oa_08
创建AclManager接口,并实现
- 理解权限管理子系统与其它系统之间的交互过程
- 理解权限管理子系统的具体实现
package com.bjsxt.oa.manager.impl;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import com.bjsxt.oa.manager.AclManager;
import com.bjsxt.oa.manager.Permission;
import com.bjsxt.oa.model.ACL;
public class AclManagerImpl extends AbstractManager implements AclManager {
public void addOrUpdateExtends(int userId, int moduleId, boolean yes) {
//查询ACL对象
ACL acl = findACL(ACL.TYPE_USER, userId, moduleId);
if(acl != null){
acl.setExtends(yes);
getHibernateTemplate().update(acl);
}else{
acl = new ACL();
acl.setPrincipalType(ACL.TYPE_USER);
acl.setPrincipalId(userId);
acl.setModuleId(moduleId);
acl.setExtends(yes);
getHibernateTemplate().save(acl);
}
}
public void addOrUpdatePermission(String principalType, int principalId,
int moduleId, int permission, boolean yes) {
//查询ACL对象
ACL acl = findACL(principalType, principalId, moduleId);
if(acl != null){
//更新aclState的值
acl.setPermission(permission, yes);
getHibernateTemplate().update(acl);
}else{
acl = new ACL();
acl.setPrincipalType(principalType);
acl.setPrincipalId(principalId);
acl.setModuleId(moduleId);
acl.setPermission(permission, yes);
getHibernateTemplate().save(acl);
}
}
public void delPermission(String principalType, int principalId,
int moduleId) {
//查询ACL对象
ACL acl = findACL(principalType, principalId, moduleId);
if(acl != null){
getHibernateTemplate().delete(acl);
}
}
public boolean hasPermission(int userId, int moduleId, int permission) {
//根据用户标识和模块标识查找授权记录
ACL acl = findACL(ACL.TYPE_USER, userId, moduleId);
if(acl != null){
int yesOrNo = acl.getPermission(permission);
if(yesOrNo != ACL.ACL_NEUTRAL){
return yesOrNo == ACL.ACL_YES ? true : false;
}
}
//继续查找用户拥有的角色的授权
//查找用户拥有的角色,并按优先级从高到低排序
String hql = "select r.id from UsersRoles ur join ur.role r join ur.user u " +
"where u.id = ? order by ur.orderNo";
List roleIds = getHibernateTemplate().find(hql,userId);
for (Iterator iterator = roleIds.iterator(); iterator.hasNext();) {
Integer rid = (Integer) iterator.next();
acl = findACL(ACL.TYPE_ROLE, rid, moduleId);
if(acl != null){
return acl.getPermission(permission) == ACL.ACL_YES ? true : false;
}
}
return false;
}
public List searchModules(int userId) {
//查询用户拥有的角色列表,并按优先级从低到高排序
String hql = "select r.id from UsersRoles ur join ur.role r join ur.user u " +
"where u.id = ? order by ur.orderNo desc";
List roleIds = getHibernateTemplate().find(hql,userId);
Map temp = new HashMap();
for (Iterator iterator = roleIds.iterator(); iterator.hasNext();) {
Integer rid = (Integer) iterator.next();
List acls = findRoleAcls(rid);
for (Iterator iterator2 = acls.iterator(); iterator2.hasNext();) {
ACL acl = (ACL) iterator2.next();
temp.put(acl.getModuleId(), acl);
}
}
//查询针对用户的有效的授权列表
List acls = findUserAcls(userId);
for (Iterator iterator = acls.iterator(); iterator.hasNext();) {
ACL acl = (ACL) iterator.next();
temp.put(acl.getModuleId(), acl);
}
//去掉那些没有读取权限的acl对象
Set entries = temp.entrySet();
for (Iterator iterator = entries.iterator(); iterator.hasNext();) {
Map.Entry entry = (Map.Entry) iterator.next();
ACL acl = (ACL)entry.getValue();
//如果没有读取权限,都应该从最终的授权列表中去除
if(acl.getPermission(Permission.READ) != ACL.ACL_YES){
iterator.remove();
}
}
//最后,得到拥有读取权限的授权列表
Set moduleIds = temp.keySet();
if(moduleIds.isEmpty()){
return null;
}
//得到拥有读取权限的模块列表
hql = "select m from Module m where m.id in (:ids) order by m.orderNo";
return getSession().createQuery(hql)
.setParameterList("ids", moduleIds) //moduleIds集合不能为空
.list();
}
private ACL findACL(String principalType,int principalId,int moduleId){
String hql = "select acl from ACL acl where acl.principalType = ? and " +
"acl.principalId = ? and acl.moduleId = ?";
return (ACL)getSession().createQuery(hql)
.setParameter(0, principalType)
.setParameter(1, principalId)
.setParameter(2, moduleId)
.uniqueResult();
}
private List findRoleAcls(int roleId){
String hql = "select acl from ACL acl where acl.principalType = ? " +
"and acl.principalId = ?";
return getHibernateTemplate().find(hql, new Object[]{ACL.TYPE_ROLE,roleId});
}
private List findUserAcls(int userId){
String hql = "select acl from ACL acl where acl.principalType = ?" +
" and acl.principalId = ? and acl.aclTriState = ?";
return getHibernateTemplate().find(hql, new Object[]{ACL.TYPE_USER,userId,ACL.ACL_TRI_STATE_UNEXTENDS});
}
}
package com.bjsxt.oa.model;
import java.util.Set;
/**
*
* @author Administrator
* @hibernate.class table="T_Module"
*/
public class Module {
/**
* @hibernate.id generator-class="native"
*/
private int id;
/**
* @hibernate.property
*/
private String name;
/**
* @hibernate.property
*/
private String url;
/**
* @hibernate.property unique="true"
*/
private String sn;
/**
* @hibernate.property
*/
private int orderNo;
/**
* @hibernate.many-to-one column="pid"
*/
private Module parent;
/**
* @hibernate.set lazy="extra" inverse="true"
* @hibernate.key column="pid"
