📄 authorizationmgrimpl.java
字号:
Constants.USER_RIGHTS_FALG);// 把页面取过来的功能权限id分成新的和要撤消的,原有的不变。未处理
logger.debug("prNewList 2 : " + prNewList.size());
for (int n = 0; n < 2; n++) {
List<UserRights> commonPra = new ArrayList<UserRights>();
if (n == 0) {
commonPra = prNewList;
}
if (n == 1) {
commonPra = oldPra;
}
// 对以下逻辑改为:先新增新的功能权限,再删除撤消的功能权限,对不变的功能权限不做任何操作。
for (int i = 0; i < commonPra.size(); i++) {// 新增新的功能权限
int rightId = commonPra.get(i).getRightsId();
logger.debug("权限ID: " + rightId);
String dataAreaIds = "";// 数据范围对象
String reelection = "n";
String dataAreaId_pid = "";// 子模块全局数据范围对象ID hrw 2008-12-19
String dataAreaId_pidValue = "";
if (useScheme != null && useScheme.equals("1")) {
logger.debug("使用方案授权 ");
String scheme = request.getParameter("scheme");
int id = 0;
if (scheme != null && !scheme.equals("")) {
id = Integer.parseInt(scheme);
dataAreaIds = dataAreaSchemeMgr
.findTreeviewIdsById(id);
}
} else {
logger.debug("逐步授权 ");
/*
* 在rightTree.js里,每个树节点都挂一下隐藏域,隐藏域属性ID,name均为 节点ID +
* "_area" 字符串, 隐藏域存储数据范围页面返回的部门节点ID集合组成的字符串
*/
// dataAreaIds = request.getParameter(rid + "_area");//
// 数据范围对象
dataAreaIds = request.getParameter(rightId + "_area");// 数据范围对象
logger.debug("dataAreaIds : " + dataAreaIds);
dataAreaId_pid = request.getParameter(rightId + "_pid");// 取页面子模块数据全局范围Id。
logger.debug("dataAreaId_pid : " + dataAreaId_pid);
dataAreaId_pidValue = request
.getParameter(dataAreaId_pid + "_area");// 取页面子模块数据全局范围
logger.debug("dataAreaId_pidValue : "
+ dataAreaId_pidValue);
String dataAreaSelectedFlag = request
.getParameter(rightId + "_selected");// 功能权限的数据范围是否有被重新设置过。
// 先确定是否有先设整体模块的全局数据范围,再处理子模块的全局数据范围。
String allAreas = request.getParameter("_area");
logger.debug("allAreas : " + allAreas);
String allSelected = request.getParameter("_selected");
logger.debug("allSelected : " + allSelected);
String pDataAreaSelectedFlag = request
.getParameter(dataAreaId_pid + "_selected");
logger.debug("pDataAreaSelectedFlag : "
+ pDataAreaSelectedFlag);
if (allAreas != null && !"".equals(allAreas)) {
if (!"y".equals(pDataAreaSelectedFlag)) {
dataAreaId_pidValue = allAreas;
}
}
// dataAreaIds 不能为null
if (dataAreaIds == null || "".equals(dataAreaIds)) {
dataAreaIds = "";
if (dataAreaId_pidValue != null
&& !"".equals(dataAreaId_pidValue)) {// 功能权限没有选数据范围且子模块有设全局数据权限
// 若有设子模志全局的数据范围且该功能权限的数据范围没被重新设置过,默认为被全局设置过,数据范围为全局的和原有的数据范围。
// 若功能权限被重新设置过,以重新设置过为主。
if (!"y".equals(dataAreaSelectedFlag)) {
dataAreaIds = dataAreaId_pidValue;
}
}
}
logger.debug("dataAreaIds : " + dataAreaIds);
if("y".equals(dataAreaSelectedFlag) || "y".equals(pDataAreaSelectedFlag) || "y".equals(allSelected)){
reelection = "y";
}
}
logger.debug("数据范围ID: " + dataAreaIds);
try {
/*
* 保存授权对象, 权限对象以及数据范围对象三者的关系
* 因为对不同授权对象授予的权限对象是一样的,所以先循环权限表,再为每一个授权对象授予同一权限
* 每一个隐藏域里存放的数据范围对象ID集合也都是对应一个权限
*/
// 保存授权对象, 权限对象以及数据范围对象三者的关系
if (n == 0) {
// 数据库里没有的。
userRightsMgr.saveThreeObjRelation(userId, rightId,
dataAreaIds, true, rightsFlag, userId,reelection);
}
if (n == 1) {
// 数据库里已存在的传功能权限主键。
userRightsMgr.saveThreeObjRelation(commonPra.get(i)
.getId(), rightId, dataAreaIds, false,
rightsFlag, userId,reelection);
}
} catch (SystemException e) {
logger.error(e.getMessage());
isSuccessfull = false;
throw e;
}
}
}
List userRights = new ArrayList();
for (int i = 0; i < urs.size(); i++) {// 删除撤消的功能权限和相关的数据权限
userRights.add(urs.get(i).getId());
}
// 取用户权限数据范围
List<UserRightsArea> rra = utilDao.findByIds(
DataBaseTableName.UserRightsArea, "userRightsId",
userRights);
// 删除用户权限数据范围表信息
if (rra != null) {
utilDao.deleteAll(rra);
}
// 删除用户权限表信息
utilDao.deleteAll(urs);
} else {// 如果从页面取到的right为空,说明该岗位没有任何权限,些时删除所有权限
List userRights = new ArrayList();
for (int i = 0; i < urs.size(); i++) {// 删除撤消的功能权限和相关的数据权限
userRights.add(urs.get(i).getId());
}
// 取用户权限数据范围
List<UserRightsArea> rra = utilDao.findByIds(
DataBaseTableName.UserRightsArea, "userRightsId",
userRights);
// 删除用户权限数据范围表信息
if (rra != null) {
utilDao.deleteAll(rra);
}
// 删除用户权限表信息
utilDao.deleteAll(urs);
}
if (isSuccessfull) {// 授权成功
// 获取当前用户信息
User user = (User) request.getSession().getAttribute(
Constants.SESSION_USER);
// 获取全局会话
ServletContext application = request.getSession()
.getServletContext();
// 获取用户信息
Map userInfo = (Map) application
.getAttribute(SystemConstant.APPLICATION_USER_INFO);
if (userInfo != null) {
logger.debug("userInfo: " + userInfo + " userInfo.size: "
+ userInfo.size());
// 获取该用户所有权限
// List<Rights> rights = userRightsMgr.getUserRightsDao()
// .findByUserId(userId);
// 遍历存放用户session的Map对象
for (Object o : userInfo.keySet()) {
Integer userId1 = (Integer) o;
logger.debug("key: " + userId1);
// 不是本人的ID(管理员)
// if (!userId1.equals(user.getId())) {
if (userId1.intValue() == userId) {
// 获取Session
HttpSession session = (HttpSession) userInfo.get(o);
session.setAttribute(
SystemConstant.SESSION_RIGHTS_IS_UPDATED, true);
logger.debug("session: " + session);
List<Rights> rights = userRightsMgr.getUserRightsDao()
.getRightsEntityByUserId(userId);
Map<String, WebRightsView> jspRightsControl = rightsMgr
.getWebRightsView(rights,
Constants.RIGHTS_FALG,
Constants.JSPRIGHTSCONTROL_YES);
session.setAttribute(SystemConstant.JSP_RIGHTS_CONTROL,
jspRightsControl);
// User u = (User) session
// .getAttribute(Constants.SESSION_USER);
// }
}
}
}
}
}
public RightsMgr getRightsMgr() {
return rightsMgr;
}
public void setRightsMgr(RightsMgr rightsMgr) {
this.rightsMgr = rightsMgr;
}
/**
* 取数据范围 返回用户userId 格式为:1,2,3
*/
public String findUserDataRange(int rightsId, User user) {
StringBuffer nodeIds = new StringBuffer("");
if (user.getUserName().equals("admin")) {
try {
List<UserRightsArea> ura = userRightsMgr.getUserRightsAreaDao()
.findDataAreaByRidUid(user.getId(), rightsId);
for (int i = 0; i < ura.size(); i++) {
if (i != (ura.size() - 1)) {
nodeIds.append(ura.get(i).getTreeviewId() + ",");
} else {
nodeIds.append(ura.get(i).getTreeviewId());
}
}
