5 meses atrás · c44af0c853
--- a/sso-module-system/sso-module-system-api/src/main/java/com/poteviohealth/cgp/sso/module/system/enums/LogRecordConstants.java
+++ b/sso-module-system/sso-module-system-api/src/main/java/com/poteviohealth/cgp/sso/module/system/enums/LogRecordConstants.java
@@ -18,7 +18,7 @@ public interface LogRecordConstants {
 
				     String SYSTEM_USER_DELETE_SUB_TYPE = "删除用户";
			
 
				     String SYSTEM_USER_DELETE_SUCCESS = "删除了用户【{{#user.nickname}}】";
			
 
				     String SYSTEM_USER_UPDATE_PASSWORD_SUB_TYPE = "重置用户密码";
			
 
				-    String SYSTEM_USER_UPDATE_PASSWORD_SUCCESS = "将用户【{{#user.nickname}}】的密码从【{{#user.password}}】重置为【{{#newPassword}}】";
			
 
				+    String SYSTEM_USER_UPDATE_PASSWORD_SUCCESS = "将用户【{{#user.nickname}}】的密码重置";
			
 
				 
			
 
				     // ======================= SYSTEM_ROLE 角色 =======================
			
 
				 
			
@@ -30,4 +30,14 @@ public interface LogRecordConstants {
 
				     String SYSTEM_ROLE_DELETE_SUB_TYPE = "删除角色";
			
 
				     String SYSTEM_ROLE_DELETE_SUCCESS = "删除了角色【{{#role.name}}】";
			
 
				 
			
 
				+    // ======================= SYSTEM_DEPT 机构 =======================
			
 
				+
			
 
				+    String SYSTEM_DEPT_TYPE = "SYSTEM 角色";
			
 
				+    String SYSTEM_DEPT_CREATE_SUB_TYPE = "创建部门";
			
 
				+    String SYSTEM_DEPT_CREATE_SUCCESS = "创建了部门【{{#dept.name}}】";
			
 
				+    String SYSTEM_DEPT_UPDATE_SUB_TYPE = "更新部门";
			
 
				+    String SYSTEM_DEPT_UPDATE_SUCCESS = "更新了部门【{{#dept.name}}】: {_DIFF{#updateReqVO}}";
			
 
				+    String SYSTEM_DEPT_DELETE_SUB_TYPE = "删除部门";
			
 
				+    String SYSTEM_DEPT_DELETE_SUCCESS = "删除了部门【{{#dept.name}}】";
			
 
				+
			
 
				 }
			
--- a/sso-module-system/sso-module-system-biz/src/main/java/com/poteviohealth/cgp/sso/module/system/controller/admin/auth/AuthController.java
+++ b/sso-module-system/sso-module-system-biz/src/main/java/com/poteviohealth/cgp/sso/module/system/controller/admin/auth/AuthController.java
@@ -19,14 +19,19 @@ import com.poteviohealth.cgp.sso.module.system.service.permission.PermissionServ
 
				 import com.poteviohealth.cgp.sso.module.system.service.permission.RoleService;
			
 
				 import com.poteviohealth.cgp.sso.module.system.service.social.SocialClientService;
			
 
				 import com.poteviohealth.cgp.sso.module.system.service.user.AdminUserService;
			
 
				+import com.poteviohealth.cgp.sso.module.system.util.transmit.GuanRsa;
			
 
				 import io.swagger.v3.oas.annotations.Operation;
			
 
				 import io.swagger.v3.oas.annotations.Parameter;
			
 
				 import io.swagger.v3.oas.annotations.Parameters;
			
 
				 import io.swagger.v3.oas.annotations.tags.Tag;
			
 
				 import lombok.extern.slf4j.Slf4j;
			
 
				+import org.apache.commons.lang3.StringUtils;
			
 
				 import org.springframework.validation.annotation.Validated;
			
 
				 import org.springframework.web.bind.annotation.*;
			
 
				-
			
 
				+import org.springframework.http.ResponseEntity;
			
 
				+import org.springframework.http.HttpStatus;
			
 
				+import java.security.interfaces.RSAPrivateKey;
			
