* 在controller前拦截
*/
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object object) throws Exception {
String requestPath = ResourceUtil.getRequestPath(request);// 用户访问的资源地址
HttpSession session = ContextHolderUtils.getSession();
Client client = ClientManager.getInstance().getClient(session.getId());
if(client == null){
client = ClientManager.getInstance().getClient(
request.getParameter("sessionId"));
}
if (excludeUrls.contains(requestPath)) {
return true;
} else {
if (client != null && client.getUser()!=null ) {
if(!hasMenuAuth(request)){
response.sendRedirect("loginController.do?noAuth");
//request.getRequestDispatcher("webpage/common/noAuth.jsp").forward(request, response);
return false;
}
String functionId=oConvertUtils.getString(request.getParameter("clickFunctionId"));
if(!oConvertUtils.isEmpty(functionId)){
Set<String> operationCodes = systemService.getOperationCodesByUserIdAndFunctionId(client.getUser().getId(), functionId);
request.setAttribute("operationCodes", operationCodes);
}
if(!oConvertUtils.isEmpty(functionId)){
List<String> allOperation=this.systemService.findListbySql("SELECT operationcode FROM t_s_operation WHERE functionid='"+functionId+"'");
List<String> newall = new ArrayList<String>();
if(allOperation.size()>0){
for(String s:allOperation){
s=s.replaceAll(" ", "");
newall.add(s);
}
String hasOperSql="SELECT operation FROM t_s_role_function fun, t_s_role_user role WHERE " +
"fun.functionid='"+functionId+"' AND fun.operation!='' AND fun.roleid=role.roleid AND role.userid='"+client.getUser().getId()+"' ";
List<String> hasOperList = this.systemService.findListbySql(hasOperSql);
for(String strs:hasOperList){
for(String s:strs.split(",")){
s=s.replaceAll(" ", "");
newall.remove(s);