现在已经定义了权限并确保将资源添加到数据库。接下来创建用于检查权限的helper classes。
它是这样工作的。您有一个权限,比如ADD_ENTRY和一个资源,比如Guestbook。用户要向guestbook添加一个条目,必须检查该用户是否具有guestbook的ADD_ENTRY权限。创建helper classes来检查特定模型和实体的权限,使这些检查更便捷。因此,创建这样的类是最佳实践。现在将为Guestbook应用程序创建helper classes:
- Right-click the
guestbook-service
module and select New → Package. Name the packagecom.liferay.docs.guestbook.service.permission
. This is where you’ll place your helper classes。 - Right-click the new package and select New → Class. Name the class
GuestbookModelPermission
。 - Replace this class’s contents with the following code:
package com.liferay.docs.guestbook.service.permission; import org.osgi.service.component.annotations.Component; import com.liferay.portal.kernel.exception.PortalException; import com.liferay.portal.kernel.security.auth.PrincipalException; import com.liferay.portal.kernel.security.permission.BaseResourcePermissionChecker; import com.liferay.portal.kernel.security.permission.PermissionChecker; import com.liferay.portal.kernel.security.permission.ResourcePermissionChecker; @Component(immediate = true, property = { "resource.name=" + GuestbookModelPermission.RESOURCE_NAME }, service = ResourcePermissionChecker.class) public class GuestbookModelPermission extends BaseResourcePermissionChecker { public static final String RESOURCE_NAME = "com.liferay.docs.guestbook"; public static void check( PermissionChecker permissionChecker, long groupId, String actionId) throws PortalException { if (!contains(permissionChecker, groupId, actionId)) { throw new PrincipalException.MustHavePermission( permissionChecker, RESOURCE_NAME, groupId, actionId); } } public static boolean contains( PermissionChecker permissionChecker, long groupId, String actionId) { return permissionChecker.hasPermission( groupId, RESOURCE_NAME, groupId, actionId); } @Override public Boolean checkResource( PermissionChecker permissionChecker, long classPK, String actionId) { return contains(permissionChecker, classPK, actionId); } }
这个类是扩展BaseResourcePermissionChecker的组件,并定义了两个静态方法(因此您不必实例化类)来封装您要检查的模型。它还包含一个布尔方法来检查您的资源。Liferay的PermissionChecker类做了大部分工作: 只需要输入资源和操作参数,例如ADD_ENTRY
,它会返回permission是否存在。
这里有三种实现:check
方法,如果用户没有权限就会抛出异常;contains
方法,返回布尔值的方法,如果用户有权限为true
,如果没有权限为fals;checkResource
方法,调用contains
方法。
接下来,为两个实体创建Helper。按照以下步骤操作:
- Create a class in the same package called
GuestbookPermission.java
。 - Replace this class’s contents with the following code:
package com.liferay.docs.guestbook.service.permission; import com.liferay.docs.guestbook.model.Guestbook; import com.liferay.docs.guestbook.service.GuestbookLocalService; import com.liferay.portal.kernel.exception.PortalException; import com.liferay.portal.kernel.exception.SystemException; import com.liferay.portal.kernel.security.auth.PrincipalException; import com.liferay.portal.kernel.security.permission.BaseModelPermissionChecker; import com.liferay.portal.kernel.security.permission.PermissionChecker; import org.osgi.service.component.annotations.Component; import org.osgi.service.component.annotations.Reference; @Component( immediate = true, property = {"model.class.name=com.liferay.docs.guestbook.model.Guestbook"} ) public class GuestbookPermission implements BaseModelPermissionChecker { public static void check( PermissionChecker permissionChecker, long guestbookId, String actionId) throws PortalException, SystemException { if (!contains(permissionChecker, guestbookId, actionId)) { throw new PrincipalException(); } } public static void check( PermissionChecker permissionChecker, long groupId, long guestbookId, String actionId) throws PortalException { if (!contains(permissionChecker, groupId, actionId)) { throw new PrincipalException.MustHavePermission( permissionChecker, Guestbook.class.getName(), guestbookId, actionId); } } public static boolean contains( PermissionChecker permissionChecker, long groupId, long guestbookId, String actionId) throws PortalException { Guestbook guestbook = _guestbookLocalService.getGuestbook(guestbookId); return GuestbookModelPermission.contains(permissionChecker, groupId, actionId); } public