public void Permit(int userId, ACLROLETYPE roleType, int resourceId, ACLOPERATION operation) { // user have to have write privilege on resource CACLEntity acl = new CACLEntity(); acl.Acl_Resource = resourceId; acl.Acl_Operation = (int)ACLOPERATION.WRITE; if (!CheckPrivilege(acl)) { throw new Exception("没有写权限"); } List <CACLEntity> userAcls = new List <CACLEntity>(); if (roleType == ACLROLETYPE.USERROLE) { CUserEntity user = new CUserEntity(ConnString).Load(userId); userAcls = user.GetUserACLs(); } else if (roleType == ACLROLETYPE.GROUPROLE) { CGroupEntity group = new CGroupEntity(ConnString).Load(userId); userAcls = group.GetGroupACLs(); } // check if this acl conflicts with others CResourceEntity resource = new CResourceEntity(ConnString).Load(resourceId); foreach (CACLEntity userAcl in userAcls) { if (resource.IsChild(userAcl.Acl_Resource) && userAcl.Acl_Operation == (int)operation) { throw new Exception("与其他权限冲突"); } } // create acl CACLEntity acl1 = new CACLEntity(ConnString); acl1.Acl_Resource = resourceId; acl1.Acl_Role = userId; acl1.Acl_RType = (int)roleType; acl1.Acl_Operation = (int)operation; acl1.Acl_Creator = this.Usr_Id; acl1.Acl_CreateTime = DateTime.Now; acl1.Insert(); // remove all child privileges foreach (CACLEntity ua in userAcls) { resource = new CResourceEntity(ConnString).Load(ua.Acl_Resource); if (resource.IsChild(resourceId) && ua.Acl_Operation == (int)operation) { ua.Delete(); } } }
// newUser.Usr_Organize neend be set public CUserEntity CreateAdminlUser(CUserEntity newUser) { try { // Check privilege CACLEntity acl = new CACLEntity(); acl.Acl_Operation = (int)ACLOPERATION.CRETAEORGANIZEADMIN; acl.Acl_Resource = Usr_Organize; if (!CheckPrivilege(acl)) { throw new Exception("当前用户无创建管理员用户权限"); } // create admin newUser.Usr_Type = (int)USERTYPE.ORGANIZEADMIN; CUserEntity user = CreateUser(newUser); // add acls to admin, organize acl, root dir acl COrganizeEntity organize = new COrganizeEntity(ConnString); organize = organize.Load(user.Usr_Organize); /* * CACLEntity acl1 = new CACLEntity(ConnString); * acl1.Acl_CreateTime = DateTime.Now; * acl1.Acl_Creator = Usr_Id; * acl1.Acl_Operation = 0; * acl1.Acl_Resource = organize.Org_Id; * acl1.Acl_Role = user.Usr_Id; * acl1.Acl_RType = (int)ACLROLETYPE.USERROLE; * acl1.Acl_Id = acl1.Insert(); */ CACLEntity acl2 = new CACLEntity(ConnString); acl2.Acl_CreateTime = DateTime.Now; acl2.Acl_Creator = Usr_Id; acl2.Acl_Operation = (int)ACLOPERATION.WRITE; acl2.Acl_Resource = organize.Org_Resource; acl2.Acl_Role = user.Usr_Id; acl2.Acl_RType = (int)ACLROLETYPE.USERROLE; acl2.Acl_Id = acl2.Insert(); CACLEntity acl3 = new CACLEntity(ConnString); acl3.Acl_CreateTime = DateTime.Now; acl3.Acl_Creator = Usr_Id; acl3.Acl_Operation = (int)ACLOPERATION.READ; acl3.Acl_Resource = organize.Org_Resource; acl3.Acl_Role = user.Usr_Id; acl3.Acl_RType = (int)ACLROLETYPE.USERROLE; acl3.Acl_Id = acl3.Insert(); return(user); } catch (Exception e) { throw e; } }
public CUserEntity CreateNormalUser(CUserEntity newUser) { try { // Check privilege CACLEntity acl = new CACLEntity(); acl.Acl_Operation = (int)ACLOPERATION.CREATENORMALUSER; acl.Acl_Resource = Usr_Organize; if (!CheckPrivilege(acl)) { throw new Exception("当前用户无创建新用户权限"); } // create user newUser.Usr_Type = (int)USERTYPE.NORMALUSER; CUserEntity user = CreateUser(newUser); // add acl to user CACLEntity acl2 = new CACLEntity(ConnString); acl2.Acl_CreateTime = DateTime.Now; acl2.Acl_Creator = Usr_Id; acl2.Acl_Operation = (int)ACLOPERATION.WRITE; acl2.Acl_Resource = user.Usr_Resource; acl2.Acl_Role = user.Usr_Id; acl2.Acl_RType = (int)ACLROLETYPE.USERROLE; acl2.Acl_Id = acl2.Insert(); CACLEntity acl1 = new CACLEntity(ConnString); acl1.Acl_CreateTime = DateTime.Now; acl1.Acl_Creator = Usr_Id; acl1.Acl_Operation = (int)ACLOPERATION.READ; acl1.Acl_Resource = user.Usr_Resource; acl1.Acl_Role = user.Usr_Id; acl1.Acl_RType = (int)ACLROLETYPE.USERROLE; acl1.Acl_Id = acl1.Insert(); return(user); } catch (Exception e) { throw e; } }