 
				+import java.net.URI;
			
 
				 import javax.annotation.Resource;
			
 
				 import javax.annotation.security.PermitAll;
			
 
				 import javax.servlet.http.HttpServletRequest;
			
@@ -174,4 +179,43 @@ public class AuthController {
 
				         return success(authService.socialLogin(reqVO));
			
 
				     }
			
 
				 
			
 
				+    @GetMapping({"/guanyuanLogin"})
			
 
				+    @PermitAll
			
 
				+    @CrossOrigin(origins = {"*"})
			
 
				+    @Operation(summary = "观园SSO登录")
			
 
				+    public ResponseEntity<String> guanyuanLogin(@RequestParam String loginid, @RequestParam String stamp, @RequestParam String token) {
			
 
				+        System.out.println("############ params are loginid:" + loginid + ",stamp:" + stamp + ",token:" + token);
			
 
				+        String partUrl = constructGuanyuanPartUrl(loginid);
			
 
				+        if (StringUtils.isNotEmpty(partUrl)) {
			
 
				+
			
 
				+            String externalUrl = "https://kycloud.checg.cn/?" + partUrl + "&path_url=m/app/d5c6debb6390544fb800ed38";
			
 
				+            return ((ResponseEntity.BodyBuilder)ResponseEntity.status(HttpStatus.FOUND)
			
 
				+                    .location(URI.create(externalUrl)))
			
 
				+                    .build();
			
 
				+        }
			
 
				+        String nofoundUrl = "https://kycloud.checg.cn/auth?nofound=true";
			
 
				+        return ((ResponseEntity.BodyBuilder)ResponseEntity.status(HttpStatus.FOUND)
			
 
				+                .location(URI.create(nofoundUrl)))
			
 
				+                .build();
			
 
				+    }
			
 
				+
			
 
				+
			
 
				+    private String constructGuanyuanPartUrl(String loginid) {
			
 
				+        try {
			
 
				+            AdminUserDO user = this.userService.getUserByOaLoginName(loginid);
			
 
				+            if (Objects.isNull(user)) {
			
 
				+                return null;
			
 
				+            }
			
 
				+            RSAPrivateKey key = GuanRsa.getPrivateKey("MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALJM8oJooBKwos8uEtSlmSkzyNZeENlmMPk1vqElqnmfcaohFa2ddvzm4AhDnT2Squp0m488LIE2G2I7rvXMVcLK5Kf6/MG8Lhk62oNJB/RymNh1jfhUcPd4pEvYwy5+c0hhugJR9rab6W37+JVmFEtXV/6xmgy4VOZ9PqND3qajAgMBAAECgYEArZuGtbuxwQEERb6Sz0K+swOdFj1ZIpUCMmVGTBokt2+seP7l4Lpl1THoCaPsQrvAd7E6lmj83IMWfrumS+a9yN/tlDXRdmQ4xJXs0FRUN3K4GILEPvICj6uujjFVxFYB4uEHKTUfHURc7MMJlvhUxiI/pC+cPSRkyhjg9i1uBcECQQDnXZhj1VvmgzVNHbaPmcItD/e9Ljch9SBw2qWibN9xv/c4O6czOrNZfcvBEEzUvcgv4SD92rTRw3K9djZg0lobAkEAxUjxHo2Nk57ysoB8Sp9uDS3QOnL452CJe01XMlNVV0twuy1nu2Ki+o104YwmFzx9cf8EJ3ISyHjXhgh1C5kuGQJAFLHUfamJ7NZzoBA2UiXormstN6i4mbr5Sd7kzeB7JAuNq2P6kqR/glO0M/KnTKglDdNPRiWX4uNekf/O4V4vXQJAW5NpQUppvm1YsN0NVMI+nmV2s7rsqNJZ3t9eq2CdS6EcGfaQoR2/E1iYOZ4JjF2qyUCb2AeOinn1aSUB17lp+QJAPOnK57iRTXZ9U170RqvHlLFpullQ5PleTFMVDKD5cuqOv4OnjchofhrP48R9zMo1RV90xLoS7GO/FzL8f3QxRQ==");
			
 
				+            long now = System.currentTimeMillis() / 1000L;
			
 
				+            String str = "{\"domainId\":\"guanbi\",\"externalUserId\":\"" + user.getUsername() + "\",\"timestamp\":" + now + "}";
			
