Appfuse: Permission Control

Appfuse's permissions control relies on the struts of the menu mechanism, common under the menu.jsp is the menu order definition, detailed menu items and links and permissions Menu-config.xml control, as follows:

<menu name= "Logout" title= "User.logout" page= "/logout" roles= "Role_admin,role_user,role_product"/>

The value in roles is the name in the role table, assigning the permissions of the menu to that character, then adding the name of the role to the menu-defined roles.

But the use of the process will find that the menu after the definition is messy, from a bug in Appfuse, modify the file Navbarmenu.vm, as follows:

1 #macro (displaynavbarmenu $menu $count)2#if($displayer. isallowed ($menu))3#set ($count = $count + 1)4 # # set menu title5#set ($title =$displayer. GetMessage ($menu. title))6#if(! $menu. URL) #set ($url = "javascript:void (0)") #Else#set ($url =$menu. url) #end7 8 # # Create a single menu item9#if($menu. components.size () = = 0)Ten<liclass= "#if ($menu. Name = = $currentMenu) active#end" > One<a href= "$url" title= "$title" #if($menu. Target) target= "$menu. Target" #end #if($menu. Width) style= "width: ${menu.width}px" #end >${title}</a> A#Else# # Create multiple menu items in a menu -#if($menu. Components.size () > 0) -#set ($hasViewableChildren =false) the#set ($renderedChildren = 0) - #foreach ($menuIt in $menu. components) -#if($displayer. isallowed ($menuIt)) -#set ($hasViewableChildren =true) +#set ($renderedChildren = $renderedChildren + 1) - #end + #end A #end at  -<li#if($hasViewableChildren)class= "dropdown#if ($menu. Name = = $currentMenu) active#end" #end > -<a href= "#" title= "$title" -#if($menu. Target) target= "$menu. Target"#end -#if($menu. Width) style= "width: ${menu.width}px"#end -              class= "Dropdown-toggle" data-toggle= "dropdown" >${title}</a> in #end -  to#if($menu. Components.size () > 0) +#if($hasViewableChildren) -<ulclass= "Dropdown-menu" > the #end *  $#set ($count = 0)Panax Notoginseng #foreach ($menuIt in $menu. components) - #displayNavbarMenu ($menuIt, $count) the #end +  A#if($hasViewableChildren && ($count = =$renderedChildren)) the</ul></li> +#Else -</ul> $#if($count >$renderedChildren) $</li> - #end - #end the#Else -</li>Wuyi#if($menu. Parent && $count = =$menu. Parent.components.size ()) the##</ul> - #end Wu #end - #end About #end $  -#displayNavbarMenu ($menu, 0)

NAVBARMENU.VM

Using the Menu control permission can only control the visibility of menus, and if you want to drill down into the data control you need to handle it yourself. Here is the operation control by cutting into the OnSubmit method:

1. First define the slice, cut into the OnSubmit method

1 /**2 * Do permission verification, if the user does not have permission, then deny the request3      */4 @Override5      PublicObject invoke (Methodinvocation invocation)throwsThrowable {6         Try {7Boolean allow =false;8             //actions currently performed9String action = "";Ten             //gets the role of the user for the current operation OneUser User =Usermanager.get (Getcurrentuserid ()); ASet<role> rolelist =user.getroles (); -             //the currently performed action, obtained from the request -             //OnSubmit-based signatures get requeststring onSubmit (greatplace greatplace, the             //bindingresult errors, httpservletrequest request, -             //httpservletresponse Response) -             if(Invocation.getarguments (). length = = 4 -&& invocation.getarguments () [2].getclass () = = HttpServletRequest.class) { +HttpServletRequest request =(httpservletrequest) invocation -. getarguments () [2]; +                 if(Request.getparameter ("save")! =NULL) { AAction =Rolepermissionmanager.permission_save; at}Else if(Request.getparameter ("delete")! =NULL) { -Action =Rolepermissionmanager.permission_delete; -}Else if(Request.getparameter ("approve")! =NULL -|| Request.getparameter ("Unapprove")! =NULL) { -Action =Rolepermissionmanager.permission_approve; -                 } in                  for(Role r:rolelist) { -Allow =rolepermissionmanager.haspermission (R.getname (), to action); +                     if(Allow) -                          Break; the                 } *                 if(!Allow ) { $Request.getsession (). SetAttribute ("Successmessages",Panax Notoginseng"Sorry, you do not have permission to do this!" "); -                     returnRequest.getpathinfo (). Replace ("/", "" "); the                 } +             } AObject result =invocation.proceed (); the             returnresult; +  -}Catch(IllegalArgumentException ex) { $ Log.error (ex); $             Throwex; -         } -}

Submitadvice

2. Define your own authorization method, here is a simple example

 Public classRolepermissionmanager {/*** Permission Entry: Save*/     Public Static FinalString permission_save = "SAVE"; /*** Permission Entry: Approval*/     Public Static FinalString permission_approve = "APPROVE"; /*** Permission Entry: Delete*/     Public Static FinalString permission_delete = "DELETE"; /*** Role: Administrator*/     Public Static FinalString role_admin = "Role_admin"; /*** Role: Normal user*/     Public Static FinalString role_user = "Role_user"; /*** Role-based permission matrix*/    Private StaticMap<string,list<string>>permissionlist; /*** Initialize the permissions entry for the role*/     PublicRolepermissionmanager () {}/*** Determine if the current role has a specified permission entry *@paramroleName Role Name *@paramPermissionname Permission Entry name *@return     */     Public StaticBoolean haspermission (String rolename,string permissionname) {returngetpermissionlist (). Get (RoleName). Contains (permissionname); }    /*** Rules for defining roles and permission entries *@return     */     Public StaticMap<string,list<string>>getpermissionlist () {if(Permissionlist = =NULL) {permissionlist=NewHashmap<string,list<string>>(); //Define permissions for administratorsList<string> adminpermissionlist =NewArraylist<string>();            Adminpermissionlist.add (Permission_save);            Adminpermissionlist.add (Permission_approve);            Adminpermissionlist.add (Permission_delete);            Permissionlist.put (Role_admin, adminpermissionlist); //define permissions for a normal userList<string> userpermissionlist =NewArraylist<string>();        Permissionlist.put (Role_user, userpermissionlist); }        returnpermissionlist; }}

Rolepermissionmanager

This allows for the basic control of permissions to be achieved.

About the data permissions the user sees I use the parameters in the URL, combined with search to control, but so long as the parameters in the URL can be modified to bypass the data permissions, to be optimized.

Appfuse: Permission Control