`

平台自定义资源权限控制使用方法

阅读更多
本文以一个简单的实例来介绍bboss平台自定义资源权限控制使用方法。先定义一个资源类型,关联一操作组,操作组中定义的操作都关联了一组url,这些url访问权限与操作的权限一致,用户拥有操作的权限也就拥有了关联的url的权限(这样可以有效防止低权限用户);然后介绍如何通过安全组件在程序实现权限的检测功能。

1.定义资源类型和资源操作组并定义操作关联的url
在resources目录下新增一个resource-test.xml文件,在文件中添加资源类型和资源操作组:
<?xml version="1.0" encoding="UTF-8"?>
<resources >
	<!--
		操作组定义:
		定义系统资源的操作组,不同的资源类型涉及不同的操作组,操作组中定义同一类型的操作
	-->	 
     <group id="globaltestgroup" name="全局测试权限组" >
        <operation id="read" priority="10" name="可读" >
        	<!-- 
        		操作对应的一系列url,如果用户没有操作的权限也就没有相应的url的访问权限,也就是说
        		没有操作的权限,在浏览器直接访问url,也无法访问
        		url可以有多个,同时可以为以下有效模式:
        		/test/testsss.jsp
        		/test/*.jsp
        		/test/**/*.jsp
        	 -->
        	<authoration>		 	
			 	<url>/test/testopurlpermissionread.jsp</url>
			 	<url>/test/b.jsp</url>
			</authoration>
        </operation>
		
		<operation id="delete" priority="30" name="删除" >
		    <!-- 
        		url说明:        		
        		地址分两部分:
        		第一部分是url地址必选项/test/testopurlpermissiondelete.jsp				
				第二部分是json格式的参数,其中资源操作参数resource,必选项参数,resource参数值对应一个request请求参数名称,
				对应的request参数值匹配一个资源标识,匹配url的资源操作权限资源标识必须和其保持一致,
				参数required标识resource是否必须false表示如果url /test/testopurlpermissiondelete.jsp可以带资源码参数,也可以不带,
				如果带了则按照resource匹配规则来控制url访问权限,true标识必须带资源码,如果没带直接阻止url访问。
        	 -->
			<authoration>				 
			 	<url><![CDATA[/test/testopurlpermissiondelete.jsp{"resource":"orgCode"|"required":true}]]></url>
			</authoration>
		</operation>
		
     </group>
     <!-- 资源类型定义 
     system指定了资源关联的子系统标识,只有与资源类型关联后,在相应的子系统的权限管理中才会出现对应的资源类型,才能对资源类型中的资源对应的操作进行授权(可以对用户、机构、和角色进行授权)
     -->
	<resource id="testresource" name="测试资源" auto="false" system="cms,module">
	<!--关联资源操作组-->
		<operationgroup groupid="globaltestgroup"/>
	<!-- 定义一个全局资源,并声明其关联的操作组 -->
		<globaloperationgroup globalresourceid="globaltest" groupid="globaltestgroup"/>
	</resource>
</resources>


resource-test.xml文件写好后需要配置到/resources/config-manager.xml文件中,以便平台启动时加载resource-test.xml定义的资源类型和资源操作信息。可以在resource-test.xml文件中配置多个资源类型。/resources/config-manager.xml装载资源文件实例如下:
<resources module="console" languages="zh_CN,en_US">
		  <resourcefile src="resource.xml" desc="公用权限授予资源配置文件"/>
		  <resourcefile src="resources-sys.xml" desc="系统管理资源配置文件"/>		
		  <resourcefile src="resources-content.xml" desc="内容管理资源配置文件"/>
		  <resourcefile src="resources-test.xml" desc="测试资源配置"/>
		  
		</resources>

2.资源授权界面



3.权限控制
接下来介绍在程序中如何进行权限控制。
java代码中的权限检测
com.frameworkset.platform.security.AccessControl accesscontroler = com.frameworkset.platform.security.AccessControl.getAccessControl();	//获取平台当前用户会话对象
	boolean hasdeletepermission = accesscontroler.checkPermission("globaltest",//资源id
																"delete",//资源操作
																"testresource"//资源类型
																);//返回boolean值,true标识有权限,false标识没有权限

