/// <summary>
/// 判断用户是否有有相应的权限
/// </summary>
/// <param name="userId">用户主键</param>
/// <param name="permissionItemCode">权限编号</param>
/// <returns>有权限</returns>
public bool CheckPermission(string userId, string permissionItemCode)
{
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper);
string permissionItemId = permissionItemManager.GetIdByCode(permissionItemCode);
// 没有找到相应的权限
if (String.IsNullOrEmpty(permissionItemId))
{
return(false);
}
List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >();
parameters.Add(new KeyValuePair <string, object>(BasePermissionEntity.FieldResourceCategory, BaseUserEntity.TableName));
parameters.Add(new KeyValuePair <string, object>(BasePermissionEntity.FieldResourceId, userId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionEntity.FieldEnabled, "1"));
return(DbLogic.Exists(DbHelper, this.CurrentTableName, parameters));
}
/// <summary>
/// 判断用户是否有有相应的权限
/// </summary>
/// <param name="userId">用户主键</param>
/// <param name="permissionItemCode">权限编号</param>
/// <returns>有权限</returns>
public bool CheckPermission(string userId, string permissionItemCode)
{
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper);
string permissionItemId = permissionItemManager.GetIdByCode(permissionItemCode);
// 没有找到相应的权限
if (String.IsNullOrEmpty(permissionItemId))
{
return false;
}
List<KeyValuePair<string, object>> parameters = new List<KeyValuePair<string, object>>();
parameters.Add(new KeyValuePair<string, object>(BasePermissionEntity.FieldResourceCategory, BaseUserEntity.TableName));
parameters.Add(new KeyValuePair<string, object>(BasePermissionEntity.FieldResourceId, userId));
parameters.Add(new KeyValuePair<string, object>(BasePermissionEntity.FieldEnabled, "1"));
return DbLogic.Exists(DbHelper, this.CurrentTableName, parameters);
}
/// <summary>
/// 是否有相应的权限
/// </summary>
/// <param name="userId">用户主键</param>
/// <param name="permissionItemCode">权限编号</param>
/// <returns>是否有权限</returns>
public bool IsModuleAuthorized(string userId, string moduleCode, string permissionItemCode)
{
BaseModuleManager moduleManager = new BaseModuleManager(DbHelper);
string moduleId = moduleManager.GetIdByCode(moduleCode);
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper);
string permissionItemId = permissionItemManager.GetIdByCode(permissionItemCode);
// 判断员工权限
if (this.CheckUserModulePermission(userId, moduleId, permissionItemId))
{
return true;
}
// 判断员工角色权限
if (this.CheckRoleModulePermission(userId, moduleId, permissionItemId))
{
return true;
}
return false;
}
/// <summary>
/// 按某个权限获取员工 Sql
/// </summary>
/// <param name="managerUserId">管理用户主键</param>
/// <param name="permissionItemCode">权限编号</param>
/// <returns>Sql</returns>
public string GetUserIdsSql(string managerUserId, string permissionItemCode)
{
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper);
string permissionItemId = permissionItemManager.GetIdByCode(permissionItemCode);
string sqlQuery = string.Empty;
// 直接管理的用户
sqlQuery = " SELECT BasePermissionScope.TargetId AS " + BaseBusinessLogic.FieldId
+ " FROM BasePermissionScope "
+ " WHERE (BasePermissionScope.TargetCategory = '" + BaseUserEntity.TableName + "'"
+ " AND BasePermissionScope.ResourceId = '" + managerUserId + "'"
+ " AND BasePermissionScope.ResourceCategory = '" + BaseUserEntity.TableName + "'"
+ " AND BasePermissionScope.PermissionId = '" + permissionItemId + "'"
+ " AND BasePermissionScope.TargetId IS NOT NULL) ";
// 被管理部门的列表
string[] organizeIds = this.GetOrganizeIds(managerUserId, permissionItemCode, false);
if (organizeIds != null && organizeIds.Length > 0)
{
// 是否仅仅是自己的还有点儿问题
if (StringUtil.Exists(organizeIds, ((int)PermissionScope.User).ToString()))
{
sqlQuery += " UNION SELECT '" + this.UserInfo.Id + "' AS Id ";
}
else
{
string organizes = BaseBusinessLogic.ObjectsToList(organizeIds);
if (!String.IsNullOrEmpty(organizes))
{
// 被管理的组织机构包含的用户,公司、部门、工作组
// sqlQuery += " UNION "
