内容管理管理员权限修改1

f10b34d8 · o2sword · 7a083dc2 · f10b34d8 · f10b34d8 · f10b34d8
26 changed file
--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/Business.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/Business.java
@@ -314,10 +314,6 @@ public class Business {

 	/**
 	 * 判断用户是否管理员权限
-	 * 1、person.isManager()
-	 * 2、xadmin
-	 * 3、CMSManager
-	 *
 	 * @param person
 	 * @return
 	 * @throws Exception
@@ -335,6 +331,25 @@ public class Business {
 		return false;
 	}

+	/**
+	 * 判断用户是否管理员权限
+	 * @param person
+	 * @return
+	 * @throws Exception
+	 */
+	public boolean isCreatorManager(EffectivePerson person) throws Exception {
+		// 如果用户的身份是平台的超级管理员，那么就是超级管理员权限
+		if ( person.isManager() ) {
+			return true;
+		} else {
+			if (organization().person().hasRole(person, OrganizationDefinition.Manager,
+					OrganizationDefinition.CMSManager, OrganizationDefinition.CMSCreator)) {
+				return true;
+			}
+		}
+		return false;
+	}
+
 	/**
 	 * 是否是栏目管理员
 	 * @param person
@@ -368,6 +383,41 @@ public class Business {
 		return false;
 	}

+	/**
+	 * 是否是栏目创建管理员
+	 * @param person
+	 * @param appInfo
+	 * @return
+	 * @throws Exception
+	 */
+	public boolean isAppCreatorManager(EffectivePerson person, AppInfo appInfo) throws Exception {
+		if(appInfo != null){
+			if (isManager(person)) {
+				return true;
+			}
+			if (ListTools.isNotEmpty(appInfo.getManageablePersonList())) {
+				if (appInfo.getManageablePersonList().contains(person.getDistinguishedName())) {
+					return true;
+				}
+			}
+			if (ListTools.isNotEmpty(appInfo.getManageableUnitList())) {
+				List<String> unitNames = this.organization().unit().listWithPersonSupNested(person.getDistinguishedName());
+				if (ListTools.containsAny(unitNames, appInfo.getManageableUnitList())) {
+					return true;
+				}
+			}
+			if (ListTools.isNotEmpty(appInfo.getManageableGroupList())) {
+				List<String> groupNames = this.organization().group().listWithPerson(person.getDistinguishedName());
+				if (ListTools.containsAny(groupNames, appInfo.getManageableGroupList())) {
+					return true;
+				}
+			}
+		}else if (isCreatorManager(person)) {
+			return true;
+		}
+		return false;
+	}
+
 	/**
 	 * TODO (uncomplete)判断用户是否有权限进行：[表单模板管理]操作
 	 *

--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/factory/ViewFactory.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/factory/ViewFactory.java
--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/appdictdesign/ActionCreate.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/appdictdesign/ActionCreate.java
@@ -13,9 +13,11 @@ import com.x.base.core.entity.dataitem.ItemCategory;
 import com.x.base.core.project.bean.WrapCopier;
 import com.x.base.core.project.bean.WrapCopierFactory;
 import com.x.base.core.project.cache.CacheManager;
+import com.x.base.core.project.exception.ExceptionAccessDenied;
 import com.x.base.core.project.http.ActionResult;
 import com.x.base.core.project.http.EffectivePerson;
 import com.x.base.core.project.jaxrs.WoId;
+import com.x.cms.assemble.control.Business;
 import com.x.cms.core.entity.AppInfo;
 import com.x.cms.core.entity.element.AppDict;
 import com.x.cms.core.entity.element.AppDictItem;
@@ -30,6 +32,11 @@ class ActionCreate extends BaseAction {
 			if (null == appInfo) {
 				throw new ExceptionAppDictNotExisted(wi.getAppId());
 			}
+			Business business = new Business(emc);
+			if (!business.isAppInfoManager(effectivePerson, appInfo)) {
+				throw new ExceptionAccessDenied(effectivePerson);
+			}
+
 			emc.beginTransaction(AppDict.class);
 			emc.beginTransaction(AppDictItem.class);
 			//emc.beginTransaction(AppDictLobItem.class);
@@ -78,4 +85,4 @@ class ActionCreate extends BaseAction {

 	}

-}
\ No newline at end of file
+}
--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/appdictdesign/ActionDelete.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/appdictdesign/ActionDelete.java
@@ -6,6 +6,7 @@ import com.x.base.core.container.EntityManagerContainer;
 import com.x.base.core.container.factory.EntityManagerContainerFactory;
 import com.x.base.core.entity.annotation.CheckRemoveType;
 import com.x.base.core.project.cache.CacheManager;
+import com.x.base.core.project.exception.ExceptionAccessDenied;
 import com.x.base.core.project.http.ActionResult;
 import com.x.base.core.project.http.EffectivePerson;
 import com.x.base.core.project.jaxrs.WoId;
@@ -25,12 +26,8 @@ class ActionDelete extends BaseAction {
 				throw new ExceptionAppDictNotExisted(id);
 			}
 			AppInfo appInfo = emc.find(dict.getAppId(), AppInfo.class);
-			if (null == appInfo) {
-				throw new ExceptionAppInfoNotExist(dict.getAppId());
-			}
-			if (!business.editable(effectivePerson, appInfo)) {
-				throw new ExceptionAppInfoAccessDenied(effectivePerson.getDistinguishedName(),
-						appInfo.getAppName(), appInfo.getId());
+			if (!business.isAppInfoManager(effectivePerson, appInfo)) {
+				throw new ExceptionAccessDenied(effectivePerson);
 			}
 			List<String> ids = business.getAppDictItemFactory().listWithAppDict(id);
 			this.delete_batch(emc, ids);
@@ -64,4 +61,4 @@ class ActionDelete extends BaseAction {
 	public static class Wo extends WoId {
 	}