* @hibernate.one-to-many class="com.bjsxt.oa.model.Module"
*/
private Set children;
public int getId() {
return id;
}
public void setId(int id) {
this.id = id;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getUrl() {
return url;
}
public void setUrl(String url) {
this.url = url;
}
public String getSn() {
return sn;
}
public void setSn(String sn) {
this.sn = sn;
}
public int getOrderNo() {
return orderNo;
}
public void setOrderNo(int orderNo) {
this.orderNo = orderNo;
}
public Module getParent() {
return parent;
}
public void setParent(Module parent) {
this.parent = parent;
}
public Set getChildren() {
return children;
}
public void setChildren(Set children) {
this.children = children;
}
}
package com.bjsxt.oa.model;
/**
*
* @author Administrator
* @hibernate.class table="T_ACL"
*/
public class ACL {
public static final String TYPE_ROLE = "Role";
public static final String TYPE_USER = "User";
/**
* 表示本授权记录无效/即继承其角色的授权
*/
public static final int ACL_TRI_STATE_EXTENDS = 0xFFFFFFFF;
/**
* 表示本授权记录有效/即覆盖了其角色的授权定义
*/
public static final int ACL_TRI_STATE_UNEXTENDS = 0;
/**
* 授权允许
*/
public static final int ACL_YES = 1;
/**
* 授权不允许
*/
public static final int ACL_NO = 0;
/**
* 授权不确定
*/
public static final int ACL_NEUTRAL = -1;
/**
* @hibernate.id generator-class="native"
*/
private int id;
/**
* @hibernate.property
*/
private String principalType;
/**
* @hibernate.property
*/
private int principalId;
/**
* @hibernate.property
*/
private int moduleId;
/**
* @hibernate.property
*/
private int aclState;
/**
* @hibernate.property
*/
private int aclTriState;
public void setPermission(int permission,boolean yes){
int temp = 1;
temp = temp << permission;
if(yes){
aclState |= temp;
}else{
aclState &= ~temp;
}
}
public int getPermission(int permission){
if(aclTriState == ACL_TRI_STATE_EXTENDS){
return ACL.ACL_NEUTRAL;
}
int temp = 1;
temp = temp << permission;
temp = aclState & temp;
if(temp != 0){
return ACL_YES;
}
return ACL_NO;
}
public void setExtends(boolean yes){
if(yes){
aclTriState = ACL_TRI_STATE_EXTENDS;
}else{
aclTriState = ACL_TRI_STATE_UNEXTENDS;
}
}
public int getId() {
return id;
}
public void setId(int id) {
this.id = id;
}
public String getPrincipalType() {
return principalType;
}
public void setPrincipalType(String principalType) {
this.principalType = principalType;
}
public int getPrincipalId() {
return principalId;
}
public void setPrincipalId(int principalId) {
this.principalId = principalId;
}
public int getModuleId() {
return moduleId;
}
public void setModuleId(int moduleId) {
this.moduleId = moduleId;
}
public int getAclState() {
return aclState;
}
public void setAclState(int aclState) {
this.aclState = aclState;
}
public int getAclTriState() {
return aclTriState;
}
public void setAclTriState(int aclTriState) {
this.aclTriState = aclTriState;
}
}
package com.bjsxt.oa.model;
/**
*
* @author Administrator
* @hibernate.class table="T_Role"
*/
public class Role {
/**
* @hibernate.id generator-class="native"
*/
private int id;
/**
* @hibernate.property
*/
private String name;
public int getId() {
return id;
}
public void setId(int id) {
this.id = id;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
}
package com.bjsxt.oa.model;
import java.util.Date;
/**
*
* @author Administrator
* @hibernate.class table="T_User"
*/
public class User {
/**
* @hibernate.id generator-class="native"
*/
private int id;
/**
* @hibernate.property not-null="true" unique="true"
*/
private String username;
/**
* @hibernate.property not-null="true"
*/
private String password;
/**
* @hibernate.property
*/
private Date expireTime;
/**
* @hibernate.property
*/
private Date createTime;
/**
* @hibernate.many-to-one unique="true"
*/
private Person person;
public int getId() {
return id;
}
public void setId(int id) {
this.id = id;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public Date getExpireTime() {
return expireTime;
}
public void setExpireTime(Date expireTime) {
this.expireTime = expireTime;
}
public Date getCreateTime() {
return createTime;
}
public void setCreateTime(Date createTime) {
this.createTime = createTime;
}
public Person getPerson() {
return person;
}
public void setPerson(Person person) {
this.person = person;
}
}
package com.bjsxt.oa.model;
/**
*
* @author Administrator
* @hibernate.class table="T_UsersRoles"
*/
public class UsersRoles {
/**
* @hibernate.id generator-class="native"
*/
private int id;
/**
* @hibernate.many-to-one
*/
private Role role;
/**
* @hibernate.many-to-one
*/
private User user;
/**
* @hibernate.property
*/
private int orderNo;
public int getId() {
return id;
}
public void setId(int id) {
this.id = id;
}
public Role getRole() {
return role;
}
public void setRole(Role role) {
this.role = role;
}
public User getUser() {
return user;
}
public void setUser(User user) {
this.user = user;
}
public int getOrderNo() {
return orderNo;
}
public void setOrderNo(int orderNo) {
this.orderNo = orderNo;
}
}