在jsp中结合true/false标签来控制界面元素是否显示或者按钮是否带处理事件:
<%
	com.frameworkset.platform.security.AccessControl accesscontroler = com.frameworkset.platform.security.AccessControl.getAccessControl();	//获取平台当前用户会话对象
	boolean hasdeletepermission = accesscontroler.checkPermission("globaltest",//资源id
																"delete",//资源操作
																"testresource"//资源类型
																);//返回boolean值,true标识有权限,false标识没有权限
	
%>
<pg:true actual="<%=hasdeletepermission %>">
							<a href="#"  onclick="delteUse();">删除用户</a>
						</pg:true>
						<pg:false actual="<%=hasdeletepermission %>">
							没有删除用户的权限
						</pg:false>
  • 大小: 74 KB
分享到:
评论
15 楼 ganggeliu 2015-03-23  
接14楼:
参数URL为:
http://192.168.2.124:9090/shmp/pms/fm/PAD/uploaddownFileWithMultipartFile.page

服务端代码是你上次贴出的解决方法中就有的:
public @ResponseBody String uploaddownFileWithMultipartFile( MultipartFile picture,String name,String sex) throws IllegalStateException, IOException{     
//设定要保存的服务器文件路径 
        File f = new File("E:/SIGNR/"); 
        picture.transferTo(f);   //将上传的文件保存到对应的服务器文件中 
        return "sucess";    
}



客户端执行到
int statusCode = httpClient.executeMethod(httpPost);
报错信息如下:

03-23 15:29:48.313: E/MultipartRequestEntity(13196): An exception occurred while getting the length of the parts
03-23 15:29:48.313: E/MultipartRequestEntity(13196): java.lang.NullPointerException
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.methods.multipart.Part.getLengthOfParts(Part.java:425)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.methods.multipart.MultipartRequestEntity.getContentLength(MultipartRequestEntity.java:172)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.methods.EntityEnclosingMethod.getRequestContentLength(EntityEnclosingMethod.java:336)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.methods.EntityEnclosingMethod.addContentLengthRequestHeader(EntityEnclosingMethod.java:406)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.methods.EntityEnclosingMethod.addRequestHeaders(EntityEnclosingMethod.java:374)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.HttpMethodBase.writeRequestHeaders(HttpMethodBase.java:2177)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2060)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at com.bestride.helper.HttpReqeust.httpPostforString(HttpReqeust.java:345)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at com.bestride.helper.HttpReqeust.httpPostforString(HttpReqeust.java:246)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at com.bestride.fragment.CheckOutFragment$7.run(CheckOutFragment.java:372)
03-23 15:29:48.313: E/MultipartRequestEntity(13196): at java.lang.Thread.run(Thread.java:838)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): An exception occurred while getting the length of the parts
03-23 15:29:48.324: E/MultipartRequestEntity(13196): java.lang.NullPointerException
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.methods.multipart.Part.getLengthOfParts(Part.java:425)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.methods.multipart.MultipartRequestEntity.getContentLength(MultipartRequestEntity.java:172)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.methods.EntityEnclosingMethod.getRequestContentLength(EntityEnclosingMethod.java:336)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:484)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at com.bestride.helper.HttpReqeust.httpPostforString(HttpReqeust.java:345)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at com.bestride.helper.HttpReqeust.httpPostforString(HttpReqeust.java:246)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at com.bestride.fragment.CheckOutFragment$7.run(CheckOutFragment.java:372)
03-23 15:29:48.324: E/MultipartRequestEntity(13196): at java.lang.Thread.run(Thread.java:838)
14 楼 ganggeliu 2015-03-23  
安卓客户端调用代码:
/**
* 公用post方法
*
* @param url
* @param params
* @param files
* @throws AppException
*/
public static String httpPostforString(String url, String cookie,
String userAgent, Map<String, Object> params,
Map<String, File> files) throws Exception {
// System.out.println("post_url==> "+url);
// String cookie = getCookie(appContext);
// String userAgent = getUserAgent(appContext);

HttpClient httpClient = null;
PostMethod httpPost = null;
Part[] parts = null;
NameValuePair[] paramPair = null;
if (files != null)
{
// post表单参数处理
int length = (params == null ? 0 : params.size())
+ (files == null ? 0 : files.size());
parts = new Part[length];
int i = 0;
if (params != null)
{
Iterator<Entry<String, Object>> it = params.entrySet().iterator();
while(it.hasNext()) {
Entry<String, Object> entry = it.next();
parts[i++] = new StringPart(entry.getKey(), String.valueOf(entry.getValue()), UTF_8);
// System.out.println("post_key==> "+name+"    value==>"+String.valueOf(params.get(name)));
}
}
if (files != null)
{
Iterator<Entry<String, File>> it = files.entrySet().iterator();
while(it.hasNext()) {
Entry<String, File> entry = it.next();
try {
parts[i++] = new FilePart(entry.getKey(), entry.getValue());
} catch (FileNotFoundException e) {
e.printStackTrace();
}
// System.out.println("post_key_file==> "+file);
}
}
}
else if(params != null && params.size() > 0)
{
paramPair = new NameValuePair[params.size()];
Iterator<Entry<String, Object>> it = params.entrySet().iterator();
NameValuePair paramPair_  = null;
for(int i = 0; it.hasNext();i ++)
{
Entry<String, Object> entry = it.next();
paramPair_ = new NameValuePair();
paramPair_.setName(entry.getKey());
paramPair_.setValue(String.valueOf(entry.getValue()));
paramPair[i] = paramPair_;
}
}

String responseBody = "";
int time = 0;
do {
try {
httpClient = getHttpClient();
httpPost = getHttpPost(url, cookie, userAgent);
if (files != null)
{
httpPost.setRequestEntity(new MultipartRequestEntity(parts,
httpPost.getParams()));
}
else
{
httpPost.addParameters(paramPair);

}

int statusCode = httpClient.executeMethod(httpPost);
if (statusCode != HttpStatus.SC_OK) {
throw new HttpRuntimeException("请求异常:" + statusCode);
} else if (statusCode == HttpStatus.SC_OK) {
Cookie[] cookies = httpClient.getState().getCookies();
String tmpcookies = "";
for (Cookie ck : cookies) {
tmpcookies += ck.toString() + ";";
}
// //保存cookie
// if(appContext != null && tmpcookies != ""){
// appContext.setProperty("cookie", tmpcookies);
// appCookie = tmpcookies;
// }
}
responseBody = httpPost.getResponseBodyAsString();
// System.out.println("XMLDATA=====>"+responseBody);
break;
} catch (HttpException e) {
time++;
if (time < RETRY_TIME) {
try {
Thread.sleep(1000);
} catch (InterruptedException e1) {
}
continue;
}
// 发生致命的异常,可能是协议不对或者返回的内容有问题
throw new HttpRuntimeException("请求异常:", e);
} catch (IOException e) {
time++;
if (time < RETRY_TIME) {
try {
Thread.sleep(1000);
} catch (InterruptedException e1) {
}
continue;
}
// 发生网络异常
throw new HttpRuntimeException("请求异常:", e);
} finally {
// 释放连接
httpPost.releaseConnection();
httpClient = null;
}
} while (time < RETRY_TIME);
return responseBody;
// responseBody = responseBody.replaceAll("\\p{Cntrl}", "");
// if(responseBody.contains("result") &&
// responseBody.contains("errorCode") &&
// appContext.containsProperty("user.uid")){
// try {
// Result res = Result.parse(new
// ByteArrayInputStream(responseBody.getBytes()));
// if(res.getErrorCode() == 0){
// appContext.Logout();
// appContext.getUnLoginHandler().sendEmptyMessage(1);
// }
// } catch (Exception e) {
// e.printStackTrace();
// }
// }
// return new ByteArrayInputStream(responseBody.getBytes());
}
12 楼 yin_bp 2015-01-05  
提供一个建议,客户端可以参考HttpReqeust中的
https://github.com/bbossgroups/bbossgroups-3.5/blob/master/bboss-rpc/src-http/org/frameworkset/spi/remote/http/HttpReqeust.java

