黑白名单权限开发
在开发的项目中会分有不同的用户,每个用户负责的管理的人员范围不同,所以当查看工资和发放工资时,每个用户只能查看和修改其负责范围内的人员信息
黑白名单管理
超级管理员负责修改用户的管理权限,同时权限有三种,白名单个人,黑名单个人,以及白名单部门
@Controller
@RequestMapping("/accessList")
public class AccessListController extends BaseController {
private String PREFIX = "/salary/accessList/";
@Autowired
private IAccessListService accessListService;
/**
* 跳转到权限名单首页
*/
@RequestMapping("/view")
@BussinessLog(key = "/accessList/view", type = BussinessLogType.QUERY, value = "权限名单页面")
@RequiresPermissions("accessList:view")
public String index() {
ShiroUser user = ShiroKit.getUser();
System.out.println(user.getId());
return PREFIX + "accessList.html";
}
/**
* 跳转到添加权限名单
*/
@RequestMapping("/accessList_add")
@BussinessLog(key = "/accessList/accessList_add", type = BussinessLogType.INSERT, value = "跳转到添加权限名单")
public String accessListAdd() {
return PREFIX + "accessList_add.html";
}
/**
* 跳转到修改权限名单
*/
@RequestMapping("/accessList_update/{accessListId}")
@BussinessLog(key = "/accessList/accessList_update", type = BussinessLogType.MODIFY, value = "跳转到修改权限名单")
public String accessListUpdate(@PathVariable String accessListId, Model model) {
AccessList accessList = accessListService.selectById(accessListId);
model.addAttribute("item",accessList);
return PREFIX + "accessList_edit.html";
}
/**
* 获取权限名单列表
*/
@RequestMapping(value = "/list")
@BussinessLog(key = "/accessList/list", type = BussinessLogType.QUERY, value = "获取权限名单列表")
@ResponseBody
public Object list(String condition,
@RequestParam(value="pageNumber", defaultValue="1")int pageNumber,
@RequestParam(value="pageSize", defaultValue="20") int pageSize) {
// 获取当前登录人的可访问用户
System.out.println("获取当前登录人的可访问用户");
List<String> userLimit = accessListService.getUserLimit(ShiroKit.getUser().getId());
for(String i:userLimit) {System.out.println(i);}// 展示测试
Page<AccessList> page = new Page<>(pageNumber, pageSize);
Wrapper<AccessList> ew = new EntityWrapper<>();
ew.like("USER_ID",condition);
Map<String, Object> result = new HashMap<>(5);
List<AccessList> list = accessListService.selectPage(page, ew).getRecords();
result.put("total", page.getTotal());
result.put("rows", list);
return result;
}
/**
* 验证id获得名字
*/
@RequestMapping(value = "/selectname")
@BussinessLog(key = "/accessList/selectname", type = BussinessLogType.QUERY, value = "验证员工id获得名字")
@ResponseBody
public Object selectname(AccessList accessList){
String s = accessListService.testStaff(accessList.getUserId());
System.out.println("name:"+s);
return s;
}
/**
* 验证id获得资源
*/
@RequestMapping(value = "/selecttarget")
@BussinessLog(key = "/accessList/selecttarget", type = BussinessLogType.QUERY, value = "验证资源id获得名字")
@ResponseBody
public Object selecttarget(AccessList accessList){
String result = "";
if(accessList.getType() == 1)
{
result = accessListService.testDepartment(accessList.getAccess());
}
else
{
result = accessListService.testStaff(accessList.getAccess());
}
System.out.println("name:"+result);
return result;
}
/**
* 新增权限名单
*/
@RequestMapping(value = "/add")
@BussinessLog(key = "/accessList/add", type = BussinessLogType.INSERT, value = "新增权限名单")
@ResponseBody
public Object add(AccessList accessList) {
accessListService.insert(accessList);
return SUCCESS_TIP;
}
/**
* 删除权限名单
*/
@RequestMapping(value = "/delete")
@BussinessLog(key = "/accessList/delete", type = BussinessLogType.DELETE, value = "删除权限名单")
@ResponseBody
public Object delete(@RequestParam String accessListId) {
accessListService.deleteById(accessListId);
return SUCCESS_TIP;
}
/**
* 修改权限名单
*/
@RequestMapping(value = "/update")
@BussinessLog(key = "/accessList/update", type = BussinessLogType.MODIFY, value = "修改权限名单")
@ResponseBody
public Object update(AccessList accessList) {
AccessList accessList1 = accessListService.selectById(accessList);
LogObjectHolder.me().set(accessList1);
accessListService.updateById(accessList);
return SUCCESS_TIP;
}
/**
* 权限名单详情
*/
@RequestMapping(value = "/detail/{accessListId}")
@BussinessLog(key = "/accessList/detail", type = BussinessLogType.QUERY, value = "权限名单详情")
@ResponseBody
public Object detail(@PathVariable("accessListId") String accessListId) {
return accessListService.selectById(accessListId);
}
}
权限接口提供
由于我们是分组开发,开发其他功能的小组也需要用到这个权限,所以是最早开发,且向其他小组提供接口
@Service
public class AccessListServiceImpl extends ServiceImpl<AccessListMapper, AccessList> implements IAccessListService {
@Resource
private AccessListMapper mapper;
@Override
public List<String> getUserLimit(String userID) {
List<Map<String,String>> mapList = mapper.getUserLimit(userID);
List<String> userLimit = new ArrayList<String>();
for(Map<String,String> staffIDmap:mapList)
{
userLimit.add(staffIDmap.get("STAFF_ID"));
}
return userLimit;
}
@Override
public String testStaff(String userID) {
List<Map<String,String>> mapList = mapper.testStaff(userID);
String name = "";
for(Map<String,String> staffmap:mapList)
{
name = staffmap.get("NAME");
}
return name;
}
@Override
public String testDepartment(String id) {
List<Map<String,String>> mapList = mapper.testDepartment(id);
String name = "";
for(Map<String,String> departmentmap:mapList)
{
name = departmentmap.get("DEPARTMENT_NAME");
}
return name;
}
//public List<AccessList> getAccessList(String userID)
//{
// return mapper.getAccessList(userID);
//}
}