Create & Init Project...

2019-04-22 18:49:16 +08:00
commit fc4fa37393
25440 changed files with 4054998 additions and 0 deletions
--- a/app/admin/main/manager/BUILD
+++ b/app/admin/main/manager/BUILD
@@ -0,0 +1,23 @@
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [
+        ":package-srcs",
+        "//app/admin/main/manager/api:all-srcs",
+        "//app/admin/main/manager/cmd:all-srcs",
+        "//app/admin/main/manager/conf:all-srcs",
+        "//app/admin/main/manager/dao:all-srcs",
+        "//app/admin/main/manager/model:all-srcs",
+        "//app/admin/main/manager/server/grpc:all-srcs",
+        "//app/admin/main/manager/server/http:all-srcs",
+        "//app/admin/main/manager/service:all-srcs",
+    ],
+    tags = ["automanaged"],
+    visibility = ["//visibility:public"],
+)
--- a/app/admin/main/manager/CHANGELOG.md
+++ b/app/admin/main/manager/CHANGELOG.md
@@ -0,0 +1,107 @@
+
+# manager-admin
+
+### 1.4.4
+1. permit grpc client start noblock
+
+### 1.4.3
+1. 支持 user state 配置
+
+### 1.4.2
+1. fix 用户没有权限点
+2. fix manager用户不存在的情况
+
+### 1.4.1
+1. 支持grpc
+
+### 1.4.0
+1. 获取用户所有角色
+
+### v1.3.9
+1. manager_business_user_role表增加state状态处理
+
+### v1.3.8
+1. 增加internal获取控件接口
+
+### v1.3.7
+1. 修改角色列表排序方式
+
+### v1.3.6
+1. replace cfg name auth to permit
+
+### v1.3.5
+1. internal增加tag接口
+
+### v1.3.4
+1. tag控件增加业务id
+
+### v1.3.3
+1. permission接口增加权限组信息，角色信息
+
+### v1.3.2
+1. manager角色管理
+
+### v1.3.1
+1. manager-tag管理
+
+### v1.3.0
+1. 重构为使用BM框架
+
+### v1.2.12
+1. 在perm接口添加admin字段，返回是否是admin
+
+### v1.2.11
+1. 修改Auth接口，避免重复权限点
+
+### v1.2.10
+1. 增加批量查询用户部门接口
+
+### v1.2.9
+1. 静态资源zip文件上传接口 - 相同文件名覆盖的问题修复
+2. Manager-admin迁移到Main路径下
+
+### v1.2.8
+1. 新增静态资源zip文件上传接口
+
+### v1.2.7
+1. 新增批量查询用户名接口 - Post TO Get
+
+### v1.2.6
+1. auth perms
+
+### v1.2.5
+1.fix auth sql
+
+### v1.2.4
+1. 加用户活跃心跳接口
+
+### v1.2.1
+1. 更新go-common
+
+### v1.2.0
+1. 稿件权限组相关
+
+### v1.1.6
+1. 新增分页获取用户信息接口
+
+### v1.1.3
+1. 提供auth
+
+### v1.4.1
+1. 新增理由管理
+
+### v1.4.2
+1. 新增常用字段
+
+### v1.4.2
+1. 移除role限制required
+
+### v1.4.4
+1. 修正角色id映射关系r.RID
+
+### v1.4.5 
+1. 添加行为日志
+2. 添加具体部门和角色下属用户
+3. 修正角色表auth_item
+4. 修正下拉列表漏数据和配置为每次编辑人员
+5. 调整lib和bid
--- a/app/admin/main/manager/CONTRIBUTORS.md
+++ b/app/admin/main/manager/CONTRIBUTORS.md
@@ -0,0 +1,11 @@
+# Owner
+liweijia
+zhapuyu
+renwei
+zhoushuguang
+
+# Author 
+all
+
+# Reviewer
+all
--- a/app/admin/main/manager/OWNERS
+++ b/app/admin/main/manager/OWNERS
@@ -0,0 +1,13 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+approvers:
+- liweijia
+- renwei
+- zhapuyu
+- zhoushuguang
+labels:
+- admin
+- admin/main/manager
+- main
+options:
+  no_parent_owners: true
--- a/app/admin/main/manager/README.md
+++ b/app/admin/main/manager/README.md
--- a/app/admin/main/manager/api/BUILD
+++ b/app/admin/main/manager/api/BUILD
@@ -0,0 +1,57 @@
+load(
+    "@io_bazel_rules_go//proto:def.bzl",
+    "go_proto_library",
+)
+
+package(default_visibility = ["//visibility:public"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_library",
+)
+
+proto_library(
+    name = "api_proto",
+    srcs = ["api.proto"],
+    tags = ["automanaged"],
+    deps = ["@gogo_special_proto//github.com/gogo/protobuf/gogoproto"],
+)
+
+go_proto_library(
+    name = "api_go_proto",
+    compilers = ["@io_bazel_rules_go//proto:gogofast_grpc"],
+    importpath = "go-common/app/admin/main/manager/api",
+    proto = ":api_proto",
+    tags = ["automanaged"],
+    deps = ["@com_github_gogo_protobuf//gogoproto:go_default_library"],
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = ["client.go"],
+    embed = [":api_go_proto"],
+    importpath = "go-common/app/admin/main/manager/api",
+    tags = ["automanaged"],
+    visibility = ["//visibility:public"],
+    deps = [
+        "//library/net/rpc/warden:go_default_library",
+        "@com_github_gogo_protobuf//gogoproto:go_default_library",
+        "@com_github_gogo_protobuf//proto:go_default_library",
+        "@org_golang_google_grpc//:go_default_library",
+        "@org_golang_x_net//context:go_default_library",
+    ],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [":package-srcs"],
+    tags = ["automanaged"],
+    visibility = ["//visibility:public"],
+)
--- a/app/admin/main/manager/api/api.pb.go
+++ b/app/admin/main/manager/api/api.pb.go
@@ -0,0 +1,969 @@
+// Code generated by protoc-gen-gogo. DO NOT EDIT.
+// source: app/admin/main/manager/api/api.proto
+
+package api
+
+import proto "github.com/gogo/protobuf/proto"
+import fmt "fmt"
+import math "math"
+import _ "github.com/gogo/protobuf/gogoproto"
+
+import (
+	context "golang.org/x/net/context"
+	grpc "google.golang.org/grpc"
+)
+
+import io "io"
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
+
+type LoginReq struct {
+	Mngsid string `protobuf:"bytes,1,opt,name=mngsid,proto3" json:"mngsid,omitempty"`
+	Dsbsid string `protobuf:"bytes,2,opt,name=dsbsid,proto3" json:"dsbsid,omitempty"`
+}
+
+func (m *LoginReq) Reset()         { *m = LoginReq{} }
+func (m *LoginReq) String() string { return proto.CompactTextString(m) }
+func (*LoginReq) ProtoMessage()    {}
+func (*LoginReq) Descriptor() ([]byte, []int) {
+	return fileDescriptor_api_2329f30e789e58b5, []int{0}
+}
+
+func (m *LoginReq) GetMngsid() string {
+	if m != nil {
+		return m.Mngsid
+	}
+	return ""
+}
+
+func (m *LoginReq) GetDsbsid() string {
+	if m != nil {
+		return m.Dsbsid
+	}
+	return ""
+}
+
+type LoginReply struct {
+	Sid      string `protobuf:"bytes,1,opt,name=sid,proto3" json:"sid,omitempty"`
+	Username string `protobuf:"bytes,2,opt,name=username,proto3" json:"username,omitempty"`
+}
+
+func (m *LoginReply) Reset()         { *m = LoginReply{} }
+func (m *LoginReply) String() string { return proto.CompactTextString(m) }
+func (*LoginReply) ProtoMessage()    {}
+func (*LoginReply) Descriptor() ([]byte, []int) {
+	return fileDescriptor_api_2329f30e789e58b5, []int{1}
+}
+
+func (m *LoginReply) GetSid() string {
+	if m != nil {
+		return m.Sid
+	}
+	return ""
+}
+
+func (m *LoginReply) GetUsername() string {
+	if m != nil {
+		return m.Username
+	}
+	return ""
+}
+
+type PermissionReq struct {
+	Username string `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`
+}
+
+func (m *PermissionReq) Reset()         { *m = PermissionReq{} }
+func (m *PermissionReq) String() string { return proto.CompactTextString(m) }
+func (*PermissionReq) ProtoMessage()    {}
+func (*PermissionReq) Descriptor() ([]byte, []int) {
+	return fileDescriptor_api_2329f30e789e58b5, []int{2}
+}
+
+func (m *PermissionReq) GetUsername() string {
+	if m != nil {
+		return m.Username
+	}
+	return ""
+}
+
+type PermissionReply struct {
+	Uid   int64    `protobuf:"varint,1,opt,name=uid,proto3" json:"uid,omitempty"`
+	Perms []string `protobuf:"bytes,2,rep,name=perms" json:"perms,omitempty"`
+}
+
+func (m *PermissionReply) Reset()         { *m = PermissionReply{} }
+func (m *PermissionReply) String() string { return proto.CompactTextString(m) }
+func (*PermissionReply) ProtoMessage()    {}
+func (*PermissionReply) Descriptor() ([]byte, []int) {
+	return fileDescriptor_api_2329f30e789e58b5, []int{3}
+}
+
+func (m *PermissionReply) GetUid() int64 {
+	if m != nil {
+		return m.Uid
+	}
+	return 0
+}
+
+func (m *PermissionReply) GetPerms() []string {
+	if m != nil {
+		return m.Perms
+	}
+	return nil
+}
+
+func init() {
+	proto.RegisterType((*LoginReq)(nil), "main.manager.admin.LoginReq")
+	proto.RegisterType((*LoginReply)(nil), "main.manager.admin.LoginReply")
+	proto.RegisterType((*PermissionReq)(nil), "main.manager.admin.PermissionReq")
+	proto.RegisterType((*PermissionReply)(nil), "main.manager.admin.PermissionReply")
+}
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ context.Context
+var _ grpc.ClientConn
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+const _ = grpc.SupportPackageIsVersion4
+
+// PermitClient is the client API for Permit service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
+type PermitClient interface {
+	Login(ctx context.Context, in *LoginReq, opts ...grpc.CallOption) (*LoginReply, error)
+	Permissions(ctx context.Context, in *PermissionReq, opts ...grpc.CallOption) (*PermissionReply, error)
+}
+
+type permitClient struct {
+	cc *grpc.ClientConn
+}
+
+func NewPermitClient(cc *grpc.ClientConn) PermitClient {
+	return &permitClient{cc}
+}
+
+func (c *permitClient) Login(ctx context.Context, in *LoginReq, opts ...grpc.CallOption) (*LoginReply, error) {
+	out := new(LoginReply)
+	err := c.cc.Invoke(ctx, "/main.manager.admin.Permit/Login", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *permitClient) Permissions(ctx context.Context, in *PermissionReq, opts ...grpc.CallOption) (*PermissionReply, error) {
+	out := new(PermissionReply)
+	err := c.cc.Invoke(ctx, "/main.manager.admin.Permit/Permissions", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// PermitServer is the server API for Permit service.
+type PermitServer interface {
+	Login(context.Context, *LoginReq) (*LoginReply, error)
+	Permissions(context.Context, *PermissionReq) (*PermissionReply, error)
+}
+
+func RegisterPermitServer(s *grpc.Server, srv PermitServer) {
+	s.RegisterService(&_Permit_serviceDesc, srv)
+}
+
+func _Permit_Login_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(LoginReq)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(PermitServer).Login(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/main.manager.admin.Permit/Login",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(PermitServer).Login(ctx, req.(*LoginReq))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _Permit_Permissions_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(PermissionReq)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(PermitServer).Permissions(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/main.manager.admin.Permit/Permissions",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(PermitServer).Permissions(ctx, req.(*PermissionReq))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+var _Permit_serviceDesc = grpc.ServiceDesc{
+	ServiceName: "main.manager.admin.Permit",
+	HandlerType: (*PermitServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "Login",
+			Handler:    _Permit_Login_Handler,
+		},
+		{
+			MethodName: "Permissions",
+			Handler:    _Permit_Permissions_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "app/admin/main/manager/api/api.proto",
+}
+
+func (m *LoginReq) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalTo(dAtA)
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *LoginReq) MarshalTo(dAtA []byte) (int, error) {
+	var i int
+	_ = i
+	var l int
+	_ = l
+	if len(m.Mngsid) > 0 {
+		dAtA[i] = 0xa
+		i++
+		i = encodeVarintApi(dAtA, i, uint64(len(m.Mngsid)))
+		i += copy(dAtA[i:], m.Mngsid)
+	}
+	if len(m.Dsbsid) > 0 {
+		dAtA[i] = 0x12
+		i++
+		i = encodeVarintApi(dAtA, i, uint64(len(m.Dsbsid)))
+		i += copy(dAtA[i:], m.Dsbsid)
+	}
+	return i, nil
+}
+
+func (m *LoginReply) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalTo(dAtA)
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *LoginReply) MarshalTo(dAtA []byte) (int, error) {
+	var i int
+	_ = i
+	var l int
+	_ = l
+	if len(m.Sid) > 0 {
+		dAtA[i] = 0xa
+		i++
+		i = encodeVarintApi(dAtA, i, uint64(len(m.Sid)))
+		i += copy(dAtA[i:], m.Sid)
+	}
+	if len(m.Username) > 0 {
+		dAtA[i] = 0x12
+		i++
+		i = encodeVarintApi(dAtA, i, uint64(len(m.Username)))
+		i += copy(dAtA[i:], m.Username)
+	}
+	return i, nil
+}
+
+func (m *PermissionReq) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalTo(dAtA)
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *PermissionReq) MarshalTo(dAtA []byte) (int, error) {
+	var i int
+	_ = i
+	var l int
+	_ = l
+	if len(m.Username) > 0 {
+		dAtA[i] = 0xa
+		i++
+		i = encodeVarintApi(dAtA, i, uint64(len(m.Username)))
+		i += copy(dAtA[i:], m.Username)
+	}
+	return i, nil
+}
+
+func (m *PermissionReply) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalTo(dAtA)
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *PermissionReply) MarshalTo(dAtA []byte) (int, error) {
+	var i int
+	_ = i
+	var l int
+	_ = l
+	if m.Uid != 0 {
+		dAtA[i] = 0x8
+		i++
+		i = encodeVarintApi(dAtA, i, uint64(m.Uid))
+	}
+	if len(m.Perms) > 0 {
+		for _, s := range m.Perms {
+			dAtA[i] = 0x12
+			i++
+			l = len(s)
+			for l >= 1<<7 {
+				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
+				l >>= 7
+				i++
+			}
+			dAtA[i] = uint8(l)
+			i++
+			i += copy(dAtA[i:], s)
+		}
+	}
+	return i, nil
+}
+
+func encodeVarintApi(dAtA []byte, offset int, v uint64) int {
+	for v >= 1<<7 {
+		dAtA[offset] = uint8(v&0x7f | 0x80)
+		v >>= 7
+		offset++
+	}
+	dAtA[offset] = uint8(v)
+	return offset + 1
+}
+func (m *LoginReq) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Mngsid)
+	if l > 0 {
+		n += 1 + l + sovApi(uint64(l))
+	}
+	l = len(m.Dsbsid)
+	if l > 0 {
+		n += 1 + l + sovApi(uint64(l))
+	}
+	return n
+}
+
+func (m *LoginReply) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Sid)
+	if l > 0 {
+		n += 1 + l + sovApi(uint64(l))
+	}
+	l = len(m.Username)
+	if l > 0 {
+		n += 1 + l + sovApi(uint64(l))
+	}
+	return n
+}
+
+func (m *PermissionReq) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Username)
+	if l > 0 {
+		n += 1 + l + sovApi(uint64(l))
+	}
+	return n
+}
+
+func (m *PermissionReply) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Uid != 0 {
+		n += 1 + sovApi(uint64(m.Uid))
+	}
+	if len(m.Perms) > 0 {
+		for _, s := range m.Perms {
+			l = len(s)
+			n += 1 + l + sovApi(uint64(l))
+		}
+	}
+	return n
+}
+
+func sovApi(x uint64) (n int) {
+	for {
+		n++
+		x >>= 7
+		if x == 0 {
+			break
+		}
+	}
+	return n
+}
+func sozApi(x uint64) (n int) {
+	return sovApi(uint64((x << 1) ^ uint64((int64(x) >> 63))))
+}
+func (m *LoginReq) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowApi
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= (uint64(b) & 0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: LoginReq: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: LoginReq: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Mngsid", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowApi
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= (uint64(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthApi
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Mngsid = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Dsbsid", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowApi
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= (uint64(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthApi
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Dsbsid = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipApi(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if skippy < 0 {
+				return ErrInvalidLengthApi
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *LoginReply) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowApi
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= (uint64(b) & 0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: LoginReply: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: LoginReply: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Sid", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowApi
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= (uint64(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthApi
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Sid = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Username", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowApi
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= (uint64(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthApi
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Username = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipApi(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if skippy < 0 {
+				return ErrInvalidLengthApi
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *PermissionReq) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowApi
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= (uint64(b) & 0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: PermissionReq: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: PermissionReq: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Username", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowApi
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= (uint64(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthApi
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Username = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipApi(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if skippy < 0 {
+				return ErrInvalidLengthApi
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *PermissionReply) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowApi
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= (uint64(b) & 0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: PermissionReply: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: PermissionReply: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Uid", wireType)
+			}
+			m.Uid = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowApi
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Uid |= (int64(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Perms", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowApi
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= (uint64(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthApi
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Perms = append(m.Perms, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipApi(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if skippy < 0 {
+				return ErrInvalidLengthApi
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func skipApi(dAtA []byte) (n int, err error) {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return 0, ErrIntOverflowApi
+			}
+			if iNdEx >= l {
+				return 0, io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= (uint64(b) & 0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		wireType := int(wire & 0x7)
+		switch wireType {
+		case 0:
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return 0, ErrIntOverflowApi
+				}
+				if iNdEx >= l {
+					return 0, io.ErrUnexpectedEOF
+				}
+				iNdEx++
+				if dAtA[iNdEx-1] < 0x80 {
+					break
+				}
+			}
+			return iNdEx, nil
+		case 1:
+			iNdEx += 8
+			return iNdEx, nil
+		case 2:
+			var length int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return 0, ErrIntOverflowApi
+				}
+				if iNdEx >= l {
+					return 0, io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				length |= (int(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			iNdEx += length
+			if length < 0 {
+				return 0, ErrInvalidLengthApi
+			}
+			return iNdEx, nil
+		case 3:
+			for {
+				var innerWire uint64
+				var start int = iNdEx
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return 0, ErrIntOverflowApi
+					}
+					if iNdEx >= l {
+						return 0, io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					innerWire |= (uint64(b) & 0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				innerWireType := int(innerWire & 0x7)
+				if innerWireType == 4 {
+					break
+				}
+				next, err := skipApi(dAtA[start:])
+				if err != nil {
+					return 0, err
+				}
+				iNdEx = start + next
+			}
+			return iNdEx, nil
+		case 4:
+			return iNdEx, nil
+		case 5:
+			iNdEx += 4
+			return iNdEx, nil
+		default:
+			return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
+		}
+	}
+	panic("unreachable")
+}
+
+var (
+	ErrInvalidLengthApi = fmt.Errorf("proto: negative length found during unmarshaling")
+	ErrIntOverflowApi   = fmt.Errorf("proto: integer overflow")
+)
+
+func init() {
+	proto.RegisterFile("app/admin/main/manager/api/api.proto", fileDescriptor_api_2329f30e789e58b5)
+}
+
+var fileDescriptor_api_2329f30e789e58b5 = []byte{
+	// 297 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x91, 0xcf, 0x4a, 0xc4, 0x30,
+	0x10, 0xc6, 0xc9, 0x96, 0x2d, 0xbb, 0x23, 0xa2, 0x06, 0x91, 0xa5, 0x48, 0x59, 0xab, 0x87, 0x05,
+	0x31, 0x05, 0x3d, 0xb9, 0x47, 0xc1, 0x9b, 0x07, 0x29, 0x78, 0xf1, 0x96, 0xda, 0x18, 0x03, 0x9b,
+	0x26, 0x26, 0xed, 0x61, 0x5f, 0xc8, 0x67, 0xf1, 0xe8, 0x23, 0x48, 0x9f, 0x44, 0x92, 0x46, 0x77,
+	0xfd, 0x83, 0x7b, 0x68, 0x99, 0x6f, 0xe6, 0xf7, 0xf5, 0x4b, 0x27, 0x70, 0x42, 0xb5, 0xce, 0x69,
+	0x25, 0x45, 0x9d, 0x4b, 0xea, 0x5f, 0x35, 0xe5, 0xcc, 0xe4, 0x54, 0x0b, 0xf7, 0x10, 0x6d, 0x54,
+	0xa3, 0x30, 0x76, 0x33, 0x12, 0x66, 0xc4, 0xe3, 0xc9, 0x19, 0x17, 0xcd, 0x53, 0x5b, 0x92, 0x07,
+	0x25, 0x73, 0xae, 0xb8, 0xca, 0x3d, 0x5a, 0xb6, 0x8f, 0x5e, 0x79, 0xe1, 0xab, 0xfe, 0x13, 0xd9,
+	0x1c, 0x46, 0x37, 0x8a, 0x8b, 0xba, 0x60, 0xcf, 0xf8, 0x00, 0x62, 0x59, 0x73, 0x2b, 0xaa, 0x09,
+	0x9a, 0xa2, 0xd9, 0xb8, 0x08, 0xca, 0xf5, 0x2b, 0x5b, 0xba, 0xfe, 0xa0, 0xef, 0xf7, 0x2a, 0x9b,
+	0x03, 0x04, 0xaf, 0x5e, 0x2c, 0xf1, 0x2e, 0x44, 0x2b, 0xab, 0x2b, 0x71, 0x02, 0xa3, 0xd6, 0x32,
+	0x53, 0x53, 0xc9, 0x82, 0xf3, 0x4b, 0x67, 0xa7, 0xb0, 0x7d, 0xcb, 0x8c, 0x14, 0xd6, 0x0a, 0xe5,
+	0xc3, 0xd7, 0x61, 0xf4, 0x03, 0xbe, 0x84, 0x9d, 0x75, 0x38, 0xa4, 0xb5, 0x21, 0x2d, 0x2a, 0x5c,
+	0x89, 0xf7, 0x61, 0xa8, 0x99, 0x91, 0x76, 0x32, 0x98, 0x46, 0xb3, 0x71, 0xd1, 0x8b, 0xf3, 0x17,
+	0x04, 0xb1, 0xf7, 0x36, 0xf8, 0x1a, 0x86, 0xfe, 0xb8, 0xf8, 0x90, 0xfc, 0xde, 0x1b, 0xf9, 0xdc,
+	0x42, 0x92, 0xfe, 0x33, 0x75, 0xc9, 0x77, 0xb0, 0xb5, 0x3a, 0x8c, 0xc5, 0x47, 0x7f, 0xe1, 0xdf,
+	0x7e, 0x2d, 0x39, 0xde, 0x84, 0xe8, 0xc5, 0xf2, 0x6a, 0xef, 0xb5, 0x4b, 0xd1, 0x5b, 0x97, 0xa2,
+	0xf7, 0x2e, 0x45, 0xf7, 0x11, 0xd5, 0xa2, 0x8c, 0xfd, 0x15, 0x5d, 0x7c, 0x04, 0x00, 0x00, 0xff,
+	0xff, 0xc2, 0xa5, 0xc9, 0x91, 0x0d, 0x02, 0x00, 0x00,
+}
--- a/app/admin/main/manager/api/api.proto
+++ b/app/admin/main/manager/api/api.proto
@@ -0,0 +1,32 @@
+syntax = "proto3";
+
+package main.manager.admin;
+
+import "github.com/gogo/protobuf/gogoproto/gogo.proto";
+
+option go_package = "api";
+
+// Permit
+service Permit {
+    rpc Login(LoginReq) returns(LoginReply);
+    rpc Permissions(PermissionReq) returns(PermissionReply);
+}
+
+message LoginReq {
+    string mngsid = 1;
+    string dsbsid = 2;
+}
+
+message LoginReply {
+    string sid = 1;
+    string username = 2;
+}
+
+message PermissionReq {
+    string username = 1;
+}
+
+message PermissionReply {
+    int64 uid = 1;
+    repeated string perms = 2;
+}
--- a/app/admin/main/manager/api/client.go
+++ b/app/admin/main/manager/api/client.go
@@ -0,0 +1,21 @@
+package api
+
+import (
+	"context"
+	"go-common/library/net/rpc/warden"
+
+	"google.golang.org/grpc"
+)
+
+// AppID discovery id.
+const AppID = "main.admin.manager"
+
+// NewClient .
+func NewClient(cfg *warden.ClientConfig, opts ...grpc.DialOption) (PermitClient, error) {
+	client := warden.NewClient(cfg, opts...)
+	conn, err := client.Dial(context.Background(), "discovery://default/"+AppID)
+	if err != nil {
+		return nil, err
+	}
+	return NewPermitClient(conn), nil
+}
--- a/app/admin/main/manager/cmd/BUILD
+++ b/app/admin/main/manager/cmd/BUILD
@@ -0,0 +1,43 @@
+package(default_visibility = ["//visibility:public"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_binary",
+    "go_library",
+)
+
+go_binary(
+    name = "cmd",
+    embed = [":go_default_library"],
+    tags = ["automanaged"],
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = ["main.go"],
+    data = ["manager-admin-test.toml"],
+    importpath = "go-common/app/admin/main/manager/cmd",
+    tags = ["automanaged"],
+    deps = [
+        "//app/admin/main/manager/conf:go_default_library",
+        "//app/admin/main/manager/server/grpc:go_default_library",
+        "//app/admin/main/manager/server/http:go_default_library",
+        "//app/admin/main/manager/service:go_default_library",
+        "//library/log:go_default_library",
+        "//library/net/trace:go_default_library",
+    ],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [":package-srcs"],
+    tags = ["automanaged"],
+    visibility = ["//visibility:public"],
+)
--- a/app/admin/main/manager/cmd/main.go
+++ b/app/admin/main/manager/cmd/main.go
@@ -0,0 +1,57 @@
+package main
+
+import (
+	"context"
+	"flag"
+	"os"
+	"os/signal"
+	"syscall"
+	"time"
+
+	"go-common/app/admin/main/manager/conf"
+	"go-common/app/admin/main/manager/server/grpc"
+	"go-common/app/admin/main/manager/server/http"
+	"go-common/app/admin/main/manager/service"
+	"go-common/library/log"
+	"go-common/library/net/trace"
+)
+
+func main() {
+	flag.Parse()
+	if err := conf.Init(); err != nil {
+		log.Error("conf.Init() error(%v)", err)
+		panic(err)
+	}
+	// init log
+	log.Init(conf.Conf.Log)
+	trace.Init(conf.Conf.Tracer)
+	defer trace.Close()
+	defer func() {
+		log.Close()
+		// wait for a while to guarantee that all log messages are written
+		time.Sleep(10 * time.Millisecond)
+	}()
+	// service init
+	svc := service.New(conf.Conf)
+	grpcSvc := grpc.New(conf.Conf.WardenServer, svc)
+	http.Init(conf.Conf, svc)
+	log.Info("manager-admin start")
+	// init signal
+	c := make(chan os.Signal, 1)
+	signal.Notify(c, syscall.SIGHUP, syscall.SIGQUIT, syscall.SIGTERM, syscall.SIGINT)
+	for {
+		s := <-c
+		log.Info("manager-admin get a signal %s", s.String())
+		switch s {
+		case syscall.SIGQUIT, syscall.SIGTERM, syscall.SIGSTOP, syscall.SIGINT:
+			grpcSvc.Shutdown(context.Background())
+			svc.Close()
+			log.Info("manager-admin exit")
+			return
+		case syscall.SIGHUP:
+		// TODO reload
+		default:
+			return
+		}
+	}
+}
--- a/app/admin/main/manager/cmd/manager-admin-test.toml
+++ b/app/admin/main/manager/cmd/manager-admin-test.toml
@@ -0,0 +1,56 @@
+version = "1.0.0"
+user = "nobody"
+pid = "/tmp/manager-admin.pid"
+dir = "./"
+unameTicker = "1m"
+
+[log]
+    dir = "/data/log/manager-admin/"
+
+[HTTPServer]
+    addr = "0.0.0.0:6683"
+    timeout = "1s"
+
+[httpClient]
+    key = "6aa4286456d16b97"
+    secret = "351cf022e1ae8296109c3c524faafcc8"
+    dial = "50ms"
+    timeout = "3s"
+
+[dsbClient]
+    key = "manager-go"
+    secret = "949bbb2dd3178252638c2407578bc7ad"
+    dial = "300ms"
+    timeout = "1s"
+
+[orm]
+    dsn = "test:test@tcp(172.16.33.205:3308)/bilibili_manager?timeout=5s&readTimeout=5s&writeTimeout=5s&parseTime=true&loc=Local&charset=utf8,utf8mb4"
+    active = 5
+    idle = 5
+    idleTimeout = "4h"
+
+[cfg]
+rankGroupMaxPs = 10
+
+[permit]
+    [permit.Memcache]
+        name = "go-business/auth"
+        proto = "tcp"
+        addr = "172.18.33.61:11232"
+        active = 10
+        idle = 10
+        dialTimeout = "1s"
+        readTimeout = "1s"
+        writeTimeout = "1s"
+        idleTimeout = "80s"
+
+[memcache]
+    name = "go-business/auth"
+    proto = "tcp"
+    addr = "172.18.33.61:11232"
+    active = 10
+    idle = 10
+    dialTimeout = "1s"
+    readTimeout = "1s"
+    writeTimeout = "1s"
+    idleTimeout = "80s"
--- a/app/admin/main/manager/conf/BUILD
+++ b/app/admin/main/manager/conf/BUILD
@@ -0,0 +1,39 @@
+package(default_visibility = ["//visibility:public"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_library",
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = ["conf.go"],
+    importpath = "go-common/app/admin/main/manager/conf",
+    tags = ["automanaged"],
+    deps = [
+        "//library/cache/memcache:go_default_library",
+        "//library/conf:go_default_library",
+        "//library/database/orm:go_default_library",
+        "//library/log:go_default_library",
+        "//library/net/http/blademaster:go_default_library",
+        "//library/net/http/blademaster/middleware/permit:go_default_library",
+        "//library/net/rpc/warden:go_default_library",
+        "//library/net/trace:go_default_library",
+        "//library/time:go_default_library",
+        "//vendor/github.com/BurntSushi/toml:go_default_library",
+    ],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [":package-srcs"],
+    tags = ["automanaged"],
+    visibility = ["//visibility:public"],
+)
--- a/app/admin/main/manager/conf/conf.go
+++ b/app/admin/main/manager/conf/conf.go
@@ -0,0 +1,96 @@
+package conf
+
+import (
+	"errors"
+	"flag"
+
+	"go-common/library/cache/memcache"
+	"go-common/library/conf"
+	"go-common/library/database/orm"
+	"go-common/library/log"
+	bm "go-common/library/net/http/blademaster"
+	"go-common/library/net/http/blademaster/middleware/permit"
+	"go-common/library/net/rpc/warden"
+	"go-common/library/net/trace"
+	xtime "go-common/library/time"
+
+	"github.com/BurntSushi/toml"
+)
+
+// Config .
