实现基于ActionKey的权限判断

Signed-off-by: michael.z <mail@zhangxiao.org>
michaelzx · Mar 4, 2015 · 09a239c · 09a239c
1 parent 2e45712
commit 09a239c
Show file tree

Hide file tree

Showing 12 changed files with 239 additions and 67 deletions.
diff --git a/database/db.sql b/database/db.sql
@@ -62,13 +62,13 @@ CREATE TABLE `cnvp_sys_res` (
   `des` varchar(200) DEFAULT NULL COMMENT '描述',
   `ak` varchar(200) DEFAULT NULL COMMENT 'actionKey',
   `seq` int(11) DEFAULT '10' COMMENT '排序',
-  `type` tinyint(1) DEFAULT NULL COMMENT '1、actionKey；',
+  `type` tinyint(2) DEFAULT NULL COMMENT '1、actionKey；',
   PRIMARY KEY (`id`)
-) ENGINE=MyISAM AUTO_INCREMENT=86 DEFAULT CHARSET=utf8;
+) ENGINE=MyISAM AUTO_INCREMENT=88 DEFAULT CHARSET=utf8;
 
 /*Data for the table `cnvp_sys_res` */
 
-insert  into `cnvp_sys_res`(`id`,`pid`,`cname`,`code`,`code_route`,`des`,`ak`,`seq`,`type`) values (1,0,'开始','start','null:start','开始',NULL,10,1),(2,0,'系统','system','null:system',NULL,NULL,10,1),(3,2,'系统设置','config','system:config',NULL,'/System',10,1),(47,2,'组织机构','dept','system:dept',NULL,NULL,10,1),(48,47,'首页','index','system:dept:index',NULL,'/Dept',10,1),(49,47,'抽取json数据','getlist','system:dept:getlist',NULL,'/Dept/getlist',10,1),(50,47,'创建','create','system:dept:create',NULL,'/Dept/create',10,1),(51,47,'更新','update','system:dept:update',NULL,'/Dept/update',10,1),(52,47,'删除','delete','system:dept:delete',NULL,'/Dept/delete',10,1),(53,2,'用户管理','user','system:user',NULL,NULL,10,1),(54,53,'列表','index','system:user:index',NULL,'/User',10,1),(55,53,'添加','create','system:user:create',NULL,'/User/create',10,1),(56,53,'修改','update','system:user:update',NULL,'/User/update',10,1),(57,53,'删除','delete','system:user:delete',NULL,'/User/delete',10,1),(58,53,'批量删除','deleteall','system:user:deleteall',NULL,'/User/deleteAll',10,1),(59,2,'角色管理','role','system:role',NULL,NULL,10,1),(60,59,'列表','index','system:role:index',NULL,'/Role',10,1),(61,59,'添加','create','system:role:create',NULL,'/Role/create',10,1),(62,59,'更新','update','system:role:update',NULL,'/Role/update',10,1),(63,59,'删除','delete','system:role:delete',NULL,'/Role/delete',10,1),(64,59,'批量删除','deleteAll','system:role:deleteAll',NULL,'/Role/deleteAll',10,1),(65,59,'抽取JSON数据','getlist','system:role:getlist',NULL,'/Role/getlist',10,1),(66,2,'资源管理','res','system:res',NULL,NULL,10,1),(67,66,'首页','index','system:res:index',NULL,'/Resource',10,1),(68,66,'添加','create','system:res:create',NULL,'/Role/create',10,1),(69,66,'更新','update','system:res:update',NULL,'/Resource/update',10,1),(70,66,'删除','delete','system:res:delete',NULL,'/Resource/delete',10,1),(71,66,'抽取JSON数据','getlist','system:res:getlist',NULL,'/Resource/getlist',10,1),(72,2,'导航管理','sysnav','system:sysnav',NULL,NULL,10,1),(73,72,'首页','index','system:sysnav:index',NULL,'/System/nav',10,1),(74,72,'添加','create','system:sysnav:create',NULL,'/System/nav_create',10,1),(75,72,'更新','update','system:sysnav:update',NULL,'/System/nav_update',10,1),(76,72,'删除','delete','system:sysnav:delete',NULL,'/System/nav_delete',10,1),(77,72,'保存排序','saveorder','system:sysnav:saveorder',NULL,'/System/save_order',10,1),(78,1,'欢迎使用','welcome','start:welcome',NULL,'/welcome',10,1),(79,1,'个人资料','profile','start:profile',NULL,'/profile',10,1),(80,1,'修改密码','password','start:password',NULL,'/password',10,1),(81,0,'开发','dev','null:dev',NULL,NULL,10,1),(82,81,'首页','index','dev:index',NULL,'/Generator',10,1),(83,81,'模型代码','model','dev:model',NULL,'/Generator/model_code',10,1),(84,81,'控制器代码','controller','dev:controller',NULL,'/Generator/controller_code',10,1),(85,81,'视图代码','view','dev:view',NULL,'/Generator/view_code',10,1);
+insert  into `cnvp_sys_res`(`id`,`pid`,`cname`,`code`,`code_route`,`des`,`ak`,`seq`,`type`) values (1,0,'开始','start','start','开始',NULL,10,0),(2,0,'系统','system','system',NULL,NULL,10,0),(3,2,'系统设置','config','system:config',NULL,'/System',10,1),(47,2,'组织机构','dept','system:dept',NULL,NULL,10,0),(48,47,'首页','index','system:dept:index',NULL,'/Dept',10,1),(49,47,'抽取json数据','getlist','system:dept:getlist',NULL,'/Dept/getlist',10,1),(50,47,'创建','create','system:dept:create',NULL,'/Dept/create',10,1),(51,47,'更新','update','system:dept:update',NULL,'/Dept/update',10,1),(52,47,'删除','delete','system:dept:delete',NULL,'/Dept/delete',10,1),(53,2,'用户管理','user','system:user',NULL,NULL,10,0),(54,53,'列表','index','system:user:index',NULL,'/User',10,1),(55,53,'添加','create','system:user:create',NULL,'/User/create',10,1),(56,53,'修改','update','system:user:update',NULL,'/User/update',10,1),(57,53,'删除','delete','system:user:delete',NULL,'/User/delete',10,1),(58,53,'批量删除','deleteall','system:user:deleteall',NULL,'/User/deleteAll',10,1),(59,2,'角色管理','role','system:role',NULL,NULL,10,0),(60,59,'列表','index','system:role:index',NULL,'/Role',10,1),(61,59,'添加','create','system:role:create',NULL,'/Role/create',10,1),(62,59,'更新','update','system:role:update',NULL,'/Role/update',10,1),(63,59,'删除','delete','system:role:delete',NULL,'/Role/delete',10,1),(64,59,'批量删除','deleteAll','system:role:deleteAll',NULL,'/Role/deleteAll',10,1),(65,59,'抽取JSON数据','getlist','system:role:getlist',NULL,'/Role/getlist',10,1),(66,2,'资源管理','res','system:res',NULL,NULL,10,0),(67,66,'首页','index','system:res:index',NULL,'/Resource',10,1),(68,66,'添加','create','system:res:create',NULL,'/Role/create',10,1),(69,66,'更新','update','system:res:update',NULL,'/Resource/update',10,1),(70,66,'删除','delete','system:res:delete',NULL,'/Resource/delete',10,1),(71,66,'抽取JSON数据','getlist','system:res:getlist',NULL,'/Resource/getlist',10,1),(72,2,'导航管理','sysnav','system:sysnav',NULL,NULL,10,0),(73,72,'首页','index','system:sysnav:index',NULL,'/System/nav',10,1),(74,72,'添加','create','system:sysnav:create',NULL,'/System/nav_create',10,1),(75,72,'更新','update','system:sysnav:update',NULL,'/System/nav_update',10,1),(76,72,'删除','delete','system:sysnav:delete',NULL,'/System/nav_delete',10,1),(77,72,'保存排序','saveorder','system:sysnav:saveorder',NULL,'/System/save_order',10,1),(78,1,'欢迎使用','welcome','start:welcome',NULL,'/welcome',10,1),(79,1,'个人资料','profile','start:profile',NULL,'/profile',10,1),(80,1,'修改密码','password','start:password',NULL,'/password',10,1),(81,0,'开发','dev','dev',NULL,NULL,10,0),(82,81,'首页','index','dev:index',NULL,'/Generator',10,1),(83,81,'模型代码','model','dev:model',NULL,'/Generator/model_code',10,1),(84,81,'控制器代码','controller','dev:controller',NULL,'/Generator/controller_code',10,1),(85,81,'视图代码','view','dev:view',NULL,'/Generator/view_code',10,1),(86,59,'配置资源权限','set_res','system:role:set_res',NULL,'/Role/set_res',10,1),(87,0,'管理首页','frame','frame',NULL,'/',0,1);
 
 /*Table structure for table `cnvp_sys_role` */
 
@@ -85,6 +85,21 @@ CREATE TABLE `cnvp_sys_role` (
 
 insert  into `cnvp_sys_role`(`id`,`cname`,`pid`) values (1,'普通用户',0),(4,'系统管理员',0);
 
+/*Table structure for table `cnvp_sys_role_res` */
+
+DROP TABLE IF EXISTS `cnvp_sys_role_res`;
+
+CREATE TABLE `cnvp_sys_role_res` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `role_id` int(11) DEFAULT NULL,
+  `res_id` int(11) DEFAULT NULL,
+  PRIMARY KEY (`id`)
+) ENGINE=MyISAM AUTO_INCREMENT=1328 DEFAULT CHARSET=utf8;
+
+/*Data for the table `cnvp_sys_role_res` */
+
+insert  into `cnvp_sys_role_res`(`id`,`role_id`,`res_id`) values (1322,4,86),(1321,4,85),(1320,4,84),(1319,4,83),(1318,4,82),(1317,4,81),(1316,4,80),(1315,4,79),(1314,4,78),(1313,4,77),(1312,4,76),(1311,4,75),(1310,4,74),(1309,4,73),(1308,4,72),(1307,4,71),(1306,4,70),(1305,4,69),(1304,4,68),(1303,4,67),(1302,4,66),(1301,4,65),(1300,4,64),(1299,4,63),(1298,4,62),(1297,4,61),(1296,4,60),(1295,4,59),(1294,4,58),(1293,4,57),(1292,4,56),(1291,4,55),(1290,4,54),(1289,4,53),(1288,4,52),(1287,4,51),(1286,4,50),(1285,4,49),(1284,4,48),(1283,4,47),(1282,4,3),(1281,4,2),(1280,4,1),(1327,1,47),(1326,1,1),(1325,1,87),(1324,4,87);
+
 /*Table structure for table `cnvp_sys_user` */
 
 DROP TABLE IF EXISTS `cnvp_sys_user`;
@@ -111,7 +126,7 @@ CREATE TABLE `cnvp_sys_user` (
 
 /*Data for the table `cnvp_sys_user` */
 
-insert  into `cnvp_sys_user`(`id`,`account`,`password`,`sex`,`cname`,`ename`,`dept_id`,`mobile`,`flg`,`remark`,`login_count`,`last_login_time`,`create_time`,`create_user_id`,`update_time`,`update_user_id`) values (1,'superadmin','a8f5f167f44f4964e6c998dee827110c','男','超级管理员-章宵','michael.z',14,'15990061612',1,NULL,60,1413779275,0,1,1424667176117,1),(4,'admin','4297f44b13955235245b2497399d7a93','男','章宵','mic',NULL,'15990061612',1,NULL,2,1406045477,0,1,1423886783558,1);
+insert  into `cnvp_sys_user`(`id`,`account`,`password`,`sex`,`cname`,`ename`,`dept_id`,`mobile`,`flg`,`remark`,`login_count`,`last_login_time`,`create_time`,`create_user_id`,`update_time`,`update_user_id`) values (1,'superadmin','a8f5f167f44f4964e6c998dee827110c','男','超级管理员-章宵','michael.z',14,'15990061612',1,NULL,60,1413779275,0,1,1425458171011,1),(4,'admin','a8f5f167f44f4964e6c998dee827110c','男','章宵','mic',1,'15990061612',1,NULL,2,1406045477,0,1,1425461391895,1);
 
