📄 userpower.java
字号:
/*
* Created on 2007-3-8
* Last modified on 2007-05-27
* Powered by YeQiangWei.com
*/
package com.yeqiangwei.club.service.security;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.yeqiangwei.club.service.security.GroupOfForumService;
import com.yeqiangwei.club.service.topic.ReplyService;
import com.yeqiangwei.club.service.topic.TopicService;
import com.yeqiangwei.club.service.user.UserLogin;
import com.yeqiangwei.club.service.ServiceLocator;
import com.yeqiangwei.club.service.ServiceWrapper;
import com.yeqiangwei.club.service.model.GroupModel;
import com.yeqiangwei.club.service.model.ReplyModel;
import com.yeqiangwei.club.service.model.RoleModel;
import com.yeqiangwei.club.service.model.TopicModel;
import com.yeqiangwei.club.service.model.UserModel;
import com.yeqiangwei.club.util.BeanUtils;
import com.yeqiangwei.club.util.MessageUtils;
import com.yeqiangwei.club.view.model.UserView;
import org.apache.log4j.Logger;
import com.yeqiangwei.util.HttpServletUtils;
import com.yeqiangwei.util.ParamUtils;
import com.yeqiangwei.util.StringHelper;
import com.yeqiangwei.util.TypeChange;
import com.yeqiangwei.util.Validator;
/*
* 此类的职责是根据用户的浏览页面获取定位用户所在的用户组,定位用户角色获取权限内容.
*/
public class UserPower {
private static final Logger logger = Logger.getLogger(UserPower.class);
public static final int BROWSEPOWER = 0;
public static final int OPERATEPOWER = 1;
public static final int ADMINPOWER = 2;
public UserPower(){
}
public TopicService getTopicService() {
return ServiceWrapper.<TopicService>getSingletonInstance(ServiceLocator.TOPIC);
}
public ReplyService getReplyService() {
return ServiceWrapper.<ReplyService>getSingletonInstance(ServiceLocator.REPLY);
}
public GroupService getGroupService() {
return ServiceWrapper.<GroupService>getSingletonInstance(ServiceLocator.GROUP);
}
public GroupOfForumService getGroupOfForumService() {
return ServiceWrapper.<GroupOfForumService>getSingletonInstance(ServiceLocator.GROUPOFFORUM);
}
public RoleService getRoleService() {
return ServiceWrapper.<RoleService>getSingletonInstance(ServiceLocator.ROLE);
}
public PermissionModel getPermissionModel(UserModel user, int forumId){
PermissionModel permissionModel = new PermissionModel();
permissionModel.setUserModel(user);
GroupModel groupModel = this.getGroupService().userInGroup(user,forumId);
String roleIds = "";
if(groupModel!=null){
roleIds = groupModel.getRoleIds(); //此用户组下包含的N个角色
}
List slist = StringHelper.stringToList(roleIds,"|");
if(!Validator.isEmpty(slist)){
for(int i=0; i<slist.size(); i++){
int roleId = TypeChange.stringToInt(String.valueOf(slist.get(i)));
RoleModel roleModel = this.getRoleService().findById(roleId);
permissionModel.setRoleModel(roleModel);
logger.debug("Role name "+roleModel.getRoleName());
logger.debug("Role adminPower "+roleModel.getAdminPower());
logger.debug("Role operatePower "+roleModel.getOperatePower());
if(!Validator.isEmpty(roleModel)&&roleModel.getForumId()==forumId&&forumId!=0){
return permissionModel;
}
}
}
return permissionModel;
}
private PermissionModel getPermissionModel(HttpServletRequest request){
UserModel user = UserLogin.getUserModel(request);
int forumId = ParamUtils.getIntParameter(request,"forumId");
return this.getPermissionModel(user,forumId);
}
public boolean canAccess(PermissionModel permissionModel, int which, int locator){
boolean bea = false;
String adminPower = null;
String opreatePower = null;
String browsePower = null;
RoleModel role = permissionModel.getRoleModel();
if(!Validator.isEmpty(role)){
adminPower = role.getAdminPower();
opreatePower = role.getOperatePower();
browsePower = role.getBrowsePower();
}else{
logger.error("角色对象为NULL");
}
String per = "0";
switch(which){
case 0:
per = StringHelper.locator(browsePower,locator,"|","0");
break;
case 1:
per = StringHelper.locator(opreatePower,locator,"|","0");
break;
case 2:
per = StringHelper.locator(adminPower,locator,"|","0");
break;
}
if(per.equals("1")){
bea = true;
}
return bea;
}
/**
*
* @param user
* @param forumId
* @param locator 权限字符串定位
* @param whichPower 权限类型 浏览权限、管理权限、操作权限
* @return
*/
public boolean canAccess(UserModel user, int forumId, int which, int locator){
PermissionModel permissionModel = this.getPermissionModel(user, forumId);
return this.canAccess(permissionModel,which,locator);
}
public boolean canAccess(UserView v, int forumId, int which, int locator){
UserModel user = new UserModel();
BeanUtils.copyProperties(user,v);
return this.canAccess(user,forumId,which,locator);
}
public boolean canAccess(HttpServletRequest request,int which, int locator){
int forumId = ParamUtils.getIntParameter(request,"forumId");
UserModel user = ParamUtils.getSessionObject(request,"User",null);
PermissionModel permissionModel = this.getPermissionModel(user, forumId);
return this.canAccess(permissionModel,which,locator);
}
public boolean canAccess(HttpServletRequest request, HttpServletResponse response){
String act = ParamUtils.getStringParameter(request,"act");
PermissionModel p = this.getPermissionModel(request);
String uri = request.getRequestURI();
boolean permission = true;
if(uri.equals("/club/main.jsp")&&!this.canAccess(p,UserPower.BROWSEPOWER,0)){//浏览首页
request.setAttribute("message",MessageUtils.getMessage("error_browse"));
permission = false;
}
else if(uri.equals("/club/forum.jsp")&&!this.canAccess(p,UserPower.BROWSEPOWER,1)){//浏览版面
request.setAttribute("message",MessageUtils.getMessage("error_browse"));
permission = false;
}
else if(uri.equals("/club/thread.jsp")){//浏览帖子
if((ParamUtils.getByteParameter(request,"better",(byte)0)==1&&!this.canAccess(p,UserPower.BROWSEPOWER,3))//浏览精华
||!this.canAccess(p,UserPower.BROWSEPOWER,2)//浏览普通贴
){
request.setAttribute("message",MessageUtils.getMessage("error_browse"));
permission = false;
}
}
else if(uri.equals("/club/onlines.jsp")&&!this.canAccess(p,UserPower.BROWSEPOWER,10)){//浏览在线名单
request.setAttribute("message",MessageUtils.getMessage("error_browse"));
permission = false;
}
else if(uri.equals("/club/trash.jsp")&&!this.canAccess(p,UserPower.ADMINPOWER,12)){
//清理回收站
request.setAttribute("message",MessageUtils.getMessage("error_power"));
permission = false;
}
else if(uri.equals("/club/post.jsp")
||uri.equals("/club/posted.jsp")
||uri.equals("/club/topicAdmin.jsp")
||uri.equals("/club/topic.do")
)
{
if(act.equals("addtopic")&&!this.canAccess(p,UserPower.OPERATEPOWER,0)){ //发表主题
request.setAttribute("message",MessageUtils.getMessage("error_power"));
permission = false;
}
else if(act.equals("addreply")&&!this.canAccess(p,UserPower.OPERATEPOWER,1)){ //发表回复
request.setAttribute("message",MessageUtils.getMessage("error_power"));
permission = false;
}
/*
else if((act.equals("edittopic")||act.equals("editreply"))
&&!this.canAccess(p,UserPower.OPERATEPOWER,3)
)
{//编辑文章
request.setAttribute("message",MessageUtils.getMessage("error_power"));
permission = false;
}
*/
else if(act.equals("movetopic")&&!this.canAccess(p,UserPower.ADMINPOWER,2)){
request.setAttribute("message",MessageUtils.getMessage("error_power"));
permission = false;
}
else if(act.equals("movetopic")&&!this.canAccess(p,UserPower.ADMINPOWER,2))
{//移动文章
request.setAttribute("message",MessageUtils.getMessage("error_power"));
permission = false;
}
else if((act.equals("trashtopic")||act.equals("trashreply"))&&!this.canAccess(p,UserPower.ADMINPOWER,1))
{//删除文章
request.setAttribute("message",MessageUtils.getMessage("error_power"));
permission = false;
}
else if((act.equals("better"))&&!this.canAccess(p,UserPower.ADMINPOWER,4))
{//设置精华
request.setAttribute("message",MessageUtils.getMessage("error_power"));
permission = false;
}
else{
permission = this.canUpdate(request,act);
}
}
else if(uri.equals("/club/messageAjax.do")
||(uri.equals("/club/users.do")&&(act.equals("addfriend")||act.equals("delfriends")))
){
if(Validator.isEmpty(p.getUserModel())){
try {
response.setContentType("text/HTML;charset=UTF-8");
PrintWriter out = response.getWriter();
out.print(MessageUtils.getMessage("error_notlogin"));
out.close();
} catch (IOException e) {
logger.error(e.toString());
}
return false;
}
}
else if(uri.equals("/club/profile.jsp")
||uri.equals("/club/password.jsp")
||uri.equals("/club/photo.jsp")
||uri.equals("/club/friend.jsp")
||uri.equals("/club/friends.jsp")
||uri.equals("/club/message.jsp")
||uri.equals("/club/photoUpload.do")
||act.equals("delfriends")
||act.equals("addfriend")
||uri.equals("/club/email.jsp")
||uri.equals("/club/favoriteTopic.jsp")
||uri.equals("/club/userSettings.jsp")
||uri.equals("/club/myInfo.jsp")
||uri.equals("/music/myLike.jsp")
||uri.equals("/music/myCommend.jsp")
){ //非登录用户禁止使用的功能
if(Validator.isEmpty(p.getUserModel())){
request.setAttribute("message",MessageUtils.getMessage("error_notlogin"));
permission = false;
}
logger.debug(uri);
}
else if(uri.indexOf("/admin/")!=-1
&&uri.indexOf("login.jsp")==-1
&&!act.equals("adminLogin"))
{
if(ParamUtils.getSessionObject(request,"Admin",null)==null){
HttpServletUtils.redirect(response,"login.jsp");
return false;
}
}
if(!permission){
HttpServletUtils.forward(request,response,"/club/msg.jsp");
}
return permission;
}
public boolean canUpdate(HttpServletRequest request, String act){
if(act.equals("edittopic")){
int topicId = ParamUtils.getIntParameter(request,"topicId");
TopicModel model = this.getTopicService().findById(topicId);
if(!Validator.isEmpty(model)){
return this.canUpdate(request,model);
}else{
request.setAttribute("message",MessageUtils.getMessage("error_notfind"));
}
}
else if(act.equals("editreply")){
int replyId = ParamUtils.getIntParameter(request,"replyId");
ReplyModel model = this.getReplyService().findById(replyId);
if(!Validator.isEmpty(model)){
return this.canUpdate(request,model);
}else{
request.setAttribute("message",MessageUtils.getMessage("error_notfind"));
}
}
return true;
}
public boolean canUpdate(HttpServletRequest request, TopicModel model){
return this.canUpdate(request, model.getForumId(), model.getUserId(),UserLogin.getUserModel(request),model.getReplys());
}
public boolean canUpdate(HttpServletRequest request, ReplyModel model){
return this.canUpdate(request, model.getForumId(), model.getUserId(),UserLogin.getUserModel(request),model.getReplys());
}
/**
*
* @param request
* @param userId 文章作者
* @param user 当前操作用户
* @return
*/
public boolean canUpdate(HttpServletRequest request, int forumId, int userId, UserModel user, int replys){
/*
* 是否具备编辑他人文章的权限
*/
boolean updateadmin = this.canAccess(user,forumId,UserPower.ADMINPOWER,0);
/*
* 是否具备编辑被回复过的文章的权限
*/
boolean updatereplyed = this.canAccess(user,forumId,UserPower.OPERATEPOWER,4);
/*
* 是否具备编辑自己文章的权限
*/
boolean updatemy = this.canAccess(user,forumId,UserPower.OPERATEPOWER,3);
boolean permission = false;
if(!updateadmin){
/*
* 如果用户编辑的是自己的文章
*/
if(user!=null&& user.getUserId()==userId){
/*
* 如果用户编辑的是自己的文章
*/
if(updatemy){
permission = true;
request.setAttribute("message",null);
}else{
permission = false;
request.setAttribute("message",MessageUtils.getMessage("error_power"));
}
/*
* 判断是否具备编辑被回复过的文章权限
*/
if(replys>0&&!updatereplyed){
permission = false;
request.setAttribute("message",MessageUtils.getMessage("error_update_replyed"));
}else{
permission = true;
request.setAttribute("message",null);
}
}else{
permission = false;
request.setAttribute("message",MessageUtils.getMessage("error_power"));
}
}else{
permission = true;
request.setAttribute("message",null);
}
return permission;
}
/*
public ForwardUtils getForwardUtils() {
if(Validator.isEmpty(forwardUtils)){
forwardUtils = new com.yeqiangwei.club.util.ForwardUtils();
}
return forwardUtils;
}
*/
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -