Question

我是编程世界的新手，我喜欢它。

我在Query.Filter运算符上遇到了一些不同角色的问题。

管理员 - 管理员可以查看所有离开历史记录
主管 - 主管可以查看他/她下的所有员工
员工 - 员工只能查看自己的休假历史

从我做过的测试开始。管理员和员工工作正常，我遇到的问题是主管，主管能够查看他/她下面的员工，但无法查看自己的休假历史。

这里是代码的一部分，感谢任何人都可以帮助我。谢谢

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException {
    log.debug(ViewHistory.class);
    DataTableModel dataTableModel = DataTablesUtility.getParam(request);
    String regionSelected = request.getParameter("cri_region");
    String sEcho = dataTableModel.sEcho;
    int iTotalRecords = 0; // total number of records (unfiltered)
    int iTotalDisplayRecords = 0; //value will be set when code filters companies by keyword
    JsonArray data = new JsonArray(); //data that will be shown in the table

    String emailAddress = (String)request.getSession().getAttribute("emailAdd");
    Boolean isAdmin = false;
    Boolean isSupervisor = false;

    AdministratorService as = new AdministratorService();
    for(Administrator admin : as.getAdministrators()){
        if(admin.getEmailAddress().equalsIgnoreCase(emailAddress)){
            isAdmin = true;
        }
    }

    SupervisorService ss = new SupervisorService();
    for(Supervisor s : ss.getSupervisors()){
        if(s.getEmailAddress().equalsIgnoreCase(emailAddress)){
            isSupervisor = true;
        }
    }

    DatastoreService datastore = DatastoreServiceFactory.getDatastoreService();
    Query q = new Query(History.class.getSimpleName());
            // only admin can view all leave history
            if(!isAdmin && !isSupervisor){
                Filter emailFilter = new FilterPredicate("emailAdd",
                        FilterOperator.EQUAL,
                        emailAddress);
                Filter regionFilter = new FilterPredicate("region",
                        FilterOperator.EQUAL,
                        StringUtils.defaultString(regionSelected, "Singapore"));
                Filter filter = CompositeFilterOperator.and(emailFilter, regionFilter);
                q.setFilter(filter);
            }
            else if(!isAdmin && isSupervisor){
                List<String> list = new ArrayList<String>();
                EmployeeService es = new EmployeeService();
                for(Employee emp : es.getEmployees()){
                    if(emailAddress.equalsIgnoreCase(emp.getSupervisor())){
                        list.add(emp.getEmailAddress());
                    }
                }

                // if some one under this supervisor
                if(list != null && !list.isEmpty()){
                    Filter filter = new FilterPredicate("emailAdd",
                            FilterOperator.IN,
                            list);
                    q.setFilter(filter);
                }
                else{
                    // if not one under this supervisor , put update it self to avoid illegal argument
                    Filter filter = new FilterPredicate("emailAdd",
                            FilterOperator.EQUAL,
                            emailAddress);
                    q.setFilter(filter);
                }

            }

    List<History> historyList = new LinkedList<History>();
    List<History> entityList = new LinkedList<History>();

Answer 1

编辑：更新了建议。

如果目前为主管，您可以正确获取将他作为主管的所有员工的列表，那么只需将主管的电子邮件添加到您将用作查询请假历史的过滤器的列表中。因此，在找到员工电子邮件列表后，还要添加：

list.add(emailAddress);  //since emailAddress will be the email of the supervisor

Query.FilterOperator用于不同的角色

1 个答案: