/// <summary>
/// 获得用户sourceID在角色roleID委派中的被委派对象的显示名称
/// </summary>
/// <param name="xmlDoc"></param>
protected void GetRoleDelegationUser(XmlDocument xmlDoc)
{
using (DbContext context = DbContext.GetContext(AppResource.ConnAlias))
{
string strSourceID = xmlDoc.DocumentElement.GetAttribute("sourceID");
string strRoleID = xmlDoc.DocumentElement.GetAttribute("roleID");
string strSQL = "SELECT TARGET_ID, START_TIME, END_TIME FROM DELEGATIONS WHERE SOURCE_ID = "
+ TSqlBuilder.Instance.CheckQuotationMark(strSourceID, true)
+ " AND ROLE_ID = " + TSqlBuilder.Instance.CheckQuotationMark(strRoleID, true);
DataSet ds = InnerCommon.ExecuteDataset(strSQL);
_XmlResult = InnerCommon.GetXmlDoc(ds);
string strTargetID = string.Empty;
if (ds.Tables[0].Rows.Count != 0)
{
strTargetID = ds.Tables[0].Rows[0]["TARGET_ID"].ToString();
}
if (strTargetID != string.Empty)
{
ds = OGUReader.GetObjectsDetail("USERS", strTargetID,
SearchObjectColumn.SEARCH_GUID, string.Empty, SearchObjectColumn.SEARCH_NULL);
string strDisplayName = ds.Tables[0].Rows[0]["DISPLAY_NAME"].ToString();
XmlHelper.AppendNode <string>(_XmlResult.DocumentElement.SelectSingleNode("DELEGATIONS"),
"TARGET_DISPLAYNAME", strDisplayName);
}
}
}
/// <summary>
/// 查询某功能与所有角色的对应关系
/// </summary>
private void DoQueryFuncToRole()
{
XmlElement root = _XmlRequest.DocumentElement;
string strAppID = root.GetAttribute("app_id");
string strFuncID = root.GetAttribute("func_id");
string strSQL = @"SELECT ID,APP_ID,NAME,CODE_NAME,DESCRIPTION,CLASSIFY,SORT_ID,INHERITED,ALLOW_DELEGATE,{1} AS FUNC_ID
FROM ROLES
WHERE APP_ID = {0}
AND ID IN (SELECT ROLE_ID AS ID FROM ROLE_TO_FUNCTIONS WHERE FUNC_ID = {1})
AND CLASSIFY = (SELECT CLASSIFY FROM FUNCTIONS WHERE ID = {1})
union all
SELECT ID,APP_ID,NAME,CODE_NAME,DESCRIPTION,CLASSIFY,SORT_ID,INHERITED,ALLOW_DELEGATE,'' AS FUNC_ID
FROM ROLES
WHERE APP_ID = {0}
AND ID NOT IN
(SELECT ROLE_ID AS ID FROM ROLE_TO_FUNCTIONS WHERE FUNC_ID = {1})
AND CLASSIFY = (SELECT CLASSIFY FROM FUNCTIONS WHERE ID = {1})
ORDER BY SORT_ID" ;
strSQL = string.Format(strSQL,
TSqlBuilder.Instance.CheckQuotationMark(strAppID, true),
TSqlBuilder.Instance.CheckQuotationMark(strFuncID, true));
#if DEBUG
Debug.WriteLine(strSQL.ToString());
#endif
_XmlResult = InnerCommon.GetXmlDoc(InnerCommon.ExecuteDataset(strSQL));
}
private void DoQueryExpScope()
{
XmlElement root = _XmlRequest.DocumentElement;
string strAppID = TSqlBuilder.Instance.CheckQuotationMark(root.GetAttribute("app_id"), true);
string strExpID = TSqlBuilder.Instance.CheckQuotationMark(root.GetAttribute("exp_id"), true);
string strSQL = @"SELECT SCOPE_ID INTO #SCOPE_IDS
FROM EXP_TO_SCOPES
WHERE EXP_ID = {1}
SELECT * , {1} AS EXP_ID
FROM SCOPES
WHERE APP_ID = {0}
AND ID IN (SELECT * FROM #SCOPE_IDS)
UNION ALL
SELECT * , '' AS EXP_ID
FROM SCOPES
WHERE APP_ID = {0}
AND ID NOT IN (SELECT * FROM #SCOPE_IDS)
ORDER BY EXP_ID DESC, DESCRIPTION " ;
