优化内容管理文档权限机制，适应二段[如：unique@P]结构组织对象权限设定

o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/queue/QueueDataRowImport.java

@@ -30,7 +30,7 @@ public class QueueDataRowImport extends AbstractQueue<ImportDataRow> {
 		String titleFlag = excelReadRuntime.wi.getTitle();
 		
 		//生成一个Document和Data
-		System.out.println(">>>>>>>>>>>>>>>>>>>QueueDataRowImport.execute正在处理第" + curRow + "行数据：" + printData( colmlist ) );
+//		System.out.println(">>>>>>>>>>>>>>>>>>>QueueDataRowImport.execute正在处理第" + curRow + "行数据：" + printData( colmlist ) );
 		if( ListTools.isNotEmpty( colmlist ) ){
 			Data data = null;
 			Document document = null;
@@ -43,8 +43,8 @@ public class QueueDataRowImport extends AbstractQueue<ImportDataRow> {
 				document.setImportBatchName( batchName );
 				document.setDocStatus("checking"); //待校验
 				document.setSummary( null );
-				document.addReadPersonList( "所有人" );
-				document.addAuthorPersonList( excelReadRuntime.operatorName );
+				document.addToReadPersonList( "所有人" );
+				document.addToAuthorPersonList( excelReadRuntime.operatorName );
 						
 				if( StringUtils.isNotEmpty( colmlist.get( titleColIndex )+"" )) {
 					if( StringUtils.isNotEmpty( titleFlag )) {

o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/service/CmsBatchOperationProcessService.java

@@ -42,7 +42,7 @@ public class CmsBatchOperationProcessService {
 	 * @throws Exception 
 	 */
 	public String process( CmsBatchOperation cmsBatchOperation ) throws Exception {
-		logger.info( "process -> Cms processing batch operation: " + cmsBatchOperation.toString() );
+		logger.debug( "process -> Cms processing batch operation: " + cmsBatchOperation.toString() );
 		//先把cmsBatchOperation状态修改为执行中
 		try (EntityManagerContainer emc = EntityManagerContainerFactory.instance().create()) {
 			cmsBatchOperation = emc.find( cmsBatchOperation.getId(), CmsBatchOperation.class );
@@ -51,7 +51,7 @@ public class CmsBatchOperationProcessService {
 				emc.beginTransaction( CmsBatchOperation.class );
 				emc.check( cmsBatchOperation, CheckPersistType.all );
 				emc.commit();
-				logger.info( "process -> cms change batch operation running......: " );
+				logger.debug( "process -> cms change batch operation running......: " );
 			}			
 		} catch (Exception e) {
 			throw e;

o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/service/PermissionOperateService.java

@@ -162,26 +162,26 @@ public class PermissionOperateService {
 				if( ListTools.isNotEmpty( permissionList ) ){
 					for( PermissionInfo permission : permissionList ){					
 						if( "管理".equals( permission.getPermission() )) {
-							document.addManagerList(permission.getPermissionObjectCode());
+							document.addToManagerList(permission.getPermissionObjectCode());
 						}else if( "读者".equals( permission.getPermission() ) || "阅读".equals( permission.getPermission() )) {
 							if( "人员".equals( permission.getPermissionObjectType() )) {
-								document.addReadPersonList(permission.getPermissionObjectCode());
+								document.addToReadPersonList(permission.getPermissionObjectCode());
 							}else if( "部门".equals(  permission.getPermissionObjectType() ) || "组织".equals( permission.getPermissionObjectType() )) {
-								document.addReadUnitList(permission.getPermissionObjectCode());
+								document.addToReadUnitList(permission.getPermissionObjectCode());
 							}else if( "群组".equals( permission.getPermissionObjectType() )) {
-								document.addReadGroupList(permission.getPermissionObjectCode());
+								document.addToReadGroupList(permission.getPermissionObjectCode());
 							}else if( "所有人".equals( permission.getPermissionObjectCode() )) {
-								document.addReadPersonList("所有人");
+								document.addToReadPersonList("所有人");
 							}
 						}else if( "作者".equals( permission.getPermission() )) {
 							if( "人员".equals( permission.getPermissionObjectType() )) {
-								document.addAuthorPersonList(permission.getPermissionObjectCode());
+								document.addToAuthorPersonList(permission.getPermissionObjectCode());
 							}else if( "部门".equals(  permission.getPermissionObjectType() ) || "组织".equals( permission.getPermissionObjectType() )) {
-								document.addAuthorUnitList(permission.getPermissionObjectCode());
+								document.addToAuthorUnitList(permission.getPermissionObjectCode());
 							}else if( "群组".equals( permission.getPermissionObjectType() )) {
-								document.addAuthorGroupList(permission.getPermissionObjectCode());
+								document.addToAuthorGroupList(permission.getPermissionObjectCode());
 							}else if( "所有人".equals( permission.getPermissionObjectCode() )) {
-								document.addAuthorPersonList("所有人");
+								document.addToAuthorPersonList("所有人");
 							}
 						}
 					}
@@ -190,19 +190,19 @@ public class PermissionOperateService {
 				if( ListTools.isEmpty( document.getReadPersonList() ) && ListTools.isEmpty( document.getReadUnitList() ) 
 						&& ListTools.isEmpty( document.getReadGroupList() )) {
 					//可读范围都为空，则是所有人可访问
-					document.addReadPersonList("所有人");
-					document.addReadPersonList(document.getCreatorPerson());
+					document.addToReadPersonList("所有人");
+					document.addToReadPersonList(document.getCreatorPerson());
 				}
 				if( ListTools.isEmpty( document.getAuthorPersonList() ) && ListTools.isEmpty( document.getAuthorUnitList() ) 
 						&& ListTools.isEmpty( document.getAuthorGroupList() )) {
 					//编辑全部都为空，则是创建人可编辑
-					document.addAuthorPersonList( document.getCreatorPerson() );
-					document.addAuthorPersonList( document.getCreatorPerson() );
+					document.addToAuthorPersonList( document.getCreatorPerson() );
+					document.addToAuthorPersonList( document.getCreatorPerson() );
 				}
 				if( ListTools.isEmpty( document.getManagerList() ) ) {
 					//管理全部都为空，则是创建人可以管理
-					document.addManagerList( document.getCreatorPerson() );
-					document.addManagerList( document.getCreatorPerson() );
+					document.addToManagerList( document.getCreatorPerson() );
+					document.addToManagerList( document.getCreatorPerson() );
 				}
 		
