Appfuse: Permission control and appfuse permission Control

Appfuse: Permission control and appfuse permission Control

Appfuse permission control depends on Struts Menu mechanism, menu. jsp under the common is the definition of Menu order, detailed menu items and Menu links and permissions control in the menu-config.xml, as follows:

<Menu name = "Logout" title = "user. logout" page = "/logout" roles = "ROLE_ADMIN, ROLE_USER, ROLE_PRODUCT"/>

The value in roles is the name in the role table. If you assign the menu permission to the role, add the role name to the roles defined by the menu.

However, during use, we will find that after definition, the menu is out of order and originated from a Bug in appfuse, we can modify the navbarMenu. vm file as follows:

1 # macro (displayNavbarMenu $ menu $ count) 2 # if ($ displayer. isAllowed ($ menu) 3 # set ($ count = $ count + 1) 4 # set menu title 5 # set ($ title = $ displayer. getMessage ($ menu. title) 6 # if (! $ Menu. url) # set ($ url = "javascript: void (0)") # else # set ($ url = $ menu. url) # end 7 8 # create a single menu item 9 # if ($ menu. components. size () = 0) 10 <li class = "# if ($ menu. name = $ currentMenu) active # end "> 11 <a href =" $ url "title =" $ title "#if($menu.tar get) target = "inclumenu.tar get" # end # if ($ menu. width) style = "width: $ {menu. width} px "# end >$ {title} </a> 12 # else # create multiple menu items in a menu13 # if ($ menu. components. size ()> 0) 14 # set ($ hasViewableChildren = false) 15 # set ($ renderedChildren = 0) 16 # foreach ($ menuIt in $ menu. components) 17 # if ($ displayer. isAllowed ($ menuIt) 18 # set ($ hasViewableChildren = true) 19 # set ($ renderedChildren = $ renderedChildren + 1) 20 # end21 # end22 # end23 24 <li # if ($ hasViewableChildren) class = "dropdown # if ($ menu. name = $ currentMenu) active # end "# end> 25 <a href =" # "title =" $ title "26 ifif($menu.tar get) target = "inclumenu.tar get" # end27 # if ($ menu. width) style = "width: $ {menu. width} px "# end28 class =" dropdown-toggle "data-toggle =" dropdown ">$ {title} </a> 29 # end30 31 # if ($ menu. components. size ()> 0) 32 # if ($ hasViewableChildren) 33 <ul class = "dropdown-menu"> 34 # end35 36 # set ($ count = 0) 37 # foreach ($ menuIt in $ menu. components) 38 # displayNavbarMenu ($ menuIt, $ count) 39 # end40 41 # if ($ hasViewableChildren & ($ count = $ renderedChildren )) 42 </ul> </li> 43 # else44 </ul> 45 # if ($ count> $ renderedChildren) 46 </li> 47 # end48 # end49 # else50 </li> 51 # if ($ menu. parent & $ count = $ menu. parent. components. size () 52 ##</ul> 53 # end54 # end55 # end56 # end57 58 # displayNavbarMenu ($ menu, 0)NavbarMenu. vm

The Menu Control permission can only be used to control Menu visibility. If you want to go deep into data control, you need to process it yourself. The following is the operation control through the OnSubmit method:

1. First define the cut surface and cut into the OnSubmit Method

1/** 2 * for permission verification. If the user does not have the permission, the request is denied 3 */4 @ Override 5 public Object invoke (MethodInvocation invocation) throws Throwable {6 try {7 Boolean allow = false; 8 // The currently executed operation 9 String action = ""; 10 // obtain the role 11 User user = userManager of the current User. get (getCurrentUserID (); 12 Set <Role> roleList = user. getRoles (); 13 // The currently executed operation. Obtain 14 from the Request // obtain the RequestString OnSubmit (Greatplace greatplace, 15 // BindingRes Ult errors, HttpServletRequest request, 16 // HttpServletResponse response) 17 if (invocation. getArguments (). length = 418 & invocation. getArguments () [2]. getClass () = HttpServletRequest. class) {19 HttpServletRequest request = (HttpServletRequest) invocation20. getArguments () [2]; 21 if (request. getParameter ("save ")! = Null) {22 action = RolePermissionManager. PERMISSION_SAVE; 23} else if (request. getParameter ("delete ")! = Null) {24 action = RolePermissionManager. PERMISSION_DELETE; 25} else if (request. getParameter ("approve ")! = Null26 | request. getParameter ("unapprove ")! = Null) {27 action = RolePermissionManager. PERMISSION_APPROVE; 28} 29 for (Role r: roleList) {30 allow = RolePermissionManager. hasPermission (r. getName (), 31 action); 32 if (allow) 33 break; 34} 35 if (! Allow) {36 request. getSession (). setAttribute ("successMessages", 37 "sorry, you are not authorized to perform this operation! "); 38 return request. getPathInfo (). replace ("/", ""); 39} 40} 41 Object result = invocation. proceed (); 42 return result; 43 44} catch (IllegalArgumentException ex) {45 log. error (ex); 46 throw ex; 47} 48}SubmitAdvice

2. define your own permission verification method. The following is a simple example.

Public class RolePermissionManager {/*** permission item: save */public static final String PERMISSION_SAVE = "save";/*** permission item: approve */public static final String PERMISSION_APPROVE = "approve";/*** permission item: delete */public static final String PERMISSION_DELETE = "delete";/*** role: administrator */public static final String ROLE_ADMIN = "ROLE_ADMIN";/*** role: Common User */public static final String ROLE_USER = "ROLE_USER "; /*** role-based permission matrix */private static Map <String, List <String> permissionList;/*** initialize the role's permission item */public RolePermissionManager () {}/*** determine whether the current role has the specified permission item * @ param roleName role name * @ param permissionName permission item name * @ return */public static Boolean hasPermission (String roleName, string permissionName) {return getPermissionList (). get (roleName ). contains (permissionName);}/*** rules for defining roles and permission items * @ return */public static Map <String, List <String> getPermissionList () {if (permissionList = null) {permissionList = new HashMap <String, List <String> (); // define the Administrator permission List <String> adminPermissionList = new ArrayList <String> (); adminPermissionList. add (PERMISSION_SAVE); adminPermissionList. add (PERMISSION_APPROVE); adminPermissionList. add (PERMISSION_DELETE); permissionList. put (ROLE_ADMIN, adminPermissionList); // defines the permission List of normal users <String> userPermissionList = new ArrayList <String> (); permissionList. put (ROLE_USER, userPermissionList);} return permissionList ;}}RolePermissionManager

In this way, basic permission control can be achieved.

The data permissions that users see are controlled by parameters in the url and search. However, as long as the parameters in the url are modified, the data permissions can be crossed and need to be optimized.