public bool updateUser(User user, string userId)
{
// if (!(Security.user.Id.Equals(user.Id) && Security.IsAdminRoleUser))
// throw new XUserException("无权操作");
if (existsUser(user.Id) && user.Id != userId)
{
throw new XUserException("用户" + user.Id + "已经存在,法将用户" + userId + "改为" + user.Id);
}
DatabaseAdmin dba = SecuritySettings.getDBA();
DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.UpdateUserSql);
dba.addInParameter(cmd, "@Id", DbType.String, user.Id);
dba.addInParameter(cmd, "@DisplayName", DbType.String, user.DisplayName);
dba.addInParameter(cmd, "@IsDisable", DbType.Boolean, user.IsDisable);
dba.addInParameter(cmd, "@IsActive", DbType.Boolean, user.IsActive);
dba.addInParameter(cmd, "@Email", DbType.AnsiString, user.Email);
dba.addInParameter(cmd, "@Mobile", DbType.AnsiString, user.Mobile);
dba.addInParameter(cmd, "@GroupId", DbType.AnsiString, user.GroupId);
dba.addInParameter(cmd, "@oldId", DbType.AnsiString, userId);
bool ret = dba.execNonQuery(cmd) != 0;
if (!ret)
{
throw new XUserException(userId + "用户未发现");
}
return(ret);
}
public bool updateRole(Role role, string roleId)
{
if (String.IsNullOrEmpty(roleId))
{
throw new Exception("角色Id不能为空");
}
if (existsRole(role.Id) && !roleId.Equals(role.Id, StringComparison.OrdinalIgnoreCase))
{
throw new Exception("角色Id" + role.Id + "已经存在,不能将" + roleId + "修改成" + role.Id);
}
DatabaseAdmin dba = SecuritySettings.getDBA();
DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.UpdateRoleSql);
dba.addInParameter(cmd, "@Id", DbType.String, role.Id);
dba.addInParameter(cmd, "@DisplayName", DbType.String, role.DisplayName);
dba.addInParameter(cmd, "@Remark", DbType.String, role.Remark);
dba.addInParameter(cmd, "@oldId", DbType.String, roleId);
bool ret = dba.execNonQuery(cmd) != 0;
if (!ret)
{
throw new XUserException("角色修改失败,角色" + roleId + "不存在");
}
return(ret);
}
public bool deleteUser(string userId)
{
DatabaseAdmin dba = SecuritySettings.getDBA();
DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.DeleteUserSQL);
dba.addInParameter(cmd, "@user_id", DbType.String, userId);
return(dba.execNonQuery(cmd) != 0);
}
public static void deleteUserRole(string userId, string roleId)
{
DatabaseAdmin dba = SecuritySettings.getDBA();
DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.deleteUserRoleSQL);
dba.addInParameter(cmd, "@roleId", DbType.String, roleId);
dba.addInParameter(cmd, "@userId", DbType.String, userId);
dba.execNonQuery(cmd);
}
public void executeCommandSchema(CommandSchema commandSchema, ListDataRow row, Dictionary <string, string> realParams, bool refresh = false)
{
using (TransactionScope ts = new TransactionScope())
{
DbCommand cmd = getCommand(commandSchema);
setCommandParamValue(cmd, realParams, row);
if (refresh)
{
DataSet ds = dbAdmin.executeDateSet(cmd);
refreshRow(ds, row);
}
else
{
dbAdmin.execNonQuery(cmd);
}
ts.Complete();
}
}
/// <summary>
/// 设置角色的对象权限
/// </summary>
/// <param name="roleId"></param>
/// <param name="objectId"></param>
/// <param name="permission"></param>
public static void setPermission(string roleId, string objectId, PermissionTypes permission)
{
PermissionTypes oldPerm = getRoleObjectPermission(roleId, objectId);
oldPerm = oldPerm | permission;
DatabaseAdmin dba = SecuritySettings.getDBA();
DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.SetRoleObjectPermissionSql);
dba.addInParameter(cmd, "@roleId", DbType.String, roleId);
dba.addInParameter(cmd, "@objectId", DbType.String, objectId);
dba.addInParameter(cmd, "@permission", DbType.Int32, oldPerm);
dba.execNonQuery(cmd);
//for(PermissionTypes
}
public void appendUserRole(string userId, string roleId)
{
DatabaseAdmin dba = SecuritySettings.getDBA();
DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.CheckUserRolesSQl);
dba.addInParameter(cmd, "@roleId", DbType.String, roleId);
dba.addInParameter(cmd, "@userId", DbType.String, userId);
object c = dba.executeScalar(cmd);
if ((int)c < 1)
{
cmd = dba.getSqlStringCommand(SecurityDataScripts.AppendUserRolesSQl);
dba.addInParameter(cmd, "@roleId", DbType.String, roleId);
dba.addInParameter(cmd, "@userId", DbType.String, userId);
}
dba.execNonQuery(cmd);
}
public bool repassword(string password1, string password2)
{
if (!Security.IsLogin)
{
throw new XUserException("请先登录");
}
if (password1.Equals(password2))
{
throw new XUserException("两次输入的密码不一致");
}
DatabaseAdmin dba = SecuritySettings.getDBA();
DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.InsertUserSql);
dba.addInParameter(cmd, "@Id", DbType.String, Security.user.Id);
return(dba.execNonQuery(cmd) != 0);
}
public bool addUser(User user)
{
if (String.IsNullOrEmpty(user.Id) || !(UserInfoExpress.isEmail(user.Id) ||
UserInfoExpress.isMobile(user.Id)))
{
throw new XUserException("新用户注册,必须填写手机号或电子邮件!");
}
if (existsUser(user.Id))
{
throw new XUserException("新用户注册,用户" + user.Id + "已经被别人使用!");
}
user.Password = Crypto.Encrypt(user.Password);
if (UserInfoExpress.isEmail(user.Id) && string.IsNullOrEmpty(user.Email))
{
user.Email = user.Id;
}
if (UserInfoExpress.isMobile(user.Id) && string.IsNullOrEmpty(user.Mobile))
{
user.Mobile = user.Id;
}
DatabaseAdmin dba = SecuritySettings.getDBA();
DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.InsertUserSql);
dba.addInParameter(cmd, "@Id", DbType.String, user.Id);
dba.addInParameter(cmd, "@DisplayName", DbType.String, user.DisplayName);
dba.addInParameter(cmd, "@Password", DbType.String, user.Password);
dba.addInParameter(cmd, "@create_date", DbType.DateTime, DateTime.Now);
dba.addInParameter(cmd, "@IsDisable", DbType.Boolean, user.IsDisable);
dba.addInParameter(cmd, "@IsActive", DbType.Boolean, user.IsActive);
dba.addInParameter(cmd, "@Email", DbType.AnsiString, user.Email);
dba.addInParameter(cmd, "@Mobile", DbType.AnsiString, user.Mobile);
dba.addInParameter(cmd, "@GroupId", DbType.AnsiString, user.GroupId);
bool ret = dba.execNonQuery(cmd) != 0;
if (!ret)
{
throw new XUserException("用户添加失败");
}
return(ret);
}
/// <summary>
/// 用权限类型设置角色的对象权限
/// </summary>
/// <param name="roleId">角色ID</param>
/// <param name="objectId">对象ID</param>
/// <param name="type">权限类型字符串:None/Read/Write/Execute/DoAll</param>
/// <param name="enable"></param>
public static void setPermission(string roleId, string objectId, string type, bool enable)
{
PermissionTypes permission = (PermissionTypes)Enum.Parse(typeof(PermissionTypes), type);
PermissionTypes oldPerm = getRoleObjectPermission(roleId, objectId);
oldPerm = oldPerm | permission;
if (!enable)
{
oldPerm = oldPerm ^ permission;
}
DatabaseAdmin dba = SecuritySettings.getDBA();
DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.SetRoleObjectPermissionSql);
dba.addInParameter(cmd, "@roleId", DbType.String, roleId);
dba.addInParameter(cmd, "@objectId", DbType.String, objectId);
dba.addInParameter(cmd, "@permission", DbType.Int32, oldPerm);
dba.execNonQuery(cmd);
}
public bool addRole(Role role)
{
if (existsRole(role.Id))
{
throw new XUserException("角色" + role.Id + "已经存在");
}
DatabaseAdmin dba = SecuritySettings.getDBA();
DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.InsertRoleSql);
dba.addInParameter(cmd, "@Id", DbType.String, role.Id);
dba.addInParameter(cmd, "@DisplayName", DbType.String, role.DisplayName);
dba.addInParameter(cmd, "@Remark", DbType.String, role.Remark);
bool ret = dba.execNonQuery(cmd) != 0;
if (!ret)
{
throw new XUserException("角色添加失败");
}
return(ret);
}
public bool appendRoles(UserRoleIds userRoleIds)
{
string userId = userRoleIds.UserId;
DatabaseAdmin dba = SecuritySettings.getDBA();
for (int i = 0; i < userRoleIds.RoleIds.Count; i++)
{
DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.CheckUserRolesSQl);
string roleId = userRoleIds.RoleIds[i];
dba.addInParameter(cmd, "@roleId", DbType.String, roleId);
dba.addInParameter(cmd, "@userId", DbType.String, userId);
object c = dba.executeScalar(cmd);
if ((int)c < 1)
{
cmd = dba.getSqlStringCommand(SecurityDataScripts.AppendUserRolesSQl);
dba.addInParameter(cmd, "@roleId", DbType.String, roleId);
dba.addInParameter(cmd, "@userId", DbType.String, userId);
}
dba.execNonQuery(cmd);
}
return(true);
}