-}
\ No newline at end of file
+}
--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/appdictdesign/ActionEdit.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/appdictdesign/ActionEdit.java
@@ -13,6 +13,7 @@ import com.x.base.core.entity.dataitem.ItemCategory;
 import com.x.base.core.project.bean.WrapCopier;
 import com.x.base.core.project.bean.WrapCopierFactory;
 import com.x.base.core.project.cache.CacheManager;
+import com.x.base.core.project.exception.ExceptionAccessDenied;
 import com.x.base.core.project.http.ActionResult;
 import com.x.base.core.project.http.EffectivePerson;
 import com.x.base.core.project.jaxrs.WoId;
@@ -36,13 +37,12 @@ class ActionEdit extends BaseAction {
 			if (null == appInfo) {
 				throw new ExceptionAppInfoNotExist(wi.getAppId());
 			}
-			if (!business.editable(effectivePerson, appInfo)) {
-				throw new ExceptionAppInfoAccessDenied(effectivePerson.getDistinguishedName(),
-						appInfo.getAppName(), appInfo.getId());
+			if (!business.isAppInfoManager(effectivePerson, appInfo)) {
+				throw new ExceptionAccessDenied(effectivePerson);
 			}
+
 			emc.beginTransaction(AppDict.class);
 			emc.beginTransaction(AppDictItem.class);
-			// emc.beginTransaction(AppDictLobItem.class);
 			Wi.copier.copy(wi, dict);
 			dict.setAppId(appInfo.getId());
 			emc.check(dict, CheckPersistType.all);
@@ -95,4 +95,4 @@ class ActionEdit extends BaseAction {

 	}

-}
\ No newline at end of file
+}
--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/appinfo/ActionAppIconUpload.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/appinfo/ActionAppIconUpload.java
 package com.x.cms.assemble.control.jaxrs.appinfo;

-import java.awt.image.BufferedImage;
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.List;
-
-import javax.imageio.ImageIO;
-import javax.servlet.http.HttpServletRequest;
-
-import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.lang3.StringUtils;
-import org.glassfish.jersey.media.multipart.FormDataContentDisposition;
-import org.imgscalr.Scalr;
-
-import com.x.base.core.project.annotation.AuditLog;
 import com.x.base.core.project.cache.CacheManager;
+import com.x.base.core.project.exception.ExceptionAccessDenied;
+import com.x.base.core.project.exception.ExceptionEntityNotExist;
 import com.x.base.core.project.http.ActionResult;
 import com.x.base.core.project.http.EffectivePerson;
 import com.x.base.core.project.http.WrapOutId;
 import com.x.base.core.project.logger.Logger;
 import com.x.base.core.project.logger.LoggerFactory;
 import com.x.base.core.project.tools.ImageTools;
-import com.x.cms.assemble.control.jaxrs.fileinfo.URLParameterGetException;
-import com.x.cms.common.image.maincolor.ImageMainColorUtil;
+import com.x.cms.assemble.control.Business;
 import com.x.cms.core.entity.AppInfo;
+import org.apache.commons.codec.binary.Base64;
+import org.imgscalr.Scalr;
+
+import javax.imageio.ImageIO;
+import java.awt.image.BufferedImage;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;

+/**
+ * 修改栏目图标
+ * @author sword
+ */
 public class ActionAppIconUpload extends BaseAction {
-	
+
 	private static Logger logger = LoggerFactory.getLogger(ActionAppIconUpload.class);

-	@AuditLog(operation = "上传栏目图标")
-	protected ActionResult<Wo> execute( HttpServletRequest request, EffectivePerson effectivePerson, 
-			String appId, Integer size, byte[] bytes, FormDataContentDisposition disposition) {
+	protected ActionResult<Wo> execute(EffectivePerson effectivePerson, String appId,
+									   Integer size, byte[] bytes) throws Exception {
 		ActionResult<Wo> result = new ActionResult<>();
-		AppInfo appInfo = null;
-		ImageMainColorUtil imageUtil = new ImageMainColorUtil();
-		List<String> colorList = null;
-		String iconMainColor = null;
-		String base64 = null;
-		Boolean check = true;
-
 		if( size == null|| size== 0 ){
 			size = 72;
 		}

-		if( check ){
-			if( StringUtils.isEmpty(appId) ){
-				check = false;
-				Exception exception = new URLParameterGetException( new Exception("appId can not be empty!") );
-				result.error( exception );
-			}
+		AppInfo appInfo = appInfoServiceAdv.get( appId );
+		if (null == appInfo) {
+			throw new ExceptionEntityNotExist(appId);
 		}
-		
-		if( check ){//判断栏目信息是否已经存在
-			try {
-				appInfo = appInfoServiceAdv.get( appId );
-				if (null == appInfo) {
-					check = false;
-					Exception exception = new ExceptionAppInfoNotExists( appId );
-					result.error( exception );
-				}
-			} catch (Exception e) {
-				check = false;
-				result.error( e );
-				logger.error( e, effectivePerson, request, null );
-			}
+
+		Business business = new Business(null);
+		if (!business.isAppInfoManager(effectivePerson, appInfo)) {
+			throw new ExceptionAccessDenied(effectivePerson);
 		}
-		
-		if( check ){
-			ByteArrayOutputStream baos = new ByteArrayOutputStream();
-			try ( InputStream input = new ByteArrayInputStream(bytes)) {
-				BufferedImage image = ImageIO.read(input);
-				int height = image.getHeight(null);
-				int width = image.getWidth(null);
-				//计算新的宽高
-				double step = 0;
-				if(height > width ) {
-					if( height > size ) {
-						step = (double)size/(double)height;
-						height = size;
-						width = (int)(width * step);
-					}
-				}else {
-					if( width > size ) {
-						step = (double)size/(double)width;
-						width = size;
-						height = (int)(height * step);
-					}
+
+		try ( InputStream input = new ByteArrayInputStream(bytes);
+			  ByteArrayOutputStream bos = new ByteArrayOutputStream()) {
+			BufferedImage image = ImageIO.read(input);
+			int height = image.getHeight(null);
+			int width = image.getWidth(null);
+			//计算新的宽高
+			double step = 0;
+			if(height > width ) {
+				if( height > size ) {
+					step = (double)size/(double)height;
+					height = size;
+					width = (int)(width * step);
+				}
+			}else {
+				if( width > size ) {
+					step = (double)size/(double)width;
+					width = size;
+					height = (int)(height * step);
 				}
-				//先取图片主色调
-				/*colorList = imageUtil.getColorSolution( image, 30, 1);
-				if( ListTools.isNotEmpty( colorList ) ){
-					iconMainColor = colorList.get(0);
-				}*/
-				image = Scalr.resize(image, Scalr.Method.SPEED, Scalr.Mode.FIT_TO_WIDTH, width, height, Scalr.OP_ANTIALIAS);
+			}
+			image = Scalr.resize(image, Scalr.Method.SPEED, Scalr.Mode.FIT_TO_WIDTH, width, height, Scalr.OP_ANTIALIAS);

-				iconMainColor = ImageTools.hue(image);
+			String iconMainColor = ImageTools.hue(image);