方法来写:
public static String httpPostforString(String url, String cookie,
String userAgent, Map<String, Object> params,
Map<String, File> files) throws Exception

服务端参考文档评论:
http://yin-bp.iteye.com/blog/1130035#comments
11 楼 ganggeliu 2015-01-05  
服务器端代码也贴出来:

public class PADAction extends HotelAction{
private IFMService service;
private IFMCommonService commservice;
private IFMCashService cashservice;

/**
* 结帐(结帐退房),保存签名图片
* Constants.SIGN_SAVE_DIR 是存放目录
* @return
*/
public @ResponseBody String app_post_fm_co_signpicture(HttpServletRequest request,HttpServletResponse response) {
String messageCode = "";// 状态码
String messageInfo = "";// 状态信息
JSONObject jsonObject = new JSONObject();// 返回给PAD的JSON格式对象
try{
request.setCharacterEncoding("utf-8");

//获得磁盘文件条目工厂。
DiskFileItemFactory factory = new DiskFileItemFactory();
//获取文件上传需要保存的路径,upload文件夹需存在。
String path = request.getSession().getServletContext().getRealPath(Constants.SIGN_SAVE_DIR);
//设置暂时存放文件的存储室,这个存储室可以和最终存储文件的文件夹不同。因为当文件很大的话会占用过多内存所以设置存储室。
factory.setRepository(new File(path));
//设置缓存的大小,当上传文件的容量超过缓存时,就放到暂时存储室。
factory.setSizeThreshold(1024*1024);
//上传处理工具类(高水平API上传处理?)
ServletFileUpload upload = new ServletFileUpload(factory);

//调用 parseRequest(request)方法  获得上传文件 FileItem 的集合list 可实现多文件上传。
List<FileItem> list = (List<FileItem>)upload.parseRequest(request);
for(FileItem item:list){
//获取表单属性名字。
String name = item.getFieldName();
//如果获取的表单信息是普通的文本信息。即通过页面表单形式传递来的字符串。
if(item.isFormField()){
//获取用户具体输入的字符串,
String value = item.getString();
request.setAttribute(name, value);
}
//如果传入的是非简单字符串,而是图片,音频,视频等二进制文件。
else{
//获取路径名
String value = item.getName();
//取到最后一个反斜杠。
int start = value.lastIndexOf("\\");
//截取上传文件的 字符串名字。+1是去掉反斜杠。
String filename = value.substring(start+1);
request.setAttribute(name, filename);

/*第三方提供的方法直接写到文件中。
* item.write(new File(path,filename));*/
//收到写到接收的文件中。
OutputStream out = new FileOutputStream(new File(path,filename));
InputStream in = item.getInputStream();

int length = 0;
byte[] buf = new byte[1024];
System.out.println("获取文件总量的容量:"+ item.getSize());

while((length = in.read(buf))!=-1){
out.write(buf,0,length);
}
in.close();
out.close();
}
}

messageCode = FMUtil.STATE_20;
}catch(Exception e){
messageCode = FMUtil.STATE_40;
messageInfo = e.getMessage();
e.printStackTrace();
}

jsonObject.put("message_code", messageCode);
jsonObject.put("message_info", messageInfo);
return jsonObject.toString();
}

