1.权限管理概念
权限管理:基于角色的访问控制RBAC(Role-Based Access Control);三要素:用户、角色、资源。
根据用户的身份赋予角色,角色可以设置权限。
比如:张三有权限A,B,C;新入职一员工王五也需要设置权限,再新入职也需要设置权限,很繁琐
那如果普通员工角色的权限就是A,B,C;那只要将员工设置为普通角色就可以了,不需要设置权限
2. 项目进度
3. 项目代码
主要也是CRUD
查询:
后端代码实现:
Step1: 定义一个UserQuery查询类
public class UserQuery extends BaseQuery { private String userName; private String email; private String phone; public String getUserName() { return userName; } public void setUserName(String userName) { this.userName = userName; } public String getEmail() { return email; } public void setEmail(String email) { this.email = email; } public String getPhone() { return phone; } public void setPhone(String phone) { this.phone = phone; } }
Step2:dao层查看接口(多条件查询接口)
查看如果xml文件中如果存在sql语句就不用增加sql语句,如果没有增加sql语句
<select id="selectByParams" parameterType="com.study.crm.query.UserQuery" resultType="com.study.crm.vo.User"> select <include refid="Base_Column_List"></include> from t_user <where> is_valid=1 <if test="null != userName and userName != ' '"> and user_name like concat('%',#{userName},'%') </if> <if test="null != email and email != ' '"> and email like concat('%',#{email},'%') </if> <if test="null != phone and phone != ' '"> and phone like concat('%',#{phone},'%') </if> </where> </select>
Step3: 写service层
service就是返回一个map对象(这里返回map对象主要是因为需要与layui中的表格数据相对应)
public Map<String,Object> queryByParamsForTable(BaseQuery baseQuery){ Map<String ,Object> map=new HashMap<>(); PageHelper.startPage(baseQuery.getPage(),baseQuery.getLimit()); PageInfo<T> pageInfo=new PageInfo<T>(selectByParams(baseQuery)); map.put("code",0); map.put("msg","success"); map.put("data",pageInfo.getList()); map.put("count",pageInfo.getTotal()); return map; }
Step4:写controller层:
@RequestMapping("list") @ResponseBody public Map<String,Object> selectByParams(UserQuery userQuery){ return userService.queryByParamsForTable(userQuery); }
Step5:测试
http://localhost:8080/crm/user/list?userName=
前端实现:
在controller层中增加一个视图
@RequestMapping("addOrUpdateUserPage") public String addOrUpdateUserPage(Integer id){ return "user/add_update"; }
更新:
Step1:dao层是都有对应的sql语句(存在就不用写)
Step2:service层:
/*** * 更新用户信息 * 与添加操作一致 * @param user */ @Transactional(propagation = Propagation.REQUIRED) public void updateUser(User user){ AssertUtil.isTrue(user.getId()==null,"待更新记录不存在"); User temp=userMapper.selectByPrimaryKey(user.getId()); AssertUtil.isTrue(temp==null ,"待更新记录不存在"); checkUserParams(user.getUserName(),user.getEmail(),user.getPhone()); user.setUpdateDate(new Date()); AssertUtil.isTrue(userMapper.updateByPrimaryKeySelective(user)!=1,"更新用户失败"); }
Step3:controller层:
@PostMapping("update") @ResponseBody public ResultInfo updateUser(User user){ userService.updateUser(user); return success("更新用户成功"); }
Step4:测试
http://localhost:8080/crm/user/update?userName=admin2&email=774747245@qq.com&phone=13451233007&id=44
删除:
Step1:dao层是都有对应的sql语句(存在就不用写)
<update id="deleteBatch" > update t_user set is_valid=0 where id in <foreach collection="array" separator="," open="(" close=")" item="id"> #{id} </foreach> </update>
Step2:service层:
@Transactional(propagation = Propagation.REQUIRED) public void deleteUser(Integer[] ids){ AssertUtil.isTrue(null==ids || ids.length<1,"待删除记录不存在"); AssertUtil.isTrue(userMapper.deleteBatch(ids)!=ids.length,"用户数据删除失败"); }
Step3:controller层
@ResponseBody @PostMapping("delete") public ResultInfo deleteUser(Integer[] ids){ userService.deleteUser(ids); return success("删除用户成功"); }
用户角色相关联:
Step1:查询所有角色
dao层:
<select id="queryAllRoles" resultType="java.util.Map"> select id, role_name roleName from t_role where is_valid=1 </select>
service层:
public List<Map<String, Object>> queryAllRoles(){ return roleMapper.queryAllRoles(); }
controller层:
@ResponseBody @RequestMapping("queryAllRoles") public List<Map<String,Object>> queryAllRoles(){ return roleService.queryAllRoles(); }
测试:
http://localhost:8080/crm/role/queryAllRoles
Step2:将用户和角色对应表更新,及主要是更新t_user_role表
service层:
/*** * 用户角色关联 * 主要是更新t_user_role表 * @param userId * @param roleIds */ private void relationUserRole(Integer userId, String roleIds) { Integer count=userRoleMapper.countUserRoleByUserId(userId); if(count>0){ AssertUtil.isTrue(userRoleMapper.deleteUserRoleByUserId(userId)!=count,"用户角色分配失败"); } if(StringUtils.isNotBlank(roleIds)){ List<UserRole> userRoleList=new ArrayList<>(); String[] roleIdsArray=roleIds.split(","); for (String roleId : roleIdsArray) { UserRole userRole=new UserRole(); userRole.setRoleId(Integer.parseInt(roleId)); userRole.setUserId(userId); userRole.setCreateDate(new Date()); userRole.setUpdateDate(new Date()); userRoleList.add(userRole); } AssertUtil.isTrue(userRoleMapper.insertBatch(userRoleList)!=userRoleList.size(),"用户角色分配失败"); } }
因为操作的是t_user_role表,需要新建UserRoleMapper、UserRoleService、UserRoleController
对应的UserRoleMapper而言:
需要增加两个方法:
(1)根据userId查询记录并返回记录条数
(2)根据userId删除记录
<select id="countUserRoleByUserId" parameterType="int" resultType="java.lang.Integer"> select count(1) from t_user_role where user_id=#{userId} </select> <delete id="deleteUserRoleByUserId" parameterType="int"> delete from t_user_role where user_id=#{userId} </delete> <insert id="insertBatch" > insert into t_user_role(user_id,role_id,create_date,update_date) values <foreach collection="list" item="item" separator=","> (#{item.userId},#{item.roleId},now(),now()) </foreach> </insert>