public new string GetIdByCode(string permissionItemCode) { string tableName = BasePermissionScopeEntity.TableName; if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode)) { tableName = BaseSystemInfo.SystemCode + "PermissionItem"; } BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper, this.UserInfo, tableName); // 这里应该是若不存在就自动加一个操作权限 return(permissionItemManager.GetIdByAdd(permissionItemCode)); }
// // ResourcePermission 权限判断 // #region public bool CheckPermissionByUser(string userId, string permissionItemCode, string permissionItemName = null) 是否有相应的权限 /// <summary> /// 是否有相应的权限 /// </summary> /// <param name="userId">用户主键</param> /// <param name="permissionItemCode">权限编号</param> /// <param name="permissionItemName">权限名称</param> /// <returns>是否有权限</returns> public bool CheckPermissionByUser(string userId, string permissionItemCode, string permissionItemName = null) { // 若不存在就需要自动能增加一个操作权限项 string tableName = BasePermissionItemEntity.TableName; if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode)) { tableName = BaseSystemInfo.SystemCode + "PermissionItem"; } BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper, UserInfo, tableName); string permissionItemId = permissionItemManager.GetIdByAdd(permissionItemCode, permissionItemName); BasePermissionItemEntity permissionItemEntity = permissionItemManager.GetEntity(permissionItemId); // 先判断用户类别 if (UserInfo.IsAdministrator) { return(true); } // 没有找到相应的权限 if (String.IsNullOrEmpty(permissionItemId)) { return(false); } // 这里需要判断,是系统权限? bool returnValue = false; BaseUserManager userManager = new BaseUserManager(this.DbHelper, this.UserInfo); if (!string.IsNullOrEmpty(permissionItemEntity.CategoryCode) && permissionItemEntity.CategoryCode.Equals("System")) { // 用户管理员 returnValue = userManager.IsInRoleByCode(userId, "UserAdmin"); if (returnValue) { return(returnValue); } } // 这里需要判断,是业务权限? if (!string.IsNullOrEmpty(permissionItemEntity.CategoryCode) && permissionItemEntity.CategoryCode.Equals("Application")) { returnValue = userManager.IsInRoleByCode(userId, "Admin"); if (returnValue) { return(returnValue); } } // 判断用户权限 if (this.CheckUserPermission(userId, permissionItemId)) { return(true); } // 判断用户角色权限 if (this.CheckUserRolePermission(userId, permissionItemId)) { return(true); } // 判断用户组织机构权限,这里有开关是为了提高性能用的, // 下面的函数接着还可以提高性能,可以进行一次判断就可以了,其实不用执行4次判断,浪费I/O,浪费性能。 if (BaseSystemInfo.UseOrganizePermission) { if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.WorkgroupId)) { return(true); } else if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.DepartmentId)) { return(true); } else if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.SubCompanyId)) { return(true); } else if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.CompanyId)) { return(true); } } return(false); }
/// <summary> /// 是否有相应的权限 /// </summary> /// <param name="userId">用户主键</param> /// <param name="permissionItemCode">权限编号</param> /// <param name="permissionItemName">权限名称</param> /// <returns>是否有权限</returns> public bool CheckPermissionByUser(string userId, string permissionItemCode, string permissionItemName = null) { // 若不存在就需要自动能增加一个操作权限项 string tableName = BasePermissionItemEntity.TableName; if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode)) { tableName = BaseSystemInfo.SystemCode + "PermissionItem"; } BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper, UserInfo, tableName); string permissionItemId = permissionItemManager.GetIdByAdd(permissionItemCode, permissionItemName); BasePermissionItemEntity permissionItemEntity = permissionItemManager.GetEntity(permissionItemId); // 先判断用户类别 if (UserInfo.IsAdministrator) { return true; } // 没有找到相应的权限 if (String.IsNullOrEmpty(permissionItemId)) { return false; } // 这里需要判断,是系统权限? bool returnValue = false; BaseUserManager userManager = new BaseUserManager(this.DbHelper, this.UserInfo); if (!string.IsNullOrEmpty(permissionItemEntity.CategoryCode) && permissionItemEntity.CategoryCode.Equals("System")) { // 用户管理员 returnValue = userManager.IsInRoleByCode(userId, "UserAdmin"); if (returnValue) { return returnValue; } } // 这里需要判断,是业务权限? if (!string.IsNullOrEmpty(permissionItemEntity.CategoryCode) && permissionItemEntity.CategoryCode.Equals("Application")) { returnValue = userManager.IsInRoleByCode(userId, "Admin"); if (returnValue) { return returnValue; } } // 判断用户权限 if (this.CheckUserPermission(userId, permissionItemId)) { return true; } // 判断用户角色权限 if (this.CheckUserRolePermission(userId, permissionItemId)) { return true; } // 判断用户组织机构权限,这里有开关是为了提高性能用的, // 下面的函数接着还可以提高性能,可以进行一次判断就可以了,其实不用执行4次判断,浪费I/O,浪费性能。 