实现权限目的:
是为了让不同的用户可以操作系统中不同资源
直接点说就是不同的用户可以看到不同的菜单
我们先来看下3张接下来用到的数据表
1.菜单表(t_easyui_menu)
2.用户菜单中间表(t_easyui_usermenu)
3用户表(t_easyui_user_version2)
先来个登录页面
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> <form action="${pageContext.request.contextPath }/userAction.action?methodName=login" method="post"> uid:<input type="text" name="uid"><br> upwd:<input type="text" name="upwd"><br> <input type="submit"> </form> <span style="color:red;">${msg }</span> </body> </html>
登录验证方法
/** * 用户登录或者查询用户分页信息的公共方法 * @param paMap * @param pageBean * @return * @throws InstantiationException * @throws IllegalAccessException * @throws SQLException */ public List<Map<String,Object>> list(Map<String,String[]> paMap,PageBean pageBean) throws InstantiationException, IllegalAccessException, SQLException{ String sql="select * from t_easyui_user_version2 where true"; String uid=JsonUtils.getParamVal(paMap,"uid"); String upwd=JsonUtils.getParamVal(paMap,"upwd"); if(StringUtils.isNotBlank(uid)) { sql+=" and uid="+uid; } if(StringUtils.isNotBlank(upwd)) { sql+=" and upwd="+upwd; } return super.executeQuery(sql, pageBean); }
根据登录用户去对应菜单栏
/** * 根据当前用户登录的ID去查询对应的所有菜单 * @param paMap * @param pageBean * @return * @throws InstantiationException * @throws IllegalAccessException * @throws SQLException */ public List<Map<String,Object>> getMenuByUid(Map<String,String[]> paMap,PageBean pageBean) throws InstantiationException, IllegalAccessException, SQLException{ String sql="select * from t_easyui_usermenu where true"; String uid=JsonUtils.getParamVal(paMap,"uid"); if(StringUtils.isNotBlank(uid)) { sql+=" and uid="+uid; } return super.executeQuery(sql, pageBean); }
然后就是web层来调用
public class UserAction extends ActionSupport{ private UserDao userDao=new UserDao(); /** * 登录成功后跳转index.jsp * @param request * @param response * @return * @throws SQLException * @throws IllegalAccessException * @throws InstantiationException */ public String login(HttpServletRequest request,HttpServletResponse response){ //系统中是否有当前登录用户 try { Map<String, Object> map = this.userDao.list(request.getParameterMap(), null).get(0); //有 if(map!=null&&map.size()>0) { //[{menuid:002,....},{menuid:003,....}] //002,003 StringBuilder sb=new StringBuilder(); List<Map<String, Object>> menuIdArr = this.userDao.getMenuByUid(request.getParameterMap(), null); for (Map<String, Object> m : menuIdArr) { sb.append(","+m.get("menuId")); } request.setAttribute("menuIds",sb.substring(1)); return "index"; }else { request.setAttribute("msg","用户不存在"); return "login"; } } catch (InstantiationException | IllegalAccessException | SQLException e) { // TODO Auto-generated catch block e.printStackTrace(); } //查询用户菜单中间表,获取menuid的集合 return null; } }
配置MVC.xml
<action path="/userAction" type="com.web.UserAction"> <forward name="index" path="/index.jsp" redirect="false" /> <forward name="login" path="/login.jsp" redirect="false" /> </action>
在MenuDao里面加上一个listMapAuth方法
public List<Map<String, Object>> listMapAuth(Map<String, String[]> paMap,PageBean pageBean) throws InstantiationException, IllegalAccessException, SQLException{ String sql="select * from t_easyui_menu where true "; String menuId=JsonUtils.getParamVal(paMap, "Menuid"); //为什么将parentid改成menuid? //原因在之前的方法,只能查询当前节点的所有子节点集合,不能将当前节点给查询出来 //002--》002001 ,002002,002003... //002,002001,002002,002003... if(StringUtils.isNotBlank(menuId)) { sql+=" and Menuid in ("+menuId+") "; } else { sql+=" and Menuid = 000"; } //这里面存放的是数据库中的菜单信息 List<Map<String, Object>> listMap = super.executeQuery(sql, pageBean); return listMap; }
现在看下效果
001登录
