/// <summary>
/// 获得用户的某个权限范围资源主键数组
/// </summary>
/// <param name="userId">用户</param>
/// <param name="targetCategory">资源分类</param>
/// <param name="permissionItemCode">权限编号</param>
/// <returns>主键数组</returns>
public string[] GetResourceScopeIds(string userId, string targetCategory, string permissionItemCode)
{
string tableName = BasePermissionItemEntity.TableName;
if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
{
tableName = BaseSystemInfo.SystemCode + "PermissionItem";
}
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper, UserInfo, tableName);
string permissionItemId = permissionItemManager.GetId(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldCode, permissionItemCode));
BaseUserManager userManager = new BaseUserManager(DbHelper, UserInfo);
string defaultRoleId = userManager.GetProperty(userId, BaseUserEntity.FieldRoleId);
tableName = BaseUserRoleEntity.TableName;
if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
{
tableName = BaseSystemInfo.SystemCode + "UserRole";
}
this.CurrentTableName = "BasePermissionScope";
if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
{
this.CurrentTableName = BaseSystemInfo.SystemCode + "PermissionScope";
}
string sqlQuery = string.Empty;
sqlQuery =
// 用户的权限
" SELECT TargetId "
+ " FROM " + this.CurrentTableName
+ " WHERE (" + this.CurrentTableName + ".ResourceCategory = '" + BaseUserEntity.TableName + "') "
+ " AND (ResourceId = '" + userId + "') "
+ " AND (TargetCategory = '" + targetCategory + "') "
+ " AND (PermissionId = '" + permissionItemId + "') "
+ " AND (Enabled = 1) "
+ " AND (DeletionStateCode = 0)"
+ " UNION "
// 用户归属的角色的权限
+ " SELECT TargetId "
+ " FROM " + this.CurrentTableName
+ " WHERE (ResourceCategory = '" + BaseRoleEntity.TableName + "') "
+ " AND (TargetCategory = '" + targetCategory + "') "
+ " AND (PermissionId = '" + permissionItemId + "') "
+ " AND (DeletionStateCode = 0)"
+ " AND (Enabled = 1) "
+ " AND ((ResourceId IN ( "
+ " SELECT RoleId "
+ " FROM " + tableName
+ " WHERE (UserId = '" + userId + "') "
+ " AND (Enabled = 1) "
+ " AND (DeletionStateCode = 0) ) ";
if (!string.IsNullOrEmpty(defaultRoleId))
{
// 用户的默认角色
sqlQuery += " OR (ResourceId = '" + defaultRoleId + "')";
}
sqlQuery += " ) "
+ " ) ";
DataTable dataTable = DbHelper.Fill(sqlQuery);
string[] resourceIds = BaseBusinessLogic.FieldToArray(dataTable, BasePermissionScopeEntity.FieldTargetId);
// 按部门获取权限
if (BaseSystemInfo.UseOrganizePermission)
{
sqlQuery = string.Empty;
BaseUserEntity userEntity = new BaseUserManager(this.DbHelper).GetEntity(userId);
sqlQuery = " SELECT TargetId "
+ " FROM " + this.CurrentTableName
+ " WHERE (" + this.CurrentTableName + ".ResourceCategory = '" +
BaseOrganizeEntity.TableName + "') "
+ " AND (ResourceId = '" + userEntity.CompanyId + "' OR "
+ " ResourceId = '" + userEntity.DepartmentId + "' OR "
+ " ResourceId = '" + userEntity.SubCompanyId + "' OR"
+ " ResourceId = '" + userEntity.WorkgroupId + "') "
+ " AND (TargetCategory = '" + targetCategory + "') "
+ " AND (PermissionId = '" + permissionItemId + "') "
+ " AND (Enabled = 1) "
+ " AND (DeletionStateCode = 0)";
dataTable = DbHelper.Fill(sqlQuery);
string[] resourceIdsByOrganize = BaseBusinessLogic.FieldToArray(dataTable,
BasePermissionScopeEntity.FieldTargetId);
resourceIds = StringUtil.Concat(resourceIds, resourceIdsByOrganize);
}
if (targetCategory.Equals(BaseOrganizeEntity.TableName))
{
TransformPermissionScope(userId, ref resourceIds, userManager);
}
return resourceIds;
}
/// <summary>
/// 获取授权范围
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="userId">用户主键</param>
/// <returns>数据表</returns>
public DataTable GetLicensedDT(BaseUserInfo userInfo, string userId)
{
// 写入调试信息
#if (DEBUG)
int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod());
#endif
// 加强安全验证防止未授权匿名调用
#if (!DEBUG)
LogOnService.UserIsLogOn(userInfo);
#endif
DataTable dataTable = new DataTable(BasePermissionItemEntity.TableName);
using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType))
{
try
{
dbHelper.Open(UserCenterDbConnection);
string tableName = BasePermissionItemEntity.TableName;
if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
{
tableName = BaseSystemInfo.SystemCode + "PermissionItem";
}
