本节博文将向大家介绍本次Web应用之权限分配。
何为权限分配,就是本次驾培系统设置一个超级管理人员,这个管理人员能给在本平台上的所有用户进行权限分配。可以让用户登录后根据超级管理人员所分配的权限,给予与之相对应的权限操作。本次权限分配用了两个oracle数据表,一个是所有权限的表格,即全部权限都存在里面,并且设置权限的ID和等级。另一个是用户权限表格,根据超级管理人员所分配的权限,在用户权限表格上增删权限ID。说了这么多,不知道大家能不能明白,先上效果图。
权限分配演示一:超管登录,对admin用户进行权限分配。admin用户登录后,只能操作个人和系统管理。
权限分配演示二:超管登录,对hongxing用户进行权限分配。hongxing用户登录后,只能操作个人和系统管理。
看完上面两个gif图,大家应该明白此次实现的功能是什么了。本次权限分配用了一个第三方插件:Ztree,实现权限的树状列表。
下面给大家展现一下Ztree的demo,以便明白笔者是怎么实现这个权限分配的.
这是Ztree插件附带的demo,点击右键审查页面代码,可以看到:树状结构由一个zNodes实现
- <link rel="stylesheet" href="../../../css/demo.css" type="text/css">
- <link rel="stylesheet" href="../../../css/zTreeStyle/zTreeStyle.css" type="text/css">
- <script type="text/<a href="http://lib.csdn.net/base/18" class="replace_word" title="JavaScript知识库" target="_blank" style="color:#df3434; font-weight:bold;">javascript</a>" src="../../../js/<a href="http://lib.csdn.net/base/22" class="replace_word" title="jQuery知识库" target="_blank" style="color:#df3434; font-weight:bold;">jquery</a>-1.4.4.min.js"></script>
- <script type="text/javascript" src="../../../js/jquery.ztree.core-3.5.js"></script>
- <script type="text/javascript" src="../../../js/jquery.ztree.excheck-3.5.js"></script>
- <!--
- <script type="text/javascript" src="../../../js/jquery.ztree.exedit-3.5.js"></script>
- -->
- <SCRIPT type="text/javascript">
- <!--
- var setting = {
- check: {
- enable: true
- },
- data: {
- simpleData: {
- enable: true
- }
- }
- };
- var zNodes =[
- { id:1, pId:0, name:"个人管理 1", open:true},
- { id:3, pId:1, name:"随意勾选 1-1", open:true},
- { id:5, pId:1, name:"随意勾选 1-1-1"},
- { id:112, pId:11, name:"随意勾选 1-1-2"},
- { id:12, pId:1, name:"随意勾选 1-2", open:true},
- { id:121, pId:12, name:"随意勾选 1-2-1"},
- { id:122, pId:12, name:"随意勾选 1-2-2"},
- { id:2, pId:0, name:"随意勾选 2", checked:true, open:true},
- { id:21, pId:2, name:"随意勾选 2-1"},
- { id:22, pId:2, name:"随意勾选 2-2", open:true},
- { id:221, pId:22, name:"随意勾选 2-2-1", checked:true},
- { id:222, pId:22, name:"随意勾选 2-2-2", checked:false},
- { id:23, pId:2, name:"随意勾选 2-3"},
- ];
- var code;
- function setCheck() {
- var zTree = $.fn.zTree.getZTreeObj("treeDemo"),
- py = $("#py").attr("checked")? "p":"",
- sy = $("#sy").attr("checked")? "s":"",
- pn = $("#pn").attr("checked")? "p":"",
- sn = $("#sn").attr("checked")? "s":"",
- type = { "Y":py + sy, "N":pn + sn};
- zTree.setting.check.chkboxType = type;
- showCode('setting.check.chkboxType = { "Y" : "' + type.Y + '", "N" : "' + type.N + '" };');
- }
- function showCode(str) {
- if (!code) code = $("#code");
- code.empty();
- code.append("<li>"+str+"</li>");
- }
- $(document).ready(function(){
- $.fn.zTree.init($("#treeDemo"), setting, zNodes);
- setCheck();
- $("#py").bind("change", setCheck);
- $("#sy").bind("change", setCheck);
- $("#pn").bind("change", setCheck);
- $("#sn").bind("change", setCheck);
- });
- //-->
- </SCRIPT>
- </HEAD>
- <BODY>
- <div class="content_wrap">
- <div class="zTreeDemoBackground left">
- <ul id="treeDemo" class="ztree"></ul>
- </div>
- </div>
下面附上实现代码和数据表:
全部权限的表格:
用户所有权限的表格:超管的user_id是1,他拥有全部权限ID
接下来请看我们的UserServlet:
- public class UserServlet extends HttpServlet{
- @Override
