/** * 根据请求地址判断用户是否有权访问该url * * @param requestUrl 请求URL地址 * @param userId 用户ID * @return */ @Cacheable( value = {CacheConstants.RESOURCE_USER_AUTHORITY_URLS_CACHE}, key = "#requestUrl + #userId +'isAuthority'") public boolean isAuthority(String requestUrl, Long userId) throws DaoException, SystemException, ServiceException { // 如果是超级管理员 直接允许被授权 if (userManager.getSuperUser().getId().equals(userId)) { return true; } // 检查该URL是否需要拦截 boolean isInterceptorUrl = this.isInterceptorUrl(requestUrl); if (isInterceptorUrl) { // 用户权限 List<String> userAuthoritys = this.getUserAuthoritysByUserId(userId); for (String markUrl : userAuthoritys) { String[] markUrls = markUrl.split(";"); for (int i = 0; i < markUrls.length; i++) { if (StringUtils.isNotBlank(markUrls[i]) && StringUtils.simpleWildcardMatch(markUrls[i], requestUrl)) { return true; } } } return false; } logger.debug( "缓存:{}", CacheConstants.RESOURCE_USER_AUTHORITY_URLS_CACHE + "参数:requestUrl=" + requestUrl + ",userId=" + userId); return true; }
/** * 根据用户ID查找用户拥有的URL权限 * * @param userId 用户ID * @return List<String> 用户拥有的markUrl地址 */ public List<String> getUserAuthoritysByUserId(Long userId) throws DaoException, SystemException, ServiceException { List<String> userAuthoritys = Lists.newArrayList(); List<TreeNode> treeNodes = this.getResourceTreeByUserId(userId); for (TreeNode node : treeNodes) { Object obj = node.getAttributes().get("markUrl"); if (obj != null) { String markUrl = (String) obj; if (StringUtils.isNotBlank(markUrl)) { userAuthoritys.add(markUrl); } } // 二级目录 List<TreeNode> childrenNodes = node.getChildren(); for (TreeNode childrenNode : childrenNodes) { Object childrenObj = childrenNode.getAttributes().get("markUrl"); if (childrenObj != null) { String markUrl = (String) childrenObj; if (StringUtils.isNotBlank(markUrl)) { userAuthoritys.add(markUrl); } } } } return userAuthoritys; }
/** * 根据name得到Resource. * * @param name 资源名称 * @return * @throws DaoException * @throws SystemException * @throws ServiceException */ public Resource getByName(String name) throws DaoException, SystemException, ServiceException { if (StringUtils.isBlank(name)) { return null; } name = StringUtils.strip(name); // 去除两边空格 return resourceDao.findUniqueBy("name", name); }
/** * 检查某个URL是都需要拦截 * * @param requestUrl 检查的URL地址 * @return */ public boolean isInterceptorUrl(String requestUrl) throws DaoException, SystemException, ServiceException { List<String> markUrlList = this.getAllInterceptorUrls(); for (String markUrl : markUrlList) { String[] markUrls = markUrl.split(";"); for (int i = 0; i < markUrls.length; i++) { if (StringUtils.isNotBlank(markUrls[i]) && StringUtils.simpleWildcardMatch(markUrls[i], requestUrl)) { return true; } } } return false; }
/** * combogrid * * @return * @throws Exception */ @RequestMapping(value = {"combogrid"}) @ResponseBody public Datagrid<User> combogrid( @RequestParam(value = "ids", required = false) List<Long> ids, String loginNameOrName, Integer rows) throws Exception { Criterion statusCriterion = Restrictions.eq("status", StatusState.normal.getValue()); Criterion[] criterions = new Criterion[0]; criterions = (Criterion[]) ArrayUtils.add(criterions, 0, statusCriterion); Criterion criterion = null; if (Collections3.isNotEmpty(ids)) { // in条件 Criterion inCriterion = Restrictions.in("id", ids); if (StringUtils.isNotBlank(loginNameOrName)) { Criterion loginNameCriterion = Restrictions.like("loginName", loginNameOrName, MatchMode.ANYWHERE); Criterion nameCriterion = Restrictions.like("name", loginNameOrName, MatchMode.ANYWHERE); Criterion criterion1 = Restrictions.or(loginNameCriterion, nameCriterion); criterion = Restrictions.or(inCriterion, criterion1); } else { criterion = inCriterion; } // 合并查询条件 criterions = (Criterion[]) ArrayUtils.add(criterions, 0, criterion); } else { if (StringUtils.isNotBlank(loginNameOrName)) { Criterion loginNameCriterion = Restrictions.like("loginName", loginNameOrName, MatchMode.ANYWHERE); Criterion nameCriterion = Restrictions.like("name", loginNameOrName, MatchMode.ANYWHERE); criterion = Restrictions.or(loginNameCriterion, nameCriterion); // 合并查询条件 criterions = (Criterion[]) ArrayUtils.add(criterions, 0, criterion); } } // 分页查询 Page<User> p = new Page<User>(rows); // 分页对象 p = userManager.findByCriteria(p, criterions); Datagrid<User> dg = new Datagrid<User>(p.getTotalCount(), p.getResult()); return dg; }
