在前面我们已经完成了用户的一些功能,在此基础上我们给用户加上角色(权限),不同角色的用户对于用户管理有着不同的操作权限,这样更安全也更接近现实。
角色分为“管理员”和“普通用户”,只有管理员才拥有添加用户角色
的权限。
参考文章:
文章目录
1.准备工作
(1)新建数据库表
- t_role 表:角色表
/*
Navicat Premium Data Transfer
Source Server : localhost_3306
Source Server Type : MySQL
Source Server Version : 50728
Source Host : localhost:3306
Source Schema : whut02
Target Server Type : MySQL
Target Server Version : 50728
File Encoding : 65001
Date: 17/08/2020 17:19:25
*/
SET NAMES utf8mb4;
SET FOREIGN_KEY_CHECKS = 0;
-- ----------------------------
-- Table structure for t_role
-- ----------------------------
DROP TABLE IF EXISTS `t_role`;
CREATE TABLE `t_role` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`rolename` varchar(20) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
`roledesc` varchar(20) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 3 CHARACTER SET = utf8mb4 COLLATE = utf8mb4_general_ci ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of t_role
-- ----------------------------
INSERT INTO `t_role` VALUES (1, '1', '管理员');
INSERT INTO `t_role` VALUES (2, '2', '普通用户');
SET FOREIGN_KEY_CHECKS = 1;
- t_user_role 表:用户-角色表
/*
Navicat Premium Data Transfer
Source Server : localhost_3306
Source Server Type : MySQL
Source Server Version : 50728
Source Host : localhost:3306
Source Schema : whut02
Target Server Type : MySQL
Target Server Version : 50728
File Encoding : 65001
Date: 17/08/2020 17:20:00
*/
SET NAMES utf8mb4;
SET FOREIGN_KEY_CHECKS = 0;
-- ----------------------------
-- Table structure for t_user_role
-- ----------------------------
DROP TABLE IF EXISTS `t_user_role`;
CREATE TABLE `t_user_role` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`userid` int(11) NOT NULL,
`roleid` int(11) NOT NULL,
PRIMARY KEY (`id`) USING BTREE,
INDEX `t_user_role_ibfk_1`(`userid`) USING BTREE,
INDEX `t_user_role_ibfk_2`(`roleid`) USING BTREE,
CONSTRAINT `t_user_role_ibfk_1` FOREIGN KEY (`userid`) REFERENCES `t_user` (`id`) ON DELETE CASCADE ON UPDATE CASCADE,
CONSTRAINT `t_user_role_ibfk_2` FOREIGN KEY (`roleid`) REFERENCES `t_role` (`id`) ON DELETE CASCADE ON UPDATE CASCADE
) ENGINE = InnoDB AUTO_INCREMENT = 6 CHARACTER SET = utf8mb4 COLLATE = utf8mb4_general_ci ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of t_user_role
-- ----------------------------
INSERT INTO `t_user_role` VALUES (1, 1, 1);
INSERT INTO `t_user_role` VALUES (2, 2, 1);
INSERT INTO `t_user_role` VALUES (5, 1, 2);
SET FOREIGN_KEY_CHECKS = 1;
(2)新建角色实体类(Role.java)、用户角色实体类(UserRole.java)
- Role.java
package com.example.bean;
public class Role {
private int id;
private String roleName;
private String roleDesc;
public Role() {
}
public Role(int id, String roleName, String roleDesc) {
this.id = id;
this.roleName = roleName;
this.roleDesc = roleDesc;
}
public int getId() {
return id;
}
public void setId(int id) {
this.id = id;
}
public String getRoleName() {
return roleName;
}
public void setRoleName(String roleName) {
this.roleName = roleName;
}
public String getRoleDesc() {
return roleDesc;
}
public void setRoleDesc(String roleDesc) {
this.roleDesc = roleDesc;
}
@Override
public String toString() {
return "Role{" +
"id=" + id +
", roleName='" + roleName + '\'' +
", roleDesc='" + roleDesc + '\'' +
'}';
}
}
- UserRole.java
package com.example.bean;
/**
* @className: UserRole
* @description:
* @author:
* @date: 16/08/2020 09:36
*/
public class UserRole {
private int id;
private int userId;
private int roleId;
public UserRole() {
}
public UserRole(int id, int userId, int roleId) {
this.id = id;
this.userId = userId;
this.roleId = roleId;
}
public int getId() {
return id;
}
public void setId(int id) {
this.id = id;
}
public int getUserId() {
return userId;
}
public void setUserId(int userId) {
this.userId = userId;