private String readJSONString(HttpServletRequest request) throws Exception{
        StringBuffer json = new StringBuffer();
        request.setCharacterEncoding("UTF-8");
        String line = null;
        try {
            BufferedReader reader = request.getReader();
            while((line = reader.readLine()) != null) {
                json.append(line);
            }
        }catch(Exception ex) {
            throw ex;
        }
        return json.toString();
    }
}
10 楼 ganggeliu 2015-01-05  
Android客户端上传文件到WEB服务器失败,con.connect();处抛出异常,HttpURLConnection连接失败,应属于地址无效。上传文件代码如下:
public static void uploadFile(String fileName){
String end ="\r\n";
String twoHyphens ="--";
String boundary ="*****";
try {
URL url =new URL("http://192.168.2.153:9090/shmp/pms/fm/PAD/app_post_fm_co_signpicture.page");//actionUrl);
HttpURLConnection con=(HttpURLConnection)url.openConnection();
/* 允许Input、Output,不使用Cache */
con.setDoInput(true);
con.setDoOutput(true);
con.setUseCaches(false);
/* 设置传送的method=POST */
con.setRequestMethod("POST");
/* setRequestProperty */
con.setRequestProperty("Connection", "Keep-Alive");
con.setRequestProperty("Charset", "UTF-8");
con.setRequestProperty("Content-Type",
"multipart/form-data;boundary="+boundary);
con.connect();
/* 设置DataOutputStream */
DataOutputStream ds =
new DataOutputStream(con.getOutputStream());
// OutputStream ds = con.getOutputStream();
ds.writeBytes(twoHyphens + boundary + end);
ds.writeBytes("Content-Disposition: form-data; "+
"name=\""+fileName+"\";filename=\""+
newName +"\""+ end);
ds.writeBytes(end); 
/* 取得文件的FileInputStream */
FileInputStream fStream =new FileInputStream(uploadFile);
/* 设置每次写入1024bytes */
int holeLength = fStream.available();
int loadlength = 0;
int bufferSize =1024; /* 从文件读取数据至缓冲区 */

byte[] buffer =new byte[bufferSize];
int length =-1;
/* 从文件读取数据至缓冲区 */
while((length = fStream.read(buffer)) !=-1){
/* 将资料写入DataOutputStream中 */
loadlength = loadlength + length;
if(listener != null){
listener.loadPercent(loadlength, holeLength);
}
ds.write(buffer, 0, length);
}
ds.writeBytes(end);
ds.writeBytes(twoHyphens + boundary + twoHyphens + end);
/* close streams */
fStream.close();
ds.flush();
/* 取得Response内容 */
InputStream is = con.getInputStream();
int ch;
StringBuffer b =new StringBuffer();
while( ( ch = is.read() ) !=-1 ) {
b.append( (char)ch );
}
if(listener != null){
listener.loadSuccess();
}
ds.close();
} catch(Exception e) {
Log.e("ImageUpload", e.getMessage());
if(listener != null){
listener.loadFailed();
}
}
}

9 楼 yin_bp 2014-11-25  
默认快捷菜单树中没有勾中选择的菜单,修改以下文件中树标签内容:
/desktop/deskmenu.jsp

<tree:tree tree="role_column_tree" node="role_column_tree.node"
								imageFolder="/sysmanager/images/tree_images" collapse="true"
								includeRootNode="false" mode="static-dynamic">
								<tree:param name="customtype" />
								<tree:checkbox name="menupath" />
								<tree:treedata
									treetype="com.frameworkset.platform.esb.datareuse.common.action.DeskTopMenuTree"
									scope="request" rootid="0" rootName="菜单管理" expandLevel="1"
									showRootHref="false" sortable="false" needObserver="false"
									refreshNode="false" enablecontextmenu="false" />

							</tree:tree>


其中增加了<tree:param name="customtype" />这个设置即可。
8 楼 ganggeliu 2014-11-25  
快捷菜单代码参考:

/**
* 获取快捷方式菜单
* @param request
* @param urltype
* @return
* @throws Exception
*/
public @ResponseBody(datatype="json") List<MenuItemU> getCustomMenus(HttpServletRequest request,String urltype) throws Exception
{
AccessControl control = AccessControl.getAccessControl();
List<DeskTopMenuBean> list = deskTopMenuShorcutManager.getUserDeskMenus(control.getUserID(),control.getCurrentSystemID());
if(list == null || list.size() == 0){
   list = deskTopMenuShorcutManager.getUserDeskMenus("-1",control.getCurrentSystemID());
}
List<MenuItemU> listreturn=new ArrayList<MenuItemU>();
Framework frame = Framework.getInstance(control.getCurrentSystemID());