-				//再获取图片base64编码信息
-				ImageIO.write(image, "png", baos);
-				base64 = Base64.encodeBase64String(baos.toByteArray());
-			} catch (IOException e) {
-				check = false;
-				result.error( e );
-				logger.error( e, effectivePerson, request, null );
-			}
-		}
-		
-		if( check ){
-			try {
-				appInfoServiceAdv.saveAppInfoIcon( appId, base64, iconMainColor );
-				CacheManager.notify( AppInfo.class );
-			} catch (Exception e) {
-				check = false;
-				result.error( e );
-				logger.error( e, effectivePerson, request, null );
-			}
+			//再获取图片base64编码信息
+			ImageIO.write(image, "png", bos);
+			String base64 = Base64.encodeBase64String(bos.toByteArray());
+
+			appInfoServiceAdv.saveAppInfoIcon( appId, base64, iconMainColor );
+			CacheManager.notify( AppInfo.class );
 		}
-		
+
 		return result;
 	}
-	
+
 	public static class Wo extends WrapOutId {
-		
+
 	}
 }
--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/appinfo/ActionDelete.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/appinfo/ActionDelete.java
@@ -35,15 +35,16 @@ public class ActionDelete extends BaseAction {
 		Boolean check = true;

 		Business business = new Business(null);
-		if (!business.isManager( effectivePerson)) {
-			throw new ExceptionAccessDenied(effectivePerson);
-		}

 		AppInfo appInfo = appInfoServiceAdv.get( id );
 		if( appInfo == null ){
 			throw new ExceptionAppInfoNotExists( id );
 		}

+		if (!business.isAppInfoManager(effectivePerson, appInfo)) {
+			throw new ExceptionAccessDenied(effectivePerson);
+		}
+
 		Long count = 0L;
 		try {
 			count = appInfoServiceAdv.countCategoryByAppId( id, "全部" );

--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/appinfo/ActionSave.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/appinfo/ActionSave.java
@@ -53,7 +53,7 @@ public class ActionSave extends BaseAction {
 		}
 		AppInfo old_appInfo = appInfoServiceAdv.get( wi.getId() );

-		if (!business.isAppInfoManager( effectivePerson, old_appInfo)) {
+		if (!business.isAppCreatorManager( effectivePerson, old_appInfo)) {
 			throw new ExceptionAccessDenied(effectivePerson);
 		}


--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/appinfo/ActionSaveConfig.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/appinfo/ActionSaveConfig.java
 package com.x.cms.assemble.control.jaxrs.appinfo;

-import javax.servlet.http.HttpServletRequest;
-
-import org.apache.commons.lang3.StringUtils;
-
 import com.google.gson.JsonElement;
-import com.x.base.core.project.annotation.AuditLog;
 import com.x.base.core.project.cache.CacheManager;
+import com.x.base.core.project.exception.ExceptionAccessDenied;
 import com.x.base.core.project.http.ActionResult;
 import com.x.base.core.project.http.EffectivePerson;
 import com.x.base.core.project.jaxrs.WoId;
 import com.x.base.core.project.logger.Logger;
 import com.x.base.core.project.logger.LoggerFactory;
+import com.x.cms.assemble.control.Business;
 import com.x.cms.core.entity.AppInfo;
 import com.x.cms.core.entity.AppInfoConfig;
+import org.apache.commons.lang3.StringUtils;

+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * 保存栏目配置支持信息
+ * @author sword
+ */
 public class ActionSaveConfig extends BaseAction {

 	private static  Logger logger = LoggerFactory.getLogger(ActionSaveConfig.class);

-	@AuditLog(operation = "保存栏目配置支持信息")
 	protected ActionResult<Wo> execute(HttpServletRequest request, EffectivePerson effectivePerson, String appId, JsonElement jsonElement ) throws Exception {
 		ActionResult<Wo> result = new ActionResult<>();

-		AppInfoConfig appInfoConfig = null;
 		String config = jsonElement.toString();
-		Boolean check = true;
-		
-		if (check) {
-			if ( StringUtils.isEmpty( appId ) ) {
-				check = false;
-				Exception exception = new ExceptionAppInfoIdEmpty();
-				result.error(exception);
-			}
+
+		AppInfo appInfo = appInfoServiceAdv.get( appId );
+		if( appInfo == null ){
+			throw new ExceptionAppInfoNotExists( appId );
 		}

-		if (check) {
-			try {
+		Business business = new Business(null);
+		if (!business.isAppInfoManager(effectivePerson, appInfo)) {
+			throw new ExceptionAccessDenied(effectivePerson);
+		}

-				appInfoConfig = appInfoServiceAdv.saveConfig( appId, config, effectivePerson );
+		AppInfoConfig appInfoConfig = appInfoServiceAdv.saveConfig( appId, config, effectivePerson );

-				Wo wo = new Wo();
-				wo.setId( appInfoConfig.getId() );
-				result.setData( wo );
-				
-				// 更新缓存
-				CacheManager.notify( AppInfo.class );
+		Wo wo = new Wo();
+		wo.setId( appInfoConfig.getId() );
+		result.setData( wo );

-			} catch (Exception e) {
-				check = false;
-				Exception exception = new ExceptionAppInfoProcess(e, "应用栏目配置支持信息保存时发生异常。");
-				result.error(exception);
-				logger.error(e, effectivePerson, request, null);
-			}
-		}
+		// 更新缓存
+		CacheManager.notify( AppInfo.class );
 		return result;
 	}

 	public static class Wo extends WoId {

 	}
-	
-}
\ No newline at end of file
+
+}
--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/appinfo/AppInfoAction.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/appinfo/AppInfoAction.java
@@ -604,7 +604,7 @@ public class AppInfoAction extends StandardJaxrsAction {
 		ActionResult<ActionAppIconUpload.Wo> result = new ActionResult<>();
 		EffectivePerson effectivePerson = this.effectivePerson(request);
 		try {
-			result = new ActionAppIconUpload().execute(request, effectivePerson, appId, size, bytes, disposition );
+			result = new ActionAppIconUpload().execute(effectivePerson, appId, size, bytes);
 		} catch (Exception e) {
 			logger.error(e, effectivePerson, request, null);
 			result.error(e);

--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/categoryinfo/ActionDelete.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/categoryinfo/ActionDelete.java
@@ -2,6 +2,9 @@ package com.x.cms.assemble.control.jaxrs.categoryinfo;

 import javax.servlet.http.HttpServletRequest;

+import com.x.base.core.project.exception.ExceptionAccessDenied;
+import com.x.base.core.project.exception.ExceptionEntityNotExist;
+import com.x.cms.assemble.control.Business;
 import org.apache.commons.lang3.StringUtils;

 import com.x.base.core.project.annotation.AuditLog;
@@ -18,70 +21,48 @@ import com.x.cms.core.entity.AppInfo;
 import com.x.cms.core.entity.CategoryInfo;
 import com.x.cms.core.entity.element.ViewCategory;

+/**
+ * 删除分类
+ * @author sword
+ */
 public class ActionDelete extends BaseAction {

 	private static  Logger logger = LoggerFactory.getLogger(ActionDelete.class);

-	@AuditLog(operation = "删除分类")
 	protected ActionResult<Wo> execute(HttpServletRequest request, String id, EffectivePerson effectivePerson) throws Exception {
 		ActionResult<Wo> result = new ActionResult<>();
-		CategoryInfo categoryInfo = null;
-		Boolean check = true;

-		if ( StringUtils.isEmpty( id )) {
-			check = false;
-			Exception exception = new ExceptionIdEmpty();
-			result.error(exception);
+		CategoryInfo categoryInfo = categoryInfoServiceAdv.get(id);
+		if (categoryInfo == null) {
+			throw new ExceptionEntityNotExist(id);
 		}
-		if (check) {
-			try {
-				categoryInfo = categoryInfoServiceAdv.get(id);
-				if (categoryInfo == null) {
-					check = false;
-					Exception exception = new ExceptionCategoryInfoNotExists(id);
-					result.error(exception);
-				}
-			} catch (Exception e) {
-				check = false;
-				Exception exception = new ExceptionCategoryInfoProcess(e, "根据ID查询分类信息对象时发生异常。ID:" + id);
-				result.error(exception);
-				logger.error(e, effectivePerson, request, null);
-			}
+		AppInfo appInfo = appInfoServiceAdv.get(categoryInfo.getAppId());
+		Business business = new Business(null);
+		if (!business.isAppInfoManager(effectivePerson, appInfo)) {
+			throw new ExceptionAccessDenied(effectivePerson);
 		}

-		if (check) {
-			Long count = documentServiceAdv.countByCategoryId( id );
-			if ( count > 0 ) {
-				check = false;
-				Exception exception = new ExceptionEditNotAllowed(count);
-				result.error(exception);
-			}
+		Long count = documentServiceAdv.countByCategoryId( id );
+		if ( count > 0 ) {
+			throw new ExceptionEditNotAllowed(count);
 		}

-		if (check) {
-			try {
-				categoryInfoServiceAdv.delete( id, effectivePerson );
+		categoryInfoServiceAdv.delete( id, effectivePerson );

-				Wo wo = new Wo();
-				wo.setId( categoryInfo.getId() );
-				result.setData( wo );
+		Wo wo = new Wo();
+		wo.setId( categoryInfo.getId() );
+		result.setData( wo );

-				//增加删除栏目批量操作（对分类和文档）的信息
-				new CmsBatchOperationPersistService().addOperation(
-						CmsBatchOperationProcessService.OPT_OBJ_CATEGORY,
-						CmsBatchOperationProcessService.OPT_TYPE_DELETE, id, id, "删除分类：ID=" + id );
+		//增加删除栏目批量操作（对分类和文档）的信息
+		new CmsBatchOperationPersistService().addOperation(
+				CmsBatchOperationProcessService.OPT_OBJ_CATEGORY,
+				CmsBatchOperationProcessService.OPT_TYPE_DELETE, id, id, "删除分类：ID=" + id );

-				new LogService().log(null, effectivePerson.getDistinguishedName(), categoryInfo.getAppName() + "-" + categoryInfo.getCategoryName(), id, "", "", "", "CATEGORY", "删除");
+		new LogService().log(null, effectivePerson.getDistinguishedName(), categoryInfo.getAppName() + "-" + categoryInfo.getCategoryName(), id, "", "", "", "CATEGORY", "删除");

-				CacheManager.notify( AppInfo.class );
-				CacheManager.notify( CategoryInfo.class );
-				CacheManager.notify( ViewCategory.class );
-			} catch (Exception e) {
-				Exception exception = new ExceptionCategoryInfoProcess(e, "分类信息在删除时发生异常。ID:" + id);
-				result.error(exception);
-				logger.error(e, effectivePerson, request, null);
-			}
-		}
+		CacheManager.notify( AppInfo.class );
+		CacheManager.notify( CategoryInfo.class );
+		CacheManager.notify( ViewCategory.class );
 		return result;
 	}


--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/categoryinfo/ActionSave.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/categoryinfo/ActionSave.java
@@ -5,6 +5,8 @@ import java.util.List;

 import javax.servlet.http.HttpServletRequest;

+import com.x.base.core.project.exception.ExceptionAccessDenied;
+import com.x.cms.assemble.control.Business;
 import org.apache.commons.lang3.StringUtils;

 import com.google.gson.JsonElement;
@@ -28,39 +30,36 @@ import com.x.cms.core.entity.Document;
 import com.x.cms.core.entity.element.ViewCategory;


+/**
+ * 保存分类信息
+ * @author sword
+ */
 public class ActionSave extends BaseAction {

 	private static  Logger logger = LoggerFactory.getLogger(ActionSave.class);

-	@AuditLog(operation = "保存分类信息")
 	protected ActionResult<Wo> execute(HttpServletRequest request, EffectivePerson effectivePerson, JsonElement jsonElement) throws Exception {
 		ActionResult<Wo> result = new ActionResult<>();
-		String identityName = null;
 		String unitName = null;
 		String topUnitName = null;
-		Wi wi = null;
-		AppInfo appInfo = null;
 		CategoryInfo old_categoryInfo = null;
 		CategoryInfo categoryInfo = null;
 		Boolean check = true;

-		try {
-			wi = this.convertToWrapIn( jsonElement, Wi.class );
-			identityName = wi.getIdentity();
-		} catch (Exception e) {
-			check = false;
-			Exception exception = new ExceptionCategoryInfoProcess(e, "系统在将JSON信息转换为对象时发生异常。JSON:" + jsonElement.toString());
-			result.error(exception);
-			logger.error(e, effectivePerson, request, null);
+		Wi wi = this.convertToWrapIn( jsonElement, Wi.class );
+		String identityName = wi.getIdentity();
+		if(StringUtils.isBlank(wi.getAppId())){
+			throw new ExceptionAppIdEmpty();
 		}

