/** 只有管理员 或 创建者本人,才能执行删除、停用、修改等操作 */
private void checkPermission(Long paramId) {
Param param = getParam(paramId);
Long currentUser = Environment.getUserId();
if (currentUser == null) {
currentUser = AnonymousOperator.anonymous.getId();
}
if (!currentUser.equals(param.getCreatorId()) && !currentUser.equals(-1L)) {
throw new BusinessException("您不能执行当前操作,请联系系统管理员!");
}
}
/**
* 获取当前用户对点击资源节点(以及父节点)的操作权限
*
* @param resourceId
* @param permissionTable
* @param resourceClass
* @return
*/
@SuppressWarnings("unchecked")
public List<String> getOperationsByResource(
Long resourceId, String permissionTable, Class<?> resourceClass) {
List<String> operations = new ArrayList<String>();
String hql =
"select distinct p.id.operationId from "
+ permissionTable
+ " p, RoleUserMapping ru "
+ " where p.id.resourceId = ? and p.id.roleId = ru.id.roleId and ru.id.userId = ? ";
List<String> operationsOnResource =
(List<String>) getEntities(hql, resourceId, Environment.getUserId());
operations.addAll(operationsOnResource); // 用户对指定节点的操作权限
ILevelTreeNode resource = (ILevelTreeNode) getEntity(resourceClass, resourceId);
List<?> parentOperations = getEntities(hql, resource.getParentId(), Environment.getUserId());
for (Object oprationId : parentOperations) {
operations.add("p_" + oprationId); // 指定节点的父节点的操作权限,加"p_"
}
return operations;
}
public List<Long> getResourceIdsByOperation(
String appId, String resourceTypeId, String operationId) {
return getResourceIdsByOperation(appId, resourceTypeId, operationId, Environment.getUserId());
}
public List<Long> getResourceIdsByOperation(String permissionTable, String operationId) {
return getResourceIdsByOperation(permissionTable, operationId, Environment.getUserId());
}