 
				+
			
 
				+
			
 
				+            String encodedData = GuanRsa.privateEncrypt(str, key);
			
 
				+            String code = GuanRsa.toHexString(encodedData);
			
 
				+            return "provider=guanbi&ssoToken=" + code;
			
 
				+        } catch (Exception e) {
			
 
				+            return null;
			
 
				+        }
			
 
				+    }
			
 
				 }
			
--- a/sso-module-system/sso-module-system-biz/src/main/java/com/poteviohealth/cgp/sso/module/system/controller/admin/permission/vo/role/RoleSaveReqVO.java
+++ b/sso-module-system/sso-module-system-biz/src/main/java/com/poteviohealth/cgp/sso/module/system/controller/admin/permission/vo/role/RoleSaveReqVO.java
@@ -36,4 +36,8 @@ public class RoleSaveReqVO {
 
				     @DiffLogField(name = "备注")
			
 
				     private String remark;
			
 
				 
			
 
				+    @Schema(description = "角色状态（0正常 1停用）", requiredMode = Schema.RequiredMode.REQUIRED, example = "1024")
			
 
				+    @NotNull(message = "角色状态不能为空")
			
 
				+    @DiffLogField(name = "角色状态")
			
 
				+    private Integer status;
			
 
				 }
			
--- a/sso-module-system/sso-module-system-biz/src/main/java/com/poteviohealth/cgp/sso/module/system/controller/admin/user/UserController.java
+++ b/sso-module-system/sso-module-system-biz/src/main/java/com/poteviohealth/cgp/sso/module/system/controller/admin/user/UserController.java
@@ -87,7 +87,10 @@ public class UserController {
 
				 
			
 
				     private void updateUserRoles(UserSaveReqVO reqVO) {
			
 
				         Set<Long> roleIds = new HashSet<>();
			
 
				-        if (reqVO.getRoleType().equals(CommonStatusEnum.ENABLE.getStatus())) {
			
 
				+        if (reqVO.getRoleType().equals(2)) {
			
 
				+            //超级管理员
			
 
				+            roleIds.add(1L);
			
 
				+        } else if (reqVO.getRoleType().equals(CommonStatusEnum.ENABLE.getStatus())) {
			
 
				             //可创建用户
			
 
				             roleIds.add(112L);
			
 
				         } else {
			
--- a/sso-module-system/sso-module-system-biz/src/main/java/com/poteviohealth/cgp/sso/module/system/controller/admin/user/vo/user/UserSaveReqVO.java
+++ b/sso-module-system/sso-module-system-biz/src/main/java/com/poteviohealth/cgp/sso/module/system/controller/admin/user/vo/user/UserSaveReqVO.java
@@ -96,6 +96,9 @@ public class UserSaveReqVO {
 
				     @Schema(description = "业务角色", example = "0/1")
			
 
				     private Integer businessRole;
			
 
				 
			
 
				+    @Schema(description = "OA账号", example = "0/1")
			
 
				+    private String oaLoginName;
			
 
				+
			
 
				     @AssertTrue(message = "密码不能为空")
			
 
				     @JsonIgnore
			
 
				     public boolean isPasswordValid() {
			
--- a/sso-module-system/sso-module-system-biz/src/main/java/com/poteviohealth/cgp/sso/module/system/controller/admin/userclient/UserClientController.java
+++ b/sso-module-system/sso-module-system-biz/src/main/java/com/poteviohealth/cgp/sso/module/system/controller/admin/userclient/UserClientController.java
@@ -2,6 +2,7 @@ package com.poteviohealth.cgp.sso.module.system.controller.admin.userclient;
 
				 
			
 
				 import cn.hutool.core.collection.CollUtil;
			
 
				 import com.poteviohealth.cgp.sso.framework.common.enums.CommonStatusEnum;
			
 
				+import com.poteviohealth.cgp.sso.framework.common.exception.util.ServiceExceptionUtil;
			
 
				 import com.poteviohealth.cgp.sso.framework.common.pojo.CommonResult;
			
 
				 import com.poteviohealth.cgp.sso.framework.common.pojo.PageResult;
			
 
				 import com.poteviohealth.cgp.sso.framework.common.util.object.BeanUtils;
			