BasePermissionItemManager permissionAdminManager = new BasePermissionItemManager(dbHelper, userInfo, tableName);
string permissionItemId = permissionAdminManager.GetId(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldDeletionStateCode, 0), new KeyValuePair<string, object>(BasePermissionItemEntity.FieldCode, "Resource.ManagePermission"));
dataTable = permissionAdminManager.GetDataTableByUser(userId, permissionItemId);
dataTable.TableName = BasePermissionItemEntity.TableName;
BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, AppMessage.PermissionItemService_GetLicensedDT, MethodBase.GetCurrentMethod());
}
catch (Exception ex)
{
BaseExceptionManager.LogException(dbHelper, userInfo, ex);
throw ex;
}
finally
{
dbHelper.Close();
}
}
// 写入调试信息
#if (DEBUG)
BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart);
#endif
return dataTable;
}
/// <summary>
/// 获取资源权限范围主键数组
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="resourceCategory">资源分类</param>
/// <param name="resourceId">资源主键</param>
/// <param name="targetCategory">目标类别</param>
/// <param name="permissionItemCode">权限编号</param>
/// <returns>主键数组</returns>
public string[] GetPermissionScopeTargetIds(BaseUserInfo userInfo, string resourceCategory, string resourceId, string targetCategory, string permissionItemCode)
{
// 写入调试信息
#if (DEBUG)
int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod());
#endif
// 加强安全验证防止未授权匿名调用
#if (!DEBUG)
LogOnService.UserIsLogOn(userInfo);
#endif
string[] returnValue = null;
using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType))
{
try
{
dbHelper.Open(UserCenterDbConnection);
string tableName = BasePermissionItemEntity.TableName;
if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
{
tableName = BaseSystemInfo.SystemCode + "PermissionItem";
}
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(dbHelper, userInfo, tableName);
string permissionItemId = permissionItemManager.GetId(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldCode, permissionItemCode));
List<KeyValuePair<string, object>> parameters = new List<KeyValuePair<string, object>>();
parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldResourceCategory, resourceCategory));
parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldResourceId, resourceId));
parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldTargetCategory, targetCategory));
parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldPermissionItemId, permissionItemId));
parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldEnabled, 1));
parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldDeletionStateCode, 0));
tableName = BasePermissionScopeEntity.TableName;
if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
{
tableName = BaseSystemInfo.SystemCode + "PermissionScope";
}
returnValue = DbLogic.GetProperties(dbHelper, tableName, parameters, 0, BasePermissionScopeEntity.FieldTargetId);
BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, AppMessage.PermissionService_GetPermissionScopeTargetIds, MethodBase.GetCurrentMethod());
}
catch (Exception ex)
{
BaseExceptionManager.LogException(dbHelper, userInfo, ex);
throw ex;
}
finally
{
dbHelper.Close();
}
}
// 写入调试信息
#if (DEBUG)
BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart);
#endif
return returnValue;
}
public DataTable Search(string permissionScopeItemCode, string search, string[] roleIds, bool? enabled, string auditStates,string departmentId)
{
search = StringUtil.GetSearchString(search);
string sqlQuery = " SELECT " + BaseUserEntity.TableName + ".* "
+ "," + BaseRoleEntity.TableName + "." + BaseRoleEntity.FieldRealName + " AS RoleName "
+ " FROM " + BaseUserEntity.TableName
+ " LEFT OUTER JOIN " + BaseRoleEntity.TableName
+ " ON " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldRoleId + " = " + BaseRoleEntity.TableName + "." + BaseRoleEntity.FieldId
// 被删除的排出在外比较好一些
+ " WHERE " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldDeletionStateCode + " = 0 "
+ " AND " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldIsVisible + " = 1 ";
if (!String.IsNullOrEmpty(search))
{
sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldUserName + " LIKE '" + search + "'"
+ " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldCode + " LIKE '" + search + "'"
+ " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldRealName + " LIKE '" + search + "'"
+ " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldQuickQuery + " LIKE '" + search + "'"
+ " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldDepartmentName + " LIKE '" + search + "'"
+ " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldDescription + " LIKE '" + search + "')";
}
if (!string.IsNullOrEmpty(departmentId))
{
BaseOrganizeManager organizeManager = new BaseOrganizeManager(this.DbHelper, this.UserInfo);
string[] organizeIds = organizeManager.GetChildrensId(BaseOrganizeEntity.FieldId, departmentId, BaseOrganizeEntity.FieldParentId);
if (organizeIds != null && organizeIds.Length > 0)
{
sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldCompanyId + " IN (" + StringUtil.ArrayToList(organizeIds) + ")"
+ " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldDepartmentId + " IN (" + StringUtil.ArrayToList(organizeIds) + ")"
+ " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldWorkgroupId + " IN (" + StringUtil.ArrayToList(organizeIds) + "))";
}
}
if (!String.IsNullOrEmpty(auditStates))
{
sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldAuditStatus + " = '" + auditStates + "')";
}
if (enabled != null)
{
sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldEnabled + " = " + ((bool)enabled ? 1:0) + ")";
}
if ((roleIds != null) && (roleIds.Length > 0))
{
string roles = StringUtil.ArrayToList(roleIds, "'");
sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldRoleId + " IN (" + roles + ") ";
sqlQuery += " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldId + " IN (" + "SELECT " + BaseUserRoleEntity.FieldUserId + " FROM " + BaseUserRoleEntity.TableName + " WHERE " + BaseUserRoleEntity.FieldRoleId + " IN (" + roles + ")" + "))";
}
// 是否过滤用户, 获得组织机构列表, 这里需要一个按用户过滤得功能
if ((!UserInfo.IsAdministrator) && (BaseSystemInfo.UsePermissionScope))
{
// string permissionScopeItemCode = "Resource.ManagePermission";
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(this.DbHelper, this.UserInfo);
string permissionScopeItemId = permissionItemManager.GetId(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldCode, permissionScopeItemCode));
if (!string.IsNullOrEmpty(permissionScopeItemId))
{
// 从小到大的顺序进行显示,防止错误发生
BaseUserScopeManager userPermissionScopeManager = new BaseUserScopeManager(this.DbHelper, this.UserInfo);
string[] organizeIds = userPermissionScopeManager.GetOrganizeIds(this.UserInfo.Id, permissionScopeItemId);
// 没有任何数据权限
if (StringUtil.Exists(organizeIds, ((int)PermissionScope.None).ToString()))
{
sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldId + " = NULL ) ";
}
// 按详细设定的数据
if (StringUtil.Exists(organizeIds, ((int)PermissionScope.Detail).ToString()))
{
BasePermissionScopeManager permissionScopeManager = new BasePermissionScopeManager(DbHelper, UserInfo);
string[] userIds = permissionScopeManager.GetUserIds(UserInfo.Id, permissionScopeItemCode);
sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldId + " IN (" + BaseBusinessLogic.ObjectsToList(userIds) + ")) ";
}
// 自己的数据,仅本人
if (StringUtil.Exists(organizeIds, ((int)PermissionScope.User).ToString()))
{
sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldId + " = " + this.UserInfo.Id + ") ";
}
// 用户所在工作组数据
if (StringUtil.Exists(organizeIds, ((int)PermissionScope.UserWorkgroup).ToString()))
{
sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldWorkgroupId + " = " + this.UserInfo.WorkgroupId + ") ";
}
// 用户所在部门数据
if (StringUtil.Exists(organizeIds, ((int)PermissionScope.UserDepartment).ToString()))
{
sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldDepartmentId + " = " + this.UserInfo.DepartmentId + ") ";
}
// 用户所在分支机构数据
if (StringUtil.Exists(organizeIds, ((int)PermissionScope.UserSubCompany).ToString()))
{
sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldSubCompanyId + " = " + this.UserInfo.SubCompanyId + ") ";
}
// 用户所在公司数据
if (StringUtil.Exists(organizeIds, ((int)PermissionScope.UserCompany).ToString()))
{
sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldCompanyId + " = " + this.UserInfo.CompanyId + ") ";
}
// 全部数据,这里就不用设置过滤条件了
if (StringUtil.Exists(organizeIds, ((int)PermissionScope.All).ToString()))
{
}
}
}
sqlQuery += " ORDER BY " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldSortCode;
return DbHelper.Fill(sqlQuery);
}
/// <summary>
/// 撤销用户权限
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="userName">用户名</param>
/// <param name="permissionItemCode">权限编号</param>
/// <returns>主键</returns>
public int RevokeUserPermission(BaseUserInfo userInfo, string userName, string permissionItemCode)
{
// 加强安全验证防止未授权匿名调用
#if (!DEBUG)
LogOnService.UserIsLogOn(userInfo);
#endif
int returnValue = 0;
using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType))
{
try
{
dbHelper.Open(UserCenterDbConnection);
BaseUserManager userManager = new BaseUserManager(dbHelper, userInfo);
string userId = userManager.GetId(new KeyValuePair<string, object>(BaseUserEntity.FieldUserName, userName));
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(dbHelper, userInfo);
string permissionItemId = permissionItemManager.GetId(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldCode, permissionItemCode));
if (!String.IsNullOrEmpty(userId) && !String.IsNullOrEmpty(permissionItemId))
{
BaseUserPermissionManager userPermissionManager = new BaseUserPermissionManager(dbHelper, userInfo);
returnValue = userPermissionManager.Revoke(userId, permissionItemId);
}
}
catch (Exception ex)
{
BaseExceptionManager.LogException(dbHelper, userInfo, ex);
throw ex;
}
finally
{
dbHelper.Close();
}
}
return returnValue;
}
/// <summary>
/// 删除权限
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="permissionItemCode">权限编号</param>
/// <returns>影响行数</returns>
public int DeletePermission(BaseUserInfo userInfo, string permissionItemCode)
{
// 加强安全验证防止未授权匿名调用
#if (!DEBUG)
LogOnService.UserIsLogOn(userInfo);
#endif
int returnValue = 0;
using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType))
{
try
{
dbHelper.Open(UserCenterDbConnection);
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(dbHelper, userInfo);
string id = permissionItemManager.GetId(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldCode, permissionItemCode));
if (!String.IsNullOrEmpty(id))
{
// 在删除时,可能会把相关的其他配置权限会删除掉,所以需要调用这个方法。
returnValue = permissionItemManager.Delete(id);
}
}
catch (Exception ex)
{
BaseExceptionManager.LogException(dbHelper, userInfo, ex);
throw ex;
}
finally
{
dbHelper.Close();
}
}
return returnValue;
}
/// <summary>
/// 用户的所有可授权范围(有授权权限的权限列表)
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="userId">用户主键</param>
/// <param name="permissionItemCode">权限域编号</param>
/// <returns>数据表</returns>
public DataTable GetPermissionItemDTByPermissionScope(BaseUserInfo userInfo, string userId, string permissionItemCode)
{
// 写入调试信息
#if (DEBUG)
int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod());
#endif
// 加强安全验证防止未授权匿名调用
#if (!DEBUG)
LogOnService.UserIsLogOn(userInfo);
#endif
DataTable dataTable = new DataTable(BasePermissionItemEntity.TableName);
using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType))
{
try
{
dbHelper.Open(UserCenterDbConnection);
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(dbHelper, userInfo);
string permissionItemId = permissionItemManager.GetId(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldCode, permissionItemCode));
// 数据库里没有设置可授权的权限项,系统自动增加一个权限配置项
if (String.IsNullOrEmpty(permissionItemId) && permissionItemCode.Equals("Resource.ManagePermission"))
{
BasePermissionItemEntity permissionItemEntity = new BasePermissionItemEntity();
permissionItemEntity.Code = "Resource.ManagePermission";
permissionItemEntity.FullName = "资源管理范围权限(系统默认)";
permissionItemEntity.IsScope = 1;
permissionItemEntity.Enabled = 1;
permissionItemEntity.AllowDelete = 0;
permissionItemEntity.AllowDelete = 0;
permissionItemManager.AddEntity(permissionItemEntity);
}
dataTable = permissionItemManager.GetDataTableByUser(userId, permissionItemCode);
dataTable.TableName = BasePermissionItemEntity.TableName;
BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, AppMessage.PermissionService_GetPermissionItemDTByPermission, MethodBase.GetCurrentMethod());
}
catch (Exception ex)
{
BaseExceptionManager.LogException(dbHelper, userInfo, ex);
throw ex;
}
finally
{
dbHelper.Close();
}
}
// 写入调试信息
#if (DEBUG)
BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart);
#endif
return dataTable;
}