static boolean contains( PermissionChecker permissionChecker, long guestbookId, String actionId) throws PortalException, SystemException { Guestbook guestbook = _guestbookLocalService.getGuestbook(guestbookId); return contains(permissionChecker, guestbook, actionId); } public static boolean contains( PermissionChecker permissionChecker, Guestbook guestbook, String actionId) throws PortalException, SystemException { return permissionChecker.hasPermission( guestbook.getGroupId(), Guestbook.class.getName(), guestbook.getGuestbookId(), actionId); } @Reference(unbind = "-") protected void setGuestbookLocalService(GuestbookLocalService guestbookLocalService) { _guestbookLocalService = guestbookLocalService; } private static GuestbookLocalService _guestbookLocalService; @Override public void checkBaseModel( PermissionChecker permissionChecker, long groupId, long guestbookId, String actionId) throws PortalException { check(permissionChecker, guestbookId, actionId); } }
这个类类似于GuestbookModelPermission。不同之处在于,GuestbookPermission是用于模型/资源权限的,所以提供了正在检查权限的实体的主键(guestbookId)。在GuestbookPermission中的check和contains方法也类似于GuestbookModelPermission中的方法。在这两个类中,如果没有权限,check方法会抛出一个异常,而contains方法返回一个布尔值,表示当前用户是否有权限。然而,在GuestbookPermission中包含的方法也检索实体来验证它是否存在(如果它不存在,则抛出一个异常)。
最后一个类几乎与GuestbookPermission相同,但它是为Entry实体设置的。按照以下步骤创建它:
- Create a class in the same package called
EntryPermission.java
。 - Replace this class’s contents with the following code:
package com.liferay.docs.guestbook.service.permission; import com.liferay.docs.guestbook.model.Entry; import com.liferay.docs.guestbook.service.EntryLocalService; import com.liferay.portal.kernel.exception.PortalException; import com.liferay.portal.kernel.exception.SystemException; import com.liferay.portal.kernel.security.auth.PrincipalException; import com.liferay.portal.kernel.security.permission.BaseModelPermissionChecker; import com.liferay.portal.kernel.security.permission.PermissionChecker; import org.osgi.service.component.annotations.Component; import org.osgi.service.component.annotations.Reference; @Component( immediate = true, property = {"model.class.name=com.liferay.docs.guestbook.model.Entry"} ) public class EntryPermission implements BaseModelPermissionChecker { public static void check( PermissionChecker permissionChecker, long entryId, String actionId) throws PortalException, SystemException { if (!contains(permissionChecker, entryId, actionId)) { throw new PrincipalException(); } } public static boolean contains( PermissionChecker permissionChecker, long entryId, String actionId) throws PortalException, SystemException { Entry entry = _entryLocalService.getEntry(entryId); return contains (permissionChecker, entry, actionId); } public static boolean contains( PermissionChecker permissionChecker, Entry entry, String actionId) throws PortalException, SystemException { return permissionChecker.hasPermission(entry.getGroupId(), Entry.class.getName(), entry.getEntryId(), actionId); } @Reference(unbind = "-") protected void setEntryLocalService (EntryLocalService entryLocalService) { _entryLocalService = entryLocalService; } private static EntryLocalService _entryLocalService; @Override public void checkBaseModel( PermissionChecker permissionChecker, long groupId, long primaryKey, String actionId) throws PortalException { check(permissionChecker, primaryKey, actionId); } }
这个类几乎与GuestbookPermission
相同。唯一的区别是EntryPermission
对应于Entry
实体。
现在有了这些类,必须构建服务并导出permissions package,以便其他模块可以访问。按照以下步骤操作:
- Save the permissions helper classes you just created. From the Gradle Tasks panel on the right side of Liferay IDE, run
buildService
from theguestbook-service
module’sbuild
folder。 - In the Project Explorer, open the
bnd.bnd
file from the root folder of theguestbook-service
module。 - In the graphical view, under the Export Packages section, click the plus button to add an export。
- Select
com.liferay.docs.guestbook.service.permission
and clickOK
。 - Save the file。
现在已经为权限创建了Helper类。剩下的唯一事情就是在应用程序的视图层中实现权限检查。