/** * 根据用户ID查询该用户允许访问的所有菜单列表 * * @param userId * @return */ @SuppressWarnings("unchecked") public List<Menu> getAllowedAccessMenu(Long userId) { StringBuffer sqlBuffer = new StringBuffer(); sqlBuffer.append("select * from ("); // 获取Sec_Menu表中定义且未关联资源表Sec_Resource的所有菜单列表 sqlBuffer.append(" select m.id,m.name,m.parent_menu,m.description,m.orderby from sec_menu m "); sqlBuffer.append(" where not exists (select re.id from sec_resource re where re.menu = m.id)"); sqlBuffer.append(" union all "); // 获取Sec_Resource表中已关联且未设置权限的菜单列表 sqlBuffer.append( " select m.id,m.name,m.parent_menu,re.source as description,m.orderby from sec_resource re "); sqlBuffer.append(" left outer join sec_menu m on re.menu = m.id "); sqlBuffer.append( " where re.menu is not null and not exists (select ar.authority_id from sec_authority_resource ar where ar.resource_id = re.id)"); sqlBuffer.append(" union all "); // 获取Sec_Resource表中已关联且设置权限,并根据当前登录账号拥有相应权限的菜单列表 sqlBuffer.append( " select m.id,m.name,m.parent_menu,re.source as description,m.orderby from sec_user u "); sqlBuffer.append(" left outer join sec_role_user ru on u.id=ru.user_id "); sqlBuffer.append(" left outer join sec_role r on ru.role_id=r.id "); sqlBuffer.append(" left outer join sec_role_authority ra on r.id = ra.role_id "); sqlBuffer.append(" left outer join sec_authority a on ra.authority_id = a.id "); sqlBuffer.append(" left outer join sec_authority_resource ar on a.id = ar.authority_id "); sqlBuffer.append(" left outer join sec_resource re on ar.resource_id = re.id "); sqlBuffer.append(" left outer join sec_menu m on re.menu = m.id "); sqlBuffer.append(" where u.id=? and re.menu is not null "); sqlBuffer.append(") tbl order by orderby"); SQLQuery query = menuDao.createSQLQuery(sqlBuffer.toString(), userId); query.addEntity(Menu.class); return query.list(); }