.ResponseVO;
 import com.zyd.blog.util.ResultUtil;
@@ -54,6 +55,8 @@ public class RestRoleController {
    private SysRoleService roleService;
    @Autowired
    private SysRoleResourcesService roleResourcesService;
+    @Autowired
+    private ShiroService shiroService;

    @PostMapping("/list")
    public PageResult getAll(RoleConditionVO vo) {
@@ -67,13 +70,14 @@ public class RestRoleController {
        return ResultUtil.success(null, roleService.queryRoleListWithSelected(uid));
    }

-    //分配角色
    @PostMapping("/saveRoleResources")
    public ResponseVO saveRoleResources(Long roleId, String resourcesId) {
        if (StringUtils.isEmpty(roleId)) {
            return ResultUtil.error("error");
        }
        roleResourcesService.addRoleResources(roleId, resourcesId);
+        // 重新加载所有拥有roleId的用户的权限信息
+        shiroService.reloadAuthorizingByRoleId(roleId);
        return ResultUtil.success("成功");
    }


--- a/blog-admin/src/main/java/com/zyd/blog/core/shiro/ShiroService.java
+++ b/blog-admin/src/main/java/com/zyd/blog/core/shiro/ShiroService.java
@@ -20,14 +20,24 @@
 package com.zyd.blog.core.shiro;

 import com.zyd.blog.business.entity.Resources;
+import com.zyd.blog.business.entity.User;
 import com.zyd.blog.business.service.SysResourcesService;
+import com.zyd.blog.business.service.SysUserService;
+import com.zyd.blog.core.shiro.realm.ShiroRealm;
 import com.zyd.blog.framework.holder.SpringContextHolder;
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.mgt.RealmSecurityManager;
 import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
+import org.apache.shiro.subject.SimplePrincipalCollection;
+import org.apache.shiro.subject.Subject;
 import org.apache.shiro.web.filter.mgt.DefaultFilterChainManager;
 import org.apache.shiro.web.filter.mgt.PathMatchingFilterChainResolver;
 import org.apache.shiro.web.servlet.AbstractShiroFilter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
+import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;

 import java.util.LinkedHashMap;
@@ -45,8 +55,12 @@ import java.util.Map;
 */
 @Service
 public class ShiroService {
+
+    private static final Logger LOG = LoggerFactory.getLogger(ShiroService.class);
    @Autowired
    private SysResourcesService resourcesService;
+    @Autowired
+    private SysUserService userService;

    /**
     * 初始化权限
@@ -109,44 +123,41 @@ public class ShiroService {
                String chainDefinition = entry.getValue().trim().replace(" ", "");
                manager.createChain(url, chainDefinition);
            }
-
-            System.out.println("更新权限成功！！");
        }
    }

    /**
-     * 根据userId 清除当前session存在的用户的权限缓存
-     * @param userIds 已经修改了权限的userId
+     * 重新加载用户权限
+     *
+     * @param user
     */
-   /* public void clearUserAuthByUserId(List<Integer> userIds){
-        if(null == userIds || userIds.size() == 0)	return ;
-        //获取所有session
-        Collection<Session> sessions = redisSessionDAO.getActiveSessions();
-        //定义返回
-        List<SimplePrincipalCollection> list = new ArrayList<SimplePrincipalCollection>();
-        for (Session session:sessions){
-            //获取session登录信息。
-            Object obj = session.getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY);
-            if(null != obj && obj instanceof SimplePrincipalCollection){
-                //强转
-                SimplePrincipalCollection spc = (SimplePrincipalCollection)obj;
-                //判断用户，匹配用户ID。
-                obj = spc.getPrimaryPrincipal();
-                if(null != obj && obj instanceof User){
-                    User user = (User) obj;
-                    System.out.println("user:"+user);
-                    //比较用户ID，符合即加入集合
-                    if(null != user && userIds.contains(user.getId())){
-                        list.add(spc);
-                    }
-                }
-            }
+    public void reloadAuthorizingByUserId(User user) {
+        RealmSecurityManager rsm = (RealmSecurityManager) SecurityUtils.getSecurityManager();
+        ShiroRealm shiroRealm = (ShiroRealm) rsm.getRealms().iterator().next();
+        Subject subject = SecurityUtils.getSubject();
+        String realmName = subject.getPrincipals().getRealmNames().iterator().next();
+        SimplePrincipalCollection principals = new SimplePrincipalCollection(user.getId(), realmName);
+        subject.runAs(principals);
+        shiroRealm.getAuthorizationCache().remove(subject.getPrincipals());
+        subject.releaseRunAs();
+
+        LOG.info("用户[{}]的权限更新成功！！", user.getUsername());
+
+    }
+
+    /**
+     * 重新加载所有拥有roleId角色的用户的权限
+     *
+     * @param roleId
+     */
+    public void reloadAuthorizingByRoleId(Long roleId) {
+        List<User> userList = userService.listByRoleId(roleId);
+        if (CollectionUtils.isEmpty(userList)) {
+            return;
        }
-        RealmSecurityManager securityManager =
-                (RealmSecurityManager) SecurityUtils.getSecurityManager();
-        MyShiroRealm realm = (MyShiroRealm)securityManager.getRealms().iterator().next();
-        for (SimplePrincipalCollection simplePrincipalCollection : list) {
-            realm.clearCachedAuthorizationInfo(simplePrincipalCollection);
+        for (User user : userList) {
+            reloadAuthorizingByUserId(user);
        }
-    }*/
+    }
+
 }
--- a/blog-admin/src/main/java/com/zyd/blog/core/shiro/credentials/RetryLimitCredentialsMatcher.java
+++ b/blog-admin/src/main/java/com/zyd/blog/core/shiro/credentials/RetryLimitCredentialsMatcher.java
@@ -19,7 +19,6 @@
 */
 package com.zyd.blog.core.shiro.credentials;

-import com.alibaba.fastjson.JSONObject;
 import com.zyd.blog.business.consts.SessionConst;
 import com.zyd.blog.business.entity.User;
 import com.zyd.blog.business.service.SysUserService;
@@ -34,7 +33,6 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.data.redis.core.ValueOperations;

-import javax.annotation.Resource;
 import java.util.concurrent.TimeUnit;

 /**
@@ -59,14 +57,14 @@ public class RetryLimitCredentialsMatcher extends CredentialsMatcher {
     */
    private static final String SHIRO_IS_LOCK = "shiro_is_lock_";
    @Autowired
-    RedisTemplate redisTemplate;
-    @Resource
+    private RedisTemplate redisTemplate;
+    @Autowired
    private SysUserService userService;

    @Override
    public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
-        User user = (User) info.getPrincipals().getPrimaryPrincipal();
-        LOGGER.info("== 验证用户：{}", JSONObject.toJSONString(user));
+        Long userId = (Long) info.getPrincipals().getPrimaryPrincipal();
+        User user = userService.getByPrimaryKey(userId);
        String username = user.getUsername();
        // 访问一次，计数一次
        ValueOperations<String, String> opsForValue = redisTemplate.opsForValue();
@@ -104,6 +102,6 @@ public class RetryLimitCredentialsMatcher extends CredentialsMatcher {
        // 当验证都通过后，把用户信息放在session里
        // 注：User必须实现序列化
        SecurityUtils.getSubject().getSession().setAttribute(SessionConst.USER_SESSION_KEY, user);
-        return matches;
+        return true;
    }
 }
--- a/blog-admin/src/main/java/com/zyd/blog/core/shiro/realm/ShiroRealm.java
+++ b/blog-admin/src/main/java/com/zyd/blog/core/shiro/realm/ShiroRealm.java
@@ -58,7 +58,6 @@ public class ShiroRealm extends AuthorizingRealm {

    /**
     * 提供账户信息返回认证信息（用户的角色信息集合）
-     *
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
@@ -72,13 +71,13 @@ public class ShiroRealm extends AuthorizingRealm {
            throw new LockedAccountException("帐号已被锁定，禁止登录！");
        }

-        SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
-                user,
+        // principal参数使用用户Id，方便动态刷新用户权限
+        return new SimpleAuthenticationInfo(
+                user.getId(),
                user.getPassword(),
                ByteSource.Util.bytes(username),
                getName()
        );
-        return authenticationInfo;
    }