if (BaseSystemInfo.UseOrganizePermission) { if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.WorkgroupId)) { return true; } else if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.DepartmentId)) { return true; } else if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.SubCompanyId)) { return true; } else if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.CompanyId)) { return true; } } return false; }
public new string GetIdByCode(string permissionItemCode) { string tableName = BaseRoleEntity.TableName; if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode)) { tableName = BaseSystemInfo.SystemCode + "PermissionItem"; } BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper); // 这里应该是若不存在就自动加一个操作权限 return permissionItemManager.GetIdByAdd(permissionItemCode); }
/// <summary> /// 设置约束条件 /// </summary> /// <param name="userInfo">用户</param> /// <param name="resourceCategory">资源类别</param> /// <param name="resourceId">资源主键</param> /// <param name="tableName">表名</param> /// <param name="constraint">约束</param> /// <param name="enabled">有效</param> /// <param name="permissionCode">操作权限项</param> /// <returns>主键</returns> public string SetConstraint(string resourceCategory, string resourceId, string tableName, string permissionCode, string constraint, bool enabled = true) { string returnValue = string.Empty; string permissionId = string.Empty; BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(this.UserInfo); permissionId = permissionItemManager.GetIdByAdd(permissionCode); List<KeyValuePair<string, object>> parameters = new List<KeyValuePair<string, object>>(); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldResourceCategory, resourceCategory)); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldResourceId, resourceId)); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldTargetCategory, "Table")); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldTargetId, tableName)); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldPermissionItemId, permissionId)); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldDeletionStateCode, 0)); BasePermissionScopeManager manager = new BasePermissionScopeManager(this.DbHelper, this.UserInfo); // 1:先获取是否有这样的主键,若有进行更新操作。 // 2:若没有进行添加操作。 returnValue = manager.GetId(parameters); if (!string.IsNullOrEmpty(returnValue)) { parameters = new List<KeyValuePair<string, object>>(); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldPermissionConstraint, constraint)); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldEnabled, enabled ? 1 : 0)); manager.SetProperty(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldId, returnValue), parameters); } else { BasePermissionScopeEntity entity = new BasePermissionScopeEntity(); entity.ResourceCategory = resourceCategory; entity.ResourceId = resourceId; entity.TargetCategory = "Table"; entity.TargetId = tableName; entity.PermissionConstraint = constraint; entity.PermissionId = int.Parse(permissionId); entity.DeletionStateCode = 0; entity.Enabled = enabled ? 1: 0; returnValue = manager.Add(entity); } return returnValue; }
/// <summary> /// 获取用户的件约束表达式 /// </summary> /// <param name="userInfo">用户</param> /// <param name="tableName">表名</param> /// <returns>主键</returns> public string GetUserConstraint(string tableName, string permissionCode = "Resource.AccessPermission") { string returnValue = string.Empty; // 这里是获取用户的条件表达式 // 1: 首先用户在哪些角色里是有效的? // 2: 这些角色都有哪些哪些条件约束? // 3: 组合约束条件? // 4:用户本身的约束条件? string permissionId = string.Empty; BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(this.UserInfo); permissionId = permissionItemManager.GetIdByAdd(permissionCode); BaseUserManager manager = new BaseUserManager(this.DbHelper, this.UserInfo); string[] roleIds = manager.GetAllRoleIds(UserInfo.Id); if (roleIds == null || roleIds.Length == 0) { return returnValue; } BasePermissionScopeManager scopeManager = new BasePermissionScopeManager(this.DbHelper, this.UserInfo); List<KeyValuePair<string, object>> parameters = new