@RequestMapping(value = "/edit", method = RequestMethod.GET)
@PreAuthorize("hasRole('CTRL_PERM_EDIT_GET')")
public String editPermissionPage(
@RequestParam(value = "id", required = true) Integer id,
Model model,
RedirectAttributes redirectAttrs) {
logger.debug("IN: Permission/edit-GET: ID to query = " + id);
try {
if (!model.containsAttribute("permissionDTO")) {
logger.debug("Adding permissionDTO object to model");
Permission perm = permissionService.getPermission(id);
PermissionDTO permissionDTO = getPermissionDTO(perm);
logger.debug("Permission/edit-GET: " + permissionDTO.toString());
model.addAttribute("permissionDTO", permissionDTO);
}
return "permission-edit";
} catch (PermissionNotFoundException e) {
String message =
messageSource.getMessage(
"ctrl.message.error.notfound", new Object[] {"user id", id}, Locale.US);
model.addAttribute("error", message);
return "redirect:/permission/list";
}
}
@PreAuthorize("hasAnyRole('CTRL_PERM_EDIT_GET','CTRL_PERM_DELETE_GET')")
public PermissionDTO getPermissionDTO(Permission perm) {
List<Integer> roleIdList = new ArrayList<Integer>();
PermissionDTO permDTO = new PermissionDTO();
permDTO.setId(perm.getId());
permDTO.setPermissionname(perm.getPermissionname());
for (Role role : perm.getPermRoles()) {
roleIdList.add(role.getId());
}
permDTO.setPermRoles(roleIdList);
return permDTO;
}
@RequestMapping(value = "/add", method = RequestMethod.POST)
@PreAuthorize("hasRole('CTRL_PERM_ADD_POST')")
public String addPermission(
@Valid @ModelAttribute PermissionDTO permissionDTO,
BindingResult result,
RedirectAttributes redirectAttrs) {
logger.debug("IN: Permission/add-POST");
logger.debug(" DTO: " + permissionDTO.toString());
if (result.hasErrors()) {
logger.debug("PermissionDTO add error: " + result.toString());
redirectAttrs.addFlashAttribute(
"org.springframework.validation.BindingResult.permissionDTO", result);
redirectAttrs.addFlashAttribute("permissionDTO", permissionDTO);
return "redirect:/permission/list";
} else {
Permission perm = new Permission();
try {
perm = getPermission(permissionDTO);
permissionService.addPermission(perm);
String message =
messageSource.getMessage(
"ctrl.message.success.add",
new Object[] {businessObject, perm.getPermissionname()},
Locale.US);
redirectAttrs.addFlashAttribute("message", message);
return "redirect:/permission/list";
} catch (DuplicatePermissionException e) {
String message =
messageSource.getMessage(
"ctrl.message.error.duplicate",
new Object[] {businessObject, permissionDTO.getPermissionname()},
Locale.US);
redirectAttrs.addFlashAttribute("error", message);
return "redirect:/permission/list";
} catch (RoleNotFoundException e) {
String message =
messageSource.getMessage(
"ctrl.message.error.notfound",
new Object[] {"role ids", permissionDTO.getPermRoles().toString()},
Locale.US);
redirectAttrs.addFlashAttribute("error", message);
return "redirect:/permission/list";
}
}
}
@PreAuthorize("hasAnyRole('CTRL_PERM_ADD_POST','CTRL_PERM_EDIT_POST')")
public Permission getPermission(PermissionDTO permissionDTO) throws RoleNotFoundException {
Set<Role> roleList = new HashSet<Role>();
Permission perm = new Permission();
Role role = new Role();
perm.setId(permissionDTO.getId());
perm.setPermissionname(permissionDTO.getPermissionname());
if (permissionDTO.getPermRoles() != null) {
for (Integer roleId : permissionDTO.getPermRoles()) {
role = roleService.getRole(roleId);
logger.debug(" ROLE: " + role.toString());
roleList.add(role);
}
perm.setPermRoles(roleList);
}
logger.debug(" PERM: " + perm.toString());
return perm;
}
/**
* 获取用户对一个资源的权限信息
*
* @param permissionRank
* @param permissionTable
* @param resourceId
* @return
*/
public List<PermissionDTO> getOneResourcePermissions(
String permissionRank, String permissionTable, Long resourceId) {
String hql =
"select distinct p.resourceId, p.operationId, p.permissionState, max(p.isGrant), max(p.isPass), p.roleId"
+ " from "
+ permissionTable
+ " p, Temp t "
+ " where p.roleId = t.id and p.resourceId = ? "
+ genRankCondition4SelectPermission(permissionRank)
+ " group by p.resourceId, p.operationId, p.permissionState, p.roleId";
return PermissionDTO.genPermissionDTOList(getEntities(hql, resourceId));
}
@RequestMapping(value = "/edit", method = RequestMethod.POST)
@PreAuthorize("hasRole('CTRL_PERM_EDIT_POST')")
public String editPermission(
@Valid @ModelAttribute PermissionDTO permissionDTO,
BindingResult result,
RedirectAttributes redirectAttrs,
@RequestParam(value = "action", required = true) String action) {
logger.debug("IN: Permission/edit-POST: " + action);
if (action.equals(messageSource.getMessage("button.action.cancel", null, Locale.US))) {
String message =
messageSource.getMessage(
"ctrl.message.success.cancel",
new Object[] {"Edit", businessObject, permissionDTO.getPermissionname()},
Locale.US);
redirectAttrs.addFlashAttribute("message", message);
} else if (result.hasErrors()) {
logger.debug("Permission-edit error: " + result.toString());
redirectAttrs.addFlashAttribute(
"org.springframework.validation.BindingResult.permissionDTO", result);
redirectAttrs.addFlashAttribute("permissionDTO", permissionDTO);
return "redirect:/permission/edit?id=" + permissionDTO.getId();
} else if (action.equals(messageSource.getMessage("button.action.save", null, Locale.US))) {
logger.debug("Permission/edit-POST: " + permissionDTO.toString());
try {
Permission permission = getPermission(permissionDTO);
permissionService.updatePermission(permission);
String message =
messageSource.getMessage(
"ctrl.message.success.update",
new Object[] {businessObject, permissionDTO.getPermissionname()},
Locale.US);
redirectAttrs.addFlashAttribute("message", message);
} catch (DuplicatePermissionException unf) {
String message =
messageSource.getMessage(
"ctrl.message.error.duplicate",
new Object[] {businessObject, permissionDTO.getPermissionname()},
Locale.US);
redirectAttrs.addFlashAttribute("error", message);
return "redirect:/permission/list";
} catch (PermissionNotFoundException unf) {
String message =
messageSource.getMessage(
"ctrl.message.error.notfound",
new Object[] {businessObject, permissionDTO.getPermissionname()},
Locale.US);
redirectAttrs.addFlashAttribute("error", message);
return "redirect:/permission/list";
} catch (RoleNotFoundException unf) {
String message =
messageSource.getMessage(
"ctrl.message.error.notfound",
new Object[] {"role ids", permissionDTO.getPermRoles().toString()},
Locale.US);
redirectAttrs.addFlashAttribute("error", message);
return "redirect:/permission/list";
}
}
return "redirect:/permission/list";
}
