[英]CQ5: How can I propagate a logged-in user's security context to an integrated web application?
[英]Android/MySQL: how can I display data based on the department associated with the logged-in user?
我正在为工厂中的员工(用户)创建一个应用程序。 该应用程序需要由用户登录。 登录后,在下一页上,微调器值基于用户部门。 如果用户来自IT部门,则微调器将填充IT部门所有“经理”姓名的列表。 同样,当用户来自工程部门时,微调器将填充工程部门中所有经理的姓名列表。 问题是,当前,微调器将列出所有部门的所有经理。 如何调整代码以仅显示用户部门的经理姓名?
用户登录并列出“ mysuggestion”的php代码:
<?php
require_once 'dbConnect.php';
$response = array();
if(isset($_GET['apicall'])){
if(isTheseParametersAvailable(array('username', 'password', 'approver'))){
$username = $_POST['username'];
$password = $_POST['password'];
$approver = $_POST['approver'];
$stmt = $conn->prepare("SELECT users.id, users.name, users.badgeid, users.position, users.department, users.factory,
mysuggestion.reviewer, mysuggestion.title, mysuggestion.year, mysuggestion.month, mysuggestion.suggestionwill, mysuggestion.present,
mysuggestion.details, mysuggestion.benefit, mysuggestion.photo, mysuggestion.status, mysuggestion.comment
FROM users left JOIN mysuggestion on users.badgeid = mysuggestion.badgeid
WHERE users.username = ? AND users.password = ? AND users.approver = ? ORDER BY mysuggestion.id DESC;");
$stmt->bind_param("sss",$username, $password, $approver);
$stmt->execute();
$stmt->store_result();
if($stmt->num_rows > 0){
$stmt->bind_result($id, $name, $badgeid, $position, $department, $factory, $reviewer, $title, $year, $month, $suggestionwill, $present, $details, $benefit, $photo, $status ,$comment);
$stmt->fetch();
$user = array(
'id'=>$id,
'name'=>$name,
'badgeid'=>$badgeid,
'position'=>$position,
'department'=>$department,
'factory'=>$factory,
'reviewer'=>$reviewer,
'title'=>$title,
'year'=>$year,
'month'=>$month,
'suggestionwill'=>$suggestionwill,
'present'=>$present,
'details'=>$details,
'benefit'=>$benefit,
'photo'=>$photo,
'status'=>$status,
'comment'=>$comment
);
$response['error'] = false;
$response['message'] = 'Login successfull';
$response['user'] = $user;
}else{
$response['error'] = false;
$response['message'] = 'The data that you insert is not match !!';
}
}
}else{
$response['error'] = true;
$response['message'] = 'Invalid API Call';
}
echo json_encode($response);
function isTheseParametersAvailable($params){
foreach($params as $param){
if(!isset($_POST[$param])){
return false;
}
}
return true;
}
php将数据从mysql填充到微调器:
<?php
$sql = "SELECT * FROM users WHERE approver = 'Reviewer';";
require_once('dbConnect.php');
$r = mysqli_query($conn,$sql);
$reviewer= array();
while($row = mysqli_fetch_array($r)){
array_push($reviewer,array(
'id'=>$row['id'],
'name'=>$row['name'],
'badgeid'=>$row['badgeid']
));
}
echo json_encode(array('result'=>$reviewer));
mysqli_close($conn);
微调器所在的Java代码
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_new_suggestion);
final ActionBar abar = getSupportActionBar();
View viewActionBar = getLayoutInflater().inflate(R.layout.activity_new_suggestion, null);
ActionBar.LayoutParams params = new ActionBar.LayoutParams(//Center the textview in the ActionBar !