}
public int getRoleId() {
return roleId;
}
public void setRoleId(int roleId) {
this.roleId = roleId;
}
@Override
public String toString() {
return "UserRole{" +
"id=" + id +
", userId=" + userId +
", roleId=" + roleId +
'}';
}
}
(3)新建角色数据访问对象接口(IRoleDao.java)
package com.example.dao;
import com.example.bean.Role;
import com.example.bean.UserRole;
import java.util.List;
public interface IRoleDao {
List<Integer> findRoleIdByUsername(String username);
List<Role> findRoleByUsername(String username);
int getUserId(String username);
void addRole(UserRole role);
}
(4)新建角色数据库映射文件(RoleDao.xml)
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.example.dao.IRoleDao">
<select id="findRoleIdByUsername" resultType="int" parameterType="String">
SELECT roleid
FROM whut02.t_user_role
WHERE userid = (SELECT id FROM whut02.t_user WHERE username = #{username})
</select>
<select id="findRoleByUsername" parameterType="String" resultType="com.example.bean.Role">
SELECT *
FROM whut02.t_role
WHERE id NOT IN
(SELECT roleid
FROM whut02.t_user_role
WHERE userid = (SELECT id FROM whut02.t_user WHERE username = #{username}))
</select>
<select id="getUserId" resultType="int" parameterType="String">
SELECT id
FROM whut02.t_user
WHERE username = #{username}
</select>
<insert id="addRole" parameterType="com.example.bean.UserRole">
INSERT INTO whut02.t_user_role(userid, roleid)
VALUES (#{userId}, #{roleId})
</insert>
</mapper>
(5)新建角色业务层接口及其实现类
- IRoleService.java
package com.example.service;
import com.example.bean.Role;
import java.util.List;
public interface IRoleService {
List<Integer> findRoleIdByUsername(String username);
List<Role> findRoleByUsername(String username);
void add(List<Integer> list, String username);
}
- RoleServiceImpl.java
package com.example.service.impl;
import com.example.bean.Role;
import com.example.bean.UserRole;
import com.example.dao.IRoleDao;
import com.example.service.IRoleService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import java.util.List;
/**
* @className: RoleServiceImpl
* @description:
* @author:
* @date: 16/08/2020 09:49
*/
@Service
public class RoleServiceImpl implements IRoleService {
@Autowired
IRoleDao roleDao;
@Override
public List<Integer> findRoleIdByUsername(String username) {
return roleDao.findRoleIdByUsername(username);
}
@Override
public List<Role> findRoleByUsername(String username) {
return roleDao.findRoleByUsername(username);
}
@Override
public void add(List<Integer> list, String username) {
for (int roleId : list) {
UserRole userRole = new UserRole();
userRole.setRoleId(roleId);
userRole.setUserId(roleDao.getUserId(username));
roleDao.addRole(userRole);
}
}
}
2.验证用户角色
根据数据库中的信息,用户lisi
具有管理员角色,可以添加用户角色。现在我们登录lisi用户。
可以看到lisi用户有添加用户角色的按钮。
![](https://i-blog.csdnimg.cn/blog_migrate/a633718668c88f2f2df503c338547396.png)
点击该按钮即可修改用户角色,现在我们让zhangliu
用户添加为管理员角色。
![](https://i-blog.csdnimg.cn/blog_migrate/9955b549e5e529f4328c5937d6388dbe.png)
进入添加角色页面,选择相应的角色,然后点保存即可。
![](https://i-blog.csdnimg.cn/blog_migrate/f4df659423b9a3d0f2cd37239e8a4c29.png)
然后登录“zhaoliu”用户。
![](https://i-blog.csdnimg.cn/blog_migrate/4b4dba9aa3f353f5995daada580bdd7a.png)
可以看到zhaoliu用户有添加用户角色的按钮。
![](https://i-blog.csdnimg.cn/blog_migrate/13cb8fad066fc41da0a12dbda6df8079.png)
然后我们让zhaoliu用户给tony用户添加普通用户角色。
![](https://i-blog.csdnimg.cn/blog_migrate/57e03767513a981e91dbc12ead1da3ec.png)
![](https://i-blog.csdnimg.cn/blog_migrate/8a4441424c5c3e850665412ab0489f04.png)
然后我们再登录tony用户。
![](https://i-blog.csdnimg.cn/blog_migrate/b7bfc03b36102f94de54a704f32bae75.png)
可以发现tony用户没有添加用户角色的按钮。
![](https://i-blog.csdnimg.cn/blog_migrate/e0abf5691cb695af786a7629bf77aa1a.png)
![](https://i-blog.csdnimg.cn/blog_migrate/f48aa68d61e87bc4b3ce81b458deb00c.jpeg)