Design table and table query based on RBAC


foreword

The core concepts in the RBAC model : (Role Based Access Control)

User ( user ): Each user has a unique UID identification and is granted different roles

Role : Different roles have different permissions  

Permission : access rights

User-role mapping : the mapping relationship between users and roles

Role-permission mapping : mapping between roles and permissions


1. Design an associated query table?

Admin form (ams_admin)

ams_admin
id username xxx.... .....
1 sunny .... ...
2 wendy ... ....

Administrator role table (ams_admin_role): associate administrators with roles through this table

ams_admin_role
id admin_id role_id
1 1 2
2 2 1

Role table (ams_role)

ams_role
id name xxxx...
1 super administrator xxx        
2 General administrator xxx

Role permission table (ams_role_permission): associate roles and permissions through this table

ams_role_permission
id               role_id permission_id
1 1 1
2 1 2
3 1 3
4 2 3

Permission table (ams_permisssion)

ams_permission
id value description....
1 /xxx/xxx/xxx management administrator           
2 /xxx/xxx/xxx manage users
3 /xxx/xxx/xxx Manage goods

2. Simple query in console

If you want to query the permissions corresponding to the administrator, you can use:

1. ams_admin associates the ams_admin_role table to obtain the corresponding role id of the administrator . The association condition is that the table field id in the ams_admin table corresponds to the table field admin_id in the ams_admin_role table;

2. After obtaining the role id corresponding to the administrator, get the permission id corresponding to the role id by associating the ams_role_permission table . The association condition is that the table field role_id in the ams_admin_role table corresponds to the table field role_id in the ams_role_permission table;

3. After obtaining the permission id corresponding to the administrator, then by associating the ams_permission table, the corresponding permission of the permission id is obtained . The association condition is that the table field permission_id in the ams_role_permission table corresponds to the table field id in the ams_permission table;

select
    ams_admin.id,
    ams_admin.username,
    ams_admin.password,
    ams_admin.enable,
    ams_permission.value
from ams_admin
left join ams_admin_role on ams_admin.id=ams_admin_role.admin_id
left join ams_role_permission on ams_admin_role.role_id=ams_role_permission.role_id
left join ams_permission on ams_role_permission.permission_id=ams_permission.id
where username='root';

3. Actual business processing

1. Configuration class: used to encapsulate the attributes corresponding to the query data, as an example:

@Data
public class AdminLoginInfoVO implements Serializable {

    private Long id;
    private String username;
    private String password;
    private Integer enable;
    private List<String> permissions;

}

2. Prepare the corresponding query method in Mapper:

AdminLoginInfoVO getLoginInfoByUsername (String username)

3. Configure the SQL query for method mapping in the .xml file:

<!-- AdminLoginInfoVO getLoginInfoByUsername(String usernanme); -->
<select id="getLoginInfoByUsername" resultMap="LoginResultMap">
    SELECT
        <include refid="LoginQueryFields"/>
    FROM
        ams_admin
    LEFT JOIN ams_admin_role ON ams_admin.id=ams_admin_role.admin_id
    LEFT JOIN ams_role_permission ON ams_admin_role.role_id=ams_role_permission.role_id
    LEFT JOIN ams_permission ON ams_role_permission.permission_id=ams_permission.id
    WHERE
        username=#{username}
</select>

<sql id="LoginQueryFields">
    <if test="true">
        ams_admin.id,
        ams_admin.username,
        ams_admin.password,
        ams_admin.enable,
        ams_permission.value
    </if>
</sql>

<!-- collection标签:用于配置返回结果类型中List类型的属性 -->
<!-- collection标签的ofType属性:List中的元素类型 -->
<!-- collection子级:需要配置如何创建出List中的每一个元素 -->
<resultMap id="LoginResultMap" 
           type="cn.tedu.csmall.passport.pojo.vo.AdminLoginInfoVO">
    <id column="id" property="id"/>
    <result column="username" property="username"/>
    <result column="password" property="password"/>
    <result column="enable" property="enable"/>
    <collection property="permissions" ofType="java.lang.String">
        <constructor>
            <arg column="value"/>
        </constructor>
    </collection>
</resultMap>

4. Test

@Test
    void testGetLoginInfoByUsername() {
        String username = "root";
        AdminLoginInfoVO loginInfoByUsername = mapper.getLoginInfoByUsername(username);
        log.debug("根据用户名【{}】查询登录信息:{}", username, loginInfoByUsername);
    }


Summarize

Happy Mid-autumn Festival

Guess you like

Origin blog.csdn.net/weixin_72125569/article/details/126769504