- protected void service(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
- req.setCharacterEncoding("utf-8");
- resp.setContentType("text/html;charset=utf-8");
- String task = req.getParameter("task");
- HttpSession session = req.getSession();
- //从登陆的传的session获取到用户信息
- UserBean userBean = (UserBean)session.getAttribute("Logindo");
- UserDao userDao = DaoFactory.getUserDao();
- PrintWriter writer = resp.getWriter();
- if("logout".equals(task)){
- session = req.getSession();
- session.invalidate();
- req.getRequestDispatcher("index.jsp").forward(req, resp);
- }else if("permission".equals(task)){
- //跳转到权限分配jsp
- int pagenum = Integer.parseInt(req.getParameter("pagenum"));
- int count = userDao.countUser();
- PageBean pageBean = new PageBean();
- pageBean.findPageBean(count, pagenum);
- List<UserBean> userBeans =userDao.findPage(pageBean);
- req.setAttribute("pageBean", pageBean);
- req.setAttribute("userBeans", userBeans);
- req.getRequestDispatcher("jsp/sysmanager/permission.jsp").forward(req, resp);
- }else if("delivery".equals(task)){
- //权限分配业务逻辑
- //TODO
- int deliveryUserId = Integer.parseInt(req.getParameter("userid"));
- userBean = userDao.findUser_ById(deliveryUserId);
- session.setAttribute("func_userBean", userBean);
- req.getRequestDispatcher("jsp/sysmanager/testfunc.jsp").forward(req, resp);
- //jsp点击权限分配
- }else if("test".equals(task)){
- int user_id = Integer.parseInt(req.getParameter("user_id")) ;
- //获取全部的权限列表
- List<FuncBean> funcList = DaoFactory.getFuncDao().getFunc_Already();
- //根据用户ID获取他所有的权限
- List<FuncBean> userList = DaoFactory.getFuncDao().getFunc_ALL(user_id);
- int userid = userBean.getUser_id();
- //获取出id,pid(权限父ID),name(权限名),open(是否展开),checked(默认选中)等属性
- List<FunctionBean> functionBeans = new ArrayList<FunctionBean>();
- //对全部权限列表进行迭代
- for (FuncBean Bean : funcList) {
- FunctionBean functionBean = new FunctionBean();
- //将权限表的所有信息set进去
- functionBean.setId(Bean.getFunc_id());
- functionBean.setpId(Bean.getFunc_pid());
- functionBean.setName(Bean.getFunc_name());
- //如果权限列表的父id为0,则默认展开
- if(Bean.getFunc_pid()==0){
- functionBean.setOpen(true);
- }else{
- functionBean.setOpen(false);
- }
- int flag = 0;
- //对用户已有权限列表进行迭代
- for (FuncBean itemBean : userList) {
- //如果用户已有权限ID与所有权限表的权限ID相等,则默认选中
- if(itemBean.getFunc_id()==Bean.getFunc_id()){
- flag = 1;
- functionBean.setChecked(true);
- }
- }
- //否则不选中
- if(flag == 0){
- functionBean.setChecked(false);
- }
- //将结果存到List<FunctionBean> functionBeans中
- functionBeans.add(functionBean);
- }
- //转换为JSON格式传到页面,转换为JSON格式,结果就是上文所需的zNodes格式[{id: ,pid: ,name:'',open:ture/false,checked:true/false}],不明白可以留言
- JSONArray funcjson = JSONArray.fromObject(functionBeans);
- writer.write(funcjson.toString());
- writer.flush();
- //权限分配完成点击提交
- }else if("finish".equals(task)){
- //获取JSP页面传来的user_id
- int user_id = Integer.parseInt(req.getParameter("user_id")) ;
- //获取JSP页面传来的权限ID的字符串
- String rightsId = req.getParameter("rightsId");
- //截取成单个字符串数组
- String [] stringArr= rightsId.split(",");
- //String stringArr[] = req.getParameterValues("rightsId");
- //删除对应用户已有的权限
- DaoFactory.getFuncDao().deleteFunc_All(user_id);
- for (int i = 0; i < stringArr.length; i++) {