    /**
@@ -86,9 +85,9 @@ public class ShiroRealm extends AuthorizingRealm {
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
-        User user = (User) SecurityUtils.getSubject().getPrincipal();
+        Long userId = (Long) SecurityUtils.getSubject().getPrincipal();
        Map<String, Object> map = new HashMap<String, Object>();
-        map.put("userId", user.getId());
+        map.put("userId", userId);
        List<Resources> resourcesList = resourcesService.listUserResources(map);
        // 权限信息对象info,用来存放查出的用户的所有的角色（role）及权限（permission）
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
@@ -111,14 +110,4 @@ public class ShiroRealm extends AuthorizingRealm {
        return info;
    }

-    /**
-     * 指定principalCollection 清除
-     */
-  /*  public void clearCachedAuthorizationInfo(PrincipalCollection principalCollection) {
-
-        SimplePrincipalCollection principals = new SimplePrincipalCollection(
-                principalCollection, getName());
-        super.clearCachedAuthorizationInfo(principals);
-    }
-*/
 }
--- a/blog-admin/src/main/resources/static/assets/js/zhyd.core.js
+++ b/blog-admin/src/main/resources/static/assets/js/zhyd.core.js
@@ -205,31 +205,7 @@ $.fn.popover.Constructor.prototype.leave = function (a) {
    // zhyd.initSidebar();
    zhyd.initDaterangepicker();
    zhyd.initValidator();
-    var menuHtml = localStorage.getItem("menu");
-    if (menuHtml) {
-        $(".side-menu").append(menuHtml);
-        zhyd.initSidebar();
-    } else {
-        $.ajax({
-            cache: true,
-            type: "POST",
-            url: '/resources/loadMenu',
-            dataType: "json",
-            success: function (data) {
-                var html = "";
-                $.each(data, function (index) {
-                    console.log(this);
-                    this.hasNodes = this.nodes && this.nodes.length > 0;
-                    var tpl = '{{#hasNodes}}<li><a><i class="{{icon}}"></i> {{name}}<span class="fa fa-chevron-down"></span></a><ul class="nav child_menu">{{#nodes}}<li><a href="{{url}}"><i class="{{icon}}"></i>{{name}}</a></li>{{/nodes}}</ul></li>{{/hasNodes}}';
-                    tpl += '{{^hasNodes}}<li><a href="{{url}}"><i class="{{icon}}"></i> {{name}}</a></li>{{/hasNodes}}';
-                    html += Mustache.render(tpl, this);
-                });
-                localStorage.setItem("menu", html);
-                $(".side-menu").append(html);
-                zhyd.initSidebar();
-            }
-        });
-    }
+    zhyd.initSidebar();

    $.ajax({
        cache: false,

--- a/blog-admin/src/main/resources/templates/layout/sidebar.ftl
+++ b/blog-admin/src/main/resources/templates/layout/sidebar.ftl
@@ -2,6 +2,24 @@
 <div id="sidebar-menu" class="main_menu_side hidden-print main_menu">
    <div class="menu_section">
        <ul class="nav side-menu">
+            <@zhydTag method="menus" userId="${user.id}">
+                <#if menus?? && menus?size gt 0>
+                    <#list menus as item>
+                        <#if item.nodes?? && item.nodes?size gt 0>
+                            <li>
+                                <a><i class="${item.icon?if_exists}"></i> ${item.name?if_exists}<span class="fa fa-chevron-down"></span></a>
+                                <ul class="nav child_menu">
+                                    <#list item.nodes as node>
+                                        <li><a href="${node.url?if_exists}"><i class="${node.icon?if_exists}"></i>${node.name?if_exists}</a></li>
+                                    </#list>
+                                </ul>
+                            </li>
+                        <#else>
+                            <li><a href="${item.url?if_exists}"><i class="${item.icon?if_exists}"></i>${item.name?if_exists}</a></li>
+                        </#if>
+                    </#list>
+                </#if>
+            </@zhydTag>
        </ul>
    </div>
 </div>

--- a/blog-core/src/main/java/com/zyd/blog/business/service/SysUserService.java
+++ b/blog-core/src/main/java/com/zyd/blog/business/service/SysUserService.java
@@ -25,6 +25,8 @@ import com.zyd.blog.business.entity.User;
 import com.zyd.blog.business.vo.UserConditionVO;
 import com.zyd.blog.framework.object.AbstractService;

+import java.util.List;
+
 /**
 * 用户
 *
@@ -60,4 +62,12 @@ public interface SysUserService extends AbstractService<User, Long> {
     */
    User getByUserName(String userName);

