Web应用——驾培管理系统之系统—权限分配(作者:小圣)
本节博文将向大家介绍本次Web应用之权限分配。
笔者会把大概实现过程贴出来,有看不懂过程且需要项目源码的请戳:http://download.csdn.net/detail/xie_xiansheng/9486872,需要数据库表格的请留言。有些小细节没完善,有些代码冗余,初学请见谅!本节博文需要json格式的第三方jar包,有需要的请戳:http://download.csdn.net/detail/xie_xiansheng/9488231 或者 http://download.csdn.net/detail/xie_xiansheng/9486876下载自己对应jdk版本的json-lib包,笔者自身是jdk13版本,还另外提供了jdk15版本,需要的可以去下载。
何为权限分配,就是本次驾培系统设置一个超级管理人员,这个管理人员能给在本平台上的所有用户进行权限分配。可以让用户登录后根据超级管理人员所分配的权限,给予与之相对应的权限操作。本次权限分配用了两个oracle数据表,一个是所有权限的表格,即全部权限都存在里面,并且设置权限的ID和等级。另一个是用户权限表格,根据超级管理人员所分配的权限,在用户权限表格上增删权限ID。说了这么多,不知道大家能不能明白,先上效果图。
权限分配演示一:超管登录,对admin用户进行权限分配。admin用户登录后,只能操作个人和系统管理。
权限分配演示二:超管登录,对hongxing用户进行权限分配。hongxing用户登录后,只能操作个人和系统管理。
看完上面两个gif图,大家应该明白此次实现的功能是什么了。本次权限分配用了一个第三方插件:Ztree,实现权限的树状列表。
下面给大家展现一下Ztree的demo,以便明白笔者是怎么实现这个权限分配的.
这是Ztree插件附带的demo,点击右键审查页面代码,可以看到:树状结构由一个zNodes实现
<link rel="stylesheet" href="../../../css/demo.css" type="text/css"> <link rel="stylesheet" href="../../../css/zTreeStyle/zTreeStyle.css" type="text/css"> <script type="text/javascript" src="../../../js/jquery-1.4.4.min.js"></script> <script type="text/javascript" src="../../../js/jquery.ztree.core-3.5.js"></script> <script type="text/javascript" src="../../../js/jquery.ztree.excheck-3.5.js"></script> <!-- <script type="text/javascript" src="../../../js/jquery.ztree.exedit-3.5.js"></script> --> <SCRIPT type="text/javascript"> <!-- var setting = { check: { enable: true }, data: { simpleData: { enable: true } } }; var zNodes =[ { id:1, pId:0, name:"个人管理 1", open:true}, { id:3, pId:1, name:"随意勾选 1-1", open:true}, { id:5, pId:1, name:"随意勾选 1-1-1"}, { id:112, pId:11, name:"随意勾选 1-1-2"}, { id:12, pId:1, name:"随意勾选 1-2", open:true}, { id:121, pId:12, name:"随意勾选 1-2-1"}, { id:122, pId:12, name:"随意勾选 1-2-2"}, { id:2, pId:0, name:"随意勾选 2", checked:true, open:true}, { id:21, pId:2, name:"随意勾选 2-1"}, { id:22, pId:2, name:"随意勾选 2-2", open:true}, { id:221, pId:22, name:"随意勾选 2-2-1", checked:true}, { id:222, pId:22, name:"随意勾选 2-2-2", checked:false}, { id:23, pId:2, name:"随意勾选 2-3"}, ]; var code; function setCheck() { var zTree = $.fn.zTree.getZTreeObj("treeDemo"), py = $("#py").attr("checked")? "p":"", sy = $("#sy").attr("checked")? "s":"", pn = $("#pn").attr("checked")? "p":"", sn = $("#sn").attr("checked")? "s":"", type = { "Y":py + sy, "N":pn + sn}; zTree.setting.check.chkboxType = type; showCode('setting.check.chkboxType = { "Y" : "' + type.Y + '", "N" : "' + type.N + '" };'); } function showCode(str) { if (!code) code = $("#code"); code.empty(); code.append("<li>"+str+"</li>"); } $(document).ready(function(){ $.fn.zTree.init($("#treeDemo"), setting, zNodes); setCheck(); $("#py").bind("change", setCheck); $("#sy").bind("change", setCheck); $("#pn").bind("change", setCheck); $("#sn").bind("change", setCheck); }); //--> </SCRIPT> </HEAD> <BODY> <div class="content_wrap"> <div class="zTreeDemoBackground left"> <ul id="treeDemo" class="ztree"></ul> </div> </div>
全部权限的表格:
用户所有权限的表格:超管的user_id是1,他拥有全部权限ID
接下来请看我们的UserServlet:
public class UserServlet extends HttpServlet{ @Override protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { req.setCharacterEncoding("utf-8"); resp.setContentType("text/html;charset=utf-8"); String task = req.getParameter("task"); HttpSession session = req.getSession(); //从登陆的传的session获取到用户信息 UserBean userBean = (UserBean)session.getAttribute("Logindo"); UserDao userDao = DaoFactory.getUserDao(); PrintWriter writer = resp.getWriter(); if("logout".equals(task)){ session = req.getSession(); session.invalidate(); req.getRequestDispatcher("index.jsp").forward(req, resp); }else if("permission".equals(task)){ //跳转到权限分配jsp int pagenum = Integer.parseInt(req.getParameter("pagenum")); int