- if(!stringArr[i].equals("")){
- //如果权限ID不为空,则将权限添加进数据表
- int func_id = Integer.valueOf(stringArr[i]) ;
- DaoFactory.getFuncDao().addFunc_ByUserId(user_id,func_id);
- }
- }
- userBean = userDao.findUser_ById(user_id);
- req.setAttribute("msg", "分配成功,已保存!");
- session.setAttribute("func_userBean", userBean);
- req.getRequestDispatcher("jsp/sysmanager/testfunc.jsp").forward(req, resp);
- //导航-》关于/我的
- }else if("about".equals(task)){
- int driving_id = userBean.getDriving_id();
- String driving_name = DaoFactory.getDrivingSchDao().findDrivName_ById(driving_id);
- ApkBean apkBean = DaoFactory.getRoleDao().findApk_ByNewOne();
- req.setAttribute("apkBean", apkBean);
- req.setAttribute("driving_name", driving_name);
- req.setAttribute("userBean", userBean);
- req.getRequestDispatcher("jsp/sysmanager/about.jsp").forward(req, resp);
- }
- }
- }
这是我们的权限分配的JSP:
- <%@ page language="<a href="http://lib.csdn.net/base/17" class="replace_word" title="Java EE知识库" target="_blank" style="color:#df3434; font-weight:bold;">java</a>" import="java.util.*,org.great.bean.*" pageEncoding="utf-8"%>
- <%@page import="org.great.dao.DaoFactory"%>
- <%
- String path = request.getContextPath();
- String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
- %>
- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
- <html>
- <head>
- <base href="<%=basePath%>">
- <title>My JSP 'usermanager.jsp' starting page</title>
- <meta http-equiv="pragma" content="no-cache">
- <meta http-equiv="cache-control" content="no-cache">
- <meta http-equiv="expires" content="0">
- <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
- <meta http-equiv="description" content="This is my page">
- <!--
- <link rel="stylesheet" type="text/css" href="styles.css">
- -->
- <link rel="stylesheet" type="text/css" href="<%=basePath%>/background/Style/skin.css" />
- <script type="text/javascript"
- src="<%=basePath%>/zTree/js/jquery-1.4.4.min.js">
- </script>
- <link rel="stylesheet" href="<%=basePath%>/zTree/css/demo.css"
- type="text/css">
- <link rel="stylesheet"
- href="<%=basePath%>/zTree/css/zTreeStyle/zTreeStyle.css"
- type="text/css">
- <script type="text/javascript"
- src="<%=basePath%>/zTree/js/jquery.ztree.core-3.5.js">
- </script>
- <script type="text/javascript"
- src="<%=basePath%>/zTree/js/jquery.ztree.excheck-3.5.js">
- </script>
- </head>
- <body>
- <table width="100%" border="0" cellpadding="0" cellspacing="0">
- <!-- 头部开始 -->
- <tr>
- <td width="17" valign="top" background="<%=basePath%>/background/Images/mail_left_bg.gif">
- <img src="<%=basePath%>/background/Images/left_top_right.gif" width="17" height="29" />
- </td>
- <td valign="top" background="<%=basePath%>/background/Images/content_bg.gif">
- <table width="100%" height="31" border="0" cellpadding="0" cellspacing="0" background="<%=basePath%>/background/<%=basePath%>/background/Images/content_bg.gif">
- <tr><td height="31"><div class="title" style="color: red">权限分配</div></td></tr>
- </table>
- </td>
- <td width="16" valign="top" background="<%=basePath%>/background/Images/mail_right_bg.gif"><img src="<%=basePath%>/background/Images/nav_right_bg.gif" width="16" height="29" /></td>
- </tr>
