声明:由于代码过多,之摘下了添加用户权限和用户登录后所显示各自各有那些权限
一:所需的数据库表和sql语句
--创建权限表 create table system.purview ( pvalue number(3)primary key, pname varchar2(20), pmodule varchar2(20) ); insert into system.purview values(1,'添加','新闻'); insert into system.purview values(2,'修改','新闻'); insert into system.purview values(3,'删除','新闻'); insert into system.purview values(4,'查询','新闻'); insert into system.purview values(5,'添加','公告'); insert into system.purview values(6,'修改','公告'); insert into system.purview values(7,'删除','公告'); insert into system.purview values(8,'查询','公告'); --创建角色表 create table system.roler ( id varchar2(20)primary key, rid varchar2(20), rname varchar2(20) ); create sequence system.roler_sequence start with 1 increment by 1 nomaxvalue cache 20; create trigger system.roler_trigger before insert on system.roler for each row when(new.id is null) begin select system.roler_sequence.nextval into:new.id from dual; end;
2)purview表
二:添加权限
1)添加角色jsp
<%@ page language="java" import="java.util.*" pageEncoding="GBK"%> <%@page isELIgnored="false" %> <%@taglib uri="/struts-tags" prefix="s" %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> </head> <body> <form action="rolerInsertDo.action" method="post"> 角色名<input type="text" name="rname"/> <BR></BR>权限 <table border="1"> <tr><td >新闻</td><td> <table border="1"> <tr> <s:iterator value="purviewList" var="pur"> <s:if test="${pur.pmodule=='新闻'}"> <td><input type="checkbox" name="purview" value="${pur.pvalue}"/>${pur.pname }</td> </s:if> </s:iterator> </tr> </table> </td></tr> <tr><td>公告</td><td> <table border="1"> <tr> <s:iterator value="purviewList" var="pur"> <s:if test="${pur.pmodule=='公告'}"> <td><input type="checkbox" name="purview" value="${pur.pvalue}"/>${pur.pname }</td> </s:if> </s:iterator> </tr> </table> </td></tr> </table> <input type="submit"value="提交"/> </form> </body> </html>
public String insertDo() { //获得角色名称和权限值 int p[]=roler.getPurview(); //调用service层 rolerService=new InsertRolerService(); int flag= rolerService.insert(roler); return SUCCESS; }
public int insert(InsertRolerBean roler){ //开始连接数据库 dbcon=new DBConnection(); sta=dbcon.getSta(); //取出所有选 中的权限值,生成最终的权限值 long sum=0; for(int i=0;i<roler.getPurview().length;i++){ sum+=Math.pow(2, roler.getPurview()[i]);//getPurview是事先声明好的get和set方法,此数组用来接收前台所选的权限,Math.pow此发放为权限算法 } sql="insert into roler(rid,rname) values("+sum+",'"+roler.getRname()+"')"; try { flag=sta.executeUpdate(sql); } catch (SQLException e) { // TODO Auto-generated catch block e.printStackTrace(); } return flag; }三:根据用户查看此用户所具有的权限
1)查看用户所具有的权限页面
<%@ page language="java" import="java.util.*" pageEncoding="GBK"%> <%@page isELIgnored="false" %> <%@taglib uri="/struts-tags" prefix="s" %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> </head> <body> <form action="checkRoler" method="post"> 用户名:<input type="text" name="rname"> <input type="submit" value="登录"> </form> </body> </html>
public String getByName(){ String name=roler.getRname(); //System.out.println("name-------------->"+name); purviewService=new RolerService(); roler=purviewService.getByRname(name); long rid=roler.getRid(); System.out.println("rid------------->"+rid); purviewList=purviewService.getAll(); lis=purviewService.getRoler(purviewList,rid); lis=purviewService.getQX(lis); return "success"; }
a).getByRname方法,用来根据所登用户的名称得到rid字段
public InsertRolerBean getByRname(String rname){ dbcon=new DBConnection(); sta=dbcon.getSta(); sql="select id,rid,rname from roler t where t.rname='"+rname+"'"; try { rs=sta.executeQuery(sql); while(rs.next()){ rb=new InsertRolerBean(); rb.setId(rs.getInt("id")); rb.setRid(rs.getLong("rid")); rb.setRname(rs.getString("rname")); } } catch (SQLException e) { // TODO Auto-generated catch block e.printStackTrace(); } return rb; }b).getAll()方法用来得到所有权限名称
public List getAll(){ purviewList=new ArrayList(); //开始连接数据库 dbcon=new DBConnection(); sta=dbcon.getSta(); sql="select pvalue,pname,pmodule from purview"; try { rs=sta.executeQuery(sql); //循环打包 while(rs.next()){ RolerBean pur=new RolerBean(); pur.setPvalue(rs.getInt("pvalue")); pur.setPname(rs.getString("pname")); pur.setPmodule(rs.getString("pmodule")); purviewList.add(pur); } } catch (SQLException e) { // TODO Auto-generated catch block e.printStackTrace(); }finally{ dbcon.close(); } return purviewList; }
public List getRoler(List lis,long rid){ //System.out.println("lisSize-------------->"+lis.size()); purviewList=new ArrayList(); for(int i=1;i<=lis.size();i++){ long cou=(long) Math.pow(2,i);//将purview表中的pvalue字段进行权限算法 System.out.println("cou------------>"+cou); long fh=cou&rid;//将权限与用所具有的权限算法进行对比,如果为零则没有这个权限反之具有折个权限 if(fh!=0){ purviewList.add(i); } //System.out.println(cou); } return purviewList; }
d)getQX()方法:
public List getQX(List lis){ String str=lis.toString(); String tr=str.substring(1,str.length()-1);//截取已转型成String的List集合中的数字 purviewList=new ArrayList(); dbcon=new DBConnection(); sta=dbcon.getSta(); sql="select pvalue,pname,pmodule from purview where pvalue in("+tr+")"; //System.out.println("hello---------->"+i); try { rs=sta.executeQuery(sql); while(rs.next()){ rob=new RolerBean(); rob.setPvalue(rs.getInt("pvalue")); rob.setPname(rs.getString("pname")); rob.setPmodule(rs.getString("pmodule")); purviewList.add(rob); } } catch (SQLException e) { // TODO Auto-generated catch block e.printStackTrace(); } return purviewList; }
1)添加角色图例:
数据库表见前边的图
2)查看用户所具有的权限图例:
例如输入上图中admin则会显示如下图的权限:
如果输入tianyi则会显示下图的权限:
后记:对权限的算法只是知道一点皮毛,这些权限是少的权限,如果成百个的权限照我的这个算法感觉效率很低,并且可能有效长度不够,希望有对权限熟悉的朋友给个建议或例子(例子最好,不要太复杂的,越简单越好,谢谢),大家共同学习..............