@@ -306,7 +307,11 @@ public class UserClientController {
 
				                     userClientService.updateUserSyncStatus(userClient.getId(),1);
			
 
				                 }else{
			
 
				                     userClientService.updateUserStatus(userClient.getId(),2);
			
 
				-                    throw exception(USER_SYNC_OPERATION_FAIL);
			
 
				+                    String msg = (String)resultRemote.get("resp_msg");
			
 
				+                    if (StringUtils.isEmpty(msg)){
			
 
				+                        msg = USER_SYNC_OPERATION_FAIL.getMsg();
			
 
				+                    }
			
 
				+                    throw ServiceExceptionUtil.exception0(USER_SYNC_OPERATION_FAIL.getCode(), msg);
			
 
				                 }
			
 
				             }
			
 
				         }else{
			
--- a/sso-module-system/sso-module-system-biz/src/main/java/com/poteviohealth/cgp/sso/module/system/dal/dataobject/user/AdminUserDO.java
+++ b/sso-module-system/sso-module-system-biz/src/main/java/com/poteviohealth/cgp/sso/module/system/dal/dataobject/user/AdminUserDO.java
@@ -128,4 +128,6 @@ public class AdminUserDO extends TenantBaseDO {
 
				     private Integer businessRole;
			
 
				 
			
 
				     private Integer isChangedPassword;
			
 
				+
			
 
				+    private String oaLoginName;
			
 
				 }
			
--- a/sso-module-system/sso-module-system-biz/src/main/java/com/poteviohealth/cgp/sso/module/system/dal/mysql/user/AdminUserMapper.java
+++ b/sso-module-system/sso-module-system-biz/src/main/java/com/poteviohealth/cgp/sso/module/system/dal/mysql/user/AdminUserMapper.java
@@ -33,6 +33,7 @@ public interface AdminUserMapper extends BaseMapperX<AdminUserDO> {
 
				                 .eqIfPresent(AdminUserDO::getStatus, reqVO.getStatus())
			
 
				                 .betweenIfPresent(AdminUserDO::getCreateTime, reqVO.getCreateTime())
			
 
				                 .inIfPresent(AdminUserDO::getDeptId, deptIds)
			
 
				+                .eqIfPresent(AdminUserDO::getRoleType, reqVO.getRoleType())
			
 
				                 .orderByDesc(AdminUserDO::getId));
			
 
				     }
			
 
				 
			
@@ -48,4 +49,5 @@ public interface AdminUserMapper extends BaseMapperX<AdminUserDO> {
 
				         return selectList(AdminUserDO::getDeptId, deptIds);
			
 
				     }
			
 
				 
			
 
				+    default AdminUserDO selectByOaLoginName(String loginName) { return (AdminUserDO)selectOne(AdminUserDO::getOaLoginName, loginName); }
			
 
				 }
			
--- a/sso-module-system/sso-module-system-biz/src/main/java/com/poteviohealth/cgp/sso/module/system/service/auth/AdminAuthServiceImpl.java
+++ b/sso-module-system/sso-module-system-biz/src/main/java/com/poteviohealth/cgp/sso/module/system/service/auth/AdminAuthServiceImpl.java
@@ -78,7 +78,7 @@ public class AdminAuthServiceImpl implements AdminAuthService {
 
				         // 校验账号是否存在
			
 
				         AdminUserDO user = userService.getUserByUsername(username);
			
 
				         if (user == null) {
			
 
				-            createLoginLog(null, username, logTypeEnum, LoginResultEnum.BAD_CREDENTIALS,user.getDeptId());
			
 
				+//            createLoginLog(null, username, logTypeEnum, LoginResultEnum.BAD_CREDENTIALS,user.getDeptId());
			
 
				             throw exception(AUTH_LOGIN_BAD_CREDENTIALS);
			
 
				         }
			
 
				         if (!userService.isPasswordMatch(password, user.getPassword())) {
			
--- a/sso-module-system/sso-module-system-biz/src/main/java/com/poteviohealth/cgp/sso/module/system/service/dept/DeptServiceImpl.java
+++ b/sso-module-system/sso-module-system-biz/src/main/java/com/poteviohealth/cgp/sso/module/system/service/dept/DeptServiceImpl.java
@@ -4,6 +4,9 @@ import cn.hutool.core.collection.CollUtil;
 
				 import cn.hutool.core.util.ObjectUtil;
			
 
				 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
			
 
				 import com.baomidou.mybatisplus.core.conditions.update.UpdateWrapper;
			
 
				+import com.mzt.logapi.context.LogRecordContext;
			
 
				+import com.mzt.logapi.service.impl.DiffParseFunction;
			
 
				+import com.mzt.logapi.starter.annotation.LogRecord;
			
 
				 import com.poteviohealth.cgp.sso.framework.common.enums.CommonStatusEnum;
			
 
				 import com.poteviohealth.cgp.sso.framework.common.pojo.PageResult;
			
 
				 import com.poteviohealth.cgp.sso.framework.common.util.object.BeanUtils;
			
@@ -13,20 +16,16 @@ import com.poteviohealth.cgp.sso.module.system.controller.admin.dept.vo.dept.Dep
 
				 import com.poteviohealth.cgp.sso.module.system.controller.admin.dept.vo.dept.DeptSaveReqVO;
			
 
				 import com.poteviohealth.cgp.sso.module.system.dal.dataobject.dept.DeptDO;
			
 
				 import com.poteviohealth.cgp.sso.module.system.dal.dataobject.sequence.SequenceDO;
			
 
				-import com.poteviohealth.cgp.sso.module.system.dal.dataobject.user.AdminUserDO;
			
 
				 import com.poteviohealth.cgp.sso.module.system.dal.mysql.dept.DeptMapper;
			
 
				 import com.poteviohealth.cgp.sso.module.system.dal.mysql.sequence.SequenceMapper;
			
 
				 import com.poteviohealth.cgp.sso.module.system.dal.mysql.user.AdminUserMapper;
			
 
				 import com.poteviohealth.cgp.sso.module.system.dal.redis.RedisKeyConstants;
			
 
				 import com.google.common.annotations.VisibleForTesting;
			
 
				-import com.poteviohealth.cgp.sso.module.system.enums.permission.RoleTypeEnum;
			
 
				-import com.poteviohealth.cgp.sso.module.system.service.user.AdminUserService;
			
 
				 import lombok.extern.slf4j.Slf4j;
			
 
				 import org.apache.commons.collections4.CollectionUtils;
			
 
				 import org.apache.commons.lang3.StringUtils;
			
 
				 import org.springframework.cache.annotation.CacheEvict;
			
 
				 import org.springframework.cache.annotation.Cacheable;
			
 
				-import org.springframework.security.core.parameters.P;
			
 
				 import org.springframework.stereotype.Service;
			
 
				 import org.springframework.validation.annotation.Validated;
			
 
				 
			
@@ -37,6 +36,7 @@ import java.util.*;
 
				 import static com.poteviohealth.cgp.sso.framework.common.exception.util.ServiceExceptionUtil.exception;
			
 
				 import static com.poteviohealth.cgp.sso.framework.common.util.collection.CollectionUtils.convertSet;
			
 
				 import static com.poteviohealth.cgp.sso.module.system.enums.ErrorCodeConstants.*;
			
 
				+import static com.poteviohealth.cgp.sso.module.system.enums.LogRecordConstants.*;
			
 
				 
			
 
				 /**
			
 
				  * 部门 Service 实现类
			
@@ -61,6 +61,8 @@ public class DeptServiceImpl implements DeptService {
 
				     @Override
			
 
				     @CacheEvict(cacheNames = RedisKeyConstants.DEPT_CHILDREN_ID_LIST,
			
 
				             allEntries = true) // allEntries 清空所有缓存，因为操作一个部门，涉及到多个缓存
			
 
				+    @LogRecord(type = SYSTEM_DEPT_TYPE, subType = SYSTEM_DEPT_CREATE_SUB_TYPE, bizNo = "{{#dept.id}}",
			
 
				+            success = SYSTEM_DEPT_CREATE_SUCCESS)
			
 
				     public Long createDept(DeptSaveReqVO createReqVO) {
			
 
				         if (createReqVO.getParentId() == null) {
			
 
				             createReqVO.setParentId(DeptDO.PARENT_ID_ROOT);
			
