Index: ssts-basedata/src/main/java/com/forgon/disinfectsystem/common/CssdUtils.java
===================================================================
diff -u -r17596 -r17638
--- ssts-basedata/src/main/java/com/forgon/disinfectsystem/common/CssdUtils.java	(.../CssdUtils.java)	(revision 17596)
+++ ssts-basedata/src/main/java/com/forgon/disinfectsystem/common/CssdUtils.java	(.../CssdUtils.java)	(revision 17638)
@@ -152,7 +152,11 @@
 		}
 		return null;
 	}
-	
+	/**
+	 * 获取一次性物品带规格的名称
+	 * @param dg	一次性物品
+	 * @return		返回值格式如：名字[规格]
+	 */
 	public static String getDiposableGoodsName(DisposableGoods dg) {
 		if (dg != null) {
 			String name = dg.getName();
Index: ssts-web/src/main/java/com/forgon/disinfectsystem/directory/service/SysUserManagerImpl.java
===================================================================
diff -u -r17533 -r17638
--- ssts-web/src/main/java/com/forgon/disinfectsystem/directory/service/SysUserManagerImpl.java	(.../SysUserManagerImpl.java)	(revision 17533)
+++ ssts-web/src/main/java/com/forgon/disinfectsystem/directory/service/SysUserManagerImpl.java	(.../SysUserManagerImpl.java)	(revision 17638)
@@ -383,6 +383,10 @@
 		}
 	}
 
+	/**
+	 * 更新用户所拥有的角色
+	 * @param user	目标用户
+	 */
 	private void updateRolesOfUser(User user) {
 		if (user == null)
 			return;
@@ -412,6 +416,10 @@
 		user.setRoles(roles);
 	}
 
+	/**
+	 * 设置用户与科室的关系
+	 * @param user	目标用户
+	 */
 	private void setOrgUserRelations(User user) {
 		if (user == null)
 			return;
@@ -420,7 +428,7 @@
 		if (orgUnitIds == null) {
 			return;
 		}
-		//一个用户只能属于一个部门，所以orgUnitIdArray长度不大于1
+		
 		String[] orgUnitIdArray = orgUnitIds.split(User.ORGUNIT_ROLE_SEPARATOR);
 		Set<OrgUserRelation> orgUserRelations = new HashSet<OrgUserRelation>();
 		for (String orgUnitId : orgUnitIdArray) {
@@ -438,7 +446,10 @@
 		user.setOrgUserRelations(orgUserRelations);
 	}
 	
-	//设置该用户所领导的部门列表
+	/**
+	 * 设置该用户所领导的部门列表
+	 * @param user	目标用户
+	 */
 	private void setLeaderOrgUnit(User user) {
 		if (user == null) {
 			return;
Index: forgon-tools/src/main/java/com/forgon/tools/util/SqlUtils.java
===================================================================
diff -u -r16634 -r17638
--- forgon-tools/src/main/java/com/forgon/tools/util/SqlUtils.java	(.../SqlUtils.java)	(revision 16634)
+++ forgon-tools/src/main/java/com/forgon/tools/util/SqlUtils.java	(.../SqlUtils.java)	(revision 17638)
@@ -1,17 +1,13 @@
-/**
- * 
- */
 package com.forgon.tools.util;
 
-import java.util.Date;
 import java.util.LinkedList;
 import java.util.List;
 
 import org.apache.commons.lang.StringUtils;
 
 import com.forgon.tools.Constants;
-import com.forgon.tools.db.DatabaseUtil;
 import com.forgon.tools.db.InitDbConnection;
+import com.forgon.tools.string.StringTools;
 
 
 
@@ -247,4 +243,26 @@
 		return queryString;
 		
 	}
+	
+	/**
+	 * 构建某个属性的or子句.
+	 * @param field	目标属性
+	 * @param arr	值的数组
+	 * @return		返回格式如： " and (name='a' or name='b')" 或者    " and (po.name='a' or po.name='b')"
+	 */
+	public static String get_OrSql(String field, String[] arr) {
+		StringBuffer sb = new StringBuffer();
+		if (StringTools.isNotBlank(field) && arr != null && arr.length > 0) {
+			for (String e : arr) {
+				if (StringTools.isNotBlank(e)) {
+					sb.append(field).append("='").append(e.trim()).append("'").append(" or ");
+				}
+			}
+			if (sb.length() > 0) {
+				sb.delete(sb.length() - 4, sb.length());
+				sb.insert(0, " and (").insert(sb.length(), ")");
+			}
+		}
+		return sb.toString();
+	}
 }
Index: ssts-web/src/main/java/test/forgon/disinfectsystem/AbstractCSSDTest.java
===================================================================
diff -u -r17637 -r17638
--- ssts-web/src/main/java/test/forgon/disinfectsystem/AbstractCSSDTest.java	(.../AbstractCSSDTest.java)	(revision 17637)
+++ ssts-web/src/main/java/test/forgon/disinfectsystem/AbstractCSSDTest.java	(.../AbstractCSSDTest.java)	(revision 17638)
@@ -107,6 +107,7 @@
 import com.forgon.security.model.Operation;
 import com.forgon.security.model.Role;
 import com.forgon.security.model.User;
+import com.forgon.security.service.OperationManager;
 import com.forgon.security.service.RoleManager;
 import com.forgon.security.userdetails.UserContainsSessionUser;
 import com.forgon.serialnumber.model.SerialNum;
@@ -212,6 +213,8 @@
 	protected RunWithTransNewManager runWithTransNewManager;
 	@Autowired
 	protected InitializeDataManager initializeDataManager;
+	@Autowired
+	protected OperationManager operationManager;
 	