strSQL = string.Format(strSQL, strAppID, strExpID);
_XmlResult = InnerCommon.GetXmlDoc(InnerCommon.ExecuteDataset(strSQL));
}
protected void DoQueryObj()
{
XmlElement root = _XmlRequest.DocumentElement;
string strTable = root.GetAttribute("type");
string strAppID = root.GetAttribute("app_id");
string strObjID = root.GetAttribute("id");
string strAnd;
if (strTable == "APPLICATIONS")
{
strAnd = string.Empty;
}
else
{
strAnd = string.Format(" AND APP_ID = {0}", TSqlBuilder.Instance.CheckQuotationMark(strAppID, true));
}
string strSQL = @"SELECT *
FROM {0}
WHERE ID = {1}
{2}" ;
strSQL = string.Format(strSQL, strTable, TSqlBuilder.Instance.CheckQuotationMark(strObjID, true), strAnd);
_XmlResult = InnerCommon.GetXmlDoc(InnerCommon.ExecuteDataset(strSQL));
}
private void AddSidelineObjects(string strOrgGuid)
{
string strObjGuid = (string)GetRequestData("objGuid", string.Empty);
DataSet ds, orgDs;
DataRow row;
ds = OGUReader.GetObjectsDetail("USERS",
strObjGuid,
SearchObjectColumn.SEARCH_USER_GUID,
strOrgGuid,
SearchObjectColumn.SEARCH_GUID);
ExceptionHelper.TrueThrow((ds == null) || (ds.Tables.Count == 0) || (ds.Tables[0].Rows.Count == 0),
"对不起,系统中没有找到指定的对象!");
row = ds.Tables[0].Rows[0];
string strSParentGuid = (string)GetRequestData("SParentGuid", string.Empty);
orgDs = OGUReader.GetObjectsDetail("ORGANIZATIONS",
strSParentGuid,
SearchObjectColumn.SEARCH_GUID,
string.Empty,
SearchObjectColumn.SEARCH_NULL);
parentAllPathName.Value = OGUCommonDefine.DBValueToString(orgDs.Tables[0].Rows[0]["ALL_PATH_NAME"]);
row["ALL_PATH_NAME"] = parentAllPathName.Value + "\\" + OGUCommonDefine.DBValueToString(row["OBJ_NAME"]);
row["SIDELINE"] = 1;
row["CREATE_TIME"] = row["END_TIME"] = row["START_TIME"] = row["RANK_NAME"] = DBNull.Value;
userData.Value = InnerCommon.GetXmlDoc(ds).OuterXml;
}
private void DoQueryFuncSetToFunc()
{
XmlElement root = _XmlRequest.DocumentElement;
string strAppID = TSqlBuilder.Instance.CheckQuotationMark(root.GetAttribute("app_id"), true);
string strFuncSetID = TSqlBuilder.Instance.CheckQuotationMark(root.GetAttribute("func_set_id"), true);
string strSQL = @"SELECT FUNC_ID INTO #FUNC_IDS
FROM FUNC_SET_TO_FUNCS
WHERE FUNC_SET_ID = {0};
SELECT FUNC_ID INTO #FUNC_IDS2 FROM FUNC_SET_TO_FUNCS
WHERE FUNC_ID IN (SELECT ID FROM FUNCTIONS WHERE APP_ID = {1});
SELECT *, 0 AS TYPE, {0} AS FUNC_SET_ID FROM FUNCTIONS
WHERE ID IN (SELECT * FROM #FUNC_IDS)
AND APP_ID = {1}
AND CLASSIFY = (SELECT CLASSIFY FROM FUNCTION_SETS WHERE ID = {0})
UNION ALL
SELECT *, 0 AS TYPE, '' AS FUNC_SET_ID FROM FUNCTIONS
WHERE ID NOT IN (SELECT * FROM #FUNC_IDS2)
AND APP_ID = {1}
AND CLASSIFY = (SELECT CLASSIFY FROM FUNCTION_SETS WHERE ID = {0})
ORDER BY FUNC_SET_ID DESC, SORT_ID" ;
strSQL = string.Format(strSQL, strFuncSetID, strAppID);
_XmlResult = InnerCommon.GetXmlDoc(InnerCommon.ExecuteDataset(strSQL));
}
/// <summary>
/// 查询应用(app_id)中包含用户(UserID)的所有角色