+type Config struct {
+	Cfg          *cfg
+	App          *bm.App
+	ORM          *orm.Config
+	Log          *log.Config
+	Tracer       *trace.Config
+	Memcache     *memcache.Config
+	HTTPServer   *bm.ServerConfig
+	HTTPClient   *bm.ClientConfig
+	DsbClient    *bm.ClientConfig
+	UnameTicker  xtime.Duration
+	WardenServer *warden.ServerConfig
+	Permit       *permit.Config2
+}
+
+type cfg struct {
+	RankGroupMaxPs int
+}
+
+var (
+	confPath string
+	client   *conf.Client
+	// Conf config
+	Conf = &Config{}
+)
+
+func init() {
+	flag.StringVar(&confPath, "conf", "", "config path")
+}
+
+// Init .
+func Init() (err error) {
+	if confPath != "" {
+		return local()
+	}
+	return remote()
+}
+
+func local() (err error) {
+	_, err = toml.DecodeFile(confPath, &Conf)
+	return
+}
+
+func remote() (err error) {
+	if client, err = conf.New(); err != nil {
+		return
+	}
+	if err = load(); err != nil {
+		return
+	}
+	go func() {
+		for range client.Event() {
+			log.Info("config reload")
+			if load() != nil {
+				log.Error("config reload err")
+			}
+		}
+	}()
+	return
+}
+
+func load() (err error) {
+	var (
+		s       string
+		ok      bool
+		tmpConf *Config
+	)
+	if s, ok = client.Toml2(); !ok {
+		return errors.New("load config center error")
+	}
+	if _, err = toml.Decode(s, &tmpConf); err != nil {
+		return errors.New("could not decode config")
+	}
+	*Conf = *tmpConf
+	return
+}
--- a/app/admin/main/manager/dao/BUILD
+++ b/app/admin/main/manager/dao/BUILD
@@ -0,0 +1,69 @@
+package(default_visibility = ["//visibility:public"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_test",
+    "go_library",
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = [
+        "business_test.go",
+        "dao_test.go",
+        "mc_test.go",
+        "permit_test.go",
+        "reason_test.go",
+        "tag_test.go",
+    ],
+    embed = [":go_default_library"],
+    rundir = ".",
+    tags = ["automanaged"],
+    deps = [
+        "//app/admin/main/manager/conf:go_default_library",
+        "//app/admin/main/manager/model:go_default_library",
+        "//library/ecode:go_default_library",
+        "//library/net/http/blademaster/middleware/permit:go_default_library",
+        "//vendor/github.com/smartystreets/goconvey/convey:go_default_library",
+    ],
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "business.go",
+        "dao.go",
+        "journal.go",
+        "mc.go",
+        "permit.go",
+        "reason.go",
+        "tag.go",
+    ],
+    importpath = "go-common/app/admin/main/manager/dao",
+    tags = ["automanaged"],
+    deps = [
+        "//app/admin/main/manager/conf:go_default_library",
+        "//app/admin/main/manager/model:go_default_library",
+        "//library/cache/memcache:go_default_library",
+        "//library/database/orm:go_default_library",
+        "//library/ecode:go_default_library",
+        "//library/log:go_default_library",
+        "//library/net/http/blademaster:go_default_library",
+        "//library/net/http/blademaster/middleware/permit:go_default_library",
+        "//vendor/github.com/jinzhu/gorm:go_default_library",
+    ],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [":package-srcs"],
+    tags = ["automanaged"],
+    visibility = ["//visibility:public"],
+)
--- a/app/admin/main/manager/dao/business.go
+++ b/app/admin/main/manager/dao/business.go
@@ -0,0 +1,244 @@
+package dao
+
+import (
+	"context"
+	"fmt"
+	"strconv"
+	"strings"
+
+	"go-common/app/admin/main/manager/model"
+
+	"github.com/jinzhu/gorm"
+)
+
+// AddBusiness .
+func (d *Dao) AddBusiness(c context.Context, b *model.Business) (err error) {
+	maxBid := int64(-1)
+	if b.PID != 0 {
+		if maxBid, err = d.maxBid(c); err != nil {
+			return
+		}
+	}
+	valueStrings := []string{}
+	valueArgs := []interface{}{}
+	for _, name := range b.Names {
+		maxBid++
+		valueStrings = append(valueStrings, "(?,?,?,?,?,?)")
+		valueArgs = append(valueArgs, b.PID, maxBid, name, b.Flow, b.FlowState, b.State)
+	}
+	stmt := fmt.Sprintf("INSERT INTO manager_business(pid,bid,name,flow,flow_state,state) VALUES %s ON DUPLICATE KEY UPDATE pid=values(pid),name=values(name),flow=values(flow),flow_state=values(flow_state),state=values(state)", strings.Join(valueStrings, ","))
+	err = d.db.Exec(stmt, valueArgs...).Error
+	return
+}
+
+// maxBidByPid .
+func (d *Dao) maxBid(c context.Context) (maxBid int64, err error) {
+	err = d.db.Table("manager_business").Select("max(bid)").Row().Scan(&maxBid)
+	return
+}
+
+// UpdateBusiness .
+func (d *Dao) UpdateBusiness(c context.Context, b *model.Business) error {
+	return d.db.Table("manager_business").Where("id = ?", b.ID).
+		Update(map[string]interface{}{
+			"name": b.Name,
+			"flow": b.Flow,
+		}).Error
+}
+
+// BusinessChilds .
+func (d *Dao) BusinessChilds(c context.Context, pid int64) (res []*model.Business, err error) {
+	err = d.db.Table("manager_business").Where("pid = ?", pid).Find(&res).Error
+	return
+}
+
+// AddRole .
+func (d *Dao) AddRole(c context.Context, br *model.BusinessRole) (err error) {
+	stmt := fmt.Sprintf("INSERT INTO manager_business_role(bid,rid,name,type,state) VALUES %s ON DUPLICATE KEY UPDATE bid=values(bid),name=values(name),type=values(type),state=values(state)", "(?,?,?,?,?)")
+	err = d.db.Exec(stmt, br.BID, br.RID, br.Name, br.Type, br.State).Error
+	return
+}
+
+// MaxRidByBid .
+func (d *Dao) MaxRidByBid(c context.Context, bid int64) (maxRid interface{}, err error) {
+	err = d.db.Table("manager_business_role").Select("max(rid) as mrid").Where("bid = ?", bid).Row().Scan(&maxRid)
+	return
+}
+
+// UpdateRole .
+func (d *Dao) UpdateRole(c context.Context, br *model.BusinessRole) error {
+	return d.db.Table("manager_business_role").Where("id = ?", br.ID).
+		Update("name", br.Name).Error
+}
+
+// RoleByRIDs .
+func (d *Dao) RoleByRIDs(c context.Context, bid int64, rids []int64) (res map[int64]*model.BusinessRole, err error) {
+	t := []*model.BusinessRole{}
+	res = make(map[int64]*model.BusinessRole)
+	err = d.db.Where("rid IN (?)", rids).Where("bid = ?", bid).Find(&t).Error
+	for _, r := range t {
+		res[r.RID] = r
+	}
+	return
+}
+
+// AddUser add users with associated roles .
+func (d *Dao) AddUser(c context.Context, bur *model.BusinessUserRole) error {
+	valueStrings := []string{}
+	valueArgs := []interface{}{}
+	for _, uid := range bur.UIDs {
+		valueStrings = append(valueStrings, "(?,?,?,?)")
+		valueArgs = append(valueArgs, uid, bur.CUID, bur.BID, bur.Role)
+	}
+	stmt := fmt.Sprintf("INSERT INTO manager_business_user_role(uid, cuid, bid, role) VALUES %s ON DUPLICATE KEY UPDATE uid=values(uid),cuid=values(cuid),bid=values(bid),role=values(role)", strings.Join(valueStrings, ","))
+	return d.db.Exec(stmt, valueArgs...).Error
+}
+
+// UpdateUser .
+func (d *Dao) UpdateUser(c context.Context, bur *model.BusinessUserRole) error {
+	return d.db.Table("manager_business_user_role").Where("id = ?", bur.ID).
+		Update("role", bur.Role).Error
+}
+
+// UpdateBusinessState .
+func (d *Dao) UpdateBusinessState(c context.Context, su *model.StateUpdate) error {
+	return d.db.Table("manager_business").Where("id = ?", su.ID).
+		Update("state", su.State).Error
+}
+
+// BatchUpdateChildState .
+func (d *Dao) BatchUpdateChildState(c context.Context, pid int64, flowStates []int64) error {
+	return d.db.Table("manager_business").Where("flow_state NOT IN (?)", flowStates).Where("pid = ?", pid).
+		Update("state", 0).Error
+}
+
+// UpdateBusinessRoleState .
+func (d *Dao) UpdateBusinessRoleState(c context.Context, su *model.StateUpdate) error {
+	return d.db.Table("manager_business_role").Where("id = ?", su.ID).
+		Update("state", su.State).Error
+}
+
+// ParentBusiness .
+func (d *Dao) ParentBusiness(c context.Context, state int64) (res map[int64]*model.BusinessList, err error) {
+	temp := []*model.BusinessList{}
+	res = make(map[int64]*model.BusinessList)
+	db := d.db.Where("pid = ?", 0)
+	if state != -1 {
+		db = db.Where("state = ?", state)
+	}
+	if err = db.Order("id asc", true).Find(&temp).Error; err != nil {
+		return
+	}
+	for _, t := range temp {
+		res[t.ID] = t
+	}
+	return
+}
+
+// ChildBusiness .
+func (d *Dao) ChildBusiness(c context.Context, bp *model.BusinessListParams) (res map[int64]*model.BusinessList, err error) {
+	temp := []*model.BusinessList{}
+	res = make(map[int64]*model.BusinessList)
+	db := d.db.Where("pid != ?", 0)
+	if bp.State != -1 {
+		db = db.Where("state = ?", bp.State)
+	}
+	if bp.Flow != 0 {
+		db = db.Where("flow_state = ?", bp.Flow)
+	}
+	err = db.Order("ctime desc").Find(&temp).Error
+	for _, t := range temp {
+		res[t.ID] = t
+	}
+	return
+}
+
+// ChildBusinessByPIDs .
+func (d *Dao) ChildBusinessByPIDs(c context.Context, pids []int64) (res map[int64][]*model.BusinessList, err error) {
+	res = make(map[int64][]*model.BusinessList)
+	temp := []*model.BusinessList{}
+	if err = d.db.Where("pid IN (?)", pids).Find(&temp).Error; err != nil {
+		return
+	}
+	for _, t := range temp {
+		res[t.PID] = append(res[t.PID], t)
+	}
+	return
+}
+
+// FlowList .
+func (d *Dao) FlowList(c context.Context, bp *model.BusinessListParams) (res []*model.BusinessList, err error) {
+	db := d.db.Where("pid != ?", 0)
+	if bp.Flow > 0 {
+		db = db.Where("flow_state = ?", bp.Flow)
+	}
+	if bp.State != -1 {
+		db = db.Where("state = ?", bp.State)
+	}
+	err = db.Find(&res).Error
+	return
+}
+
+// RoleListByBID .
+func (d *Dao) RoleListByBID(c context.Context, br *model.BusinessRole) (res []*model.BusinessRole, err error) {
+	db := d.db
+	if br.BID > 0 {
+		db = db.Where("bid = ?", br.BID)
+	}
+	if br.Type != -1 {
+		db = db.Where("type = ?", br.Type)
+	}
+	if br.State != -1 {
+		db = db.Where("state = ?", br.State)
+	}
+	err = db.Order("rid desc").Find(&res).Error
+	return
+}
+
+// RoleListByRIDs .
+func (d *Dao) RoleListByRIDs(c context.Context, bid int64, rids []int64) (res []*model.BusinessRole, err error) {
+	err = d.DB().Table("manager_business_role").Where("bid = ? AND rid IN (?)", bid, rids).Where("state = ?", 1).Find(&res).Error
+	return
+}
+
+// UserList .
+func (d *Dao) UserList(c context.Context, u *model.UserListParams) (res []*model.BusinessUserRoleList, err error) {
+	db := d.db.Table("manager_business_user_role")
+	if u.BID > 0 {
+		db = db.Where("bid = ?", u.BID)
+	}
+	if u.UID > 0 {
+		db = db.Where("uid = ?", u.UID)
+	}
+	if u.Role != -1 {
+		db = db.Where("find_in_set(?, role) > 0", strconv.FormatInt(u.Role, 10))
+	}
+	err = db.Where("state = ?", model.UserOnState).Find(&res).Error
+	return
+}
+
+// DeleteUser .
+func (d *Dao) DeleteUser(c context.Context, bur *model.BusinessUserRole) error {
+	return d.db.Table("manager_business_user_role").Where("id = ?", bur.ID).Update("state", model.UserOffState).Error
+}
+
+// BusinessByID .
+func (d *Dao) BusinessByID(c context.Context, id int64) (res *model.BusinessList, err error) {
+	res = &model.BusinessList{}
+	if err = d.db.Where("id = ?", id).First(res).Error; err == gorm.ErrRecordNotFound {
+		err = nil
+	}
+	return
+}
+
+// UserRoles .
+func (d *Dao) UserRoles(c context.Context, uid int64) (res []*model.BusinessUserRoleList, err error) {
+	err = d.db.Table("manager_business_user_role").Where("uid = ?", uid).Find(&res).Error
+	return
+}
+
+// UserRoleByBIDs .
+func (d *Dao) UserRoleByBIDs(c context.Context, uid int64, bids []int64) (res []*model.BusinessUserRoleList, err error) {
+	err = d.DB().Table("manager_business_user_role").Where("bid IN (?)", bids).Where("uid = ? AND state = ?", uid, 1).Find(&res).Error
+	return
+}
--- a/app/admin/main/manager/dao/business_test.go
+++ b/app/admin/main/manager/dao/business_test.go
@@ -0,0 +1,50 @@
+package dao
+
+import (
+	"context"
+	"testing"
+
+	"go-common/app/admin/main/manager/model"
+
+	"github.com/smartystreets/goconvey/convey"
+)
+
+func TestMaxBid(t *testing.T) {
+	convey.Convey("maxBid", t, func() {
+		_, err := d.maxBid(context.Background())
+		convey.So(err, convey.ShouldBeNil)
+	})
+}
+
+func TestUpdateBusiness(t *testing.T) {
+	convey.Convey("UpdateBusiness", t, func() {
+		p := &model.Business{
+			ID:   1,
+			Name: "test",
+			Flow: 1,
+		}
+		err := d.UpdateBusiness(context.Background(), p)
+		convey.So(err, convey.ShouldBeNil)
+	})
+}
+
+func TestBusinessChilds(t *testing.T) {
+	convey.Convey("BusinessChilds", t, func() {
+		_, err := d.BusinessChilds(context.Background(), 1)
+		convey.So(err, convey.ShouldBeNil)
+	})
+}
+
+func TestMaxRidByBid(t *testing.T) {
+	convey.Convey("MaxRidByBid", t, func() {
+		_, err := d.MaxRidByBid(context.Background(), 1)
+		convey.So(err, convey.ShouldBeNil)
+	})
+}
+
+func TestParentBusiness(t *testing.T) {
+	convey.Convey("ParentBusiness", t, func() {
+		_, err := d.ParentBusiness(context.Background(), int64(1))
+		convey.So(err, convey.ShouldBeNil)
+	})
+}
--- a/app/admin/main/manager/dao/dao.go
+++ b/app/admin/main/manager/dao/dao.go
@@ -0,0 +1,56 @@
+package dao
+
+import (
+	"context"
+
+	"go-common/app/admin/main/manager/conf"
+	"go-common/library/cache/memcache"
+	"go-common/library/database/orm"
+	bm "go-common/library/net/http/blademaster"
+
+	"github.com/jinzhu/gorm"
+)
+
+// Dao .
+type Dao struct {
+	db         *gorm.DB
+	mc         *memcache.Pool
+	httpClient *bm.Client
+	dsbClient  *bm.Client
+}
+
+// New new a instance
+func New(c *conf.Config) (d *Dao) {
+	d = &Dao{
+		db:         orm.NewMySQL(c.ORM),
+		mc:         memcache.NewPool(c.Memcache),
+		httpClient: bm.NewClient(c.HTTPClient),
+		dsbClient:  bm.NewClient(c.DsbClient),
+	}
+	d.initORM()
+	return
+}
+
+func (d *Dao) initORM() {
+	d.db.LogMode(true)
+}
+
+// DB .
+func (d *Dao) DB() *gorm.DB {
+	return d.db
+}
+
+// Ping check connection of db , mc.
+func (d *Dao) Ping(c context.Context) (err error) {
+	if d.db != nil {
+		err = d.db.DB().PingContext(c)
+	}
+	return
+}
+
+// Close close connection of db , mc.
+func (d *Dao) Close() {
+	if d.db != nil {
+		d.db.Close()
+	}
+}
--- a/app/admin/main/manager/dao/dao_test.go
+++ b/app/admin/main/manager/dao/dao_test.go
@@ -0,0 +1,37 @@
+package dao
+
+import (
+	"flag"
+	"go-common/app/admin/main/manager/conf"
+	"os"
+	"path/filepath"
+	"testing"
+)
+
+var d *Dao
+
+func TestMain(m *testing.M) {
+	if os.Getenv("DEPLOY_ENV") != "" {
+		flag.Set("app_id", "main.manager.manager-admin")
+		flag.Set("conf_token", "b661550b1a2cce530787e00ed1625581")
+		flag.Set("tree_id", "11038")
+		flag.Set("conf_version", "docker-1")
+		flag.Set("deploy_env", "uat")
+		flag.Set("conf_host", "config.bilibili.co")
+		flag.Set("conf_path", "/tmp")
+		flag.Set("region", "sh")
+		flag.Set("zone", "sh001")
+	} else {
+		dir, _ := filepath.Abs("../cmd/manager-admin-test.toml")
+		if err := flag.Set("conf", dir); err != nil {
+			panic(err)
+		}
+	}
+	flag.Parse()
+	if err := conf.Init(); err != nil {
+		panic(err)
+	}
+	d = New(conf.Conf)
+	m.Run()
+	os.Exit(0)
+}
--- a/app/admin/main/manager/dao/journal.go
+++ b/app/admin/main/manager/dao/journal.go
@@ -0,0 +1,41 @@
+package dao
+
+import (
+	"bufio"
+	"net/http"
+	"strings"
+
+	"go-common/app/admin/main/manager/model"
+	bm "go-common/library/net/http/blademaster"
+)
+
+const (
+	_searchAuditURL  = "http://manager.bilibili.co/x/admin/search/log/audit"
+	_searchActionURL = "http://manager.bilibili.co/x/admin/search/log/user_action"
+)
+
+// SearchLogAudit .
+func (d *Dao) SearchLogAudit(c *bm.Context) (res *model.LogRes, err error) {
+	res, err = d.combination(c, _searchAuditURL)
+	return
+}
+
+// SearchLogAction .
+func (d *Dao) SearchLogAction(c *bm.Context) (res *model.LogRes, err error) {
+	res, err = d.combination(c, _searchActionURL)
+	return
+}
+
+// combination .
+func (d *Dao) combination(c *bm.Context, preURL string) (res *model.LogRes, err error) {
+	params := c.Request.URL.RawQuery
+	url := preURL + "?" + params
+	cookie := c.Request.Header.Get("Cookie")
+	req, err := http.NewRequest(http.MethodGet, url, bufio.NewReader(strings.NewReader(params)))
+	if err != nil {
+		return
+	}
+	req.Header.Set("Cookie", cookie)
+	err = d.httpClient.Do(c, req, &res)
+	return
+}
--- a/app/admin/main/manager/dao/mc.go
+++ b/app/admin/main/manager/dao/mc.go
@@ -0,0 +1,43 @@
+package dao
+
+import (
+	"context"
+
+	"go-common/library/cache/memcache"
+	"go-common/library/log"
+	"go-common/library/net/http/blademaster/middleware/permit"
+)
+
+// Session .
+func (d *Dao) Session(ctx context.Context, sid string) (res *permit.Session, err error) {
+	conn := d.mc.Get(ctx)
+	defer conn.Close()
+	r, err := conn.Get(sid)
+	if err != nil {
+		if err == memcache.ErrNotFound {
+			err = nil
+			return
+		}
+		log.Error("conn.Get(%s) error(%v)", sid, err)
+		return
+	}
+	res = &permit.Session{}
+	if err = conn.Scan(r, res); err != nil {
+		log.Error("conn.Scan(%s) error(%v)", string(r.Value), err)
+	}
+	return
+}
+
+// SetSession .
+func (d *Dao) SetSession(ctx context.Context, p *permit.Session) (err error) {
+	conn := d.mc.Get(ctx)
+	defer conn.Close()
+	item := &memcache.Item{
+		Key:        p.Sid,
+		Object:     p,
+		Flags:      memcache.FlagJSON,
+		Expiration: int32(_sessionLife),
+	}
+	err = conn.Set(item)
+	return
+}
--- a/app/admin/main/manager/dao/mc_test.go
+++ b/app/admin/main/manager/dao/mc_test.go
@@ -0,0 +1,28 @@
+package dao
+
+import (
+	"context"
+	"testing"
+
+	"go-common/library/net/http/blademaster/middleware/permit"
+
+	"github.com/smartystreets/goconvey/convey"
+)
+
+func TestSession(t *testing.T) {
+	convey.Convey("Session", t, func() {
+		sid := "1234567890"
+		_, err := d.Session(context.Background(), sid)
+		convey.So(err, convey.ShouldBeNil)
+	})
+}
+
+func TestSetSession(t *testing.T) {
+	convey.Convey("SetSession", t, func() {
+		p := &permit.Session{
+			Sid: "1234567890",
+		}
+		err := d.SetSession(context.Background(), p)
+		convey.So(err, convey.ShouldBeNil)
+	})
+}
--- a/app/admin/main/manager/dao/permit.go
+++ b/app/admin/main/manager/dao/permit.go
@@ -0,0 +1,53 @@
+package dao
+
+import (
+	"context"
+	"crypto/rand"
+	"encoding/hex"
+	"net/url"
+
+	"go-common/library/ecode"
+	"go-common/library/net/http/blademaster/middleware/permit"
+)
+
+const (
+	_sessionlen   = 32
+	_sessionLife  = 2592000
+	_dsbCaller    = "manager-go"
+	_dsbVerifyURL = "http://dashboard-mng.bilibili.co/api/session/verify"
+)
+
+// VerifyDsb .
+func (d *Dao) VerifyDsb(ctx context.Context, sid string) (res string, err error) {
+	params := url.Values{}
+	params.Set("session_id", sid)
+	params.Set("encrypt", "md5")
+	params.Set("caller", _dsbCaller)
+	var dsbRes struct {
+		Code     int    `json:"code"`
+		UserName string `json:"username"`
+	}
+	if err = d.dsbClient.Get(ctx, _dsbVerifyURL, "", params, &dsbRes); err != nil {
+		return
+	}
+	if ecode.Int(dsbRes.Code) != ecode.OK {
+		err = ecode.Int(dsbRes.Code)
+		return
+	}
+	res = dsbRes.UserName
+	return
+}
+
+// NewSession .
+func (d *Dao) NewSession(ctx context.Context) (res *permit.Session) {
+	b := make([]byte, _sessionlen)
+	n, err := rand.Read(b)
+	if n != len(b) || err != nil {
+		return
+	}
+	res = &permit.Session{
+		Sid:    hex.EncodeToString(b),
+		Values: make(map[string]interface{}),
+	}
+	return
+}
--- a/app/admin/main/manager/dao/permit_test.go
+++ b/app/admin/main/manager/dao/permit_test.go
@@ -0,0 +1,27 @@
+package dao
+
+import (
+	"context"
+	"go-common/library/ecode"
+	"testing"
+
+	"github.com/smartystreets/goconvey/convey"
+)
+
+func TestVerifyDsb(t *testing.T) {
+	convey.Convey("VerifyDsb", t, func() {
+		sid := "1234567890"
+		_, err := d.VerifyDsb(context.Background(), sid)
+		if err == ecode.NoLogin {
+			err = nil
+		}
+		convey.So(err, convey.ShouldBeNil)
+	})
+}
+
+func TestNewSession(t *testing.T) {
+	convey.Convey("NewSession", t, func() {
+		res := d.NewSession(context.Background())
+		convey.So(res, convey.ShouldNotBeNil)
+	})
+}
--- a/app/admin/main/manager/dao/reason.go
+++ b/app/admin/main/manager/dao/reason.go
@@ -0,0 +1,143 @@
+package dao
+
+import (
+	"context"
+
+	"go-common/app/admin/main/manager/model"
+)
+
+// AddCateSecExt .
+func (d *Dao) AddCateSecExt(c context.Context, e *model.CateSecExt) (err error) {
+	str := "INSERT INTO manager_reason_catesecext (bid,name,type) VALUES (?,?,?) ON DUPLICATE KEY UPDATE bid=values(bid),name=values(name),type=values(type)"
+	return d.db.Exec(str, e.BusinessID, e.Name, e.Type).Error
+}
+
+// UpdateCateSecExt .
+func (d *Dao) UpdateCateSecExt(c context.Context, e *model.CateSecExt) (err error) {
+	return d.db.Table("manager_reason_catesecext").Where("id = ?", e.ID).Update("name", e.Name).Error
+}
+
+// BanCateSecExt .
+func (d *Dao) BanCateSecExt(c context.Context, e *model.CateSecExt) (err error) {
+	return d.db.Table("manager_reason_catesecext").Where("id = ?", e.ID).Update("state", e.State).Error
+}
+
+// AddAssociation .
+func (d *Dao) AddAssociation(c context.Context, e *model.Association) (err error) {
+	return d.db.Table("manager_reason_association").Create(&e).Error
+}
+
+// UpdateAssociation .
+func (d *Dao) UpdateAssociation(c context.Context, e *model.Association) (err error) {
+	return d.db.Table("manager_reason_association").Where("id = ?", e.ID).Updates(
+		map[string]interface{}{
+			"rid":  e.RoleID,
+			"cid":  e.CategoryID,
+			"sids": e.SecondIDs,
+		}).Error
+}
+
+// BanAssociation .
