权限控制修改

src/main/java/com/kingkong/bljs/service/ModuleService.java

@@ -111,7 +111,7 @@ public class ModuleService {
      * @param mcode 模块避难
      * @return
      */
-    //@PrivChecker(name = "#name",code = "#mid")
+    @PrivChecker(name = "#name",code = "#mid")
     public Map getData(String mid,String name, JObject querier) throws Exception{
         //String strSQL = this.getSource(mid,name);
         Map item = this.getSource(mid,name);

src/main/java/com/kingkong/bljs/service/PrivService.java

@@ -54,10 +54,9 @@ public class PrivService {
 //                if(item.get("name").toString().equals(name) && item.get("action").toString().equals(action))
 //                    return true;
             }
-            else if(0 == type){ //数据源,淘汰不用
-//                if( item.get("m_id").toString().equals(code) && item.get("name").toString().equals(name)
-//                        && item.get("action").toString().equals(action))
-//                    return true;
+            else if(0 == type){ // 数据源访问
+                if( item.get("m_id").toString().equals(code) && item.get("name").toString().equals(name))
+                    return true;
             } else if(2 == type){// url资源,淘汰不用
 //                if(item.get("name").toString().equals(name)){
 //                    return true;
@@ -71,7 +70,7 @@ public class PrivService {
 //                    return  true;
 //                }
             } else if( 6 == type ){
-                if(item.get("code").toString().equals(code) && item.get("method").toString().equals(name))
+                if(item.get("code").toString().equals(code) && item.get("name").toString().equals(name))
                     return true;
             }
 

src/main/java/com/kingkong/bljs/service/UserService.java

@@ -233,10 +233,10 @@ public class UserService {
 
             moduleCache.add(module);
 
-            String strSQL = "select  z.*\n" +
-                            "from k_module_priv t,k_module_priv_detail z\n" +
+            String strSQL = "select  z.type,z.name,z.code,a.id m_id \n" +
+                            "from k_module_priv t,k_module_priv_detail z,k_module a\n" +
                             "where t.m_code='{0}' and t.code = z.code\n" +
-                            "      and t.code = t.m_code";
+                            "      and t.code = t.m_code and a.code = t.m_code";
             List<Map> list = queryService.select(strSQL,module);
             load(list);
         }
@@ -254,6 +254,8 @@ public class UserService {
                 }
                 else if(type.equals("7")) { // api group
                     loadApiGroup(name);
+                }else{ //其他角色，直接加入
+                    privs.add(map);
                 }
             }
         }
@@ -278,7 +280,7 @@ public class UserService {
 
         //加载API
         private void loadApi(String apiId) {
-            String strSQL = "select code,method from k_api where id={0}";
+            String strSQL = "select 6 type,method name,code,0 m_id from k_api where id={0}";
             List<Map> list = queryService.select(strSQL,apiId);
 
             privs = ListUtil.merge(privs,list);