public new string GetIdByCode(string permissionItemCode)
        {
            string tableName = BasePermissionScopeEntity.TableName;

            if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
            {
                tableName = BaseSystemInfo.SystemCode + "PermissionItem";
            }
            BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper, this.UserInfo, tableName);

            // 这里应该是若不存在就自动加一个操作权限
            return(permissionItemManager.GetIdByAdd(permissionItemCode));
        }
Beispiel #2
0
        //
        // ResourcePermission 权限判断
        //

        #region public bool CheckPermissionByUser(string userId, string permissionItemCode, string permissionItemName = null) 是否有相应的权限
        /// <summary>
        /// 是否有相应的权限
        /// </summary>
        /// <param name="userId">用户主键</param>
        /// <param name="permissionItemCode">权限编号</param>
        /// <param name="permissionItemName">权限名称</param>
        /// <returns>是否有权限</returns>
        public bool CheckPermissionByUser(string userId, string permissionItemCode, string permissionItemName = null)
        {
            // 若不存在就需要自动能增加一个操作权限项
            string tableName = BasePermissionItemEntity.TableName;

            if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
            {
                tableName = BaseSystemInfo.SystemCode + "PermissionItem";
            }
            BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper, UserInfo, tableName);
            string permissionItemId = permissionItemManager.GetIdByAdd(permissionItemCode, permissionItemName);
            BasePermissionItemEntity permissionItemEntity = permissionItemManager.GetEntity(permissionItemId);

            // 先判断用户类别
            if (UserInfo.IsAdministrator)
            {
                return(true);
            }

            // 没有找到相应的权限
            if (String.IsNullOrEmpty(permissionItemId))
            {
                return(false);
            }

            // 这里需要判断,是系统权限?
            bool            returnValue = false;
            BaseUserManager userManager = new BaseUserManager(this.DbHelper, this.UserInfo);

            if (!string.IsNullOrEmpty(permissionItemEntity.CategoryCode) && permissionItemEntity.CategoryCode.Equals("System"))
            {
                // 用户管理员
                returnValue = userManager.IsInRoleByCode(userId, "UserAdmin");
                if (returnValue)
                {
                    return(returnValue);
                }
            }

            // 这里需要判断,是业务权限?
            if (!string.IsNullOrEmpty(permissionItemEntity.CategoryCode) && permissionItemEntity.CategoryCode.Equals("Application"))
            {
                returnValue = userManager.IsInRoleByCode(userId, "Admin");
                if (returnValue)
                {
                    return(returnValue);
                }
            }

            // 判断用户权限
            if (this.CheckUserPermission(userId, permissionItemId))
            {
                return(true);
            }
            // 判断用户角色权限
            if (this.CheckUserRolePermission(userId, permissionItemId))
            {
                return(true);
            }

            // 判断用户组织机构权限,这里有开关是为了提高性能用的,
            // 下面的函数接着还可以提高性能,可以进行一次判断就可以了,其实不用执行4次判断,浪费I/O,浪费性能。
            if (BaseSystemInfo.UseOrganizePermission)
            {
                if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.WorkgroupId))
                {
                    return(true);
                }
                else if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.DepartmentId))
                {
                    return(true);
                }
                else if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.SubCompanyId))
                {
                    return(true);
                }
                else if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.CompanyId))
                {
                    return(true);
                }
            }

            return(false);
        }
        /// <summary>
        /// 是否有相应的权限
        /// </summary>
        /// <param name="userId">用户主键</param>
        /// <param name="permissionItemCode">权限编号</param>
        /// <param name="permissionItemName">权限名称</param>
        /// <returns>是否有权限</returns>
        public bool CheckPermissionByUser(string userId, string permissionItemCode, string permissionItemName = null)
        {
            // 若不存在就需要自动能增加一个操作权限项
            string tableName = BasePermissionItemEntity.TableName;
            if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
            {
                tableName = BaseSystemInfo.SystemCode + "PermissionItem";
            }
            BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper, UserInfo, tableName);
            string permissionItemId = permissionItemManager.GetIdByAdd(permissionItemCode, permissionItemName);
            BasePermissionItemEntity permissionItemEntity = permissionItemManager.GetEntity(permissionItemId);

            // 先判断用户类别
            if (UserInfo.IsAdministrator)
            {
                return true;
            }

            // 没有找到相应的权限
            if (String.IsNullOrEmpty(permissionItemId))
            {
                return false;
            }

            // 这里需要判断,是系统权限?
            bool returnValue = false;
            BaseUserManager userManager = new BaseUserManager(this.DbHelper, this.UserInfo);
            if (!string.IsNullOrEmpty(permissionItemEntity.CategoryCode) && permissionItemEntity.CategoryCode.Equals("System"))
            {
                // 用户管理员
                returnValue = userManager.IsInRoleByCode(userId, "UserAdmin");
                if (returnValue)
                {
                    return returnValue;
                }
            }