@@ -92,6 +94,9 @@ public class DeptServiceImpl implements DeptService {
 
				         // 插入部门
			
 
				         DeptDO dept = BeanUtils.toBean(createReqVO, DeptDO.class);
			
 
				         deptMapper.insert(dept);
			
 
				+
			
 
				+        // 3. 记录操作日志上下文
			
 
				+        LogRecordContext.putVariable("dept", dept);
			
 
				         return dept.getId();
			
 
				     }
			
 
				 
			
@@ -138,6 +143,8 @@ public class DeptServiceImpl implements DeptService {
 
				     @Override
			
 
				     @CacheEvict(cacheNames = RedisKeyConstants.DEPT_CHILDREN_ID_LIST,
			
 
				             allEntries = true) // allEntries 清空所有缓存，因为操作一个部门，涉及到多个缓存
			
 
				+    @LogRecord(type = SYSTEM_DEPT_TYPE, subType = SYSTEM_DEPT_UPDATE_SUB_TYPE, bizNo = "{{#updateReqVO.id}}",
			
 
				+            success = SYSTEM_DEPT_UPDATE_SUCCESS)
			
 
				     public void updateDept(DeptSaveReqVO updateReqVO) {
			
 
				         if (updateReqVO.getParentId() == null) {
			
 
				             updateReqVO.setParentId(DeptDO.PARENT_ID_ROOT);
			
@@ -161,6 +168,9 @@ public class DeptServiceImpl implements DeptService {
 
				         updateReqVO.setCode(null);
			
 
				         // 更新部门
			
 
				         DeptDO updateObj = BeanUtils.toBean(updateReqVO, DeptDO.class);
			
 
				+        // 3. 记录操作日志上下文
			
 
				+        LogRecordContext.putVariable(DiffParseFunction.OLD_OBJECT, BeanUtils.toBean(deptDO, DeptSaveReqVO.class));
			
 
				+        LogRecordContext.putVariable("dept", updateObj);
			
 
				         deptMapper.updateById(updateObj);
			
 
				     }
			
 
				 
			
@@ -181,6 +191,8 @@ public class DeptServiceImpl implements DeptService {
 
				     @Override
			
 
				     @CacheEvict(cacheNames = RedisKeyConstants.DEPT_CHILDREN_ID_LIST,
			
 
				             allEntries = true) // allEntries 清空所有缓存，因为操作一个部门，涉及到多个缓存
			
 
				+    @LogRecord(type = SYSTEM_DEPT_TYPE, subType = SYSTEM_DEPT_DELETE_SUB_TYPE, bizNo = "{{#id}}",
			
 
				+            success = SYSTEM_DEPT_DELETE_SUCCESS)
			
 
				     public void deleteDept(Long id) {
			
 
				         // 校验是否存在
			
 
				         validateDeptExists(id);
			
@@ -191,8 +203,11 @@ public class DeptServiceImpl implements DeptService {
 
				         if (CollectionUtils.isNotEmpty(adminUserMapper.selectListByDeptIds(Collections.singletonList(id)))){
			
 
				             throw exception(DEPT_EXITS_USERS);
			
 
				         }
			
 
				+        DeptDO dept = deptMapper.selectById(id);
			
 
				         // 删除部门
			
 
				         deptMapper.deleteById(id);
			
 
				+        // 3. 记录操作日志上下文
			
 
				+        LogRecordContext.putVariable("dept", dept);
			
 
				     }
			
 
				 
			
 
				     @VisibleForTesting
			
--- a/sso-module-system/sso-module-system-biz/src/main/java/com/poteviohealth/cgp/sso/module/system/service/oauth2/OAuth2ClientServiceImpl.java
+++ b/sso-module-system/sso-module-system-biz/src/main/java/com/poteviohealth/cgp/sso/module/system/service/oauth2/OAuth2ClientServiceImpl.java
@@ -136,6 +136,7 @@ public class OAuth2ClientServiceImpl implements OAuth2ClientService {
 
				     @Override
			
 
				     public OAuth2ClientDO validOAuthClientFromCache(String clientId, String clientSecret, String authorizedGrantType,
			
 
				                                                     Collection<String> scopes, String redirectUri) {
			
 
				+        log.info("OAuthClient! clientId="+clientId+", clientSecret="+clientSecret);
			