+func (d *Dao) BanAssociation(c context.Context, e *model.Association) (err error) {
+	return d.db.Table("manager_reason_association").Where("id = ?", e.ID).Update("state", e.State).Error
+}
+
+// AddReason .
+func (d *Dao) AddReason(c context.Context, e *model.Reason) (err error) {
+	return d.db.Table("manager_reason").Create(e).Error
+}
+
+// UpdateReason .
+func (d *Dao) UpdateReason(c context.Context, e *model.Reason) (err error) {
+	return d.db.Table("manager_reason").Where("id = ?", e.ID).
+		Updates(map[string]interface{}{
+			"rid":         e.RoleID,
+			"cid":         e.CategoryID,
+			"sid":         e.SecondID,
+			"state":       e.State,
+			"common":      e.Common,
+			"uid":         e.UID,
+			"description": e.Description,
+			"weight":      e.Weight,
+			"flag":        e.Flag,
+			"lid":         e.LinkID,
+			"type_id":     e.TypeID,
+			"tid":         e.TagID,
+		}).Error
+}
+
+// ReasonList .
+func (d *Dao) ReasonList(c context.Context, e *model.SearchReasonParams) (res []*model.Reason, err error) {
+	db := d.db.Table("manager_reason")
+	if e.BusinessID != -1 {
+		db = db.Where("bid = ?", e.BusinessID)
+	}
+	if e.KeyWord != "" {
+		db = db.Where("description LIKE ?", "%"+e.KeyWord+"%")
+	}
+	if e.RoleID != 0 {
+		db = db.Where("rid = ?", e.RoleID)
+	}
+	if e.CategoryID != 0 {
+		db = db.Where("cid = ?", e.CategoryID)
+	}
+	if e.SecondID != 0 {
+		db = db.Where("sid = ?", e.SecondID)
+	}
+	if e.State != -1 {
+		db = db.Where("state = ?", e.State)
+	}
+	if e.UName != "" {
+		db = db.Where("uid = ?", e.UID)
+	}
+	if e.Order != "" {
+		db = db.Order(e.Order+" "+e.Sort, true)
+	}
+	err = db.Find(&res).Error
+	return
+}
+
+// CateSecByIDs .
+func (d *Dao) CateSecByIDs(c context.Context, ids []int64) (res map[int64]string, err error) {
+	r := []*model.CateSecExt{}
+	res = make(map[int64]string)
+	if err = d.db.Table("manager_reason_catesecext").Where("id IN (?)", ids).Find(&r).Error; err != nil {
+		return
+	}
+	for _, cn := range r {
+		res[cn.ID] = cn.Name
+	}
+	return
+}
+
+// BatchUpdateReasonState .
+func (d *Dao) BatchUpdateReasonState(c context.Context, b *model.BatchUpdateReasonState) (err error) {
+	return d.db.Table("manager_reason").Where("id IN (?)", b.IDs).Update("state", b.State).Error
+}
+
+// CateSecExtList .
+func (d *Dao) CateSecExtList(c context.Context, e *model.CateSecExt) (res []*model.CateSecExt, err error) {
+	// Display all record
+	db := d.db.Table("manager_reason_catesecext").Where("bid = ? and type = ?", e.BusinessID, e.Type)
+	if e.State != -1 {
+		db = db.Where("state = ?", e.State)
+	}
+	err = db.Find(&res).Error
+	return
+}
+
+// CateSecList .
+func (d *Dao) CateSecList(c context.Context, bid int64) (res []*model.CateSecExt, err error) {
+	err = d.db.Table("manager_reason_catesecext").Where("bid = ?", bid).Find(&res).Error
+	return
+}
+
+// AssociationList .
+func (d *Dao) AssociationList(c context.Context, state int64, bid int64) (res []*model.Association, err error) {
+	db := d.db.Table("manager_reason_association").Where("bid = ?", bid)
+	if state != -1 {
+		db = db.Where("state = ?", state)
+	}
+	err = db.Find(&res).Error
+	return
+}
--- a/app/admin/main/manager/dao/reason_test.go
+++ b/app/admin/main/manager/dao/reason_test.go
@@ -0,0 +1,250 @@
+package dao
+
+import (
+	"context"
+	"testing"
+
+	"go-common/app/admin/main/manager/model"
+
+	"github.com/smartystreets/goconvey/convey"
+)
+
+func TestDaoAddCateSecExt(t *testing.T) {
+	var (
+		c = context.TODO()
+		e = &model.CateSecExt{
+			BusinessID: 1,
+			Type:       1,
+			Name:       "测试type1",
+		}
+	)
+	convey.Convey("AddCateSecExt", t, func(ctx convey.C) {
+		err := d.AddCateSecExt(c, e)
+		ctx.Convey("Then err should be nil.", func(ctx convey.C) {
+			ctx.So(err, convey.ShouldBeNil)
+		})
+	})
+}
+
+func TestDaoUpdateCateSecExt(t *testing.T) {
+	var (
+		c = context.TODO()
+		e = &model.CateSecExt{
+			ID:   75,
+			Name: "测试更新下",
+		}
+	)
+	convey.Convey("UpdateCateSecExt", t, func(ctx convey.C) {
+		err := d.UpdateCateSecExt(c, e)
+		ctx.Convey("Then err should be nil.", func(ctx convey.C) {
+			ctx.So(err, convey.ShouldBeNil)
+		})
+	})
+}
+
+func TestDaoBanCateSecExt(t *testing.T) {
+	var (
+		c = context.TODO()
+		e = &model.CateSecExt{
+			ID:    75,
+			State: 0,
+		}
+	)
+	convey.Convey("BanCateSecExt", t, func(ctx convey.C) {
+		err := d.BanCateSecExt(c, e)
+		ctx.Convey("Then err should be nil.", func(ctx convey.C) {
+			ctx.So(err, convey.ShouldBeNil)
+		})
+	})
+}
+
+func TestDaoAddAssociation(t *testing.T) {
+	var (
+		c = context.TODO()
+		e = &model.Association{
+			BusinessID: 1,
+			RoleID:     121,
+			CategoryID: 212,
+			SecondIDs:  "3,7",
+		}
+	)
+	convey.Convey("AddAssociation", t, func(ctx convey.C) {
+		err := d.AddAssociation(c, e)
+		ctx.Convey("Then err should be nil.", func(ctx convey.C) {
+			ctx.So(err, convey.ShouldBeNil)
+		})
+	})
+}
+
+func TestDaoUpdateAssociation(t *testing.T) {
+	var (
+		c = context.TODO()
+		e = &model.Association{
+			ID:         41,
+			RoleID:     1111,
+			CategoryID: 2222,
+			SecondIDs:  "6,5,4,3",
+		}
+	)
+	convey.Convey("UpdateAssociation", t, func(ctx convey.C) {
+		err := d.UpdateAssociation(c, e)
+		ctx.Convey("Then err should be nil.", func(ctx convey.C) {
+			ctx.So(err, convey.ShouldBeNil)
+		})
+	})
+}
+
+func TestDaoBanAssociation(t *testing.T) {
+	var (
+		c = context.TODO()
+		e = &model.Association{
+			ID:    41,
+			State: 1,
+		}
+	)
+	convey.Convey("BanAssociation", t, func(ctx convey.C) {
+		err := d.BanAssociation(c, e)
+		ctx.Convey("Then err should be nil.", func(ctx convey.C) {
+			ctx.So(err, convey.ShouldBeNil)
+		})
+	})
+}
+
+func TestDaoAddReason(t *testing.T) {
+	var (
+		c = context.TODO()
+		e = &model.Reason{
+			BusinessID:  1,
+			RoleID:      99,
+			CategoryID:  98,
+			SecondID:    97,
+			Common:      0,
+			UID:         1,
+			Description: "随便测试",
+			Weight:      96,
+			Flag:        0,
+		}
+	)
+	convey.Convey("AddReason", t, func(ctx convey.C) {
+		err := d.AddReason(c, e)
+		ctx.Convey("Then err should be nil.", func(ctx convey.C) {
+			ctx.So(err, convey.ShouldBeNil)
+		})
+	})
+}
+
+func TestDaoUpdateReason(t *testing.T) {
+	var (
+		c = context.TODO()
+		e = &model.Reason{
+			ID:          18,
+			RoleID:      100,
+			CategoryID:  99,
+			SecondID:    98,
+			Common:      1,
+			Description: "随便测试试试",
+			Weight:      97,
+			Flag:        1,
+			BusinessID:  2,
+			TypeID:      3,
+			TagID:       4,
+		}
+	)
+	convey.Convey("UpdateReason", t, func(ctx convey.C) {
+		err := d.UpdateReason(c, e)
+		ctx.Convey("Then err should be nil.", func(ctx convey.C) {
+			ctx.So(err, convey.ShouldBeNil)
+		})
+	})
+}
+
+func TestDaoReasonList(t *testing.T) {
+	var (
+		c = context.TODO()
+		e = &model.SearchReasonParams{
+			BusinessID: 1,
+		}
+	)
+	convey.Convey("ReasonList", t, func(ctx convey.C) {
+		res, err := d.ReasonList(c, e)
+		ctx.Convey("Then err should be nil.res should not be nil.", func(ctx convey.C) {
+			ctx.So(err, convey.ShouldBeNil)
+			ctx.So(res, convey.ShouldNotBeNil)
+		})
+	})
+}
+
+func TestDaoCateSecByIDs(t *testing.T) {
+	var (
+		c   = context.TODO()
+		ids = []int64{1, 2, 3}
+	)
+	convey.Convey("CateSecByIDs", t, func(ctx convey.C) {
+		res, err := d.CateSecByIDs(c, ids)
+		ctx.Convey("Then err should be nil.res should not be nil.", func(ctx convey.C) {
+			ctx.So(err, convey.ShouldBeNil)
+			ctx.So(res, convey.ShouldNotBeNil)
+		})
+	})
+}
+
+func TestDaoBatchUpdateReasonState(t *testing.T) {
+	var (
+		c = context.TODO()
+		b = &model.BatchUpdateReasonState{
+			IDs: []int64{1, 2, 3},
+		}
+	)
+	convey.Convey("BatchUpdateReasonState", t, func(ctx convey.C) {
+		err := d.BatchUpdateReasonState(c, b)
+		ctx.Convey("Then err should be nil.", func(ctx convey.C) {
+			ctx.So(err, convey.ShouldBeNil)
+		})
+	})
+}
+
+func TestDaoCateSecExtList(t *testing.T) {
+	var (
+		c = context.TODO()
+		e = &model.CateSecExt{
+			BusinessID: 1,
+			Type:       1,
+		}
+	)
+	convey.Convey("CateSecExtList", t, func(ctx convey.C) {
+		res, err := d.CateSecExtList(c, e)
+		ctx.Convey("Then err should be nil.res should not be nil.", func(ctx convey.C) {
+			ctx.So(err, convey.ShouldBeNil)
+			ctx.So(res, convey.ShouldNotBeNil)
+		})
+	})
+}
+
+func TestDaoCateSecList(t *testing.T) {
+	var (
+		c   = context.TODO()
+		lid = int64(0)
+	)
+	convey.Convey("CateSecList", t, func(ctx convey.C) {
+		res, err := d.CateSecList(c, lid)
+		ctx.Convey("Then err should be nil.res should not be nil.", func(ctx convey.C) {
+			ctx.So(err, convey.ShouldBeNil)
+			ctx.So(res, convey.ShouldNotBeNil)
+		})
+	})
+}
+
+func TestDaoAssociationList(t *testing.T) {
+	var (
+		c     = context.TODO()
+		state = int64(0)
+		lid   = int64(0)
+	)
+	convey.Convey("AssociationList", t, func(ctx convey.C) {
+		res, err := d.AssociationList(c, state, lid)
+		ctx.Convey("Then err should be nil.res should not be nil.", func(ctx convey.C) {
+			ctx.So(err, convey.ShouldBeNil)
+			ctx.So(res, convey.ShouldNotBeNil)
+		})
+	})
+}
--- a/app/admin/main/manager/dao/tag.go
+++ b/app/admin/main/manager/dao/tag.go
@@ -0,0 +1,220 @@
+package dao
+
+import (
+	"context"
+	"fmt"
+	"strings"
+
+	"go-common/app/admin/main/manager/model"
+	"go-common/library/ecode"
+)
+
+// AddType .
+func (d *Dao) AddType(c context.Context, tt *model.TagType) (err error) {
+	tx := d.db.Begin()
+	if tx.Error != nil {
+		return
+	}
+	defer func() {
+		if err != nil {
+			tx.Rollback()
+		}
+	}()
+	if err = tx.Create(tt).Error; err != nil {
+		return
+	}
+	if len(tt.Rids) > 0 {
+		values := []string{}
+		valueArgs := []interface{}{}
+		for _, rid := range tt.Rids {
+			values = append(values, "(?,?)")
+			valueArgs = append(valueArgs, tt.ID, rid)
+		}
+		stmt := fmt.Sprintf("INSERT INTO manager_tag_type_role(tid,rid) VALUES %s ON DUPLICATE KEY UPDATE tid=values(tid),rid=values(rid)", strings.Join(values, ","))
+		if err = tx.Exec(stmt, valueArgs...).Error; err != nil {
+			return
+		}
+	}
+	err = tx.Commit().Error
+	return
+}
+
+// UpdateTypeName .
+func (d *Dao) UpdateTypeName(c context.Context, tt *model.TagType) error {
+	return d.db.Table("manager_tag_type").Where("id = ?", tt.ID).Update("name", tt.Name).Error
+}
+
+// UpdateType .
+func (d *Dao) UpdateType(c context.Context, tt *model.TagType) (err error) {
+	if len(tt.Rids) <= 0 {
+		return
+	}
+	values := []string{}
+	valueArgs := []interface{}{}
+	for _, rid := range tt.Rids {
+		values = append(values, "(?,?)")
+		valueArgs = append(valueArgs, tt.ID, rid)
+	}
+	stmt := fmt.Sprintf("INSERT INTO manager_tag_type_role(tid,rid) VALUES %s ON DUPLICATE KEY UPDATE tid=values(tid),rid=values(rid)", strings.Join(values, ","))
+	err = d.db.Exec(stmt, valueArgs...).Error
+	return
+}
+
+// DeleteNonRole .
+func (d *Dao) DeleteNonRole(c context.Context, tt *model.TagType) error {
+	if len(tt.Rids) <= 0 {
+		stmt := "DELETE FROM manager_tag_type_role WHERE tid=?"
+		return d.db.Exec(stmt, tt.ID).Error
+	}
+	stmt := "DELETE FROM manager_tag_type_role WHERE id IN (SELECT id FROM (select id from manager_tag_type_role WHERE tid=? AND rid NOT IN (?)) as temp)"
+	return d.db.Exec(stmt, tt.ID, tt.Rids).Error
+}
+
+// DeleteType .
+func (d *Dao) DeleteType(c context.Context, td *model.TagTypeDel) error {
+	return d.db.Where("id = ?", td.ID).Delete(&model.TagType{}).Error
+}
+
+// AddTag .
+func (d *Dao) AddTag(c context.Context, t *model.Tag) (err error) {
+	maxTagID := int64(0)
+	if maxTagID, err = d.maxTagIDByBid(c, t.Bid); err != nil {
+		return
+	}
+	maxTagID++
+	t.TagID = maxTagID
+	err = d.db.Create(t).Error
+	return
+}
+
+// maxTagIDByBid .
+func (d *Dao) maxTagIDByBid(c context.Context, bid int64) (maxTagID int64, err error) {
+	var tagID interface{}
+	err = d.db.Table("manager_tag").Select("max(tag_id) as max_tag_id").Where("bid = ?", bid).Row().Scan(&tagID)
+	if tagID == nil {
+		maxTagID = int64(0)
+		return
+	}
+	maxTagID = tagID.(int64)
+	return
+}
+
+// UpdateTag .
+func (d *Dao) UpdateTag(c context.Context, t *model.Tag) error {
+	return d.db.Table("manager_tag").Where("id = ?", t.ID).
+		Updates(map[string]interface{}{"bid": t.Bid, "tid": t.Tid, "rid": t.Rid, "name": t.Name, "weight": t.Weight, "description": t.Description}).Error
+}
+
+// AddControl .
+func (d *Dao) AddControl(c context.Context, tc *model.TagControl) error {
+	return d.db.Create(tc).Error
+}
+
+// UpdateControl .
+func (d *Dao) UpdateControl(c context.Context, tc *model.TagControl) error {
+	return d.db.Table("manager_tag_control").Where("id = ?", tc.ID).
+		Update(map[string]interface{}{
+			"tid":         tc.Tid,
+			"name":        tc.Name,
+			"title":       tc.Title,
+			"weight":      tc.Weight,
+			"component":   tc.Component,
+			"placeholder": tc.Placeholder,
+			"required":    tc.Required,
+		}).Error
+}
+
+// BatchUpdateState .
+func (d *Dao) BatchUpdateState(c context.Context, b *model.BatchUpdateState) (err error) {
+	return d.db.Table("manager_tag").Where("id IN (?)", b.IDs).Update("state", b.State).Error
+}
+
+// TagList .
+func (d *Dao) TagList(c context.Context, t *model.SearchTagParams) (res []*model.Tag, err error) {
+	db := d.db.Table("manager_tag")
+	if t.Bid != -1 {
+		db = db.Where("bid = ?", t.Bid)
+	}
+	if t.KeyWord != "" {
+		db = db.Where("name LIKE ?", "%"+t.KeyWord+"%")
+	}
+	if t.Tid != -1 {
+		db = db.Where("tid = ?", t.Tid)
+	}
+	if t.Rid != -1 {
+		db = db.Where("rid = ?", t.Rid)
+	}
+	if t.State != -1 {
+		db = db.Where("state = ?", t.State)
+	}
+	if t.UName != "" {
+		db = db.Where("uid = ?", t.UID)
+	}
+	if t.Order != "" {
+		db = db.Order(t.Order+" "+t.Sort, true)
+	}
+	err = db.Find(&res).Error
+	return
+}
+
+// TagControl .
+func (d *Dao) TagControl(c context.Context, tc *model.TagControlParam) (res []*model.TagControl, err error) {
+	db := d.db.Table("manager_tag_control")
+	if tc.BID != 0 {
+		db = db.Where("bid = ?", tc.BID)
+	}
+	if tc.TID != 0 {
+		db = db.Where("tid = ?", tc.TID)
+	}
+	err = db.Find(&res).Error
+	return
+}
+
+// AttrList .
+func (d *Dao) AttrList(c context.Context, bid int64) (res *model.TagBusinessAttr, err error) {
+	res = &model.TagBusinessAttr{}
+	err = d.db.Where("bid = ?", bid).First(res).Error
+	if err == ecode.NothingFound {
+		err = nil
+	}
+	return
+}
+
+// InsertAttr .
+func (d *Dao) InsertAttr(c context.Context, tba *model.TagBusinessAttr) error {
+	return d.db.Create(tba).Error
+}
+
+// AttrUpdate .
+func (d *Dao) AttrUpdate(c context.Context, tba *model.TagBusinessAttr) error {
+	return d.db.Table("manager_tag_business_attr").Where("bid = ?", tba.Bid).Update("button", tba.Button).Error
+}
+
+// TypeByIDs .
+func (d *Dao) TypeByIDs(c context.Context, ids []int64) (res map[int64]*model.TagType, err error) {
+	t := []*model.TagType{}
+	res = make(map[int64]*model.TagType)
+	err = d.db.Where("id IN (?)", ids).Find(&t).Error
+	for _, r := range t {
+		res[r.ID] = r
+	}
+	return
+}
+
+// TagTypeByBID .
+func (d *Dao) TagTypeByBID(c context.Context, bid int64) (res []*model.TagType, err error) {
+	err = d.db.Where("bid = ?", bid).Find(&res).Error
+	return
+}
+
+// TagTypeRoleByTids .
+func (d *Dao) TagTypeRoleByTids(c context.Context, tids []int64) (res []*model.TagTypeRole, err error) {
+	err = d.db.Where("tid IN (?)", tids).Find(&res).Error
+	return
+}
+
+// TagByType accross type get tag list .
+func (d *Dao) TagByType(c context.Context, tid int64) (res []*model.Tag, err error) {
+	err = d.db.Where("tid = ?", tid).Find(&res).Error
+	return
+}
--- a/app/admin/main/manager/dao/tag_test.go
+++ b/app/admin/main/manager/dao/tag_test.go
@@ -0,0 +1,282 @@
+package dao
+
+import (
+	"context"
+	"math/rand"
+	"testing"
+
+	"go-common/app/admin/main/manager/model"
+
+	"github.com/smartystreets/goconvey/convey"
+)
+
+func TestDaoAddType(t *testing.T) {
+	var (
+		c  = context.TODO()
+		tt = &model.TagType{}
+	)
+	convey.Convey("AddType", t, func(ctx convey.C) {
+		err := d.AddType(c, tt)
+		ctx.Convey("Then err should be nil.", func(ctx convey.C) {
+			ctx.So(err, convey.ShouldBeNil)
+		})
+	})
+}
+
+func TestDaoUpdateTypeName(t *testing.T) {
+	var (
+		c  = context.TODO()
+		tt = &model.TagType{}
+	)
+	convey.Convey("UpdateTypeName", t, func(ctx convey.C) {
+		err := d.UpdateTypeName(c, tt)
+		ctx.Convey("Then err should be nil.", func(ctx convey.C) {
+			ctx.So(err, convey.ShouldBeNil)
+		})
+	})
+}
+
+func TestDaoUpdateType(t *testing.T) {
+	var (
+		c  = context.TODO()
+		tt = &model.TagType{}
+	)
+	convey.Convey("UpdateType", t, func(ctx convey.C) {
+		err := d.UpdateType(c, tt)
+		ctx.Convey("Then err should be nil.", func(ctx convey.C) {
+			ctx.So(err, convey.ShouldBeNil)
+		})
+	})
+}
+
+func TestDaoDeleteNonRole(t *testing.T) {
+	var (
+		c  = context.TODO()
+		tt = &model.TagType{}
+	)
+	convey.Convey("DeleteNonRole", t, func(ctx convey.C) {
+		err := d.DeleteNonRole(c, tt)
+		ctx.Convey("Then err should be nil.", func(ctx convey.C) {
+			ctx.So(err, convey.ShouldBeNil)
+		})
+	})
+}
+
+func TestDaoDeleteType(t *testing.T) {
+	var (
+		c  = context.TODO()
+		td = &model.TagTypeDel{}
+	)
+	convey.Convey("DeleteType", t, func(ctx convey.C) {
+		err := d.DeleteType(c, td)
+		ctx.Convey("Then err should be nil.", func(ctx convey.C) {
+			ctx.So(err, convey.ShouldBeNil)
+		})
+	})
+}
+
+func TestDaoAddTag(t *testing.T) {
+	var (
+		c  = context.TODO()
+		no = &model.Tag{}
+	)
+	convey.Convey("AddTag", t, func(ctx convey.C) {
+		err := d.AddTag(c, no)
+		ctx.Convey("Then err should be nil.", func(ctx convey.C) {
+			ctx.So(err, convey.ShouldBeNil)
+		})
+	})
+}
+
+func TestDaomaxTagIDByBid(t *testing.T) {
+	var (
+		c   = context.TODO()
+		bid = int64(0)
+	)
+	convey.Convey("maxTagIDByBid", t, func(ctx convey.C) {
+		maxTagID, err := d.maxTagIDByBid(c, bid)
+		ctx.Convey("Then err should be nil.maxTagID should not be nil.", func(ctx convey.C) {
+			ctx.So(err, convey.ShouldBeNil)
+			ctx.So(maxTagID, convey.ShouldNotBeNil)
+		})
+	})
+}
+
+func TestDaoUpdateTag(t *testing.T) {
+	var (
+		c  = context.TODO()
+		no = &model.Tag{}
+	)
+	convey.Convey("UpdateTag", t, func(ctx convey.C) {
+		err := d.UpdateTag(c, no)
+		ctx.Convey("Then err should be nil.", func(ctx convey.C) {
+			ctx.So(err, convey.ShouldBeNil)
+		})
+	})
+}
+
+func TestDaoAddControl(t *testing.T) {
+	var (
+		c  = context.TODO()
+		tc = &model.TagControl{}
+	)
+	convey.Convey("AddControl", t, func(ctx convey.C) {
+		err := d.AddControl(c, tc)
+		ctx.Convey("Then err should be nil.", func(ctx convey.C) {
+			ctx.So(err, convey.ShouldBeNil)
+		})
+	})
+}
+
+func TestDaoUpdateControl(t *testing.T) {
+	var (
+		c  = context.TODO()
+		tc = &model.TagControl{}
+	)
+	convey.Convey("UpdateControl", t, func(ctx convey.C) {
+		err := d.UpdateControl(c, tc)
+		ctx.Convey("Then err should be nil.", func(ctx convey.C) {
+			ctx.So(err, convey.ShouldBeNil)
+		})
+	})
+}
+
+func TestDaoBatchUpdateState(t *testing.T) {
+	var (
+		c = context.TODO()
+		b = &model.BatchUpdateState{}
+	)
+	convey.Convey("BatchUpdateState", t, func(ctx convey.C) {
+		err := d.BatchUpdateState(c, b)
+		ctx.Convey("Then err should be nil.", func(ctx convey.C) {
+			ctx.So(err, convey.ShouldBeNil)
+		})
+	})
+}
+
+func TestDaoTagList(t *testing.T) {
+	var (
+		c  = context.TODO()
+		no = &model.SearchTagParams{}
+	)
+	convey.Convey("TagList", t, func(ctx convey.C) {
+		res, err := d.TagList(c, no)
+		ctx.Convey("Then err should be nil.res should not be nil.", func(ctx convey.C) {
+			ctx.So(err, convey.ShouldBeNil)
+			ctx.So(res, convey.ShouldNotBeNil)
+		})
+	})
+}
+
+func TestDaoTagControl(t *testing.T) {
+	var (
+		c  = context.TODO()
+		tc = &model.TagControlParam{
+			BID: 1,
+			TID: 2,
+		}
+	)
+	convey.Convey("TagControl", t, func(ctx convey.C) {
+		res, err := d.TagControl(c, tc)
+		ctx.Convey("Then err should be nil.res should not be nil.", func(ctx convey.C) {
+			ctx.So(err, convey.ShouldBeNil)
+			ctx.So(res, convey.ShouldNotBeNil)
+		})
+	})
+}
+
+func TestDaoAttrList(t *testing.T) {
+	var (
+		c   = context.TODO()
+		bid = int64(0)
+	)
+	convey.Convey("AttrList", t, func(ctx convey.C) {
+		res, err := d.AttrList(c, bid)
+		ctx.Convey("Then err should be nil.res should not be nil.", func(ctx convey.C) {
+			ctx.So(err, convey.ShouldBeNil)
+			ctx.So(res, convey.ShouldNotBeNil)
+		})
+	})
+}
+
+func TestDaoInsertAttr(t *testing.T) {
+	bid := rand.Intn(1000)
+	tba := &model.TagBusinessAttr{
+		Bid: int64(bid),
+	}
+	convey.Convey("InsertAttr", t, func(ctx convey.C) {
+		err := d.InsertAttr(context.Background(), tba)
+		ctx.Convey("Then err should be nil.", func(ctx convey.C) {
+			ctx.So(err, convey.ShouldBeNil)
+		})
+	})
+}
+
+func TestDaoAttrUpdate(t *testing.T) {
+	var (
+		c   = context.TODO()
+		tba = &model.TagBusinessAttr{}
+	)
+	convey.Convey("AttrUpdate", t, func(ctx convey.C) {
+		err := d.AttrUpdate(c, tba)
+		ctx.Convey("Then err should be nil.", func(ctx convey.C) {
+			ctx.So(err, convey.ShouldBeNil)
+		})
+	})
+}
+
+func TestDaoTypeByIDs(t *testing.T) {
+	var (
+		c   = context.TODO()
+		ids = []int64{}
+	)
+	convey.Convey("TypeByIDs", t, func(ctx convey.C) {
+		res, err := d.TypeByIDs(c, ids)
+		ctx.Convey("Then err should be nil.res should not be nil.", func(ctx convey.C) {
+			ctx.So(err, convey.ShouldBeNil)
+			ctx.So(res, convey.ShouldNotBeNil)
+		})
+	})
+}
+
+func TestDaoTagTypeByBID(t *testing.T) {
+	var (
+		c   = context.TODO()
+		bid = int64(0)
+	)
+	convey.Convey("TagTypeByBID", t, func(ctx convey.C) {
+		res, err := d.TagTypeByBID(c, bid)
+		ctx.Convey("Then err should be nil.res should not be nil.", func(ctx convey.C) {
+			ctx.So(err, convey.ShouldBeNil)
+			ctx.So(res, convey.ShouldNotBeNil)
+		})
+	})
+}
+
+func TestDaoTagTypeRoleByTids(t *testing.T) {
+	var (
+		c    = context.TODO()
+		tids = []int64{}
+	)
+	convey.Convey("TagTypeRoleByTids", t, func(ctx convey.C) {
+		res, err := d.TagTypeRoleByTids(c, tids)
+		ctx.Convey("Then err should be nil.res should not be nil.", func(ctx convey.C) {
+			ctx.So(err, convey.ShouldBeNil)
+			ctx.So(res, convey.ShouldNotBeNil)
+		})
+	})
+}
+
+func TestDaoTagByType(t *testing.T) {
+	var (
+		c   = context.TODO()
+		tid = int64(0)
+	)
+	convey.Convey("TagByType", t, func(ctx convey.C) {
+		res, err := d.TagByType(c, tid)
+		ctx.Convey("Then err should be nil.res should not be nil.", func(ctx convey.C) {
+			ctx.So(err, convey.ShouldBeNil)
+			ctx.So(res, convey.ShouldNotBeNil)
+		})
+	})
+}
--- a/app/admin/main/manager/model/BUILD
+++ b/app/admin/main/manager/model/BUILD
@@ -0,0 +1,38 @@
+package(default_visibility = ["//visibility:public"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_library",
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "business.go",
+        "department.go",
+        "file.go",
+        "journal.go",
+        "rank.go",
+        "reason.go",
+        "resource.go",
+        "tag.go",
+        "user.go",
+    ],
+    importpath = "go-common/app/admin/main/manager/model",
+    tags = ["automanaged"],
+    deps = ["//library/time:go_default_library"],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [":package-srcs"],
+    tags = ["automanaged"],
+    visibility = ["//visibility:public"],
+)
--- a/app/admin/main/manager/model/business.go
+++ b/app/admin/main/manager/model/business.go
@@ -0,0 +1,143 @@
+package model
+
+import xtime "go-common/library/time"
+
+const (
+	// BusinessOpenState .
+	BusinessOpenState = 1
+	// BusinessOpenType .
+	BusinessOpenType = 1
+	// UserRoleDefaultVal .
+	UserRoleDefaultVal = -1
+	// UserOnState .
+	UserOnState = 1
+	// UserOffState .
+	UserOffState = 0
+)
+
+// Business .
+type Business struct {
+	ID        int64      `json:"id" gorm:"primary_key" form:"id"`
+	PID       int64      `json:"pid" gorm:"column:pid" form:"pid"`
+	BID       int64      `json:"bid" gorm:"column:bid" form:"bid"`
+	Name      string     `json:"name" gorm:"column:name" form:"name"`
+	Names     []string   `json:"names" gorm:"-" form:"names,split"`
+	Flow      int64      `json:"flow" gorm:"column:flow" form:"flow" default:"0"`
+	FlowState int64      `json:"flow_state" gorm:"column:flow_state" form:"flow_state"`
+	State     int64      `json:"state" gorm:"column:state" form:"state" default:"1"`
+	Ctime     xtime.Time `json:"ctime" gorm:"-"`
+	Mtime     xtime.Time `json:"mtime" gorm:"-"`
+}
+
+// BusinessList .
+type BusinessList struct {
+	ID        int64           `json:"id" gorm:"primary_key"`
+	PID       int64           `json:"pid" gorm:"column:pid"`
+	BID       int64           `json:"bid" gorm:"column:bid"`
+	Name      string          `json:"name" gorm:"column:name"`
+	Flow      int64           `json:"flow" gorm:"column:flow"`
+	FlowState int64           `json:"flow_state" gorm:"column:flow_state"`
+	State     int64           `json:"state" gorm:"column:state"`
+	Ctime     xtime.Time      `json:"ctime" gorm:"-"`
+	Mtime     xtime.Time      `json:"mtime" gorm:"-"`
+	FlowChild []*FlowBusiness `json:"flowchild" gorm:"-"`
+}
+
+// TableName .
+func (bl *BusinessList) TableName() string {
+	return "manager_business"
+}
+
+// FlowBusiness .
+type FlowBusiness struct {
+	FlowState int64           `json:"flow_state"`
+	Child     []*BusinessList `json:"child"`
+}
+
+// BusinessRole .
+type BusinessRole struct {
+	ID    int64      `json:"id" gorm:"primary_key" form:"id"`
+	BID   int64      `json:"bid" gorm:"column:bid" form:"bid"`
+	RID   int64      `json:"rid" gorm:"column:rid" form:"rid"`
+	Name  string     `json:"name" gorm:"column:name" form:"name"`
+	Type  int64      `json:"type" gorm:"column:type" form:"type" default:"-1"`
+	State int64      `json:"state" gorm:"column:state" form:"state" default:"1"`
+	Ctime xtime.Time `json:"ctime" gorm:"column:ctime"`
+	Mtime xtime.Time `json:"mtime" gorm:"column:mtime"`
+	Auth  int64      `json:"auth" gorm:"-" form:"auth"`
+	UID   int64      `json:"uid" gorm:"-"`
+}
+
+// TableName .
+func (br *BusinessRole) TableName() string {
+	return "manager_business_role"
+}
+
+// BusinessUserRole .
+type BusinessUserRole struct {
+	ID    int64      `json:"id" gorm:"primary_key" form:"id"`
+	UID   int64      `json:"uid" gorm:"column:uid" form:"uid"`
+	UIDs  []int64    `json:"uids" gorm:"-" form:"uids,split"`
+	CUID  int64      `json:"cuid" gorm:"column:cuid" form:"cuid"`
+	BID   int64      `json:"bid" gorm:"column:bid" form:"bid"`
+	Role  string     `json:"role" gorm:"column:role" form:"role"`
+	Ctime xtime.Time `json:"ctime" gorm:"-"`
+	Mtime xtime.Time `json:"mtime" gorm:"-"`
+}
+
+// BusinessUserRoleList .
+type BusinessUserRoleList struct {
+	ID        int64      `json:"id" gorm:"primary_key"`
+	UID       int64      `json:"uid" gorm:"column:uid" form:"uid"`
+	UName     string     `json:"uname" gorm:"-"`
+	UNickname string     `json:"unickname" gorm:"-"`
+	CUID      int64      `json:"cuid" gorm:"column:cuid" form:"cuid"`
+	CUName    string     `json:"cuname" gorm:"-"`
+	BID       int64      `json:"bid" gorm:"column:bid" form:"bid"`
+	Role      string     `json:"role" gorm:"column:role" form:"role"`
+	RoleName  []string   `json:"rolename" gorm:"-"`
+	Ctime     xtime.Time `json:"ctime" gorm:"-"`
+	Mtime     xtime.Time `json:"mtime" gorm:"-"`
+}
+
+// StateUpdate .
+type StateUpdate struct {
+	ID    int64 `json:"id" form:"id" validate:"required"`
+	Type  int64 `json:"type" form:"type" validate:"required"` // 1:业务 2:角色
+	State int64 `json:"state" form:"state"`
+}
+
+// UserListParams .
+type UserListParams struct {
+	BID   int64  `form:"bid" validate:"required"`
+	Role  int64  `form:"role" default:"-1"`
+	UName string `form:"uname"`
+	UID   int64  `form:"uid"`
+	PS    int64  `form:"ps" default:"50"`
+	PN    int64  `form:"pn" default:"1"`
+}
+
+// UserRole .
+type UserRole struct {
+	ID   int64  `json:"id"`
+	BID  int64  `json:"bid"`
+	RID  int64  `json:"rid"`
+	Type int64  `json:"type"`
+	Name string `json:"name"`
+}
+
+// BusinessListParams .
+type BusinessListParams struct {
+	State int64 `json:"state" form:"state" default:"-1"`
+	Check int64 `json:"check" form:"check" default:"0"`
+	Flow  int64 `json:"flow" form:"flow"`
+	UID   int64 `json:"uid"`
+	Auth  int64 `json:"auth" form:"auth"`
+}
+
+// UserStateUp .
+type UserStateUp struct {
+	BID     int64 `json:"bid" form:"bid" validate:"required"`
+	AdminID int64 `json:"adminid" form:"adminid" validate:"required"`
+	State   int   `json:"state" form:"state" validate:"state"`
+}
--- a/app/admin/main/manager/model/department.go
+++ b/app/admin/main/manager/model/department.go
@@ -0,0 +1,53 @@
+package model
+
+import (
+	"go-common/library/time"
+)
+
+// DepartCustom struct info of table user_department
+type DepartCustom struct {
+	ID     int64     `json:"id" gorm:"column:id"`
+	Name   string    `json:"name" gorm:"column:name"`
+	Status int       `json:"-" gorm:"column:status"`
+	Ctime  time.Time `json:"-" gorm:"-"`
+	Mtime  time.Time `json:"-"  gorm:"-"`
+}
+
+// RoleCustom .
+type RoleCustom struct {
+	ID          int64     `json:"id" gorm:"column:id"`
+	Name        string    `json:"name" gorm:"column:name"`
+	Type        int64     `json:"-" gorm:"column:type"`
+	Description string    `json:"-" gorm:"column:description"`
+	RuleID      int64     `json:"-" gorm:"column:rule_id"`
+	Data        string    `json:"-" gorm:"column:data"`
+	Ctime       time.Time `json:"-" gorm:"-"`
+	Mtime       time.Time `json:"-" gorm:"-"`
+}
+
+// UserCustom .
+type UserCustom struct {
+	ID           int64     `json:"id" gorm:"column:id"`
+	Username     string    `json:"username" gorm:"column:username"`
+	Nickname     string    `json:"nickname" gorm:"column:nickname"`
+	Email        string    `json:"-" gorm:"column:email"`
+	Phone        string    `json:"-" gorm:"column:phone"`
+	DepartmentID int       `json:"-" gorm:"column:department_id"`
+	State        int       `json:"-" gorm:"column:state"`
+	Ctime        time.Time `json:"-" gorm:"-"`
+	Mtime        time.Time `json:"-" gorm:"-"`
+}
+
+// Department struct info of table user_department
+type Department struct {
+	ID     int64     `json:"id"`
+	Name   string    `json:"name"`
+	Status int       `json:"status"`
+	Ctime  time.Time `json:"ctime"`
+	Mtime  time.Time `json:"mtime"`
+}
+
+// TableName return table name
+func (a Department) TableName() string {
+	return "user_department"
+}
--- a/app/admin/main/manager/model/file.go
+++ b/app/admin/main/manager/model/file.go
@@ -0,0 +1,30 @@
+package model
+
+import "go-common/library/time"
+
+//FileInfo : the uploaded file information
+type FileInfo struct {
+	Name string `json:"name"`
+	Size int64  `json:"size"`
+	Type string `json:"type"`
+	Md5  string `json:"md5"`
+	URL  string `json:"url"`
+}
+
+// ResourceFile represents the table structure
+type ResourceFile struct {
+	ID         int       `json:"id"`
+	Name       string    `json:"name"`
+	Type       string    `json:"type"`
+	Md5        string    `json:"md5"`
+	Size       int       `json:"size"`
+	URL        string    `json:"url"`
+	ResourceID int       `json:"resource_id"`
+	Ctime      time.Time `json:"ctime"`
+	Mtime      time.Time `json:"mtime"`
+}
+
+// TableName gives the table name of the model
+func (*ResourceFile) TableName() string {
+	return "resource_file"
+}
--- a/app/admin/main/manager/model/journal.go
+++ b/app/admin/main/manager/model/journal.go
@@ -0,0 +1,16 @@
+package model
+
+import (
+	"encoding/json"
+)
+
+// LogRes .
+type LogRes struct {
+	Code int       `json:"code"`
+	Data *LogChild `json:"data"`
+}
+
+// LogChild .
+type LogChild struct {
+	Result []json.RawMessage `json:"result"`
+}
--- a/app/admin/main/manager/model/rank.go
+++ b/app/admin/main/manager/model/rank.go
@@ -0,0 +1,35 @@
+package model
+
+// RankGroup rank permission group
+type RankGroup struct {
+	ID    int64       `json:"id"`
+	Name  string      `json:"name"`
+	Desc  string      `json:"desc"`
+	Isdel int         `json:"isdel"`
+	Auths []*AuthItem `json:"auths"`
+}
+
+// RankAuth rank auths
+type RankAuth struct {
+	ID      int64 `json:"id"`
+	GroupID int64 `json:"group_id"`
+	AuthID  int64 `json:"auth_id"`
+	Isdel   int   `json:"isdel"`
+}
+
+// RankUser user-group-rank info.
+type RankUser struct {
+	ID      int64 `json:"id"`
+	GroupID int64 `json:"group_id"`
+	UID     int64 `json:"uid" gorm:"column:uid"`
+	Rank    int   `json:"rank"`
+	Isdel   int   `json:"isdel"`
+}
+
+// RankUserScores rank user scores.
+type RankUserScores struct {
+	UID      int64         `json:"uid"`
+	Username string        `json:"username"`
+	Nickname string        `json:"nickname"`
+	Ranks    map[int64]int `json:"ranks"`
+}
--- a/app/admin/main/manager/model/reason.go
+++ b/app/admin/main/manager/model/reason.go
@@ -0,0 +1,100 @@
+package model
+
+import (
+	xtime "go-common/library/time"
+)
+
+// State code const .
+const (
+	InvalidateState int64 = 0
+	ValidateState   int64 = 1
+	AllState        int64 = -1
+	AllType         int64 = -1
+	CategoryCode    int64 = 0
+	SecondeCode     int64 = 1
+	ExtensionCode   int64 = 2
+)
+
+// Reason .
+type Reason struct {
+	ID           int64      `json:"id" gorm:"primary_key" form:"id"`
+	BusinessID   int64      `json:"bid" gorm:"column:bid" form:"bid"`
+	RoleID       int64      `json:"role_id" gorm:"column:rid" form:"role_id" validate:"required"`
+	RoleName     string     `json:"role_name" gorm:"-"`
+	CategoryID   int64      `json:"cate_id" gorm:"column:cid" form:"cate_id" validate:"required"`
+	CategoryName string     `json:"category_name" gorm:"-"`
+	SecondID     int64      `json:"sec_id" gorm:"column:sid" form:"sec_id" validate:"required"`
+	SecondName   string     `json:"sec_name" gorm:"-"`
+	State        int64      `json:"state" gorm:"column:state" form:"state" default:"1"`
+	Common       int64      `json:"common" gorm:"column:common" form:"common" default:"0"`
+	UID          int64      `json:"uid" gorm:"column:uid" form:"uid"`
+	UName        string     `json:"uname" gorm:"-"`
+	Description  string     `json:"description" gorm:"column:description" form:"description" validate:"required"`
+	Weight       int64      `json:"weight" gorm:"column:weight" form:"weight" default:"1" validate:"required"`
+	Flag         int64      `json:"flag" gorm:"column:flag" form:"flag" default:"0"`
+	LinkID       int64      `json:"link_id" gorm:"column:lid" form:"link_id" default:"0"`
+	TypeID       int64      `json:"type_id" gorm:"column:type_id" form:"type_id" default:"0"`
+	TagID        int64      `json:"tag_id" gorm:"column:tid" form:"tag_id" default:"0"`
+	Ctime        xtime.Time `json:"ctime" gorm:"column:ctime"`
+	Mtime        xtime.Time `json:"mtime" gorm:"column:mtime"`
+}
+
+// DropList .
+type DropList struct {
+	ID    int64       `json:"id"`
+	Name  string      `json:"name"`
+	Child []*DropList `json:"child"`
+}
+
+// CateSecExt .
+type CateSecExt struct {
+	ID         int64      `json:"id" gorm:"primary_key" form:"id"`
+	BusinessID int64      `json:"bid" gorm:"column:bid" form:"bid"`
+	Name       string     `json:"name" gorm:"column:name" form:"name"`
+	Type       int64      `json:"type" gorm:"column:type" form:"type"`
+	State      int64      `json:"state" gorm:"column:state" form:"state" default:"-1"`
+	Ctime      xtime.Time `json:"ctime" gorm:"column:ctime"`
+	Mtime      xtime.Time `json:"mtime" gorm:"column:mtime"`
+}
+
+// Association .
+type Association struct {
+	ID           int64         `json:"id" gorm:"primary_key" form:"id"`
+	BusinessID   int64         `json:"bid" gorm:"column:bid" form:"bid"`
+	RoleID       int64         `json:"role_id" gorm:"column:rid" form:"role_id"`
+	RoleName     string        `json:"role_name" gorm:"-"`
+	CategoryID   int64         `json:"cate_id" gorm:"column:cid" form:"cate_id"`
+	CategoryName string        `json:"cate_name" gorm:"-"`
+	SecondIDs    string        `json:"second_ids" gorm:"column:sids" form:"sec_ids"`
+	State        int64         `json:"state" gorn:"column:state" form:"state" default:"1"`
+	Ctime        xtime.Time    `json:"ctime" gorm:"column:ctime"`
+	Mtime        xtime.Time    `json:"mtime" gorm:"column:mtime"`
+	Child        []*CateSecExt `json:"child" gorm:"-"`
+}
+
+// BatchUpdateReasonState .
+type BatchUpdateReasonState struct {
+	IDs   []int64 `json:"ids" form:"ids,split" validate:"required"`
+	State int64   `json:"state" form:"state"`
+}
+
+// SearchReasonParams .
+type SearchReasonParams struct {
+	BusinessID int64  `form:"bid" default:"-1"`
+	KeyWord    string `json:"keyword" form:"keyword"`
+	RoleID     int64  `json:"role_id" form:"role_id" default:"0"`
+	CategoryID int64  `json:"cate_id" form:"cate_id" default:"0"`
+	SecondID   int64  `json:"sec_id" form:"sec_id" default:"0"`
+	State      int64  `json:"state" form:"state" default:"-1"`
+	UID        int64  `json:"uid"`
+	UName      string `json:"uname" form:"uname"`
+	Order      string `json:"order" form:"order" default:"ctime"`
+	Sort       string `json:"sort" form:"sort" default:"desc"`
+	PS         int64  `form:"ps" default:"20"`
+	PN         int64  `form:"pn" default:"1"`
+}
+
+// BusinessAttr .
+type BusinessAttr struct {
+	BID int64 `json:"bid" form:"bid" validate:"required"`
+}
--- a/app/admin/main/manager/model/resource.go
+++ b/app/admin/main/manager/model/resource.go
@@ -0,0 +1,18 @@
+package model
+
+import "go-common/library/time"
+
+// Resource reprensents the resource table
+type Resource struct {
+	ID      int64     `json:"id" params:"id"`
+	Name    string    `json:"name" params:"name"`
+	Version int64     `json:"version" params:"version"`
+	PoolID  int64     `json:"pool_id" params:"pool_id"`
+	Ctime   time.Time `json:"ctime" params:"ctime"`
+	Mtime   time.Time `json:"mtime" params:"mtime"`
+}
+
+// TableName gives the table name of the model
+func (*Resource) TableName() string {
+	return "resource"
+}
--- a/app/admin/main/manager/model/tag.go
+++ b/app/admin/main/manager/model/tag.go
@@ -0,0 +1,137 @@
+package model
+
+import (
+	xtime "go-common/library/time"
+)
+
+const (
+	// DefaultButton .
+	DefaultButton = 6
+)
+
+// TagType .
+type TagType struct {
+	ID    int64           `json:"id" gorm:"primary_key" form:"id"`
+	Bid   int64           `json:"bid" gorm:"column:bid" form:"bid" validate:"required"`
+	Name  string          `json:"name" gorm:"column:name" form:"name" validate:"required"`
+	State int64           `json:"state" gorm:"column:state" form:"state"`
+	Ctime xtime.Time      `json:"ctime" gorm:"column:ctime"`
+	Mtime xtime.Time      `json:"mtime" gorm:"column:mtime"`
+	Rids  []int64         `json:"rids" gorm:"-" form:"rids,split" validate:"required"`
+	Roles []*BusinessRole `json:"roles" gorm:"-"`
+}
+
+// TagTypeList .
+type TagTypeList struct {
+	BID int64 `json:"bid" form:"bid" validate:"required"`
+}
+
+// TagTypeDel .
+type TagTypeDel struct {
+	ID int64 `json:"id" form:"id" validate:"required"`
+}
+
+// TableName .
+func (tt *TagType) TableName() string {
+	return "manager_tag_type"
+}
+
+// TagTypeRole .
+type TagTypeRole struct {
+	ID    int64      `json:"id" gorm:"primary_key"`
+	Tid   int64      `json:"tid" gorm:"column:tid"`
+	Rid   int64      `json:"rid" gorm:"column:rid"`
+	Ctime xtime.Time `json:"ctime" gorm:"column:ctime"`
+	Mtime xtime.Time `json:"mtime" gorm:"column:mtime"`
+}
+
+// TableName .
+func (ttr *TagTypeRole) TableName() string {
+	return "manager_tag_type_role"
+}
+
+// Tag .
+type Tag struct {
+	ID          int64      `json:"id" gorm:"primary_key" form:"id"`
+	Bid         int64      `json:"bid" gorm:"column:bid" form:"bid" validate:"required"`
+	Tid         int64      `json:"tid" gorm:"column:tid" form:"tid" validate:"required"`
+	TagID       int64      `json:"tag_id" gorm:"column:tag_id"`
+	TName       string     `json:"tname" gorm:"-"`
+	Rid         int64      `json:"rid" gorm:"column:rid" form:"rid" validate:"required"`
+	RName       string     `json:"rname" gorm:"-"`
+	Name        string     `json:"name" gorm:"column:name" form:"name" validate:"required"`
+	Weight      int64      `json:"weight" gorm:"column:weight" form:"weight" validate:"required"`
+	State       int64      `json:"state" gorm:"column:state" form:"state" default:"1"`
+	UID         int64      `json:"uid" gorm:"column:uid" form:"uid"`
+	UName       string     `json:"uname" gorm:"-"`
+	Description string     `json:"description" gorm:"column:description" form:"description"`
+	Ctime       xtime.Time `json:"ctime" gorm:"column:ctime"`
+	Mtime       xtime.Time `json:"mtime" gorm:"column:mtime"`
+}
+
+// TableName .
+func (t *Tag) TableName() string {
+	return "manager_tag"
+}
+
+// TagBusinessAttr .
+type TagBusinessAttr struct {
+	ID     int64      `json:"id" gorm:"primary_key"`
+	Bid    int64      `json:"bid" gorm:"column:bid" form:"bid" validate:"required"`
+	Button int64      `json:"button" form:"button" gorm:"column:button" default:"6"`
+	Extra  int64      `json:"extra" gorm:"column:extra"`
+	Ctime  xtime.Time `json:"ctime" gorm:"column:ctime"`
+	Mtime  xtime.Time `json:"mtime" gorm:"column:mtime"`
+}
+
+// TableName .
+func (t *TagBusinessAttr) TableName() string {
+	return "manager_tag_business_attr"
+}
+
+// TagControl .
+type TagControl struct {
+	ID          int64      `json:"id" gorm:"primary_key" form:"id"`
+	Tid         int64      `json:"tid" gorm:"column:tid" form:"tid" validate:"required"`
+	Name        string     `json:"name" gorm:"column:name" form:"name" validate:"required"`
+	Title       string     `json:"title" gorm:"column:title" form:"title" validate:"required"`
+	Weight      int64      `json:"weight" gorm:"column:weight" form:"weight" validate:"required"`
+	Component   string     `json:"component" gorm:"column:component" form:"component" validate:"required"`
+	Placeholder string     `json:"placeholder" gorm:"column:placeholder" form:"placeholder" validate:"required"`
+	Required    int64      `json:"required" gorm:"column:required" form:"required" default:"0"`
+	Ctime       xtime.Time `json:"ctime" gorm:"-"`
+	Mtime       xtime.Time `json:"mtime" gorm:"-"`
+	BID         int64      `json:"bid" gorm:"column:bid" form:"bid"`
+}
+
+// TagControlParam .
+type TagControlParam struct {
+	BID int64 `json:"bid" form:"bid"`
+	TID int64 `json:"tid" form:"tid"`
+}
+
+// TableName .
+func (tc *TagControl) TableName() string {
+	return "manager_tag_control"
+}
+
+// BatchUpdateState .
+type BatchUpdateState struct {
+	IDs   []int64 `json:"ids" form:"ids,split" validate:"required"`
+	State int64   `json:"state" form:"state"`
+}
+
+// SearchTagParams .
+type SearchTagParams struct {
+	Bid     int64  `form:"bid" default:"-1"`
+	KeyWord string `form:"keyword"`
+	Tid     int64  `form:"tid" default:"-1"`
+	Rid     int64  `form:"rid" default:"-1"`
+	State   int64  `form:"state" default:"-1"`
+	UID     int64  `form:"uid" `
+	UName   string `form:"uname"`
+	Order   string `form:"order"`
+	Sort    string `form:"sort" default:"desc"`
+	PS      int64  `form:"ps" default:"20"`
+	PN      int64  `form:"pn" default:"1"`
+}
--- a/app/admin/main/manager/model/user.go
+++ b/app/admin/main/manager/model/user.go
@@ -0,0 +1,181 @@
+package model
+
+import (
+	"go-common/library/time"
+)
+
+// const rbac const
+const (
+	// auth_item type
+	TypePointer  = 1
+	TypeCategory = 2
+	TypeRole     = 3
+	TypeGroup    = 4
+
+	// Admin super admin
+	Admin = 1
+	// user state
+	UserStateOn = 0
+	UserDepOn   = 1
+)
+
+// Account dashboard user account
+type Account struct {
+	Username string `json:"username"`
+}
+
+// Auth .
+type Auth struct {
+	UID        int64    `json:"uid"`
+	Username   string   `json:"username"`
+	Nickname   string   `json:"nickname"`
+	Perms      []string `json:"perms"`
+	Admin      bool     `json:"admin"`
+	Assignable bool     `json:"assignable"`
+}
+
+// Permissions .
+type Permissions struct {
+	UID   int64      `json:"uid"`
+	Perms []string   `json:"perms"`
+	Admin bool       `json:"admin"`
+	Orgs  []*AuthOrg `json:"orgs"`
+	Roles []*AuthOrg `json:"roles"`
+}
+
+// UserDept .
+type UserDept struct {
+	ID         int64  `json:"id" gorm:"column:id"`
+	Department string `json:"department" gorm:"column:department"`
+}
+
+// user table
+
+// User struct info of table user
+type User struct {
+	ID           int64     `json:"id"`
+	Username     string    `json:"username"`
+	Nickname     string    `json:"nickname"`
+	Email        string    `json:"email"`
+	Phone        string    `json:"phone"`
+	DepartmentID int       `json:"department_id"`
+	State        int       `json:"state"`
+	Ctime        time.Time `json:"ctime"`
+	Mtime        time.Time `json:"mtime"`
+}
+
+// TableName return table name
+func (a *User) TableName() string {
+	return "user"
+}
+
+// UserPager def.
+type UserPager struct {
+	Pn    int     `json:"pn"`
+	Ps    int     `json:"ps"`
+	Items []*User `json:"items"`
+}
+
+// auth table
+
+// AuthAssign struct info of table auth_assignment
+type AuthAssign struct {
+	ID     int64     `json:"id"`
+	ItemID int64     `json:"item_id"`
+	UserID int64     `json:"user_id"`
+	Ctime  time.Time `json:"ctime"`
+}
+
+// TableName return table name
+func (a AuthAssign) TableName() string {
+	return "auth_assignment"
+}
+
+// AuthItem struct info of table auth_item
+type AuthItem struct {
+	ID          int64     `json:"id"`
+	Name        string    `json:"name"`
+	Type        int       `json:"type"`
+	Description string    `json:"description"`
+	RuleID      int64     `json:"rule_id"`
+	Data        string    `json:"data"`
+	Ctime       time.Time `json:"ctime"`
+	Mtime       time.Time `json:"mtime"`
+}
+
+// TableName return table name
+func (a AuthItem) TableName() string {
+	return "auth_item"
+}
+
+// AuthItemChild stuct info of table auth_item_child
+type AuthItemChild struct {
+	ID     int64 `json:"id"`
+	Parent int64 `json:"parent"`
+	Child  int64 `json:"child"`
+}
+
+// TableName return table name
+func (a AuthItemChild) TableName() string {
+	return "auth_item_child"
+}
+
+// Role role info.
+type Role struct {
+	ID          int64    `json:"id"`
+	OrgName     string   `json:"org_name"`
+	RoleName    string   `json:"name"`
+	Users       []string `json:"users"`
+	Description string   `json:"description"`
+}
+
+// RoleAss .
