Source Code of org.beangle.webapp.security.action.AuthorityAction

/* Copyright c 2005-2012.
 * Licensed under GNU  LESSER General Public License, Version 3.
 * http://www.gnu.org/licenses
 */
package org.beangle.webapp.security.action;


import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.Set;


import org.beangle.commons.collection.CollectUtils;
import org.beangle.commons.lang.SeqStrUtils;
import org.beangle.model.entity.Model;
import org.beangle.model.query.builder.OqlBuilder;
import org.beangle.security.blueprint.Authority;
import org.beangle.security.blueprint.Group;
import org.beangle.security.blueprint.Menu;
import org.beangle.security.blueprint.MenuProfile;
import org.beangle.security.blueprint.Resource;
import org.beangle.security.blueprint.User;
import org.beangle.security.blueprint.UserCategory;
import org.beangle.security.blueprint.service.CacheableAuthorityManager;
import org.beangle.security.core.authority.GrantedAuthorityBean;
import org.beangle.struts2.convention.route.Action;


/**
 * 权限分配与管理响应类
 * 
 * @author chaostone 2005-10-9
 */
public class AuthorityAction extends SecurityActionSupport {


  private CacheableAuthorityManager authorityManager;


  /**
   * 主页面
   */
  public String index() {
    User user = getUser();
    put("manager", user);
    if (isAdmin(user)) {
      put("allGroups", entityDao.getAll(Group.class));
    }
    return forward();
  }


  /**
   * 根据菜单配置来分配权限
   * 
   * @author 鄂州蚊子
   * @param mapping
   * @param form
   * @param request
   * @param response
   * @return
   * @throws Exception
   */
  public String edit() {
    Long groupId = getLong("group.id");
    if (null == groupId) {
      groupId = getLong("groupIds");
    }
    Group ao = entityDao.get(Group.class, groupId);
    User user = getUser();
    put("manager", user);
    if (isAdmin(user)) {
      put("allGroups", entityDao.getAll(Group.class));
    }
    List<UserCategory> categories = CollectUtils.newArrayList();
    categories.add(((Group) ao).getCategory());


    OqlBuilder<MenuProfile> query = OqlBuilder.from(MenuProfile.class, "menuProfile");
    query.where("menuProfile.category in(:categories)", categories);
    List<MenuProfile> menuProfiles = entityDao.search(query);
    put("menuProfiles", menuProfiles);


    Long menuProfileId = getLong("menuProfileId");
    MenuProfile menuProfile = null;
    if (null != menuProfileId) {
      menuProfile = entityDao.get(MenuProfile.class, menuProfileId);
      if (!menuProfile.getCategory().equals(ao.getCategory())) {
        menuProfile = (menuProfiles.get(0));
      }
    } else {
      menuProfile = (menuProfiles.get(0));
    }
    if (null != menuProfile) {
      List<Menu> menus = null;
      Collection<Resource> resources = null;
      if (isAdmin(user)) {
        menus = menuProfile.getMenus();
        resources = entityDao.getAll(Resource.class);
      } else {
        menus = authorityService.getMenus(menuProfile, user);
        resources = authorityService.getResources(user);
      }
      put("resources", CollectUtils.newHashSet(resources));
      boolean displayFreezen = getBool("displayFreezen");
      if (!displayFreezen) {
        List<Menu> freezed = CollectUtils.newArrayList();
        for (Menu menu : menus) {
          if (!menu.isEnabled()) {
            freezed.add(menu);
          }
        }
        menus.removeAll(freezed);
      }
      put("menus", menus);


      Set<Resource> aoResources = CollectUtils.newHashSet();
      Map<String, Long> aoResourceAuthorityMap = CollectUtils.newHashMap();
      List<Authority> authorities = authorityService.getAuthorities(ao);
      Collection<Menu> aoMenus = authorityService.getMenus(menuProfile, (Group) ao, null);
      for (final Authority authority : authorities) {
        aoResources.add(authority.getResource());
        aoResourceAuthorityMap.put(authority.getResource().getId().toString(),
            authority.getId());
      }
      put("aoMenus", CollectUtils.newHashSet(aoMenus));
      put("aoResources", aoResources);
      put("aoResourceAuthorityMap", aoResourceAuthorityMap);
    }
    put("menuProfile", menuProfile);
    put("ao", ao);
    return forward();
  }


  /**
   * 显示权限操作提示界面
   * 
   * @param mapping
   * @param form
   * @param request
   * @param response
   * @return
   * @throws Exception
   */
  public String prompt() {
    return forward();
  }


  /**
   * 保存模块级权限
   * 
   * @param mapping
   * @param form
   * @param request
   * @param response
   * @return
   * @throws Exception
   */
  public String save() {
    Group mao = entityDao.get(Group.class, getLong("group.id"));
    MenuProfile menuProfile = (MenuProfile) entityDao.get(MenuProfile.class,
        getLong("menuProfileId"));
    Set<Resource> newResources = CollectUtils.newHashSet(entityDao.get(Resource.class,
        SeqStrUtils.transformToLong(get("resourceId"))));


    // 管理员拥有的菜单权限和系统资源
    User manager = getUser();
    Set<Menu> mngMenus = null;
    Set<Resource> mngResources = CollectUtils.newHashSet();
    if (isAdmin(manager)) {
      mngMenus = CollectUtils.newHashSet(menuProfile.getMenus());
    } else {
      mngMenus = CollectUtils.newHashSet(authorityService.getMenus(menuProfile,
          (User) manager));
    }
    for (final Menu m : mngMenus) {
      mngResources.addAll(m.getResources());
    }


    // 确定要删除的菜单和系统资源
    // Set<MenuAuthority> removedMenus = CollectionUtil.newHashSet();
    // for (MenuAuthority ma : mao.getMenuAuthorities()) {
    // if (mngMenus.contains(ma.getMenu()) &&
    // ma.getMenu().getProfile().equals(menuProfile)) {
    // if (!newMenus.contains(ma.getMenu())) {
    // removedMenus.add(ma);
    // } else {
    // newMenus.remove(ma.getMenu());
    // }
    // }
    // }


    Set<Authority> removedResources = CollectUtils.newHashSet();
    for (final Authority au : mao.getAuthorities()) {
      if (mngResources.contains(au.getResource())) {
        if (!newResources.contains(au.getResource())) {
          removedResources.add(au);
        } else {
          newResources.remove(au.getResource());
        }
      }
    }


    // 删除菜单和系统资源
    // mao.getMenuAuthorities().removeAll(removedMenus);
    mao.getAuthorities().removeAll(removedResources);


    // 添加新的菜单和系统资源
    // for (Menu menu : newMenus) {
    // MenuAuthority authority = Model.newInstance(MenuAuthority.class);
    // authority.setGroup(mao);
    // authority.setMenu(menu);
    // mao.getMenuAuthorities().add(authority);
    // }


    for (Resource resource : newResources) {
      Authority authority = Model.newInstance(Authority.class);
      authority.setGroup(mao);
      authority.setResource(resource);
      mao.getAuthorities().add(authority);
    }


    entityDao.saveOrUpdate(mao);
    authorityManager.refreshGroupAuthorities(new GrantedAuthorityBean(mao.getName()));


    Action redirect = Action.to(this).method("edit");
    redirect.param("group.id", mao.getId()).param("menuProfileId", menuProfile.getId());
    String displayFreezen = get("displayFreezen");
    if (null != displayFreezen) {
      redirect.param("displayFreezen", displayFreezen);
    }
    return redirect(redirect, "info.save.success");
  }


  public void setAuthorityManager(CacheableAuthorityManager authorityManager) {
    this.authorityManager = authorityManager;
  }


}
Source Code of org.beangle.webapp.security.action.AuthorityAction

Related Classes of org.beangle.webapp.security.action.AuthorityAction
