liferay权限之二 permissionChecker的实现解析

bluedot

浏览: 18269 次
性别:
来自: 北京

最近访客更多访客>>

heartlock

njison

wanghxing123

scorcer2002

博主相关

博客

微博

相册

留言

关于我

文章分类

社区版块

存档分类

博客分类：

liferay portal研究

版本：4.3.4企业版

1.用户所关联实体（社区、组织、用户组、角色、及他们之间的关联体）：

com.liferay.portal.service.persistence.GroupFinder.countByGroupId：

SELECT
                COUNT(*) AS COUNT_VALUE
            FROM
                Group_
             INNER JOIN
                Users_Groups ON
                    (Users_Groups.userId = ?)
            WHERE
                (Group_.liveGroupId = 0) AND
                (Users_Groups.groupId = Group_.groupId)
                (Group_.groupId = ?) AND
                (Group_.liveGroupId = 0)

2.资源及权限查找：

资源有四种范围：

对于范围是4的资源，资源的primky是业务对象的id

对于范围是2的资源，资源的primky是权限验证相关的groupid，一般是社区

对于范围是3的资源，资源的primky是GroupImpl.DEFAULT_PARENT_GROUP_ID，即0

对于范围是3的资源，资源的primky是companyId公司id

所以要查找四个范围的资源

3.权限验证：

以下是liferay默认的用户权限运算规则要权限检查的对象，对应的表很好找，使用customersql的方式查询

com.liferay.portal.service.persistence.PermissionFinder.countByGroupsRoles：

com.liferay.portal.service.persistence.PermissionFinder.countByGroupsPermissions:

com.liferay.portal.service.persistence.PermissionFinder.countByUsersRoles:

com.liferay.portal.service.persistence.PermissionFinder.countByUserGroupRole:

com.liferay.portal.service.persistence.PermissionFinder.countByUsersPermissions:

SELECT
                COUNT(*) AS COUNT_VALUE
            FROM
                Groups_Roles
            INNER JOIN
                Roles_Permissions ON
                    (Roles_Permissions.roleId = Groups_Roles.roleId)
            INNER JOIN
                Permission_ ON
                    (Permission_.permissionId = Roles_Permissions.permissionId)
            WHERE
                (Roles_Permissions.permissionId=?) AND
                (Groups_Roles.groupId=?)

Union all(

SELECT
                COUNT(*) AS COUNT_VALUE
            FROM
                Permission_
            INNER JOIN
                Groups_Permissions ON
                    (Groups_Permissions.permissionId = Permission_.permissionId)
            WHERE
                (Groups_Permissions.permissionId=?) AND
                (Groups_Permissions.groupId=?)

)

union all(

SELECT
                COUNT(*) AS COUNT_VALUE
            FROM
                Users_Roles
            INNER JOIN
                Roles_Permissions ON
                    (Roles_Permissions.roleId = Users_Roles.roleId)
            INNER JOIN
                Permission_ ON
                    (Permission_.permissionId = Roles_Permissions.permissionId)
            WHERE
                (Roles_Permissions.permissionId=?) AND
                (Users_Roles.userId = ?)

)

union all(

SELECT
                COUNT(*) AS COUNT_VALUE
            FROM
                UserGroupRole
            INNER JOIN
                Roles_Permissions ON
                    (Roles_Permissions.roleId = UserGroupRole.roleId and UserGroupRole.groupId = ?)
            INNER JOIN
                Permission_ ON
                    (Permission_.permissionId = Roles_Permissions.permissionId)
            WHERE
                (Roles_Permissions.permissionId=?) AND
                (UserGroupRole.userId = ?)

)

union all(

SELECT
                COUNT(*) AS COUNT_VALUE
            FROM
                Permission_
            INNER JOIN
                Users_Permissions ON
                    (Users_Permissions.permissionId = Permission_.permissionId)
            WHERE
                (Users_Permissions.permissionId=?) AND
                (Users_Permissions.userId = ?)

)

分享到：

jbpm开发实战----委托

2009-07-13 17:36
浏览 2225
评论(0)
查看更多

发表评论

您还没有登录,请您登录后再发表评论

最近访客更多访客>>

博主相关

文章分类

社区版块

存档分类

最新评论