 				emc.check( document , CheckPersistType.all );
@@ -213,111 +213,15 @@ public class PermissionOperateService {
 		}
 	}
 
-//	/**
-//	 * 根据文档的权限信息组织所有的权限对象列表
-//	 * @param document
-//	 * @throws Exception
-//	 */
-//	public List<PermissionInfo> composeDocmentAllPermissions( Document document ) throws Exception {
-//
-//		List<PermissionInfo> permissionList = new ArrayList<>();
-//		//处理创建者
-//		permissionList.add( new PermissionInfo( PermissionName.READER, "人员", document.getCreatorIdentity(), document.getCreatorIdentity() ) );
-//		permissionList.add( new PermissionInfo( PermissionName.AUTHOR, "人员", document.getCreatorIdentity(), document.getCreatorIdentity() ) );
-//		permissionList.add( new PermissionInfo( PermissionName.MANAGER, "人员", document.getCreatorIdentity(), document.getCreatorIdentity() ) );
-//
-//		if ( ListTools.isEmpty( document.getAuthorPersonList() ) ) {
-//			for( String permissionCode : document.getAuthorPersonList() ){
-//				if( !existsPermission(permissionList, PermissionName.AUTHOR, "permissionCode") ){
-//					if( StringUtils.equalsIgnoreCase("所有人", permissionCode )){
-//						permissionList.add( new PermissionInfo( PermissionName.AUTHOR, "所有人", "所有人", "所有人" ) );
-//					}else{
-//						permissionList.add( new PermissionInfo( PermissionName.AUTHOR, "人员", permissionCode, permissionCode ) );
-//					}
+//	private boolean existsPermission(List<PermissionInfo> permissionList, String objectType, String permissionCode) {
+//		if( ListTools.isNotEmpty( permissionList )){
+//			for ( PermissionInfo permission : permissionList ){
+//				if( StringUtils.equalsIgnoreCase( permission.getPermissionObjectCode(), permissionCode ) &&
+//						StringUtils.equalsIgnoreCase( permission.getPermissionObjectType(), objectType )){
+//					return true;
 //				}
 //			}
 //		}
-//
-//		if ( ListTools.isEmpty( document.getAuthorUnitList() ) ) {
-//			for( String permissionCode : document.getAuthorUnitList() ){
-//				if( !existsPermission(permissionList, PermissionName.AUTHOR, "permissionCode") ){
-//					if( StringUtils.equalsIgnoreCase("所有人", permissionCode )){
-//						permissionList.add( new PermissionInfo( PermissionName.AUTHOR, "所有人", "所有人", "所有人" ) );
-//					}else{
-//						permissionList.add( new PermissionInfo( PermissionName.AUTHOR, "组织", permissionCode, permissionCode ) );
-//					}
-//				}
-//			}
-//		}
-//
-//		if ( ListTools.isEmpty( document.getAuthorGroupList() ) ) {
-//			for( String permissionCode : document.getAuthorUnitList() ){
-//				if( !existsPermission(permissionList, PermissionName.AUTHOR, "permissionCode") ){
-//					if( StringUtils.equalsIgnoreCase("所有人", permissionCode )){
-//						permissionList.add( new PermissionInfo( PermissionName.AUTHOR, "所有人", "所有人", "所有人" ) );
-//					}else{
-//						permissionList.add( new PermissionInfo( PermissionName.AUTHOR, "群组", permissionCode, permissionCode ) );
-//					}
-//				}
-//			}
-//		}
-//
-//		if ( ListTools.isEmpty( document.getReadPersonList() ) ) {
-//			for( String permissionCode : document.getReadPersonList() ){
-//				if( !existsPermission(permissionList, PermissionName.READER, "permissionCode") ){
-//					if( StringUtils.equalsIgnoreCase("所有人", permissionCode )){
-//						permissionList.add( new PermissionInfo( PermissionName.READER, "所有人", "所有人", "所有人" ) );
-//					}else{
-//						permissionList.add( new PermissionInfo( PermissionName.READER, "人员", permissionCode, permissionCode ) );
-//					}
-//				}
-//			}
-//		}
-//
-//		if ( ListTools.isEmpty( document.getReadUnitList() ) ) {
-//			for( String permissionCode : document.getReadUnitList() ){
-//				if( !existsPermission(permissionList, PermissionName.READER, "permissionCode") ) {
-//					if( StringUtils.equalsIgnoreCase("所有人", permissionCode )){
-//						permissionList.add( new PermissionInfo( PermissionName.READER, "所有人", "所有人", "所有人" ) );
-//					}else{
-//						permissionList.add( new PermissionInfo( PermissionName.READER, "组织", permissionCode, permissionCode ) );
-//					}
-//				}
-//
-//			}
-//		}
-//
-//		if ( ListTools.isEmpty( document.getReadGroupList() ) ) {
-//			for( String permissionCode : document.getReadGroupList() ){
-//				if( !existsPermission(permissionList, PermissionName.READER, "permissionCode") ){
-//					if( StringUtils.equalsIgnoreCase("所有人", permissionCode )){
-//						permissionList.add( new PermissionInfo( PermissionName.READER, "所有人", "所有人", "所有人" ) );
-//					}else{
-//						permissionList.add( new PermissionInfo( PermissionName.READER, "群组", permissionCode, permissionCode ) );
-//					}
-//				}
-//			}
-//		}
-//
-//		if ( ListTools.isEmpty( document.getManagerList() ) ) {
-//			for( String permissionCode : document.getManagerList() ){
-//				if( !existsPermission(permissionList, PermissionName.MANAGER, "permissionCode") ){
-//					permissionList.add( new PermissionInfo( PermissionName.MANAGER, "人员", permissionCode, permissionCode ) );
-//				}
-//			}
-//		}
-//		return permissionList;
+//		return false;
 //	}
-
-	private boolean existsPermission(List<PermissionInfo> permissionList, String objectType, String permissionCode) {
-		if( ListTools.isNotEmpty( permissionList )){
-			for ( PermissionInfo permission : permissionList ){
-				if( StringUtils.equalsIgnoreCase( permission.getPermissionObjectCode(), permissionCode ) &&
-						StringUtils.equalsIgnoreCase( permission.getPermissionObjectType(), objectType )){
-					return true;
-				}
-			}
-		}
-		return false;
-	}
 }

o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/service/ReviewService.java

@@ -461,13 +461,30 @@ public class ReviewService {
 			permissionObjs = new ArrayList<>();
 		}
 		if( ListTools.isNotEmpty(objNames)){
+			Person person;
+			String[] array;
 			for( String objName : objNames ) {
 				if(StringUtils.isNotEmpty(objName)){
+					person = null;
+					array = null;
 					if( objName.trim().endsWith( "@P" ) ) {
+						//直接加入人员
+						array = objName.split("@");
+						if( array.length == 2){
+							person = userManagerService.getPerson(array[0]);
+							if( person != null ){
+								objName = person.getDistinguishedName();
+							}
+						}
 						if( !permissionObjs.contains( objName )) {
 							permissionObjs.add( objName );
 						}
 					}else if( objName.trim().endsWith( "@I" ) ) {//将Identity转换为人员
+						//从身份到人员
+						array = objName.split("@");
+						if( array.length == 2){
+							objName = userManagerService.getPersonNameWithIdentity(array[0]);
+						}
 						result = userManagerService.getPersonNameWithIdentity( objName );
 						permissionObjs = addStringToList( permissionObjs, result );
 					}else if( objName.trim().endsWith( "@U" ) ) {//将组织拆解为人员
@@ -552,16 +569,17 @@ public class ReviewService {
 		