-		//判断用户是否有权限来进行分类的管理
-		if (check) {
-			if( !userManagerService.hasCategoryManagerPermission( effectivePerson, wi.getAppId() ) ){
-				check = false;
-				Exception exception = new ExceptionCategoryInfoProcess("用户操作权限不足，无法在此栏目中管理分类信息。" );
-				result.error(exception);
-			}
+		AppInfo appInfo = appInfoServiceAdv.get(wi.getAppId());
+		if(appInfo == null){
+			throw new ExceptionAppInfoNotExists(wi.getAppId());
+		}
+
+		Business business = new Business(null);
+		if (!business.isAppInfoManager(effectivePerson, appInfo)) {
+			throw new ExceptionAccessDenied(effectivePerson);
 		}

 		if (check) {
@@ -115,21 +114,6 @@ public class ActionSave extends BaseAction {
 				logger.error(e, effectivePerson, request, null);
 			}
 		}
-		if( check ){
-			try {
-				appInfo = appInfoServiceAdv.getWithFlag( wi.getAppId() );
-				if( appInfo == null ){
-					check = false;
-					Exception exception = new ExceptionAppInfoNotExists( wi.getAppId() );
-					result.error( exception );
-				}
-			} catch (Exception e) {
-				check = false;
-				Exception exception = new ExceptionCategoryInfoProcess( e, "根据指定flag查询应用栏目信息对象时发生异常。flag:" + wi.getAppId() );
-				result.error( exception );
-				logger.error( e, effectivePerson, request, null);
-			}
-		}
 		if (check) {
 			if( StringUtils.isEmpty( wi.getId() )) {
 				wi.setId( CategoryInfo.createId() );

--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/file/ActionDelete.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/file/ActionDelete.java
@@ -26,7 +26,7 @@ class ActionDelete extends BaseAction {
 			if (null == application) {
 				throw new ExceptionEntityNotExist(file.getAppId(), AppInfo.class);
 			}
-			if (!business.editable(effectivePerson, application)) {
+			if (!business.isAppInfoManager(effectivePerson, application)) {
 				throw new ExceptionAccessDenied(effectivePerson.getDistinguishedName());
 			}
 			emc.beginTransaction(File.class);

--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/file/ActionEdit.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/file/ActionEdit.java
@@ -36,7 +36,7 @@ class ActionEdit extends BaseAction {
 			if (null == application) {
 				throw new ExceptionEntityNotExist(wi.getAppId(), AppInfo.class);
 			}
-			if ((!business.editable(effectivePerson, application))) {
+			if ((!business.isAppInfoManager(effectivePerson, application))) {
 				throw new ExceptionAccessDenied(effectivePerson.getDistinguishedName());
 			}
 			Wi.copier.copy(wi, file);

--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/file/ActionUpload.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/file/ActionUpload.java
@@ -27,11 +27,11 @@ class ActionUpload extends BaseAction {
 			if (null == file) {
 				throw new ExceptionEntityNotExist(id, File.class);
 			}
-			AppInfo application = emc.find(file.getAppId(), AppInfo.class);
-			if (null == application) {
+			AppInfo appInfo = emc.find(file.getAppId(), AppInfo.class);
+			if (null == appInfo) {
 				throw new ExceptionEntityNotExist(file.getAppId(), AppInfo.class);
 			}
-			if ((!business.editable(effectivePerson, application))) {
+			if ((!business.isAppInfoManager(effectivePerson, appInfo))) {
 				throw new ExceptionAccessDenied(effectivePerson.getDistinguishedName());
 			}
 			emc.beginTransaction(File.class);
@@ -54,4 +54,4 @@ class ActionUpload extends BaseAction {
 	public static class Wo extends WrapBoolean {

 	}
-}
\ No newline at end of file
+}
--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/form/ActionDelete.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/form/ActionDelete.java
@@ -21,9 +21,12 @@ import com.x.cms.core.entity.element.View;
 import com.x.cms.core.entity.element.ViewCategory;
 import com.x.cms.core.entity.element.ViewFieldConfig;

+/**
+ * 删除表单
+ * @author sword
+ */
 public class ActionDelete extends BaseAction {

-	@AuditLog(operation = "删除表单")
 	protected ActionResult<WrapOutId> execute( HttpServletRequest request, EffectivePerson effectivePerson, String id ) throws Exception {
 		ActionResult<WrapOutId> result = new ActionResult<>();
 		WrapOutId wrap = null;
@@ -34,9 +37,6 @@ public class ActionDelete extends BaseAction {
 				throw new ExceptionFormNotExist(id);
 			}
 			AppInfo appInfo = emc.find(form.getAppId(), AppInfo.class);
-			if(appInfo == null){
-				throw new ExceptionAppInfoNotExist(form.getAppId());
-			}
 			if (!business.isAppInfoManager( effectivePerson, appInfo)) {
 				throw new ExceptionAccessDenied(effectivePerson);
 			}

--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/script/ActionCreate.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/script/ActionCreate.java
@@ -11,10 +11,12 @@ import com.x.base.core.container.factory.EntityManagerContainerFactory;
 import com.x.base.core.entity.annotation.CheckPersistType;
 import com.x.base.core.project.annotation.FieldDescribe;
 import com.x.base.core.project.cache.CacheManager;
+import com.x.base.core.project.exception.ExceptionAccessDenied;
 import com.x.base.core.project.gson.GsonPropertyObject;
 import com.x.base.core.project.http.ActionResult;
 import com.x.base.core.project.http.EffectivePerson;
 import com.x.base.core.project.jaxrs.WoId;
+import com.x.cms.assemble.control.Business;
 import com.x.cms.assemble.control.ExceptionWrapInConvert;
 import com.x.cms.core.entity.AppInfo;
 import com.x.cms.core.entity.Log;
@@ -25,77 +27,68 @@ class ActionCreate extends BaseAction {
 	ActionResult<Wo> execute( HttpServletRequest request, EffectivePerson effectivePerson, JsonElement jsonElement )
 			throws Exception {
 		ActionResult<Wo> result = new ActionResult<>();
-		Wi wrapIn = null;
-		Boolean check = true;
-		
-		try {
-			wrapIn = this.convertToWrapIn( jsonElement, Wi.class );
-		} catch (Exception e ) {
-			check = false;
-			Exception exception = new ExceptionWrapInConvert( e, jsonElement );
-			result.error( exception );
-			e.printStackTrace();
-		}
-		
-		if ( check && wrapIn != null) {
-			try (EntityManagerContainer emc = EntityManagerContainerFactory.instance().create()) {
-				AppInfo appInfo = emc.find(wrapIn.getAppId(), AppInfo.class);
-				if (null == appInfo) {
-					throw new Exception("[post]appinfo{id:" + wrapIn.getAppId() + "} not existed.");
-				}
-				emc.beginTransaction(Script.class);
-				Script script = new Script();
-				wrapIn.copyTo( script );
-				script.setCreatorPerson( effectivePerson.getDistinguishedName());
-				script.setLastUpdatePerson( effectivePerson.getDistinguishedName());
-				script.setLastUpdateTime(new Date());
-				emc.persist(script, CheckPersistType.all);
-				emc.commit();
-				// 清除所有的Script缓存
-				CacheManager.notify(Script.class);
-
-				// 记录日志
-				emc.beginTransaction(Log.class);
-				logService.log(emc, effectivePerson.getDistinguishedName(), script.getName(), script.getAppId(), "", "", script.getId(), "SCRIPT", "新增");
-				emc.commit();
-				
-				Wo wo = new Wo();
-				wo.setId( script.getId() );
-				result.setData(wo);
+		Wi wrapIn = this.convertToWrapIn( jsonElement, Wi.class );
+		try (EntityManagerContainer emc = EntityManagerContainerFactory.instance().create()) {
+			AppInfo appInfo = emc.find(wrapIn.getAppId(), AppInfo.class);
+			if (null == appInfo) {
+				throw new ExceptionAppInfoNotExists(wrapIn.getAppId());
 			}
+			Business business = new Business(emc);
+			if (!business.isAppInfoManager(effectivePerson, appInfo)) {
+				throw new ExceptionAccessDenied(effectivePerson);
+			}
+			emc.beginTransaction(Script.class);
+			Script script = new Script();
+			wrapIn.copyTo( script );
+			script.setCreatorPerson( effectivePerson.getDistinguishedName());
+			script.setLastUpdatePerson( effectivePerson.getDistinguishedName());
+			script.setLastUpdateTime(new Date());
+			emc.persist(script, CheckPersistType.all);
+			emc.commit();
+			// 清除所有的Script缓存
+			CacheManager.notify(Script.class);
+
+			// 记录日志
+			emc.beginTransaction(Log.class);
+			logService.log(emc, effectivePerson.getDistinguishedName(), script.getName(), script.getAppId(), "", "", script.getId(), "SCRIPT", "新增");
+			emc.commit();
+
+			Wo wo = new Wo();
+			wo.setId( script.getId() );
+			result.setData(wo);
 		}
 		return result;
 	}
-	
+
 	public class Wi extends GsonPropertyObject {

 		@FieldDescribe("创建时间.")
 		private Date createTime;
-		
+
 		@FieldDescribe("更新时间.")
 		private Date updateTime;
-		
+
 		@FieldDescribe("ID.")
 		private String id;
-		
+
 		@FieldDescribe("脚本名称.")
 		private String name;
-		
+
 		@FieldDescribe("脚本别名.")
 		private String alias;
-		
+
 		@FieldDescribe("脚本说明.")
 		private String description;
-		
+
 		@FieldDescribe("是否验证成功.")
 		private Boolean validated;
-		
+
 		@FieldDescribe("所属栏目ID.")
 		private String appId;
-		
+
 		@FieldDescribe("脚本内容.")
 		private String text;
-		
+
 		@FieldDescribe("依赖的脚本ID列表.")
 		private List<String> dependScriptList;

@@ -180,7 +173,7 @@ class ActionCreate extends BaseAction {
 		}

 	}
-	
+
 	public static class Wo extends WoId {

 	}

--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/script/ActionDelete.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/script/ActionDelete.java
@@ -4,9 +4,12 @@ import com.x.base.core.container.EntityManagerContainer;
 import com.x.base.core.container.factory.EntityManagerContainerFactory;
 import com.x.base.core.entity.annotation.CheckRemoveType;
 import com.x.base.core.project.cache.CacheManager;
+import com.x.base.core.project.exception.ExceptionAccessDenied;
 import com.x.base.core.project.http.ActionResult;
 import com.x.base.core.project.http.EffectivePerson;
 import com.x.base.core.project.jaxrs.WoId;
+import com.x.cms.assemble.control.Business;
+import com.x.cms.core.entity.AppInfo;
 import com.x.cms.core.entity.Log;
 import com.x.cms.core.entity.element.Script;

@@ -19,6 +22,11 @@ class ActionDelete extends BaseAction {
 			if (null == script) {
 				throw new Exception("script{id:" + id + "} not existed.");
 			}
+			AppInfo appInfo = emc.find(script.getAppId(), AppInfo.class);
+			Business business = new Business(emc);
+			if (!business.isAppInfoManager(effectivePerson, appInfo)) {
+				throw new ExceptionAccessDenied(effectivePerson);
+			}
 			emc.beginTransaction(Script.class);
 			emc.remove(script, CheckRemoveType.all);
 			emc.commit();
@@ -29,7 +37,7 @@ class ActionDelete extends BaseAction {
 			emc.beginTransaction(Log.class);
 			logService.log(emc, effectivePerson.getDistinguishedName(), script.getName(), script.getAppId(), "", "", script.getId(), "SCRIPT", "删除");
 			emc.commit();
-			
+
 			Wo wo = new Wo();
 			wo.setId( script.getId() );
 			result.setData(wo);
@@ -40,7 +48,7 @@ class ActionDelete extends BaseAction {
 		}
 		return result;
 	}
-	
+
 	public static class Wo extends WoId {

 	}

--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/script/ActionUpdate.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/script/ActionUpdate.java
 package com.x.cms.assemble.control.jaxrs.script;

-import java.util.Date;
-import java.util.List;
-
 import com.google.gson.JsonElement;
 import com.x.base.core.container.EntityManagerContainer;
 import com.x.base.core.container.factory.EntityManagerContainerFactory;
 import com.x.base.core.entity.JpaObject;
 import com.x.base.core.project.annotation.FieldDescribe;
 import com.x.base.core.project.cache.CacheManager;
+import com.x.base.core.project.exception.ExceptionAccessDenied;
+import com.x.base.core.project.exception.ExceptionEntityNotExist;
 import com.x.base.core.project.gson.GsonPropertyObject;
 import com.x.base.core.project.http.ActionResult;
 import com.x.base.core.project.http.EffectivePerson;
 import com.x.base.core.project.jaxrs.WoId;
+import com.x.cms.assemble.control.Business;
 import com.x.cms.assemble.control.ExceptionWrapInConvert;
+import com.x.cms.core.entity.AppInfo;
 import com.x.cms.core.entity.Log;
 import com.x.cms.core.entity.element.Script;

+import java.util.Date;
+import java.util.List;
+
 class ActionUpdate extends BaseAction {
 	ActionResult<Wo> execute(EffectivePerson effectivePerson, String id, JsonElement jsonElement) throws Exception {
 		ActionResult<Wo> result = new ActionResult<>();
@@ -35,7 +39,15 @@ class ActionUpdate extends BaseAction {
 			try (EntityManagerContainer emc = EntityManagerContainerFactory.instance().create()) {
 				Script script = emc.find(id, Script.class);
 				if (null == script) {
-					throw new Exception("script{id:" + id + "} not existed.");
+					throw new ExceptionEntityNotExist(id);
+				}
+				AppInfo appInfo = emc.find(script.getAppId(), AppInfo.class);
+				if (null == appInfo) {
+					throw new ExceptionAppInfoNotExists(script.getAppId());
+				}
+				Business business = new Business(emc);
+				if (!business.isAppInfoManager(effectivePerson, appInfo)) {
+					throw new ExceptionAccessDenied(effectivePerson);
 				}
 				emc.beginTransaction(Script.class);
 				wrapIn.copyTo(script, JpaObject.ID_DISTRIBUTEFACTOR);