 /*Table structure for table `cnvp_sys_user_role` */
 
@@ -125,7 +140,7 @@ CREATE TABLE `cnvp_sys_user_role` (
 
 /*Data for the table `cnvp_sys_user_role` */
 
-insert  into `cnvp_sys_user_role`(`user_id`,`role_id`) values (1,1),(9,1),(9,4),(10,1),(11,1),(11,4),(12,1),(13,1),(14,1),(15,1),(16,1),(18,1);
+insert  into `cnvp_sys_user_role`(`user_id`,`role_id`) values (1,1),(1,4),(4,1),(9,1),(9,4),(10,1),(11,1),(11,4),(12,1),(13,1),(14,1),(15,1),(16,1),(18,1);
 
 /*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
 /*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;

diff --git a/src/com/cnvp/paladin/controller/ResourceController.java b/src/com/cnvp/paladin/controller/ResourceController.java
@@ -67,7 +67,7 @@ public void delete(){
 	}
 	public void getlist(){
 		Integer pid = getParaToInt("id",0);
-		List<SysRes> models= SysRes.dao.where("pid=?",pid);
+		List<SysRes> models= SysRes.dao.where("pid=? order by seq",pid);
 		List<Map<String,Object>> nodes = new ArrayList<Map<String,Object>>();
 		Iterator<SysRes> it = models.iterator();
 		while (it.hasNext()) {
@@ -82,7 +82,13 @@ public void refresh(){
 		while (it.hasNext()) {
 			SysRes model = it.next();
 			model.addParentCode();
-			model.set("code_route", model.get("parent_code")+":"+model.get("code"));
+			String parent_code = model.get("parent_code");
+			String code_route;
+			if (parent_code==null)
+				code_route = model.get("code");
+			else
+				code_route = parent_code + ":" +model.get("code");
+			model.set("code_route", code_route);
 			model.update();
 		}
 		redirect(getControllerKey());

diff --git a/src/com/cnvp/paladin/controller/RoleController.java b/src/com/cnvp/paladin/controller/RoleController.java
@@ -6,6 +6,8 @@
 
 import com.cnvp.paladin.core.BaseController;
 import com.cnvp.paladin.model.SysRole;
+import com.cnvp.paladin.model.SysRoleRes;
+import com.jfinal.kit.JsonKit;
 
 public class RoleController extends BaseController {
 	public void index(){
@@ -39,7 +41,9 @@ public void update(){
 				redirect(getControllerKey());
 				return;
 		}
-		setAttr("data", SysRole.dao.findById(getParaToInt(0)));
+		SysRole model = SysRole.dao.findById(getParaToInt(0));
+		setAttr("data", model);
+		setAttr("res", JsonKit.toJson(model.getResidList()));
 		render("form.html");
 	}
 	public void delete(){
@@ -55,6 +59,32 @@ public void deleteAll(){
 		}
 		redirect(getControllerKey());
 	}
-
+	public void set_res(){
+		int role_id = getParaToInt(0);
+		int res_id = getParaToInt(1);
+		boolean  flg = getParaToBoolean("checked");
+		if (flg) {
+			SysRoleRes rr = new SysRoleRes().set("role_id", role_id).set("res_id",res_id);
+			if (rr.findByModel().size()==0) 
+				rr.save();
+		}else{
+			//删除
+			SysRoleRes rr = new SysRoleRes().set("role_id", role_id).set("res_id",res_id).findFirstByModel();
+			if(rr!=null) rr.delete();
+		}
+		Map<String, Object> r = new HashMap<String, Object>();
+		r.put("success", true);
+		renderJavascript(JsonKit.toJson(r));
+		return;
+
+	}
+	public void set_res_all(){
+		int role_id = getParaToInt(0);
+		boolean flg = getParaToBoolean("checked");
+		SysRole.dao.checkAll(role_id, flg);
+
+		SysRole model = SysRole.dao.findById(role_id);
+		renderJavascript(JsonKit.toJson(model.getResidList()));
+	}
 }
 