 		//先删除原来所有的Review信息
 		if( ListTools.isNotEmpty( oldReviewIds )) {
-			reviews = emc.list( Review.class, oldReviewIds ); //查询该文档所有的Review列表
-			if( ListTools.isNotEmpty( reviews )) {
-				emc.beginTransaction( Review.class );
-				for( Review review_tmp : reviews ) {
-					//System.out.println(">>>>>>>["+ review_tmp.getTitle() +"] delete review: " + review_tmp.getPermissionObj());
-					emc.remove( review_tmp, CheckRemoveType.all );
+			Review oldReview = null;
+			emc.beginTransaction( Review.class );
+			for( String reviewId : oldReviewIds ){
+				oldReview = emc.find( reviewId, Review.class );
+				if( oldReview != null ){
+					emc.remove( oldReview, CheckRemoveType.all );
 				}
-				emc.commit();
 			}
+			emc.commit();
 		}
+
 		//再添加新的Review信息
 		if( ListTools.isNotEmpty( permissionPersons )) {
 			permissionPersons = removeSameValue( permissionPersons );
@@ -569,7 +587,6 @@ public class ReviewService {
 			Person personObj = null;
 			String personName = null;
 			for( String person : permissionPersons ) {
-				
 				if( !person.equalsIgnoreCase( "*" )) {
 					//检查一下个人是否存在，防止姓名或者唯一标识变更过了导致文档权限不正确
 					personObj = userManagerService.getPerson( person );

o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/service/UserManagerService.java

@@ -33,24 +33,17 @@ public class UserManagerService {
 	public Person getPerson(String personName) throws Exception {
 		Business business = null;
 		Person person = null;
-		List<Person> personList = null;
 		try (EntityManagerContainer emc = EntityManagerContainerFactory.instance().create()) {
 			business = new Business(emc);
 			person = business.organization().person().getObject(personName);
 			if (person == null) {
 				if (personName.endsWith("@P") && personName.split("@P").length == 3) {
-					personList = business.organization().person().listObject(personName.split("@")[1]);
-					if (ListTools.isNotEmpty(personList)) {
-						return personList.get(0);
-					}
+					return business.organization().person().getObject(personName.split("@")[1]);
 				}
 			}
 			if (person == null) {
-				if (personName.endsWith("@P") && personName.split("@P").length == 3) {
-					personList = business.organization().person().listObject(personName.split("@")[0]);
-					if (ListTools.isNotEmpty(personList)) {
-						return personList.get(0);
-					}
+				if (personName.endsWith("@P") && personName.split("@P").length == 2) {
+					return business.organization().person().getObject(personName.split("@")[0]);
 				}
 			}
 		} catch (Exception e) {
@@ -75,7 +68,12 @@ public class UserManagerService {
 		try (EntityManagerContainer emc = EntityManagerContainerFactory.instance().create()) {
 			business = new Business(emc);
 			unitNames = business.organization().unit().listWithPerson(personName);
-			if (unitNames != null && !unitNames.isEmpty()) {
+			if ( ListTools.isEmpty( unitNames )) {
+				if (personName.endsWith("@P") && personName.split("@P").length == 2) {
+					unitNames = business.organization().unit().listWithPerson( personName.split("@")[0] );
+				}
+			}
+			if ( ListTools.isNotEmpty( unitNames )) {
 				for (String unitName : unitNames) {
 					unit = business.organization().unit().getObject(unitName);
 					if (level < unit.getLevel()) {
@@ -125,7 +123,13 @@ public class UserManagerService {
 		try (EntityManagerContainer emc = EntityManagerContainerFactory.instance().create()) {
 			business = new Business(emc);
 			// 兼容一下传过来的perosnName有可能是个人，有可能是身份
-			personName = business.organization().person().get(personName);
+			if( StringUtils.isNotEmpty( personName )){
+				if (personName.endsWith("@P") && personName.split("@P").length == 2) {
+					personName = business.organization().person().get(personName.split("@")[0]);
+				}else{
+					personName = business.organization().person().get(personName);
+				}
+			}
 			identity = getMajorIdentityWithPerson(personName);
 			if (identity != null && !identity.isEmpty()) {
 				topUnitName = business.organization().unit().getWithIdentityWithLevel(identity, 1);
@@ -167,8 +171,13 @@ public class UserManagerService {
 		Business business = null;
 		try (EntityManagerContainer emc = EntityManagerContainerFactory.instance().create()) {
 			business = new Business(emc);
-			// 兼容一下传过来的perosnName有可能是个人，有可能是身份
-			personName = business.organization().person().get(personName);
+			if( StringUtils.isNotEmpty( personName )){
+				if (personName.endsWith("@P") && personName.split("@P").length == 2) {
+					personName = business.organization().person().get(personName.split("@")[0]);
+				}else{
+					personName = business.organization().person().get(personName);
+				}
+			}
 			identities = business.organization().identity().listWithPerson(personName);
 			if (identities != null && !identities.isEmpty()) {
 				if( identities.size() == 1 ) {
@@ -221,6 +230,13 @@ public class UserManagerService {
 		Business business = null;
 		try (EntityManagerContainer emc = EntityManagerContainerFactory.instance().create()) {
 			business = new Business(emc);
+			if( StringUtils.isNotEmpty( personName )){
+				if (personName.endsWith("@P") && personName.split("@P").length == 2) {
