public void Permit(int userId, ACLROLETYPE roleType, int resourceId, ACLOPERATION operation)
{
// user have to have write privilege on resource
CACLEntity acl = new CACLEntity();
acl.Acl_Resource = resourceId;
acl.Acl_Operation = (int)ACLOPERATION.WRITE;
if (!CheckPrivilege(acl))
{
throw new Exception("没有写权限");
}
List <CACLEntity> userAcls = new List <CACLEntity>();
if (roleType == ACLROLETYPE.USERROLE)
{
CUserEntity user = new CUserEntity(ConnString).Load(userId);
userAcls = user.GetUserACLs();
}
else if (roleType == ACLROLETYPE.GROUPROLE)
{
CGroupEntity group = new CGroupEntity(ConnString).Load(userId);
userAcls = group.GetGroupACLs();
}
// check if this acl conflicts with others
CResourceEntity resource = new CResourceEntity(ConnString).Load(resourceId);
foreach (CACLEntity userAcl in userAcls)
{
if (resource.IsChild(userAcl.Acl_Resource) && userAcl.Acl_Operation == (int)operation)
{
throw new Exception("与其他权限冲突");
}
}
// create acl
CACLEntity acl1 = new CACLEntity(ConnString);
acl1.Acl_Resource = resourceId;
acl1.Acl_Role = userId;
acl1.Acl_RType = (int)roleType;
acl1.Acl_Operation = (int)operation;
acl1.Acl_Creator = this.Usr_Id;
acl1.Acl_CreateTime = DateTime.Now;
acl1.Insert();
// remove all child privileges
foreach (CACLEntity ua in userAcls)
{
resource = new CResourceEntity(ConnString).Load(ua.Acl_Resource);
if (resource.IsChild(resourceId) && ua.Acl_Operation == (int)operation)
{
ua.Delete();
}
}
}
public void Deny(int userId, ACLROLETYPE roleType, int resourceId, ACLOPERATION operation)
{
// user have to have write privilege on resource
CACLEntity acl = new CACLEntity();
acl.Acl_Resource = resourceId;
acl.Acl_Operation = (int)ACLOPERATION.WRITE;
if (!CheckPrivilege(acl))
{
throw new Exception("没有写权限");
}
String filter = "this.Acl_Resource=" + resourceId + " and this.Acl_Operation=" + (int)operation;
filter += " and this.Acl_Role=" + userId + " and this.Acl_RType=" + (int)roleType;
new CACLEntity(ConnString).Delete(filter);
}