+type RoleAss struct {
+	ID     int64     `json:"id" gorm:"column:id"`
+	RoleID int64     `json:"role_id" gorm:"column:role_id"`
+	UserID int64     `json:"user_id" gorm:"column:user_id"`
+	Ctime  time.Time `json:"ctime" gorm:"-"`
+}
+
+// Org org info.
+type Org struct {
+	ID          int64    `json:"id"`
+	Name        string   `json:"name"`
+	Users       []string `json:"users"`
+	Description string   `json:"description"`
+}
+
+// AuthOrg org info.
+type AuthOrg struct {
+	ID   int64  `json:"id"`
+	Name string `json:"name"`
+	Type int    `json:"-"` // group or role, ignore it when transform to json
+}
+
+// TableName return table name
+func (a AuthOrg) TableName() string {
+	return "auth_item"
+}
+
+// RespPerm response Permission
+type RespPerm struct {
+	Res    []string
+	Admin  bool
+	Groups []*AuthOrg
+	Roles  []*AuthOrg
+}
+
+// AssignRole auth assignment info.
+type AssignRole struct {
+	Parent     string      `json:"parent"`
+	Name       string      `json:"name"`
+	Assignable []*AuthItem `json:"children"`
+	Items      []int64     `json:"items"`
+}
+
+// AssignOrg auth assignment info.
+type AssignOrg struct {
+	Name       string      `json:"name"`
+	Assignable []*AuthItem `json:"children"`
+	Items      []int64     `json:"items"`
+}
--- a/app/admin/main/manager/server/grpc/BUILD
+++ b/app/admin/main/manager/server/grpc/BUILD
@@ -0,0 +1,34 @@
+package(default_visibility = ["//visibility:public"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_library",
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = ["server.go"],
+    importpath = "go-common/app/admin/main/manager/server/grpc",
+    tags = ["automanaged"],
+    visibility = ["//visibility:public"],
+    deps = [
+        "//app/admin/main/manager/api:go_default_library",
+        "//app/admin/main/manager/service:go_default_library",
+        "//library/log:go_default_library",
+        "//library/net/rpc/warden:go_default_library",
+    ],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [":package-srcs"],
+    tags = ["automanaged"],
+    visibility = ["//visibility:public"],
+)
--- a/app/admin/main/manager/server/grpc/server.go
+++ b/app/admin/main/manager/server/grpc/server.go
@@ -0,0 +1,45 @@
+package grpc
+
+import (
+	"context"
+
+	pb "go-common/app/admin/main/manager/api"
+	"go-common/app/admin/main/manager/service"
+	"go-common/library/log"
+	"go-common/library/net/rpc/warden"
+)
+
+// server .
+type server struct {
+	srv *service.Service
+}
+
+// New return warden server.
+func New(cfg *warden.ServerConfig, srv *service.Service) *warden.Server {
+	w := warden.NewServer(cfg)
+	pb.RegisterPermitServer(w.Server(), &server{srv: srv})
+	var err error
+	if w, err = w.Start(); err != nil {
+		panic(err)
+	}
+	return w
+}
+
+// Login whether login .
+func (s *server) Login(ctx context.Context, req *pb.LoginReq) (*pb.LoginReply, error) {
+	sid, uname, err := s.srv.Login(ctx, req.Mngsid, req.Dsbsid)
+	if err != nil {
+		return nil, err
+	}
+	return &pb.LoginReply{Sid: sid, Username: uname}, nil
+}
+
+// Permissions .
+func (s *server) Permissions(ctx context.Context, req *pb.PermissionReq) (*pb.PermissionReply, error) {
+	tmp, err := s.srv.Permissions(ctx, req.Username)
+	if err != nil {
+		log.Error("s.Permissions error(%v)", err)
+		return nil, err
+	}
+	return &pb.PermissionReply{Uid: tmp.UID, Perms: tmp.Perms}, nil
+}
--- a/app/admin/main/manager/server/http/BUILD
+++ b/app/admin/main/manager/server/http/BUILD
@@ -0,0 +1,49 @@
+package(default_visibility = ["//visibility:public"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_library",
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "business.go",
+        "department.go",
+        "http.go",
+        "journal.go",
+        "rank.go",
+        "reason.go",
+        "tag.go",
+        "user.go",
+    ],
+    importpath = "go-common/app/admin/main/manager/server/http",
+    tags = ["automanaged"],
+    visibility = ["//visibility:public"],
+    deps = [
+        "//app/admin/main/manager/conf:go_default_library",
+        "//app/admin/main/manager/model:go_default_library",
+        "//app/admin/main/manager/service:go_default_library",
+        "//library/ecode:go_default_library",
+        "//library/log:go_default_library",
+        "//library/net/http/blademaster:go_default_library",
+        "//library/net/http/blademaster/middleware/permit:go_default_library",
+        "//library/net/http/blademaster/middleware/verify:go_default_library",
+        "//library/net/rpc/warden:go_default_library",
+        "//library/xstr:go_default_library",
+    ],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [":package-srcs"],
+    tags = ["automanaged"],
+    visibility = ["//visibility:public"],
+)
--- a/app/admin/main/manager/server/http/business.go
+++ b/app/admin/main/manager/server/http/business.go
@@ -0,0 +1,235 @@
+package http
+
+import (
+	"strconv"
+
+	"go-common/app/admin/main/manager/model"
+	"go-common/library/ecode"
+	bm "go-common/library/net/http/blademaster"
+)
+
+// addBusiness .
+func addBusiness(c *bm.Context) {
+	b := &model.Business{}
+	if err := c.Bind(b); err != nil {
+		return
+	}
+	c.JSON(nil, mngSvc.AddBusiness(c, b))
+}
+
+// updateBusiness .
+func updateBusiness(c *bm.Context) {
+	b := &model.Business{}
+	if err := c.Bind(b); err != nil {
+		return
+	}
+	if b.ID <= 0 {
+		c.JSON(nil, ecode.RequestErr)
+		return
+	}
+	c.JSON(nil, mngSvc.UpdateBusiness(c, b))
+}
+
+// addRole .
+func addRole(c *bm.Context) {
+	br := &model.BusinessRole{}
+	if err := c.Bind(br); err != nil {
+		return
+	}
+	c.JSON(nil, mngSvc.AddRole(c, br))
+}
+
+// updateRole .
+func updateRole(c *bm.Context) {
+	br := &model.BusinessRole{}
+	if err := c.Bind(br); err != nil {
+		return
+	}
+	if br.ID <= 0 {
+		c.JSON(nil, ecode.RequestErr)
+		return
+	}
+	c.JSON(nil, mngSvc.UpdateRole(c, br))
+}
+
+// addUser .
+func addUser(c *bm.Context) {
+	res := map[string]interface{}{}
+	bur := &model.BusinessUserRole{}
+	if err := c.Bind(bur); err != nil {
+		return
+	}
+	if cuid, exists := c.Get("uid"); exists {
+		bur.CUID = cuid.(int64)
+	}
+	if err := mngSvc.AddUser(c, bur); err != nil {
+		if err == ecode.ManagerUIDNOTExist {
+			res["message"] = "这个uid是不存在的, 请你不要乱来哦!"
+			c.JSONMap(res, ecode.ManagerUIDNOTExist)
+			return
+		}
+		c.JSON(nil, err)
+		return
+	}
+	c.JSON(nil, nil)
+}
+
+// updateUser .
+func updateUser(c *bm.Context) {
+	bur := &model.BusinessUserRole{}
+	if err := c.Bind(bur); err != nil {
+		return
+	}
+	if bur.ID <= 0 {
+		c.JSON(nil, ecode.RequestErr)
+		return
+	}
+	c.JSON(nil, mngSvc.UpdateUser(c, bur))
+}
+
+// stateUpdate .
+func updateState(c *bm.Context) {
+	su := &model.StateUpdate{}
+	res := map[string]interface{}{}
+	if err := c.Bind(su); err != nil {
+		return
+	}
+	if err := mngSvc.UpdateState(c, su); err != nil {
+		if err == ecode.ManagerFlowForbidden {
+			res["message"] = "business flow is forbidden"
+			c.JSONMap(res, ecode.ManagerFlowForbidden)
+			return
+		}
+		c.JSON(nil, err)
+		return
+	}
+	c.JSON(nil, nil)
+}
+
+// businessList .
+func businessList(c *bm.Context) {
+	bp := &model.BusinessListParams{}
+	if err := c.Bind(bp); err != nil {
+		return
+	}
+	if uid, exists := c.Get("uid"); exists {
+		bp.UID = uid.(int64)
+	}
+	c.JSON(mngSvc.BusinessList(c, bp))
+}
+
+// flowList .
+func flowList(c *bm.Context) {
+	bp := &model.BusinessListParams{}
+	if err := c.Bind(bp); err != nil {
+		return
+	}
+	if uid, exists := c.Get("uid"); exists {
+		bp.UID = uid.(int64)
+	}
+	c.JSON(mngSvc.FlowList(c, bp))
+}
+
+// userList .
+func userList(c *bm.Context) {
+	isAdmin := false
+	u := &model.UserListParams{}
+	if err := c.Bind(u); err != nil {
+		return
+	}
+	if uid, exists := c.Get("uid"); exists {
+		isAdmin = mngSvc.IsAdmin(c, u.BID, uid.(int64))
+	}
+	data, total, err := mngSvc.UserList(c, u)
+	if err != nil {
+		c.JSON(nil, err)
+		return
+	}
+	page := map[string]int64{
+		"num":   u.PN,
+		"size":  u.PS,
+		"total": total,
+	}
+	c.JSON(map[string]interface{}{
+		"page":    page,
+		"data":    data,
+		"isAdmin": isAdmin,
+	}, err)
+}
+
+// roleList .
+func roleList(c *bm.Context) {
+	br := &model.BusinessRole{}
+	if err := c.Bind(br); err != nil {
+		return
+	}
+	if uid, exists := c.Get("uid"); exists {
+		br.UID = uid.(int64)
+	}
+	c.JSON(mngSvc.RoleList(c, br))
+}
+
+// deleteUser .
+func deleteUser(c *bm.Context) {
+	bur := &model.BusinessUserRole{}
+	if err := c.Bind(bur); err != nil {
+		return
+	}
+	if bur.ID <= 0 {
+		c.JSON(nil, ecode.RequestErr)
+		return
+	}
+	c.JSON(nil, mngSvc.DeleteUser(c, bur))
+}
+
+// userRole .
+func userRole(c *bm.Context) {
+	brl := &model.BusinessUserRoleList{}
+	if err := c.Bind(brl); err != nil {
+		return
+	}
+	if brl.BID <= 0 {
+		c.JSON(nil, ecode.RequestErr)
+		return
+	}
+	if brl.UID <= 0 {
+		if uid, exists := c.Get("uid"); exists {
+			uid = uid.(int64)
+		}
+	}
+	c.JSON(mngSvc.UserRole(c, brl))
+}
+
+// userRoles .
+func userRoles(c *bm.Context) {
+	uid, _ := strconv.ParseInt(c.Request.Form.Get("uid"), 10, 64)
+	if uid <= 0 {
+		c.JSON(nil, ecode.RequestErr)
+		return
+	}
+	c.JSON(mngSvc.UserRoles(c, uid))
+}
+
+// userRoles .
+func stateUp(c *bm.Context) {
+	p := &model.UserStateUp{}
+	if err := c.Bind(p); err != nil {
+		return
+	}
+	c.JSON(nil, mngSvc.StateUp(c, p))
+}
+
+// allRoles .
+func allRoles(c *bm.Context) {
+	pid, _ := strconv.ParseInt(c.Request.Form.Get("pid"), 10, 64)
+	if pid <= 0 {
+		c.JSON(nil, ecode.RequestErr)
+		return
+	}
+	uid, _ := strconv.ParseInt(c.Request.Form.Get("uid"), 10, 64)
+	if uid <= 0 {
+		c.JSON(nil, ecode.RequestErr)
+		return
+	}
+	c.JSON(mngSvc.AllRoles(c, pid, uid))
+}
--- a/app/admin/main/manager/server/http/department.go
+++ b/app/admin/main/manager/server/http/department.go
@@ -0,0 +1,41 @@
+package http
+
+import (
+	"strconv"
+
+	"go-common/library/ecode"
+	"go-common/library/log"
+	bm "go-common/library/net/http/blademaster"
+)
+
+// departments .
+func departments(c *bm.Context) {
+	c.JSON(mngSvc.Departments(c))
+}
+
+// roles .
+func roles(c *bm.Context) {
+	c.JSON(mngSvc.Roles(c))
+}
+
+// userByDepartment .
+func usersByDepartment(c *bm.Context) {
+	ID, _ := strconv.ParseInt(c.Request.Form.Get("id"), 10, 64)
+	if ID <= 0 {
+		c.JSON(nil, ecode.RequestErr)
+		log.Error("ID unnarmal (%d)", ID)
+		return
+	}
+	c.JSON(mngSvc.UsersByDepartment(c, ID))
+}
+
+// userByRole .
+func usersByRole(c *bm.Context) {
+	ID, _ := strconv.ParseInt(c.Request.Form.Get("id"), 10, 64)
+	if ID <= 0 {
+		c.JSON(nil, ecode.RequestErr)
+		log.Error("ID unnarmal (%d)", ID)
+		return
+	}
+	c.JSON(mngSvc.UsersByRole(c, ID))
+}
--- a/app/admin/main/manager/server/http/http.go
+++ b/app/admin/main/manager/server/http/http.go
@@ -0,0 +1,147 @@
+package http
+
+import (
+	"net/http"
+
+	"go-common/app/admin/main/manager/conf"
+	"go-common/app/admin/main/manager/service"
+	"go-common/library/log"
+	bm "go-common/library/net/http/blademaster"
+	"go-common/library/net/http/blademaster/middleware/permit"
+	"go-common/library/net/http/blademaster/middleware/verify"
+	"go-common/library/net/rpc/warden"
+)
+
+var (
+	mngSvc    *service.Service
+	vfySvc    *verify.Verify
+	permitSvc *permit.Permit
+)
+
+// Init init http sever instance.
+func Init(c *conf.Config, s *service.Service) {
+	mngSvc = s
+	vfySvc = verify.New(nil)
+	wardenConf := &warden.ClientConfig{
+		NonBlock: true,
+	}
+	permitSvc = permit.New2(wardenConf)
+	// init inner router
+	engine := bm.DefaultServer(c.HTTPServer)
+	innerRouter(engine)
+	// init inner server
+	if err := engine.Start(); err != nil {
+		log.Error("engine.Start error(%v)", err)
+		panic(err)
+	}
+}
+
+func innerRouter(e *bm.Engine) {
+	e.Ping(ping)
+	g := e.Group("/x/admin/manager")
+	{
+		g.GET("/auth", permitSvc.Verify2(), authUser)
+		g.GET("/heartbeat", permitSvc.Verify2(), heartbeat)
+		g.GET("/logout", logout)
+		g.GET("/permission", vfySvc.Verify, permissions)
+		log := g.Group("/log", permitSvc.Permit2(""))
+		{
+			log.GET("/audit", searchLogAudit)
+			log.GET("/action", searchLogAction)
+		}
+		internal := g.Group("/internal", vfySvc.Verify)
+		{
+			internal.GET("/user/role", userRole)
+			internal.GET("/business/role", roleList)
+			internal.GET("/tag/list", tagList)
+			internal.GET("/control/list", tagControl)
+			internal.GET("/user/roles", userRoles)
+			internal.GET("/user/state/up", stateUp)
+			internal.GET("/user/list", userList)
+			internal.GET("/roles", allRoles)
+			internal.POST("/role/add", addRole)
+		}
+		gusers := g.Group("/users", vfySvc.Verify)
+		{
+			gusers.GET("/department/all", departments)
+			gusers.GET("/role/all", roles)
+			gusers.GET("/department/relation", usersByDepartment)
+			gusers.GET("/role/relation", usersByRole)
+			gusers.GET("", users)
+			gusers.GET("/total", usersTotal)
+			gusers.GET("/unames", usersNames)
+			gusers.GET("/uids", userIds)
+			gusers.GET("/udepts", usersDepts)
+		}
+		grank := g.Group("/rank", permitSvc.Verify2())
+		{
+			grank.GET("/group/info", rankGroup)
+			grank.GET("/group/list", rankGroups)
+			grank.POST("/group/add", addRankGroup)
+			grank.POST("/group/update", updateRankGroup)
+			grank.POST("/group/del", delRankGroup)
+			grank.POST("/user/add", addRankUser)
+			grank.GET("/user/list", rankUsers)
+			grank.POST("/user/save", saveRankUser)
+			grank.POST("/user/del", delRankUser)
+		}
+		tag := g.Group("/tag", permitSvc.Permit2(""))
+		{
+			tag.POST("/type/add", addType)
+			tag.POST("/type/update", updateType)
+			tag.POST("/type/delete", deleteType)
+			tag.POST("/add", addTag)
+			tag.POST("/update", updateTag)
+			tag.POST("/batch/state/update", batchUpdateState)
+			tag.POST("/control/add", addControl)
+			tag.POST("/control/update", updateControl)
+			tag.POST("/attr/update", attrUpdate)
+			tag.GET("/attr/list", attrList)
+			tag.GET("/list", tagList)
+			tag.GET("/type/list", typeList)
+			tag.GET("/control", tagControl)
+		}
+		reason := g.Group("/reason", permitSvc.Permit2(""))
+		{
+			reason.GET("/catesecext/list", cateSecExtList)
+			reason.POST("/catesecext/add", addCateSecExt)
+			reason.POST("/catesecext/update", updateCateSecExt)
+			reason.POST("/catesecext/ban", banCateSecExt)
+			reason.GET("/association/list", associationList)
+			reason.POST("/association/add", addAssociation)
+			reason.POST("/association/update", updateAssociation)
+			reason.POST("/association/ban", banAssociation)
+			reason.GET("/list", reasonList)
+			reason.POST("/add", addReason)
+			reason.POST("/update", updateReason)
+			reason.POST("/batch/state/update", batchUpdateReasonState)
+			reason.GET("/dropdown/list", dropDownList)
+			reason.GET("/business/attr", businessAttr)
+		}
+		business := g.Group("/business", permitSvc.Permit2(""))
+		{
+			business.POST("/add", addBusiness)
+			business.POST("/update", updateBusiness)
+			business.POST("/role/add", addRole)
+			business.POST("/role/update", updateRole)
+			business.POST("/user/add", addUser)
+			business.POST("/user/update", updateUser)
+			business.POST("/state/update", updateState)
+			business.POST("/user/delete", deleteUser)
+			business.GET("/list", businessList)
+			business.GET("/flow/list", flowList)
+			business.GET("/user/list", userList)
+			business.GET("/role/list", roleList)
+			business.GET("/user/role", userRole)
+		}
+	}
+}
+
+// ping check server ok.
+func ping(c *bm.Context) {
+	var err error
+	if err = mngSvc.Ping(c); err != nil {
+		log.Error("service ping error(%v)", err)
+		c.AbortWithStatus(http.StatusServiceUnavailable)
+	}
+}
--- a/app/admin/main/manager/server/http/journal.go
+++ b/app/admin/main/manager/server/http/journal.go
@@ -0,0 +1,39 @@
+package http
+
+import (
+	"fmt"
+
+	bm "go-common/library/net/http/blademaster"
+)
+
+// searchLogAudit .
+func searchLogAudit(c *bm.Context) {
+	var (
+		err    error
+		result []byte
+	)
+	if result, err = mngSvc.SearchLogAudit(c); err != nil {
+		c.Bytes(-500, "application/csv", nil)
+		return
+	}
+	c.Writer.Header().Set("Content-Type", "application/csv")
+	c.Writer.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=%s.csv", "Authority_Record"))
+	c.Writer.Write([]byte("\xEF\xBB\xBF"))
+	c.Writer.Write(result)
+}
+
+// searchLogAction .
+func searchLogAction(c *bm.Context) {
+	var (
+		err    error
+		result []byte
+	)
+	if result, err = mngSvc.SearchLogAction(c); err != nil {
+		c.Bytes(-500, "application/csv", nil)
+		return
+	}
+	c.Writer.Header().Set("Content-Type", "application/csv")
+	c.Writer.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=%s.csv", "Authority_Record"))
+	c.Writer.Write([]byte("\xEF\xBB\xBF"))
+	c.Writer.Write(result)
+}
--- a/app/admin/main/manager/server/http/rank.go
+++ b/app/admin/main/manager/server/http/rank.go
@@ -0,0 +1,172 @@
+package http
+
+import (
+	"encoding/json"
+	"strconv"
+
+	"go-common/app/admin/main/manager/conf"
+	"go-common/app/admin/main/manager/model"
+	"go-common/library/ecode"
+	"go-common/library/log"
+	bm "go-common/library/net/http/blademaster"
+	"go-common/library/xstr"
+)
+
+func rankGroups(c *bm.Context) {
+	form := c.Request.Form
+	pn, _ := strconv.Atoi(form.Get("pn"))
+	if pn < 1 {
+		pn = 1
+	}
+	ps, _ := strconv.Atoi(form.Get("ps"))
+	if ps < 1 || ps > conf.Conf.Cfg.RankGroupMaxPs {
+		ps = conf.Conf.Cfg.RankGroupMaxPs
+	}
+	groups, total, err := mngSvc.RankGroups(c, pn, ps)
+	if err != nil {
+		c.JSON(nil, err)
+		return
+	}
+	page := map[string]int{
+		"page":     pn,
+		"pagesize": ps,
+		"total":    total,
+	}
+	c.JSONMap(map[string]interface{}{
+		"pager": page,
+		"data":  groups,
+	}, err)
+}
+
+func rankGroup(c *bm.Context) {
+	form := c.Request.Form
+	gid, _ := strconv.ParseInt(form.Get("id"), 10, 64)
+	if gid <= 0 {
+		c.JSON(nil, ecode.RequestErr)
+		log.Error("id unnarmal (%d)", gid)
+		return
+	}
+	c.JSON(mngSvc.RankGroup(c, gid))
+}
+
+func addRankGroup(c *bm.Context) {
+	form := c.Request.Form
+	name := form.Get("name")
+	if name == "" {
+		c.JSON(nil, ecode.RequestErr)
+		log.Error("name is empty")
+		return
+	}
+	desc := form.Get("desc")
+	auths, _ := xstr.SplitInts(form.Get("auths"))
+	g := &model.RankGroup{Name: name, Desc: desc}
+	c.JSON(mngSvc.AddRankGroup(c, g, auths))
+}
+
+func updateRankGroup(c *bm.Context) {
+	form := c.Request.Form
+	gid, _ := strconv.ParseInt(form.Get("id"), 10, 64)
+	if gid <= 0 {
+		c.JSON(nil, ecode.RequestErr)
+		log.Error("id unnarmal (%d)", gid)
+		return
+	}
+	name := form.Get("name")
+	if name == "" {
+		c.JSON(nil, ecode.RequestErr)
+		log.Error("name is empty")
+		return
+	}
+	desc := form.Get("desc")
+	auths, _ := xstr.SplitInts(form.Get("auths"))
+	g := &model.RankGroup{ID: gid, Name: name, Desc: desc}
+	c.JSON(nil, mngSvc.UpdateRankGroup(c, g, auths))
+}
+
+func delRankGroup(c *bm.Context) {
+	form := c.Request.Form
+	gid, _ := strconv.ParseInt(form.Get("id"), 10, 64)
+	if gid <= 0 {
+		c.JSON(nil, ecode.RequestErr)
+		log.Error("id unnarmal (%d)", gid)
+		return
+	}
+	c.JSON(nil, mngSvc.DelRankGroup(c, gid))
+}
+
+func addRankUser(c *bm.Context) {
+	form := c.Request.Form
+	uid, _ := strconv.ParseInt(form.Get("uid"), 10, 64)
+	if uid <= 0 {
+		c.JSON(nil, ecode.RequestErr)
+		log.Error("uid unnarmal (%d)", uid)
+		return
+	}
+	c.JSON(nil, mngSvc.AddRankUser(c, uid))
+}
+
+func rankUsers(c *bm.Context) {
+	form := c.Request.Form
+	pn, _ := strconv.Atoi(form.Get("pn"))
+	if pn < 1 {
+		pn = 1
+	}
+	ps, _ := strconv.Atoi(form.Get("ps"))
+	if ps < 1 || ps > conf.Conf.Cfg.RankGroupMaxPs {
+		ps = conf.Conf.Cfg.RankGroupMaxPs
+	}
+	un := form.Get("username")
+	users, total, err := mngSvc.RankUsers(c, pn, ps, un)
+	if err != nil {
+		c.JSON(nil, err)
+		return
+	}
+	page := map[string]int{
+		"page":     pn,
+		"pagesize": ps,
+		"total":    total,
+	}
+	c.JSONMap(map[string]interface{}{
+		"pager": page,
+		"data":  users,
+	}, err)
+}
+
+func saveRankUser(c *bm.Context) {
+	form := c.Request.Form
+	uid, _ := strconv.ParseInt(form.Get("uid"), 10, 64)
+	if uid <= 0 {
+		c.JSON(nil, ecode.RequestErr)
+		log.Error("uid unnormal (%d)", uid)
+		return
+	}
+	ranks := form.Get("ranks")
+	if ranks == "" {
+		c.JSON(nil, ecode.RequestErr)
+		log.Error("ranks is empty")
+		return
+	}
+	rs := make(map[string]int)
+	if err := json.Unmarshal([]byte(ranks), &rs); err != nil {
+		c.JSON(nil, ecode.RequestErr)
+		log.Error("ranks unnormal (%s) error(%v)", ranks, err)
+		return
+	}
+	rMap := make(map[int64]int)
+	for g, r := range rs {
+		gid, _ := strconv.ParseInt(g, 10, 64)
+		rMap[gid] = r
+	}
+	c.JSON(nil, mngSvc.SaveRankUser(c, uid, rMap))
+}
+
+func delRankUser(c *bm.Context) {
+	form := c.Request.Form
+	uid, _ := strconv.ParseInt(form.Get("uid"), 10, 64)
+	if uid <= 0 {
+		c.JSON(nil, ecode.RequestErr)
+		log.Error("uid unnormal (%d)", uid)
+		return
+	}
+	c.JSON(nil, mngSvc.DelRankUser(c, uid))
+}
--- a/app/admin/main/manager/server/http/reason.go
+++ b/app/admin/main/manager/server/http/reason.go
@@ -0,0 +1,182 @@
+package http
+
+import (
+	"go-common/app/admin/main/manager/model"
+	"go-common/library/ecode"
+	bm "go-common/library/net/http/blademaster"
+)
+
+// cateSecExtList .
+func cateSecExtList(c *bm.Context) {
+	arg := new(model.CateSecExt)
+	if err := c.Bind(arg); err != nil {
+		return
+	}
+	c.JSON(mngSvc.CateSecExtList(c, arg))
+}
+
+// AssociationList .
+func associationList(c *bm.Context) {
+	// Display all record
+	arg := new(model.Association)
+	if err := c.Bind(arg); err != nil {
+		return
+	}
+	if arg.BusinessID < 0 {
+		c.JSON(nil, ecode.RequestErr)
+		return
+	}
+	c.JSON(mngSvc.AssociationList(c, arg))
+}
+
+// addCateSecExt .
+func addCateSecExt(c *bm.Context) {
+	arg := new(model.CateSecExt)
+	if err := c.Bind(arg); err != nil {
+		return
+	}
+	c.JSON(nil, mngSvc.AddCateSecExt(c, arg))
+}
+
+// updateCateSecExt .
+func updateCateSecExt(c *bm.Context) {
+	arg := new(model.CateSecExt)
+	if err := c.Bind(arg); err != nil {
+		return
+	}
+	if arg.ID <= 0 {
+		c.JSON(nil, ecode.RequestErr)
+		return
+	}
+	c.JSON(nil, mngSvc.UpdateCateSecExt(c, arg))
+}
+
+// banCateSecExt .
+func banCateSecExt(c *bm.Context) {
+	arg := new(model.CateSecExt)
+	if err := c.Bind(arg); err != nil {
+		return
+	}
+	if arg.ID <= 0 {
+		c.JSON(nil, ecode.RequestErr)
+		return
+	}
+	c.JSON(nil, mngSvc.BanCateSecExt(c, arg))
+}
+
+// addAssociation .
+func addAssociation(c *bm.Context) {
+	arg := new(model.Association)
+	if err := c.Bind(arg); err != nil {
+		return
+	}
+	c.JSON(nil, mngSvc.AddAssociation(c, arg))
+}
+
+// updateAssociation .
+func updateAssociation(c *bm.Context) {
+	arg := new(model.Association)
+	if err := c.Bind(arg); err != nil {
+		return
+	}
+	if arg.ID <= 0 {
+		c.JSON(nil, ecode.RequestErr)
+		return
+	}
+	c.JSON(nil, mngSvc.UpdateAssociation(c, arg))
+}
+
+// banAssocaition .