// + " SELECT " + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldUserId + " AS " + BaseBusinessLogic.FieldId
// + " FROM " + BaseStaffEntity.TableName
// + " WHERE (" + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldCompanyId + " IN (" + organizes + ") "
// + " OR " + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldDepartmentId + " IN (" + organizes + ") "
// + " OR " + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldWorkgroupId + " IN (" + organizes + ")) ";
sqlQuery += " UNION "
+ " SELECT " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldId + " AS " + BaseBusinessLogic.FieldId
+ " FROM " + BaseUserEntity.TableName
+ " WHERE (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldDeletionStateCode + " = 0 ) "
+ " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldEnabled + " = 1 ) "
+ " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldCompanyId + " IN (" + organizes + ") "
+ " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldSubCompanyId + " IN (" + organizes + ") "
+ " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldDepartmentId + " IN (" + organizes + ") "
+ " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldWorkgroupId + " IN (" + organizes + ")) ";
}
}
}
// 被管理角色列表
string[] roleIds = this.GetRoleIds(managerUserId, permissionItemCode);
if (roleIds.Length > 0)
{
string roles = BaseBusinessLogic.ObjectsToList(roleIds);
if (!String.IsNullOrEmpty(roles))
{
// 被管理的角色包含的员工
sqlQuery += " UNION "
+ " SELECT " + BaseUserRoleEntity.TableName + "." + BaseUserRoleEntity.FieldUserId + " AS " + BaseBusinessLogic.FieldId
+ " FROM " + BaseUserRoleEntity.TableName
+ " WHERE (" + BaseUserRoleEntity.TableName + "." + BaseUserRoleEntity.FieldEnabled + " = 1 "
+ " AND " + BaseUserRoleEntity.TableName + "." + BaseUserRoleEntity.FieldDeletionStateCode + " = 0 "
+ " AND " + BaseUserRoleEntity.TableName + "." + BaseUserRoleEntity.FieldRoleId + " IN (" + roles + ")) ";
}
}
return sqlQuery;
}
/// <summary>
/// 按某个权限获取角色 Sql
/// </summary>
/// <param name="managerUserId">管理用户主键</param>
/// <param name="permissionItemCode">权限编号</param>
/// <returns>Sql</returns>
public string GetRoleIdsSql(string managerUserId, string permissionItemCode)
{
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper);
string permissionItemId = permissionItemManager.GetIdByCode(permissionItemCode);
string sqlQuery = string.Empty;
// 被管理的角色
sqlQuery += " SELECT BasePermissionScope.TargetId AS " + BaseBusinessLogic.FieldId
+ " FROM BasePermissionScope "
+ " WHERE (BasePermissionScope.TargetId IS NOT NULL "
+ " AND BasePermissionScope.TargetCategory = '" + BaseRoleEntity.TableName + "' "
+ " AND ((BasePermissionScope.ResourceCategory = '" + BaseUserEntity.TableName + "' "
+ " AND BasePermissionScope.ResourceId = '" + managerUserId + "')"
// 以及 他所在的角色在管理的角色
+ " OR (BasePermissionScope.ResourceCategory = '" + BaseRoleEntity.TableName + "'"
+ " AND BasePermissionScope.ResourceId IN ( "
+ " SELECT RoleId "
+ " FROM " + BaseUserRoleEntity.TableName
+ " WHERE (" + BaseUserRoleEntity.FieldUserId + " = '" + managerUserId + "' "
+ " AND " + BaseUserRoleEntity.FieldEnabled + " = 1))))"
// 并且是指定的本权限
+ " AND " + BasePermissionScopeEntity.FieldPermissionItemId + " = '" + permissionItemId + "')";
// 被管理部门的列表
string[] organizeIds = this.GetOrganizeIds(managerUserId, permissionItemCode);
if (organizeIds.Length > 0)
{
string organizes = BaseBusinessLogic.ObjectsToList(organizeIds);
if (!String.IsNullOrEmpty(organizes))
{
// 被管理的组织机构包含的角色
sqlQuery += " UNION "
+ " SELECT " + BaseRoleEntity.TableName + "." + BaseRoleEntity.FieldId + " AS " + BaseBusinessLogic.FieldId
+ " FROM " + BaseRoleEntity.TableName
+ " WHERE " + BaseRoleEntity.TableName + "." + BaseRoleEntity.FieldEnabled + " = 1 "
+ " AND " + BaseRoleEntity.TableName + "." + BaseRoleEntity.FieldDeletionStateCode + " = 0 "
+ " AND " + BaseRoleEntity.TableName + "." + BaseRoleEntity.FieldOrganizeId + " IN (" + organizes + ") ";
}
}
return sqlQuery;
}
/// <summary>
/// 按某个权限获取组织机构 Sql
/// </summary>
/// <param name="managerUserId">管理用户主键</param>
/// <param name="permissionItemCode">权限编号</param>
/// <returns>Sql</returns>
public string GetOrganizeIdsSql(string managerUserId, string permissionItemCode)
{
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper);
string permissionItemId = permissionItemManager.GetIdByCode(permissionItemCode);
string sqlQuery = string.Empty;
sqlQuery = " SELECT " + BasePermissionScopeEntity.FieldTargetId
+ " FROM " + BasePermissionScopeEntity.TableName
// 有效的,并且不为空的组织机构主键
+ " WHERE (" + BasePermissionScopeEntity.FieldTargetCategory + " = '" + BaseOrganizeEntity.TableName + "') "
+ " AND ( " + BasePermissionScopeEntity.TableName + "." + BasePermissionScopeEntity.FieldDeletionStateCode + " = 0) "
+ " AND ( " + BasePermissionScopeEntity.TableName + "." + BasePermissionScopeEntity.FieldEnabled + " = 1) "
+ " AND ( " + BasePermissionScopeEntity.TableName + "." + BasePermissionScopeEntity.FieldTargetId + " IS NOT NULL) "
// 自己直接由相应权限的组织机构
+ " AND ((" + BasePermissionScopeEntity.FieldResourceCategory + " = '" + BaseUserEntity.TableName + "' "
+ " AND " + BasePermissionScopeEntity.FieldResourceId + " = '" + managerUserId + "')"
+ " OR (" + BasePermissionScopeEntity.FieldResourceCategory + " = '" + BaseRoleEntity.TableName + "' "
+ " AND " + BasePermissionScopeEntity.FieldResourceId + " IN ( "
// 获得属于那些角色有相应权限的组织机构
+ " SELECT " + BaseUserRoleEntity.FieldRoleId
+ " FROM " + BaseUserRoleEntity.TableName
+ " WHERE " + BaseUserRoleEntity.FieldUserId + " = '" + managerUserId + "'"
+ " AND " + BaseUserRoleEntity.FieldDeletionStateCode + " = 0 "
+ " AND " + BaseUserRoleEntity.FieldEnabled + " = 1"
// 修正不会读取用户默认角色权限域范围BUG
+ " Union SELECT " + BaseUserEntity.FieldRoleId
+ " FROM " + BaseUserEntity.TableName
+ " WHERE " + BaseUserEntity.FieldId + " = '" + managerUserId + "'"
+ " AND " + BaseUserEntity.FieldDeletionStateCode + " = 0 "
+ " AND " + BaseUserEntity.FieldEnabled + " = 1"
+ "))) "
// 并且是指定的本权限
+ " AND (" + BasePermissionScopeEntity.FieldPermissionItemId + " = '" + permissionItemId + "') ";
return sqlQuery;
}
/// <summary>
/// 获取委托列表
/// </summary>
/// <param name="permissionItemCode">操作权限编号</param>
/// <param name="userId">用户主键</param>
/// <returns>数据表</returns>
public DataTable GetAuthorizeDT(string permissionItemCode, string userId = null)
{
if (userId == null)
{
userId = this.UserInfo.Id;
}
// 获取别人委托我的列表
string permissionItemId = string.Empty;
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(this.UserInfo);
permissionItemId = permissionItemManager.GetIdByCode(permissionItemCode);
BasePermissionScopeManager permissionScopeManager = new BasePermissionScopeManager(this.UserInfo);
string[] names = new string[]{
BasePermissionScopeEntity.FieldDeletionStateCode
, BasePermissionScopeEntity.FieldEnabled
, BasePermissionScopeEntity.FieldResourceCategory
, BasePermissionScopeEntity.FieldPermissionItemId
, BasePermissionScopeEntity.FieldTargetCategory
, BasePermissionScopeEntity.FieldTargetId};
Object[] values = new Object[] { 0, 1, BaseUserEntity.TableName, permissionItemId, BaseUserEntity.TableName, userId };
// 排除过期的,此方法有性能问题,已经放到后台的Sql中处理。 comment by zgl on 2011-10-27
//DataTable dt = permissionScopeManager.GetDataTable(names, values);
//for (int i = 0; i < dt.Rows.Count; i++)
//{
// if (!string.IsNullOrEmpty(dt.Rows[i][BasePermissionScopeEntity.FieldEndDate].ToString()))
// {
// // 过期的不显示
// if (DateTime.Parse(dt.Rows[i][BasePermissionScopeEntity.FieldEndDate].ToString()).Date < DateTime.Now.Date)
// {
// dt.Rows.RemoveAt(i);
// // dt 行数会减少
// i--;
// }
// }
//}
//排除过期的,已经放到后台的Sql中处理。
DataTable dt = permissionScopeManager.GetAuthoriedList(BaseUserEntity.TableName, permissionItemId, BaseUserEntity.TableName, userId);
string[] userIds = BaseBusinessLogic.FieldToArray(dt, BasePermissionScopeEntity.FieldResourceId);
BaseUserManager userManager = new BaseUserManager(this.UserInfo);
return userManager.GetDataTable(userIds);
}
