今天要在之前的基础上,实现对用户不同角色的权限控制,根据用户的角色不同而显示不同界面,以及对用户角色添加。
项目如下
数据库设计
tb_user
tb_role
user_role
实体类
今天在原有的基础上,新增了两个实体类,Role和UserRole,具体如下
public class Role {
private int id;
private String rolename;
private String roledesc;
public Role() {
}
public Role(int id, String rolename, String roledesc) {
this.id = id;
this.rolename = rolename;
this.roledesc = roledesc;
}
public int getId() {
return id;
}
public void setId(int id) {
this.id = id;
}
public String getRolename() {
return rolename;
}
public void setRolename(String rolename) {
this.rolename = rolename;
}
public String getRoledesc() {
return roledesc;
}
public void setRoledesc(String roledesc) {
this.roledesc = roledesc;
}
@Override
public String toString() {
return "Role{" +
"id=" + id +
", rolename='" + rolename + '\'' +
", roledesc='" + roledesc + '\'' +
'}';
}
}
public class UserRole {
private int userId;
private int roleId;
public UserRole() {
}
public UserRole(int userId, int roleId) {
this.userId = userId;
this.roleId = roleId;
}
@Override
public String toString() {
return "UserRole{" +
"userId=" + userId +
", roleId=" + roleId +
'}';
}
public int getUserId() {
return userId;
}
public void setUserId(int userId) {
this.userId = userId;
}
public int getRoleId() {
return roleId;
}
public void setRoleId(int roleId) {
this.roleId = roleId;
}
}
实现过程
要想实现不同角色界面不同,首先要把该用户的权限从数据库中查出,并将其放到HttpSession中。
UserController的login方法改写为如下,在IRoleService接口和IRoleDao接口添加对应方法并实现
@RequestMapping("login.do")
public ModelAndView login(User user, HttpSession session){
int id = userService.login(user.getUsername(),user.getPassword());
ModelAndView modelAndView = new ModelAndView();
if(id != -1){
List<Integer> roles = roleService.getRolesByUserId(id);
session.setAttribute("roles",roles);
session.setAttribute("user",user);
modelAndView.setViewName("main");
}else{
modelAndView.setViewName("../failer");
}
return modelAndView;
}
mybatis中sql语句为
<select id="getRoleByUserID" parameterType="int" resultType="int">
select roleid from user_role where userId=#{id}
</select>
在界面中添加判断语句,是管理员可以进行角色管理,而普通用户不可以
<%
List<Integer> roleIds = (List<Integer>) session.getAttribute("roles");
if(roleIds.contains(1)){
%>
<li id="system-setting1"><a
href="#"> <i
class="fa fa-circle-o"></i> 角色管理
</a></li>
<%
}
%>
添加角色,首先还得查处该用户还没有什么角色,在进行添加
IRoleDao接口添加方法
List<Role> findNotRoleByUserId(int id);
对应sql
<select id="findNotRoleByUserId" parameterType="int" resultType="role">
SELECT * FROM tb_role WHERE id NOT IN (
SELECT roleId FROM user_role WHERE userId = #{id})
</select>
这样就将该用户没有的角色查出来,显示在界面上
在UserController添加以下方法
//进入添加角色界面
@RequestMapping("toAddRole.do")
public ModelAndView toAddRole(int id){
List<Role> notRolelist = roleService.findNotRoleByUserId(id);
ModelAndView mv = new ModelAndView();
mv.addObject("roles",notRolelist);
mv.addObject("id",id);
mv.setViewName("user-role-add");
return mv;
}
//将角色添加进数据库
@RequestMapping("addRole.do")
public String addRole(String roleIds,int userId){
String[] strs = roleIds.split(",");
List<Integer> ids = new ArrayList<>();
for(String s:strs){
ids.add(Integer.parseInt(s));
}
roleService.addRole(ids,userId);
return "redirect:findAll.do";
}
对应sql
<select id="findNotRoleByUserId" parameterType="int" resultType="role">
SELECT * FROM tb_role WHERE id NOT IN (
SELECT roleId FROM user_role WHERE userId = #{id})
</select>
<insert id="addRole" parameterType="userrole">
insert into user_role(userId,roleId) values(#{userId},#{roleId})
</insert>
实现结果
管理员
普通用户
添加角色