📄 permissiondao.java
字号:
sql += "SELECT * from \"Permissions\"\n"; sql += getWhereClause(p); List results = executeQuery(sql); return results; } public List getPermissions(int entityID, EntityType entityType, String user, List groups) { String sql = ""; sql += "SELECT * from \"Permissions\"\n"; sql += " WHERE \"EntityID\" = " + entityID + "\n"; sql += " AND \"EntityType\" = " + quoteSingle(entityType.getCode()) + "\n"; String userMatch = ""; userMatch += "(\"ID\" = " + quoteSingle(user) + " )\n "; //userMatch += "AND \"PermissionType\" = " + quoteSingle(PermissionType.PERMISSION_USER.getCode()) + ")\n"; LDAPDAO dao = LDAPDAOFactory.getInstance().getLDAPDAO(); StaffMember sm = dao.getUser(user);/* String groupMatch = ""; groupMatch += "(\"PermissionType\" = " + quoteSingle(PermissionType.PERMISSION_GROUP.getCode()) + " "; groupMatch += "AND \"ID\" in ("; for (int i=0; i < groups.size(); i++) { String name = (String) groups.get(i); groupMatch += quoteSingle(name); if (groups.size() > 1 && i < groups.size() - 1) { groupMatch += ", "; } } groupMatch += "))\n"; String allMatch = ""; allMatch += "(\"ID\" = 'null' "; allMatch += "AND \"PermissionType\" = " + quoteSingle(PermissionType.PERMISSION_ALL.getCode()) + ")\n";*/ sql += " AND (" + userMatch;// sql += " OR " + groupMatch;// sql += " OR " + allMatch; sql += " OR " + getPowerMatch(sm); sql += ")"; ArrayList results = (ArrayList) executeQuery(sql, sm); Collections.sort(results, Permission.HIGHEST_PERMISSION_ORDER); return results; } public void insertPermission(Permission p) { insertPermission(p, null); } /** Insert a permission object into the database. * * @param p A permission object that specifies who, what and how the permissions are to be * @param con When using a custom connection to the database (for instance when you need to set autocommit to false. If con is specified * it checks the AutoCommit parameter to determine whether to check for existing permissions matching or not. */ public void insertPermission(Permission p, Connection con) { String sql = ""; try { if (exists(p) && !(con != null && !con.getAutoCommit())) { return; } } catch (Exception ex) { logger.error("Error processing the existing permissions."); throw new RuntimeException(ex); } java.sql.Statement stmt = null; Connection useCon = null; try { if (con != null) { useCon = con; } else { useCon = getFactory().getConnection(); } sql += "INSERT into \"Permissions\"\n"; sql += "(\"EntityID\",\"EntityType\",\"ID\",\"Power\",\"Division\",\"Location\",\"Read\",\"Write\",\"Delete\",\"Security\")\n"; sql += "VALUES\n"; sql += "("; sql += p.getEntityID() + ", "; sql += quoteSingle(p.getEntityType().getCode()) + ", "; sql += quoteSingle(p.getID()) + ", "; //sql += quoteSingle(p.getPermissionType().getCode()) + ", "; sql += p.getPower() + ", "; sql += quoteSingle(p.getDivision()) + ", "; sql += quoteSingle(p.getLocation()) + ", "; sql += p.canRead() + ", "; sql += p.canWrite() + ", "; sql += p.canDelete() + ", "; sql += p.canSecurity(); sql += ")\n"; logger.debug("Insert Permission SQL: " + sql); stmt = useCon.createStatement(); int result = stmt.executeUpdate(sql); if (result != 1) { logger.error("Illegal number of rows inserted! SQL: " + sql ); throw new RuntimeException("Illegal number of rows inserted!"); } } catch (Exception ex) { logger.error("Exception executing sql:\n" + sql, ex); throw new RuntimeException(ex); } } public String getWhereClause(Permission p) { String sql = ""; sql += " WHERE \"EntityID\" = " + p.getEntityID() + "\n"; sql += " AND \"EntityType\" = " + quoteSingle(p.getEntityType().getCode()) + "\n"; if (p.getID() != null) { sql += " AND \"ID\" = " + quoteSingle(p.getID()) + " "; }// else{// sql += " AND \"ID\" = 'null'\n";// } /*if (p.getPermissionType() != null) { sql += " AND \"PermissionType\" = " + quoteSingle(p.getPermissionType().getCode()) + "\n"; }*/ return sql; } public void updatePermission(Permission p) { updatePermission(p, null); } public void updatePermission(Permission p, Connection con) { String sql = ""; sql += "UPDATE \"Permissions\"\n"; sql += "SET \"Read\" = " + p.canRead() + ",\n"; sql += " \"Write\" = " + p.canWrite() + ",\n"; sql += " \"Delete\" = " + p.canDelete() + "\n"; sql += getWhereClause(p); try { int result = this.updateSQL(sql,con); if (result != 1) { logger.error("Illegal number of rows inserted!: " + result + " SQL: " + sql ); throw new RuntimeException("Illegal number of rows inserted!: " + result); } } catch (Exception ex) { logger.error("Exception executing sql:\n" + sql, ex); throw new RuntimeException(ex); } } public void deletePermission(Permission p) { String sql = ""; sql += "DELETE from \"Permissions\"\n"; sql += getWhereClause(p); try { int result = this.updateSQL(sql); if (result != 1) { logger.error("Illegal number of rows inserted! SQL: " + sql ); throw new RuntimeException("Illegal number of rows inserted!"); } } catch (Exception ex) { logger.error("Exception executing sql:\n" + sql, ex); throw new RuntimeException(ex); } } // compatability public Object createFromResultSet(java.sql.ResultSet rs) throws java.sql.SQLException, java.io.UnsupportedEncodingException { return createFromResultSet(rs, null); } public Object createFromResultSet(java.sql.ResultSet rs, Object data) throws java.sql.SQLException, java.io.UnsupportedEncodingException { Permission p = new Permission(); p.setEntityID(rs.getInt("EntityID")); String code = rs.getString("EntityType"); EntityType etype = (EntityType) AbstractCode.decode(code, EntityType.class); p.setEntityType(etype); p.setID(rs.getString("ID")); p.setPower(rs.getInt("Power")); String d = rs.getString("Division"); p.setDivision(d != null && d.length() == 0 ? null : d); String l = rs.getString("Location"); p.setLocation(l != null && l.length() == 0 ? null : l); code = rs.getString("PermissionType"); PermissionType ptype = (PermissionType) AbstractCode.decode(code, PermissionType.class); p.setPermissionType(ptype); // if the staff member's power boolean ok = true; if (data != null) { StaffMember sm = (StaffMember)data; ok = (sm.getPower() == p.getPower()) || (sm.getPower() >= 6); } p.setPermission(Permission.READ_PERMISSION, rs.getBoolean("Read")); // following permissions only apply if the power is equal (ie not "forcing" access) p.setPermission(Permission.WRITE_PERMISSION, ok && rs.getBoolean("Write")); p.setPermission(Permission.DELETE_PERMISSION, ok && rs.getBoolean("Delete")); p.setPermission(Permission.SECURITY_PERMISSION, ok && rs.getBoolean("Security")); logger.debug(p); return p; } /** Updates all given permissions for a given single entity. * Note that it works by deleting all existing permissions, * and then writes those in the parameter list. */ public void updatePermissions(int id, EntityType type, List permissions) throws java.sql.SQLException { Connection con = super.getFactory().getConnection(); // Set up a transaction, we'll do the delete and insert in one // transaction. con.setAutoCommit(false); String sql = "delete from \"Permissions\"\n"; sql += "where \"EntityID\" = " + id + "\n"; sql += " and \"EntityType\" = " + quoteSingle(type.getCode()) + "\n"; Statement stmt = con.createStatement(); stmt.executeUpdate(sql); if (stmt != null) { stmt.close(); } // Seeing as we delete all permissions for this entity above, // we now simply re-insert the new ones for (int i=0; i < permissions.size(); i++) { Permission p =(Permission) permissions.get(i); insertPermission(p, con); } con.commit(); // End of Transaction if (con != null) { con.close(); } }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -