Example 1 with SysNoticeService
use of com.github.qinyou.system.service.SysNoticeService in project my_curd by qinyou.
the class SysVisitLogController method deleteAction.
/**
* 批量删除
*/
@RequirePermission("sysVisitLog:delete")
@Before(IdsRequired.class)
public void deleteAction() {
String ids = getPara("ids").replaceAll(",", "','");
String sql = "delete from sys_visit_log where id in ('" + ids + "')";
int number = Db.update(sql);
// 发送系统通知
String noticeTypeCode = "delVisitLog";
Map<String, Object> params = new HashMap<>();
params.put("username", WebUtils.getSessionUsername(this));
params.put("datetime", new DateTime().toString("yyyy-MM-dd HH:mm:ss"));
params.put("number", number);
SysNoticeService service = Duang.duang(SysNoticeService.class);
service.sendNotice(noticeTypeCode, params);
renderSuccess(DELETE_SUCCESS);
}
Also used :
HashMap(java.util.HashMap)
DateTime(org.joda.time.DateTime)
SysNoticeService(com.github.qinyou.system.service.SysNoticeService)
Before(com.jfinal.aop.Before)
RequirePermission(com.github.qinyou.common.annotation.RequirePermission)
Example 2 with SysNoticeService
use of com.github.qinyou.system.service.SysNoticeService in project my_curd by qinyou.
the class PermissionInterceptor method intercept.
@Override
public void intercept(Invocation inv) {
boolean flag = true;
Controller controller = inv.getController();
// 验证菜单权限
RequirePermission requirePermission = controller.getClass().getAnnotation(RequirePermission.class);
List<String> codes;
if (requirePermission != null) {
codes = requirePermission.isResource() ? controller.getSessionAttr("menuCodes") : controller.getSessionAttr("roleCodes");
flag = codes.contains(requirePermission.value());
}
if (flag) {
// 菜单权限通后 再验证按钮权限
requirePermission = inv.getMethod().getAnnotation(RequirePermission.class);
if (requirePermission != null) {
codes = requirePermission.isResource() ? controller.getSessionAttr("buttonCodes") : controller.getSessionAttr("roleCodes");
flag = codes.contains(requirePermission.value());
}
}
if (flag) {
// 菜单权限、按钮权限 都具备 放行
inv.invoke();
return;
}
// ------------无权限-------------------
// 推送消息
String noticeTypeCode = "noPermissionOps";
Map<String, Object> params = new HashMap<>();
params.put("username", WebUtils.getSessionUsername(controller));
params.put("visitUrl", controller.getRequest().getRequestURI());
SysNoticeService service = Duang.duang(SysNoticeService.class);
service.sendNotice(noticeTypeCode, params);
// 响应
String requestType = inv.getController().getHeader("X-Requested-With");
if ("XMLHttpRequest".equals(requestType) || StringUtils.notEmpty(inv.getController().getPara("xmlHttpRequest"))) {
// 其实并没有,可以自行扩展
Ret ret = Ret.create().setFail().set("msg", "无权限操作!您的行为已被记录到日志。");
controller.renderJson(ret);
} else {
controller.render("/WEB-INF/views/common/no_permission.ftl");
}
}
Also used :
Ret(com.jfinal.kit.Ret)
HashMap(java.util.HashMap)
Controller(com.jfinal.core.Controller)
RequirePermission(com.github.qinyou.common.annotation.RequirePermission)
SysNoticeService(com.github.qinyou.system.service.SysNoticeService)
Aggregations
RequirePermission (com.github.qinyou.common.annotation.RequirePermission)2
SysNoticeService (com.github.qinyou.system.service.SysNoticeService)2
HashMap (java.util.HashMap)2
Before (com.jfinal.aop.Before)1
Controller (com.jfinal.core.Controller)1
Ret (com.jfinal.kit.Ret)1
DateTime (org.joda.time.DateTime)1
