CRM permission control notes

This CRM includes three aspects

Customer Management System: Birthday reminder of customer information reservation

Invoicing system: warehouse receiving and receiving sales

OA Management System: such as calendar

**************************************** **************************************** **************************************** ****************

About configuration !!!!!!!!!!!!!!!!!!!!!! Have a good look.
Ruby's pure object-oriented model. For example, getting the negative value of the absolute value is also an object.

////// Permission control consists of coarse-grained permission control and fine-grained permission control.
**************************************** **************************************** **************************************** ****************
Coarse-grained permission control (implemented by filters ):

Note 1:
Note which pages cannot be intercepted. For example, index. jsp cannot be blocked. login. jsp cannot be blocked. image. jsp (used to display verification codes) cannot be blocked.
Write the pages that are not blocked to side. properties in a configuration file. Then, read the property file in the interceptor.
NOTE 2:
After the user logs on correctly, save the user's information to the session and forward it to main. jsp. A filter is required in the middle !!!! When Logging On, you must go through the filter to determine user information.
Whether it is stored in the session. If not, it is redirected to the logon page.
Configure the filter in Web. xml.

////// Fine-grained permission control (the key is to write a baseaction, And the other actions are inherited from baseaction)

The first important table: operation table.
This table lists all operations performed on all modules.
Main field: Module name Operation name (for example, add, delete, modify) Sort title prompt remarks

The second important table: User table
This table describes user information.
Main field: Id username private sysrole (permission group) Private sysusergroup (Department)

Third important table: Operation permission table
This table describes the operations performed by each permission group on the module. That is to say, it indicates the operations that each permission Group has on the methods in which modules.
Main field: Operation of the permission group number function module name function module (such as adding or deleting ). The three fields are used as the Union fields to ensure uniqueness.
That is to say, the table shows the operations that the permission Group has on which modules.
Note: The system administrator sets permissions for each permission group.
**************************************** **************************************** **************************************** ****************
CodeImplementation:
You can customize a baseaction extends dispatchaction so that other action classes inherit from this baseaction and then combine the annotation to solve the problem.

Key Aspect 1:
The lifecycle of a custom annotation is @ retention (retentionpolicy. runtime). This annotation has two attributes: Module name and permission (for example, add, delete, and modify)
Add a custom annotation to the method in the action to indicate which module the method belongs to and what the method is.

Key 2:
The execute () method in dispatchaction is overwritten.
Step 1: retrieve the user from the session. The key is to obtain the permission group number.
Step 2: Obtain the method to be executed after reflection.
Step 3: obtain this method and use method. getannotation (myannotation. Class) to obtain the Annotation on this method.
The module name and permissions (for example, add, delete, and modify) are obtained after the annotation is obtained)
Step 4: use this permission group number to identify all permissions in the Operation permission table. The returned value is a list.
Traverse each member of this list (each object in it has the permission group number, Module name, and permission), and associate this member with the permission group number, Module name, permission (for example, add, delete, or modify) matching.

If the operation succeeds, the permission is granted. Otherwise, the operation fails.