 	/**
 	 * 组织单位OrgUnit供应室的id
@@ -2944,195 +2947,444 @@
 		assertNotNull(disposableGoodsStock3);
 		assertEquals(2000, disposableGoodsStock3.getAmount().longValue());
 	}
+//	/**
+//	 * 初始化用户、角色、组织机构
+//	 * 角色：【role1】、【role2】、【USER】、【OTHER】
+//	 * 操作：【operation1】、【operation2】、【operation3】
+//	 * 		阳光医院 【yangguangyiyuan】
+//	 * 			--测试手术室【testOR】 
+//	 * 				oruser1【role1】、oruser2【role1】、oruser3【role1】
+//	 * 			--测试供应室【testCSSD】
+//	 * 				cssduser1【role2】、cssduser2【role2】、cssduser3【role2】
+//	 */
+//	public void initDirectoryInfo() {
+//
+//		// makeActiveUser("admin");
+//
+//		String rootCompanyId = "ROOT-Company1";
+//		Role role1 = createRole("role1", "role1DisplayName", rootCompanyId);
+//		Role role2 = createRole("role2", "role2DisplayName", rootCompanyId);
+//		Role role3 = createRole("USER", "全体用户", rootCompanyId);
+//		Role roleOther = createRole("OTHER", "其他用户", rootCompanyId);
+//		roleManager.save(role1, null);
+//		roleManager.save(role2, null);
+//		roleManager.save(role3, null);
+//		roleManager.save(roleOther, null);
+//
+//		assertNotNull(roleManager.getRoleByRoleName(role1.getName()));
+//		assertNotNull(roleManager.getRoleByRoleName(role2.getName()));
+//		assertNotNull(roleManager.getRoleByRoleName(role3.getName()));
+//		assertNotNull(roleManager.getRoleByRoleName(roleOther.getName()));
+//
+//		Operation operation1 = new Operation();
+//		operation1.setOperationId("operation1");
+//		operation1.setOperationName("操作1");
+//		objectDao.save(operation1);
+//
+//		Operation operation2 = new Operation();
+//		operation2.setOperationId("operation2");
+//		operation2.setOperationName("操作2");
+//		objectDao.save(operation2);
+//
+//		Operation operation3 = new Operation();
+//		operation3.setOperationId("operation3");
+//		operation3.setOperationName("操作3");
+//		objectDao.save(operation3);
+//
+//		Set<Operation> operations = new HashSet<Operation>();
+//		operations.add(operation1);
+//		operations.add(operation2);
+//		operations.add(operation3);
+//		role1.setOperations(operations);
+//
+//		roleManager.save(role1, null);
+//
+//		// 初始化组织机构根节点和系统管理员用户
+//		initializeDataManager.initOrgUnit();
+//		
+//		OrgUnit orgUnitROOT = (OrgUnit) thTreeNodeManager.getTHTreeNodeById(
+//				OrgUnit.class.getSimpleName(), Long.valueOf(0));
+//		
+//		
+//		assertNotNull(orgUnitROOT);
+//		
+//		assertEquals("组织机构",orgUnitROOT.getName());
+//		
+////		OrgUnit rootNode = (OrgUnit) directoryHelper.createOrgUnit("阳光医院",
+////				"yangguangyiyuan", "name1", rootNode);
+//		
+////		assertNotNull(rootNode);
+//
+////		OrgUnit orgUnitROOT = directoryHelper.createOrgUnit("阳光医院",
+////				"yangguangyiyuan", "name1", rootNode);
+////		
+//		
+//		OrgUnit orgUnitOR = directoryHelper.createOrgUnit(Constants.ORG_UNIT_NAME_OR, Constants.ORG_UNIT_CODE_OR,
+//				"name2", orgUnitROOT);
+//		assertTrue(directoryHelper.isOrgUnitName(Constants.ORG_UNIT_NAME_OR));
+//		OrgUnit orgUnitCSSD = directoryHelper.createOrgUnit(Constants.ORG_UNIT_NAME_CSSD,
+//				Constants.ORG_UNIT_CODE_CSSD, "name2", orgUnitROOT);
+//		
+//		orgUnitCSSDId = "" + orgUnitCSSD.getId();
+//		
+//		assertTrue(directoryHelper.isOrgUnitCodeExist(Constants.ORG_UNIT_CODE_CSSD));
+//		
+//		OrgUnit neike = directoryHelper.createOrgUnit("测试内科",
+//				"testNeike", "name3", orgUnitROOT);
+//		assertTrue(directoryHelper.isOrgUnitCodeExist("testNeike"));
+//		
+//		BarcodeDevice barcode1 = new BarcodeDevice();
+//		barcode1.setType(BarcodeDevice.BARCODE_TYPE_ORGUNIT);
+//		barcode1.setBarcode("310000120");
+//		objectDao.save(barcode1);
+//		
+//		neike.setBarcodeDevice(barcode1);
+//		objectDao.save(neike);
+//		
+//		OrgUnit waike = directoryHelper.createOrgUnit("测试外科",
+//				"testWaike", "name4", orgUnitROOT);
+//		assertTrue(directoryHelper.isOrgUnitCodeExist("testWaike"));
+//		BarcodeDevice barcode2 = new BarcodeDevice();
+//		barcode2.setType(BarcodeDevice.BARCODE_TYPE_ORGUNIT);
+//		barcode2.setBarcode("310000121");
+//		objectDao.save(barcode2);
+//		
+//		waike.setBarcodeDevice(barcode2);
+//		objectDao.save(waike);
+//		
+//		
+//		User orUser1 = createUser("oruser1", "0100002001", orgUnitOR.getId().toString(),
+//				orgUnitOR.getOrgUnitCoding(), null, role1.getId().toString());
+//		User orUser2 = createUser("oruser2", "0100002002", orgUnitOR.getId().toString(),
+//				orgUnitOR.getOrgUnitCoding(), null, role1.getId().toString());
+//		User orUser3 = createUser("oruser3", "0100002003", orgUnitOR.getId().toString(),
+//				orgUnitOR.getOrgUnitCoding(), null, role1.getId().toString());
+//		User cssdUser1 = createUser("cssduser1","0100001001", 
+//				orgUnitCSSD.getId().toString(), orgUnitCSSD.getOrgUnitCoding(),
+//				null, role2.getId().toString());
+//		User cssdUser2 = createUser("cssduser2","0100001002", 
+//				orgUnitCSSD.getId().toString(), orgUnitCSSD.getOrgUnitCoding(),
+//				null, role2.getId().toString());
+//		User cssdUser3 = createUser("cssduser3","0100001003", 
+//				orgUnitCSSD.getId().toString(), orgUnitCSSD.getOrgUnitCoding(),
+//				null, role2.getId().toString());
+//		
+//		
+//		Role adminRole = roleManager.getRoleByRoleName("ROLE_ADMINISTRATOR_0");
+//		String roleIds = role2.getId().toString() + User.ORGUNIT_ROLE_SEPARATOR + adminRole.getId().toString();
+//		
+//		User admin = createUser("admin","0100001008", 
+//				orgUnitCSSD.getId().toString(), orgUnitCSSD.getOrgUnitCoding(),
+//				null, roleIds);
+//
+//		assertTrue(directoryHelper.isUserName("oruser1"));
+//		assertTrue(directoryHelper.isUserName("oruser2"));
+//		assertTrue(directoryHelper.isUserName("cssduser1"));
+//		assertTrue(directoryHelper.isUserName("cssduser2"));
+//		assertTrue(directoryHelper.isUserName("cssduser3"));
+//		assertTrue(directoryHelper.isUserName("admin"));
+//	}
 	
 	/**
-	 * 初始化用户、角色、组织机构
-	 * 角色：【role1】、【role2】、【USER】、【OTHER】
-	 * 操作：【operation1】、【operation2】、【operation3】
-	 * 		阳光医院 【yangguangyiyuan】
-	 * 			--测试手术室【testOR】 
-	 * 				oruser1【role1】、oruser2【role1】、oruser3【role1】
-	 * 			--测试供应室【testCSSD】
-	 * 				cssduser1【role2】、cssduser2【role2】、cssduser3【role2】
+	 * 	初始化4个科室：
+	 * 			1、测试供应室（供应室类型：一级供应室，条码：310000118）
+	 * 			2、测试手术室（供应室类型：手术室，条码：310000119）
+	 * 			3、测试内科（供应室类型：普通临床，条码：310000120）
+	 * 			4、测试外科（供应室类型：普通临床，条码：310000121）
+	 * 	初始化7个角色：
+	 * 			1、系统管理员
+	 * 			2、申领员
+	 * 			3、回收员
+	 * 			4、清洗员
+	 * 			5、装配员
+	 * 			6、审核员
+	 * 			7、灭菌员
+	 * 	初始化9个用户：
+	 * 			1、admin（拥有的权限：系统管理员，所属科室：测试供应室）
+	 * 			2、cssduser1（拥有的权限：系统管理员，所属科室：测试供应室）
+	 * 			3、cssduser2（拥有的权限：回收员，所属科室：测试供应室）
+	 * 			4、cssduser3（拥有的权限：清洗员、装配员、审核员、灭菌员，所属科室：测试供应室）
+	 * 			5、oruser1（拥有的权限：系统管理员，所属科室：测试手术室）
+	 * 			6、oruser2（拥有的权限：申领员，所属科室：测试手术室）
+	 * 			7、oruser3（拥有的权限：申领员，所属科室：测试手术室）
+	 * 			8、neikeuser1（拥有的权限：申领员，所属科室：测试内科）
+	 * 			9、neikeuser2（拥有的权限：申领员，所属科室：测试内科）
+	 * 
 	 */
 	public void initDirectoryInfo() {
-
-		// makeActiveUser("admin");
-
-		String rootCompanyId = "ROOT-Company1";
-		Role role1 = createRole("role1", "role1DisplayName", rootCompanyId);
-		Role role2 = createRole("role2", "role2DisplayName", rootCompanyId);
-		Role role3 = createRole("USER", "全体用户", rootCompanyId);
-		Role roleOther = createRole("OTHER", "其他用户", rootCompanyId);
-		roleManager.save(role1, null);
-		roleManager.save(role2, null);
-		roleManager.save(role3, null);
-		roleManager.save(roleOther, null);
-
-		assertNotNull(roleManager.getRoleByRoleName(role1.getName()));
-		assertNotNull(roleManager.getRoleByRoleName(role2.getName()));
-		assertNotNull(roleManager.getRoleByRoleName(role3.getName()));
-		assertNotNull(roleManager.getRoleByRoleName(roleOther.getName()));
-
-		Operation operation1 = new Operation();
-		operation1.setOperationId("operation1");
-		operation1.setOperationName("操作1");
-		objectDao.save(operation1);
-
-		Operation operation2 = new Operation();
-		operation2.setOperationId("operation2");
-		operation2.setOperationName("操作2");
-		objectDao.save(operation2);
-
-		Operation operation3 = new Operation();
-		operation3.setOperationId("operation3");
-		operation3.setOperationName("操作3");
-		objectDao.save(operation3);
-
-		Set<Operation> operations = new HashSet<Operation>();
-		operations.add(operation1);
-		operations.add(operation2);
-		operations.add(operation3);
-		role1.setOperations(operations);
-
-		roleManager.save(role1, null);
-
-		// 初始化组织机构根节点和系统管理员用户
+		//初始化“组织机构”根节点
 		initializeDataManager.initOrgUnit();
-		
 		OrgUnit orgUnitROOT = (OrgUnit) thTreeNodeManager.getTHTreeNodeById(
 				OrgUnit.class.getSimpleName(), Long.valueOf(0));
+		//创建“测试供应室”
+		OrgUnit orgUnitCSSD = directoryHelper.createOrgUnit(
+				Constants.ORG_UNIT_NAME_CSSD, Constants.ORG_UNIT_CODE_CSSD,
+				"310000118", orgUnitROOT);
+		//创建“测试手术室”
+		OrgUnit orgUnitOR = directoryHelper.createOrgUnit(
+				Constants.ORG_UNIT_NAME_OR, Constants.ORG_UNIT_CODE_OR,
+				"310000119", orgUnitROOT);
+		//创建“测试内科”
+		OrgUnit neike = directoryHelper.createOrgUnit(
+				Constants.ORG_UNIT_NAME_NEIKE, Constants.ORG_UNIT_CODE_NEIKE,
+				"310000120", orgUnitROOT);
 		
