在做项目时,觉得删除数据不能每个人都可以做,应该只有管理员及上传者才能做到,于是做了一个小小的删除权限的操作。
user:
userid username password realname rank
1 tanxi 157192 1
2 allen 123456 管理员 1
4 tanx 123456 0
5 taxx 123456 0
6 tanxxx 123456 0
code:
codeid codename codepath codedesc userid
17
2020012823031470392ff8ce4-6e5a-4dc6-a96a-f31837850592.zip
E:\ran\instrument\2020012823031470392ff8ce4-6e5a-4dc6-a96a-f31837850592.zip
代码修改操作测试
6
通过userid 进行绑定,自己上传的文件自己和管理员权限(rank bit 1)才能删除。
DeleteServlet:
long codeid = Integer.parseInt(request.getParameter("codeid"));
HttpSession session = request.getSession();
Code onecode = new Code(codeid);
ICodeDao codeDao = new CodeDaoImpl();
Code code = codeDao.oneselect(onecode);
File file = new File(code.getCodepath());
System.out.println("111"+session.getAttribute("isRank").equals(true) );
System.out.println(code.getUserid());
if(session.getAttribute("isRank").equals(true) || (code.getUserid() == (long)session.getAttribute("userid"))){ //判断身份
if(file.exists()){
file.delete();
}
CodeServiceImpl codeService = new CodeServiceImpl();
codeService.codeDelete(onecode);
session.setAttribute("exception",null);
response.sendRedirect("admin.jsp");
}else{
session.setAttribute("code_userId",code.getUserid());
session.setAttribute("exception","你的权限不够!");
response.sendRedirect("admin.jsp");
}
}
通过查询删除数据的userid进行匹配,相同则表示身份与上传者相同。
查询需要删除的数据:
public Code oneselect(Code onecode) {
Code code = null;
Connection con = null;
PreparedStatement ps = null;
ResultSet rs = null;
try {
if(onecode.getCodeid() !=0){
String sql = "select * from code where codeid=?";
Object[] params = {onecode.getCodeid()};
rs = DBUtil.executeSelect(sql,params);
}else if(onecode.getCodepath() !=null){
String sql = "select * from code where codepath=?";
Object[] params = {onecode.getCodepath()};
rs = DBUtil.executeSelect(sql,params);
}
if (rs.next()) {
code = new Code();
code.setCodeid(rs.getLong(1));
code.setCodename(rs.getString(2));
code.setCodepath(rs.getString(3));
code.setUserid(rs.getLong(5));
}
} catch (SQLException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
} finally {
DBUtil.DBCloseCPR(con, ps, rs);
}
return code;
}