diff --git a/src/com/cnvp/paladin/core/BaseModel.java b/src/com/cnvp/paladin/core/BaseModel.java
@@ -70,14 +70,14 @@ public List<M> findAll(MysqlBuilder sqlBuilder){
 			return find(sqlBuilder.buildSql(),sqlBuilder.params);
 	}
 	//TODO deleteAll 待完善暂时无法正常非使用
-	public Integer deleteAll(MysqlBuilder sqlBuilder){
-		sqlBuilder.optName = "delete";
-		sqlBuilder.tableName = getTableName();
-		System.out.println(sqlBuilder.buildSql());
-		if (sqlBuilder.params.size()==0) 
-			return Db.update(sqlBuilder.buildSql());
-		else			
-			return Db.update(sqlBuilder.buildSql(),sqlBuilder.params);
+	public Integer deleteAll(){		
+		return Db.update("delete from "+ getTableName());
+	}
+	public Integer deleteAll(String sqlWhere){		
+		return Db.update("delete from "+ getTableName()+" where " + sqlWhere);
+	}
+	public Integer deleteAll(String sqlWhere, Object... paras){		
+		return Db.update("delete from "+ getTableName()+" where " + sqlWhere,paras);
 	}
 	public List<M> where(String sqlWhere){
 		String sql = "select * from "+getTableName();

diff --git a/src/com/cnvp/paladin/interceptor/Shiro.java b/src/com/cnvp/paladin/interceptor/Shiro.java
@@ -1,52 +1,48 @@
 package com.cnvp.paladin.interceptor;
 
+import java.util.List;
+
 import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.subject.Subject;
 
+import com.cnvp.paladin.model.SysRes;
+import com.cnvp.paladin.model.SysUser;
 import com.jfinal.aop.Interceptor;
 import com.jfinal.core.ActionInvocation;
 
 public class Shiro implements Interceptor {
 
 	@Override
-	public void intercept(ActionInvocation ai) {
-//		System.out.println(ai.getController().getClass().getName()+":"+ai.getMethodName());
-//
-//		System.out.println(ai.getActionKey());
-//		for (String actionKey : JFinal.me().getAllActionKeys()) {
-//			System.err.println(actionKey);
-//		}
+	public void intercept(ActionInvocation ai) {		
 		/* TODO 继续完善权限控制体系
 		 * 1、按照“权限代码”构建权限目录树
 		 * 2、针对固定的权限，添加actionKey
 		 * 3、shiro拦截器中，根据actionKey在数据库中查找“权限代码”，并进行验证
 		 * */
 		// 获取Shiro Subject
 		Subject currentUser = SecurityUtils.getSubject();
-		if (!currentUser.isAuthenticated()) {// 没有认证
-//			DwzRender render = new DwzRender();
-//			render.setStatusCode("301");
-//			render.setMessage("会话超时，请重新登录。");
-//			ai.getController().render(render);
-			System.err.println("会话超时or未登录。");
+		if (!currentUser.isAuthenticated()) {
+			// 判断是否登陆
+			System.err.println("会话超时or未登录");
 			ai.getController().redirect("/Passport/login?from="+ai.getController().getRequest().getRequestURL());
-		} else {			
-			if (currentUser.isPermittedAll("permissions")) {
-				System.err.println("授权通过");
+		} else {
+			SysUser user = (SysUser) currentUser.getPrincipal();
+			// 根据ak读取权限代码
+			String code_route = null;
+			List<SysRes> res = SysRes.dao.where("ak=?",ai.getActionKey());
+			if (res.size()==1)
+				code_route = res.get(0).getStr("code_route");
+			//进行权限判断
+			if(user.getStr("account").equals("superadmin")){
+				ai.invoke();
+			}else if(code_route==null){
+				ai.getController().renderText(ai.getActionKey()+"由于该ActionKey未被配置到系统资源中，故默认没有权限");
+			}else if(currentUser.isPermitted(code_route)){
+				ai.invoke();
 			}else{
-				System.err.println("授权");
+				ai.getController().renderText("未授权，请联系管理员");
 			}
-			ai.invoke();// 授权
-			// 已经认证
-//			if (permissions == null || currentUser.isPermittedAll(permissions)) {
-//				ai.invoke();// 授权
-//			} else {
-//				// ai.getController().render("/401.html");
-//				DwzRender render = new DwzRender();
-//				render.setStatusCode("301");
-//				render.setMessage("该功能没有授权，请重新登录。");
-//				ai.getController().render(render);// 没有授权，通过DWZ返回错误信息
-//			}
+			return;
 		}
 