+		//创建“测试外科”
+		OrgUnit waike = directoryHelper.createOrgUnit(
+				Constants.ORG_UNIT_NAME_WAIKE, Constants.ORG_UNIT_CODE_WAIKE,
+				"310000121", orgUnitROOT);
 		
-		assertNotNull(orgUnitROOT);
-		
-		assertEquals("组织机构",orgUnitROOT.getName());
-		
-//		OrgUnit rootNode = (OrgUnit) directoryHelper.createOrgUnit("阳光医院",
-//				"yangguangyiyuan", "name1", rootNode);
-		
-//		assertNotNull(rootNode);
-
-//		OrgUnit orgUnitROOT = directoryHelper.createOrgUnit("阳光医院",
-//				"yangguangyiyuan", "name1", rootNode);
-//		
-		
-		OrgUnit orgUnitOR = directoryHelper.createOrgUnit(Constants.ORG_UNIT_NAME_OR, Constants.ORG_UNIT_CODE_OR,
-				"name2", orgUnitROOT);
-		assertTrue(directoryHelper.isOrgUnitName(Constants.ORG_UNIT_NAME_OR));
-		OrgUnit orgUnitCSSD = directoryHelper.createOrgUnit(Constants.ORG_UNIT_NAME_CSSD,
-				Constants.ORG_UNIT_CODE_CSSD, "name2", orgUnitROOT);
-		
-		orgUnitCSSDId = "" + orgUnitCSSD.getId();
-		
+		assertEquals("组织机构", orgUnitROOT.getName());
 		assertTrue(directoryHelper.isOrgUnitCodeExist(Constants.ORG_UNIT_CODE_CSSD));
+		assertTrue(directoryHelper.isOrgUnitCodeExist(Constants.ORG_UNIT_CODE_OR));
+		assertTrue(directoryHelper.isOrgUnitCodeExist(Constants.ORG_UNIT_CODE_NEIKE));
+		assertTrue(directoryHelper.isOrgUnitCodeExist(Constants.ORG_UNIT_CODE_WAIKE));
+		//并且把一级供应室的id用一个变量接收起来，以备后用
+		orgUnitCSSDId = orgUnitCSSD.getId().toString();
+		String orgUnitORId = orgUnitOR.getId().toString();
+		String neikeId = neike.getId().toString();
 		
