1. Overview
1.概述
JHipster comes with two default roles – USER and ADMIN – but sometimes we need to add our own.
JHipster带有两个默认角色 – USER 和 ADMIN – 但有时我们需要添加自己的角色。
In this tutorial, we’ll create a new role named MANAGER that we can use to provide additional privileges to a user.
在本教程中,我们将创建一个名为MANAGER的新角色,我们可以用它来为用户提供额外权限。
Note that JHipster uses the term authorities somewhat interchangeably with roles. Either way, we essentially mean the same thing.
请注意,JHipster使用的术语authorities与roles有点互换。无论是哪种方式,我们的意思基本上都是一样的。
2. Code Changes
2.法规修改
The first step for creating a new role is to update the class AuthoritiesConstants. This file is automatically generated when we create a new JHipster application and contains constants for all the roles and authorities in the application.
创建一个新角色的第一步是更新AuthoritiesConstants类。当我们创建一个新的JHipster应用程序时,这个文件会自动生成,并包含应用程序中所有角色和权限的常量。
To create our new MANAGER role, we simply add a new constant into this file:
为了创建我们新的MANAGER角色,我们只需在这个文件中添加一个新的常量。
public static final String MANAGER = "ROLE_MANAGER";
3. Schema Changes
计划变更
The next step is to define the new role in our data store.
下一步是在我们的数据存储中定义新的角色。
JHipster supports a variety of persistent data stores and creates an initial setup task that populates the data store with users and authorities.
JHipster支持各种持久性数据存储,并创建一个初始设置任务,用用户和授权来填充数据存储。
To add a new role into the database setup, we must edit the InitialSetupMigration.java file. It already has a method called addAuthorities, and we simply add our new role into the existing code:
为了在数据库设置中添加一个新的角色,我们必须编辑InitialSetupMigration.java文件。它已经有一个名为addAuthorities的方法,我们只需将我们的新角色添加到现有代码中。
public void addAuthorities(MongoTemplate mongoTemplate) {
// Add these lines after the existing, auto-generated code
Authority managerAuthority = new Authority();
managerAuthority.setName(AuthoritiesConstants.MANAGER);
mongoTemplate.save(managerAuthority);
}
This example uses MongoDB, but the steps are very similar to the other persistent stores that JHipster supports.
这个例子使用MongoDB,但步骤与JHipster支持的其他持久性存储非常相似。
Note that some data stores, such as H2, rely solely on a file named authorities.csv, and thus do not have any generated code that requires updating.
注意,一些数据存储,如H2,只依赖于一个名为authorities.csv的文件,因此没有任何需要更新的生成代码。
4. Using Our New Role
4.使用我们的新角色
Now that we have a new role defined let’s look at how to use it in our code.
现在我们已经定义了一个新的角色,让我们看看如何在我们的代码中使用它。
4.1. Java Code
4.1. Java代码
On the backend, there are two primary ways to check if a user has the authority to perform an operation.
在后端,有两种主要方式来检查一个用户是否有权限执行某项操作。
First, we can modify SecurityConfiguration if we want to limit access to a particular API:
首先,如果我们想限制对某个特定API的访问,我们可以修改SecurityConfiguration。
public void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/management/**").hasAuthority(AuthoritiesConstants.MANAGER);
}
Second, we can use SecurityUtils anywhere in our application to check if a user is in a role:
第二,我们可以在应用程序的任何地方使用SecurityUtils来检查一个用户是否在一个角色中。
if (SecurityUtils.isCurrentUserInRole(AuthoritiesConstants.MANAGER)) {
// perform some logic that is applicable to manager role
}
4.2. Front-End
4.2 前端
JHipster provides two ways to check for roles on the front-end. Note that these examples use Angular, but similar constructs exist for React.
JHipster提供了两种方法来检查前端的角色。注意,这些例子使用的是Angular,但React也有类似的结构。
First, any element in a template can use the *jhiHasAnyAuthority directive. It accepts a single string or array of strings:
首先,模板中的任何元素都可以使用*jhiHasAnyAuthority 指令。它接受一个单一的字符串或字符串数组。
<div *jhiHasAnyAuthority="'ROLE_MANAGER'">
<!-- manager related code here -->
</div>
Second, the Principal class can check if a user has a particular role:
第二,Principal类可以检查一个用户是否有一个特定的角色。
isManager() {
return this.principal.identity()
.then(account => this.principal.hasAnyAuthority(['ROLE_MANAGER']));
}
5. Conclusion
5.总结
In this article, we’ve seen how simple it is to create new roles and authorities in JHipster. While the default USER and ADMIN roles are a great starting point for most applications, additional roles provide more flexibility.
在这篇文章中,我们已经看到了在JHipster中创建新的角色和权限是多么简单。虽然默认的USER和ADMIN角色对大多数应用程序来说是一个很好的起点,但额外的角色可以提供更多的灵活性。
With additional roles, we have greater control over which users can access APIs and what data they can see in the front-end.
有了额外的角色,我们可以更好地控制哪些用户可以访问API以及他们在前端可以看到哪些数据。
As always, the code is available over on GitHub.
一如既往,代码可在GitHub上获得。