Beispiel #1
0
        //
        // 授予授权范围的实现部分
        //

        #region private string GrantUser(PiPermissionScopeManager permissionScopeManager, string userId, string permissionItemCode, string grantUserId) 为了提高授权的运行速度
        /// <summary>
        /// 为了提高授权的运行速度
        /// </summary>
        /// <param name="permissionScopeManager">权限域读写器</param>
        /// <param name="userId">员工主键</param>
        /// <param name="permissionItemCode">权限项代码</param>
        /// <param name="grantUserId">权限主键</param>
        /// <returns>主键</returns>
        private string GrantUser(PiPermissionScopeManager permissionScopeManager, string userId, string permissionItemCode, string grantUserId)
        {
            var returnValue = string.Empty;

            var names  = new string[5];
            var values = new string[5];

            names[0]  = PiPermissionScopeTable.FieldResourceCategory;
            values[0] = PiUserTable.TableName;
            names[1]  = PiPermissionScopeTable.FieldResourceId;
            values[1] = userId;
            names[2]  = PiPermissionScopeTable.FieldTargetCategory;
            values[2] = PiUserTable.TableName;
            names[3]  = PiPermissionScopeTable.FieldTargetId;
            values[3] = grantUserId;
            names[4]  = PiPermissionScopeTable.FieldPermissionId;
            values[4] = this.GetIdByCode(permissionItemCode);

            if (!this.Exists(names, values))
            {
                var resourcePermissionScopeEntity = new PiPermissionScopeEntity
                {
                    PermissionId     = this.GetIdByCode(permissionItemCode),
                    ResourceCategory = PiUserTable.TableName,
                    ResourceId       = userId,
                    TargetCategory   = PiUserTable.TableName,
                    TargetId         = grantUserId,
                    Enabled          = 1,
                    DeleteMark       = 0
                };
                return(permissionScopeManager.Add(resourcePermissionScopeEntity));
            }

            return(returnValue);
        }
        /// <summary>
        /// 设置约束条件
        /// </summary>
        /// <param name="resourceCategory">资源类别</param>
        /// <param name="resourceId">资源主键</param>
        /// <param name="tableName">表名</param>
        /// <param name="constraint">约束</param>
        /// <param name="enabled">有效</param>
        /// <param name="permissionCode">操作权限项</param>
        /// <returns>主键</returns>
        public string SetConstraint(string resourceCategory, string resourceId, string tableName, string permissionCode, string constraint, bool enabled = true)
        {
            string returnValue = string.Empty;

            string permissionId = string.Empty;
            PiPermissionItemManager permissionItemManager = new PiPermissionItemManager(this.UserInfo);

            permissionId = permissionItemManager.GetIdByAdd(permissionCode);

            PiPermissionScopeManager manager = new PiPermissionScopeManager(this.DBProvider, this.UserInfo);

            string[] names =
            {
                PiPermissionScopeTable.FieldResourceCategory
                , PiPermissionScopeTable.FieldResourceId
                , PiPermissionScopeTable.FieldTargetCategory
                , PiPermissionScopeTable.FieldTargetId
                , PiPermissionScopeTable.FieldPermissionId
                , PiPermissionScopeTable.FieldDeleteMark
            };
            Object[] values =
            {
                resourceCategory
                , resourceId
                , "Table"
                , tableName
                , permissionId
                , 0
            };

            // 1:先获取是否有这样的主键,若有进行更新操作。
            // 2:若没有进行添加操作。
            returnValue = manager.GetId(names, values);
            if (!string.IsNullOrEmpty(returnValue))
            {
                string[] targetFields = { PiPermissionScopeTable.FieldPermissionConstraint, PiPermissionScopeTable.FieldEnabled };
                Object[] targetValues = { constraint, enabled ? 1 : 0 };
                manager.SetProperty(PiPermissionScopeTable.FieldId, returnValue, targetFields, targetValues);
            }
            else
            {
                PiPermissionScopeEntity entity = new PiPermissionScopeEntity
                {
                    ResourceCategory     = resourceCategory,
                    ResourceId           = resourceId,
                    TargetCategory       = "Table",
                    TargetId             = tableName,
                    PermissionConstraint = constraint,
                    PermissionId         = permissionId,
                    DeleteMark           = 0,
                    Enabled = enabled ? 1 : 0
                };
                returnValue = manager.Add(entity);
            }
            return(returnValue);
        }
        /// <summary>
        /// 获取约束条件
        /// </summary>
        /// <param name="userInfo">用户</param>
        /// <param name="resourceCategory">资源类别</param>
        /// <param name="resourceId">资源主键</param>
        /// <param name="tableName">表名</param>
        /// <returns>约束条件</returns>
        public PiPermissionScopeEntity GetConstraintEntity(UserInfo userInfo, string resourceCategory, string resourceId, string tableName, string permissionCode = "Resource.AccessPermission")
        {
            PiPermissionScopeEntity returnValue = null;
            var parameter = ParameterUtil.CreateWithLog(userInfo, MethodBase.GetCurrentMethod());

            ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider =>
            {
                returnValue = new TableColumnsManager(dbProvider, userInfo).GetConstraintEntity(resourceCategory, resourceId, tableName, permissionCode);
            });
            return(returnValue);
        }
        /// <summary>
        /// 获取约束条件
        /// </summary>
        /// <param name="resourceCategory">资源类别</param>
        /// <param name="resourceId">资源主键</param>
        /// <param name="tableName">表名</param>
        /// <returns>约束条件</returns>
        public string GetConstraint(string resourceCategory, string resourceId, string tableName, string permissionCode = "Resource.AccessPermission")
        {
            string returnValue             = string.Empty;
            PiPermissionScopeEntity entity = GetConstraintEntity(resourceCategory, resourceId, tableName, permissionCode);

            if (entity != null && entity.Enabled == 1)
            {
                returnValue = entity.PermissionConstraint;
            }
            return(returnValue);
        }
        //
        // 授予授权范围的实现部分
        //

        #region private string GrantPermissionItem(PiPermissionScopeManager permissionScopeManager, string id, string userId, string grantPermissionId) 为了提高授权的运行速度
        /// <summary>
        /// 为了提高授权的运行速度
        /// </summary>
        /// <param name="permissionScopeManager">权限域读写器</param>
        /// <param name="userId">员工主键</param>
        /// <param name="permissionItemCode">权限代码</param>
        /// <param name="grantPermissionId">权限主键</param>
        /// <returns>主键</returns>
        private string GrantPermissionItem(PiPermissionScopeManager permissionScopeManager, string userId, string permissionItemCode, string grantPermissionId)
        {
            string returnValue = string.Empty;
            PiPermissionScopeEntity resourcePermissionScopeEntity = new PiPermissionScopeEntity
            {
                PermissionId     = this.GetIdByCode(permissionItemCode),
                ResourceCategory = PiUserTable.TableName,
                ResourceId       = userId,
                TargetCategory   = PiPermissionItemTable.TableName,
                TargetId         = grantPermissionId,
                Enabled          = 1,
                DeleteMark       = 0
            };

            return(permissionScopeManager.Add(resourcePermissionScopeEntity));
        }
Beispiel #6
0
        //
        // 授予授权范围的实现部分
        //

        #region private string GrantModule(PiPermissionScopeManager permissionScopeManager, string userId, string permissionItemCode, string grantModuleId) 为了提高授权的运行速度
        /// <summary>
        /// 为了提高授权的运行速度
        /// </summary>
        /// <param name="permissionScopeManager">权限域读写器</param>
        /// <param name="userId">员工主键</param>
        /// <param name="permissionItemCode">权限代码</param>
        /// <param name="grantModuleId">权限主键</param>
        /// <returns>主键</returns>
        private string GrantModule(PiPermissionScopeManager permissionScopeManager, string userId, string permissionItemCode, string grantModuleId)
        {
            string returnValue = string.Empty;
            PiPermissionScopeEntity resourcePermissionScopeEntity = new PiPermissionScopeEntity();
            string permissionId = this.GetIdByCode(permissionItemCode);

            if (string.IsNullOrEmpty(permissionId))
            {
                return(string.Empty);
            }
            resourcePermissionScopeEntity.PermissionId     = permissionId;
            resourcePermissionScopeEntity.ResourceCategory = PiUserTable.TableName;
            resourcePermissionScopeEntity.ResourceId       = userId;
            resourcePermissionScopeEntity.TargetCategory   = PiModuleTable.TableName;
            resourcePermissionScopeEntity.TargetId         = grantModuleId;
            resourcePermissionScopeEntity.Enabled          = 1;
            resourcePermissionScopeEntity.DeleteMark       = 0;
            return(permissionScopeManager.Add(resourcePermissionScopeEntity));
        }
        public PiPermissionScopeEntity GetConstraintEntity(string resourceCategory, string resourceId, string tableName, string permissionCode = "Resource.AccessPermission")
        {
            PiPermissionScopeEntity entity = null;

            string permissionId = string.Empty;
            PiPermissionItemManager permissionItemManager = new PiPermissionItemManager(this.UserInfo);

            permissionId = permissionItemManager.GetIdByAdd(permissionCode);

