Index: ssts-webservice/src/main/java/com/forgon/disinfectsystem/webservice/service/ServiceManagerImpl.java
===================================================================
diff -u -r15500 -r15517
--- ssts-webservice/src/main/java/com/forgon/disinfectsystem/webservice/service/ServiceManagerImpl.java	(.../ServiceManagerImpl.java)	(revision 15500)
+++ ssts-webservice/src/main/java/com/forgon/disinfectsystem/webservice/service/ServiceManagerImpl.java	(.../ServiceManagerImpl.java)	(revision 15517)
@@ -119,10 +119,11 @@
 import com.forgon.security.bean.OperationDefineBean;
 import com.forgon.security.bean.SystemNameBean;
 import com.forgon.security.dao.OperationDefineDao;
-import com.forgon.security.model.Role;
+import com.forgon.security.model.Operation;
 import com.forgon.security.model.User;
 import com.forgon.security.service.SSOAuthenticationService;
 import com.forgon.security.service.UserManager;
+import com.forgon.security.tools.Util;
 import com.forgon.security.userdetails.UserContainsSessionUser;
 import com.forgon.serialnumber.model.SerialNum;
 import com.forgon.serialnumber.service.SerialNumManager;
@@ -418,11 +419,16 @@
 		String orgUnitName = orgUnit.getName();
 		// 用户权限
 		Set<String> allOperationsofUser = new HashSet<String>();
-		for (Role role : user.getRoles()) {
-			for (String operation : role.getOperationIdArr()) {
-				allOperationsofUser.add(operation);
-			}
+		// 获取用户所有的权限，包括继承的权限
+		Set<Operation> operations = Util.getOperationsOfRoles(user.getRoles());
+		for(Operation operation : operations){
+			allOperationsofUser.add(operation.getOperationId());
 		}
+//		for (Role role : user.getRoles()) {
+//			for (String operation : role.getOperationIdArr()) {
+//				allOperationsofUser.add(operation);
+//			}
+//		}
 		JSONArray modelJSONArray = new JSONArray();
 		OperationDefineBean operationDefineBean = operationDefineDao
 				.getOperationDefineBeanFromXml();