            // 这里需要判断,是业务权限?
            if (!string.IsNullOrEmpty(permissionItemEntity.CategoryCode) && permissionItemEntity.CategoryCode.Equals("Application"))
            {
                returnValue = userManager.IsInRoleByCode(userId, "Admin");
                if (returnValue)
                {
                    return returnValue;
                }
            }

            // 判断用户权限
            if (this.CheckUserPermission(userId, permissionItemId))
            {
                return true;
            }
            // 判断用户角色权限
            if (this.CheckUserRolePermission(userId, permissionItemId))
            {
                return true;
            }

            // 判断用户组织机构权限,这里有开关是为了提高性能用的,
            // 下面的函数接着还可以提高性能,可以进行一次判断就可以了,其实不用执行4次判断,浪费I/O,浪费性能。
            if (BaseSystemInfo.UseOrganizePermission)
            {
                if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.WorkgroupId))
                {
                    return true;
                }
                else if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.DepartmentId))
                {
                    return true;
                }
                else if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.SubCompanyId))
                {
                    return true;
                }
                else if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.CompanyId))
                {
                    return true;
                }
            }

            return false;
        }
 public new string GetIdByCode(string permissionItemCode)
 {
     string tableName = BaseRoleEntity.TableName;
     if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
     {
         tableName = BaseSystemInfo.SystemCode + "PermissionItem";
     }
     BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper);
     // 这里应该是若不存在就自动加一个操作权限
     return permissionItemManager.GetIdByAdd(permissionItemCode);
 }
        /// <summary>
        /// 设置约束条件
        /// </summary>
        /// <param name="userInfo">用户</param>
        /// <param name="resourceCategory">资源类别</param>
        /// <param name="resourceId">资源主键</param>
        /// <param name="tableName">表名</param>
        /// <param name="constraint">约束</param>
        /// <param name="enabled">有效</param>
        /// <param name="permissionCode">操作权限项</param>
        /// <returns>主键</returns>
        public string SetConstraint(string resourceCategory, string resourceId, string tableName, string permissionCode, string constraint, bool enabled = true)
        {
            string returnValue = string.Empty;

            string permissionId = string.Empty;
            BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(this.UserInfo);
            permissionId = permissionItemManager.GetIdByAdd(permissionCode);

            List<KeyValuePair<string, object>> parameters = new List<KeyValuePair<string, object>>();
            parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldResourceCategory, resourceCategory));
            parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldResourceId, resourceId));
            parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldTargetCategory, "Table"));
            parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldTargetId, tableName));
            parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldPermissionItemId, permissionId));
            parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldDeletionStateCode, 0));

            BasePermissionScopeManager manager = new BasePermissionScopeManager(this.DbHelper, this.UserInfo);
            // 1:先获取是否有这样的主键,若有进行更新操作。
            // 2:若没有进行添加操作。
            returnValue = manager.GetId(parameters);
            if (!string.IsNullOrEmpty(returnValue))
            {
                parameters = new List<KeyValuePair<string, object>>();
                parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldPermissionConstraint, constraint));
                parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldEnabled, enabled ? 1 : 0));
                manager.SetProperty(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldId, returnValue), parameters);
            }
            else
            {
                BasePermissionScopeEntity entity = new BasePermissionScopeEntity();
                entity.ResourceCategory = resourceCategory;
                entity.ResourceId = resourceId;
                entity.TargetCategory = "Table";
                entity.TargetId = tableName;
                entity.PermissionConstraint = constraint;
                entity.PermissionId = int.Parse(permissionId);
                entity.DeletionStateCode = 0;
                entity.Enabled = enabled ? 1: 0;
                returnValue = manager.Add(entity);
            }
            return returnValue;
        }
        /// <summary>
        /// 获取用户的件约束表达式
        /// </summary>
        /// <param name="userInfo">用户</param>
        /// <param name="tableName">表名</param>
        /// <returns>主键</returns>
        public string GetUserConstraint(string tableName, string permissionCode = "Resource.AccessPermission")
        {
            string returnValue = string.Empty;
            // 这里是获取用户的条件表达式
            // 1: 首先用户在哪些角色里是有效的?
            // 2: 这些角色都有哪些哪些条件约束?
            // 3: 组合约束条件?
            // 4:用户本身的约束条件?
            string permissionId = string.Empty;
            BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(this.UserInfo);
            permissionId = permissionItemManager.GetIdByAdd(permissionCode);

            BaseUserManager manager = new BaseUserManager(this.DbHelper, this.UserInfo);
            string[] roleIds = manager.GetAllRoleIds(UserInfo.Id);
            if (roleIds == null || roleIds.Length == 0)
            {
                return returnValue;
            }
            BasePermissionScopeManager scopeManager = new BasePermissionScopeManager(this.DbHelper, this.UserInfo);

            List<KeyValuePair<string, object>> parameters = new List<KeyValuePair<string, object>>();
            parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldResourceCategory, BaseRoleEntity.TableName));
            parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldResourceId, roleIds));
            parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldTargetCategory, "Table"));
            parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldTargetId, tableName));
            parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldPermissionItemId, permissionId));
            parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldEnabled, 1));
            parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldDeletionStateCode, 0));

