Creating New Roles and Authorities in JHipster – 在JHipster中创建新的角色和权限

最后修改: 2019年 2月 24日

中文/混合/英文(键盘快捷键:t)

1. Overview

1.概述

JHipster comes with two default roles – USER and ADMIN – but sometimes we need to add our own.

JHipster带有两个默认角色 – USER 和 ADMIN – 但有时我们需要添加自己的角色。

In this tutorial, we’ll create a new role named MANAGER that we can use to provide additional privileges to a user.

在本教程中,我们将创建一个名为MANAGER的新角色,我们可以用它来为用户提供额外权限。

Note that JHipster uses the term authorities somewhat interchangeably with roles. Either way, we essentially mean the same thing.

请注意,JHipster使用的术语authoritiesroles有点互换。无论是哪种方式,我们的意思基本上都是一样的。

2. Code Changes

2.法规修改

The first step for creating a new role is to update the class AuthoritiesConstants. This file is automatically generated when we create a new JHipster application and contains constants for all the roles and authorities in the application.

创建一个新角色的第一步是更新AuthoritiesConstants类。当我们创建一个新的JHipster应用程序时,这个文件会自动生成,并包含应用程序中所有角色和权限的常量。

To create our new MANAGER role, we simply add a new constant into this file:

为了创建我们新的MANAGER角色,我们只需在这个文件中添加一个新的常量。

public static final String MANAGER = "ROLE_MANAGER";

3. Schema Changes

计划变更

The next step is to define the new role in our data store.

下一步是在我们的数据存储中定义新的角色。

JHipster supports a variety of persistent data stores and creates an initial setup task that populates the data store with users and authorities.

JHipster支持各种持久性数据存储,并创建一个初始设置任务,用用户和授权来填充数据存储。

To add a new role into the database setup, we must edit the InitialSetupMigration.java file. It already has a method called addAuthorities, and we simply add our new role into the existing code:

为了在数据库设置中添加一个新的角色,我们必须编辑InitialSetupMigration.java文件。它已经有一个名为addAuthorities的方法,我们只需将我们的新角色添加到现有代码中。

public void addAuthorities(MongoTemplate mongoTemplate) {
    // Add these lines after the existing, auto-generated code
    Authority managerAuthority = new Authority();
    managerAuthority.setName(AuthoritiesConstants.MANAGER);
    mongoTemplate.save(managerAuthority);
}

This example uses MongoDB, but the steps are very similar to the other persistent stores that JHipster supports.

这个例子使用MongoDB,但步骤与JHipster支持的其他持久性存储非常相似。

Note that some data stores, such as H2, rely solely on a file named authorities.csv, and thus do not have any generated code that requires updating.

注意,一些数据存储,如H2,只依赖于一个名为authorities.csv的文件,因此没有任何需要更新的生成代码。

4. Using Our New Role

4.使用我们的新角色

Now that we have a new role defined let’s look at how to use it in our code.

现在我们已经定义了一个新的角色,让我们看看如何在我们的代码中使用它。

4.1. Java Code

4.1. Java代码

On the backend, there are two primary ways to check if a user has the authority to perform an operation.

在后端,有两种主要方式来检查一个用户是否有权限执行某项操作。

First, we can modify SecurityConfiguration if we want to limit access to a particular API:

首先,如果我们想限制对某个特定API的访问,我们可以修改SecurityConfiguration

public void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()
            .antMatchers("/management/**").hasAuthority(AuthoritiesConstants.MANAGER);
}

Second, we can use SecurityUtils anywhere in our application to check if a user is in a role:

第二,我们可以在应用程序的任何地方使用SecurityUtils来检查一个用户是否在一个角色中。

if (SecurityUtils.isCurrentUserInRole(AuthoritiesConstants.MANAGER)) {
    // perform some logic that is applicable to manager role
}

4.2. Front-End

4.2 前端

JHipster provides two ways to check for roles on the front-end. Note that these examples use Angular, but similar constructs exist for React.

JHipster提供了两种方法来检查前端的角色。注意,这些例子使用的是Angular,但React也有类似的结构。

First, any element in a template can use the *jhiHasAnyAuthority directive. It accepts a single string or array of strings:

首先,模板中的任何元素都可以使用*jhiHasAnyAuthority 指令。它接受一个单一的字符串或字符串数组。

<div *jhiHasAnyAuthority="'ROLE_MANAGER'">
    <!-- manager related code here -->
</div>

Second, the Principal class can check if a user has a particular role:

第二,Principal类可以检查一个用户是否有一个特定的角色。

isManager() {
    return this.principal.identity()
      .then(account => this.principal.hasAnyAuthority(['ROLE_MANAGER']));
}

5. Conclusion

5.总结

In this article, we’ve seen how simple it is to create new roles and authorities in JHipster. While the default USER and ADMIN roles are a great starting point for most applications, additional roles provide more flexibility.

在这篇文章中,我们已经看到了在JHipster中创建新的角色和权限是多么简单。虽然默认的USER和ADMIN角色对大多数应用程序来说是一个很好的起点,但额外的角色可以提供更多的灵活性。

With additional roles, we have greater control over which users can access APIs and what data they can see in the front-end.

有了额外的角色,我们可以更好地控制哪些用户可以访问API以及他们在前端可以看到哪些数据。

As always, the code is available over on GitHub.

一如既往,代码可在GitHub上获得。