-		OrgUnit neike = directoryHelper.createOrgUnit("测试内科",
-				"testNeike", "name3", orgUnitROOT);
-		assertTrue(directoryHelper.isOrgUnitCodeExist("testNeike"));
+		//初始化“operationdefine.xml”配置的权限
+		initOperation();
+		Role role_系统管理员 = roleManager.getRoleByRoleDescn("系统管理员");
+		Role role_申领员 = createRole_申领员("1", orgUnitROOT.getOrgUnitCoding(), null);
+		Role role_回收员 = createRole_回收员("2", orgUnitROOT.getOrgUnitCoding(), null);
+		Role role_清洗员 = createRole_清洗员("3", orgUnitROOT.getOrgUnitCoding(), null);
+		Role role_装配员 = createRole_装配员("4", orgUnitROOT.getOrgUnitCoding(), null);
+		Role role_审核员 = createRole_审核员("5", orgUnitROOT.getOrgUnitCoding(), null);
+		Role role_灭菌员 = createRole_灭菌员("6", orgUnitROOT.getOrgUnitCoding(), null);
+		String rId0 = role_系统管理员.getId().toString();
+		String rId1 = role_申领员.getId().toString();
+		String rId2 = role_回收员.getId().toString();
+		String rId3 = role_清洗员.getId().toString();
+		String rId4 = role_装配员.getId().toString();
+		String rId5 = role_审核员.getId().toString();
+		String rId6 = role_灭菌员.getId().toString();
 		
-		BarcodeDevice barcode1 = new BarcodeDevice();
-		barcode1.setType(BarcodeDevice.BARCODE_TYPE_ORGUNIT);
-		barcode1.setBarcode("310000120");
-		objectDao.save(barcode1);
+		User admin = createUser("admin", "0100001008", orgUnitCSSDId, rId0);
+		User cssdUser1 = createUser("cssduser1", "0100001001", orgUnitCSSDId, rId0);
+		User cssdUser2 = createUser("cssduser2", "0100001002", orgUnitCSSDId, rId2);
+		User cssdUser3 = createUser("cssduser3", "0100001003", orgUnitCSSDId, String.format("%s;%s;%s;%s", rId3, rId4, rId5, rId6));
+		User orUser1 = createUser("oruser1", "0100002001", orgUnitORId, rId0);
+		User orUser2 = createUser("oruser2", "0100002002", orgUnitORId, rId1);
+		User orUser3 = createUser("oruser3", "0100002003", orgUnitORId, rId1);
+		User neikeUser1 = createUser("neikeuser1", "0100003001", neikeId, rId1);
+		User neikeUser2 = createUser("neikeuser2", "0100003002", neikeId, rId1);
 		
-		neike.setBarcodeDevice(barcode1);
-		objectDao.save(neike);
-		
-		OrgUnit waike = directoryHelper.createOrgUnit("测试外科",
-				"testWaike", "name4", orgUnitROOT);
-		assertTrue(directoryHelper.isOrgUnitCodeExist("testWaike"));
-		BarcodeDevice barcode2 = new BarcodeDevice();
-		barcode2.setType(BarcodeDevice.BARCODE_TYPE_ORGUNIT);
-		barcode2.setBarcode("310000121");
-		objectDao.save(barcode2);
-		
-		waike.setBarcodeDevice(barcode2);
-		objectDao.save(waike);
-		
-		
-		User orUser1 = createUser("oruser1", "0100002001", orgUnitOR.getId().toString(),
-				orgUnitOR.getOrgUnitCoding(), null, role1.getId().toString());
-		User orUser2 = createUser("oruser2", "0100002002", orgUnitOR.getId().toString(),
-				orgUnitOR.getOrgUnitCoding(), null, role1.getId().toString());
-		User orUser3 = createUser("oruser3", "0100002003", orgUnitOR.getId().toString(),
-				orgUnitOR.getOrgUnitCoding(), null, role1.getId().toString());
-		User cssdUser1 = createUser("cssduser1","0100001001", 
-				orgUnitCSSD.getId().toString(), orgUnitCSSD.getOrgUnitCoding(),
-				null, role2.getId().toString());
-		User cssdUser2 = createUser("cssduser2","0100001002", 
-				orgUnitCSSD.getId().toString(), orgUnitCSSD.getOrgUnitCoding(),
-				null, role2.getId().toString());
-		User cssdUser3 = createUser("cssduser3","0100001003", 
-				orgUnitCSSD.getId().toString(), orgUnitCSSD.getOrgUnitCoding(),
-				null, role2.getId().toString());
-		
-		
-		Role adminRole = roleManager.getRoleByRoleName("ROLE_ADMINISTRATOR_0");
-		String roleIds = role2.getId().toString() + User.ORGUNIT_ROLE_SEPARATOR + adminRole.getId().toString();
-		
-		User admin = createUser("admin","0100001008", 
-				orgUnitCSSD.getId().toString(), orgUnitCSSD.getOrgUnitCoding(),
-				null, roleIds);
-
-		assertTrue(directoryHelper.isUserName("oruser1"));
-		assertTrue(directoryHelper.isUserName("oruser2"));
-		assertTrue(directoryHelper.isUserName("cssduser1"));
-		assertTrue(directoryHelper.isUserName("cssduser2"));
-		assertTrue(directoryHelper.isUserName("cssduser3"));
-		assertTrue(directoryHelper.isUserName("admin"));
+		assertTrue(directoryHelper.isUserName(admin.getName()));
+		assertTrue(directoryHelper.isUserName(cssdUser1.getName()));
+		assertTrue(directoryHelper.isUserName(cssdUser2.getName()));
+		assertTrue(directoryHelper.isUserName(cssdUser3.getName()));
+		assertTrue(directoryHelper.isUserName(orUser1.getName()));
+		assertTrue(directoryHelper.isUserName(orUser2.getName()));
+		assertTrue(directoryHelper.isUserName(orUser3.getName()));
+		assertTrue(directoryHelper.isUserName(neikeUser1.getName()));
+		assertTrue(directoryHelper.isUserName(neikeUser2.getName()));
 	}
+	
+	/**
+	 * 创建“申领员”角色
+	 * @param simpleName		角色id
+	 * @param companyId			科室编码	
+	 * @param parentIds			父角色的id集合，用逗号分隔	
+	 * @return					此角色对象
+	 */
+	private Role createRole_申领员(String simpleName, String companyId, String parentIds) {
+		String[] operationIds = {
+				"SSTS_RecycApplication_Create",
+				"SSTS_RecycApplication_Update",
+				"SSTS_RecycApplication_Select",
+				"SSTS_RecycApplication_Delete",
+				"SSTS_DisposableGoods_Create",
+				"SSTS_Disinfection_Create",
+				"SSTS_PACKAGE_Create",
+				"SSTS_Application_ShowAll",
+				"SSTS_Application_ShowTodoOnly",
+				"SSTS_Application_Custom_Create",
+				"SSTS_ForeignTousseApplication_Create",
+				"SSTS_ForeignTousseApplication_Update",
+				"SSTS_ForeignTousseApplication_Select",
+				"SSTS_ForeignTousseApplication_Delete",
+				"SSTS_ForeignTousseApplication_Terminate",
+				"SSTS_ForeignTousseApplication_ShowAll",
+				"SSTS_DepartPrintApplicationGoods",
+				"SSTS_PrintApplicationGoods",
+				"SSTS_Invoice_Sign",
+				"SSTS_recallRecyclingApplication",
+				"SSTS_borrowRecord_Create",
+				"SSTS_borrowRecord_Update",
+				"SSTS_borrowRecord_Select",
+				"SSTS_borrowRecord_Delete",
+				"SSTS_borrow_Create",
+				"SSTS_borrow_Update",
+				"SSTS_borrow_Select",
+				"SSTS_borrow_Delete"
+		};
+		Role role = createRole(simpleName, "申领员", companyId, operationIds, parentIds);
+		return role;
+	}
+	/**
+	 * 创建“回收员”角色
+	 * @param simpleName		角色id
+	 * @param companyId			科室编码	
+	 * @param parentIds			父角色的id集合，用逗号分隔	
+	 * @return					此角色对象
+	 */
+	private Role createRole_回收员(String simpleName, String companyId, String parentIds) {
+		String[] operationIds = {
+				"SSTS_RecycRecord_Create",
+				"SSTS_RecycRecord_Update",
+				"SSTS_RecycRecord_Select",
+				"SSTS_RecycRecord_Delete"
+		};
+		Role role = createRole(simpleName, "回收员", companyId, operationIds, parentIds);
+		return role;
+	}
+	/**
+	 * 创建“清洗员”角色
+	 * @param simpleName		角色id
+	 * @param companyId			科室编码	
+	 * @param parentIds			父角色的id集合，用逗号分隔	
+	 * @return					此角色对象
+	 */
+	private Role createRole_清洗员(String simpleName, String companyId, String parentIds) {
+		String[] operationIds = {
+				"SSTS_WashRecord_Create",
+				"SSTS_WashRecord_Update",
+				"SSTS_WashRecord_Select",
+				"SSTS_WashRecord_Delete",
+				"SSTS_WashTransitionRecord_Create",
+				"SSTS_WashTransitionRecord_Select"
+		};
+		Role role = createRole(simpleName, "清洗员", companyId, operationIds, parentIds);
+		return role;
+	}
+	/**
+	 * 创建“装配员”角色
+	 * @param simpleName		角色id
+	 * @param companyId			科室编码	
+	 * @param parentIds			父角色的id集合，用逗号分隔	
+	 * @return					此角色对象
+	 */
+	private Role createRole_装配员(String simpleName, String companyId, String parentIds) {
+		String[] operationIds = {
+				"SSTS_Packing_Manager",
+				"SSTS_PackingTask_Delete",
+				"SSTS_CustomPacking_Manager",
+				"SSTS_HistoryPacking_Manager",
+				"SSTS_HistoryPacking_Update",
+				"SSTS_HistoryPacking_Change_Patient",
+				"SSTS_RecyclingDetail_Print"
+		};
+		Role role = createRole(simpleName, "装配员", companyId, operationIds, parentIds);
+		return role;
+	}
+	/**
+	 * 创建“审核员”角色
+	 * @param simpleName		角色id
+	 * @param companyId			科室编码	
+	 * @param parentIds			父角色的id集合，用逗号分隔	
+	 * @return					此角色对象
+	 */
+	private Role createRole_审核员(String simpleName, String companyId, String parentIds) {
+		String[] operationIds = {
+				"SSTS_Tousse_Review"
+		};
+		Role role = createRole(simpleName, "审核员", companyId, operationIds, parentIds);
+		return role;
+	}
+	/**
+	 * 创建“灭菌员”角色
+	 * @param simpleName		角色id
+	 * @param companyId			科室编码	
+	 * @param parentIds			父角色的id集合，用逗号分隔	
+	 * @return					此角色对象
+	 */
+	private Role createRole_灭菌员(String simpleName, String companyId, String parentIds) {
+		String[] operationIds = {
+				"SSTS_Sterilization_Create",
+				"SSTS_Sterilization_Update",
+				"SSTS_Sterilization_Select",
+				"SSTS_Sterilization_Delete",
+				"SSTS_Sterilization_Loading",
+				"SSTS_Sterilization_remove",
+				"SSTS_ProxyDisinfection_Create",
+				"SSTS_ProxyDisinfection_Update",
+				"SSTS_ProxyDisinfection_Select",
+				"SSTS_ProxyDisinfection_Delete",
+				"SSTS_ForeignProxyDisinfection_Create",
+				"SSTS_ForeignProxyDisinfection_Update",
+				"SSTS_ForeignProxyDisinfection_Select",
+				"SSTS_ForeignProxyDisinfection_Delete",
+				"SSTS_ForeignProxyDisinfection_Apply"
+		};
+		Role role = createRole(simpleName, "灭菌员", companyId, operationIds, parentIds);
+		return role;
+	}
+	
+	/**
+	 * 初始化“operationdefine.xml”配置的权限
+	 */
+	private void initOperation() {
+		Set<Operation> xmlOperationList = operationManager
+				.getOperationListFromXml();
+		List<Operation> dbOperationList = operationManager.findAll();
+		operationManager.removeDBOperationNotInXml(dbOperationList,
+				xmlOperationList);
+		operationManager.updateOperationToDB(dbOperationList, xmlOperationList);
+	}
 