/** * 查找需要拦截的所有url规则 * * @return */ public List<String> getAllInterceptorUrls() throws DaoException, SystemException, ServiceException { List<String> markUrls = Lists.newArrayList(); // 查找所有资源 // List<Resource> resources = this.findBy("NEI_status",StatusState.delete.getValue()); List<Resource> resources = this.getAll(); for (Resource resource : resources) { if (StringUtils.isNotBlank(resource.getMarkUrl())) { markUrls.add(resource.getMarkUrl()); } } return markUrls; }
/** * 性别下拉框 * * @throws Exception */ @RequestMapping(value = {"sexTypeCombobox"}) @ResponseBody public List<Combobox> sexTypeCombobox(String selectType) throws Exception { List<Combobox> cList = Lists.newArrayList(); // 为combobox添加 "---全部---"、"---请选择---" if (!StringUtils.isBlank(selectType)) { SelectType s = SelectType.getSelectTypeValue(selectType); if (s != null) { Combobox selectCombobox = new Combobox("", s.getDescription()); cList.add(selectCombobox); } } SexType[] _enums = SexType.values(); for (int i = 0; i < _enums.length; i++) { Combobox combobox = new Combobox(_enums[i].getValue().toString(), _enums[i].getDescription()); cList.add(combobox); } return cList; }
/** * 修改用户密码. <br> * 参数upateOperate 需要密码"1" 不需要密码"0". */ @RequestMapping(value = {"updateUserPassword"}) @ResponseBody public Result updateUserPassword( @ModelAttribute("model") User user, String upateOperate, String newPassword) throws Exception { Result result; if (!StringUtils.isEmpty(upateOperate)) { User u = userManager.loadById(user.getId()); if (u != null) { boolean isCheck = true; // 需要输入原始密码 if (AppConstants.USER_UPDATE_PASSWORD_YES.equals(upateOperate)) { String originalPassword = u.getPassword(); // 数据库存储的原始密码 String pagePassword = u.getPassword(); // 页面输入的原始密码(未加密) if (!originalPassword.equals(Encrypt.e(pagePassword))) { isCheck = false; } } // 不需要输入原始密码 if (AppConstants.USER_UPDATE_PASSWORD_NO.equals(upateOperate)) { isCheck = true; } if (isCheck) { u.setPassword(Encrypt.e(newPassword)); userManager.saveEntity(u); result = Result.successResult(); } else { result = new Result(Result.WARN, "原始密码输入错误.", "password"); } } else { result = new Result(Result.ERROR, "修改的用户不存在或已被删除.", null); } } else { result = Result.errorResult(); logger.warn("请求参数错误,未设置参数[upateOperate]."); } logger.debug(result.toString()); return result; }
public List<Menu> getAppMenusByUserId(Long userId) { List<Menu> menus = Lists.newArrayList(); List<Resource> resources = Lists.newArrayList(); User user = userManager.loadById(userId); User superUser = userManager.getSuperUser(); if (user != null && superUser != null && user.getId() == superUser.getId()) { // 超级用户 resources = super.getAll(); } else if (user != null) { resources = getResourcesByUserId(userId); } for (Resource resource : resources) { if (StringUtils.isNotBlank(resource.getUrl())) { if (ResourceState.menu.getValue().equals(resource.getType())) { Menu menu = new Menu(); menu.setId(resource.getId().toString()); menu.setText(resource.getName()); menu.setHref(resource.getUrl()); menus.add(menu); } } } return menus; }
/** * 根据编码得到Resource. * * @param code 资源编码 * @return * @throws DaoException * @throws SystemException * @throws ServiceException */ public Resource getByCode(String code) throws DaoException, SystemException, ServiceException { if (StringUtils.isBlank(code)) { return null; } return resourceDao.findUniqueBy("code", code); }