ActionBar.LayoutParams.WRAP_CONTENT,
ActionBar.LayoutParams.MATCH_PARENT,
Gravity.CENTER);
TextView tvTitle = viewActionBar.findViewById(R.id.title);
tvTitle.setText("NEW SUGGESTION");
abar.setCustomView(viewActionBar, params);
abar.setDisplayShowCustomEnabled(true);
abar.setDisplayShowTitleEnabled(false);
//abar.setDisplayHomeAsUpEnabled(true);
abar.setHomeButtonEnabled(true);
final SharedPreferences sharedPref = getSharedPreferences("MyData", MODE_PRIVATE);
etTitle = findViewById(R.id.etTitle);
etTitle.setText(sharedPref.getString("title", ""));
etTitle.addTextChangedListener(new TextWatcher() {
@Override
public void onTextChanged(CharSequence s, int start, int before, int count)
{
}
@Override
public void beforeTextChanged(CharSequence s, int start, int count, int after)
{
}
@Override
public void afterTextChanged(Editable s)
{
sharedPref.edit().putString("benefit", s.toString()).apply();
}
});
etYear = findViewById(R.id.etYear);
etMonth = findViewById(R.id.etMonth);
rgSuggestWill =findViewById(R.id.rgSuggestWill);
reviewer = new ArrayList<>();
final Calendar c = Calendar.getInstance();
String mm = c.getDisplayName(Calendar.MONTH, Calendar.LONG, Locale.US);
int yy = c.get(Calendar.YEAR);
etYear.setText(new StringBuilder().append(yy));
etMonth.setText(new StringBuilder().append(mm));
spReviewer = findViewById(R.id.spReviewer);
getData();
btnNext = findViewById(R.id.btnNext);
btnNext.setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View v) {
SharedPreferences sharedPref = getSharedPreferences("MyData",MODE_PRIVATE);
SharedPreferences.Editor editor = sharedPref.edit();
editor.putString("title",etTitle.getText().toString());
editor.putString("year",etYear.getText().toString());
editor.putString("month",etMonth.getText().toString());
int selectedId = rgSuggestWill.getCheckedRadioButtonId();
radioButton = findViewById(selectedId);
editor.putString("suggestionwill",radioButton.getText().toString());
editor.putString("reviewer",spReviewer.getSelectedItem().toString());
editor.putString("status", "Pending");
editor.apply();
Intent intent = new Intent(NewSuggestion.this, NewSuggestion2.class);
startActivity(intent);
}
});
}
private void getData(){
//Creating a string request
StringRequest stringRequest = new StringRequest(URLs.URL_SPINNER,
new Response.Listener<String>() {
@Override
public void onResponse(String response) {
JSONObject j = null;
try {
//Parsing the fetched Json String to JSON Object
j = new JSONObject(response);
//Storing the Array of JSON String to our JSON Array
result = j.getJSONArray(JSON_ARRAY);
//Calling method getStudents to get the students from the JSON Array
getReviewers(result);
} catch (JSONException e) {
e.printStackTrace();
}
}
},
new Response.ErrorListener() {
@Override
public void onErrorResponse(VolleyError error) {
}
});
//Creating a request queue
RequestQueue requestQueue = Volley.newRequestQueue(this);
//Adding request to the queue
requestQueue.add(stringRequest);
}
private void getReviewers(JSONArray j){
//Traversing through all the items in the json array
for(int i=0;i<j.length();i++){
try {
//Getting json object
JSONObject json = j.getJSONObject(i);
//Adding the name of the student to array list
reviewer.add(json.getString(TAG_NAME));
} catch (JSONException e) {
e.printStackTrace();
}
}
//Setting adapter to show the items in the spinner
spReviewer.setAdapter(new ArrayAdapter<String>(NewSuggestion.this, android.R.layout.simple_spinner_dropdown_item, reviewer));
}
//Method to get student name of a particular position
private String getName(int position){
String name="";
try {
//Getting object of given index
JSONObject json = result.getJSONObject(position);
//Fetching name from that object
name = json.getString(TAG_NAME);
} catch (JSONException e) {
e.printStackTrace();
}
//Returning the name
return name;
}
//Doing the same with this method as we did with getName()
private String getCourse(int position){
String course="";
try {
JSONObject json = result.getJSONObject(position);
course = json.getString(TAG_BADGEID);
} catch (JSONException e) {
e.printStackTrace();
}
return course;
}
@Override
public void onBackPressed() {
SharedPreferences sharedPref = getSharedPreferences("MyData", MODE_PRIVATE);
SharedPreferences.Editor editor = sharedPref.edit();
editor.putString("title", etTitle.getText().toString());
editor.apply();
super.onBackPressed();
Intent intent = new Intent(NewSuggestion.this, DashboardApp.class);
startActivity(intent);
}
如何为每个用户登录名分配department
?
然后在经理表中添加一个department_id
所以
表1 Users
ID | 姓名| 部门编号| 用户名| 密码(加密)| 等等...
表2 Department
部门ID | 部门名称
表3 Manager
ID | 经理姓名| 部门编号
然后在查询where
应添加新的where
语句:
$stmt = $conn->prepare("SELECT users.id, users.name, users.badgeid, users.position, users.department, users.factory,
mysuggestion.reviewer, mysuggestion.title, mysuggestion.year, mysuggestion.month, mysuggestion.suggestionwill, mysuggestion.present,
mysuggestion.details, mysuggestion.benefit, mysuggestion.photo, mysuggestion.status, mysuggestion.comment
FROM users left JOIN mysuggestion on users.badgeid = mysuggestion.badgeid
WHERE users.username = ? AND users.password = ? AND users.approver = ?
AND users.department_id = '{department_id}'
ORDER BY mysuggestion.id DESC;");
我的建议(尽管这也取决于任务的规格)
将所有用户和登录凭据存储在一个表中,并按department
(IT / Engineering / etc ...)和roles
(Users / Manager / etc ...)区分它们
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.