+func banAssociation(c *bm.Context) {
+	arg := new(model.Association)
+	if err := c.Bind(arg); err != nil {
+		return
+	}
+	if arg.ID <= 0 {
+		c.JSON(nil, ecode.RequestErr)
+		return
+	}
+	c.JSON(nil, mngSvc.BanAssociation(c, arg))
+}
+
+// addReason .
+func addReason(c *bm.Context) {
+	arg := new(model.Reason)
+	if err := c.Bind(arg); err != nil {
+		return
+	}
+	if uid, exists := c.Get("uid"); exists {
+		arg.UID = uid.(int64)
+	}
+	c.JSON(nil, mngSvc.AddReason(c, arg))
+}
+
+// updateReason .
+func updateReason(c *bm.Context) {
+	arg := new(model.Reason)
+	if err := c.Bind(arg); err != nil {
+		return
+	}
+	if uid, exists := c.Get("uid"); exists {
+		arg.UID = uid.(int64)
+	}
+	if arg.ID <= 0 {
+		c.JSON(nil, ecode.RequestErr)
+		return
+	}
+	c.JSON(nil, mngSvc.UpdateReason(c, arg))
+}
+
+// reasonList .
+func reasonList(c *bm.Context) {
+	arg := new(model.SearchReasonParams)
+	if err := c.Bind(arg); err != nil {
+		return
+	}
+	data, total, err := mngSvc.ReasonList(c, arg)
+	if err != nil {
+		c.JSON(nil, err)
+		return
+	}
+	page := map[string]int64{
+		"num":   arg.PN,
+		"size":  arg.PS,
+		"total": total,
+	}
+	c.JSON(map[string]interface{}{
+		"page": page,
+		"data": data,
+	}, err)
+}
+
+// batchUpdateReasonState .
+func batchUpdateReasonState(c *bm.Context) {
+	arg := new(model.BatchUpdateReasonState)
+	if err := c.Bind(arg); err != nil {
+		return
+	}
+	c.JSON(nil, mngSvc.BatchUpdateReasonState(c, arg))
+}
+
+// dropList .
+func dropDownList(c *bm.Context) {
+	arg := new(model.Association)
+	if err := c.Bind(arg); err != nil {
+		return
+	}
+	if arg.BusinessID < 0 {
+		c.JSON(nil, ecode.RequestErr)
+		return
+	}
+	c.JSON(mngSvc.DropDownList(c, arg))
+}
+
+// businessAttr .
+func businessAttr(c *bm.Context) {
+	arg := &model.BusinessAttr{}
+	if err := c.Bind(arg); err != nil {
+		c.JSON(nil, ecode.RequestErr)
+		return
+	}
+	c.JSON(mngSvc.BusinessAttr(c, arg))
+}
--- a/app/admin/main/manager/server/http/tag.go
+++ b/app/admin/main/manager/server/http/tag.go
@@ -0,0 +1,172 @@
+package http
+
+import (
+	"go-common/app/admin/main/manager/model"
+	"go-common/library/ecode"
+	bm "go-common/library/net/http/blademaster"
+)
+
+// addType .
+func addType(c *bm.Context) {
+	tt := &model.TagType{}
+	if err := c.Bind(tt); err != nil {
+		return
+	}
+	c.JSON(nil, mngSvc.AddType(c, tt))
+}
+
+// updateType .
+func updateType(c *bm.Context) {
+	tt := &model.TagType{}
+	if err := c.Bind(tt); err != nil {
+		return
+	}
+	c.JSON(nil, mngSvc.UpdateType(c, tt))
+}
+
+// deleteType .
+func deleteType(c *bm.Context) {
+	td := &model.TagTypeDel{}
+	res := map[string]interface{}{}
+	if err := c.Bind(td); err != nil {
+		return
+	}
+	if td.ID <= 0 {
+		c.JSON(nil, ecode.RequestErr)
+		return
+	}
+	if err := mngSvc.DeleteType(c, td); err != nil {
+		if err == ecode.ManagerTagTypeDelErr {
+			res["message"] = "这个类型下可是关联了Tag的哦，你真的考虑清楚了吗???"
+			c.JSONMap(res, ecode.ManagerTagTypeDelErr)
+			return
+		}
+		c.JSON(nil, err)
+		return
+	}
+	c.JSON(nil, nil)
+
+}
+
+// addTag .
+func addTag(c *bm.Context) {
+	t := &model.Tag{}
+	if err := c.Bind(t); err != nil {
+		return
+	}
+	if uid, exists := c.Get("uid"); exists {
+		t.UID = uid.(int64)
+	}
+	c.JSON(nil, mngSvc.AddTag(c, t))
+}
+
+// updateTag .
+func updateTag(c *bm.Context) {
+	t := &model.Tag{}
+	if err := c.Bind(t); err != nil {
+		return
+	}
+	if t.ID <= 0 {
+		c.JSON(nil, ecode.RequestErr)
+		return
+	}
+	c.JSON(nil, mngSvc.UpdateTag(c, t))
+}
+
+// batchUpdateState .
+func batchUpdateState(c *bm.Context) {
+	b := &model.BatchUpdateState{}
+	if err := c.Bind(b); err != nil {
+		return
+	}
+	c.JSON(nil, mngSvc.BatchUpdateState(c, b))
+}
+
+// tagList .
+func tagList(c *bm.Context) {
+	t := &model.SearchTagParams{}
+	if err := c.Bind(t); err != nil {
+		return
+	}
+	data, total, err := mngSvc.TagList(c, t)
+	if err != nil {
+		c.JSON(nil, err)
+		return
+	}
+	page := map[string]int64{
+		"num":   t.PN,
+		"size":  t.PS,
+		"total": total,
+	}
+
+	c.JSON(map[string]interface{}{
+		"page": page,
+		"data": data,
+	}, err)
+}
+
+// typeList .
+func typeList(c *bm.Context) {
+	tl := &model.TagTypeList{}
+	if err := c.Bind(tl); err != nil {
+		return
+	}
+	if tl.BID <= 0 {
+		c.JSON(nil, ecode.RequestErr)
+		return
+	}
+	c.JSON(mngSvc.TypeList(c, tl))
+}
+
+// attrList .
+func attrList(c *bm.Context) {
+	tba := &model.TagBusinessAttr{}
+	if err := c.Bind(tba); err != nil {
+		return
+	}
+	if tba.Bid <= 0 {
+		c.JSON(nil, ecode.RequestErr)
+		return
+	}
+	c.JSON(mngSvc.AttrList(c, tba))
+}
+
+// attrUpdate .
+func attrUpdate(c *bm.Context) {
+	tba := &model.TagBusinessAttr{}
+	if err := c.Bind(tba); err != nil {
+		return
+	}
+	c.JSON(nil, mngSvc.AttrUpdate(c, tba))
+}
+
+// addControl .
+func addControl(c *bm.Context) {
+	tc := &model.TagControl{}
+	if err := c.Bind(tc); err != nil {
+		return
+	}
+	c.JSON(nil, mngSvc.AddControl(c, tc))
+}
+
+// updateControl .
+func updateControl(c *bm.Context) {
+	tc := &model.TagControl{}
+	if err := c.Bind(tc); err != nil {
+		return
+	}
+	if tc.ID <= 0 {
+		c.JSON(nil, ecode.RequestErr)
+		return
+	}
+	c.JSON(nil, mngSvc.UpdateControl(c, tc))
+}
+
+// tagControl .
+func tagControl(c *bm.Context) {
+	tc := &model.TagControlParam{}
+	if err := c.Bind(tc); err != nil {
+		return
+	}
+	c.JSON(mngSvc.TagControl(c, tc))
+}
--- a/app/admin/main/manager/server/http/user.go
+++ b/app/admin/main/manager/server/http/user.go
@@ -0,0 +1,142 @@
+package http
+
+import (
+	"net/http"
+	"strconv"
+	"strings"
+
+	"go-common/library/ecode"
+	"go-common/library/log"
+	bm "go-common/library/net/http/blademaster"
+	"go-common/library/xstr"
+)
+
+const _logout = "http://dashboard-mng.bilibili.co/logout?caller=manager-admin"
+
+func authUser(c *bm.Context) {
+	var (
+		username string
+	)
+	if un, ok := c.Get("username"); ok {
+		username = un.(string)
+	} else {
+		c.JSON(nil, ecode.Unauthorized)
+		return
+	}
+	c.JSON(mngSvc.Auth(c, username))
+}
+
+func logout(c *bm.Context) {
+	// purge mid cache
+	c.Redirect(http.StatusFound, _logout)
+}
+
+func permissions(c *bm.Context) {
+	var username string
+	if username = c.Request.Form.Get("username"); username == "" {
+		c.JSON(nil, ecode.RequestErr)
+		return
+	}
+	c.JSON(mngSvc.Permissions(c, username))
+}
+
+func users(c *bm.Context) {
+	var (
+		err    error
+		pn, ps int
+		params = c.Request.Form
+		pnStr  = params.Get("pn")
+		psStr  = params.Get("ps")
+	)
+	if pn, err = strconv.Atoi(pnStr); err != nil || pn <= 0 {
+		pn = 1
+	}
+	if ps, err = strconv.Atoi(psStr); err != nil || ps <= 0 {
+		ps = 20
+	}
+	c.JSON(mngSvc.Users(c, pn, ps))
+}
+
+func usersTotal(c *bm.Context) {
+	var (
+		err   error
+		total int64
+	)
+	if total, err = mngSvc.UsersTotal(c); err != nil {
+		log.Error("mngSvc.UsersTotal error(%v)", err)
+		c.JSON(nil, err)
+		return
+	}
+	c.JSON(struct {
+		Total int64 `json:"total"`
+	}{total}, nil)
+}
+
+func heartbeat(c *bm.Context) {
+	un, ok := c.Get("username")
+	if !ok {
+		log.Error("username not found in context")
+		return
+	}
+	c.JSON(nil, mngSvc.Heartbeat(c, un.(string)))
+}
+
+// batch check unames
+func usersNames(c *bm.Context) {
+	var (
+		err    error
+		params = c.Request.Form
+		uids   string
+		uidsV  []int64
+		items  map[int64]string
+	)
+	if uids = params.Get("uids"); uids == "" {
+		c.JSON(nil, ecode.RequestErr)
+		return
+	}
+	if uidsV, err = xstr.SplitInts(uids); err != nil {
+		log.Error("mngSvc.Unames(%s) error(%v)", uids, err)
+		c.JSON(nil, err)
+		return
+	}
+	items = mngSvc.Unames(c, uidsV)
+	c.JSON(items, nil)
+}
+
+// batch check users' departments
+func usersDepts(c *bm.Context) {
+	var (
+		err    error
+		params = c.Request.Form
+		uids   string
+		uidsV  []int64
+		items  map[int64]string
+	)
+	if uids = params.Get("uids"); uids == "" {
+		c.JSON(nil, ecode.RequestErr)
+		return
+	}
+	if uidsV, err = xstr.SplitInts(uids); err != nil {
+		log.Error("mngSvc.Udepts(%s) error(%v)", uids, err)
+		c.JSON(nil, err)
+		return
+	}
+	items = mngSvc.Udepts(c, uidsV)
+	c.JSON(items, nil)
+}
+
+func userIds(c *bm.Context) {
+	var (
+		params  = c.Request.Form
+		unames  string
+		unamesV []string
+		items   map[string]int64
+	)
+	if unames = params.Get("unames"); unames == "" {
+		c.JSON(nil, ecode.RequestErr)
+		return
+	}
+	unamesV = strings.Split(unames, ",")
+	items = mngSvc.UIds(c, unamesV)
+	c.JSON(items, nil)
+}
--- a/app/admin/main/manager/service/BUILD
+++ b/app/admin/main/manager/service/BUILD
@@ -0,0 +1,62 @@
+package(default_visibility = ["//visibility:public"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_test",
+    "go_library",
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = ["service_test.go"],
+    embed = [":go_default_library"],
+    rundir = ".",
+    tags = ["automanaged"],
+    deps = [
+        "//app/admin/main/manager/conf:go_default_library",
+        "//vendor/github.com/smartystreets/goconvey/convey:go_default_library",
+    ],
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "auth.go",
+        "business.go",
+        "department.go",
+        "journal.go",
+        "permit.go",
+        "rank.go",
+        "reason.go",
+        "service.go",
+        "tag.go",
+        "user.go",
+    ],
+    importpath = "go-common/app/admin/main/manager/service",
+    tags = ["automanaged"],
+    deps = [
+        "//app/admin/main/manager/conf:go_default_library",
+        "//app/admin/main/manager/dao:go_default_library",
+        "//app/admin/main/manager/model:go_default_library",
+        "//library/ecode:go_default_library",
+        "//library/log:go_default_library",
+        "//library/net/http/blademaster:go_default_library",
+        "//library/net/http/blademaster/middleware/permit:go_default_library",
+        "//vendor/github.com/jinzhu/gorm:go_default_library",
+        "//vendor/github.com/pkg/errors:go_default_library",
+    ],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [":package-srcs"],
+    tags = ["automanaged"],
+    visibility = ["//visibility:public"],
+)
--- a/app/admin/main/manager/service/auth.go
+++ b/app/admin/main/manager/service/auth.go
@@ -0,0 +1,85 @@
+package service
+
+import (
+	"go-common/app/admin/main/manager/model"
+	"go-common/library/log"
+)
+
+func (s *Service) authItems(typ int) (items []*model.AuthItem, err error) {
+	if err = s.dao.DB().Where("type = ?", typ).Find(&items).Error; err != nil {
+		log.Error("s.authItem(%d) error(%v)", typ, err)
+	}
+	return
+}
+
+func (s *Service) assigns(id int) (assigns []*model.AuthAssign, err error) {
+	if err = s.dao.DB().Where("item_id = ?", id).Find(&assigns).Error; err != nil {
+		log.Error("s.assigns(%d) error(%v)", id, err)
+	}
+	return
+}
+
+// admins
+func (s *Service) adms() (as map[int64]bool, err error) {
+	assigns, err := s.assigns(model.Admin)
+	if err != nil {
+		return
+	}
+	as = make(map[int64]bool)
+	for _, v := range assigns {
+		as[v.UserID] = true
+	}
+	return
+}
+
+// points
+func (s *Service) ptrs() (ps []*model.AuthItem, mps map[int64]*model.AuthItem, err error) {
+	ps, err = s.authItems(model.TypePointer)
+	if err != nil {
+		return
+	}
+	mps = make(map[int64]*model.AuthItem)
+	for _, v := range ps {
+		mps[v.ID] = v
+	}
+	return
+}
+
+func (s *Service) roleAuths() (ra map[int64][]int64, err error) {
+	var aic []*model.AuthItemChild
+	if err = s.dao.DB().Joins("left join auth_item on auth_item_child.parent=auth_item.id").Where("auth_item.type=?", model.TypeRole).Find(&aic).Error; err != nil {
+		log.Error("s.roleAuths() error(%v)", err)
+		return
+	}
+	ra = make(map[int64][]int64)
+	for _, v := range aic {
+		ra[v.Parent] = append(ra[v.Parent], v.Child)
+	}
+	return
+}
+
+func (s *Service) groupAuths() (ga map[int64][]int64, err error) {
+	var aic []*model.AuthItemChild
+	if err = s.dao.DB().Joins("left join auth_item on auth_item_child.parent=auth_item.id").Where("auth_item.type=?", model.TypeGroup).Find(&aic).Error; err != nil {
+		log.Error("s.groupAuths() error(%v)", err)
+		return
+	}
+	ga = make(map[int64][]int64)
+	for _, v := range aic {
+		ga[v.Parent] = append(ga[v.Parent], v.Child)
+	}
+	return
+}
+
+func (s *Service) orgAuths() (gsInfo map[int64]*model.AuthOrg, err error) {
+	var aic []*model.AuthOrg
+	if err = s.dao.DB().Where("auth_item.type IN (?,?)", model.TypeGroup, model.TypeRole).Find(&aic).Error; err != nil {
+		log.Error("s.groups() error(%v)", err)
+		return
+	}
+	gsInfo = make(map[int64]*model.AuthOrg)
+	for _, v := range aic {
+		gsInfo[v.ID] = v
+	}
+	return
+}
--- a/app/admin/main/manager/service/business.go
+++ b/app/admin/main/manager/service/business.go
@@ -0,0 +1,563 @@
+package service
+
+import (
+	"context"
+	"sort"
+	"strconv"
+	"strings"
+
+	"go-common/app/admin/main/manager/model"
+	"go-common/library/ecode"
+	"go-common/library/log"
+)
+
+// AddBusiness .
+func (s *Service) AddBusiness(c context.Context, b *model.Business) (err error) {
+	if err = s.dao.AddBusiness(c, b); err != nil {
+		log.Error("s.dao.AddBusiness error(%v)", err)
+	}
+	return
+}
+
+// UpdateBusiness .
+func (s *Service) UpdateBusiness(c context.Context, b *model.Business) (err error) {
+	flowState := []int64{}
+	binStr := strconv.FormatInt(b.Flow, 2)
+	for k, v := range []byte(binStr) {
+		if string(v) == "1" {
+			flowState = append(flowState, int64(len(binStr)-k))
+		}
+	}
+	if err = s.dao.BatchUpdateChildState(c, b.ID, flowState); err != nil {
+		log.Error("s.dao.BatchUpdateChildState error(%v)", err)
+		return
+	}
+	if err = s.dao.UpdateBusiness(c, b); err != nil {
+		log.Error("s.dao.UpdateBusiness error(%v)", err)
+	}
+	return
+}
+
+// AddRole .
+func (s *Service) AddRole(c context.Context, br *model.BusinessRole) (err error) {
+	var (
+		maxRid    interface{}
+		maxRidInt int64
+	)
+	if maxRid, err = s.dao.MaxRidByBid(c, br.BID); err != nil {
+		return
+	}
+	if maxRid != nil {
+		maxRidInt = maxRid.(int64)
+	}
+	maxRidInt++
+	br.RID = maxRidInt
+	if err = s.dao.AddRole(c, br); err != nil {
+		log.Error("s.dao.AddRole error(%v)", err)
+	}
+	return
+}
+
+// UpdateRole .
+func (s *Service) UpdateRole(c context.Context, br *model.BusinessRole) (err error) {
+	if err = s.dao.UpdateRole(c, br); err != nil {
+		log.Error("s.dao.UpdateRole error(%v)", err)
+	}
+	return
+}
+
+// AddUser .
+func (s *Service) AddUser(c context.Context, bur *model.BusinessUserRole) (err error) {
+	for _, uid := range bur.UIDs {
+		if _, ok := s.userNames[uid]; !ok {
+			err = ecode.ManagerUIDNOTExist
+			return
+		}
+	}
+	if err = s.dao.AddUser(c, bur); err != nil {
+		log.Error("s.dao.AddUser error(%v)", err)
+	}
+	return
+}
+
+// UpdateUser .
+func (s *Service) UpdateUser(c context.Context, bur *model.BusinessUserRole) (err error) {
+	if err = s.dao.UpdateUser(c, bur); err != nil {
+		log.Error("s.dao.Update error(%v)", err)
+	}
+	return
+}
+
+// UpdateState .
+func (s *Service) UpdateState(c context.Context, su *model.StateUpdate) (err error) {
+	var (
+		childInfo  *model.BusinessList
+		parentInfo *model.BusinessList
+	)
+	if su.Type == model.BusinessOpenType { // business
+		if su.State == model.BusinessOpenState {
+			if childInfo, err = s.dao.BusinessByID(c, su.ID); err != nil {
+				log.Error("s.dao.BusinessByID param id (%d) error(%v)", su.ID, err)
+				return
+			}
+			if childInfo.PID != 0 {
+				if parentInfo, err = s.dao.BusinessByID(c, childInfo.PID); err != nil {
+					log.Error("s.dao.BusinessByID param id (%d) error(%v)", childInfo, err)
+					return
+				}
+				flowState := map[int64]int64{}
+				binStr := strconv.FormatInt(parentInfo.Flow, 2)
+				for k, v := range []byte(binStr) {
+					if string(v) == "1" {
+						flowState[int64(len(binStr)-k)] = int64(len(binStr) - k)
+					}
+				}
+				if _, ok := flowState[childInfo.FlowState]; !ok {
+					err = ecode.ManagerFlowForbidden
+					return
+				}
+			}
+		}
+		if err = s.dao.UpdateBusinessState(c, su); err != nil {
+			log.Error("s.dao.UpdateBusinessState error(%v)", err)
+		}
+		return
+	}
+	// role
+	if err = s.dao.UpdateBusinessRoleState(c, su); err != nil {
+		log.Error("s.dao.UpdateBusinessRoleState error(%v)", err)
+	}
+	return
+}
+
+// BusinessList .
+func (s *Service) BusinessList(c context.Context, bp *model.BusinessListParams) (res []*model.BusinessList, err error) {
+	var (
+		pids        []int64
+		sKeys       []int
+		cKeys       []int
+		pidChildRes map[int64][]*model.BusinessList
+		fKeys       = make(map[int64][]int)
+		pidsMap     = make(map[int64]int64)
+		tempRes     = make(map[int64]*model.BusinessList)
+		childRes    = make(map[int64]*model.BusinessList)
+	)
+	flowBusinessMap := make(map[int64]map[int64][]*model.BusinessList)
+	if tempRes, err = s.dao.ParentBusiness(c, bp.State); err != nil {
+		log.Error("s.dao.ParentBusiness error(%v)", err)
+		return
+	}
+	if len(tempRes) <= 0 {
+		res = []*model.BusinessList{}
+		return
+	}
+	if childRes, err = s.dao.ChildBusiness(c, bp); err != nil {
+		log.Error("s.dao.ChildBusiness error(%v)", err)
+		return
+	}
+	for _, cr := range childRes {
+		cKeys = append(cKeys, int(cr.ID))
+	}
+	// auth verify
+	if bp.Auth > 0 {
+		up := &model.UserListParams{
+			UID:  bp.UID,
+			Role: model.UserRoleDefaultVal,
+		}
+		var userBusiness []*model.BusinessUserRoleList
+		if userBusiness, err = s.dao.UserList(c, up); err != nil {
+			log.Error("s.dao.UserList error(%v)", err)
+			return
+		}
+		if len(userBusiness) <= 0 {
+			res = []*model.BusinessList{}
+			return
+		}
+		bidsMap := make(map[int64]struct{})
+		for _, u := range userBusiness {
+			bidsMap[u.BID] = struct{}{}
+		}
+		cKeys = []int{}
+		for _, cr := range childRes {
+			if _, ok := bidsMap[cr.BID]; ok {
+				cKeys = append(cKeys, int(cr.ID))
+			}
+		}
+	}
+	sort.Ints(cKeys)
+	for _, c := range cKeys {
+		cidR := childRes[int64(c)]
+		if _, ok := pidsMap[cidR.PID]; !ok {
+			pidsMap[cidR.PID] = cidR.PID
+			pids = append(pids, cidR.PID)
+		}
+		cidR.FlowChild = []*model.FlowBusiness{}
+		if _, ok := flowBusinessMap[cidR.PID]; !ok {
+			flowBusinessMap[cidR.PID] = make(map[int64][]*model.BusinessList)
+		}
+		fKeys[cidR.PID] = append(fKeys[cidR.PID], int(cidR.FlowState))
+		flowBusinessMap[cidR.PID][cidR.FlowState] = append(flowBusinessMap[cidR.PID][cidR.FlowState], cidR)
+	}
+	if bp.Check != 0 {
+		if pidChildRes, err = s.dao.ChildBusinessByPIDs(c, pids); err != nil {
+			log.Error("s.dao.ChildBusinessByPIDs error(%v)", err)
+			return
+		}
+	}
+	for k, r := range tempRes {
+		r.FlowChild = []*model.FlowBusiness{}
+		if _, ok := pidChildRes[k]; !ok && bp.Check != 0 {
+			delete(tempRes, k)
+			continue
+		}
+		if _, ok := flowBusinessMap[k]; !ok && bp.Check != 0 {
+			continue
+		}
+		flowsMap := make(map[int]int)
+		flowsSlice := []int{}
+		if flows, ok := fKeys[r.ID]; ok {
+			for _, f := range flows {
+				if _, ok := flowsMap[f]; ok {
+					continue
+				}
+				flowsMap[f] = f
+				flowsSlice = append(flowsSlice, f)
+			}
+			sort.Ints(flowsSlice)
+			for _, f := range flowsSlice {
+				r.FlowChild = append(r.FlowChild, &model.FlowBusiness{
+					FlowState: int64(f),
+					Child:     flowBusinessMap[r.ID][int64(f)],
+				})
+			}
+		}
+		sKeys = append(sKeys, int(k))
+	}
+	sort.Ints(sKeys)
+	for _, k := range sKeys {
+		if _, ok := tempRes[int64(k)]; !ok {
+			continue
+		}
+		res = append(res, tempRes[int64(k)])
+	}
+	return
+}
+
+// FlowList .
+func (s *Service) FlowList(c context.Context, bp *model.BusinessListParams) (res []*model.BusinessList, err error) {
+	var (
+		tempRes = []*model.BusinessList{}
+		userRes = []*model.BusinessUserRoleList{}
+	)
+	res = []*model.BusinessList{}
+	if tempRes, err = s.dao.FlowList(c, bp); err != nil {
+		log.Error("s.dao.FlowList error(%v)", err)
+		return
+	}
+	if bp.Auth <= 0 {
+		res = tempRes
+		return
+	}
+	up := &model.UserListParams{
+		UID:  bp.UID,
+		Role: model.UserRoleDefaultVal,
+	}
+
+	if userRes, err = s.dao.UserList(c, up); err != nil {
+		log.Error("s.dao.UserList error(%v)", err)
+		return
+	}
+	if len(userRes) <= 0 {
+		return
+	}
+	tMap := make(map[int64]*model.BusinessList)
+	for _, t := range tempRes {
+		tMap[t.BID] = t
+	}
+	for _, u := range userRes {
+		if u.Role == "" {
+			continue
+		}
+		if t, ok := tMap[u.BID]; ok {
+			res = append(res, t)
+		}
+	}
+	return
+}
+
+// RoleList .
+func (s *Service) RoleList(c context.Context, br *model.BusinessRole) (res []*model.BusinessRole, err error) {
+	var (
+		rids       = []int{}
+		tempRes    = []*model.BusinessRole{}
+		userRes    = []*model.BusinessUserRoleList{}
+		tempResMap = make(map[int64]*model.BusinessRole)
+	)
+	res = []*model.BusinessRole{}
+	if tempRes, err = s.dao.RoleListByBID(c, br); err != nil {
+		log.Error("s.dao.RoleList error(%v)", err)
+		return
+	}
+	for _, tr := range tempRes {
+		rids = append(rids, int(tr.RID))
+		tempResMap[tr.RID] = tr
+	}
+	if br.Auth <= 0 {
+		res = tempRes
+		return
+	}
+	up := &model.UserListParams{
+		BID:  br.BID,
+		UID:  br.UID,
+		Role: model.UserRoleDefaultVal,
+	}
+	if userRes, err = s.dao.UserList(c, up); err != nil {
+		log.Error("s.dao.UserList error(%v)", err)
+		return
+	}
+	if len(userRes) <= 0 {
+		return
+	}
+	roleStr := userRes[0].Role
+	roleSlice := strings.Split(roleStr, ",")
+	sort.Ints(rids)
+	for _, r := range rids {
+		for _, rs := range roleSlice {
+			rsInt64, _ := strconv.ParseInt(rs, 10, 64)
+			if int64(r) == rsInt64 {
+				res = append(res, tempResMap[int64(r)])
+			}
+		}
+	}
+	return
+}
+
+// UserList .
+func (s *Service) UserList(c context.Context, u *model.UserListParams) (res []*model.BusinessUserRoleList, total int64, err error) {
+	if u.UName != "" {
+		if uid, ok := s.userIds[u.UName]; ok {
+			u.UID = uid
+		}
+	}
+	if res, err = s.dao.UserList(c, u); err != nil {
+		log.Error("s.dao.UserList error(%v)", err)
+		return
+	}
+	rids := []int64{}
+	for _, r := range res {
+		if uname, ok := s.userNames[r.UID]; ok {
+			r.UName = uname
+		}
+		if unickname, ok := s.userNicknames[r.UID]; ok {
+			r.UNickname = unickname
+		}
+		if cuname, ok := s.userNames[r.CUID]; ok {
+			r.CUName = cuname
+		}
+		roleSlice := strings.Split(r.Role, ",")
+		for _, ridStr := range roleSlice {
+			ridInt64, _ := strconv.ParseInt(ridStr, 10, 64)
+			rids = append(rids, ridInt64)
+		}
+	}
+	var roleRes []*model.BusinessRole
+	if roleRes, err = s.dao.RoleListByRIDs(c, u.BID, rids); err != nil {
+		log.Error("s.dao.RoleListByIDs error(%v)", err)
+		return
+	}
+	for _, r := range res {
+		r.RoleName = []string{}
+		rids := strings.Split(r.Role, ",")
+		for _, rid := range rids {
+			ridInt64, _ := strconv.ParseInt(rid, 10, 64)
+			for _, rr := range roleRes {
+				if ridInt64 == rr.RID && r.BID == rr.BID {
+					r.RoleName = append(r.RoleName, rr.Name)
+				}
+			}
+		}
+	}
+	total = int64(len(res))
+	start := (u.PN - 1) * u.PS
+	if start >= total {
+		res = []*model.BusinessUserRoleList{}
+		return
+	}
+	end := start + u.PS
+	if end > total {
+		end = total
+	}
+	res = res[start:end]
+	return
+}
+
+// DeleteUser .