List<KeyValuePair<string, object>>(); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldResourceCategory, BaseRoleEntity.TableName)); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldResourceId, roleIds)); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldTargetCategory, "Table")); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldTargetId, tableName)); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldPermissionItemId, permissionId)); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldEnabled, 1)); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldDeletionStateCode, 0)); DataTable dtPermissionScope = scopeManager.GetDataTable(parameters); string permissionConstraint = string.Empty; foreach (DataRow dataRow in dtPermissionScope.Rows) { permissionConstraint = dataRow[BasePermissionScopeEntity.FieldPermissionConstraint].ToString(); permissionConstraint = permissionConstraint.Trim(); if (!string.IsNullOrEmpty(permissionConstraint)) { returnValue += " AND " + permissionConstraint; } } if (!string.IsNullOrEmpty(returnValue)) { returnValue = returnValue.Substring(5); // 解析替换约束表达式标准函数 returnValue = ConstraintUtil.PrepareParameter(this.UserInfo, returnValue); } return returnValue; }
public BasePermissionScopeEntity GetConstraintEntity(string resourceCategory, string resourceId, string tableName, string permissionCode = "Resource.AccessPermission") { BasePermissionScopeEntity entity = null; string permissionId = string.Empty; BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(this.UserInfo); permissionId = permissionItemManager.GetIdByAdd(permissionCode); List<KeyValuePair<string, object>> parameters = new List<KeyValuePair<string, object>>(); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldResourceCategory, resourceCategory)); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldResourceId, resourceId)); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldTargetCategory, "Table")); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldTargetId, tableName)); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldPermissionItemId, permissionId)); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldDeletionStateCode, 0)); // 1:先获取是否有这样的主键,若有进行更新操作。 BasePermissionScopeManager manager = new BasePermissionScopeManager(this.DbHelper, this.UserInfo); DataTable dt = manager.GetDataTable(parameters); if (dt.Rows.Count > 0) { entity = new BasePermissionScopeEntity(dt); } return entity; }
/// <summary> /// 获取约束条件(所有的约束) /// </summary> /// <param name="userInfo">用户</param> /// <param name="resourceCategory">资源类别</param> /// <param name="resourceId">资源主键</param> /// <returns>数据表</returns> public DataTable GetConstraintDT(string resourceCategory, string resourceId, string permissionCode = "Resource.AccessPermission") { DataTable dataTable = new DataTable(BaseTableColumnsEntity.TableName); /* -- 这里是都有哪些表? SELECT ItemValue, ItemName FROM ItemsTablePermissionScope WHERE (DeletionStateCode = 0) AND (Enabled = 1) ORDER BY ItemsTablePermissionScope.SortCode */ /* -- 这里是都有有哪些表达式 SELECT Id, TargetId, PermissionConstraint -- 对什么表有什么表达式? FROM BasePermissionScope WHERE (ResourceId = 10000000) AND (ResourceCategory = 'BaseRole') -- 什么角色? AND (TargetId = 'BaseUser') AND (TargetCategory = 'Table') AND (PermissionId = 10000001) -- 有什么权限?(资源访问权限) AND (DeletionStateCode = 0) AND (Enabled = 1) */ string permissionId = string.Empty; BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(this.UserInfo); permissionId = permissionItemManager.GetIdByAdd(permissionCode); string sqlQuery = @" SELECT BasePermissionScope.Id , ItemsTablePermissionScope.ItemValue AS TableCode , ItemsTablePermissionScope.ItemName AS TableName , BasePermissionScope.PermissionConstraint , ItemsTablePermissionScope.SortCode FROM ( SELECT ItemValue , ItemName , SortCode FROM ItemsTablePermissionScope WHERE (DeletionStateCode = 0) AND (Enabled = 1) ) AS ItemsTablePermissionScope LEFT OUTER JOIN (SELECT Id , TargetId , PermissionConstraint FROM BasePermissionScope WHERE (ResourceCategory = '" + resourceCategory + @"') AND (ResourceId = " + resourceId + @") AND (TargetCategory = 'Table') AND (PermissionId = " + permissionId.ToString() + @") AND (DeletionStateCode = 0) AND (Enabled = 1) ) AS BasePermissionScope ON ItemsTablePermissionScope.ItemValue = BasePermissionScope.TargetId ORDER BY ItemsTablePermissionScope.SortCode "; dataTable = this.Fill(sqlQuery); dataTable.TableName = BaseTableColumnsEntity.TableName; return dataTable; }