count = userDao.countUser(); PageBean pageBean = new PageBean(); pageBean.findPageBean(count, pagenum); List<UserBean> userBeans =userDao.findPage(pageBean); req.setAttribute("pageBean", pageBean); req.setAttribute("userBeans", userBeans); req.getRequestDispatcher("jsp/sysmanager/permission.jsp").forward(req, resp); }else if("delivery".equals(task)){ //权限分配业务逻辑 //TODO int deliveryUserId = Integer.parseInt(req.getParameter("userid")); userBean = userDao.findUser_ById(deliveryUserId); session.setAttribute("func_userBean", userBean); req.getRequestDispatcher("jsp/sysmanager/testfunc.jsp").forward(req, resp); //jsp点击权限分配 }else if("test".equals(task)){ int user_id = Integer.parseInt(req.getParameter("user_id")) ; //获取全部的权限列表 List<FuncBean> funcList = DaoFactory.getFuncDao().getFunc_Already(); //根据用户ID获取他所有的权限 List<FuncBean> userList = DaoFactory.getFuncDao().getFunc_ALL(user_id); int userid = userBean.getUser_id(); //获取出id,pid(权限父ID),name(权限名),open(是否展开),checked(默认选中)等属性 List<FunctionBean> functionBeans = new ArrayList<FunctionBean>(); //对全部权限列表进行迭代 for (FuncBean Bean : funcList) { FunctionBean functionBean = new FunctionBean(); //将权限表的所有信息set进去 functionBean.setId(Bean.getFunc_id()); functionBean.setpId(Bean.getFunc_pid()); functionBean.setName(Bean.getFunc_name()); //如果权限列表的父id为0,则默认展开 if(Bean.getFunc_pid()==0){ functionBean.setOpen(true); }else{ functionBean.setOpen(false); } int flag = 0; //对用户已有权限列表进行迭代 for (FuncBean itemBean : userList) { //如果用户已有权限ID与所有权限表的权限ID相等,则默认选中 if(itemBean.getFunc_id()==Bean.getFunc_id()){ flag = 1; functionBean.setChecked(true); } } //否则不选中 if(flag == 0){ functionBean.setChecked(false); } //将结果存到List<FunctionBean> functionBeans中 functionBeans.add(functionBean); } //转换为JSON格式传到页面,转换为JSON格式,结果就是上文所需的zNodes格式[{id: ,pid: ,name:'',open:ture/false,checked:true/false}],不明白可以留言 JSONArray funcjson = JSONArray.fromObject(functionBeans); writer.write(funcjson.toString()); writer.flush(); //权限分配完成点击提交 }else if("finish".equals(task)){ //获取JSP页面传来的user_id int user_id = Integer.parseInt(req.getParameter("user_id")) ; //获取JSP页面传来的权限ID的字符串 String rightsId = req.getParameter("rightsId"); //截取成单个字符串数组 String [] stringArr= rightsId.split(","); //String stringArr[] = req.getParameterValues("rightsId"); //删除对应用户已有的权限 DaoFactory.getFuncDao().deleteFunc_All(user_id); for (int i = 0; i < stringArr.length; i++) { if(!stringArr[i].equals("")){ //如果权限ID不为空,则将权限添加进数据表 int func_id = Integer.valueOf(stringArr[i]) ; DaoFactory.getFuncDao().addFunc_ByUserId(user_id,func_id); } } userBean = userDao.findUser_ById(user_id); req.setAttribute("msg", "分配成功,已保存!"); session.setAttribute("func_userBean", userBean); req.getRequestDispatcher("jsp/sysmanager/testfunc.jsp").forward(req, resp); //导航-》关于/我的 }else if("about".equals(task)){ int driving_id = userBean.getDriving_id(); String driving_name = DaoFactory.getDrivingSchDao().findDrivName_ById(driving_id); ApkBean apkBean = DaoFactory.getRoleDao().findApk_ByNewOne(); req.setAttribute("apkBean", apkBean); req.setAttribute("driving_name", driving_name); req.setAttribute("userBean", userBean); req.getRequestDispatcher("jsp/sysmanager/about.jsp").forward(req, resp); } } }
这是我们的权限分配的JSP:
<%@ page language="java" import="java.util.*,org.great.bean.*" pageEncoding="utf-8"%> <%@page import="org.great.dao.DaoFactory"%> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <base href="<%=basePath%>"> <title>My JSP 'usermanager.jsp' starting page</title> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="cache-control" content="no-cache"> <meta http-equiv="expires" content="0"> <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> <meta http-equiv="description" content="This is my page"> <!-- <link rel="stylesheet" type="text/css" href="styles.css"> --> <link rel="stylesheet" type="text/css" href="<%=basePath%>/background/Style/skin.css" /> <script type="text/javascript" src="<%=basePath%>/zTree/js/jquery-1.4.4.min.js"> </script> <link rel="stylesheet" href="<%=basePath%>/zTree/css/demo.css" type="text/css"> <link rel="stylesheet" href="<%=basePath%>/zTree/css/zTreeStyle/zTreeStyle.css" type="text/css"> <script type="text/javascript" src="<%=basePath%>/zTree/js/jquery.ztree.core-3.5.js"> </script> <script type="text/javascript" src="<%=basePath%>/zTree/js/jquery.ztree.excheck-3.5.js"> </script> </head> <body> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <!-- 头部开始 --> <tr> <td width="17" valign="top" background="<%=basePath%>/background/Images/mail_left_bg.gif"> <img src="<%=basePath%>/background/Images/left_top_right.gif" width="17" height="29" /> </td> <td valign="top" background="<%=basePath%>/background/Images/content_bg.gif"> <table width="100%" height="31" border="0" cellpadding="0" cellspacing="0" background="<%=basePath%>/background/<%=basePath%>/background/Images/content_bg.gif"> <tr><td height="31"><div class="title" style="color: red">权限分配</div></td></tr> </table> </td> <td width="16" valign="top" background="<%=basePath%>/background/Images/mail_right_bg.gif"><img src="<%=basePath%>/background/Images/nav_right_bg.gif" width="16" height="29" /></td> </tr> <!-- 中间部分开始 --> <tr> <!--第一行左边框--> <td valign="middle" background="<%=basePath%>/background/Images/mail_left_bg.gif"> </td> <!--第一行中间内容--> <td valign="top" bgcolor="#F7F8F9"> <table width="100%" border="0" align="center" cellpadding="0" cellspacing="0"> <!-- 空白行--> <tr><td colspan="2" valign="top"> </td><td> </td><td valign="top"> </td></tr> <tr> <td colspan="4"> <table> <tr> <td width="100" align="center"><img src="<%=basePath%>/background/Images/mime.gif" /></td> <td valign="bottom"><h3 style="letter-spacing:1px;color: blue">在这里,您可以修改用户的权限</h3></td> </tr> </table> </td> </tr> <!-- 一条线 --> <tr> <td height="40" colspan="4"> <table width="100%" height="1" border="0" cellpadding="0" cellspacing="0" bgcolor="#CCCCCC"> <tr><td></td></tr> </table> </td> </tr> <!-- 产品列表开始 --> <%UserBean userBean = (UserBean)session.getAttribute("func_userBean"); int user_id = userBean.getUser_id(); %> <tr> <td width="2%"> </td> <td width="96%"> <table width="100%"> <tr> <td colspan="2"> <table width="100%" class="cont tr_color"> <tr> <th></th> <th></th> <th></th> <th></th> <th></th> <th></th> </tr> <tr align="right" class="d"> <td colspan="2" style="width: 300px"> <br/><br/><br/><br/><br/><br/><br/><br/><br/><br/> <h2>您想对<span style="color: red"><%=userBean.getUser_name() %></span>分配什么样的权限?</h2> </td> <td> <form action="user.do?task=finish" name="checkForm" method="post" > <div class="zTreeDemoBackground left"> <ul id="treeDemo" class="ztree"></ul> <input type="hidden" id="user_id" name="user_id" value="<%=user_id%>"> </div> <div style="margin-right: 120px"> <br> <input type="hidden" name="rightsId" id="rightsId" /> <input type="submit" value="保存" onclick="onCheck()" /> </div> </form> </td> <td colspan="2" style="width: 300px"> </tr> </table> </td> </tr> </table> </td> <td width="2%"> </td> </tr> <!-- 产品列表结束 --> <tr> <td height="40" colspan="4"> <table width="100%" height="1" border="0" cellpadding="0" cellspacing="0" bgcolor="#CCCCCC"> <tr><td></td></tr> </table> </td> </tr> <tr> <td width="2%"> </td> <td width="51%" class="left_txt"> <img src="<%=basePath%>/background/Images/icon_mail.gif" width="16" height="11"> 客户服务邮箱:[email protected]<br /> <img src="<%=basePath%>/background/Images/icon_phone.gif" width="17" height="14"> 官方网站:<a href="http://my.csdn.net/xie_xiansheng" target="_blank">作者博客</a> </td> <td> </td><td> </td> </tr> </table> </td> <td background="<%=basePath%>/background/Images/mail_right_bg.gif"> </td> </tr> <!