Article directory
foreword
The core concepts in the RBAC model : (Role Based Access Control)
User ( user ): Each user has a unique UID identification and is granted different roles
Role : Different roles have different permissions
Permission : access rights
User-role mapping : the mapping relationship between users and roles
Role-permission mapping : mapping between roles and permissions
1. Design an associated query table?
Admin form (ams_admin)
| id | username | xxx.... | ..... |
| 1 | sunny | .... | ... |
| 2 | wendy | ... | .... |
Administrator role table (ams_admin_role): associate administrators with roles through this table
| id | admin_id | role_id |
| 1 | 1 | 2 |
| 2 | 2 | 1 |
Role table (ams_role)
| id | name | xxxx... |
| 1 | super administrator | xxx |
| 2 | General administrator | xxx |
Role permission table (ams_role_permission): associate roles and permissions through this table
| id | role_id | permission_id |
| 1 | 1 | 1 |
| 2 | 1 | 2 |
| 3 | 1 | 3 |
| 4 | 2 | 3 |
Permission table (ams_permisssion)
| id | value | description.... |
| 1 | /xxx/xxx/xxx | management administrator |
| 2 | /xxx/xxx/xxx | manage users |
| 3 | /xxx/xxx/xxx | Manage goods |
2. Simple query in console
If you want to query the permissions corresponding to the administrator, you can use:
1. ams_admin associates the ams_admin_role table to obtain the corresponding role id of the administrator . The association condition is that the table field id in the ams_admin table corresponds to the table field admin_id in the ams_admin_role table;
2. After obtaining the role id corresponding to the administrator, get the permission id corresponding to the role id by associating the ams_role_permission table . The association condition is that the table field role_id in the ams_admin_role table corresponds to the table field role_id in the ams_role_permission table;
3. After obtaining the permission id corresponding to the administrator, then by associating the ams_permission table, the corresponding permission of the permission id is obtained . The association condition is that the table field permission_id in the ams_role_permission table corresponds to the table field id in the ams_permission table;
select
ams_admin.id,
ams_admin.username,
ams_admin.password,
ams_admin.enable,
ams_permission.value
from ams_admin
left join ams_admin_role on ams_admin.id=ams_admin_role.admin_id
left join ams_role_permission on ams_admin_role.role_id=ams_role_permission.role_id
left join ams_permission on ams_role_permission.permission_id=ams_permission.id
where username='root';3. Actual business processing
1. Configuration class: used to encapsulate the attributes corresponding to the query data, as an example:
@Data
public class AdminLoginInfoVO implements Serializable {
private Long id;
private String username;
private String password;
private Integer enable;
private List<String> permissions;
}2. Prepare the corresponding query method in Mapper:
AdminLoginInfoVO getLoginInfoByUsername (String username)
3. Configure the SQL query for method mapping in the .xml file:
<!-- AdminLoginInfoVO getLoginInfoByUsername(String usernanme); -->
<select id="getLoginInfoByUsername" resultMap="LoginResultMap">
SELECT
<include refid="LoginQueryFields"/>
FROM
ams_admin
LEFT JOIN ams_admin_role ON ams_admin.id=ams_admin_role.admin_id
LEFT JOIN ams_role_permission ON ams_admin_role.role_id=ams_role_permission.role_id
LEFT JOIN ams_permission ON ams_role_permission.permission_id=ams_permission.id
WHERE
username=#{username}
</select>
<sql id="LoginQueryFields">
<if test="true">
ams_admin.id,
ams_admin.username,
ams_admin.password,
ams_admin.enable,
ams_permission.value
</if>
</sql>
<!-- collection标签:用于配置返回结果类型中List类型的属性 -->
<!-- collection标签的ofType属性:List中的元素类型 -->
<!-- collection子级:需要配置如何创建出List中的每一个元素 -->
<resultMap id="LoginResultMap"
type="cn.tedu.csmall.passport.pojo.vo.AdminLoginInfoVO">
<id column="id" property="id"/>
<result column="username" property="username"/>
<result column="password" property="password"/>
<result column="enable" property="enable"/>
<collection property="permissions" ofType="java.lang.String">
<constructor>
<arg column="value"/>
</constructor>
</collection>
</resultMap>4. Test
@Test
void testGetLoginInfoByUsername() {
String username = "root";
AdminLoginInfoVO loginInfoByUsername = mapper.getLoginInfoByUsername(username);
log.debug("根据用户名【{}】查询登录信息:{}", username, loginInfoByUsername);
}Summarize
Happy Mid-autumn Festival