예제 #1
0
 /** 授权查询回调函数, 进行鉴权但缓存中无用户的授权信息时调用 */
 @Override
 protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
   Principal principal = (Principal) getAvailablePrincipal(principals);
   // 获取当前已登录的用户
   if (!Global.TRUE.equals(Global.getConfig("user.multiAccountLogin"))) {
     Collection<Session> sessions =
         getSystemService()
             .getSessionDao()
             .getActiveSessions(true, principal, UserUtils.getSession());
     if (sessions.size() > 0) {
       // 如果是登录进来的,则踢出已在线用户
       if (UserUtils.getSubject().isAuthenticated()) {
         for (Session session : sessions) {
           getSystemService().getSessionDao().delete(session);
         }
       }
       // 记住我进来的,并且当前用户已登录,则退出当前用户提示信息。
       else {
         UserUtils.getSubject().logout();
         throw new AuthenticationException("msg:账号已在其它地方登录,请重新登录。");
       }
     }
   }
   User user = getSystemService().getUserByLoginName(principal.getLoginName());
   if (user != null) {
     SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
     List<Menu> list = UserUtils.getMenuList();
     for (Menu menu : list) {
       if (StringUtils.isNotBlank(menu.getPermission())) {
         // 添加基于Permission的权限信息
         for (String permission : StringUtils.split(menu.getPermission(), ",")) {
           info.addStringPermission(permission);
         }
       }
     }
     // 添加用户权限
     info.addStringPermission("user");
     // 添加用户角色信息
     for (Role role : user.getRoleList()) {
       info.addRole(role.getEnname());
     }
     // 更新登录IP和时间
     getSystemService().updateUserLoginInfo(user);
     // 记录登录日志
     LogUtils.saveLog(Servlets.getRequest(), "系统登录");
     return info;
   } else {
     return null;
   }
 }
예제 #2
0
 @RequiresPermissions("cms:article:edit")
 @RequestMapping(value = "delete")
 public String delete(
     Article article,
     String categoryId,
     @RequestParam(required = false) Boolean isRe,
     RedirectAttributes redirectAttributes) {
   // 如果没有审核权限,则不允许删除或发布。
   if (!UserUtils.getSubject().isPermitted("cms:article:audit")) {
     addMessage(redirectAttributes, "你没有删除或发布权限");
   }
   articleService.delete(article, isRe);
   addMessage(redirectAttributes, (isRe != null && isRe ? "发布" : "删除") + "文章成功");
   return "redirect:"
       + adminPath
       + "/cms/article/?repage&category.id="
       + (categoryId != null ? categoryId : "");
 }