/// <summary> /// 判断用户是否有有相应的权限 /// </summary> /// <param name="userId">用户主键</param> /// <param name="permissionItemCode">权限编号</param> /// <returns>有权限</returns> public bool CheckPermission(string userId, string permissionItemCode) { BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper); string permissionItemId = permissionItemManager.GetIdByCode(permissionItemCode); // 没有找到相应的权限 if (String.IsNullOrEmpty(permissionItemId)) { return(false); } List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >(); parameters.Add(new KeyValuePair <string, object>(BasePermissionEntity.FieldResourceCategory, BaseUserEntity.TableName)); parameters.Add(new KeyValuePair <string, object>(BasePermissionEntity.FieldResourceId, userId)); parameters.Add(new KeyValuePair <string, object>(BasePermissionEntity.FieldEnabled, "1")); return(DbLogic.Exists(DbHelper, this.CurrentTableName, parameters)); }
/// <summary> /// 判断用户是否有有相应的权限 /// </summary> /// <param name="userId">用户主键</param> /// <param name="permissionItemCode">权限编号</param> /// <returns>有权限</returns> public bool CheckPermission(string userId, string permissionItemCode) { BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper); string permissionItemId = permissionItemManager.GetIdByCode(permissionItemCode); // 没有找到相应的权限 if (String.IsNullOrEmpty(permissionItemId)) { return false; } List<KeyValuePair<string, object>> parameters = new List<KeyValuePair<string, object>>(); parameters.Add(new KeyValuePair<string, object>(BasePermissionEntity.FieldResourceCategory, BaseUserEntity.TableName)); parameters.Add(new KeyValuePair<string, object>(BasePermissionEntity.FieldResourceId, userId)); parameters.Add(new KeyValuePair<string, object>(BasePermissionEntity.FieldEnabled, "1")); return DbLogic.Exists(DbHelper, this.CurrentTableName, parameters); }
/// <summary> /// 是否有相应的权限 /// </summary> /// <param name="userId">用户主键</param> /// <param name="permissionItemCode">权限编号</param> /// <returns>是否有权限</returns> public bool IsModuleAuthorized(string userId, string moduleCode, string permissionItemCode) { BaseModuleManager moduleManager = new BaseModuleManager(DbHelper); string moduleId = moduleManager.GetIdByCode(moduleCode); BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper); string permissionItemId = permissionItemManager.GetIdByCode(permissionItemCode); // 判断员工权限 if (this.CheckUserModulePermission(userId, moduleId, permissionItemId)) { return true; } // 判断员工角色权限 if (this.CheckRoleModulePermission(userId, moduleId, permissionItemId)) { return true; } return false; }
/// <summary> /// 按某个权限获取员工 Sql /// </summary> /// <param name="managerUserId">管理用户主键</param> /// <param name="permissionItemCode">权限编号</param> /// <returns>Sql</returns> public string GetUserIdsSql(string managerUserId, string permissionItemCode) { BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper); string permissionItemId = permissionItemManager.GetIdByCode(permissionItemCode); string sqlQuery = string.Empty; // 直接管理的用户 sqlQuery = " SELECT BasePermissionScope.TargetId AS " + BaseBusinessLogic.FieldId + " FROM BasePermissionScope " + " WHERE (BasePermissionScope.TargetCategory = '" + BaseUserEntity.TableName + "'" + " AND BasePermissionScope.ResourceId = '" + managerUserId + "'" + " AND BasePermissionScope.ResourceCategory = '" + BaseUserEntity.TableName + "'" + " AND BasePermissionScope.PermissionId = '" + permissionItemId + "'" + " AND BasePermissionScope.TargetId IS NOT NULL) "; // 被管理部门的列表 string[] organizeIds = this.GetOrganizeIds(managerUserId, permissionItemCode, false); if (organizeIds != null && organizeIds.Length > 0) { // 是否仅仅是自己的还有点儿问题 if (StringUtil.Exists(organizeIds, ((int)PermissionScope.User).ToString())) { sqlQuery += " UNION SELECT '" + this.UserInfo.Id + "' AS Id "; } else { string organizes = BaseBusinessLogic.ObjectsToList(organizeIds); if (!String.IsNullOrEmpty(organizes)) { // 被管理的组织机构包含的用户,公司、部门、工作组 // sqlQuery += " UNION " // + " SELECT " + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldUserId + " AS " + BaseBusinessLogic.FieldId // + " FROM " + BaseStaffEntity.TableName // + " WHERE (" + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldCompanyId + " IN (" + organizes + ") " // + " OR " + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldDepartmentId + " IN (" + organizes + ") " // + " OR " + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldWorkgroupId + " IN (" + organizes + ")) "; sqlQuery += " UNION " + " SELECT " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldId + " AS " + BaseBusinessLogic.FieldId + " FROM " + BaseUserEntity.TableName + " WHERE (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldDeletionStateCode + " = 0 ) " + " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldEnabled + " = 1 ) " + " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldCompanyId + " IN (" + organizes + ") " + " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldSubCompanyId + " IN (" + organizes + ") " + " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldDepartmentId + " IN (" + organizes + ") " + " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldWorkgroupId + " IN (" + organizes + ")) "; } } } // 被管理角色列表 string[] roleIds = this.GetRoleIds(managerUserId, permissionItemCode); if (roleIds.Length > 0) { string roles = BaseBusinessLogic.ObjectsToList(roleIds); if (!String.IsNullOrEmpty(roles)) { // 被管理的角色包含的员工 sqlQuery += " UNION " + " SELECT " + BaseUserRoleEntity.TableName + "." + BaseUserRoleEntity.FieldUserId + " AS " + BaseBusinessLogic.FieldId + " FROM " + BaseUserRoleEntity.TableName + " WHERE (" + BaseUserRoleEntity.TableName + "." + BaseUserRoleEntity.FieldEnabled + " = 1 " + " AND " + BaseUserRoleEntity.TableName + "." + BaseUserRoleEntity.FieldDeletionStateCode + " = 0 " + " AND " + BaseUserRoleEntity.TableName + "." + BaseUserRoleEntity.FieldRoleId + " IN (" + roles + ")) "; } } return sqlQuery; }
/// <summary> /// 按某个权限获取角色 Sql /// </summary> /// <param name="managerUserId">管理用户主键</param> /// <param name="permissionItemCode">权限编号</param> /// <returns>Sql</returns> public string GetRoleIdsSql(string managerUserId, string permissionItemCode) { BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper); string permissionItemId = permissionItemManager.GetIdByCode(permissionItemCode); string sqlQuery = string.Empty; // 被管理的角色 sqlQuery += " SELECT BasePermissionScope.TargetId AS " + BaseBusinessLogic.FieldId + " FROM BasePermissionScope " + " WHERE (BasePermissionScope.TargetId IS NOT NULL " + " AND BasePermissionScope.TargetCategory = '" + BaseRoleEntity.TableName + "' " + " AND ((BasePermissionScope.ResourceCategory = '" + BaseUserEntity.TableName + "' " + " AND BasePermissionScope.ResourceId = '" + managerUserId + "')" // 以及 他所在的角色在管理的角色 + " OR (BasePermissionScope.ResourceCategory = '" + BaseRoleEntity.TableName + "'" + " AND BasePermissionScope.ResourceId IN ( " + " SELECT RoleId " + " FROM " + BaseUserRoleEntity.TableName + " WHERE (" + BaseUserRoleEntity.FieldUserId + " = '" + managerUserId + "' " + " AND " + BaseUserRoleEntity.FieldEnabled + " = 1))))" // 并且是指定的本权限 + " AND " + BasePermissionScopeEntity.FieldPermissionItemId + " = '" + permissionItemId + "')"; // 被管理部门的列表 string[] organizeIds = this.GetOrganizeIds(managerUserId, permissionItemCode); if (organizeIds.Length > 0) { string organizes = BaseBusinessLogic.ObjectsToList(organizeIds); if (!String.IsNullOrEmpty(organizes)) { // 被管理的组织机构包含的角色 sqlQuery += " UNION " + " SELECT " + BaseRoleEntity.TableName + "." + BaseRoleEntity.FieldId + " AS " + BaseBusinessLogic.FieldId + " FROM " + BaseRoleEntity.TableName + " WHERE " + BaseRoleEntity.TableName + "." + BaseRoleEntity.FieldEnabled + " = 1 " + " AND " + BaseRoleEntity.TableName + "." + BaseRoleEntity.FieldDeletionStateCode + " = 0 " + " AND " + BaseRoleEntity.TableName + "." + BaseRoleEntity.FieldOrganizeId + " IN (" + organizes + ") "; } } return sqlQuery; }