- <!-- 中间部分开始 -->
- <tr>
- <!--第一行左边框-->
- <td valign="middle" background="<%=basePath%>/background/Images/mail_left_bg.gif"> </td>
- <!--第一行中间内容-->
- <td valign="top" bgcolor="#F7F8F9">
- <table width="100%" border="0" align="center" cellpadding="0" cellspacing="0">
- <!-- 空白行-->
- <tr><td colspan="2" valign="top"> </td><td> </td><td valign="top"> </td></tr>
- <tr>
- <td colspan="4">
- <table>
- <tr>
- <td width="100" align="center"><img src="<%=basePath%>/background/Images/mime.gif" /></td>
- <td valign="bottom"><h3 style="letter-spacing:1px;color: blue">在这里,您可以修改用户的权限</h3></td>
- </tr>
- </table>
- </td>
- </tr>
- <!-- 一条线 -->
- <tr>
- <td height="40" colspan="4">
- <table width="100%" height="1" border="0" cellpadding="0" cellspacing="0" bgcolor="#CCCCCC">
- <tr><td></td></tr>
- </table>
- </td>
- </tr>
- <!-- 产品列表开始 -->
- <%UserBean userBean = (UserBean)session.getAttribute("func_userBean");
- int user_id = userBean.getUser_id();
- %>
- <tr>
- <td width="2%"> </td>
- <td width="96%">
- <table width="100%">
- <tr>
- <td colspan="2">
- <table width="100%" class="cont tr_color">
- <tr>
- <th></th>
- <th></th>
- <th></th>
- <th></th>
- <th></th>
- <th></th>
- </tr>
- <tr align="right" class="d">
- <td colspan="2" style="width: 300px">
- <br/><br/><br/><br/><br/><br/><br/><br/><br/><br/>
- <h2>您想对<span style="color: red"><%=userBean.getUser_name() %></span>分配什么样的权限?</h2>
- </td>
- <td>
- <form action="user.do?task=finish" name="checkForm" method="post" >
- <div class="zTreeDemoBackground left">
- <ul id="treeDemo" class="ztree"></ul>
- <input type="hidden" id="user_id" name="user_id" value="<%=user_id%>">
- </div>
- <div style="margin-right: 120px">
- <br>
- <input type="hidden" name="rightsId" id="rightsId" />
- <input type="submit" value="保存" onclick="onCheck()" />
- </div>
- </form>
- </td>
- <td colspan="2" style="width: 300px">
- </tr>
- </table>
- </td>
- </tr>
- </table>
- </td>
- <td width="2%"> </td>
- </tr>
- <!-- 产品列表结束 -->
- <tr>
- <td height="40" colspan="4">
- <table width="100%" height="1" border="0" cellpadding="0" cellspacing="0" bgcolor="#CCCCCC">
- <tr><td></td></tr>
- </table>
- </td>
- </tr>
- <tr>
- <td width="2%"> </td>
- <td width="51%" class="left_txt">
- <img src="<%=basePath%>/background/Images/icon_mail.gif" width="16" height="11"> 客户服务邮箱:870873201@qq.com<br />
- <img src="<%=basePath%>/background/Images/icon_phone.gif" width="17" height="14"> 官方网站:<a href="http://my.csdn.net/xie_xiansheng" target="_blank">作者博客</a>
- </td>
- <td> </td><td> </td>
- </tr>
- </table>
- </td>
- <td background="<%=basePath%>/background/Images/mail_right_bg.gif"> </td>
- </tr>
- <!-- 底部部分 -->
- <tr>
- <td valign="bottom" background="<%=basePath%>/background/Images/mail_left_bg.gif">
- <img src="<%=basePath%>/background/Images/buttom_left.gif" width="17" height="17" />
- </td>
- <td background="<%=basePath%>/background/Images/buttom_bgs.gif">
- <img src="<%=basePath%>/background/Images/buttom_bgs.gif" width="17" height="17">
- </td>
- <td valign="bottom" background="<%=basePath%>/background/Images/mail_right_bg.gif">
- <img src="<%=basePath%>/background/Images/buttom_right.gif" width="16" height="17" />
