在查看某個role的requestmap時(比如點擊edit),使用如下sql語句 獲取該role對應的requestmap,在頁面上顯示出來
private List findRequestmapsByRole(authority)
{
Requestmap.executeQuery(
"SELECT rm FROM Requestmap rm " +
"WHERE rm.configAttribute LIKE :roleName",
[roleName: '%'+authority.authority+'%'])
}
顯示過程如下,resourceMap中的key為requestmap, value為true 或者false,然后就可以在前臺的checkbox中顯示出來
private Map buildAuthorityModel(authority) {
List requestmaps = Requestmap.list()
requestmaps.sort { r1, r2 ->
r1.url <=> r2.url
}
List ownedRequestmaps = findRequestmapsByRole(authority)
Set authResourcesNames = []
for (requestmap in ownedRequestmaps) {
authResourcesNames << requestmap.url
}
LinkedHashMap<Requestmap, Boolean> resourceMap = [:]
for (requestmap in requestmaps) {
resourceMap[(requestmap)] = authResourcesNames.contains(requestmap.url)
}
System.out.println(resourceMap);
return [authority: authority, resourceMap: resourceMap]
}
具體步驟如下:
1) 在BootStrap
中建立幾個Role,
建立幾個requestmap
2) 將這些requestmap 分配給一個超級管理員(ROLE_ADMIN)
class BootStrap {
def authenticateService
def init = { servletContext ->
Person.withTransaction {
def me = new Person(
//username: "sarbogast",
username: "admin",
userRealName: "Sebastien Arbogast",
passwd: authenticateService.encodePassword("111111"),
enabled: true,
email: "sebastien@epseelon.com"
)
me.save()
def user = new Person(
//username: "sarbogast",
username: "leiw",
userRealName: "leiw dandan",
passwd: authenticateService.encodePassword("111111"),
enabled: true,
email: "leiw@epseelon.com"
)
user.save()
def projectAdmin = new Person(
//username: "sarbogast",
username: "project",
userRealName: "project admin",
passwd: authenticateService.encodePassword("111111"),
enabled: true,
email: "project@epseelon.com"
)
projectAdmin.save()
def adminAuth = new Authority(
description: "administrator",
authority: "ROLE_ADMIN"
)
adminAuth.save()
def projectAdminAuth = new Authority(
description: "project administrator",
authority: "ROLE_PROJECT_ADMIN"
)
projectAdminAuth.save()
def userAuth = new Authority(
description:"user",
authority: "ROLE_USER"
)
userAuth.save()
me.addToAuthorities(adminAuth)
me.addToAuthorities(userAuth)
projectAdmin.addToAuthorities(projectAdminAuth)
user.addToAuthorities(userAuth)
def authorityMap = new Requestmap(
url: '/authority/**',
configAttribute: 'ROLE_ADMIN',
description: '角色管理'
)
authorityMap.save()
def requestmapMap = new Requestmap(
url:'/requestmap/**',
configAttribute: 'ROLE_ADMIN',
description: '資源管理'
)
requestmapMap.save()
def projectListMap = new Requestmap(
url: '/project/list**',
configAttribute: 'ROLE_USER, ROLE_ADMIN, ROLE_PROJECT_ADMIN',
description: '項目查看'
)
projectListMap.save()
def projectCreateMap = new Requestmap(
url: '/project/create**',
configAttribute: 'ROLE_ADMIN',
description: '項目新增'
)
projectCreateMap.save()
def projectEditMap = new Requestmap(
url: '/project/edit**',
configAttribute: 'ROLE_ADMIN',
description: '項目修改'
)
projectEditMap.save()
def projectDelMap = new Requestmap(
url: '/project/delete**',
configAttribute: 'ROLE_ADMIN',
description: '項目刪除'
)
projectDelMap.save()
new Project(title:'test1', description:'').save();
new Project(title:'test2', description:'').save();
new Project(title:'test3', description:'').save();
}
}
def destroy = {
}
}
3) Acegi的requstmap只是對url的過濾,對于grails默認生成的show view中,其edit和delete的方式是采用參數來提交的,其提交格式類似/project/index?action_edit=edit, 所以acegi無法正確截獲<g:form>
<g:hiddenField name="id" value="${projectInstance?.id}" />
<span class="button"><g:actionSubmit class="edit" action="edit" value="${message(code: 'default.button.edit.label', default: 'Edit')}" /></span>
<span class="button"><g:actionSubmit class="delete" action="delete" value="${message(code: 'default.button.delete.label', default: 'Delete')}" onclick="return confirm('${message(code: 'default.button.delete.confirm.message', default: 'Are you sure?')}');" /></span>
</g:form>
只能將form改成原HTML原始的方式
<form action="/todolist/project/edit"></form>
<form action="/todolist/project/delete" method="post" ></form>
4) 修改requestmap 的domain,增加description,方便checkbox顯示額外的權限描述信息。