我正在构建一个市场应用程序。我正在设计应用程序。我有两种用户:
admin:执行管理任务的用户 禁用帐户,向用户添加信息,启用帐户,向用户发送消息,...
卖方:在网站上创建产品并将其出售的用户 创建产品,编辑产品,停用产品,更改价格
买家:购买产品的用户
所以它的用户: A-有自己的权利(允许做什么) B-有他自己的信息。卖方将拥有产品清单,而买方将拥有交易清单。
我使用Spring Security Framework管理用户身份验证和授权。我的应用程序是用Java / Hibernate / Spring / AngularJS / Bootstrap开发的。 我可以使用Spring安全管理权限。这不是问题。
我的问题是关于用户信息。拥有下表是否更好:
@Entity
@Table(name = "T_USER")
@Cache(usage = CacheConcurrencyStrategy.NONSTRICT_READ_WRITE)
@Inheritance(strategy=InheritanceType.JOINED)
public class User extends AbstractAuditingEntity implements Serializable {
@NotNull
@Size(min = 0, max = 50)
@Id
@Column(length = 50)
private String login;
@JsonIgnore
@Size(min = 0, max = 100)
@Column(length = 100)
private String password;
@Size(min = 0, max = 50)
@Column(name = "first_name", length = 50)
private String firstName;
@Size(min = 0, max = 50)
@Column(name = "last_name", length = 50)
private String lastName;
@Email
@Size(min = 0, max = 100)
@Column(length = 100)
private String email;
//others attributes,getters and setters
}
子类
@Entity
@Table(name = "T_ADMIN")
@Cache(usage = CacheConcurrencyStrategy.NONSTRICT_READ_WRITE)
public class Admin extends extends User{
// specific informations
}
@Entity
@Table(name = "T_SELLER")
@Cache(usage = CacheConcurrencyStrategy.NONSTRICT_READ_WRITE)
public class Seller extends extends User{
// specific informations
}
@Entity
@Table(name = "T_BUYER")
@Cache(usage = CacheConcurrencyStrategy.NONSTRICT_READ_WRITE)
public class Buyer extends User{
// specific informations
}
用户进行身份验证后,我可以使用以下userServiceDetails添加特定于用户类型的信息:
public class UserDetailServiceImpl implements UserDetailsService {
private UserDAO userdao;
public void setUserdao(UserDAO userdao) {
this.userdao = userdao;
}
// this class is used by spring controller to authenticate and authorize
// user
@Override
public UserDetails loadUserByUsername(String userId)
throws UsernameNotFoundException {
com.model.User u;
try {
u = userdao.get(userId);
if (u == null)
throw new UsernameNotFoundException("user name not found");
} catch (DAOException e) {
throw new UsernameNotFoundException("database error ");
}
return buildUserFromUserEntity(u);
}
private User buildUserFromUserEntity(com.model.User userEntity) {
// convert model user to spring security user
String username = userEntity.getUserId();
String password = userEntity.getPassword();
boolean enabled = true;
boolean accountNonExpired = true;
boolean credentialsNonExpired = true;
boolean accountNonLocked = true;
GrantedAuthority[] authorities = user.getAuthorities();
User user = null;
if(authorities[0].getName.equals("ROLE_ADMIN"){
user = new Admin(username, password, enabled,
accountNonExpired, credentialsNonExpired, accountNonLocked,
authorities);
// set admin informations
}
else if(authorities[0].getName.equals("ROLE_SELLER"){
user = new Seller(username, password, enabled,
accountNonExpired, credentialsNonExpired, accountNonLocked,
authorities);
// set seller informations
}
else if(authorities[0].getName.equals("ROLE_BUYER"){
user = new Buyer(username, password, enabled,
accountNonExpired, credentialsNonExpired, accountNonLocked,
authorities);
// set buyer informations
}
return user;
}
}
我想知道我的数据库设计关于用户层次结构是好的吗?
答案 0 :(得分:0)
我会说你继续执行它。
我唯一可以建议的是,如果您与卖方和买方进行查询,如果您将查询分成不同的表而不是一个表,查询将会更快。
答案 1 :(得分:0)
我不知道您的应用程序的规格,因此它可能完全正确,但您的设计不允许用户同时成为卖家和买家。
我认为如果您只为用户提供一个表格,并且在登录时为该用户组成一个角色列表,那么它将更灵活,因此用户可以拥有多个角色,每个角色都有自己的信息和关系。