+					personName = business.organization().person().get(personName.split("@")[0]);
+				}else{
+					personName = business.organization().person().get(personName);
+				}
+			}
 			unitNames = business.organization().unit().listWithPersonSupNested(personName);
 			return unitNames == null ? new ArrayList<>() : unitNames;
 		} catch (NullPointerException e) {
@@ -233,18 +249,25 @@ public class UserManagerService {
 	/**
 	 * 根据用户姓名查询用户所有的身份信息
 	 * 
-	 * @param userName
+	 * @param personName
 	 * @return
 	 * @throws Exception
 	 */
-	public List<String> listIdentitiesWithPerson(String userName) throws Exception {
-		if (StringUtils.isEmpty(userName)) {
+	public List<String> listIdentitiesWithPerson(String personName) throws Exception {
+		if (StringUtils.isEmpty(personName)) {
 			throw new Exception("userName is null!");
 		}
 		Business business = null;
 		try (EntityManagerContainer emc = EntityManagerContainerFactory.instance().create()) {
 			business = new Business(emc);
-			return business.organization().identity().listWithPerson(userName);
+			if( StringUtils.isNotEmpty( personName )){
+				if (personName.endsWith("@P") && personName.split("@P").length == 2) {
+					personName = business.organization().person().get(personName.split("@")[0]);
+				}else{
+					personName = business.organization().person().get(personName);
+				}
+			}
+			return business.organization().identity().listWithPerson(personName);
 		} catch (NullPointerException e) {
 			return null;
 		} catch (Exception e) {
@@ -265,6 +288,13 @@ public class UserManagerService {
 		List<String> nameList = new ArrayList<String>();
 		try (EntityManagerContainer emc = EntityManagerContainerFactory.instance().create()) {
 			business = new Business(emc);
+			if( StringUtils.isNotEmpty( personName )){
+				if (personName.endsWith("@P") && personName.split("@P").length == 2) {
+					personName = business.organization().person().get(personName.split("@")[0]);
+				}else{
+					personName = business.organization().person().get(personName);
+				}
+			}
 			roleList = business.organization().role().listWithPerson(personName);
 			if (roleList != null && roleList.size() > 0) {
 				roleList.stream().filter(r -> !nameList.contains(r)).distinct().forEach(r -> nameList.add(r));
@@ -290,6 +320,13 @@ public class UserManagerService {
 		List<String> nameList = new ArrayList<String>();
 		try (EntityManagerContainer emc = EntityManagerContainerFactory.instance().create()) {
 			business = new Business(emc);
+			if( StringUtils.isNotEmpty( personName )){
+				if (personName.endsWith("@P") && personName.split("@P").length == 2) {
+					personName = business.organization().person().get(personName.split("@")[0]);
+				}else{
+					personName = business.organization().person().get(personName);
+				}
+			}
 			groupList = business.organization().group().listWithPerson(personName);
 			if (groupList != null && groupList.size() > 0) {
 				groupList.stream().filter(g -> !nameList.contains(g)).distinct().forEach(g -> nameList.add(g));
@@ -321,6 +358,13 @@ public class UserManagerService {
 		Business business = null;
 		try (EntityManagerContainer emc = EntityManagerContainerFactory.instance().create()) {
 			business = new Business(emc);
+			if( StringUtils.isNotEmpty( personName )){
+				if (personName.endsWith("@P") && personName.split("@P").length == 2) {
+					personName = business.organization().person().get(personName.split("@")[0]);
+				}else{
+					personName = business.organization().person().get(personName);
+				}
+			}
 			roleList = business.organization().role().listWithPerson(personName);
 			if (roleList != null && !roleList.isEmpty()) {
 				if (roleList.stream().filter(r -> roleName.equalsIgnoreCase(r)).count() > 0) {
@@ -402,47 +446,9 @@ public class UserManagerService {
 		return null;
 	}
 
-	public List<String> getPersonPermissionCodes(String personName) throws Exception {
-		List<String> queryObjectNames = new ArrayList<>();
-		List<String> groupNames = null;
-		List<String> roleNames = null;
-		List<String> unitNames = null;
-
-		// 选查询个人涉及的所有组织角色以及群组编码
-		groupNames = listGroupNamesByPerson(personName);
-		roleNames = listRoleNamesByPerson(personName);
-		unitNames = listUnitNamesWithPerson(personName);
-
-		queryObjectNames.add(personName);
-
-		// 将三个列表合为一个，再进行分类权限查询
-		if (groupNames != null && !groupNames.isEmpty()) {
-			for (String name : groupNames) {
-				if (!queryObjectNames.contains(name)) {
-					queryObjectNames.add(name);
-				}
-			}
-		}
-		if (roleNames != null && !roleNames.isEmpty()) {
-			for (String name : roleNames) {
-				if (!queryObjectNames.contains(name)) {
-					queryObjectNames.add(name);
-				}
-			}
-		}
-		if (unitNames != null && !unitNames.isEmpty()) {
-			for (String name : unitNames) {
-				if (!queryObjectNames.contains(name)) {
-					queryObjectNames.add(name);
-				}
-			}
-		}
-		return queryObjectNames;
-	}
-
 	/**
-	 * 根据组织名称，查询组织内所有的人员标识，包括下级组织
-	 * 
+	 * 根据组织名称，查询组织内所有的人员标识，包括下级组织<br/>
+	 * 2020-06-12 改为使用唯一标识查询<br/>
 	 * @param unitName
 	 * @return
 	 * @throws Exception
@@ -453,15 +459,43 @@ public class UserManagerService {
 		}
 		try (EntityManagerContainer emc = EntityManagerContainerFactory.instance().create()) {
 			Business business = new Business(emc);
-			return business.organization().person().listWithUnitSubNested(unitName);
+
+			//2020-06-12 unitName可能有3段，可能有2段，统一使用中间的唯一标识来进行查询
+			String unique = getUniqueWithName( unitName );
+
+			return business.organization().person().listWithUnitSubNested( unique );
 		} catch (Exception e) {
 			throw e;
 		}
 	}
 
 	/**
-	 * 根据群组名称，查询群组内所有的人员标识
-	 * 
+	 * 获取组织对象的唯一标识<br/>
+	 *<br/>
+	 * 组织对象标识一般会有3段，如 综合部@1304-73504398-13419-0347@U, 张三@293041-9305983-04258-0943@P<br/>
+	 * 文档权限里也会存在2段，因为第一段经常会变，如组织：行政综合部@1304-73504398-13419-0347@U<br/>
+	 * 所以查询的时候最好只用中间的唯一标识来查询<br/>
+	 * @param orgObjectName
+	 * @return
+	 */
+	private String getUniqueWithName(String orgObjectName ) {
+		if( StringUtils.isNotEmpty( orgObjectName )){
+			String[] array = orgObjectName.split("@");
+			if( array.length == 3 ){
+				return array[1];
+			}else if( array.length == 2 ){
+				return array[0];
+			}else{
+				return orgObjectName;
+			}
+		}
+		return null;
+	}
+
+	/**
+	 * 根据群组名称，查询群组内所有的人员标识<br/>
+	 * 2020-06-12 改为使用唯一标识查询<br/>
+	 *
 	 * @param groupName
 	 * @return
 	 * @throws Exception
@@ -472,19 +506,34 @@ public class UserManagerService {
 		}
 		try (EntityManagerContainer emc = EntityManagerContainerFactory.instance().create()) {
 			Business business = new Business(emc);
-			return business.organization().person().listWithGroup(groupName);
+
+			//2020-06-12 unitName可能有3段，可能有2段，统一使用中间的唯一标识来进行查询
+			String unique = getUniqueWithName( groupName );
+
+			return business.organization().person().listWithGroup( unique );
 		} catch (Exception e) {
 			throw e;
 		}
 	}
 
+	/**
+	 * 根据角色名称，查询角色成员内所有的人员标识<br/>
+	 * 2020-06-12 改为使用唯一标识查询<br/>
+	 * @param role
+	 * @return
+	 * @throws Exception
+	 */
 	public List<String> listPersonWithRole(String role) throws Exception {
 		if (StringUtils.isEmpty(role)) {
 			throw new Exception("role is empty!");
 		}
 		try (EntityManagerContainer emc = EntityManagerContainerFactory.instance().create()) {
 			Business business = new Business(emc);
-			return business.organization().person().listWithRole(role);
+
+			//2020-06-12 unitName可能有3段，可能有2段，统一使用中间的唯一标识来进行查询
+			String unique = getUniqueWithName( role );
+
+			return business.organization().person().listWithRole( unique );
 		} catch (Exception e) {
 			throw e;
 		}

o2server/x_cms_core_entity/src/main/java/com/x/cms/core/entity/Document.java

@@ -653,6 +653,13 @@ public class Document extends SliceJpaObject {
 		return this.authorGroupList;
 	}
 
+	public List<String> getManagerList() {
+		if (this.managerList == null) {
+			this.managerList = new ArrayList<>();
+		}
+		return this.managerList;
+	}
+
 	public void setReadPersonList(List<String> readPersonList) {
 		this.readPersonList = readPersonList;
 	}
@@ -677,73 +684,10 @@ public class Document extends SliceJpaObject {
 		this.authorGroupList = authorGroupList;
 	}
 
-	public List<String> getManagerList() {
-		if (this.managerList == null) {
-			this.managerList = new ArrayList<>();
-		}
-		return this.managerList;
-	}
-
 	public void setManagerList(List<String> managerList) {
 		this.managerList = managerList;
 	}
 
-	public void addReadPersonList(String readPerson) {
-		this.readPersonList = addStringToList(this.readPersonList, readPerson);
-	}
-
-	public void addReadUnitList(String readUnit) {
-		this.readUnitList = addStringToList(this.readUnitList, readUnit);
-	}
-
-	public void addReadGroupList(String readGroup) {
-		this.readGroupList = addStringToList(this.readGroupList, readGroup);
-	}
-
-	public void addAuthorPersonList(String authorPerson) {
-		this.authorPersonList = addStringToList(this.authorPersonList, authorPerson);
-	}
-
-	public void addAuthorUnitList(String authorUnit) {
-		this.authorUnitList = addStringToList(this.authorUnitList, authorUnit);
-	}
-
-	public void addAuthorGroupList(String authorGroup) {
-		this.authorGroupList = addStringToList(this.authorGroupList, authorGroup);
-	}
-
-	public void removeReadPersonList(String readPerson) {
-		this.readPersonList = addStringToList(this.readPersonList, readPerson);
-	}
-
-	public void removeReadUnitList(String readUnit) {
-		this.readUnitList = addStringToList(this.readUnitList, readUnit);
-	}
-
-	public void removeReadGroupList(String readGroup) {
-		this.readGroupList = addStringToList(this.readGroupList, readGroup);
-	}
-
-	public void removeAuthorPersonList(String authorPerson) {
-		removeStringFromList(this.authorPersonList, authorPerson);
-	}
-
-	public void removeAuthorUnitList(String authorUnit) {
-		removeStringFromList(this.authorUnitList, authorUnit);
-	}
-
-	public void removeAuthorGroupList(String authorGroup) {
-		removeStringFromList(this.authorGroupList, authorGroup);
-	}
-
-	public void addManagerList(String manager) {
-		addStringToList(this.managerList, manager);
-	}
-
-	public void removeManagerList(String manager) {
-		removeStringFromList(this.managerList, manager);
-	}
-
 	public String getImportBatchName() {
 		return importBatchName;
 	}
@@ -784,26 +728,6 @@ public class Document extends SliceJpaObject {
 		this.remindGroupList = remindGroupList;
 	}
 
-	private List<String> addStringToList(List<String> sourceList, String targetString) {
-		if (sourceList == null) {
-			sourceList = new ArrayList<>();
-		}
-		if (!sourceList.contains(targetString)) {
-			sourceList.add(targetString);
-		}
-		return sourceList;
-	}
-
-	private List<String> removeStringFromList(List<String> sourceList, String targetString) {
-		if (sourceList == null) {
-			sourceList = new ArrayList<>();
-		}
-		if (sourceList.contains(targetString)) {
-			sourceList.remove(targetString);
-		}
-		return sourceList;
-	}
-
 	public Boolean getReviewed() {
 		return reviewed;
 	}
@@ -918,6 +842,120 @@ public class Document extends SliceJpaObject {
 		this.sequenceCreatorUnitName = sequenceCreatorUnitName;
 	}
 
+	// -------------------Reader-------------------------
+	// -------------------2020-06-12 改为只存储DistinguishedName后两段，第一段可能会在运行过程中修改
+	public void addToReadPersonList(String readPerson) {
+		this.readPersonList = addStringToList(this.readPersonList, getShortTargetFlag( readPerson ));
+	}
+
+	public void addToReadUnitList(String readUnit) {
+		this.readUnitList = addStringToList(this.readUnitList, getShortTargetFlag( readUnit ));
+	}
+
+	public void addToReadGroupList(String readGroup) {
+		this.readGroupList = addStringToList(this.readGroupList, getShortTargetFlag( readGroup ));
+	}
+
+	// --------------------完整的标识要删除，并且也要删除只存储2段的标识
+	public void removeFromReadPersonList(String readPerson) {
+		removeStringFromList(this.readPersonList, readPerson);
+		removeStringFromList(this.readPersonList, getShortTargetFlag( readPerson ));
+	}
+
+	public void removeFromReadUnitList(String readUnit) {
+		removeStringFromList(this.readUnitList, readUnit);
+		removeStringFromList(this.readUnitList, getShortTargetFlag( readUnit ));
+	}
+
+	public void removeFromReadGroupList(String readGroup) {
+		removeStringFromList(this.readGroupList, readGroup);
+		removeStringFromList(this.readGroupList, getShortTargetFlag( readGroup ));
+	}
+
+	// -------------------Author-------------------------
+	// -------------------2020-06-12 改为只存储DistinguishedName后两段，第一段可能会在运行过程中修改
+	public void addToAuthorPersonList(String authorPerson) {
+		this.authorPersonList = addStringToList(this.authorPersonList, getShortTargetFlag( authorPerson ));
+	}
+
+	public void addToAuthorUnitList(String authorUnit) {
+		this.authorUnitList = addStringToList(this.authorUnitList, getShortTargetFlag( authorUnit ));
+	}
+
+	public void addToAuthorGroupList(String authorGroup) {
+		this.authorGroupList = addStringToList(this.authorGroupList, getShortTargetFlag( authorGroup ));
+	}
+
+	// --------------------完整的标识要删除，并且也要删除只存储2段的标识
+	public void removeFromAuthorPersonList(String authorPerson) {
+		removeStringFromList(this.authorPersonList, authorPerson);
+		removeStringFromList(this.authorPersonList, getShortTargetFlag( authorPerson ));
+	}
+
+	public void removeFromAuthorUnitList(String authorUnit) {
+		removeStringFromList(this.authorUnitList, authorUnit);
+		removeStringFromList(this.authorUnitList, getShortTargetFlag( authorUnit ));
+	}
+
+	public void removeFromAuthorGroupList(String authorGroup) {
+		removeStringFromList(this.authorGroupList, authorGroup);
+		removeStringFromList(this.authorGroupList, getShortTargetFlag( authorGroup ));
+	}
+
+	// -------------------Manager-------------------------
+	// -------------------2020-06-12 改为只存储DistinguishedName后两段，第一段可能会在运行过程中修改
+	public void addToManagerList(String manager) {
+		addStringToList(this.managerList, getShortTargetFlag( manager ));
+	}
+
+	// --------------------完整的标识要删除，并且也要删除只存储2段的标识
+	public void removeFromManagerList(String manager) {
+		removeStringFromList(this.managerList, manager);
+		removeStringFromList(this.managerList, getShortTargetFlag( manager ));
+	}
+
+	/**
+	 * 获取只取两段的组织、人员、群组名称distinguishedName标识，默认应该有3段，第一段变动比较频繁，不适合作为权限标识
+	 * @param distinguishedName
+	 * @return
+	 */
+	private String getShortTargetFlag(String distinguishedName) {
+		String target = null;
+		if( StringUtils.isNotEmpty( distinguishedName ) ){
+			String[] array = distinguishedName.split("@");
+			StringBuffer sb = new StringBuffer();
+			if( array.length == 3 ){
+				target = sb.append(array[1]).append("@").append(array[2]).toString();
+			}else if( array.length == 2 ){
+				//2段
+				target = sb.append(array[0]).append("@").append(array[1]).toString();
+			}else{
+				target = array[0];
+			}
+		}
+		return target;
+	}
+
+	private List<String> addStringToList(List<String> sourceList, String targetString) {
+		if (sourceList == null) {
+			sourceList = new ArrayList<>();
+		}
+		if (!sourceList.contains(targetString)) {
+			sourceList.add(targetString);
+		}
+		return sourceList;
+	}
+
+	private List<String> removeStringFromList(List<String> sourceList, String targetString ) {
+		if (sourceList == null) {
+			sourceList = new ArrayList<>();
+		}
+		if (sourceList.contains(targetString)) {
+			sourceList.remove(targetString);
+		}
+		return sourceList;
+	}
+
 	/**
 	 * 支持提供排序的列名
 	 */