} catch (RuntimeException re) {
logger.error(re);
throw new SystemException(Constants.SYSTEMEXCEPTION);
}
} else {
int model = com.yuanchung.sales.service.admin.AuthorizationMgrImpl
.getAuthorizationModel();
if (model == SystemConstant.AUTHORIZATION_POSITION) {
// 2009-01-21 add
int rightsFlag = Constants.RIGHTS_USER_FLAG;
UserRightsFlag userRightsFlag = userRightsMgr
.getUserRightsFlagDAO().findById(user.getId());
if (userRightsFlag != null) {
if (userRightsFlag.getFlag() == Constants.RIGHTS_POSITION_FLAG) {
rightsFlag = Constants.RIGHTS_POSITION_FLAG;
}
} else {
rightsFlag = Constants.RIGHTS_POSITION_FLAG;
}
logger.debug("rightsFlag : " + rightsFlag);
if (rightsFlag == Constants.RIGHTS_POSITION_FLAG) {
// 获取当前用户岗位权限
List<PositionRightsArea> pra = positionMgr
.getDataAreaByRidPid(rightsId, user.getTreeview()
.getId());
for (int i = 0; i < pra.size(); i++) {
if (i != (pra.size() - 1)) {
nodeIds.append(pra.get(i).getTreeviewId() + ",");
} else {
nodeIds.append(pra.get(i).getTreeviewId());
}
}
}
if (rightsFlag == Constants.RIGHTS_USER_FLAG) {
try {
List<UserRightsArea> ura = userRightsMgr
.getUserRightsAreaDao().findDataAreaByRidUid(
user.getId(), rightsId);
for (int i = 0; i < ura.size(); i++) {
if (i != (ura.size() - 1)) {
nodeIds
.append(ura.get(i).getTreeviewId()
+ ",");
} else {
nodeIds.append(ura.get(i).getTreeviewId());
}
}
} catch (RuntimeException re) {
logger.error(re);
throw new SystemException(Constants.SYSTEMEXCEPTION);
}
}
} else if (model == SystemConstant.AUTHORIZATION_ROLE) {
// 获取用户所有角色权限
List<UserRole> ur = roleMgr.findByUserId(user.getId());
List<RoleRightArea> rra = new ArrayList<RoleRightArea>();
for (int i = 0; i < ur.size(); i++) {
List<RoleRightArea> r = roleMgr.getDataAreaByRightIdRoleId(
rightsId, ur.get(i).getRoleId());
rra.addAll(r);
}
for (int i = 0; i < rra.size(); i++) {
if (i != (rra.size() - 1)) {
nodeIds.append(rra.get(i).getTreeviewId() + ",");
} else {
nodeIds.append(rra.get(i).getTreeviewId());
}
}
}
}
List<User> users = new ArrayList<User>();
StringBuffer userId = new StringBuffer("");
//取用户
try {
if(!"".equals(nodeIds.toString())){
users = userMgr.getUserDao().findByTreeviewIds(nodeIds.toString());
}
} catch (RuntimeException re) {
logger.error(re);
throw new SystemException(Constants.SYSTEMEXCEPTION);
}
// 封装userId
for (int i = 0; i < users.size(); i++) {
if (i != (users.size() - 1)) {
userId.append(users.get(i).getId() + ",");
} else {
userId.append(users.get(i).getId());
}
}
if(!"".equals(userId.toString())){
return userId.toString() + "," + user.getId();
}else{
return user.getId().toString();
}
// return userId.toString();
}
public boolean isRights(int userId, String userIds) {
boolean result = false;
String [] userIdArray = userIds.split(",");
for(int i = 0 ; i < userIdArray.length ; i ++){
if(userIdArray[i].equals(String.valueOf(userId))){
result = true;
break;
}
}
return result;
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -