权限树
1、一星权限设计(用户权限多对一)
?执行数据库脚本
?建立实体类
?创建dao
?Web层创建
?更改展示的树形菜单
**dao**
/**
* 查询一星权限设计的用户表,获取menuid,用于对应的树形菜单展示。
* @param paramMap
* @param pageBean
* @return
* @throws InstantiationException
* @throws IllegalAccessException
* @throws SQLException
*/
public List<Map<String, Object>> userList(Map<String, String[]> paramMap,PageBean pageBean) throws InstantiationException, IllegalAccessException, SQLException{
String uid = JsonUtils.getParamVal(paramMap, "uid");
String upwd = JsonUtils.getParamVal(paramMap, "upwd");
String sql = "select * from t_easyui_user_version1 where true";
if (StringUtils.isNotBlank(uid)) {
sql += " and uid = " + uid;
}
if (StringUtils.isNotBlank(upwd)) {
sql +=" and upwd = " + upwd;
}
return super.executeQuery(sql, pageBean);
}
**servlet**
public String login1(HttpServletRequest req,HttpServletResponse resp) {
try {
List<Map<String,Object>> userList = this.userDao.userList(req.getParameterMap() , null);
Map<String, Object> map = userList.get(0);
if (null != map) {
String MenuId = (String) map.get("Menuid");
req.setAttribute("MenuId", MenuId);
}
} catch (InstantiationException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IllegalAccessException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return "index";
}
2、二星权限设计(用户权限多对多)
?执行数据库脚本
?修改原有的实体类
?建立实体类
?创建dao
?修改原有的dao
?新增web的方法
?新增登入界面,跳入前端树形菜单
**dao**
/**
* 二星权限
* @param paramMap
* @param pageBean
* @return
* @throws InstantiationException
* @throws IllegalAccessException
* @throws SQLException
*/
public List<Map<String, Object>> userList2(Map<String, String[]> paramMap,PageBean pageBean) throws InstantiationException, IllegalAccessException, SQLException{
String uid = JsonUtils.getParamVal(paramMap, "uid");
String upwd = JsonUtils.getParamVal(paramMap, "upwd");
String sql = "select * from t_easyui_user_version2 where true";
if (StringUtils.isNotBlank(uid)) {
sql += " and uid = " + uid;
}
if (StringUtils.isNotBlank(upwd)) {
sql +=" and upwd = " + upwd;
}
return super.executeQuery(sql, pageBean);
}
public List<Map<String, Object>> getMenuIdsFromUser(Map<String, String[]> paramMap,PageBean pageBean) throws InstantiationException, IllegalAccessException, SQLException{
String uid = JsonUtils.getParamVal(paramMap, "uid");
String sql = "select * from t_easyui_usermenu where true";
if (StringUtils.isNotBlank(uid)) {
sql += " and uid = " + uid;
}
return super.executeQuery(sql, pageBean);
}
**servlet**
public String login2(HttpServletRequest req,HttpServletResponse resp) {
try {
List<Map<String,Object>> userList = this.userDao.userList2(req.getParameterMap() , null);
Map<String, Object> map = userList.get(0);
if (null != map) {
Map<String, String[]> paramMap = new HashMap<>();
paramMap.put("uid", new String[] {(String) map.get("uid")});
//获取中间表的数据信息
List<Map<String, Object>> userMenus = this.userDao.getMenuIdsFromUser(paramMap, null);
StringBuffer sb = new StringBuffer();
for (Map<String, Object> map2 : userMenus) {
sb.append(",").append(map2.get("menuId"));
}
req.setAttribute("MenuId", sb.toString().substring(1));
}
} catch (InstantiationException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IllegalAccessException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return "index";
}
所谓权限:指的是系统中的资源,资源包括菜单资源(学习情况报表,账号审核…)以及按钮资源
所谓角色:指的是系统中的权限集合(1)
按钮资源
现象:同一个菜单,不同的人能看到的按钮还不一样。
伪代码:
需求:
用户a看到审核
用户b看到增删改,看不到审核
用户c啥也看不到
btns是session存放的当前用户,查询权限表,获取到所有权限按钮数据
btuAuth是具体的权限数据id
<div>
<z:auth></z:auth>
<z:auth btns="" btuAuth="">
<a href="javascript:passUse('Y')" class="easyui-linkbutton" iconCls="icon-ok" plain="true">审核通过</a>
</z:auth>
<z:auth btns="" btuAuth="">
<a href="javascript:openUserAddDialog()" class="easyui-linkbutton" iconCls="icon-add" plain="true">添加</a>
</z:auth><z:auth btns="" btuAuth="">
<a href="javascript:openUserModifyDialog()" class="easyui-linkbutton" iconCls="icon-edit" plain="true">修改</a>
</z:auth><z:auth btns="" btuAuth="">
<a href="javascript:deleteUser()" class="easyui-linkbutton" iconCls="icon-remove" plain="true">删除</a>
</z:auth>
</div>