--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/view/ActionDelete.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/view/ActionDelete.java
@@ -13,10 +13,15 @@ import com.x.base.core.project.http.ActionResult;
 import com.x.base.core.project.http.EffectivePerson;
 import com.x.base.core.project.jaxrs.WoId;
 import com.x.cms.assemble.control.Business;
+import com.x.cms.core.entity.AppInfo;
 import com.x.cms.core.entity.element.View;
 import com.x.cms.core.entity.element.ViewCategory;
 import com.x.cms.core.entity.element.ViewFieldConfig;

+/**
+ * 删除列表配置
+ * @author sword
+ */
 public class ActionDelete extends BaseAction {

 	protected ActionResult<Wo> execute( HttpServletRequest request, EffectivePerson effectivePerson, String id ) throws Exception {
@@ -25,6 +30,12 @@ public class ActionDelete extends BaseAction {
 			Business business = new Business(emc);
 			//先判断需要操作的应用信息是否存在，根据ID进行一次查询，如果不存在不允许继续操作
 			View view = business.getViewFactory().get(id);
+
+			AppInfo appInfo = appInfoServiceAdv.get(view.getAppId());
+			if (!business.isAppInfoManager(effectivePerson, appInfo)) {
+				throw new ExceptionAccessDenied(effectivePerson);
+			}
+
 			//查询视图关联的所有列配置
 			List<String> fieldConfigIds = business.getViewFieldConfigFactory().listByViewId(id);
 			List<ViewFieldConfig> fieldConfigs = emc.list( ViewFieldConfig.class, fieldConfigIds);
@@ -32,10 +43,6 @@ public class ActionDelete extends BaseAction {
 			List<String> viewCategoryIds = business.getViewCategoryFactory().listByViewId(id);
 			List<ViewCategory> viewCategorys = emc.list( ViewCategory.class, viewCategoryIds );

-			//如果信息存在，再判断用户是否有操作的权限，如果没权限不允许继续操作
-			if (!business.isManager( effectivePerson)) {
-				throw new ExceptionAccessDenied(effectivePerson);
-			}
 			//进行数据库持久化操作
 			emc.beginTransaction( View.class );
 			emc.beginTransaction( ViewFieldConfig.class );

--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/view/ActionListByApp.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/view/ActionListByApp.java
@@ -45,11 +45,11 @@ public class ActionListByApp extends BaseAction {
 				}
 				//如果有权限，继续操作
 				ViewFactory viewFactory  = business.getViewFactory();
-				List<String> ids = viewFactory.listByAppId( appId );//获取指定应用的所有视图列表
-				List<View> viewList = emc.list( View.class, ids );//查询ID IN ids 的所有视图信息列表
+				List<String> ids = viewFactory.listByAppId( appId );
+				List<View> viewList = emc.list( View.class, ids );

 				if( viewList != null && !viewList.isEmpty() ){
-					wraps = Wo.copier.copy( viewList );//将所有查询出来的有状态的对象转换为可以输出的过滤过属性的对象
+					wraps = Wo.copier.copy( viewList );
 					SortTools.desc( wraps, "sequence" );

 					for( Wo wo :  wraps ){
@@ -58,9 +58,9 @@ public class ActionListByApp extends BaseAction {
 							wo.setFormName( formServiceAdv.getNameWithId( wo.getFormId() ) );
 						}
 					}
+					CacheManager.put(cacheCategory, cacheKey, wraps );
 				}

-				CacheManager.put(cacheCategory, cacheKey, wraps );
 				result.setData(wraps);
 			} catch (Throwable th) {
 				th.printStackTrace();

--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/view/ActionSave.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/view/ActionSave.java
 package com.x.cms.assemble.control.jaxrs.view;

-import java.util.ArrayList;
-import java.util.List;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.apache.commons.lang3.StringUtils;
-
 import com.google.gson.JsonElement;
-import com.x.base.core.container.EntityManagerContainer;
-import com.x.base.core.container.factory.EntityManagerContainerFactory;
 import com.x.base.core.entity.JpaObject;
 import com.x.base.core.project.bean.WrapCopier;
 import com.x.base.core.project.bean.WrapCopierFactory;
@@ -21,12 +12,21 @@ import com.x.base.core.project.jaxrs.WoId;
 import com.x.base.core.project.logger.Logger;
 import com.x.base.core.project.logger.LoggerFactory;
 import com.x.cms.assemble.control.Business;
-import com.x.cms.assemble.control.ExceptionWrapInConvert;
 import com.x.cms.assemble.control.service.LogService;
+import com.x.cms.core.entity.AppInfo;
 import com.x.cms.core.entity.element.View;
 import com.x.cms.core.entity.element.ViewCategory;
 import com.x.cms.core.entity.element.ViewFieldConfig;
+import org.apache.commons.lang3.StringUtils;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.ArrayList;
+import java.util.List;

+/**
+ * 保存列表配置
+ * @author sword
+ */
 public class ActionSave extends BaseAction {

 	private static  Logger logger = LoggerFactory.getLogger(ViewAction.class);
@@ -34,60 +34,36 @@ public class ActionSave extends BaseAction {
 	protected ActionResult<Wo> execute(HttpServletRequest request, EffectivePerson effectivePerson,
 			JsonElement jsonElement) throws Exception {
 		ActionResult<Wo> result = new ActionResult<>();
-		try (EntityManagerContainer emc = EntityManagerContainerFactory.instance().create()) {
-			Business business = new Business(emc);
-			if (!business.isManager( effectivePerson)) {
-				throw new ExceptionAccessDenied(effectivePerson);
-			}
+
+		Wi wi = this.convertToWrapIn(jsonElement, Wi.class);
+		if(StringUtils.isBlank(wi.getAppId())){
+			throw new ExceptionViewInfoAppIdEmpty();
 		}
-		Wi wi = null;
-		View view = null;
-		Boolean check = true;
-
-		try {
-			wi = this.convertToWrapIn(jsonElement, Wi.class);
-		} catch (Exception e) {
-			check = false;
-			Exception exception = new ExceptionWrapInConvert(e, jsonElement);
-			result.error(exception);
-			logger.error(e, effectivePerson, request, null);
+		if ( StringUtils.isEmpty(wi.getFormId())) {
+			throw new ExceptionViewInfoFormIdEmpty();
 		}