 
				         // 校验客户端存在、且开启
			
 
				         OAuth2ClientDO client = getSelf().getOAuth2ClientFromCache(clientId);
			
 
				         if (client == null) {
			
--- a/sso-module-system/sso-module-system-biz/src/main/java/com/poteviohealth/cgp/sso/module/system/service/oauth2/OAuth2TokenServiceImpl.java
+++ b/sso-module-system/sso-module-system-biz/src/main/java/com/poteviohealth/cgp/sso/module/system/service/oauth2/OAuth2TokenServiceImpl.java
@@ -153,6 +153,10 @@ public class OAuth2TokenServiceImpl implements OAuth2TokenService {
 
				                 .setClientId(clientDO.getClientId()).setScopes(refreshTokenDO.getScopes())
			
 
				                 .setRefreshToken(refreshTokenDO.getRefreshToken())
			
 
				                 .setExpiresTime(LocalDateTime.now().plusSeconds(clientDO.getAccessTokenValiditySeconds()));
			
 
				+        AdminUserDO user = adminUserService.getUser(refreshTokenDO.getUserId());
			
 
				+        if (user!=null && !(user.getIsChangedPassword()==0)){
			
 
				+            accessTokenDO.setLoginDate(user.getLoginDate());
			
 
				+        }
			
 
				         accessTokenDO.setTenantId(TenantContextHolder.getTenantId()); // 手动设置租户编号，避免缓存到 Redis 的时候，无对应的租户编号
			
 
				         oauth2AccessTokenMapper.insert(accessTokenDO);
			
 
				         // 记录到 Redis 中
			
--- a/sso-module-system/sso-module-system-biz/src/main/java/com/poteviohealth/cgp/sso/module/system/service/permission/RoleServiceImpl.java
+++ b/sso-module-system/sso-module-system-biz/src/main/java/com/poteviohealth/cgp/sso/module/system/service/permission/RoleServiceImpl.java
@@ -60,7 +60,7 @@ public class RoleServiceImpl implements RoleService {
 
				         // 2. 插入到数据库
			
 
				         RoleDO role = BeanUtils.toBean(createReqVO, RoleDO.class)
			
 
				                 .setType(ObjectUtil.defaultIfNull(type, RoleTypeEnum.CUSTOM.getType()))
			
 
				-                .setStatus(CommonStatusEnum.ENABLE.getStatus())
			
 
				+//                .setStatus(CommonStatusEnum.ENABLE.getStatus())
			
 
				                 .setDataScope(DataScopeEnum.ALL.getScope()); // 默认可查看所有数据。原因是，可能一些项目不需要项目权限
			
 
				         roleMapper.insert(role);
			
 
				 
			
--- a/sso-module-system/sso-module-system-biz/src/main/java/com/poteviohealth/cgp/sso/module/system/service/user/AdminUserService.java
+++ b/sso-module-system/sso-module-system-biz/src/main/java/com/poteviohealth/cgp/sso/module/system/service/user/AdminUserService.java
@@ -211,4 +211,6 @@ public interface AdminUserService {
 
				     boolean isPasswordMatch(String rawPassword, String encodedPassword);
			
 
				 
			
 
				     List<AdminUserDO> getUsersByDeptId(Long id);
			
 
				+
			
 
				+    AdminUserDO getUserByOaLoginName(String paramString);
			
 
				 }
			
--- a/sso-module-system/sso-module-system-biz/src/main/java/com/poteviohealth/cgp/sso/module/system/service/user/AdminUserServiceImpl.java
+++ b/sso-module-system/sso-module-system-biz/src/main/java/com/poteviohealth/cgp/sso/module/system/service/user/AdminUserServiceImpl.java
@@ -534,4 +534,6 @@ public class AdminUserServiceImpl implements AdminUserService {
 
				     public List<AdminUserDO> getUsersByDeptId(Long id) {
			
 
				         return userMapper.selectListByDeptIds(Collections.singletonList(id));
			
 
				     }
			
 
				+
			
 
				+    public AdminUserDO getUserByOaLoginName(String loginName) { return this.userMapper.selectByOaLoginName(loginName); }
			
 
				 }