/// <summary> /// 按某个权限获取组织机构 Sql /// </summary> /// <param name="managerUserId">管理用户主键</param> /// <param name="permissionItemCode">权限编号</param> /// <returns>Sql</returns> public string GetOrganizeIdsSql(string managerUserId, string permissionItemCode) { BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper); string permissionItemId = permissionItemManager.GetIdByCode(permissionItemCode); string sqlQuery = string.Empty; sqlQuery = " SELECT " + BasePermissionScopeEntity.FieldTargetId + " FROM " + BasePermissionScopeEntity.TableName // 有效的,并且不为空的组织机构主键 + " WHERE (" + BasePermissionScopeEntity.FieldTargetCategory + " = '" + BaseOrganizeEntity.TableName + "') " + " AND ( " + BasePermissionScopeEntity.TableName + "." + BasePermissionScopeEntity.FieldDeletionStateCode + " = 0) " + " AND ( " + BasePermissionScopeEntity.TableName + "." + BasePermissionScopeEntity.FieldEnabled + " = 1) " + " AND ( " + BasePermissionScopeEntity.TableName + "." + BasePermissionScopeEntity.FieldTargetId + " IS NOT NULL) " // 自己直接由相应权限的组织机构 + " AND ((" + BasePermissionScopeEntity.FieldResourceCategory + " = '" + BaseUserEntity.TableName + "' " + " AND " + BasePermissionScopeEntity.FieldResourceId + " = '" + managerUserId + "')" + " OR (" + BasePermissionScopeEntity.FieldResourceCategory + " = '" + BaseRoleEntity.TableName + "' " + " AND " + BasePermissionScopeEntity.FieldResourceId + " IN ( " // 获得属于那些角色有相应权限的组织机构 + " SELECT " + BaseUserRoleEntity.FieldRoleId + " FROM " + BaseUserRoleEntity.TableName + " WHERE " + BaseUserRoleEntity.FieldUserId + " = '" + managerUserId + "'" + " AND " + BaseUserRoleEntity.FieldDeletionStateCode + " = 0 " + " AND " + BaseUserRoleEntity.FieldEnabled + " = 1" // 修正不会读取用户默认角色权限域范围BUG + " Union SELECT " + BaseUserEntity.FieldRoleId + " FROM " + BaseUserEntity.TableName + " WHERE " + BaseUserEntity.FieldId + " = '" + managerUserId + "'" + " AND " + BaseUserEntity.FieldDeletionStateCode + " = 0 " + " AND " + BaseUserEntity.FieldEnabled + " = 1" + "))) " // 并且是指定的本权限 + " AND (" + BasePermissionScopeEntity.FieldPermissionItemId + " = '" + permissionItemId + "') "; return sqlQuery; }
/// <summary> /// 获取委托列表 /// </summary> /// <param name="permissionItemCode">操作权限编号</param> /// <param name="userId">用户主键</param> /// <returns>数据表</returns> public DataTable GetAuthorizeDT(string permissionItemCode, string userId = null) { if (userId == null) { userId = this.UserInfo.Id; } // 获取别人委托我的列表 string permissionItemId = string.Empty; BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(this.UserInfo); permissionItemId = permissionItemManager.GetIdByCode(permissionItemCode); BasePermissionScopeManager permissionScopeManager = new BasePermissionScopeManager(this.UserInfo); string[] names = new string[]{ BasePermissionScopeEntity.FieldDeletionStateCode , BasePermissionScopeEntity.FieldEnabled , BasePermissionScopeEntity.FieldResourceCategory , BasePermissionScopeEntity.FieldPermissionItemId , BasePermissionScopeEntity.FieldTargetCategory , BasePermissionScopeEntity.FieldTargetId}; Object[] values = new Object[] { 0, 1, BaseUserEntity.TableName, permissionItemId, BaseUserEntity.TableName, userId }; // 排除过期的,此方法有性能问题,已经放到后台的Sql中处理。 comment by zgl on 2011-10-27 //DataTable dt = permissionScopeManager.GetDataTable(names, values); //for (int i = 0; i < dt.Rows.Count; i++) //{ // if (!string.IsNullOrEmpty(dt.Rows[i][BasePermissionScopeEntity.FieldEndDate].ToString())) // { // // 过期的不显示 // if (DateTime.Parse(dt.Rows[i][BasePermissionScopeEntity.FieldEndDate].ToString()).Date < DateTime.Now.Date) // { // dt.Rows.RemoveAt(i); // // dt 行数会减少 // i--; // } // } //} //排除过期的,已经放到后台的Sql中处理。 DataTable dt = permissionScopeManager.GetAuthoriedList(BaseUserEntity.TableName, permissionItemId, BaseUserEntity.TableName, userId); string[] userIds = BaseBusinessLogic.FieldToArray(dt, BasePermissionScopeEntity.FieldResourceId); BaseUserManager userManager = new BaseUserManager(this.UserInfo); return userManager.GetDataTable(userIds); }