/// </summary>
/// <param name="xmlDoc"></param>
/// <remarks>
/// <code>
/// <getAppDelegationRoles logonName="userLogonName" appID="app_id" appCodeName="app_code_name"></getAppDelegationRoles>
/// </code>
/// </remarks>
protected void GetAppDelegationRoles(XmlDocument xmlDoc)
{
string strLogonName = xmlDoc.DocumentElement.GetAttribute("logonName");
string strAppCodeName = xmlDoc.DocumentElement.GetAttribute("appCodeName");
DataSet ds = SecurityCheck.GetUserAllowDelegteRoles(strLogonName, strAppCodeName,
UserValueType.LogonName, RightMaskType.All);
_XmlResult = InnerCommon.GetXmlDoc(ds);
}
protected void Page_Load(object sender, System.EventArgs e)
{
// 在此处放置用户代码以初始化页面
string sortID = GetRequestData("sortID", "0").ToString();
string strSql = @"SELECT * FROM SYS_USER_LOGON WHERE ID = " + TSqlBuilder.Instance.CheckQuotationMark(sortID, true);
XmlDocument doc = InnerCommon.GetXmlDoc(InnerCommon.ExecuteDataset(strSql));
SetControlValue(doc.DocumentElement.FirstChild);
}
/// <summary>
/// 查询某应用下的所有服务范围
/// </summary>
private void DoQueryAppScope()
{
XmlElement root = _XmlRequest.DocumentElement;
string strAppID = root.GetAttribute("app_id");
string strSQL = "SELECT ID,APP_ID,NAME,CODE_NAME, EXPRESSION,DESCRIPTION,CLASSIFY,SORT_ID,INHERITED "
+ " FROM SCOPES "
+ " WHERE APP_ID = " + TSqlBuilder.Instance.CheckQuotationMark(strAppID, true)
+ " ORDER BY DESCRIPTION";
_XmlResult = InnerCommon.GetXmlDoc(InnerCommon.ExecuteDataset(strSQL));
}
/// <summary>
/// 查询角色、功能或功能集合的信息
/// </summary>
/// <param name="xmlDoc"></param>
protected void GetObjInfo(XmlDocument xmlDoc)
{
XmlElement root = xmlDoc.DocumentElement;
string strTableName = root.GetAttribute("type");
string strID = root.GetAttribute("id");
string strSQL = "SELECT * FROM " + TSqlBuilder.Instance.CheckQuotationMark(strTableName, false)
+ " WHERE ID = " + TSqlBuilder.Instance.CheckQuotationMark(strID, true);
DataSet ds = InnerCommon.ExecuteDataset(strSQL);
_XmlResult = InnerCommon.GetXmlDoc(ds);
}
private void DoQueryRoleToExp()
{
using (DbContext context = DbContext.GetContext(AppResource.ConnAlias))
{
XmlElement root = _XmlRequest.DocumentElement;
string strAppID = root.GetAttribute("app_id");
string strRoleID = root.GetAttribute("role_id");
//string strSQL = "SELECT ID, ROLE_ID, NAME, EXPRESSION, DESCRIPTION, SORT_ID, INHERITED, CLASSIFY "
// + " FROM EXPRESSIONS "
// + " WHERE ROLE_ID = " + TSqlBuilder.Instance.CheckQuotationMark(strRoleID)
// + " ORDER BY CLASSIFY DESC, DESCRIPTION, SORT_ID";
string strSQL = string.Format("SELECT CODE_NAME FROM APPLICATIONS WHERE ID = {0}; SELECT CODE_NAME FROM ROLES WHERE ID={1}",
TSqlBuilder.Instance.CheckQuotationMark(strAppID, true), TSqlBuilder.Instance.CheckQuotationMark(strRoleID, true));
DataSet ds = InnerCommon.ExecuteDataset(strSQL);
string strAppCodeName = string.Empty;
string strRoleCodeName = string.Empty;
if (ds.Tables[0].Rows.Count > 0)