+    /**
+     * 通过角色Id获取用户列表
+     *
+     * @param roleId
+     * @return
+     */
+    List<User> listByRoleId(Long roleId);
+
 }
--- a/blog-core/src/main/java/com/zyd/blog/business/service/impl/SysRoleServiceImpl.java
+++ b/blog-core/src/main/java/com/zyd/blog/business/service/impl/SysRoleServiceImpl.java
@@ -121,11 +121,10 @@ public class SysRoleServiceImpl implements SysRoleService {
    public void insertList(List<Role> entities) {
        Assert.notNull(entities, "entities不可为空！");
        List<SysRole> sysRole = new ArrayList<>();
-        String regIp = IpUtil.getRealIp(RequestHolder.getRequest());
-        for (Role Role : entities) {
-            Role.setUpdateTime(new Date());
-            Role.setCreateTime(new Date());
-            sysRole.add(Role.getSysRole());
+        for (Role role : entities) {
+            role.setUpdateTime(new Date());
+            role.setCreateTime(new Date());
+            sysRole.add(role.getSysRole());
        }
        roleMapper.insertList(sysRole);
    }

--- a/blog-core/src/main/java/com/zyd/blog/business/service/impl/SysUserServiceImpl.java
+++ b/blog-core/src/main/java/com/zyd/blog/business/service/impl/SysUserServiceImpl.java
@@ -250,4 +250,23 @@ public class SysUserServiceImpl implements SysUserService {
        return getOneByEntity(user);
    }

+    /**
+     * 通过角色Id获取用户列表
+     *
+     * @param roleId
+     * @return
+     */
+    @Override
+    public List<User> listByRoleId(Long roleId) {
+        List<SysUser> sysUsers = sysUserMapper.listByRoleId(roleId);
+        if (CollectionUtils.isEmpty(sysUsers)) {
+            return null;
+        }
+        List<User> users = new ArrayList<>();
+        for (SysUser su : sysUsers) {
+            users.add(new User(su));
+        }
+        return users;
+    }
+
 }
--- a/blog-core/src/main/java/com/zyd/blog/framework/tag/CustomTagDirective.java
+++ b/blog-core/src/main/java/com/zyd/blog/framework/tag/CustomTagDirective.java
@@ -28,8 +28,10 @@ import freemarker.core.Environment;
 import freemarker.template.*;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
+import org.springframework.util.StringUtils;

 import java.io.IOException;
+import java.util.HashMap;
 import java.util.Map;

 /**
@@ -85,6 +87,20 @@ public class CustomTagDirective implements TemplateDirectiveModel {
                    // 站点属性
                    environment.setVariable("siteInfo", builder.build().wrap(configService.getSiteInfo()));
                    break;
+                case "menus":
+                    Integer userId = null;
+                    if (map.containsKey("userId")) {
+                        String userIdStr = map.get("userId").toString();
+                        if(StringUtils.isEmpty(userIdStr)){
+                            return;
+                        }
+                        userId = Integer.parseInt(userIdStr);
+                    }
+                    Map<String, Object> params = new HashMap<>(2);
+                    params.put("type", "menu");
+                    params.put("userId", userId);
+                    environment.setVariable("menus", builder.build().wrap(resourcesService.listUserResources(params)));
+                    break;
                default:
                    break;
            }

--- a/blog-core/src/main/java/com/zyd/blog/persistence/mapper/SysUserMapper.java
+++ b/blog-core/src/main/java/com/zyd/blog/persistence/mapper/SysUserMapper.java
@@ -42,4 +42,6 @@ public interface SysUserMapper extends BaseMapper<SysUser> {

    List<SysUser> findPageBreakByCondition(UserConditionVO vo);

+    List<SysUser> listByRoleId(Long roleId);
+
 }
--- a/blog-core/src/main/resources/mybatis/SysUserMapper.xml
+++ b/blog-core/src/main/resources/mybatis/SysUserMapper.xml
@@ -80,5 +80,17 @@
 			s.create_time DESC
 	</select>

+	<select id="listByRoleId" parameterType="Long" resultMap="rm">
+		SELECT
+			s.id,
+			s.username,
+			s.nickname
+		FROM
+			sys_user s
+		INNER JOIN sys_user_role sur ON  sur.user_id = s.id
+		WHERE
+			sur.role_id = #{roleId}
+	</select>
+
 </mapper>