- </td>
- </tr>
- </table>
- </body>
- <SCRIPT type="text/javascript">
- var user_id = $("#user_id").val();
- var setting = {
- check: {
- enable: true,
- chkStyle: "checkbox",
- chkboxType: { "Y": "ps", "N": "ps" }
- },
- data: {
- simpleData: {
- enable: true
- }
- },
- callback:{
- onCheck:onCheck
- }
- };
- $(document).ready(function() {
- $.ajax( {
- url : "user.do?task=test&suibian=hehe&user_id="+user_id,
- type : "get",
- dataType : "test",
- success : function(data){
- initZtree(data);
- }
- });
- });
- function initZtree(data) {
- var zNodes = JSON.parse(data);
- var zTreeObj = $.fn.zTree.init($('#treeDemo'), setting, zNodes);
- }
- function onCheck(e,treeId,treeNode){
- var treeObj=$.fn.zTree.getZTreeObj("treeDemo"),
- nodes=treeObj.getCheckedNodes(true),
- v="";
- for(var i=0;i<nodes.length;i++){
- v+=nodes[i].id + ",";
- }//这会返回我们选中的节点给Servlet,然后在Servlet进行操作,先删除对应USER_ID的全部权限,然后选中的权限添加进去
- $("#rightsId").attr("value", v);
- }
- var msg = "<%=request.getAttribute("msg")%>";
- if("null"!=msg){
- alert(msg);
- }
- </SCRIPT>
- </html>
- package org.great.daoimpl;
- import java.sql.Connection;
- import java.sql.PreparedStatement;
- import java.sql.ResultSet;
- import java.sql.SQLException;
- import java.util.ArrayList;
- import java.util.List;
- import org.great.bean.FuncBean;
- import org.great.dao.FuncDao;
- import org.great.util.DBUtils;
- public class FuncDaoImpl implements FuncDao{
- private PreparedStatement pre = null;
- private ResultSet rs = null;
- /** 获得权限表数据*/
- public List<FuncBean> getFunc_ALL(int user_id){
- List<FuncBean> list = new ArrayList<FuncBean>();
- Connection conn = DBUtils.getConn();
- String sql = "select f.func_id,f.func_pid,f.func_name,f.func_url,f.func_level from t_function f," +
- "t_user_function rf where f.func_id = rf.func_id and rf.user_id = ?";
- try {
- pre = conn.prepareStatement(sql);
- pre.setInt(1, user_id);
- rs = pre.executeQuery();
- while(rs.next()){
- FuncBean funcBean = new FuncBean();
- funcBean.setFunc_id(rs.getInt(1));
- funcBean.setFunc_pid(rs.getInt(2));
- funcBean.setFunc_name(rs.getString(3));
- funcBean.setFunc_url(rs.getString(4));
- funcBean.setFunc_level(rs.getString(5));
- list.add(funcBean);
- }
- } catch (SQLException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } finally{
- DBUtils.close(conn, pre, rs);
- }
- return list;
- }
- //删除用户已有权限
- public void deleteFunc_All(int userId) {
- Connection conn = DBUtils.getConn();
- String sql = "delete t_user_function where user_id = ?";
- try {
- pre = conn.prepareStatement(sql);
- pre.setInt(1, userId);
- rs = pre.executeQuery();
- } catch (SQLException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } finally{
- DBUtils.close(conn, pre, rs);
- }
- }
- //根据超级管理员分配的权限添加进权限表
- public void addFunc_ByUserId(int userId,int func_id) {
- Connection conn = DBUtils.getConn();
- String sql = "insert into t_user_function values(?,?)";
- try {
- pre = conn.prepareStatement(sql);
- pre.setInt(1, userId);
- pre.setInt(2, func_id);
- rs = pre.executeQuery();
- } catch (SQLException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } finally{
- DBUtils.close(conn, pre, rs);
- }
- }
- }