 	/**
-	 * 
-	 * @param userId
-	 *            用户id
-	 * @param orgUnitIdsUserBelong
-	 *            用户所属的组织单位
-	 * @param orgUnitIdsUserDirectManaged
-	 *            用户直接管理的部门id
-	 * @param orgUnitIdsUserUnDirectManaged
-	 *            用户分管的部门id
-	 * @param roleIds
-	 *            用户拥有的角色id
-	 * @return
+	 * 创建用户
+	 * @param name			用户登录名
+	 * @param barcode		用户条码
+	 * @param orgUnitIds	用户所属的科室id集合，用分号分隔
+	 * @param roleIds		用户拥有的角色id，用分号分隔
+	 * @return				此用户对象
 	 */
-	private User createUser(String userId, String barcode, String orgUnitIdsUserBelong,
-			String orgUnitIdsUserDirectManaged,
-			String orgUnitIdsUserUnDirectManaged, String roleIds) {
+	private User createUser(String name, String barcode, String orgUnitIds, String roleIds) {
 		User user = new User();
-		user.setName(userId);
-		user.setFullName(userId + "FullName");
-		user.setPasswd("1");
+		user.setName(name);
+		user.setFullName(name + "FullName");
 		user.setBarcode(barcode);
-		user.setOrgUnitIds(orgUnitIdsUserBelong);
-		user.setManagerOrgUnitIds(orgUnitIdsUserDirectManaged);
-		user.setLeaderOrgUnitIds(orgUnitIdsUserUnDirectManaged);
+		user.setPasswd("1");
+		user.setOrgUnitIds(orgUnitIds);
 		user.setRoleIds(roleIds);
 		sysUserManager.saveUser(user);
 		return user;
 	}
-
+	
 	/**
 	 * 创建角色
-	 * @param simpleName
-	 * @param roleDescn
-	 * @param companyId
-	 * @return
+	 * @param simpleName		角色id
+	 * @param roleDescn			角色名称
+	 * @param companyId			科室编码	
+	 * @param operationIds		权限id数组	
+	 * @param parentIds			父角色的id集合，用逗号分隔	
+	 * @return					此角色对象
 	 */
-	protected Role createRole(String simpleName, String roleDescn,
-			String companyId) {
-
+	protected Role createRole(String simpleName, String roleDescn, String companyId,
+			 String[] operationIds, String parentIds) {
 		Role role = null;
-		String roleName = "ROLE_" + simpleName + "_" + companyId;
-		if (!directoryHelper.isRoleName(roleName)) {
+		if (directoryHelper.isRoleName(roleDescn)) {
+			role = roleManager.getRoleByRoleDescn(roleDescn);
+		} else {
 			role = new Role();
 			role.setSimpleName(simpleName);
 			role.setDescn(roleDescn);
 			role.setCompanyId(companyId);
-
-		} else {
-			role = roleManager.getRoleByRoleName(roleName);
+			Set<Operation> set = new HashSet<Operation>();
+			for (String operationId : operationIds) {
+				Operation operation = operationManager.getByOperationId(operationId);
+				if (operation == null) {
+					throw new RuntimeException(String.format("权限id“%s”不存在", operationId));
+				} else {
+					set.add(operation);
+				}
+				
+			}
+			role.setOperations(set);
+			roleManager.save(role, parentIds);
 		}
 		return role;
 	}
@@ -3141,18 +3393,6 @@
 		SecurityContextHolder.clearContext();
 	}
 
