@RequestMapping(value = "/edit", method = RequestMethod.GET)
  @PreAuthorize("hasRole('CTRL_PERM_EDIT_GET')")
  public String editPermissionPage(
      @RequestParam(value = "id", required = true) Integer id,
      Model model,
      RedirectAttributes redirectAttrs) {

    logger.debug("IN: Permission/edit-GET:  ID to query = " + id);

    try {
      if (!model.containsAttribute("permissionDTO")) {
        logger.debug("Adding permissionDTO object to model");
        Permission perm = permissionService.getPermission(id);
        PermissionDTO permissionDTO = getPermissionDTO(perm);
        logger.debug("Permission/edit-GET:  " + permissionDTO.toString());
        model.addAttribute("permissionDTO", permissionDTO);
      }
      return "permission-edit";
    } catch (PermissionNotFoundException e) {
      String message =
          messageSource.getMessage(
              "ctrl.message.error.notfound", new Object[] {"user id", id}, Locale.US);
      model.addAttribute("error", message);
      return "redirect:/permission/list";
    }
  }
 @PreAuthorize("hasAnyRole('CTRL_PERM_EDIT_GET','CTRL_PERM_DELETE_GET')")
 public PermissionDTO getPermissionDTO(Permission perm) {
   List<Integer> roleIdList = new ArrayList<Integer>();
   PermissionDTO permDTO = new PermissionDTO();
   permDTO.setId(perm.getId());
   permDTO.setPermissionname(perm.getPermissionname());
   for (Role role : perm.getPermRoles()) {
     roleIdList.add(role.getId());
   }
   permDTO.setPermRoles(roleIdList);
   return permDTO;
 }
  @RequestMapping(value = "/add", method = RequestMethod.POST)
  @PreAuthorize("hasRole('CTRL_PERM_ADD_POST')")
  public String addPermission(
      @Valid @ModelAttribute PermissionDTO permissionDTO,
      BindingResult result,
      RedirectAttributes redirectAttrs) {

    logger.debug("IN: Permission/add-POST");
    logger.debug("  DTO: " + permissionDTO.toString());

    if (result.hasErrors()) {
      logger.debug("PermissionDTO add error: " + result.toString());
      redirectAttrs.addFlashAttribute(
          "org.springframework.validation.BindingResult.permissionDTO", result);
      redirectAttrs.addFlashAttribute("permissionDTO", permissionDTO);
      return "redirect:/permission/list";
    } else {
      Permission perm = new Permission();

      try {
        perm = getPermission(permissionDTO);
        permissionService.addPermission(perm);
        String message =
            messageSource.getMessage(
                "ctrl.message.success.add",
                new Object[] {businessObject, perm.getPermissionname()},
                Locale.US);
        redirectAttrs.addFlashAttribute("message", message);
        return "redirect:/permission/list";
      } catch (DuplicatePermissionException e) {
        String message =
            messageSource.getMessage(
                "ctrl.message.error.duplicate",
                new Object[] {businessObject, permissionDTO.getPermissionname()},
                Locale.US);
        redirectAttrs.addFlashAttribute("error", message);
        return "redirect:/permission/list";
      } catch (RoleNotFoundException e) {
        String message =
            messageSource.getMessage(
                "ctrl.message.error.notfound",
                new Object[] {"role ids", permissionDTO.getPermRoles().toString()},
                Locale.US);
        redirectAttrs.addFlashAttribute("error", message);
        return "redirect:/permission/list";
      }
    }
  }
  @PreAuthorize("hasAnyRole('CTRL_PERM_ADD_POST','CTRL_PERM_EDIT_POST')")
  public Permission getPermission(PermissionDTO permissionDTO) throws RoleNotFoundException {
    Set<Role> roleList = new HashSet<Role>();
    Permission perm = new Permission();
    Role role = new Role();

    perm.setId(permissionDTO.getId());
    perm.setPermissionname(permissionDTO.getPermissionname());
    if (permissionDTO.getPermRoles() != null) {
      for (Integer roleId : permissionDTO.getPermRoles()) {
        role = roleService.getRole(roleId);
        logger.debug("  ROLE: " + role.toString());
        roleList.add(role);
      }
      perm.setPermRoles(roleList);
    }
    logger.debug("  PERM: " + perm.toString());
    return perm;
  }
Пример #5
0
  /**
   * 获取用户对一个资源的权限信息
   *
   * @param permissionRank
   * @param permissionTable
   * @param resourceId
   * @return
   */
  public List<PermissionDTO> getOneResourcePermissions(
      String permissionRank, String permissionTable, Long resourceId) {
    String hql =
        "select distinct p.resourceId, p.operationId, p.permissionState, max(p.isGrant), max(p.isPass), p.roleId"
            + " from "
            + permissionTable
            + " p, Temp t "
            + " where  p.roleId = t.id and p.resourceId = ? "
            + genRankCondition4SelectPermission(permissionRank)
            + " group by p.resourceId, p.operationId, p.permissionState, p.roleId";

    return PermissionDTO.genPermissionDTOList(getEntities(hql, resourceId));
  }
  @RequestMapping(value = "/edit", method = RequestMethod.POST)
  @PreAuthorize("hasRole('CTRL_PERM_EDIT_POST')")
  public String editPermission(
      @Valid @ModelAttribute PermissionDTO permissionDTO,
      BindingResult result,
      RedirectAttributes redirectAttrs,
      @RequestParam(value = "action", required = true) String action) {

    logger.debug("IN: Permission/edit-POST: " + action);

    if (action.equals(messageSource.getMessage("button.action.cancel", null, Locale.US))) {
      String message =
          messageSource.getMessage(
              "ctrl.message.success.cancel",
              new Object[] {"Edit", businessObject, permissionDTO.getPermissionname()},
              Locale.US);
      redirectAttrs.addFlashAttribute("message", message);
    } else if (result.hasErrors()) {
      logger.debug("Permission-edit error: " + result.toString());
      redirectAttrs.addFlashAttribute(
          "org.springframework.validation.BindingResult.permissionDTO", result);
      redirectAttrs.addFlashAttribute("permissionDTO", permissionDTO);
      return "redirect:/permission/edit?id=" + permissionDTO.getId();
    } else if (action.equals(messageSource.getMessage("button.action.save", null, Locale.US))) {
      logger.debug("Permission/edit-POST:  " + permissionDTO.toString());
      try {
        Permission permission = getPermission(permissionDTO);
        permissionService.updatePermission(permission);
        String message =
            messageSource.getMessage(
                "ctrl.message.success.update",
                new Object[] {businessObject, permissionDTO.getPermissionname()},
                Locale.US);
        redirectAttrs.addFlashAttribute("message", message);
      } catch (DuplicatePermissionException unf) {
        String message =
            messageSource.getMessage(
                "ctrl.message.error.duplicate",
                new Object[] {businessObject, permissionDTO.getPermissionname()},
                Locale.US);
        redirectAttrs.addFlashAttribute("error", message);
        return "redirect:/permission/list";
      } catch (PermissionNotFoundException unf) {
        String message =
            messageSource.getMessage(
                "ctrl.message.error.notfound",
                new Object[] {businessObject, permissionDTO.getPermissionname()},
                Locale.US);
        redirectAttrs.addFlashAttribute("error", message);
        return "redirect:/permission/list";
      } catch (RoleNotFoundException unf) {
        String message =
            messageSource.getMessage(
                "ctrl.message.error.notfound",
                new Object[] {"role ids", permissionDTO.getPermRoles().toString()},
                Locale.US);
        redirectAttrs.addFlashAttribute("error", message);
        return "redirect:/permission/list";
      }
    }
    return "redirect:/permission/list";
  }