离职
最近被裁员离职找工作,发现现在这个行业真是越来越卷,前端知识点又多又杂,你不费点心思是真的记不住,前脚记住了,可能过几天又忘了(可能是岁数有点大了)。毕竟还没到35还想吃这口饭,以前总是在混日子,但是现在看来再混下去,我的职业生涯就不久矣了。正好离职这段出时间忙活点自己的事情,整理了一些知识点,我想通过写文章的方式,深刻的记住它,也能给广大倔友一点点启发。
前端路由权限
今天我想给大家讲的是前端权限,也是面试的时候面试官爱问的问题。
步骤一
首先在你的路由配置文件里也就是index.js,通过meta(meta的定义:简单来说就是路由元信息,也就是每个路由身上携带的信息)对象里配置自定义字段,这里我定义的是角色数组,里面是当前登录用户的角色的key。
{
path: '/highendProduct',
component: Layout,
meta: {
title: '高端产品管理',
roles: [
'ROLE_cromwell_admin',
'ROLE_cromwell_financialProduct_management'
]
},
步骤二
在你Vue项目里main.js 引入 permission.js,这里面用到了进度条组件,感兴趣的小伙伴可以去研究一下。下面都是英语注释,我就不喂到嘴里了,想看的小伙伴自己去查吧。别懒,哈哈!
import router from './router'
import store from './store'
import { Message } from 'element-ui'
import NProgress from 'nprogress' // progress bar
import 'nprogress/nprogress.css' // progress bar style
import { getToken } from '@/utils/auth' // get token from cookie
import getPageTitle from '@/utils/get-page-title'
NProgress.configure({ showSpinner: false }) // NProgress Configuration
const whiteList = ['/login'] // no redirect whitelist
router.beforeEach(async(to, from, next) => {
// start progress bar
NProgress.start()
// set page title
document.title = getPageTitle(to.meta.title)
// determine whether the user has logged in
const hasToken = getToken()
if (hasToken) {
if (to.path === '/login') {
// if is logged in, redirect to the home page
next({ path: '/' })
NProgress.done()
} else {
// determine whether the user has obtained his permission roles through getInfo
const hasRoles = store.getters.roles && store.getters.roles.length > 0
if (hasRoles) {
next()
} else {
try {
// get user info
// note: roles must be a object array! such as: ['admin'] or ,['developer','editor']
const { roles } = await store.dispatch('user/getInfo')
// generate accessible routes map based on roles
const accessRoutes = await store.dispatch('permission/generateRoutes', roles)
// dynamically add accessible routes
router.addRoutes(accessRoutes)
// hack method to ensure that addRoutes is complete
// set the replace: true, so the navigation will not leave a history record
next({ ...to, replace: true })
} catch (error) {
// remove token and go to login page to re-login
await store.dispatch('user/resetToken')
Message.error(error || 'Has Error')
next(`/login?redirect=${to.path}`)
NProgress.done()
}
}
}
} else {
/* has no token*/
if (whiteList.indexOf(to.path) !== -1) {
// in the free login whitelist, go directly
next()
} else {
// other pages that do not have permission to access are redirected to the login page.
next(`/login?redirect=${to.path}`)
NProgress.done()
}
}
})
router.afterEach(() => {
// finish progress bar
NProgress.done()
})
这么多代码其实核心的代码就3行,用vuex获取的里面写的是获取用户信息的接口,拿到用户角色权限的数据。传入permission/generateRoutes这个VueX的方法里,来获取当前用户所匹配的路由。
// get user info
// note: roles must be a object array! such as: ['admin'] or ,['developer','editor']
const { roles } = await store.dispatch('user/getInfo')
// generate accessible routes map based on roles
const accessRoutes = await store.dispatch('permission/generateRoutes', roles)
// dynamically add accessible routes
router.addRoutes(accessRoutes)
步骤三
我们看看permission/generateRoute里面是怎么实现的。其实就是通过接口返回的用户角色信息的字段key来和路由里meta对象roles匹配,来获取当前用户能看见的路由页面。通过步骤一的核心代码添加到路由里。
import { asyncRoutes, constantRoutes } from '@/router'
/**
* Use meta.role to determine if the current user has permission
* @param roles
* @param route
*/
function hasPermission(roles, route) {
if (route.meta && route.meta.roles) {
return roles.some(role => route.meta.roles.includes(role))
} else {
return true
}
}
/**
* Filter asynchronous routing tables by recursion
* @param routes asyncRoutes
* @param roles
*/
export function filterAsyncRoutes(routes, roles) {
const res = []
routes.forEach(route => {
const tmp = { ...route }
if (hasPermission(roles, tmp)) {
if (tmp.children) {
tmp.children = filterAsyncRoutes(tmp.children, roles)
}
res.push(tmp)
}
})
return res
}
const state = {
routes: [],
addRoutes: []
}
const mutations = {
SET_ROUTES: (state, routes) => {
state.addRoutes = routes
state.routes = constantRoutes.concat(routes)
}
}
const actions = {
generateRoutes({ commit }, roles) {
return new Promise(resolve => {
let accessedRoutes
if (roles.includes('ROLE_cromwell_admin')) {
accessedRoutes = asyncRoutes || []
} else {
accessedRoutes = filterAsyncRoutes(asyncRoutes, roles)
}
commit('SET_ROUTES', accessedRoutes)
resolve(accessedRoutes)
resolve(accessedRoutes)
})
}
}
export default {
namespaced: true,
state,
mutations,
actions
}
然后面试官接着会问,那权限按钮你是怎么配置的?饿。。。。。。,不知道。那你就错过了一次工作机会,哈哈。其实也不难。就是还是接口返回的权限字段和你页面传入的key相互匹配来判断是否能看到按钮。
export default function checkPermission(value) {
if (value && value instanceof Array && value.length > 0) {
const roles = store.getters && store.getters.roles
const permissionRoles = value
const hasPermission = roles.some(role => {
return permissionRoles.includes(role)
})
if (!hasPermission) {
return false
}
return true
} else {
console.error(`need roles! Like v-permission="['admin','editor']"`)
return false
}
}
<el-tooltip
v-if="checkPermission(['ROLE_cromwell_admin', 'ROLE_cromwell_otherland_combine_reviewer'])"
class="item"
effect="dark"
content="取消归户"
placement="top-start
">
<el-button :disabled="combineStatus" type="primary" size="mini" circle @click="removeCombine(scope.row)">
<svg-icon icon-class="cancelCombine" />
</el-button>
</el-tooltip>
结束
希望离职的小伙伴,能够有个好心态,积极的面对生活,挺过这段煎熬的日子,拿到满意的 offer。 end...