-//	@Override
-//	protected String[] getConfigLocations() {
-//		setAutowireMode(AutowireCapableBeanFactory.AUTOWIRE_BY_NAME);
-//
-//		String database = CssdUtils.getConfigProperty("database");
-//		String project = CssdUtils.getConfigProperty("project");
-//		
-//		return new String[] { "spring/*.xml", "spring/database/" + database + "/*.xml",
-//				"spring/projects/" + project + "/*.xml" };
-//	}
-//
-
 	protected void onTearDownInTransaction() {
 		destroySecureContext();
 	}
Index: forgon-core/src/main/java/com/forgon/directory/service/DirectoryHelper.java
===================================================================
diff -u -r17628 -r17638
--- forgon-core/src/main/java/com/forgon/directory/service/DirectoryHelper.java	(.../DirectoryHelper.java)	(revision 17628)
+++ forgon-core/src/main/java/com/forgon/directory/service/DirectoryHelper.java	(.../DirectoryHelper.java)	(revision 17638)
@@ -15,13 +15,16 @@
 import org.hibernate.Query;
 
 import com.forgon.directory.acegi.tools.AcegiHelper;
+import com.forgon.directory.model.BarcodeDevice;
 import com.forgon.directory.model.OrgUnit;
 import com.forgon.directory.model.OrgUserRelation;
 import com.forgon.security.acls.AclFieldsObject;
 import com.forgon.security.model.Role;
 import com.forgon.security.model.User;
 import com.forgon.security.service.RoleManager;
 import com.forgon.security.service.UserManager;
+import com.forgon.serialnumber.model.SerialNum;
+import com.forgon.serialnumber.service.SerialNumManager;
 import com.forgon.tools.Constants;
 import com.forgon.tools.hibernate.ObjectDao;
 import com.forgon.tools.json.JSONUtil;
@@ -58,11 +61,17 @@
 	private OrgUnitManager orgUnitManager;
 
 	private AcegiHelper acegiHelper;
+	
+	private SerialNumManager serialNumManager;
 
 	public AcegiHelper getAcegiHelper() {
 		return acegiHelper;
 	}
 
+	public void setSerialNumManager(SerialNumManager serialNumManager) {
+		this.serialNumManager = serialNumManager;
+	}
+
 	public void setAcegiHelper(AcegiHelper acegiHelper) {
 		this.acegiHelper = acegiHelper;
 	}
@@ -796,6 +805,11 @@
 		this.userManager = userManager;
 	}
 
+	/**
+	 * 是否存在此用户登录名
+	 * @param name	用户登录名
+	 * @return
+	 */
 	public boolean isUserName(String name) {
 		if (userManager.getUserByUserId(name) != null) {
 			return true;
@@ -1147,23 +1161,26 @@
 	}
 
 	/**
-	 * 创建科室
+	 * 创建科室，如果此科室条码已经存在则不创建.
 	 * @param orgUnitName	科室名称
 	 * @param orgUnitCode	科室编码
-	 * @param orgUnitManager  科室的管理者，即部门领导
+	 * @param barcode		科室条码
 	 * @param parentNode	直属上级科室
-	 * @return	此科室对象
+	 * @return				此科室对象
 	 */
-	public OrgUnit createOrgUnit(String orgUnitName, String orgUnitCode,
-			String orgUnitManager, OrgUnit parentNode) {
+	public OrgUnit createOrgUnit(String orgUnitName, String orgUnitCode, String barcode, OrgUnit parentNode) {
 		OrgUnit orgUnit = null;
 		if (!isOrgUnitCodeExist(orgUnitCode)) {
-
+			BarcodeDevice bd = new BarcodeDevice();
+			bd.setType(BarcodeDevice.BARCODE_TYPE_ORGUNIT);
+			bd.setBarcode(barcode);
+			objectDao.save(bd);
+			
 			orgUnit = new OrgUnit();
+			orgUnit.setBarcodeDevice(bd);
 			orgUnit.setName(orgUnitName);
 			orgUnit.setParent(parentNode);
 			orgUnit.setOrgUnitCoding(orgUnitCode);
-			// orgUnit.setPrincipal(orgUnitManager);
 			thTreeNodeManager.saveTHTreeNode(orgUnit);
 		} else {
 			orgUnit = (OrgUnit) thTreeNodeManager