1、=XXX电子商务平台权限设计=1、 关于ofbiz中权限体系的几张表=用户的权限都是以权限组来分配的:相关的几个表如下:security_group 权限组的表security_permission 权限值的表security_group_permission 权限组所拥有的权限 user_login_security_group 登录用户所在的权限组系统中没有权限的定义,只有安全组的定义,权限都是系统初始化进去的。从这几张表中可以看出,在ofbiz中,权限是根据权限组和权限值以及对应的登录用户、角色来进行判断的。2、 电子商务平台中的用户角色=原先还在犹豫电子商务平台中的这些用户到底是按照角
2、色来进行区分还是按照类型来进行区分,通过权限体系和最近多变的角色情况看来,用户还是应该按照角色来进行区分的。电子商务平台中的角色(注:角色和会员类型无关,即不管是个人会员还是企业会员,都可以有下面的角色)分为:(角色应该按照职能进行划分)3、 电子商务平台中的权限=电子商务平台中,权限有权限组的概念,在电子商务平台中有下面几种权限1. 管理和审核网站所有的模块(管理员,ECOMMERCE_ADMIN)2. 发布和维护自己的商机信息(SUPPLIER)3. 只能看到自己发布的信息。(子公司,SUBSIDIARY)4. 创建子公司(权限,ECOMMERCE_HEZUOSHE)5. 查看下属单位信息
3、(权限,ECOMMERCE_HEZUOSHE)6. 查看合作社上报的信息(所有合作社相关的订单数据,ECOMMERCE_ADMIN)默认注册用户不能添加和维护自己的下属机构,默认合作社可以添加自己的下属机构4、 如何来实现电子商务平台中的权限=在电子商务平台中,首先添加角色,增加ECOMMERCE为主的几种角色其次增加与角色名称相同的权限组,再次增加权限值,所有的权限值都冠以ECOMMERCE为主最后再按照角色和权限体系对整个后台进行权限的判断和划分权限判断一是要在leftnew中进行判断,二是要在对应的screen中进行判断5、 权限体系对应的数据=select * from securit
4、y_groupinsert into security_group(group_id,description,last_updated_stamp,last_updated_tx_stamp,created_stamp,created_tx_stamp)values(ECOMMERCE_ADMIN,电子商务平台管理员,产业化办公室,sysdate,sysdate ,sysdate,sysdate);insert into security_group(group_id,description,last_updated_stamp,last_updated_tx_stamp,created_st
5、amp,created_tx_stamp)values(SUPPLIER,电子商务平台供应商,普通注册会员,sysdate,sysdate,sysdate ,sysdate);insert into security_group(group_id,description,last_updated_stamp,last_updated_tx_stamp,created_stamp,created_tx_stamp)values(ECOMMERCE_HEZUOSHE,合作社, sysdate,sysdate,sysdate,sysdate);insert into security_group(g
6、roup_id,description,last_updated_stamp,last_updated_tx_stamp,created_stamp,created_tx_stamp)values(ECOMMERCE_SUBSIDIARY,合作社下面的直销点 ,sysdate,sysdate,sysdate,sysdate);select * from role_type where role_type_id=SUPPLIERinsert into role_type(role_type_id,parent_type_id,has_table,description,last_updated_
7、stamp,last_updated_tx_stamp,created_stamp,created_tx_stamp)values(ECOMMERCE_ADMIN,N,电子商务管理员, sysdate,sysdate,sysdate,sysdate);insert into role_type(role_type_id,parent_type_id,has_table,description,last_updated_stamp,last_updated_tx_stamp,created_stamp,created_tx_stamp)values(ECOMMERCE_HEZUOSHE,ORGA
8、NIZATION_ROLE,N,合作社,sysdate,sysdate,sysdate,sysdate);insert into role_type(role_type_id,parent_type_id,has_table,description,last_updated_stamp,last_updated_tx_stamp,created_stamp,created_tx_stamp)values(ECOMMERCE_SUBSIDIARY,ORGANIZATION_ROLE,N,直销点,sysdate,sysdate,sysdate,sysdate);select * from secu
9、rity_permission WHERE permission_id like %ADMIN%insert into security_permission(permission_id,description) values(ECOMMERCE_ADMIN,管理和审核网站所有的模块);insert into security_permission(permission_id,description) values(ECOMMERCE_SHANGJI_ADMIN,管理和审核网站所有的商机信息);insert into security_permission(permission_id,desc
10、ription) values(ECOMMERCE_SHANGJI_SHOWALL,显示自己发布的及子公司发布的商机信息 );insert into security_permission(permission_id,description) values(ECOMMERCE_SHANGJI_SHOWME,显示自己发布自己的商机信息);insert into security_permission(permission_id,description) values(ECOMMERCE_CREATE_SUBSIDIARY,创建自己的下属单位);insert into security_permi