-		if (check) {
-			if ( StringUtils.isEmpty(wi.getFormId())) {
-				check = false;
-				Exception exception = new ExceptionViewInfoFormIdEmpty();
-				result.error(exception);
-			}
-		}
-		if (check) {
-			if ( StringUtils.isEmpty(wi.getAppId())) {
-				check = false;
-				Exception exception = new ExceptionViewInfoAppIdEmpty();
-				result.error(exception);
-			}
+		AppInfo appInfo = appInfoServiceAdv.get(wi.getAppId());
+		if(appInfo == null){
+			throw new ExceptionAppInfoNotExists(wi.getAppId());
 		}
-		if (check) {
-			try {
-				view = viewServiceAdv.save(wi, effectivePerson, wi.getFields());
-				new LogService().log(null, effectivePerson.getDistinguishedName(), view.getName(), view.getAppId(), "",
-						"", view.getId(), "VIEW", "保存");
-
-				CacheManager.notify(View.class);
-				CacheManager.notify(ViewFieldConfig.class);
-				CacheManager.notify(ViewCategory.class);
-
-				Wo wo = new Wo();
-				wo.setId(view.getId());
-				result.setData(wo);
-
-			} catch (Exception e) {
-				check = false;
-				Exception exception = new ExceptionViewInfoProcess(e, "系统保存视图信息对象时发生异常。");
-				result.error(exception);
-				logger.error(e, effectivePerson, request, null);
-			}
+
+		Business business = new Business(null);
+		if (!business.isAppInfoManager(effectivePerson, appInfo)) {
+			throw new ExceptionAccessDenied(effectivePerson);
 		}
+
+		View view = viewServiceAdv.save(wi, effectivePerson, wi.getFields());
+		new LogService().log(null, effectivePerson.getDistinguishedName(), view.getName(), view.getAppId(), "",
+				"", view.getId(), "VIEW", "保存");
+
+		CacheManager.notify(View.class);
+		CacheManager.notify(ViewFieldConfig.class);
+		CacheManager.notify(ViewCategory.class);
+
+		Wo wo = new Wo();
+		wo.setId(view.getId());
+		result.setData(wo);
 		return result;
 	}


--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/view/BaseAction.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/view/BaseAction.java
@@ -2,26 +2,21 @@ package com.x.cms.assemble.control.jaxrs.view;

 import com.x.base.core.project.cache.Cache;
 import com.x.base.core.project.jaxrs.StandardJaxrsAction;
-import com.x.cms.assemble.control.service.CategoryInfoServiceAdv;
-import com.x.cms.assemble.control.service.DocumentQueryService;
-import com.x.cms.assemble.control.service.FormServiceAdv;
-import com.x.cms.assemble.control.service.LogService;
-import com.x.cms.assemble.control.service.PermissionQueryService;
-import com.x.cms.assemble.control.service.UserManagerService;
-import com.x.cms.assemble.control.service.ViewServiceAdv;
+import com.x.cms.assemble.control.service.*;
 import com.x.cms.core.entity.element.View;
 import com.x.cms.core.entity.element.ViewCategory;
 import com.x.cms.core.entity.element.ViewFieldConfig;

 public class BaseAction extends StandardJaxrsAction {
-	
+
 	protected Cache.CacheCategory cacheCategory = new Cache.CacheCategory(View.class, ViewFieldConfig.class, ViewCategory.class);

 	protected LogService logService = new LogService();
+	protected AppInfoServiceAdv appInfoServiceAdv = new AppInfoServiceAdv();
 	protected CategoryInfoServiceAdv categoryInfoServiceAdv = new CategoryInfoServiceAdv();
 	protected ViewServiceAdv viewServiceAdv = new ViewServiceAdv();
 	protected DocumentQueryService documentQueryService = new DocumentQueryService();
-	protected UserManagerService userManagerService = new UserManagerService();	
+	protected UserManagerService userManagerService = new UserManagerService();
 	protected FormServiceAdv formServiceAdv = new FormServiceAdv();
 	protected PermissionQueryService permissionQueryService = new PermissionQueryService();
 }
--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/view/ExceptionAppInfoNotExists.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/view/ExceptionAppInfoNotExists.java
+package com.x.cms.assemble.control.jaxrs.view;
+
+import com.x.base.core.project.exception.LanguagePromptException;
+
+class ExceptionAppInfoNotExists extends LanguagePromptException {
+
+	private static final long serialVersionUID = 1859164370743532895L;
+
+	ExceptionAppInfoNotExists( String id ) {
+		super("指定的应用不存在:{}.", id );
+	}
+}
--- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/service/UserManagerService.java
+++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/service/UserManagerService.java
@@ -628,11 +628,7 @@ public class UserManagerService {
 	}

 	public boolean hasCategoryManagerPermission( EffectivePerson person, String appId) throws Exception {
-		//xadmin或者Cipher
-		if( person.isManager() || person.isCipher() ){
-			return true;
-		}
-		if( StringUtils.equalsIgnoreCase("xadmin", person.getName() ) || StringUtils.equalsIgnoreCase("xadmin", person.getDistinguishedName() ) ){
+		if( person.isManager()){
 			return true;
 		}
 		UserManagerService userManagerService = new UserManagerService();

--- a/o2server/x_cms_core_entity/src/main/java/com/x/cms/core/entity/Document.java
+++ b/o2server/x_cms_core_entity/src/main/java/com/x/cms/core/entity/Document.java
@@ -167,6 +167,12 @@ public class Document extends SliceJpaObject {
 	@CheckPersist(allowEmpty = true)
 	private String readFormName;

+	public static final String ppFormId_FIELDNAME = "ppFormId";
+	@FieldDescribe("流程平台表单ID")
+	@Column(length = JpaObject.length_id, name = ColumnNamePrefix + ppFormId_FIELDNAME)
+	@CheckPersist(allowEmpty = true)
+	private String ppFormId;
+
 	public static final String creatorPerson_FIELDNAME = "creatorPerson";
 	@FieldDescribe("创建人，可能为空，如果由系统创建。")
 	@Column(length = AbstractPersistenceProperties.organization_name_length, name = ColumnNamePrefix
@@ -548,6 +554,14 @@ public class Document extends SliceJpaObject {
 		this.formName = formName;
 	}

+	public String getPpFormId() {
+		return ppFormId;
+	}
+
+	public void setPpFormId(String ppFormId) {
+		this.ppFormId = ppFormId;
+	}
+
 	public String getReadFormId() {
 		return readFormId;
 	}