jeecg3.6.6按钮权限有问题,但是没人重视....
从jeecg3.6.2开始就发现按钮权限有问题,但是没人重视....,之前发过一次帖子,吧主觉得没有不对的地方,现在我用jeecg3.6.6发现按钮权限还是存在相同问题;出错文件地址在/src/org/jeecgframework/tag/core/easyui/DataGridTag.java中第1268行开始到1327行结束,这两个方法存在问题;一个是getNoAuthOperButton();一个是installOperationCode(DataGridUrl dataGridUrl,String operationCode,List optList);
修改方法如下:
原来的方法为:
public String getNoAuthOperButton(){
StringBuffer sb = new StringBuffer();
if(ResourceUtil.getSessionUserName().getUserName().equals("admin")|| !Globals.BUTTON_AUTHORITY_CHECK){
}else{
Set<String> operationCodes = (Set<String>) super.pageContext.getRequest().getAttribute(Globals.OPERATIONCODES);
if (null!=operationCodes) {
for (String MyoperationCode : operationCodes) {
if (oConvertUtils.isEmpty(MyoperationCode))
break;
systemService = ApplicationContextUtil.getContext().getBean(
SystemService.class);
TSOperation operation = systemService.getEntity(TSOperation.class, MyoperationCode);
if (operation.getOperationcode().startsWith(".") || operation.getOperationcode().startsWith("#")){
if (operation.getOperationType().intValue()==Globals.OPERATION_TYPE_HIDE){
//out.append("$(\""+name+"\").find(\"#"+operation.getOperationcode().replaceAll(" ", "")+"\").hide();");
sb.append("$(\""+operation.getOperationcode().replaceAll(" ", "")+"\").hide();");
}else {
//out.append("$(\""+name+"\").find(\"#"+operation.getOperationcode().replaceAll(" ", "")+"\").find(\":input\").attr(\"disabled\",\"disabled\");");
sb.append("$(\""+operation.getOperationcode().replaceAll(" ", "")+"\").attr(\"disabled\",\"disabled\");");
sb.append("$(\""+operation.getOperationcode().replaceAll(" ", "")+"\").find(\":input\").attr(\"disabled\",\"disabled\");");
}
}
}
}
}
//org.jeecgframework.core.util.LogUtil.info("----getNoAuthOperButton-------"+sb.toString());
return sb.toString();
}
/**
* 描述:组装菜单按钮操作权限
* dateGridUrl:url
* operationCode:操作码
* optList: 操作列表
* @version 1.0
*/
private void installOperationCode(DataGridUrl dataGridUrl,String operationCode,List optList){
if(ResourceUtil.getSessionUserName().getUserName().equals("admin")|| !Globals.BUTTON_AUTHORITY_CHECK){
optList.add(dataGridUrl);
}else if(!oConvertUtils.isEmpty(operationCode)){
Set<String> operationCodes = (Set<String>) super.pageContext.getRequest().getAttribute(Globals.OPERATIONCODES);
if (null!=operationCodes) {
List<String> operationCodesStr = new ArrayList<String>();
for (String MyoperationCode : operationCodes) {
if (oConvertUtils.isEmpty(MyoperationCode))
break;
systemService = ApplicationContextUtil.getContext().getBean(
SystemService.class);
TSOperation operation = systemService.getEntity(TSOperation.class, MyoperationCode);
operationCodesStr.add(operation.getOperationcode());
}
if (!operationCodesStr.contains(operationCode)){
optList.add(dataGridUrl);
}
}
}else {
optList.add(dataGridUrl);
}
}
修改后的方法为:
/**
* wxf重写获取没有权限的按钮方法
* @return
*/
public String getNoAuthOperButton(){
StringBuffer sb = new StringBuffer();
if(ResourceUtil.getSessionUserName().getUserName().equals("admin")|| !Globals.BUTTON_AUTHORITY_CHECK){
}else{
List<TSOperation> operationCodes = (List<TSOperation>) super.pageContext.getRequest().getAttribute(Globals.NOAUTO_OPERATIONCODES);
if (null!=operationCodes) {
for (TSOperation tsOperation : operationCodes) {
if (oConvertUtils.isEmpty(tsOperation.getOperationcode()))
break;
systemService = ApplicationContextUtil.getContext().getBean(SystemService.class);
if (tsOperation.getOperationcode().startsWith(".") || tsOperation.getOperationcode().startsWith("#")){
if (tsOperation.getOperationType().intValue()==Globals.OPERATION_TYPE_HIDE){
sb.append("$(\""+tsOperation.getOperationcode().replaceAll(" ", "")+"\").hide();");
}else {
sb.append("$(\""+tsOperation.getOperationcode().replaceAll(" ", "")+"\").attr(\"disabled\",\"disabled\");");
sb.append("$(\""+tsOperation.getOperationcode().replaceAll(" ", "")+"\").find(\":input\").attr(\"disabled\",\"disabled\");");
}
}
}
}
}
//org.jeecgframework.core.util.LogUtil.info("----getNoAuthOperButton-------"+sb.toString());
return sb.toString();
}
/**
* 描述:组装菜单按钮操作权限
* dateGridUrl:url
* operationCode:操作码
* optList: 操作列表
* wxf修改
* @version 1.0
*/
private void installOperationCode(DataGridUrl dataGridUrl,String operationCode,List optList){
if(ResourceUtil.getSessionUserName().getUserName().equals("admin")|| !Globals.BUTTON_AUTHORITY_CHECK){
optList.add(dataGridUrl);
}else if(!oConvertUtils.isEmpty(operationCode)){
Set<String> operationCodes = (Set<String>) super.pageContext.getRequest().getAttribute(Globals.OPERATIONCODES);
if (null!=operationCodes) {
List<String> operationCodesStr = new ArrayList<String>();
for (String MyoperationCode : operationCodes) {
if (oConvertUtils.isEmpty(MyoperationCode))
break;
systemService = ApplicationContextUtil.getContext().getBean(
SystemService.class);
TSOperation operation = systemService.getEntity(TSOperation.class, MyoperationCode);
operationCodesStr.add(operation.getOperationcode());
}
// if (!operationCodesStr.contains(operationCode)){
// optList.add(dataGridUrl);
// }
if (operationCodesStr.contains(operationCode)){
optList.add(dataGridUrl);
}
}
}else {
optList.add(dataGridUrl);
}
}
大家记得在List页面的按钮上加operationCode啊,还有菜单权限按钮配置的地方也要加操作码(带#),例如operationCode="#add",记得加#,因为源码中判断是不是有#号了,之前的好像没有,不过暂时就这样处理吧
ok了:lol;
页:
[1]