用户权限管理
数据库
tb_user
tb_role
user_role
实现
Role:实体类,存储角色相关信息
public class Role {
private int id;
private String rolename;
private String roledesc;
public Role() {
}
public Role(int id, String rolename, String roledesc) {
this.id = id;
this.rolename = rolename;
this.roledesc = roledesc;
}
public int getId() {
return id;
}
public void setId(int id) {
this.id = id;
}
public String getRolename() {
return rolename;
}
public void setRolename(String rolename) {
this.rolename = rolename;
}
public String getRoledesc() {
return roledesc;
}
public void setRoledesc(String roledesc) {
this.roledesc = roledesc;
}
@Override
public String toString() {
return "Role{" +
"id=" + id +
", rolename='" + rolename + '\'' +
", roledesc='" + roledesc + '\'' +
'}';
}
}
UserRole:实体类,存储用户角色相关信息
public class UserRole {
private int userId;
private int roleId;
public int getUserId() {
return userId;
}
public void setUserId(int userId) {
this.userId = userId;
}
public int getRoleId() {
return roleId;
}
public void setRoleId(int roleId) {
this.roleId = roleId;
}
@Override
public String toString() {
return "UserRole{" +
"userId=" + userId +
", roleId=" + roleId +
'}';
}
}
根据用户的角色,显示不同的主界面(有/无角色管理模块)&添加角色
1、在IRoleDao中创建相应的接口
public interface IRoleDao {
List<Integer> findRoleIdsByUserId(int id);
List<Role> findNotRoleByUserId(int id);
}
2、在RoleMapper中实现Dao接口,也就是对数据库进行操作
<mapper namespace="com.summer.dao.IRoleDao">
<select id="findRoleIdsByUserId" parameterType="int" resultType="int">
select roleId from user_role where userId=#{id}
</select>
<select id="findNotRoleByUserId" parameterType="int" resultType="role">
select * from tb_role where id not in (select roleId from user_role where userId=#{id});
</select>
</mapper>
3、在IRoleService中声明服务的接口
public interface IRoleService {
List<Integer> findRoleByUserId(int id);
List<Role> findNotRoleByUserId(int id);
void addRole(List<Integer> ids,int userId);
}
4、在UserServiceImpl中实现IUserService中声明的接口
@Override
public int login(String username, String password) {
User user = userDao.findUserByUsername(username);
if(user!=null&&user.getPassword().equals(password)){
return user.getId();
}
return -1;
}
在RoleServiceImpl中实现IRoleService中声明的接口
@Service
public class RoleServiceImpl implements IRoleService {
@Autowired
private IRoleDao roleDao;
@Override
public List<Integer> findRoleByUserId(int id) {
return roleDao.findRoleIdsByUserId(id);
}
@Override
public List<Role> findNotRoleByUserId(int id) {
return roleDao.findNotRoleByUserId(id);
}
@Override
public void addRole(List<Integer> ids,int userId) {
for(int i:ids){
UserRole userRole=new UserRole();
userRole.setRoleId(i);
userRole.setUserId(userId);
}
}
}
5、在UserController中控制不同页面的跳转。
根据用户的角色,显示不同的主界面(有/无角色管理模块)
@Autowired
private IRoleService roleService;
@RequestMapping("login.do")
public ModelAndView login(User user, HttpSession session){
int id= userService.login(user.getUsername(),user.getPassword());
ModelAndView modelAndView=new ModelAndView();
if(id!=-1){
List<Integer> roleIds=roleService.findRoleByUserId(id);
session.setAttribute("user",user);
session.setAttribute("roleIds",roleIds);
modelAndView.setViewName("main");
}else {
modelAndView.setViewName("../failer");
}
return modelAndView;
}
添加角色
@RequestMapping("toAddRole.do")
public ModelAndView toAddRole(int id){
List<Role> roleList=roleService.findNotRoleByUserId(id);
ModelAndView modelAndView=new ModelAndView();
modelAndView.addObject("roles",roleList);
modelAndView.setViewName("user-role-add");
modelAndView.addObject("id",id);
return modelAndView;
}
@RequestMapping("addRole.do")
public String addRole(String roleIds,String userId){
String[] strs = roleIds.split(",");
List<Integer> ids=new ArrayList<>();
for(String s:strs){
ids.add(Integer.parseInt(s));
}
roleService.addRole(ids,Integer.parseInt(userId));
return "redirect:findAll.do";
}
界面
aside.jsp:判断用户是否为管理员
如果用户是管理员,他能进行角色管理;
否则,他不能进行角色管理
<%
List<Integer> roleIds= (List<Integer>) session.getAttribute("roleIds");
if(roleIds.contains(1)){
%>
<li id="system-setting1"><a
href="#"> <i
class="fa fa-circle-o"></i> 角色管理
</a></li>
<%
}
%>
user-role-add.jsp:添加角色
function addRoles() {
var checkNum=$("input[name='roleId']:checked").length;
if(checkNum==0){
alert("请至少选择1个角色添加");
return;
}
if(confirm("你确认要添加这些角色吗?")){
var roleList=new Array();
$("input[name='roleId']:checked").each(
function () {
roleList.push($(this).val())
}
);
var userId=$("input[name='userId']").val();
alert(userId);
location.href="/user/addRole.do?roleIds="+roleList.toString()+"&userId="+userId;
}
}
用户注销
实现
在UserController中控制不同页面的跳转。
点击注销,移除session的user属性,用户不再是登录状态,并跳转到登录界面
@RequestMapping("logout.do")
public String logout(HttpSession session){
session.removeAttribute("user");
return "../login";
}
界面
header.jsp:注销
<div class="pull-right">
<a href="/user/logout.do"
class="btn btn-default btn-flat">注销</a>
</div>
管理员登录
普通用户登录
添加角色
注销:跳转到登录界面
