企业级权限管理项目(八)
授权操作
创建表
角色关系表
CREATE TABLE sys_user_role(
userId number,
roleId number,
PRIMARY KEY(userId,roleId), --联合主键:两个不能同时一样
FOREIGN KEY (userId) REFERENCES sys_USER(id),
FOREIGN KEY (roleId) REFERENCES sys_role(id)
)
角色权限表
CREATE TABLE sys_role_permission(
permissionId number,
roleId number,
PRIMARY KEY(permissionId,roleId),
FOREIGN KEY (permissionId) REFERENCES sys_permission(id),
FOREIGN KEY (roleId) REFERENCES sys_role(id)
)
在实体类中添加新的属性
为什么要new出来:不new出来的话,有些框架如果没有查询到,则去调用这个集合会出现null
SysUser:
//一个用户对应多个角色
private List<Role> roleList = new ArrayList<>();
Role:
//一个角色被多个用户拥有
private List<SysUser> userList = new ArrayList<>();
//一个角色拥有多个权限
private List<Permission> permissionList = new ArrayList<>();
Permission:
//一个权限可以被多个角色所拥有
private List<Role> roleList = new ArrayList<>();
用户详情
实现点击详情后进入用户详情页面
显示用户名,点击显示角色列表,再点击角色,显示权限列表
前端
<tbody>
<c:forEach items="${user.roleList}" var="role">
<tr data-tt-id="${role.id}" data-tt-parent-id="0">
<td>${role.roleName }</td>
<td>${role.roleDesc }</td>
</tr>
<c:forEach items="${role.permissionList}" var="permission">
<tr data-tt-id="${role.id}-${permission.id}" data-tt-parent-id="${role.id}">
<td>${permission.permissionName}</td>
<td>${permission.url}</td>
</tr>
</c:forEach>
</c:forEach>
</tbody>
UserController
/**
* 查询某用户的详情
* @param userId
* @return
*/
@RequestMapping("/details")
public ModelAndView details(Integer userId){
//查询数据
SysUser user = userService.findById(userId);
ModelAndView modelAndView = new ModelAndView();
modelAndView.addObject("user",user);
modelAndView.setViewName("user-show");
return modelAndView;
}
UserService
@Override
public SysUser findById(Integer userId) {
return userDao.findById(userId);
}
UserDao
/**
* 根据id查询
* @param userId
* @return
*/
@Select("select * from sys_user where id = #{userId}")
@Results({
@Result(property = "id", column = "id"),
@Result(property = "roleList", column = "id", javaType = List.class,
//根据userId查询角色列表findRoleListByUserId
many = @Many(select = "com.itheima.dao.RoleDao.findRoleListByUserId"))
})
SysUser findById(Integer userId);
RoleDao
/**
* 根据userId得到角色列表
* @param userId
* @return
*/
@Select("select r.* from sys_user_role ur , sys_role r where r.id=ur.roleid and userid = #{userId}")
@Results({
@Result(property = "id", column = "id"),
@Result(property = "permissionList", column = "id", javaType = List.class,
many = @Many(select = "com.itheima.dao.PermissionDao.findPermissionListByRoleId"))
})
List<Role> findRoleListByUserId(Integer userId);
PermissionDao
/**
* 根据角色id查询权限列表
* @param roleId
* @return
*/
@Select("select p.* from sys_role_permission rp , sys_permission p where rp.permissionid = p.id and roleid = #{roleId}")
List<Permission> findPermissionListByRoleId(Integer roleId);
添加角色
一、添加角色回显
点击添加角色,进入添加角色页面
显示所有的角色,将用户已有的角色打上√
二、添加数据
点击保存按钮,将用户原有的角色全部删除,添加新的角色
前端
引入一个新的标签库fn
<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
<form
action="${pageContext.request.contextPath}/user/addRolesToUser"
method="post">
<!-- 正文区域 -->
<section class="content">
<input type="hidden" name="userId" value="${userId}">
<table id="dataList"
class="table table-bordered table-striped table-hover dataTable">
<thead>
<tr>
<th class="" style="padding-right: 0px">
<input id="selall"
type="checkbox" class="icheckbox_square-blue"></th>
<th class="sorting_asc">ID</th>
<th class="sorting">角色名称</th>
<th class="sorting">角色描述</th>
</tr>
</thead>
<tbody>
<c:forEach items="${roleList}" var="role">
<tr>
<td><input name="ids" type="checkbox" ${fn:contains(str,",".concat(role.id).concat(","))?"checked":""} value="${role.id}"></td>
<td>${role.id}</td>
<td>${role.roleName }</td>
<td>${role.roleDesc}</td>
</tr>
</c:forEach>
</tbody>
</table>
<!--订单信息/--> <!--工具栏-->
<div class="box-tools text-center">
<button type="submit" class="btn bg-maroon">保存</button>
<button type="button" class="btn bg-default"
onclick="history.back(-1);">返回</button>
</div>
<!--工具栏/--> </section>
<!-- 正文区域 /-->
</form>
UserController
/**
* 用户添加角色的数据回显
* @param userId
* @return
*/
@RequestMapping("/addRoleToUserUI")
public ModelAndView addRoleToUserUI(Integer userId){
//查询数据
//所有的角色
List<Role> roleList = roleService.findAll();
//当前用户拥有的角色
SysUser user = userService.findById(userId);
List<Role> userRoleList = user.getRoleList();
//把该用户拥有的角色id拼接一个字符串
//str=,1,,2,,3,,4,,5,,6,,12,
StringBuilder sb = new StringBuilder();
for (Role role : userRoleList) {
sb.append(",");
sb.append(role.getId());
sb.append(",");
}
//创建ModelAndView
ModelAndView modelAndView = new ModelAndView();
//添加所有的角色列表
modelAndView.addObject("roleList",roleList);
//已经拥有的角色列表
modelAndView.addObject("str",sb.toString());
//操作的用户
modelAndView.addObject("userId",user.getId());
modelAndView.setViewName("user-role-add");
return modelAndView;
}
/**
*
* @param ids 给用户添加的角色的id数组
* @param userId 给哪个用户添加角色
* @return
*/
@RequestMapping("/addRolesToUser")
public String addRolesToUser(Integer[] ids, Integer userId){
userService.addRolesToUser(ids,userId);
return "redirect:/user/findAll";
}
UserService
@Override
public SysUser findById(Integer userId) {
return userDao.findById(userId);
}
@Override
public void addRolesToUser(Integer[] ids, Integer userId) {
//先清空该用户拥有的所有角色
userDao.delRolesFromUser(userId);
//维护新的角色
//判断数组是否为空
if(ids!=null){
for (Integer id : ids) {
userDao.saveRoleToUser(userId,id);
}
}
}
UserDao
/**
* 根据id查询
* @param userId
* @return
*/
@Select("select * from sys_user where id = #{userId}")
@Results({
@Result(property = "id", column = "id"),
@Result(property = "roleList", column = "id", javaType = List.class,
//根据userId查询角色列表findRoleListByUserId
many = @Many(select = "com.itheima.dao.RoleDao.findRoleListByUserId", fetchType = FetchType.LAZY))
})
SysUser findById(Integer userId);
/**
* 删除用户原来的角色
* @param userId
*/
@Delete("delete from sys_user_role where userId = #{userId}")
void delRolesFromUser(Integer userId);
/**
* 维护新的关系
* 给用户添加角色
* @param userId
* @param id
*/
@Insert("insert into sys_user_role values(#{param1},#{param2})")
void saveRoleToUser(Integer userId, Integer id);
添加权限
和上述的需求差不多,先回显再保存
前端
<form
action="${pageContext.request.contextPath}/role/addPermissionsToRole"
method="post">
<!-- 正文区域 -->
<section class="content"> <input type="hidden" name="roleId"
value="${roleId}">
<table id="dataList"
class="table table-bordered table-striped table-hover dataTable">
<thead>
<tr>
<th class="" style="padding-right: 0px">
<input id="selall"
type="checkbox" class="icheckbox_square-blue"></th>
<th class="sorting_asc">ID</th>
<th class="sorting">权限名称</th>
<th class="sorting">URL</th>
</tr>
</thead>
<tbody>
<c:forEach items="${permissionList}" var="permission">
<tr>
<td><input name="ids" type="checkbox" ${fn:contains(str,",".concat(permission.id).concat(","))?"checked":""} value="${permission.id}"></td>
<td>${permission.id}</td>
<td>${permission.permissionName }</td>
<td>${permission.url}</td>
</tr>
</c:forEach>
</tbody>
</table>
<!--订单信息/--> <!--工具栏-->
<div class="box-tools text-center">
<button type="submit" class="btn bg-maroon">保存</button>
<button type="button" class="btn bg-default"
onclick="history.back(-1);">返回</button>
</div>
<!--工具栏/--> </section>
<!-- 正文区域 /-->
</form>
RoleController
/**
* 添加权限到角色的数据回显
* @param roleId
* @return
*/
@RequestMapping("/addPermissionsToRoleUI")
public ModelAndView addPermissionsToRoleUI(Integer roleId){
//查询数据
//所有的权限
List<Permission> permissionList = permissionService.findAll();
//已有的权限
Role role = roleService.findById(roleId);
//把已经拥有的权限id拼接为字符串
StringBuilder sb = new StringBuilder();
for (Permission permission : role.getPermissionList()) {
sb.append(",");
sb.append(permission.getId());
sb.append(",");
}
//modelAndView
ModelAndView modelAndView = new ModelAndView();
modelAndView.addObject("permissionList",permissionList);
modelAndView.addObject("str",sb.toString());
//角色id:保存权限时使用
modelAndView.addObject("roleId",role.getId());
modelAndView.setViewName("role-permission-add");
return modelAndView;
}
/**
* 添加权限到角色
* @param roleId 角色id
* @param ids 勾选的角色的权限id
* @return
*/
@RequestMapping("/addPermissionsToRole")
public String addPermissionsToRole(Integer roleId,Integer[] ids){
//保存
roleService.addPermissionsToRole(roleId,ids);
//请求查询全部
return "redirect:/role/findAll";
}
RoleService
@Override
public Role findById(Integer roleId) {
return roleDao.findById(roleId);
}
@Override
public void addPermissionsToRole(Integer roleId, Integer[] ids) {
//删除原权限
roleDao.delPermissionsFromRole(roleId);
//维护新的关系
if(ids!=null){
for (Integer id : ids) {
roleDao.addPermissionToRole(roleId,id);
}
}
}
RoleDao
/**
* 根据id查询
*
* @param roleId
* @return
*/
@Select("select * from sys_role where id=#{roleId}")
@Results({
@Result(property = "id", column = "id"),
@Result(property = "permissionList", column = "id", javaType = List.class,
many = @Many(select = "com.itheima.dao.PermissionDao.findPermissionListByRoleId", fetchType = FetchType.LAZY))
})
Role findById(Integer roleId);
/**
* 删除角色所有的权限
* @param roleId
*/
@Delete("delete from sys_role_permission where roleId = #{roleId}")
void delPermissionsFromRole(Integer roleId);
/**
* 维护新关系
* @param roleId
* @param id
*/
@Insert("insert into sys_role_permission values(#{param2},#{param1})")
void addPermissionToRole(Integer roleId, Integer id);