+func (s *Service) DeleteUser(c context.Context, bur *model.BusinessUserRole) (err error) {
+	if err = s.dao.DeleteUser(c, bur); err != nil {
+		log.Error("s.dao.DeleteUser error(%v)", err)
+	}
+	return
+}
+
+// UserRole .
+func (s *Service) UserRole(c context.Context, brl *model.BusinessUserRoleList) (res []*model.UserRole, err error) {
+	var (
+		ridsInt64 []int64
+		userRole  []*model.BusinessUserRoleList
+		roleList  []*model.BusinessRole
+		u         = &model.UserListParams{
+			BID:  brl.BID,
+			UID:  brl.UID,
+			Role: -1,
+		}
+	)
+	if userRole, err = s.dao.UserList(c, u); err != nil {
+		log.Error("s.dao.UserList error(%v)", err)
+		return
+	}
+	if len(userRole) <= 0 {
+		res = []*model.UserRole{}
+		return
+	}
+	rids := strings.Split(userRole[0].Role, ",")
+	for _, rid := range rids {
+		ridInt64, _ := strconv.ParseInt(rid, 10, 64)
+		ridsInt64 = append(ridsInt64, ridInt64)
+	}
+	if roleList, err = s.dao.RoleListByRIDs(c, brl.BID, ridsInt64); err != nil {
+		log.Error("s.dao.RoleListByRIDs error(%v)", err)
+		return
+	}
+	for _, rid := range ridsInt64 {
+		for _, rl := range roleList {
+			if rid == rl.RID {
+				r := &model.UserRole{
+					ID:   rl.ID,
+					BID:  rl.BID,
+					RID:  rl.RID,
+					Type: rl.Type,
+					Name: rl.Name,
+				}
+				res = append(res, r)
+			}
+		}
+	}
+	return
+}
+
+// StateUp .
+func (s *Service) StateUp(c context.Context, p *model.UserStateUp) (err error) {
+	err = s.dao.DB().Table("manager_business_user_role").Where("bid = ? AND uid = ?", p.BID, p.AdminID).Update("state = ?", p.State).Error
+	return
+}
+
+// UserRoles .
+func (s *Service) UserRoles(c context.Context, uid int64) (res []*model.UserRole, err error) {
+	var roleRes []*model.BusinessUserRoleList
+	if roleRes, err = s.dao.UserRoles(c, uid); err != nil {
+		log.Error("s.dao.UserRoles error(%v)", err)
+		return
+	}
+	if len(roleRes) <= 0 {
+		res = []*model.UserRole{}
+		return
+	}
+	var roleList []*model.BusinessRole
+	for _, r := range roleRes {
+		bid := r.BID
+		rids := []int64{}
+		ridsStr := strings.Split(r.Role, ",")
+		for _, r := range ridsStr {
+			rid, _ := strconv.ParseInt(r, 10, 64)
+			rids = append(rids, rid)
+		}
+		var tmpRoleList []*model.BusinessRole
+		if tmpRoleList, err = s.dao.RoleListByRIDs(c, bid, rids); err != nil {
+			log.Error("s.dao.RoleListByRIDs error(%v)", err)
+			return
+		}
+		roleList = append(roleList, tmpRoleList...)
+	}
+	for _, rl := range roleList {
+		r := &model.UserRole{
+			ID:   rl.ID,
+			BID:  rl.BID,
+			RID:  rl.RID,
+			Type: rl.Type,
+			Name: rl.Name,
+		}
+		res = append(res, r)
+	}
+	return
+}
+
+// AllRoles .
+func (s *Service) AllRoles(c context.Context, pid, uid int64) (res []*model.UserRole, err error) {
+	var childs []*model.Business
+	if childs, err = s.dao.BusinessChilds(c, pid); err != nil {
+		log.Error("s.dao.BusinessChilds error(%v)", err)
+		return
+	}
+	var childIDs []int64
+	for _, c := range childs {
+		childIDs = append(childIDs, c.BID)
+	}
+	var roleRes []*model.BusinessUserRoleList
+	if roleRes, err = s.dao.UserRoleByBIDs(c, uid, childIDs); err != nil {
+		log.Error("s.dao.UserRoleByBIDs error(%v)", err)
+		return
+	}
+	if len(roleRes) <= 0 {
+		res = []*model.UserRole{}
+		return
+	}
+	var roleList []*model.BusinessRole
+	for _, r := range roleRes {
+		bid := r.BID
+		rids := []int64{}
+		ridsStr := strings.Split(r.Role, ",")
+		for _, r := range ridsStr {
+			rid, _ := strconv.ParseInt(r, 10, 64)
+			rids = append(rids, rid)
+		}
+		var tmpRoleList []*model.BusinessRole
+		if tmpRoleList, err = s.dao.RoleListByRIDs(c, bid, rids); err != nil {
+			log.Error("s.dao.RoleListByRIDs error(%v)", err)
+			return
+		}
+		roleList = append(roleList, tmpRoleList...)
+	}
+	for _, rl := range roleList {
+		r := &model.UserRole{
+			ID:   rl.ID,
+			BID:  rl.BID,
+			RID:  rl.RID,
+			Type: rl.Type,
+			Name: rl.Name,
+		}
+		res = append(res, r)
+	}
+	return
+}
+
+// IsAdmin .
+func (s *Service) IsAdmin(c context.Context, bid, uid int64) bool {
+	var (
+		err error
+		res []*model.UserRole
+	)
+	p := &model.BusinessUserRoleList{
+		BID: bid,
+		UID: uid,
+	}
+	if res, err = s.UserRole(c, p); err != nil {
+		log.Error("s.UserRole error(%v)", err)
+		return false
+	}
+	for _, r := range res {
+		if r.Type == 1 {
+			return true
+		}
+	}
+	return false
+}
--- a/app/admin/main/manager/service/department.go
+++ b/app/admin/main/manager/service/department.go
@@ -0,0 +1,49 @@
+package service
+
+import (
+	"go-common/app/admin/main/manager/model"
+	"go-common/library/log"
+	bm "go-common/library/net/http/blademaster"
+)
+
+// Departments .
+func (s *Service) Departments(c *bm.Context) (res []*model.DepartCustom, err error) {
+	if err = s.dao.DB().Table("user_department").Where("status = ?", model.ValidateState).Find(&res).Error; err != nil {
+		log.Error("s.Departments err (%v)", err)
+	}
+	return
+}
+
+// Roles .
+func (s *Service) Roles(c *bm.Context) (res []*model.RoleCustom, err error) {
+	if err = s.dao.DB().Table("auth_item").Where("type = ?", model.TypeRole).Find(&res).Error; err != nil {
+		log.Error("s.Roles error (%v)", err)
+	}
+	return
+}
+
+// UsersByDepartment .
+func (s *Service) UsersByDepartment(c *bm.Context, ID int64) (res []*model.UserCustom, err error) {
+	if err = s.dao.DB().Table("user").Where("state =? and department_id = ?", model.ValidateState, ID).Find(&res).Error; err != nil {
+		log.Error("s.UsersByDepartment ID (%d) error (%v)", ID, err)
+	}
+	return
+}
+
+// UsersByRole .
+func (s *Service) UsersByRole(c *bm.Context, ID int64) (res []*model.UserCustom, err error) {
+	resAuthAssign := []*model.AuthAssign{}
+	if err = s.dao.DB().Table("auth_assignment").Where("item_id = ?", ID).Find(&resAuthAssign).Error; err != nil {
+		log.Error("s.UsersByRole ID (%d) error (%v)", ID, err)
+		return
+	}
+	for _, v := range resAuthAssign {
+		temp := &model.UserCustom{
+			ID:       v.UserID,
+			Username: s.userNames[v.UserID],
+			Nickname: s.userNicknames[v.UserID],
+		}
+		res = append(res, temp)
+	}
+	return
+}
--- a/app/admin/main/manager/service/journal.go
+++ b/app/admin/main/manager/service/journal.go
@@ -0,0 +1,138 @@
+package service
+
+import (
+	"bytes"
+	"encoding/csv"
+	"encoding/json"
+	"fmt"
+
+	"go-common/app/admin/main/manager/model"
+	"go-common/library/ecode"
+	"go-common/library/log"
+	bm "go-common/library/net/http/blademaster"
+)
+
+// SearchLogAudit .
+func (s *Service) SearchLogAudit(c *bm.Context) (result []byte, err error) {
+	var (
+		res *model.LogRes
+	)
+	if res, err = s.dao.SearchLogAudit(c); err != nil {
+		log.Error("s.dao.SearchLogAduit error (%v)", err)
+		return
+	}
+	result, err = outData(res)
+	return
+}
+
+// SearchLogAction .
+func (s *Service) SearchLogAction(c *bm.Context) (result []byte, err error) {
+	var (
+		res *model.LogRes
+	)
+	if res, err = s.dao.SearchLogAction(c); err != nil {
+		log.Error("s.dao.SearchLogAduit error (%v)", err)
+		return
+	}
+	if res.Code != ecode.OK.Code() {
+		log.Error("res.Code error (%d)", res.Code)
+		return
+	}
+	result, err = outData(res)
+	return
+}
+
+// OutData .
+func outData(res *model.LogRes) (result []byte, err error) {
+	var resultMap []map[string]interface{}
+	//Output the data
+	for _, j := range res.Data.Result {
+		item := map[string]interface{}{}
+		decoder := json.NewDecoder(bytes.NewReader(j))
+		decoder.UseNumber()
+		decoder.Decode(&item)
+		item = numberToInt64(item)
+		resultMap = append(resultMap, item)
+	}
+
+	for parentKey, parentValue := range resultMap {
+		if extraValue, ok := parentValue["extra_data"]; ok {
+			if extraData, ok := extraValue.(string); ok {
+				p := make(map[string]interface{})
+				if e := json.Unmarshal([]byte(extraData), &p); e == nil {
+					for childKey, childValue := range backtrace(p) {
+						resultMap[parentKey][childKey] = childValue
+					}
+				}
+			}
+		}
+	}
+
+	titleMap := make(map[string]string)
+	// Iterator title collections
+	for _, v := range resultMap {
+		for key := range v {
+			titleMap[key] = key
+		}
+	}
+	// Get the titles
+	titleStr := []string{}
+	for _, v := range titleMap {
+		titleStr = append(titleStr, v)
+	}
+	data := [][]string{}
+	data = append(data, titleStr)
+	for _, value := range resultMap {
+		fields := []string{}
+		for _, parentTitle := range titleStr {
+			if value[parentTitle] != nil {
+				fields = append(fields, fmt.Sprintf("%v", value[parentTitle]))
+			} else {
+				fields = append(fields, "")
+			}
+		}
+		data = append(data, fields)
+	}
+	buf := bytes.NewBuffer(nil)
+	w := csv.NewWriter(buf)
+	for _, record := range data {
+		if err = w.Write(record); err != nil {
+			log.Error("w Write (%v) error (%v)", record, err)
+			return
+		}
+	}
+	w.Flush()
+	result = buf.Bytes()
+	return
+}
+
+// backtrace .
+func backtrace(in map[string]interface{}) (out map[string]interface{}) {
+	out = make(map[string]interface{})
+	for k, v := range in {
+		if z, ok := v.(map[string]interface{}); ok {
+			for childKey, childValue := range backtrace(z) {
+				out[childKey] = childValue
+			}
+		} else {
+			out[k] = v
+		}
+	}
+	return
+}
+
+// numberToInt64 .
+func numberToInt64(in map[string]interface{}) (out map[string]interface{}) {
+	var err error
+	out = map[string]interface{}{}
+	for k, v := range in {
+		if integer, ok := v.(json.Number); ok {
+			if out[k], err = integer.Int64(); err != nil {
+				log.Error("service.log.numberToInt64(%v)(%v)", integer, err)
+			}
+		} else {
+			out[k] = v
+		}
+	}
+	return
+}
--- a/app/admin/main/manager/service/permit.go
+++ b/app/admin/main/manager/service/permit.go
@@ -0,0 +1,44 @@
+package service
+
+import (
+	"context"
+
+	"go-common/library/log"
+	"go-common/library/net/http/blademaster/middleware/permit"
+)
+
+const (
+	_sessUnKey  = "username"
+	_sessUIDKey = "uid"
+)
+
+// Login .
+func (s *Service) Login(ctx context.Context, mngsid, dsbsid string) (sid, uname string, err error) {
+	si := s.session(ctx, mngsid)
+	var username string
+	if si.Get(_sessUnKey) == nil {
+		if username, err = s.dao.VerifyDsb(ctx, dsbsid); err != nil {
+			log.Error("s.dao.VerifyDsb error(%v)", err)
+			return
+		}
+		si.Set(_sessUnKey, username)
+		si.Set(_sessUIDKey, s.userIds[username])
+		if err = s.dao.SetSession(ctx, si); err != nil {
+			log.Error("s.dao.SetSession(%v) error(%v)", si, err)
+			err = nil
+		}
+	} else {
+		username = si.Get(_sessUnKey).(string)
+	}
+	sid = si.Sid
+	uname = username
+	return
+}
+
+// session .
+func (s *Service) session(ctx context.Context, sid string) (res *permit.Session) {
+	if res, _ = s.dao.Session(ctx, sid); res == nil {
+		res = s.dao.NewSession(ctx)
+	}
+	return
+}
--- a/app/admin/main/manager/service/rank.go
+++ b/app/admin/main/manager/service/rank.go
@@ -0,0 +1,218 @@
+package service
+
+import (
+	"context"
+	"fmt"
+
+	"go-common/app/admin/main/manager/model"
+	"go-common/library/log"
+)
+
+// RankGroups gets archive groups.
+func (s *Service) RankGroups(c context.Context, pn, ps int) (res []*model.RankGroup, total int, err error) {
+	start := (pn - 1) * ps
+	if err = s.dao.DB().Where("isdel=0").Offset(start).Limit(ps).Find(&res).Error; err != nil {
+		log.Error("s.RankGroups() get groups error(%v)", err)
+		return
+	}
+	if err = s.dao.DB().Model(&model.RankGroup{}).Where("isdel=0").Count(&total).Error; err != nil {
+		log.Error("s.RankGroups() get total error(%v)", err)
+		return
+	}
+	// todo 优化，合并查询
+	for _, g := range res {
+		g.Auths, _ = s.rankAuths(c, g.ID)
+	}
+	return
+}
+
+// RankGroup gets rank group info.
+func (s *Service) RankGroup(c context.Context, id int64) (res *model.RankGroup, err error) {
+	res = new(model.RankGroup)
+	if err = s.dao.DB().Where("id=? and isdel=0", id).First(res).Error; err != nil {
+		log.Error("s.RankGroup(%d) error(%v)", id, err)
+		return
+	}
+	res.Auths, _ = s.rankAuths(c, id)
+	return
+}
+
+// AddRankGroup adds rank group.
+func (s *Service) AddRankGroup(c context.Context, g *model.RankGroup, auths []int64) (id int64, err error) {
+	if err = s.dao.DB().Create(g).Error; err != nil {
+		log.Error("s.AddRankGroup(%+v) error(%v)", g, err)
+		return
+	}
+	id = g.ID
+	for _, a := range auths {
+		if err = s.dao.DB().Exec("insert into rank_auths (group_id,auth_id,isdel) values (?,?,0)", id, a).Error; err != nil {
+			log.Error("s.AddRankGroup(%d,%d) add auth error(%v)", id, a, err)
+			return
+		}
+	}
+	return
+}
+
+// UpdateRankGroup udpates rank group.
+func (s *Service) UpdateRankGroup(c context.Context, g *model.RankGroup, auths []int64) (err error) {
+	if err = s.dao.DB().Model(g).Update(g).Error; err != nil {
+		log.Error("s.UpdateRankGroup(%+v) error(%v)", g, err)
+		return
+	}
+	// todo 优化，找出差异auth，多了删，少了加
+	if err = s.delRankAuthAll(c, g.ID); err != nil {
+		log.Error("s.delRankAuthAll(%d) error(%d)", g.ID, err)
+		return
+	}
+	for _, a := range auths {
+		if err = s.dao.DB().Exec("insert into rank_auths (group_id,auth_id,isdel) values (?,?,0) on duplicate key update isdel=0", g.ID, a).Error; err != nil {
+			log.Error("s.UpdateRankGroup(%d,%d) add auth error(%v)", g.ID, a, err)
+			return
+		}
+	}
+	return
+}
+
+// DelRankGroup deletes rank group...
+func (s *Service) DelRankGroup(c context.Context, id int64) (err error) {
+	if err = s.delRankAuthAll(c, id); err != nil {
+		log.Error("s.delRankAuthAll(%d) error(%v)", id, err)
+		return
+	}
+	if err = s.dao.DB().Model(&model.RankGroup{ID: id}).Update("isdel", 1).Error; err != nil {
+		log.Error("s.DelRankGroup(%d) error(%v)", id, err)
+	}
+	return
+}
+
+// AddRankUser adds rank user.
+func (s *Service) AddRankUser(c context.Context, uid int64) (err error) {
+	if err = s.dao.DB().Create(&model.RankUser{UID: uid}).Error; err != nil {
+		log.Error("s.AddRankUser(%d) error(%v)", uid, err)
+	}
+	return
+}
+
+// RankUsers gets rank user list.
+func (s *Service) RankUsers(c context.Context, pn, ps int, username string) (res []*model.RankUserScores, total int, err error) {
+	var (
+		tmpUids, uids, ids []int64
+		users              []*model.RankUser
+	)
+	if username != "" {
+		var (
+			us        []*model.User
+			condition = fmt.Sprintf("%%%s%%", username)
+		)
+		if err = s.dao.DB().Where("username like ?", condition).Find(&us).Error; err != nil {
+			log.Error("s.RankUsers search by username(%s) error(%v)", username, err)
+			return
+		}
+		for _, u := range us {
+			ids = append(ids, u.ID)
+		}
+	}
+	if len(ids) > 0 {
+		err = s.dao.DB().Where("uid in(?) and isdel=0", ids).Find(&users).Error
+	} else {
+		err = s.dao.DB().Where("isdel=0").Find(&users).Error
+	}
+	if err != nil {
+		log.Error("s.RankUsers() get groups error(%v)", err)
+		return
+	}
+	us := make(map[int64]map[int64]int)
+	for _, u := range users {
+		tmpUids = append(tmpUids, u.UID)
+		if us[u.UID] == nil {
+			us[u.UID] = make(map[int64]int)
+		}
+		if u.GroupID == 0 {
+			continue
+		}
+		us[u.UID][u.GroupID] = u.Rank
+	}
+	dic := make(map[int64]bool)
+	for _, i := range tmpUids {
+		if !dic[i] {
+			dic[i] = true
+			uids = append(uids, i)
+		}
+	}
+	names, err := s.usernames(uids)
+	if err != nil {
+		return
+	}
+	for _, uid := range uids {
+		if names[uid] == nil {
+			continue
+		}
+		u := &model.RankUserScores{
+			UID:      uid,
+			Username: names[uid].Username,
+			Nickname: names[uid].Nickname,
+			Ranks:    us[uid],
+		}
+		res = append(res, u)
+	}
+	total = len(res)
+	start := (pn - 1) * ps
+	if start >= total {
+		res = []*model.RankUserScores{}
+		return
+	}
+	end := start + ps
+	if end > total {
+		end = total
+	}
+	res = res[start:end]
+	return
+}
+
+func (s *Service) usernames(uids []int64) (res map[int64]*model.User, err error) {
+	var users []*model.User
+	if err = s.dao.DB().Model(&model.User{}).Where("id in (?)", uids).Find(&users).Error; err != nil {
+		log.Error("s.username(%v) error(%v)", uids, err)
+		return
+	}
+	res = make(map[int64]*model.User, len(users))
+	for _, u := range users {
+		res[u.ID] = u
+	}
+	return
+}
+
+// SaveRankUser saves user group's rank.
+func (s *Service) SaveRankUser(c context.Context, uid int64, ranks map[int64]int) (err error) {
+	for gid, rank := range ranks {
+		if err = s.dao.DB().Exec("insert into rank_users (group_id,uid,rank) values (?,?,?) on duplicate key update rank=?,isdel=0", gid, uid, rank, rank).Error; err != nil {
+			log.Error("s.SaveRankUser(%d,%d,%d) save user rank error(%v)", gid, uid, rank, err)
+			return
+		}
+	}
+	return
+}
+
+// DelRankUser deletes user.
+func (s *Service) DelRankUser(c context.Context, uid int64) (err error) {
+	if err = s.dao.DB().Model(&model.RankUser{}).Where("uid=?", uid).Update("isdel", 1).Error; err != nil {
+		log.Error("s.DelRankUser(%d) error(%v)", uid, err)
+	}
+	return
+}
+
+// delRankAuthAll deletes all rank auths by group.
+func (s *Service) delRankAuthAll(c context.Context, gid int64) (err error) {
+	if err = s.dao.DB().Model(&model.RankAuth{}).Where("group_id=?", gid).Update("isdel", 1).Error; err != nil {
+		log.Error("s.DelRankAuthAll(%d) error(%v)", gid, err)
+	}
+	return
+}
+
+// rankAuths gets auths by group.
+func (s *Service) rankAuths(c context.Context, gid int64) (res []*model.AuthItem, err error) {
+	if err = s.dao.DB().Model(&model.RankAuth{}).Where("group_id=? and isdel=0", gid).Select("auth_item.id, auth_item.name, auth_item.data").Joins("left join auth_item on auth_item.id=rank_auths.auth_id").Scan(&res).Error; err != nil {
+		log.Error("s.RankAuths(%d) error(%v)", gid, err)
+	}
+	return
+}
--- a/app/admin/main/manager/service/reason.go
+++ b/app/admin/main/manager/service/reason.go
@@ -0,0 +1,329 @@
+package service
+
+import (
+	"context"
+	"strconv"
+	"strings"
+
+	"go-common/app/admin/main/manager/model"
+	"go-common/library/log"
+
+	"github.com/jinzhu/gorm"
+)
+
+// CateSecExtList .
+func (s *Service) CateSecExtList(c context.Context, e *model.CateSecExt) (res []*model.CateSecExt, err error) {
+	if res, err = s.dao.CateSecExtList(c, e); err != nil {
+		log.Error("s.CateSecExtList type (%d) error (%v)", e.Type, err)
+	}
+	return
+}
+
+// AssociationList .
+func (s *Service) AssociationList(c context.Context, e *model.Association) (res []*model.Association, err error) {
+	var (
+		aRes       []*model.Association
+		rRes       []*model.BusinessRole
+		catesecRes []*model.CateSecExt
+	)
+	// Display all record of Association
+	if aRes, err = s.dao.AssociationList(c, model.AllState, e.BusinessID); err != nil {
+		log.Error("s.AssociationList error (%v)", err)
+		return
+	}
+	if len(aRes) <= 0 {
+		res = []*model.Association{}
+		return
+	}
+	// Get all mapping of role
+	rMap := make(map[int64]string)
+	bean := &model.BusinessRole{
+		BID:   e.BusinessID,
+		Type:  model.AllType,
+		State: model.AllState,
+	}
+	if rRes, err = s.dao.RoleListByBID(c, bean); err != nil {
+		log.Error("s.RoleListByBID error (%v)", err)
+		return
+	}
+	for _, r := range rRes {
+		rMap[r.RID] = r.Name
+	}
+	// GET all mapping of category and second
+	cMap := make(map[int64]string)
+	sMap := make(map[int64]*model.CateSecExt)
+	if catesecRes, err = s.dao.CateSecList(c, e.BusinessID); err != nil {
+		log.Error("s.CateSecList error (%v)", err)
+		return
+	}
+	for _, cs := range catesecRes {
+		if cs.Type == model.CategoryCode {
+			cMap[cs.ID] = cs.Name
+		} else if cs.Type == model.SecondeCode {
+			sMap[cs.ID] = cs
+		}
+	}
+	res = []*model.Association{}
+	for _, value := range aRes {
+		temp := &model.Association{
+			ID:           value.ID,
+			RoleID:       value.RoleID,
+			BusinessID:   value.BusinessID,
+			RoleName:     rMap[value.RoleID],
+			CategoryID:   value.CategoryID,
+			CategoryName: cMap[value.CategoryID],
+			SecondIDs:    value.SecondIDs,
+			Ctime:        value.Ctime,
+			Mtime:        value.Mtime,
+			State:        value.State,
+		}
+		sids := strings.Split(value.SecondIDs, ",")
+		temp.Child = []*model.CateSecExt{}
+		if sids[0] != "" {
+			for _, sid := range sids {
+				id, _ := strconv.ParseInt(sid, 10, 64)
+				if value, ok := sMap[id]; ok {
+					temp.Child = append(temp.Child, value)
+				}
+			}
+		}
+		res = append(res, temp)
+	}
+	return
+}
+
+// AddCateSecExt .
+func (s *Service) AddCateSecExt(c context.Context, arg *model.CateSecExt) (err error) {
+	if err = s.dao.AddCateSecExt(c, arg); err != nil {
+		log.Error("s.AddCateSecExt (%s) error (%v)", arg.Name, err)
+	}
+	return
+}
+
+// UpdateCateSecExt .
+func (s *Service) UpdateCateSecExt(c context.Context, arg *model.CateSecExt) (err error) {
+	if err = s.dao.UpdateCateSecExt(c, arg); err != nil {
+		log.Error("s.UpdateCateSecExt (%s) error (%v)", arg.Name, err)
+	}
+	return
+}
+
+// BanCateSecExt .
+func (s *Service) BanCateSecExt(c context.Context, arg *model.CateSecExt) (err error) {
+	if err = s.dao.BanCateSecExt(c, arg); err != nil {
+		log.Error("s.BanCateSecExt (%d) error (%v)", arg.ID, err)
+	}
+	return
+}
+
+// AddAssociation .
+func (s *Service) AddAssociation(c context.Context, arg *model.Association) (err error) {
+	if err = s.dao.AddAssociation(c, arg); err != nil {
+		log.Error("s.AddAssociation error %v", err)
+	}
+	return
+}
+
+// UpdateAssociation .
+func (s *Service) UpdateAssociation(c context.Context, arg *model.Association) (err error) {
+	if err = s.dao.UpdateAssociation(c, arg); err != nil {
+		log.Error("s.UpdateAssociation error %v", err)
+	}
+	return
+}
+
+// BanAssociation .
+func (s *Service) BanAssociation(c context.Context, arg *model.Association) (err error) {
+	if err = s.dao.BanAssociation(c, arg); err != nil {
+		log.Error("s.BanAssociation error %v", err)
+	}
+	return
+}
+
+// AddReason .
+func (s *Service) AddReason(c context.Context, arg *model.Reason) (err error) {
+	if err = s.dao.AddReason(c, arg); err != nil {
+		log.Error("s.AddReason (%v) error (%v)", arg, err)
+	}
+	return
+}
+
+// UpdateReason .
+func (s *Service) UpdateReason(c context.Context, arg *model.Reason) (err error) {
+	if err = s.dao.UpdateReason(c, arg); err != nil {
+		log.Error("s.UpdateReason (%v) error (%v)", arg, err)
+	}
+	return
+}
+
+// ReasonList .