 	}

diff --git a/src/com/cnvp/paladin/model/SysRole.java b/src/com/cnvp/paladin/model/SysRole.java
@@ -1,5 +1,9 @@
 package com.cnvp.paladin.model;
 
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
 import com.cnvp.paladin.core.BaseModel;
 import com.jfinal.plugin.activerecord.Page;
 
@@ -14,5 +18,28 @@ public boolean hasChild(){
 			return true;
 		else
 			return false;
-	}	
+	}
+	public List<String> getResidList(){
+		List<String> r = new ArrayList<String>();
+		List<SysRoleRes> rs = new SysRoleRes().set("role_id", get("id")).findByModel();
+		Iterator<SysRoleRes> it = rs.iterator();
+		while (it.hasNext()) {
+			SysRoleRes m = (SysRoleRes) it.next();
+			r.add(m.get("res_id").toString());
+		}
+		return r;		
+	}
+	public void checkAll(Integer role_id,boolean flg){
+		SysRoleRes.dao.deleteAll("role_id=?",role_id);
+		if(flg==false) return;
+		List<SysRes> srs =  SysRes.dao.findAll();
+		Iterator<SysRes> it = srs.iterator();
+		while (it.hasNext()) {
+			SysRes sr = (SysRes) it.next();
+			SysRoleRes srr = new SysRoleRes();
+			srr.set("role_id", role_id);
+			srr.set("res_id", sr.getInt("id"));
+			srr.save();
+		}
+	}
 }
diff --git a/src/com/cnvp/paladin/model/SysRoleRes.java b/src/com/cnvp/paladin/model/SysRoleRes.java
@@ -0,0 +1,8 @@
+package com.cnvp.paladin.model;
+
+import com.cnvp.paladin.core.BaseModel;
+
+@SuppressWarnings("serial")
+public class SysRoleRes extends BaseModel<SysRoleRes> {
+	public static final SysRoleRes dao = new SysRoleRes();	
+}
diff --git a/src/com/cnvp/paladin/model/SysUser.java b/src/com/cnvp/paladin/model/SysUser.java
@@ -1,11 +1,14 @@
 package com.cnvp.paladin.model;
 
+import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Iterator;
 import java.util.List;
 
 import com.cnvp.paladin.core.BaseModel;
 import com.jfinal.plugin.activerecord.Db;
 import com.jfinal.plugin.activerecord.Page;
+import com.jfinal.plugin.activerecord.Record;
 
 @SuppressWarnings("serial")
 public class SysUser extends BaseModel<SysUser> {
@@ -34,4 +37,28 @@ public Collection<String> getRoleNameList(){
 				+ "where ur.userid=?", getInt("id"));
 		return r;
 	}
+	public List<String> getRes(){
+		List<SysUserRole> roles = getRoles();
+		StringBuffer sql = new StringBuffer();
+		sql.append("select res.id,res.id,res.code_route from cnvp_sys_res res ");
+		sql.append("left join cnvp_sys_role_res role_res on  role_res.res_id = res.id ");
+		sql.append("right join cnvp_sys_role role on role_res.role_id = role.id ");
+		sql.append("where role.id in(");
+		for (int i = 0; i < roles.size(); i++) {
+			if(i!=0)sql.append(",");
+			sql.append(roles.get(i).get("role_id"));
+		}
+		sql.append(") ");
+		sql.append("group by res.id ");
+		sql.append("order by id asc ");
+		List<Record> code_routes = Db.find(sql.toString());
+		List<String> reses =  new ArrayList<String>();
+		Iterator<Record> it = code_routes.iterator();
+		while (it.hasNext()) {
+			Record r = (Record) it.next();
+			reses.add(r.getStr("code_route"));
+		}
+		return reses;
+
+	}
 }