View Javadoc
1   /**
2    * Copyright By Grandsoft Company Limited.  
3    * 2012-6-28 下午02:21:24
4    */
5   package gboat2.web.service.impl;
6   
7   import gboat2.base.core.service.ModuleService;
8   import gboat2.base.core.validate.IOperaPrivilegeCheckService;
9   import gboat2.base.bridge.model.Resource;
10  import gboat2.base.bridge.model.UserSession;
11  import gboat2.base.bridge.GboatAppContext;
12  
13  import java.util.List;
14  import java.util.Map;
15  
16  import org.osgi.framework.Bundle;
17  
18  /**
19   * 操作权限验证服务的实现类
20   * @author lysming
21   * @since 1.0
22   * @date 2012-6-28
23   */
24  public class SessionPrivilegeCheckServiceImpl implements IOperaPrivilegeCheckService {
25  
26  	@Override
27      public boolean privilegeCheckServiceByMethodName(Map<?, ?> params, Bundle bd) {
28          UserSession session = GboatAppContext.getUserSession();
29          if(session==null){
30          	//如果没有登录直接返回失败 //TODO 该处应该和GboatUserSessionFilter中的配置联动
31          	return false;
32          }else if ("super".equals(session.getLoginId())){
33          	// 如果是超级管理员,直接放权
34              return true;
35          }
36  
37          String actionName = (String) params.get("ACTION_NAME");
38          String methodName = (String) params.get("METHOD_NAME");
39  
40          // 如果是用MethodName查询权限则先查询其对应的MethodCode,再根据MethodCode查询
41          List<String> operationCodes = ModuleService.getOperationCodesOf(actionName, methodName);
42          if (null == operationCodes || operationCodes.isEmpty())
43              return true;// 不在受控范围内,直接放权
44  
45          for (String operationCode : operationCodes) {
46              if (session.havePriority(new Resource(actionName, operationCode)))
47                  return true; // 只要有一项在权限表中,表示有权限
48          }
49          return false;
50      }
51  
52  	@Override
53  	public boolean privilegeCheckServiceByMethodCode(Map<?, ?> params, Bundle bd) {
54  		UserSession session = GboatAppContext.getUserSession();
55          // 如果是超级管理员,直接放权
56  		if ("super".equals(session.getLoginId()))
57  	        return true;
58  		
59  		String actionName = (String) params.get("ACTION_NAME");
60  		String methodCode = (String) params.get("METHOD_CODE");
61  		//用 MethodCode 查询权限
62  		return session.havePriority(new Resource(actionName, methodCode));
63  	}
64  
65  }