您的位置:首页 > 大数据 > 人工智能

AISELL不同等级授权以及根据等级不同显示菜单界面

2020-02-07 15:08 246 查看

从数据库查出所有权限交给Shiro管理

package cn.itsource.aisell.shiro;

import cn.itsource.aisell.domain.Permission;
import cn.itsource.aisell.service.IPermissionService;
import org.springframework.beans.factory.annotation.Autowired;

import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;

public class AisellFilterChainDefinitionMap {
@Autowired
//注入权限接口
IPermissionService permissionService;
public Map createFilterChainDefinitionMap(){
Map map = new LinkedHashMap();
//放行/s/login.jsp
//放行/login的请求
//以上两个不能拦截
map.put("/s/login.jsp","anon");
map.put("/login","anon");
//静态资源放行
map.put("*.js","anon");
map.put("*.css","anon");
map.put("/css/**","anon");
map.put("/js/**","anon");
map.put("/easyui/**","anon");
map.put("/images/**","anon");
//在登录成功后,在登录成功的页面访问permission.jsp,就会有user下面所有权限
//map.put("/s/permission.jsp","perms[user:*]");
//拿到所有权限
List<Permission> permissions = permissionService.findAll();
for (Permission permission:permissions) {
//Key值路径  value值权限
map.put(permission.getUrl(),"aisellPerms["+permission.getSn()+"]");
}
//拦截所有请求
map.put("//**","authc");
//此条返回数据跟xml关联,告诉xml的信息
return map;
}
}

查询当前用户具备的权限

protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
//必须先登录再进行授权
//授权方法  获得用户名
Employee employee = (Employee) principalCollection.getPrimaryPrincipal();
//新建一个方法 通过用户id来查询权限
Set<String>permissions=permissionService.findPermissionByEmployeeId(employee.getId());

//String emplousernameyee = (String) principalCollection.getPrimaryPrincipal();
//根据名字获得权限
//Set permissions = getPermissionsName(username);
//shiro会自己比较传来的权限
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
simpleAuthorizationInfo.setStringPermissions(permissions);
//返回信息
return simpleAuthorizationInfo;
}

显示Undefined 如何返回ajax

自定义过滤器

<!--配置自定义过滤器-->
<property name="filters">
<map>
<entry key="aisellPerms" value-ref="aisellPermsFilter">
</entry>
</map>
</property>

<!-- 定义自定义过滤器-->
<bean id="aisellPermsFilter" class="cn.itsource.aisell.shiro.AisellPermssionFilter"></bean>

**重写 onAccessDenied方法

​ 方法里面 就判断如果是ajax请求 就直接返回json格式,

​ 否则就走原来的格式,返回页面**

package cn.itsource.aisell.shiro;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.StringUtils;
import org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter;
import org.apache.shiro.web.util.WebUtils;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

public class AisellPermssionFilter extends PermissionsAuthorizationFilter {

@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws IOException {
Subject subject = this.getSubject(request, response);
if (subject.getPrincipal()==null){
this.saveRequestAndRedirectToLogin(request,response);
}else {
HttpServletRequest req=(HttpServletRequest)request;
HttpServletResponse resp=(HttpServletResponse) response;
//判断请求是ajax  如果是ajax直接返回json
String header = req.getHeader("X-Requested-With");
//说明就是ajax
if(header != null && "XMLHttpRequest".equals(header)){
//返回json格式的数据
resp.setContentType("text/json; charset=UTF-8");
resp.getWriter().print("{\"success\":false,\"msg\":\"没有权限\"}");

}else {
String unauthorizedUrl = this.getUnauthorizedUrl();
if (StringUtils.hasText(unauthorizedUrl)) {
WebUtils.issueRedirect(request, response, unauthorizedUrl);
} else {
WebUtils.toHttp(response).sendError(401);
}
}

}

return false;
}
}

页面权限的按钮控制

<!-- 新增修改删除-->
<shiro:hasPermission name="employee:save">
<a href="#" data-method="add" plain="true"  class="easyui-linkbutton" iconCls="icon-add">新增</a>
</shiro:hasPermission>
<shiro:hasPermission name="employee:update">
<a href="#" data-method="edit" plain="true"   class="easyui-linkbutton" iconCls="icon-edit">修改</a>
</shiro:hasPermission>
<shiro:hasPermission name="employee:delete">
<a href="#" data-method="delete" plain="true"   class="easyui-linkbutton" iconCls="icon-remove">删除</a>
</shiro:hasPermission>

准备Menu domain

package cn.itsource.aisell.domain;

import com.fasterxml.jackson.annotation.JsonIgnore;
import javax.persistence.*;
import java.util.ArrayList;
import java.util.List;

@Entity
@Table(name = "menu")
public class Menu extends BaseDomain {
private String name;
private String url;
private String icon;

@ManyToOne(fetch = FetchType.LAZY)
@JoinColumn(name = "parent_id")
//忽略json 在展示json格式的 parent不会展示出来
@JsonIgnore
private Menu parent;

//这个是临时属性,不交给jpa管理 ,自己来维护
@Transient
private List<Menu> children=new ArrayList<Menu>();

//兼容esayui的菜单树[id:1,text:'xxx']
public String getText(){
return this.name;
}

public String getName() {
return name;
}

public void setName(String name) {
this.name = name;
}

public String getUrl() {
return url;
}

public void setUrl(String url) {
this.url = url;
}

public String getIcon() {
return icon;
}

public void setIcon(String icon) {
this.icon = icon;
}

public Menu getParent() {
return parent;
}

public void setParent(Menu parent) {
this.parent = parent;
}

public List<Menu> getChildren() {
return children;
}

public void setChildren(List<Menu> children) {
this.children = children;
}
}
MenuQuery query类 高级查询
package cn.itsource.aisell.query;

import cn.itsource.aisell.domain.Employee;
import cn.itsource.aisell.domain.Menu;
import com.github.wenhao.jpa.Specifications;
import org.apache.commons.lang3.StringUtils;
import org.springframework.data.jpa.domain.Specification;

public class MenuQuery extends BaseQuery{
//权限名称
private String name;

public String getName() {
return name;
}

public void setName(String name) {
this.name = name;
}

//实现父类抽象接口的高级查询方法
public Specification createSpecification() {
Specification<Menu> specification = Specifications.<Menu>and()
//通过权限名字高级查询
.like(StringUtils.isNotBlank(this.getName()),"name", "%"+this.getName()+"%")
.build();
return specification;
}
}

MenuRepository

package cn.itsource.aisell.repository;

import cn.itsource.aisell.domain.Menu;
import org.springframework.data.jpa.repository.Query;

import java.util.List;

public interface MenuRepository extends BaseRepository<Menu,Long> {

//根据用户id 查询菜单--查询所有的子菜单
@Query("select distinct m from Employee e join e.roles er join er.permissions p join p.menu m where e.id = ?1")
public List<Menu> findByLoginUser(Long id);
}

IMenuService

package cn.itsource.aisell.service;

import cn.itsource.aisell.domain.Menu;

import java.util.List;

public interface IMenuService extends IBaseService<Menu,Long> {
public List<Menu> findMenuByLoginUser(Long employeeId);

}

MenuServiceImpl

package cn.itsource.aisell.service.impl;

import cn.itsource.aisell.domain.Menu;
import cn.itsource.aisell.repository.MenuRepository;
import cn.itsource.aisell.service.IMenuService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

import java.util.ArrayList;
import java.util.List;

@Service
public class MenuServiceImpl extends BaseServiceImpl<Menu,Long> implements IMenuService {

@Autowired
MenuRepository menuRepository;
public List<Menu> findMenuByLoginUser(Long employeeId) {
List<Menu> menus=new ArrayList<Menu>();
//查询当前用户子菜单群
List<Menu> childrenMenus = menuRepository.findByLoginUser(employeeId);
//循环子菜单  1,2,3,4,5,6
for (Menu childrenMuenu:childrenMenus) {
//通过子菜单拿到父菜单
Menu parentMenu = childrenMuenu.getParent();
//如果子字菜单没有包含那就添加父菜单
if (!menus.contains(parentMenu)){
menus.add(parentMenu);
}
//格式:[1,[1,2,3],2,[4,5,6]]
//通过父菜单拿到子菜单
List<Menu> children = parentMenu.getChildren();
//添加子菜单
children.add(childrenMuenu);

}

return menus;
}
}
  • 点赞
  • 收藏
  • 分享
  • 文章举报
BapeSanji 发布了17 篇原创文章 · 获赞 1 · 访问量 349 私信 关注
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: 
相关文章推荐
新的分享
章节导航