public String updateAuthorization() {
    User user = userService.findUserById(userid);

    if (user == null) {
      ret.put("retCode", "1001");
      ret.put("retMSG", "该用户不存在");
      return "success";
    }

    Integer auth = 0;

    String[] newauths = newauthorization.split(",");

    for (int i = 0; i < newauths.length; i++) {
      Permission per = permissionService.findPermissionByValue(Integer.parseInt(newauths[i]));
      if (per != null) {
        Double d = Math.pow(2, per.getValue());
        auth += d.intValue();
      }
    }

    user.setAuthorization(auth);
    userService.updateUser(user);

    ret.put("retCode", "1000");
    ret.put("retMSG", "权限更新成功");
    return "success";
  }
  public String authorized() {
    User user = userService.findUserById(userid);

    if (user == null) {
      ret.put("retCode", "1001");
      ret.put("retMSG", "该用户不存在");
      return "success";
    }

    Permission per = permissionService.findPermissionById(permissionid);

    if (per == null) {
      ret.put("retCode", "1001");
      ret.put("retMSG", "该权限不存在");
      return "success";
    }

    if (Utils.authorized(user.getAuthorization(), per.getValue())) {
      ret.put("retCode", "1000");
      ret.put("retMSG", "有权限操作");
      return "success";
    } else {
      ret.put("retCode", "1001");
      ret.put("retMSG", "没有权限操作");
      return "success";
    }
  }
  public String getUserAuthorization() {

    User user = userService.findUserById(userid);

    if (user == null) {
      ret.put("retCode", "1001");
      ret.put("retMSG", "该用户不存在");
      return "success";
    }

    Integer userauth = user.getAuthorization();

    List<Permission> pers = permissionService.findAllPermissions();

    List<Permission> auth = new ArrayList<Permission>();

    // magic here, don't touch
    for (int i = 0; i < pers.size(); i++) {
      Double d = Math.pow(2, pers.get(i).getValue());
      if ((userauth & d.intValue()) != 0) {
        auth.add(pers.get(i));
      }
    }
    JSONArray ja = JSONArray.fromObject(auth);
    ret.put("auth", ja);
    ret.put("retCode", "1000");
    ret.put("retMSG", "操作成功");
    return "success";
  }