-- 底部部分 --> <tr> <td valign="bottom" background="<%=basePath%>/background/Images/mail_left_bg.gif"> <img src="<%=basePath%>/background/Images/buttom_left.gif" width="17" height="17" /> </td> <td background="<%=basePath%>/background/Images/buttom_bgs.gif"> <img src="<%=basePath%>/background/Images/buttom_bgs.gif" width="17" height="17"> </td> <td valign="bottom" background="<%=basePath%>/background/Images/mail_right_bg.gif"> <img src="<%=basePath%>/background/Images/buttom_right.gif" width="16" height="17" /> </td> </tr> </table> </body> <SCRIPT type="text/javascript"> var user_id = $("#user_id").val(); var setting = { check: { enable: true, chkStyle: "checkbox", chkboxType: { "Y": "ps", "N": "ps" } }, data: { simpleData: { enable: true } }, callback:{ onCheck:onCheck } }; $(document).ready(function() { $.ajax( { url : "user.do?task=test&suibian=hehe&user_id="+user_id, type : "get", dataType : "test", success : function(data){ initZtree(data); } }); }); function initZtree(data) { var zNodes = JSON.parse(data); var zTreeObj = $.fn.zTree.init($('#treeDemo'), setting, zNodes); } function onCheck(e,treeId,treeNode){ var treeObj=$.fn.zTree.getZTreeObj("treeDemo"), nodes=treeObj.getCheckedNodes(true), v=""; for(var i=0;i<nodes.length;i++){ v+=nodes[i].id + ","; }//这会返回我们选中的节点给Servlet,然后在Servlet进行操作,先删除对应USER_ID的全部权限,然后选中的权限添加进去 $("#rightsId").attr("value", v); } var msg = "<%=request.getAttribute("msg")%>"; if("null"!=msg){ alert(msg); } </SCRIPT> </html>
package org.great.daoimpl; import java.sql.Connection; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; import java.util.ArrayList; import java.util.List; import org.great.bean.FuncBean; import org.great.dao.FuncDao; import org.great.util.DBUtils; public class FuncDaoImpl implements FuncDao{ private PreparedStatement pre = null; private ResultSet rs = null; /** 获得权限表数据*/ public List<FuncBean> getFunc_ALL(int user_id){ List<FuncBean> list = new ArrayList<FuncBean>(); Connection conn = DBUtils.getConn(); String sql = "select f.func_id,f.func_pid,f.func_name,f.func_url,f.func_level from t_function f," + "t_user_function rf where f.func_id = rf.func_id and rf.user_id = ?"; try { pre = conn.prepareStatement(sql); pre.setInt(1, user_id); rs = pre.executeQuery(); while(rs.next()){ FuncBean funcBean = new FuncBean(); funcBean.setFunc_id(rs.getInt(1)); funcBean.setFunc_pid(rs.getInt(2)); funcBean.setFunc_name(rs.getString(3)); funcBean.setFunc_url(rs.getString(4)); funcBean.setFunc_level(rs.getString(5)); list.add(funcBean); } } catch (SQLException e) { // TODO Auto-generated catch block e.printStackTrace(); } finally{ DBUtils.close(conn, pre, rs); } return list; } //删除用户已有权限 public void deleteFunc_All(int userId) { Connection conn = DBUtils.getConn(); String sql = "delete t_user_function where user_id = ?"; try { pre = conn.prepareStatement(sql); pre.setInt(1, userId); rs = pre.executeQuery(); } catch (SQLException e) { // TODO Auto-generated catch block e.printStackTrace(); } finally{ DBUtils.close(conn, pre, rs); } } //根据超级管理员分配的权限添加进权限表 public void addFunc_ByUserId(int userId,int func_id) { Connection conn = DBUtils.getConn(); String sql = "insert into t_user_function values(?,?)"; try { pre = conn.prepareStatement(sql); pre.setInt(1, userId); pre.setInt(2, func_id); rs = pre.executeQuery(); } catch (SQLException e) { // TODO Auto-generated catch block e.printStackTrace(); } finally{ DBUtils.close(conn, pre, rs); } } }