在查看某个role的requestmap时(比如点击edit),使用如下sql语句 获取该role对应的requestmap,在页面上显示出来
private List findRequestmapsByRole(authority)
{
Requestmap.executeQuery(
"SELECT rm FROM Requestmap rm " +
"WHERE rm.configAttribute LIKE :roleName",
[roleName: '%'+authority.authority+'%'])
}
显示过程如下,resourceMap中的key为requestmap, value为true 或者false,然后就可以在前台的checkbox中显示出来
private Map buildAuthorityModel(authority) {
List requestmaps = Requestmap.list()
requestmaps.sort { r1, r2 ->
r1.url <=> r2.url
}
List ownedRequestmaps = findRequestmapsByRole(authority)
Set authResourcesNames = []
for (requestmap in ownedRequestmaps) {
authResourcesNames << requestmap.url
}
LinkedHashMap<Requestmap, Boolean> resourceMap = [:]
for (requestmap in requestmaps) {
resourceMap[(requestmap)] = authResourcesNames.contains(requestmap.url)
}
System.out.println(resourceMap);
return [authority: authority, resourceMap: resourceMap]
}
具体步骤如下:
1) 在BootStrap
中建立几个Role,
建立几个requestmap
2) 将这些requestmap 分配给一个超级管理员(ROLE_ADMIN)
class BootStrap {
def authenticateService
def init = { servletContext ->
Person.withTransaction {
def me = new Person(
//username: "sarbogast",
username: "admin",
userRealName: "Sebastien Arbogast",
passwd: authenticateService.encodePassword("111111"),
enabled: true,
email: "sebastien@epseelon.com"
)
me.save()
def user = new Person(
//username: "sarbogast",
username: "leiw",
userRealName: "leiw dandan",
passwd: authenticateService.encodePassword("111111"),
enabled: true,
email: "leiw@epseelon.com"
)
user.save()
def projectAdmin = new Person(
//username: "sarbogast",
username: "project",
userRealName: "project admin",
passwd: authenticateService.encodePassword("111111"),
enabled: true,
email: "project@epseelon.com"
)
projectAdmin.save()
def adminAuth = new Authority(
description: "administrator",
authority: "ROLE_ADMIN"
)
adminAuth.save()
def projectAdminAuth = new Authority(
description: "project administrator",
authority: "ROLE_PROJECT_ADMIN"
)
projectAdminAuth.save()
def userAuth = new Authority(
description:"user",
authority: "ROLE_USER"
)
userAuth.save()
me.addToAuthorities(adminAuth)
me.addToAuthorities(userAuth)
projectAdmin.addToAuthorities(projectAdminAuth)
user.addToAuthorities(userAuth)
def authorityMap = new Requestmap(
url: '/authority/**',
configAttribute: 'ROLE_ADMIN',
description: '角色管理'
)
authorityMap.save()
def requestmapMap = new Requestmap(
url:'/requestmap/**',
configAttribute: 'ROLE_ADMIN',
description: '资源管理'
)
requestmapMap.save()
def projectListMap = new Requestmap(
url: '/project/list**',
configAttribute: 'ROLE_USER, ROLE_ADMIN, ROLE_PROJECT_ADMIN',
description: '项目查看'
)
projectListMap.save()
def projectCreateMap = new Requestmap(
url: '/project/create**',
configAttribute: 'ROLE_ADMIN',
description: '项目新增'
)
projectCreateMap.save()
def projectEditMap = new Requestmap(
url: '/project/edit**',
configAttribute: 'ROLE_ADMIN',
description: '项目修改'
)
projectEditMap.save()
def projectDelMap = new Requestmap(
url: '/project/delete**',
configAttribute: 'ROLE_ADMIN',
description: '项目删除'
)
projectDelMap.save()
new Project(title:'test1', description:'').save();
new Project(title:'test2', description:'').save();
new Project(title:'test3', description:'').save();
}
}
def destroy = {
}
}
3) Acegi的requstmap只是对url的过滤,对于grails默认生成的show view中,其edit和delete的方式是采用参数来提交的,其提交格式类似/project/index?action_edit=edit, 所以acegi无法正确截获<g:form>
<g:hiddenField name="id" value="${projectInstance?.id}" />
<span class="button"><g:actionSubmit class="edit" action="edit" value="${message(code: 'default.button.edit.label', default: 'Edit')}" /></span>
<span class="button"><g:actionSubmit class="delete" action="delete" value="${message(code: 'default.button.delete.label', default: 'Delete')}" onclick="return confirm('${message(code: 'default.button.delete.confirm.message', default: 'Are you sure?')}');" /></span>
</g:form>
只能将form改成原HTML原始的方式
<form action="/todolist/project/edit"></form>
<form action="/todolist/project/delete" method="post" ></form>
4) 修改requestmap 的domain,增加description,方便checkbox显示额外的权限描述信息。