web权限验证（不知道有没有更好的方式）

原创

晴天MZ 2023-03-01 00:29:32 博主文章分类：金蝶waf2 ©著作权

©著作权归作者所有：来自51CTO博客作者晴天MZ的原创作品，请联系作者获取转载授权，否则将追究法律责任

前端：

saveBefore:function(e){
        var flag=true;
        waf.ajax({
        url:waf.getContextPath() + "/demo/demoEdit.do?method=checkPression",
        data:{permissionItem:"bzd_save"}, //传参
        type:'post',
        dataType:'',
        async:false,
        success:function(data){
            if(data.data==true){
     
      }else{
        _self.showMessage("您没有当前组织下报账单的保存权限 ！");
        flag=false;
        
      }
        }
            });
      return flag;
        }

后端验证

//waf2权限验证
  @RequestMapping(params = { "method=checkPression" })
  @ResponseBody
  public void checkPression(HttpServletRequest request,
      HttpServletResponse response, ModelMap model) throws Exception {
    String permissionItem = request.getParameter("permissionItem"); // 权限编码
    if(StringUtil.isEmpty(permissionItem)){
        JSONUtils.SUCCESS( false);
    }else{
      Context context = WafContext.getInstance().getContext();
      CoreBaseInfo userinfo = UserFactory.getRemoteInstance().getValue(
          WafContext.getInstance().getContext().getCaller());
        CompanyOrgUnitInfo CompanyOrgUnitInfo = (CompanyOrgUnitInfo) context.get(OrgType.Company);
        BOSUuid CurOrgPkid = CompanyOrgUnitInfo.getId();
        BOSUuid userPkid = userinfo.getId();
        ObjectUuidPK CurOrgPk = new ObjectUuidPK(BOSUuid.read(CurOrgPkid.toString()));
        ObjectUuidPK userPk = new ObjectUuidPK(BOSUuid.read(userPkid.toString()));
      boolean hasFunctionPermission = PermissionFactory.getRemoteInstance().hasFunctionPermission(userPk, CurOrgPk, permissionItem);
      
      JSONUtils.SUCCESS( hasFunctionPermission);
    }
     
  }