11、ssion(permission_id,description) values(ECOMMERCE_SHANGPIN_TONGJI,商品销售情况统计 );insert into security_permission(permission_id,description) values(ECOMMERCE_SHANGPIN_ADMIN,商品信息审核和管理);insert into security_permission(permission_id,description) values(ECOMMERCE_SHANGPIN_FABU,商品信息发布和修改 );select * from secur
12、ity_group_permissioninsert into security_group_permission(group_id,permission_id)select ECOMMERCE_ADMIN,permission_id from security_permission where permission_id like ECOMMERCE%;insert into security_group_permission(group_id,permission_id) values(SUPPLIER,ECOMMERCE_SHANGPIN_FABU);insert into securi
13、ty_group_permission(group_id,permission_id) values(SUPPLIER,ECOMMERCE_SHANGJI_SHOWME);insert into security_group_permission(group_id,permission_id) values(ECOMMERCE_HEZUOSHE,ECOMMERCE_SHANGPIN_FABU);insert into security_group_permission(group_id,permission_id) values(ECOMMERCE_HEZUOSHE,ECOMMERCE_CRE
14、ATE_SUBSIDIARY);insert into security_group_permission(group_id,permission_id) values(ECOMMERCE_HEZUOSHE,ECOMMERCE_SHANGJI_SHOWALL);select * from user_login_security_groupinsert into user_login_security_group(user_login_id,group_id,from_date) values(admin,ECOMMERCE_ADMIN,sysdate);7、 权限体系如何与电子商务平台进行整合
15、=按照权限体系整合的方式,应该在模板中和screen中都进行整合。考虑到电子商务平台周期比较紧张,目前只在菜单体系中进行整合。整合方式如下打开leftnew.ftl文件,增加判断,以会员管理为例。/huiyuanshenhe?lookupFlag=Y&showAll=Y“系统会员管理上面是会员管理的代码,我们在模板中进行判断/huiyuanshenhe?lookupFlag=Y&showAll=Y“系统会员管理权限类是OFBizSecurity.java,其关键几个方法如下:void clearUserData(GenericValue userLogin) 清除缓存的权限数据. java.u
16、til.Iterator findUserLoginSecurityGroupByUserLoginId(java.lang.String userLoginId) 返回用户所在的权限组列表。一个用户可能有好多个权限组. Delegator getDelegator() boolean hasEntityPermission(java.lang.String entity, java.lang.String action, HttpSession session) 用户是否具有对某个实体的相关操作权限 boolean hasPermission(java.lang.String permiss
17、ion, HttpSession session) 当前用户是否具有某个权限 boolean hasRolePermission(java.lang.String application, java.lang.String action, java.lang.String entityName, EntityCondition condition, GenericValue userLogin) Like hasEntityPermission above, this checks the specified action, as well as for “_ADMIN“ to allow f
18、or simplified general administration permission, but also checks action_ROLE and validates the user is a member for the application. boolean hasRolePermission(java.lang.String application, java.lang.String action, java.lang.String primaryKey, java.util.List roles, HttpSession session) Like hasEntity
19、Permission above, this checks the specified action, as well as for “_ADMIN“ to allow for simplified general administration permission, but also checks action_ROLE and validates the user is a member for the application. boolean hasRolePermission(java.lang.String application, java.lang.String action,
20、java.lang.String primaryKey, java.lang.String role, HttpSession session) Like hasEntityPermission above, this checks the specified action, as well as for “_ADMIN“ to allow for simplified general administration permission, but also checks action_ROLE and validates the user is a member for the application. boolean securityGroupPermissionExists(java.lang.String groupId, java.lang.String permission) Finds whether or not a SecurityGroupPermission row exists given a groupId and permission. void setDelegator(Delegator delegator)
