/// <summary>
/// 移动管理单元
/// </summary>
/// <param name="unit">将被移动的管理单元</param>
/// <param name="newParent">一个表示目标单元的<see cref="AdminUnit"/> ,或者为null,表示作为顶级管理单元</param>
public void MoveAdminUnit(AdminUnit unit, AdminUnit newParent)
{
unit.NullCheck("unit");
var parent = GetUnitParent(unit, false);
if (parent is AUSchema)
{
CheckAUSchemaPermission((AUSchema)parent);
}
else
{
CheckUnitPermission(AUOperationType.AddAdminUnit, "DeleteSubUnit", (AdminUnit)parent);
}
if (newParent != null)
{
CheckUnitPermission(AUOperationType.AddAdminUnit, "AddSubUnit", newParent);
}
else
{
CheckAUSchemaPermission(unit.GetUnitSchema());
}
MoveAUExecutor executor = new MoveAUExecutor(AUOperationType.MoveAdminUnit, unit, newParent)
{
NeedStatusCheck = this.NeedValidationAndStatusCheck
};
ExecuteWithActions(AUOperationType.MoveAdminUnit, () => SCActionContext.Current.DoActions(() =>
{
executor.Execute();
}));
}
private void CheckUnitPermission(AUOperationType opType, string permissionName, AdminUnit unit)
{
unit.NullCheck("unit");
if (unit.Status != SchemaObjectStatus.Normal)
{
throw new AUStatusCheckException(unit, opType);
}
if (this._NeedCheckPermissions)
{
if (unit == null || unit.Status != SchemaObjectStatus.Normal)
{
throw new ArgumentException(string.Format("不存在参数 unit 指定的管理单元", "unit"));
}
if (DeluxePrincipal.Current.HasPermissions(permissionName, new string[] { unit.ID }) == false)
{
//如果没有权限,检查是否超级管理员或者拥有架构权限
if (AUPermissionHelper.IsSupervisor(DeluxePrincipal.Current) == false)
{
var schema = unit.GetUnitSchema();
if (string.IsNullOrEmpty(schema.MasterRole) || DeluxePrincipal.Current.IsInRole(schema.MasterRole) == false)
{
throw CreateAclException(opType, unit.Schema, permissionName);
}
}
}
}
}
public void AddAdminUnit(AdminUnit unit, AdminUnit parent)
{
if (parent == null)
{
CheckAUSchemaPermission(unit.GetUnitSchema());
}
else
{
CheckUnitPermission(AUOperationType.AddAdminUnit, "AddSubUnit", parent);
}
AdminUnitExecutor executor = new Executors.AdminUnitExecutor(AUOperationType.AddAdminUnit, parent, unit)
{
NeedValidation = this.NeedValidationAndStatusCheck,
NeedParentStatusCheck = this.NeedValidationAndStatusCheck,
};
ExecuteWithActions(AUOperationType.AddAdminUnit, () => SCActionContext.Current.DoActions(() =>
{
executor.Execute();
}));
}
/// <summary>
/// 移动管理单元
/// </summary>
/// <param name="unit">将被移动的管理单元</param>
/// <param name="newParent">一个表示目标单元的<see cref="AdminUnit"/> ,或者为null,表示作为顶级管理单元</param>
public void MoveAdminUnit(AdminUnit unit, AdminUnit newParent)
{
unit.NullCheck("unit");
var parent = GetUnitParent(unit, false);
if (parent is AUSchema)
CheckAUSchemaPermission((AUSchema)parent);
else
CheckUnitPermission(AUOperationType.AddAdminUnit, "DeleteSubUnit", (AdminUnit)parent);
if (newParent != null)
CheckUnitPermission(AUOperationType.AddAdminUnit, "AddSubUnit", newParent);
else
CheckAUSchemaPermission(unit.GetUnitSchema());
MoveAUExecutor executor = new MoveAUExecutor(AUOperationType.MoveAdminUnit, unit, newParent)
{
NeedStatusCheck = this.NeedValidationAndStatusCheck
};
ExecuteWithActions(AUOperationType.MoveAdminUnit, () => SCActionContext.Current.DoActions(() =>
{
executor.Execute();
}));
}
private void CheckUnitPermission(AUOperationType opType, string permissionName, AdminUnit unit)
{
unit.NullCheck("unit");
if (unit.Status != SchemaObjectStatus.Normal)
throw new AUStatusCheckException(unit, opType);
if (this._NeedCheckPermissions)
{
if (unit == null || unit.Status != SchemaObjectStatus.Normal)
throw new ArgumentException(string.Format("不存在参数 unit 指定的管理单元", "unit"));
if (DeluxePrincipal.Current.HasPermissions(permissionName, new string[] { unit.ID }) == false)
{
//如果没有权限,检查是否超级管理员或者拥有架构权限
if (AUPermissionHelper.IsSupervisor(DeluxePrincipal.Current) == false)
{
var schema = unit.GetUnitSchema();
if (string.IsNullOrEmpty(schema.MasterRole) || DeluxePrincipal.Current.IsInRole(schema.MasterRole) == false)
throw CreateAclException(opType, unit.Schema, permissionName);
}
}
}
}
public void AddAdminUnitWithMembers(AdminUnit unit, AdminUnit parent, AURole[] roles, AUAdminScope[] scopes)
{
if (parent == null)
CheckAUSchemaPermission(unit.GetUnitSchema());
else
CheckUnitPermission(AUOperationType.AddAdminUnit, "AddSubUnit", parent);
AdminUnitExecutor executor = new Executors.AdminUnitExecutor(AUOperationType.AddAdminUnit, parent, unit)
{
NeedValidation = this.NeedValidationAndStatusCheck,
NeedParentStatusCheck = this.NeedValidationAndStatusCheck,
InputRoles = roles,
InputAdminScopes = scopes
};
ExecuteWithActions(AUOperationType.AddAdminUnit, () => SCActionContext.Current.DoActions(() =>
{
executor.Execute();
}));
}