if (list != null && list.size() > 0) {
for(int i=0;i<list.size();i++){
DeskTopMenuBean deskTopMenuBean = list.get(i);
BaseMenuItem item_=(BaseMenuItem)frame.getMenuByPath(deskTopMenuBean.getMenupath());

if(item_ == null || !item_.isUsed() || item_ instanceof Module)
continue;
if(!control.checkPermission(item_.getId(), "visible", "column"))
continue;
Item item = (Item)item_;
String contextpath = request.getContextPath();
String url = null;
String area = item.getArea();
if(area != null && area.equals("main"))
{
url = MenuHelper.getMainUrl(contextpath, item,
(java.util.Map) null);
}
else
{
url = MenuHelper.getRealUrl(contextpath, Framework.getWorkspaceContent(item,control),MenuHelper.sanymenupath_menuid,item.getId());
}
MenuItemU menuItemU = new MenuItemU();
menuItemU.setId(item.getId());
menuItemU.setName(item.getName(request));
menuItemU.setImageUrl(item.getMouseclickimg(request));
menuItemU.setPathU(url);
menuItemU.setType("item");
menuItemU.setDesktop_height(item.getDesktop_height());
menuItemU.setDesktop_width(item.getDesktop_width());

listreturn.add(menuItemU);
}
}
return listreturn;
}

7 楼 ganggeliu 2014-11-25  
非超级管理员用户登录后,该用户自己未设置快捷菜单,应该默认获取超级管理员设置的快捷菜单,现在非超级管理员获取快捷菜单数量不正确:

用超级管理员admin登录,在“桌面快捷管理”中设置快捷菜单,比如设置4个菜单:宾客、团队、房态图、客户单位管理后,调用getCustomMenus(HttpServletRequest request,String urltype)方法,可正常获取以上4个菜单,其中urltype=1 ;
用其他用户zouyi登录,该用户有以上4个菜单的权限,未单独设置桌面快捷菜单,调用getCustomMenus方法,应该也能获取到以上4个菜单,但只获取到宾客、团队2个菜单。

进入getCustomMenus方法调试发现:

用admin登录,执行方法List<DeskTopMenuBean> list = deskTopMenuShorcutManager.getUserDeskMenus(control.getUserID(),control.getCurrentSystemID());
list返回以上4个菜单;


用zouyi登录,执行方法list = deskTopMenuShorcutManager.getUserDeskMenus("-1",control.getCurrentSystemID());
list返回2个菜单;
6 楼 yin_bp 2014-10-28  
将getResourcePermissions方法的内容改为一下方法定义:
public static Map<String,List<String>> getResourcePermissions(AccessControl accesscontroler,String resourceType) throws Exception
	{
		Map<String,List<String>> cmPermissions = new HashMap<String,List<String>>();
		List<String> cmresources = SQLExecutor.queryList(String.class, "select title from td_sm_res where restype_id=?", resourceType);
		if(cmresources == null)
		{
			cmresources = new ArrayList<String>();
		}
		
		ResourceManager resourceManager = new ResourceManager();
		ResourceInfo resourceInfo = resourceManager.getResourceInfoByType(resourceType);
		if(resourceInfo == null)
			return cmPermissions;
		OperationQueue operationQueue = resourceInfo.getOperationQueue();
		
		for(int i = 0; operationQueue != null && operationQueue.size() > 0 && i < cmresources.size(); i ++)
		{
			String resid = cmresources.get(i);
			List<String> ops = new ArrayList<String>();
			for(int j = 0; j < operationQueue.size(); j ++)
			{
				Operation op = operationQueue.getOperation(j);
				if(accesscontroler.checkPermission(resid, op.getId(), resourceType))
				{
					ops.add(op.getId());
				}
			}
			if(ops.size()> 0)
				cmPermissions.put(resid, ops);
		}
		