            PiPermissionScopeManager manager = new PiPermissionScopeManager(this.DBProvider, this.UserInfo);

            string[] names =
            {
                PiPermissionScopeTable.FieldResourceCategory
                , PiPermissionScopeTable.FieldResourceId
                , PiPermissionScopeTable.FieldTargetCategory
                , PiPermissionScopeTable.FieldTargetId
                , PiPermissionScopeTable.FieldPermissionId
                , PiPermissionScopeTable.FieldDeleteMark
            };
            Object[] values =
            {
                resourceCategory
                , resourceId
                , "Table"
                , tableName
                , permissionId
                , 0
            };

            // 1:先获取是否有这样的主键,若有进行更新操作。
            DataTable dt = manager.GetDT(names, values);

            if (dt.Rows.Count > 0)
            {
                entity = BaseEntity.Create <PiPermissionScopeEntity>(dt);
            }
            return(entity);
        }
        //
        // 授予授权范围的实现部分
        //

        #region private string GrantOrganize(PiPermissionScopeManager permissionScopeManager, string roleId, string permissionItemCode, string grantOrganizeId) 为了提高授权的运行速度
        /// <summary>
        /// 为了提高授权的运行速度
        /// </summary>
        /// <param name="permissionScopeManager">权限域读写器</param>
        /// <param name="permissionItemCode">权限代码</param>
        /// <param name="roleId">员工主键</param>
        /// <param name="grantOrganizeId">权限主键</param>
        /// <returns>主键</returns>
        private string GrantOrganize(PiPermissionScopeManager permissionScopeManager, string roleId, string permissionItemCode, string grantOrganizeId)
        {
            string returnValue = string.Empty;

            string[] names  = new string[5];
            string[] values = new string[5];
            names[0]  = PiPermissionScopeTable.FieldResourceCategory;
            values[0] = PiRoleTable.TableName;
            names[1]  = PiPermissionScopeTable.FieldResourceId;
            values[1] = roleId;
            names[2]  = PiPermissionScopeTable.FieldTargetCategory;
            values[2] = PiOrganizeTable.TableName;
            names[3]  = PiPermissionScopeTable.FieldTargetId;
            values[3] = grantOrganizeId;
            names[4]  = PiPermissionScopeTable.FieldPermissionId;
            values[4] = this.GetIdByCode(permissionItemCode);
            // Nick Deng 优化数据权限设置,没有权限和其他任意一种权限互斥
            // 即当没有权限时,该角色对应该数据权限的其他权限都应删除
            // 当该角色拥有对应该数据权限的其他权限时,删除该角色的没有权限的权限
            PiPermissionScopeEntity resourcePermissionScopeEntity = new PiPermissionScopeEntity();
            DataTable dt = new DataTable();

            if (!this.Exists(names, values))
            {
                resourcePermissionScopeEntity.PermissionId     = this.GetIdByCode(permissionItemCode);
                resourcePermissionScopeEntity.ResourceCategory = PiRoleTable.TableName;
                resourcePermissionScopeEntity.ResourceId       = roleId;
                resourcePermissionScopeEntity.TargetCategory   = PiOrganizeTable.TableName;
                resourcePermissionScopeEntity.TargetId         = grantOrganizeId;
                resourcePermissionScopeEntity.Enabled          = 1;
                resourcePermissionScopeEntity.DeleteMark       = 0;
                returnValue = permissionScopeManager.Add(resourcePermissionScopeEntity);
                if (grantOrganizeId != ((int)PermissionScope.None).ToString())
                {
                    values[3] = ((int)PermissionScope.None).ToString();
                    if (this.Exists(names, values))
                    {
                        dt = permissionScopeManager.GetDT(names, values);
                        if (dt != null && dt.Rows.Count > 0)
                        {
                            permissionScopeManager.DeleteEntity(dt.Rows[0]["Id"].ToString());
                        }
                    }
                }
                else
                {
                    string[] namesForDel  = new string[4];
                    string[] valuesForDel = new string[4];
                    namesForDel[0]  = names[0];
                    valuesForDel[0] = values[0];
                    namesForDel[1]  = names[1];
                    valuesForDel[1] = values[1];
                    namesForDel[2]  = names[2];
                    valuesForDel[2] = values[2];
                    namesForDel[3]  = names[4];
                    valuesForDel[3] = values[4];
                    dt = permissionScopeManager.GetDT(namesForDel, valuesForDel);
                    for (int i = 0; i < dt.Rows.Count; i++)
                    {
                        if (dt.Rows[i]["TARGETID"].ToString() != ((int)PermissionScope.None).ToString())
                        {
                            permissionScopeManager.DeleteEntity(dt.Rows[0]["ID"].ToString());
                        }
                    }
                }
            }

            return(returnValue);
        }