            DataTable dtPermissionScope = scopeManager.GetDataTable(parameters);
            string permissionConstraint = string.Empty;
            foreach (DataRow dataRow in dtPermissionScope.Rows)
            {
                permissionConstraint = dataRow[BasePermissionScopeEntity.FieldPermissionConstraint].ToString();
                permissionConstraint = permissionConstraint.Trim();
                if (!string.IsNullOrEmpty(permissionConstraint))
                {
                    returnValue += " AND " + permissionConstraint;
                }
            }
            if (!string.IsNullOrEmpty(returnValue))
            {
                returnValue = returnValue.Substring(5);
                // 解析替换约束表达式标准函数
                returnValue = ConstraintUtil.PrepareParameter(this.UserInfo, returnValue);
            }

            return returnValue;
        }
        public BasePermissionScopeEntity GetConstraintEntity(string resourceCategory, string resourceId, string tableName, string permissionCode = "Resource.AccessPermission")
        {
            BasePermissionScopeEntity entity = null;

            string permissionId = string.Empty;
            BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(this.UserInfo);
            permissionId = permissionItemManager.GetIdByAdd(permissionCode);

            List<KeyValuePair<string, object>> parameters = new List<KeyValuePair<string, object>>();
            parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldResourceCategory, resourceCategory));
            parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldResourceId, resourceId));
            parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldTargetCategory, "Table"));
            parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldTargetId, tableName));
            parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldPermissionItemId, permissionId));
            parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldDeletionStateCode, 0));

            // 1:先获取是否有这样的主键,若有进行更新操作。
            BasePermissionScopeManager manager = new BasePermissionScopeManager(this.DbHelper, this.UserInfo);
            DataTable dt = manager.GetDataTable(parameters);
            if (dt.Rows.Count > 0)
            {
                entity = new BasePermissionScopeEntity(dt);
            }
            return entity;
        }
        /// <summary>
        /// 获取约束条件(所有的约束)
        /// </summary>
        /// <param name="userInfo">用户</param>
        /// <param name="resourceCategory">资源类别</param>
        /// <param name="resourceId">资源主键</param>
        /// <returns>数据表</returns>
        public DataTable GetConstraintDT(string resourceCategory, string resourceId, string permissionCode = "Resource.AccessPermission")
        {
            DataTable dataTable = new DataTable(BaseTableColumnsEntity.TableName);

            /*
            -- 这里是都有哪些表?
            SELECT ItemValue, ItemName
            FROM ItemsTablePermissionScope
            WHERE (DeletionStateCode = 0)
            AND (Enabled = 1)
            ORDER BY ItemsTablePermissionScope.SortCode
             */

            /*
            -- 这里是都有有哪些表达式
            SELECT     Id, TargetId, PermissionConstraint   -- 对什么表有什么表达式?
            FROM         BasePermissionScope
            WHERE (ResourceId = 10000000)
            AND (ResourceCategory = 'BaseRole')   -- 什么角色?
            AND (TargetId = 'BaseUser')
            AND (TargetCategory = 'Table')
            AND (PermissionId = 10000001)  -- 有什么权限?(资源访问权限)
            AND (DeletionStateCode = 0)
            AND (Enabled = 1)
             */

            string permissionId = string.Empty;
            BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(this.UserInfo);
            permissionId = permissionItemManager.GetIdByAdd(permissionCode);

            string sqlQuery = @" SELECT BasePermissionScope.Id
                                            , ItemsTablePermissionScope.ItemValue AS TableCode
                                            , ItemsTablePermissionScope.ItemName AS TableName
                                            , BasePermissionScope.PermissionConstraint
                                            , ItemsTablePermissionScope.SortCode
                                    FROM  (
                                        SELECT ItemValue
                                             , ItemName
                                             , SortCode
                                        FROM ItemsTablePermissionScope
                                       WHERE (DeletionStateCode = 0)
                                              AND (Enabled = 1)
                                        ) AS ItemsTablePermissionScope LEFT OUTER JOIN
                                        (SELECT Id
                                                , TargetId
                                                , PermissionConstraint
                                           FROM BasePermissionScope
                                         WHERE (ResourceCategory = '" + resourceCategory + @"')
                                                AND (ResourceId = " + resourceId + @")
                                                AND (TargetCategory = 'Table')
                                                AND (PermissionId = " + permissionId.ToString() + @")
                                                AND (DeletionStateCode = 0)
                                                AND (Enabled = 1)
                                         ) AS BasePermissionScope
                                    ON ItemsTablePermissionScope.ItemValue = BasePermissionScope.TargetId
                                    ORDER BY ItemsTablePermissionScope.SortCode ";

            dataTable = this.Fill(sqlQuery);
            dataTable.TableName = BaseTableColumnsEntity.TableName;

            return dataTable;
        }