Spring boot 获取用户在jhipster中删除时的权限
我需要获得我要删除的用户的权限。我的尝试如下Spring boot 获取用户在jhipster中删除时的权限,spring-boot,spring-security,jhipster,Spring Boot,Spring Security,Jhipster,我需要获得我要删除的用户的权限。我的尝试如下 @DeleteMapping("/users/{login:" + Constants.LOGIN_REGEX + "}") @Timed @Secured({AuthoritiesConstants.ADMIN, AuthoritiesConstants.LECTURER}) public ResponseEntity<Void> deleteUser(@PathVariable String login) { log.debu
@DeleteMapping("/users/{login:" + Constants.LOGIN_REGEX + "}")
@Timed
@Secured({AuthoritiesConstants.ADMIN, AuthoritiesConstants.LECTURER})
public ResponseEntity<Void> deleteUser(@PathVariable String login) {
log.debug("REST request to delete User: {}", login);
boolean hasAuthorityAdmin = false;
boolean hasAuthorityMember = false;
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
hasAuthorityAdmin = authorities.contains(new SimpleGrantedAuthority(AuthoritiesConstants.ADMIN));
hasAuthorityMember = authorities.contains(new SimpleGrantedAuthority(AuthoritiesConstants.MEMBER));
if (hasAuthorityAdmin) {
// delete user
userService.deleteUser(login);
} else {
if (hasAuthorityMember) {
// delete user if it is a student
if (**x**.contains(AuthoritiesConstants.STUDENT)) {
userService.deleteUser(login);
}
}
}
return ResponseEntity.ok().headers(HeaderUtil.createAlert("userManagement.deleted", login)).build();
}
我需要一个方法来检索它,而不是x?这意味着我需要检索要删除的权限。所以任何人都知道。这在userResource.java中。有人能帮我写代码吗
假设我以成员身份登录。然后我要删除学生。因此,当我单击学生记录的“删除”按钮时,应该能够通过一种方法获取角色\u学生。这应该可以做到:
if (hasAuthorityMember) {
Optional<User> user = userService.getUserWithAuthoritiesByLogin(login);
Set<Authority> currentUserAuthorities = user.get().getAuthorities();
for(Authority auth : currentUserAuthorities) {
// delete user if it is a student
if(auth.getName().equals(AuthoritiesConstants.STUDENT)) {
userService.deleteUser(login);
}
}
}
使用UserService,您可以通过用户的登录获得用户及其权限,对于每个权限(如果有多个权限),我们会检查权限的名称。如果对应于Student,则删除该用户。我需要一个方法来检索它,而不是x-您要检索哪个?我需要获取分配给我要删除的用户的权限列表。我认为您应该从db中提取用户角色信息。SecurityContextHolder与ThreadLocal绑定,因此在不访问数据库的情况下无法检索。您能帮我了解代码吗?我不太了解你的数据库模式。也许,这个过程可以是:从userRole表中按用户id拉角色->检查角色是否存在->决定删除