+func (s *Service) ReasonList(c context.Context, e *model.SearchReasonParams) (res []*model.Reason, total int64, err error) {
+	var (
+		rids  []int64
+		csids []int64
+		eRes  map[int64]*model.BusinessRole
+		csRes map[int64]string
+	)
+	// Search the user_id
+	if e.UName != "" {
+		if userID, ok := s.userIds[e.UName]; ok {
+			e.UID = userID
+		}
+	}
+	if res, err = s.dao.ReasonList(c, e); err != nil {
+		log.Error("s.dao.ReasonList error (%v)", err)
+		return
+	}
+	if len(res) <= 0 {
+		return
+	}
+	// Search relation data
+	for _, r := range res {
+		rids = append(rids, r.RoleID)
+		csids = append(csids, r.CategoryID)
+		csids = append(csids, r.SecondID)
+	}
+	if eRes, err = s.dao.RoleByRIDs(c, e.BusinessID, rids); err != nil {
+		log.Error("s.dao.ExecutorByIDs error (%v)", err)
+		return
+	}
+	if csRes, err = s.dao.CateSecByIDs(c, csids); err != nil {
+		log.Error("s.dao.CateSecByIDs error (%v)", err)
+		return
+	}
+	for _, value := range res {
+		if r, ok := eRes[value.RoleID]; ok {
+			value.RoleName = r.Name
+		}
+		if c, ok := csRes[value.CategoryID]; ok {
+			value.CategoryName = c
+		}
+		if s, ok := csRes[value.SecondID]; ok {
+			value.SecondName = s
+		}
+		if u, ok := s.userNames[value.UID]; ok {
+			value.UName = u
+		}
+	}
+	total = int64(len(res))
+	start := (e.PN - 1) * e.PS
+	if start >= total {
+		res = []*model.Reason{}
+		return
+	}
+	end := start + e.PS
+	if end > total {
+		end = total
+	}
+	res = res[start:end]
+	return
+}
+
+// BatchUpdateReasonState .
+func (s *Service) BatchUpdateReasonState(c context.Context, b *model.BatchUpdateReasonState) (err error) {
+	if err = s.dao.BatchUpdateReasonState(c, b); err != nil {
+		log.Error("s.dao.BatchUpdateReasonState %v error (%v)", b.IDs, err)
+	}
+	return
+}
+
+// DropDownList .
+func (s *Service) DropDownList(c context.Context, e *model.Association) (res []*model.DropList, err error) {
+	var (
+		aRes  []*model.Association
+		rRes  []*model.BusinessRole
+		csRes []*model.CateSecExt
+	)
+	// Only display validate association
+	if aRes, err = s.dao.AssociationList(c, model.ValidateState, e.BusinessID); err != nil {
+		log.Error("s.AssociationList error (%v)", err)
+		return
+	}
+	// Get all association record
+	rMap := make(map[int64]string)
+	bean := &model.BusinessRole{
+		BID:   e.BusinessID,
+		Type:  model.AllType,
+		State: model.AllState,
+	}
+	if rRes, err = s.dao.RoleListByBID(c, bean); err != nil {
+		log.Error("s.RoleListByBID error (%v)", err)
+		return
+	}
+	for _, r := range rRes {
+		rMap[r.RID] = r.Name
+	}
+	// Get all mapping of category and second
+	csMap := make(map[int64]string)
+	if csRes, err = s.dao.CateSecList(c, e.BusinessID); err != nil {
+		log.Error("s.CateSecList error (%v)", err)
+		return
+	}
+	for _, cs := range csRes {
+		csMap[cs.ID] = cs.Name
+	}
+	// Mapping data,use map store unique data
+	resMap := make(map[int64]map[int64]map[int64]int64)
+	for _, v := range aRes {
+		if _, ok := resMap[v.RoleID]; !ok {
+			//first element
+			resMap[v.RoleID] = make(map[int64]map[int64]int64)
+		}
+		if _, ok := resMap[v.RoleID][v.CategoryID]; !ok {
+			resMap[v.RoleID][v.CategoryID] = make(map[int64]int64)
+		}
+		sids := strings.Split(v.SecondIDs, ",")
+		for _, sid := range sids {
+			id, _ := strconv.ParseInt(sid, 10, 64)
+			resMap[v.RoleID][v.CategoryID][id] = id
+		}
+	}
+	// Output the data
+	res = []*model.DropList{}
+	for keyR, valueR := range resMap {
+		temprRes := &model.DropList{
+			ID:   keyR,
+			Name: rMap[keyR],
+		}
+		childCategory := []*model.DropList{}
+		for keyC, valueC := range valueR {
+			tempcRes := &model.DropList{
+				ID:   keyC,
+				Name: csMap[keyC],
+			}
+			childSecond := []*model.DropList{}
+			for keyS, valueS := range valueC {
+				tempsRes := &model.DropList{
+					ID:    keyS,
+					Name:  csMap[valueS],
+					Child: []*model.DropList{},
+				}
+				childSecond = append(childSecond, tempsRes)
+			}
+			tempcRes.Child = childSecond
+			childCategory = append(childCategory, tempcRes)
+		}
+		temprRes.Child = childCategory
+		res = append(res, temprRes)
+	}
+	return
+}
+
+// BusinessAttr .
+func (s *Service) BusinessAttr(c context.Context, b *model.BusinessAttr) (res map[string]bool, err error) {
+	res = make(map[string]bool)
+	res["isTag"] = false
+	var tempRes []*model.CateSecExt
+	if tempRes, err = s.dao.CateSecList(c, b.BID); err != nil {
+		if err == gorm.ErrRecordNotFound {
+			err = nil
+		}
+		return
+	}
+	for _, tr := range tempRes {
+		if tr.Type == model.ExtensionCode && tr.State == 1 {
+			res["isTag"] = true
+		}
+	}
+	return
+}
--- a/app/admin/main/manager/service/service.go
+++ b/app/admin/main/manager/service/service.go
@@ -0,0 +1,90 @@
+package service
+
+import (
+	"context"
+	"time"
+
+	"go-common/app/admin/main/manager/conf"
+	"go-common/app/admin/main/manager/dao"
+	"go-common/app/admin/main/manager/model"
+)
+
+// Service biz service def.
+type Service struct {
+	c   *conf.Config
+	dao *dao.Dao
+	// rbac may not change frequent, can update every few seconds. only assignment must get from db.
+	points        map[int64]*model.AuthItem
+	pointList     []*model.AuthItem
+	groupAuth     map[int64][]int64
+	orgAuth       map[int64]*model.AuthOrg // group + role info
+	roleAuth      map[int64][]int64
+	admins        map[int64]bool
+	userNames     map[int64]string // users' name
+	userNicknames map[int64]string // user's nickname
+	userDeps      map[int64]string // users' department
+	userIds       map[string]int64 // users' ids
+}
+
+// New new a Service and return.
+func New(c *conf.Config) (s *Service) {
+	s = &Service{
+		c:   c,
+		dao: dao.New(c),
+	}
+	s.syncRbac()
+	s.loadUnames()
+	go s.syncRbacproc()
+	go s.loadUnamesproc()
+	return s
+}
+
+func (s *Service) syncRbacproc() {
+	for {
+		time.Sleep(time.Second * 10)
+		s.syncRbac()
+	}
+}
+
+func (s *Service) syncRbac() {
+	if points, mpoints, err := s.ptrs(); err != nil {
+		return
+	} else if len(mpoints) > 0 {
+		s.pointList = points
+		s.points = mpoints
+	}
+	if admins, err := s.adms(); err != nil {
+		return
+	} else if len(admins) > 0 {
+		s.admins = admins
+	}
+	if ra, err := s.roleAuths(); err != nil {
+		return
+	} else if len(ra) > 0 {
+		s.roleAuth = ra
+	}
+	if ga, err := s.groupAuths(); err != nil {
+		return
+	} else if len(ga) > 0 {
+		s.groupAuth = ga
+	}
+	if oa, err := s.orgAuths(); err != nil {
+		return
+	} else if len(oa) > 0 {
+		s.orgAuth = oa
+	}
+}
+
+// Ping check dao health.
+func (s *Service) Ping(c context.Context) (err error) {
+	return s.dao.Ping(c)
+}
+
+// Wait wait all closed.
+func (s *Service) Wait() {
+}
+
+// Close close all dao.
+func (s *Service) Close() {
+	s.dao.Close()
+}
--- a/app/admin/main/manager/service/service_test.go
+++ b/app/admin/main/manager/service/service_test.go
@@ -0,0 +1,130 @@
+package service
+
+import (
+	"context"
+	"flag"
+	"fmt"
+	"path/filepath"
+	"testing"
+	"time"
+
+	"go-common/app/admin/main/manager/conf"
+
+	. "github.com/smartystreets/goconvey/convey"
+)
+
+var (
+	srv *Service
+	ctx = context.Background()
+)
+
+func init() {
+	dir, _ := filepath.Abs("../cmd/manager-admin-test.toml")
+	flag.Set("conf", dir)
+	conf.Init()
+	srv = New(conf.Conf)
+	time.Sleep(time.Second)
+}
+
+func WithService(f func(s *Service)) func() {
+	return func() {
+		// Reset(func() { CleanCache() })
+		f(srv)
+	}
+}
+
+func Test_Admins(t *testing.T) {
+	Convey("admins", t, WithService(func(s *Service) {
+		res, err := s.adms()
+		So(err, ShouldBeNil)
+		So(len(res), ShouldBeGreaterThan, 0)
+		t.Logf("admins len(%d)", len(res))
+	}))
+}
+
+func Test_Pointers(t *testing.T) {
+	Convey("pointers", t, WithService(func(s *Service) {
+		res, _, err := s.ptrs()
+		So(err, ShouldBeNil)
+		So(len(res), ShouldBeGreaterThan, 0)
+		t.Logf("points len(%d)", len(res))
+	}))
+}
+
+func Test_RoleAuths(t *testing.T) {
+	Convey("role auths", t, WithService(func(s *Service) {
+		res, err := s.roleAuths()
+		So(err, ShouldBeNil)
+		So(len(res), ShouldBeGreaterThan, 0)
+		t.Logf("role auths len(%d)", len(res))
+	}))
+}
+
+func Test_GroupAuths(t *testing.T) {
+	Convey("group auths", t, WithService(func(s *Service) {
+		res, err := s.groupAuths()
+		So(err, ShouldBeNil)
+		So(len(res), ShouldBeGreaterThan, 0)
+		t.Logf("group auths len(%d)", len(res))
+	}))
+}
+
+func TestService_Unames(t *testing.T) {
+	Convey("unames check", t, WithService(func(s *Service) {
+		var uids []int64
+		uids = append(uids, 1, 2, 3)
+		res := s.Unames(ctx, uids)
+		So(len(res), ShouldBeGreaterThan, 0)
+	}))
+}
+
+func TestService_UsersTotal(t *testing.T) {
+	Convey("TestService_UsersTotal", t, WithService(func(s *Service) {
+		res, err := s.UsersTotal(ctx)
+		So(err, ShouldBeNil)
+		So(res, ShouldBeGreaterThan, 0)
+	}))
+}
+
+func TestService_Users(t *testing.T) {
+	Convey("TestService_Users", t, WithService(func(s *Service) {
+		res, err := s.Users(ctx, 1, 20)
+		So(err, ShouldBeNil)
+		So(len(res.Items), ShouldBeGreaterThan, 0)
+	}))
+}
+
+func TestService_RankUsers(t *testing.T) {
+	Convey("TestService_RankUsers", t, WithService(func(s *Service) {
+		res, count, err := s.RankUsers(ctx, 1, 20, "zhaoshichen")
+		So(err, ShouldBeNil)
+		fmt.Println(res)
+		fmt.Println(count)
+	}))
+}
+
+func TestService_Ping(t *testing.T) {
+	Convey("TestService_RankUsers", t, WithService(func(s *Service) {
+		err := s.Ping(ctx)
+		So(err, ShouldBeNil)
+	}))
+}
+
+func TestService_Heartbeat(t *testing.T) {
+	Convey("TestService_RankUsers", t, WithService(func(s *Service) {
+		err := s.Heartbeat(ctx, "zhaoshichen")
+		So(err, ShouldBeNil)
+	}))
+}
+
+func TestService_Close(t *testing.T) {
+	Convey("TestService_Close", t, WithService(func(s *Service) {
+		s.Close()
+	}))
+}
+
+func TestService_Wait(t *testing.T) {
+	Convey("TestService_Wait", t, WithService(func(s *Service) {
+		s.Wait()
+	}))
+}
--- a/app/admin/main/manager/service/tag.go
+++ b/app/admin/main/manager/service/tag.go
@@ -0,0 +1,222 @@
+package service
+
+import (
+	"context"
+
+	"go-common/app/admin/main/manager/model"
+	"go-common/library/ecode"
+	"go-common/library/log"
+)
+
+// AddType .
+func (s *Service) AddType(c context.Context, tt *model.TagType) (err error) {
+	if err = s.dao.AddType(c, tt); err != nil {
+		log.Error("s.dao.AddType error(%v)", err)
+	}
+	return
+}
+
+// UpdateType .
+func (s *Service) UpdateType(c context.Context, tt *model.TagType) (err error) {
+	if err = s.dao.UpdateTypeName(c, tt); err != nil {
+		log.Error("s.dao.UpdateTypeName error(%v)", err)
+		return
+	}
+	if err = s.dao.DeleteNonRole(c, tt); err != nil {
+		log.Error("s.dao.DeleteNonRole error(%v)", err)
+		return
+	}
+	if err = s.dao.UpdateType(c, tt); err != nil {
+		log.Error("s.dao.UpdateType error(%v)", err)
+	}
+	return
+}
+
+// DeleteType .
+func (s *Service) DeleteType(c context.Context, td *model.TagTypeDel) (err error) {
+	// judge before deleting
+	var typeRes []*model.Tag
+	if typeRes, err = s.dao.TagByType(c, td.ID); err != nil {
+		log.Error("s.dao.TagByType error(%v)", err)
+		return
+	}
+	if len(typeRes) != 0 {
+		err = ecode.ManagerTagTypeDelErr
+		return
+	}
+	if err = s.dao.DeleteType(c, td); err != nil {
+		log.Error("s.dao.DeleteType error(%v)", err)
+	}
+	return
+}
+
+// AddTag .
+func (s *Service) AddTag(c context.Context, t *model.Tag) (err error) {
+	if err = s.dao.AddTag(c, t); err != nil {
+		log.Error("s.dao.AddTag error(%v)", err)
+	}
+	return
+}
+
+// UpdateTag .
+func (s *Service) UpdateTag(c context.Context, t *model.Tag) (err error) {
+	if err = s.dao.UpdateTag(c, t); err != nil {
+		log.Error("s.dao.UpdateTag error(%v)", err)
+	}
+	return
+}
+
+// AddControl .
+func (s *Service) AddControl(c context.Context, tc *model.TagControl) (err error) {
+	if err = s.dao.AddControl(c, tc); err != nil {
+		log.Error("s.dao.AddControl error(%v)", err)
+	}
+	return
+}
+
+// UpdateControl .
+func (s *Service) UpdateControl(c context.Context, tc *model.TagControl) (err error) {
+	if err = s.dao.UpdateControl(c, tc); err != nil {
+		log.Error("s.dao.UpdateControl error(%v)", err)
+	}
+	return
+}
+
+// BatchUpdateState .
+func (s *Service) BatchUpdateState(c context.Context, b *model.BatchUpdateState) (err error) {
+	if err = s.dao.BatchUpdateState(c, b); err != nil {
+		log.Error("s.dao.BatchUpdateState error(%v)", err)
+	}
+	return
+}
+
+// TagList .
+func (s *Service) TagList(c context.Context, t *model.SearchTagParams) (res []*model.Tag, total int64, err error) {
+	var (
+		tRes map[int64]*model.TagType
+		rRes map[int64]*model.BusinessRole
+	)
+	if t.UName != "" {
+		if uid, ok := s.userIds[t.UName]; ok {
+			t.UID = uid
+		}
+	}
+	if res, err = s.dao.TagList(c, t); err != nil {
+		log.Error("s.dao.TagList error(%v)", err)
+		return
+	}
+	tids := []int64{}
+	rids := []int64{}
+	for _, r := range res {
+		tids = append(tids, r.Tid)
+		rids = append(rids, r.Rid)
+	}
+	if tRes, err = s.dao.TypeByIDs(c, tids); err != nil {
+		log.Error("s.dao.TypeByIDs error(%v)", err)
+		return
+	}
+	if rRes, err = s.dao.RoleByRIDs(c, t.Bid, rids); err != nil {
+		log.Error("s.dao.RoleByIDs error(%v)", err)
+		return
+	}
+	for _, r := range res {
+		if tr, ok := tRes[r.Tid]; ok {
+			r.TName = tr.Name
+		}
+		if rr, ok := rRes[r.Rid]; ok {
+			r.RName = rr.Name
+		}
+		if u, ok := s.userNames[r.UID]; ok {
+			r.UName = u
+		}
+	}
+	total = int64(len(res))
+	start := (t.PN - 1) * t.PS
+	if start >= total {
+		res = []*model.Tag{}
+		return
+	}
+	end := start + t.PS
+	if end > total {
+		end = total
+	}
+	res = res[start:end]
+	return
+}
+
+// TypeList .
+func (s *Service) TypeList(c context.Context, tt *model.TagTypeList) (res []*model.TagType, err error) {
+	var (
+		tids  []int64
+		rids  []int64
+		tRole []*model.TagTypeRole
+		rRes  map[int64]*model.BusinessRole
+	)
+	if res, err = s.dao.TagTypeByBID(c, tt.BID); err != nil {
+		log.Error("s.dao.TagTypeByBID error(%v)", err)
+		return
+	}
+	for _, r := range res {
+		tids = append(tids, r.ID)
+	}
+	if tRole, err = s.dao.TagTypeRoleByTids(c, tids); err != nil {
+		log.Error("s.dao.TagTypeRoleByTids error(%v)", err)
+		return
+	}
+	for _, rt := range tRole {
+		rids = append(rids, rt.Rid)
+	}
+	if rRes, err = s.dao.RoleByRIDs(c, tt.BID, rids); err != nil {
+		log.Error("s.dao.RoleByRIDs error(%v)", err)
+		return
+	}
+	for _, r := range res {
+		for _, t := range tRole {
+			if r.ID == t.Tid {
+				if role, ok := rRes[t.Rid]; ok {
+					r.Roles = append(r.Roles, role)
+				}
+			}
+		}
+	}
+	return
+}
+
+// AttrList .
+func (s *Service) AttrList(c context.Context, tba *model.TagBusinessAttr) (res *model.TagBusinessAttr, err error) {
+	if res, err = s.dao.AttrList(c, tba.Bid); err != nil {
+		log.Error("s.dao.AttrList error(%v)", err)
+		return
+	}
+	if res.ID == 0 {
+		t := &model.TagBusinessAttr{
+			Bid:    tba.Bid,
+			Button: model.DefaultButton,
+		}
+		if err = s.dao.InsertAttr(c, t); err != nil {
+			log.Error("s.dao.InsertAttr error(%v)", err)
+			return
+		}
+		if res, err = s.dao.AttrList(c, tba.Bid); err != nil {
+			log.Error("s.dao.AttrList error(%v)", err)
+			return
+		}
+	}
+	return
+}
+
+// AttrUpdate .
+func (s *Service) AttrUpdate(c context.Context, tba *model.TagBusinessAttr) (err error) {
+	if err = s.dao.AttrUpdate(c, tba); err != nil {
+		log.Error("s.dao.AttrUpdate error(%v)", err)
+	}
+	return
+}
+
+// TagControl .
+func (s *Service) TagControl(c context.Context, tc *model.TagControlParam) (res []*model.TagControl, err error) {
+	if res, err = s.dao.TagControl(c, tc); err != nil {
+		log.Error("s.dao.TagControl error(%v)", err)
+	}
+	return
+}
--- a/app/admin/main/manager/service/user.go
+++ b/app/admin/main/manager/service/user.go
@@ -0,0 +1,284 @@
+package service
+
+import (
+	"context"
+	"time"
+
+	"go-common/app/admin/main/manager/model"
+	"go-common/library/ecode"
+	"go-common/library/log"
+
+	"github.com/jinzhu/gorm"
+	"github.com/pkg/errors"
+)
+
+// Auth return user's auth infomation.
+func (s *Service) Auth(c context.Context, username string) (res *model.Auth, err error) {
+	var (
+		user model.User
+		resp *model.RespPerm
+	)
+	if err = s.dao.DB().Where("username = ?", username).First(&user).Error; err != nil {
+		if err == ecode.NothingFound {
+			err = ecode.Int(10001)
+			return
+		}
+		err = errors.Wrapf(err, "s.dao.DB().user.fitst(%s)", username)
+		return
+	}
+	res = &model.Auth{
+		UID:      user.ID,
+		Username: user.Username,
+		Nickname: user.Nickname,
+	}
+	if resp, err = s.permsByMid(c, user.ID); err != nil {
+		err = errors.Wrapf(err, "s.permsByMid(%d)", user.ID)
+		return
+	}
+	res.Perms = resp.Res
+	res.Admin = resp.Admin
+	var aa []*model.AuthAssign
+	if result := s.dao.DB().Joins("left join auth_item on auth_item.id=auth_assignment.item_id").Where("auth_assignment.user_id=? and auth_item.type=?", user.ID, model.TypeGroup).Find(&aa); !result.RecordNotFound() {
+		res.Assignable = true
+	}
+	return
+}
+
+// Permissions return user's permissions.
+func (s *Service) Permissions(c context.Context, username string) (res *model.Permissions, err error) {
+	res = new(model.Permissions)
+	var (
+		user model.User
+		resp *model.RespPerm
+	)
+	if err = s.dao.DB().Where("username = ?", username).First(&user).Error; err != nil {
+		if err == gorm.ErrRecordNotFound {
+			err = ecode.NothingFound
+		}
+		log.Error("find user username(%s) error(%v)", username, err)
+		return
+	}
+	res.UID = user.ID
+	if resp, err = s.permsByMid(c, user.ID); err != nil {
+		if err == gorm.ErrRecordNotFound {
+			err = ecode.NothingFound
+		}
+		log.Error("s.permsByMid(%d) error(%v)", user.ID, err)
+		return
+	}
+	res.Perms = resp.Res
+	res.Admin = resp.Admin
+	res.Orgs = resp.Groups
+	res.Roles = resp.Roles
+	return
+}
+
+func (s *Service) permsByMid(c context.Context, mid int64) (resp *model.RespPerm, err error) {
+	var (
+		pointIDs []int64
+		as       []*model.AuthAssign
+	)
+	resp = &model.RespPerm{}
+	resp.Res = make([]string, 0)
+	resp.Groups = make([]*model.AuthOrg, 0)
+	resp.Roles = make([]*model.AuthOrg, 0)
+	if s.admins[mid] {
+		resp.Admin = true
+		for _, p := range s.pointList {
+			resp.Res = append(resp.Res, p.Data)
+		}
+		return
+	}
+	if err = s.dao.DB().Where("user_id = ?", mid).Find(&as).Error; err != nil {
+		err = errors.Wrapf(err, "s.dao.DB().user.find(%d)", mid)
+		return
+	}
+	for _, a := range as {
+		if info, found := s.orgAuth[a.ItemID]; found { // group & role information
+			if info.Type == model.TypeRole {
+				resp.Roles = append(resp.Roles, info)
+			}
+			if info.Type == model.TypeGroup {
+				resp.Groups = append(resp.Groups, info)
+			}
+		}
+		if vs, ok := s.roleAuth[a.ItemID]; ok {
+			pointIDs = append(pointIDs, vs...)
+			continue
+		}
+		if vs, ok := s.groupAuth[a.ItemID]; ok {
+			pointIDs = append(pointIDs, vs...)
+		}
+	}
+	repeat := map[string]byte{}
+	for _, id := range pointIDs {
+		if assign, ok := s.points[id]; ok {
+			l := len(repeat)
+			repeat[assign.Data] = 0
+			if len(repeat) != l {
+				resp.Res = append(resp.Res, assign.Data)
+			}
+		}
+	}
+	return
+}
+
+// Users get user list.
+func (s *Service) Users(c context.Context, pn, ps int) (res *model.UserPager, err error) {
+	res = &model.UserPager{
+		Pn: pn,
+		Ps: ps,
+	}
+	var items []*model.User
+	if err = s.dao.DB().Where("state = ?", model.UserStateOn).Offset((pn - 1) * ps).Limit(ps).Find(&items).Error; err != nil {
+		if err != ecode.NothingFound {
+			err = errors.Wrapf(err, "s.dao.DB().users.find(%d,%d)", pn, ps)
+			return
+		}
+		err = nil
+	}
+	res.Items = items
+	return
+}
+
+// UsersTotal get user total
+func (s *Service) UsersTotal(c context.Context) (total int64, err error) {
+	var item *model.User
+	if err = s.dao.DB().Model(&item).Where("state = ?", model.UserStateOn).Count(&total).Error; err != nil {
+		err = errors.Wrap(err, "s.dao.DB().users.count")
+	}
+	return
+}
+
+// Heartbeat user activity record
+func (s *Service) Heartbeat(c context.Context, username string) (err error) {
+	var user model.User
+	if err = s.dao.DB().Where("username = ?", username).First(&user).Error; err != nil {
+		if err == ecode.NothingFound {
+			err = ecode.Int(10001)
+			return
+		}
+		err = errors.Wrapf(err, "s.dao.DB().user.fitst(%s)", username)
+		return
+	}
+	now := time.Now()
+	if err = s.dao.DB().Exec("insert into user_heartbeat (uid,mtime) values (?,?) on duplicate key update mtime=?", user.ID, now, now).Error; err != nil {
+		err = errors.Wrapf(err, "s.dao.DB().heartbeat(%d)", user.ID)
+	}
+	return
+}
+
+// loadUnames loads the relation of uid & unames in two maps
+func (s *Service) loadUnames() {
+	var (
+		err        error
+		items      []*model.User
+		unames     = make(map[int64]string)
+		unicknames = make(map[int64]string)
+		uids       = make(map[string]int64)
+	)
+	if err = s.dao.DB().Where("state = ?", model.UserStateOn).Find(&items).Error; err != nil {
+		if err != ecode.NothingFound {
+			log.Error("LoadUnames Error (%v)", err)
+			return
+		}
+		if len(items) == 0 {
+			log.Info("LoadUnames No Active User was found")
+			return
+		}
+	}
+	for _, v := range items {
+		unames[v.ID] = v.Username
+		unicknames[v.ID] = v.Nickname
+		uids[v.Username] = v.ID
+	}
+	if length := len(unames); length != 0 {
+		s.userNames = unames
+		s.userNicknames = unicknames
+		log.Info("LoadUnames Refresh Success! Lines:%d", length)
+	}
+	if length := len(uids); length != 0 {
+		s.userIds = uids
+		log.Info("LoadUIds Refresh Success! Lines:%d", length)
+	}
+}
+
+// regularly load unames
+func (s *Service) loadUnamesproc() {
+	var duration time.Duration
+	if duration = time.Duration(s.c.UnameTicker); duration == 0 {
+		duration = time.Duration(5 * time.Minute) // default value
+	}
+	ticker := time.NewTicker(duration)
+	for range ticker.C {
+		s.loadUnames()
+		s.loadUdepts()
+	}
+	ticker.Stop()
+}
+
+// Unames treats the param "uids" and give back the unames data
+func (s *Service) Unames(c context.Context, uids []int64) (res map[int64]string) {
+	res = make(map[int64]string)
+	for _, v := range uids {
+		if uname, ok := s.userNames[v]; ok {
+			res[v] = uname
+		}
+	}
+	return
+}
+
+// UIds treats the param "unames" and give back the uids data
+func (s *Service) UIds(c context.Context, unames []string) (res map[string]int64) {
+	res = make(map[string]int64)
+	for _, v := range unames {
+		if uid, ok := s.userIds[v]; ok {
+			res[v] = uid
+		}
+	}
+	return
+}
+
+// loadUdeps loads the relation of uid & department in one map
+func (s *Service) loadUdepts() {
+	var (
+		items  []*model.UserDept
+		udepts = make(map[int64]string)
+	)
+	/**
+	select `user`.id,user_department.`name` from `user` LEFT JOIN user_department on `user`.department_id = user_department.id where user_department.`status` = 1 and `user`.state = 0
+	*/
+	err := s.dao.DB().Table("user").
+		Select("user.id, user_department.`name` AS department").
+		Joins("LEFT JOIN user_department ON `user`.department_id = user_department.id").
+		Where("user_department.`status` = ?", model.UserDepOn).
+		Where("state = ?", model.UserStateOn).Find(&items).Error
+	if err != nil {
+		if err != ecode.NothingFound {
+			log.Error("loadUdepts Error (%v)", err)
+			return
+		}
+		if len(items) == 0 {
+			log.Info("loadUdepts No Active User was found")
+			return
+		}
+	}
+	for _, v := range items {
+		udepts[v.ID] = v.Department
+	}
+	if length := len(udepts); length != 0 {
+		s.userDeps = udepts
+		log.Info("loadUdepts Refresh Success! Lines:%d", length)
+	}
+}
+
+// Udepts treats the param "uids" and give back the users' department data
+func (s *Service) Udepts(c context.Context, uids []int64) (res map[int64]string) {
+	res = make(map[int64]string)
+	for _, v := range uids {
+		if udept, ok := s.userDeps[v]; ok {
+			res[v] = udept
+		}
+	}
+	return
+}