		String globalid = resourceInfo.getGlobalresourceid();
		if(StringUtil.isNotEmpty(globalid))
		{
			operationQueue = resourceInfo.getGlobalOperationQueue();
			List<String> ops = new ArrayList<String>();
			for(int j = 0; operationQueue != null && operationQueue.size() > 0 &&j < operationQueue.size(); j ++)
			{
				Operation op = operationQueue.getOperation(j);
				if(accesscontroler.checkPermission(globalid, op.getId(), resourceType))
				{
					ops.add(op.getId());
				}
			}
			if(ops.size()> 0)
				cmPermissions.put(globalid, ops);
		}		
		
		return cmPermissions;
	}
5 楼 ljthinkpad 2014-10-28  
yin_bp 写道
ljthinkpad 写道
public static Map<String,List<String>> getResourcePermissions(AccessControl accesscontroler,String resourceType) throws Exception
{
Map<String,List<String>> cmPermissions = new HashMap<String,List<String>>();
List<String> cmresources = SQLExecutor.queryList(String.class, "select title from td_sm_res where restype_id=?", resourceType);
if(cmresources == null)
{
cmresources = new ArrayList<String>();
}

ResourceManager resourceManager = new ResourceManager();
ResourceInfo resourceInfo = resourceManager.getResourceInfoByType(resourceType);
if(resourceInfo == null)
return cmPermissions;
String globalid = resourceInfo.getGlobalresourceid();
if(StringUtil.isNotEmpty(globalid))
{
cmresources.add(globalid);

}

OperationQueue operationQueue = resourceInfo.getOperationQueue();
if(operationQueue == null)
return cmPermissions;
for(int i = 0; i < cmresources.size(); i ++)
{
String resid = cmresources.get(i);
List<String> ops = new ArrayList<String>();
for(int j = 0; j < operationQueue.size(); j ++)
{
Operation op = operationQueue.getOperation(j);
if(accesscontroler.checkPermission(resid, op.getId(), "cm"))
{
ops.add(op.getId());
}
}
if(ops.size()> 0)
cmPermissions.put(resid, ops);
}


return cmPermissions;
}

将其中的accesscontroler.checkPermission(resid, op.getId(), "cm")改为:
accesscontroler.checkPermission(resid, op.getId(), resourceType)试试


问题:

执行到OperationQueue operationQueue = resourceInfo.getOperationQueue();这个方法返回为空列表,for(int j = 0; j < operationQueue.size(); j ++)未执行了,获取不到操作:
OperationQueue operationQueue = resourceInfo.getOperationQueue();
if(operationQueue == null)
return cmPermissions;
for(int i = 0; i < cmresources.size(); i ++)
{
String resid = cmresources.get(i);
List<String> ops = new ArrayList<String>();
for(int j = 0; j < operationQueue.size(); j ++)
4 楼 yin_bp 2014-10-28  
ljthinkpad 写道
public static Map<String,List<String>> getResourcePermissions(AccessControl accesscontroler,String resourceType) throws Exception
{
Map<String,List<String>> cmPermissions = new HashMap<String,List<String>>();
List<String> cmresources = SQLExecutor.queryList(String.class, "select title from td_sm_res where restype_id=?", resourceType);
if(cmresources == null)
{
cmresources = new ArrayList<String>();
}

ResourceManager resourceManager = new ResourceManager();
ResourceInfo resourceInfo = resourceManager.getResourceInfoByType(resourceType);
if(resourceInfo == null)
return cmPermissions;
String globalid = resourceInfo.getGlobalresourceid();
if(StringUtil.isNotEmpty(globalid))
{
cmresources.add(globalid);

}

OperationQueue operationQueue = resourceInfo.getOperationQueue();
if(operationQueue == null)
return cmPermissions;
for(int i = 0; i < cmresources.size(); i ++)
{
String resid = cmresources.get(i);
List<String> ops = new ArrayList<String>();
for(int j = 0; j < operationQueue.size(); j ++)
{
Operation op = operationQueue.getOperation(j);
if(accesscontroler.checkPermission(resid, op.getId(), "cm"))
{
ops.add(op.getId());
}
}
if(ops.size()> 0)
cmPermissions.put(resid, ops);
}


return cmPermissions;
}

将其中的accesscontroler.checkPermission(resid, op.getId(), "cm")改为:
accesscontroler.checkPermission(resid, op.getId(), resourceType)试试
3 楼 ljthinkpad 2014-10-28  
public static Map<String,List<String>> getResourcePermissions(AccessControl accesscontroler,String resourceType) throws Exception
{
Map<String,List<String>> cmPermissions = new HashMap<String,List<String>>();
List<String> cmresources = SQLExecutor.queryList(String.class, "select title from td_sm_res where restype_id=?", resourceType);
if(cmresources == null)
{
cmresources = new ArrayList<String>();
}

ResourceManager resourceManager = new ResourceManager();
ResourceInfo resourceInfo = resourceManager.getResourceInfoByType(resourceType);
if(resourceInfo == null)
return cmPermissions;
String globalid = resourceInfo.getGlobalresourceid();
if(StringUtil.isNotEmpty(globalid))
{
cmresources.add(globalid);

}

OperationQueue operationQueue = resourceInfo.getOperationQueue();
if(operationQueue == null)
return cmPermissions;
for(int i = 0; i < cmresources.size(); i ++)
{
String resid = cmresources.get(i);
List<String> ops = new ArrayList<String>();
for(int j = 0; j < operationQueue.size(); j ++)
{
Operation op = operationQueue.getOperation(j);
if(accesscontroler.checkPermission(resid, op.getId(), "cm"))
{
ops.add(op.getId());
}
}
if(ops.size()> 0)
cmPermissions.put(resid, ops);
}


return cmPermissions;
}
2 楼 yin_bp 2014-10-28  
把PermissionUtil.getResourcePermissions方法的代码贴出来给我看看
1 楼 ljthinkpad 2014-10-28  
我在resources-pms.xml中如下定义:
<?xml version="1.0" encoding="UTF-8"?>
<resources>

<!-- 餐饮管理模块开始-->
<!-- 餐饮管理模块操作 开始-->
<group id="pad_cm_order_act" name="移动点餐">
<operation id="givedish" priority="10" name="赠菜" />
<operation id="returndish" priority="20" name="退菜" />
</group>



    <!-- 餐饮管理添加的资源 开始-->
<resource id="pad_cm_order_res" name="餐饮管理>移动点餐"  auto="false" maintaindata="true" system="module">
<globaloperationgroup globalresourceid="global_pad_cm_order" groupid="pad_cm_order_act"/>
</resource>

<!-- 餐饮管理模块   结束 -->

<!-- 销售管理模块 开始-->
<!-- 销售管理模块操作 开始-->
<group id="sd_custunit_act" name="客户单位管理">
    <operation id="addButton" priority="20" name="新增" >
        <authoration>
<url>/pms/sd/custunit/custUnitBeforeAdd.page</url>
</authoration>
        </operation>
        <operation id="editButton" priority="20" name="修改" >
        <authoration>
<url>/pms/sd/custunit/custUnitSelectById.page</url>
</authoration>
        </operation>
        <operation id="viewButton" priority="20" name="查看" >
        <authoration>
<url>/pms/sd/custunit/custUnitSelectById.page</url>
</authoration>
        </operation>
</group>

<group id="sd_custperf_act" name="客户单位业绩">
<operation id="queryButton" priority="10" name="查询" />
</group>

<!-- 销售管理添加的资源 开始-->
<resource id="sd_custunit_res" name="销售管理>客户单位管理"  auto="false" maintaindata="true" system="module">
<globaloperationgroup globalresourceid="global_sd_custunit" groupid="sd_custunit_act"/>
</resource>

<!-- 销售管理模块 结束-->

</resources>

然后资源管理树中可显示资源类型列表:
餐饮管理>移动点餐
销售管理>客户单位管理

在全局资源中admin默认拥有赠菜、退菜权限操作;

在平板中调用如下:
AccessControl accesscontroler = AccessControl.getInstance();
accesscontroler.login(request, response,username, password);
Map<String,List<String>> cmPermissions = PermissionUtil.getResourcePermissions(  accesscontroler,"sd_custunit_res");
loginEntity.setCmPermissions(cmPermissions);

调用getResourcePermissions方法发现select title from td_sm_res where restype_id='sd_custunit_res'表数据为空

相关推荐

Global site tag (gtag.js) - Google Analytics