{
strAppCodeName = ds.Tables[0].Rows[0]["CODE_NAME"].ToString();
}
if (ds.Tables[1].Rows.Count > 0)
{
strRoleCodeName = ds.Tables[1].Rows[0]["CODE_NAME"].ToString();
}
//如果不是总管理员,则得到机构管理范围
string strOrgRoot = string.Empty;
if (false == SecurityCheck.IsAdminUser(LogOnUserInfo.UserLogOnName))
{
ds = SecurityCheck.GetUserFunctionsScopes(LogOnUserInfo.UserLogOnName, strAppCodeName, "ADD_OBJECT_FUNC,DELETE_OBJECT_FUNC,MODIFY_OBJECT_FUNC");
for (int i = 0; i < ds.Tables[0].Rows.Count; i++)
{
if (strOrgRoot == string.Empty)
{
strOrgRoot += ds.Tables[0].Rows[i]["DESCRIPTION"].ToString();
}
else
{
strOrgRoot += "," + ds.Tables[0].Rows[i]["DESCRIPTION"].ToString();
}
}
if (strOrgRoot == string.Empty)
{
strOrgRoot = "NoOrgRoot";
}
}
ds = SecurityCheck.GetChildrenInRoles(strOrgRoot, strAppCodeName, strRoleCodeName, false, false, false);
_XmlResult = InnerCommon.GetXmlDoc(ds);
}
}
/// <summary>
/// 查询某应用下某类型的所有角色
/// </summary>
private void DoQueryRole()
{
XmlElement root = _XmlRequest.DocumentElement;
string strAppID = root.GetAttribute("app_id");
string strClassify = root.GetAttribute("classify");
string strSQL = "SELECT ID,APP_ID,NAME,CODE_NAME,DESCRIPTION,CLASSIFY,SORT_ID,INHERITED,ALLOW_DELEGATE "
+ " FROM ROLES WHERE APP_ID = " + TSqlBuilder.Instance.CheckQuotationMark(strAppID, true)
+ " AND CLASSIFY = " + TSqlBuilder.Instance.CheckQuotationMark(strClassify, true)
+ " ORDER BY SORT_ID";
_XmlResult = InnerCommon.GetXmlDoc(InnerCommon.ExecuteDataset(strSQL));
}
/// <summary>
/// 查询userID在应用的角色中存在的所有应用
/// </summary>
/// <param name="xmlDoc"></param>
/// <remarks>
/// <code>
/// <getDelegationApps logonName="userlogonname" idType="logonName" appID="application_id"></getDelegationApps>
/// </code>
/// </remarks>
protected void GetDelegationApplications(XmlDocument xmlDoc)
{
string strLogonName = xmlDoc.DocumentElement.GetAttribute("logonName");
DataSet ds = SecurityCheck.GetUserApplicationsForDelegation(strLogonName, UserValueType.LogonName, RightMaskType.All);
_XmlResult = InnerCommon.GetXmlDoc(ds);
ds = OGUReader.GetObjectsDetail("USERS", strLogonName, SearchObjectColumn.SEARCH_LOGON_NAME,
string.Empty, SearchObjectColumn.SEARCH_NULL);
string strDisplayName = ds.Tables[0].Rows[0]["DISPLAY_NAME"].ToString();
_XmlResult.DocumentElement.SetAttribute("displayName", strDisplayName);
}
protected void Page_Load(object sender, System.EventArgs e)
{
// 在此处放置用户代码以初始化页面
Response.Cache.SetNoStore();
secFrm.Value = Request.QueryString["secFrm"];
string strSql = @"SELECT DISTINCT DISPLAYNAME
FROM APP_LOG_TYPE
WHERE VISIBLE = 'y'
AND CODE_NAME <> 'appall'
ORDER BY DISPLAYNAME" ;
HiddenXml.DocumentContent = InnerCommon.GetXmlDoc(InnerCommon.ExecuteDataset(strSql)).DocumentElement.OuterXml;
}
protected void Page_Load(object sender, System.EventArgs e)
{
Response.Cache.SetNoStore();
string strParentGuid = (string)GetRequestData("parentGuid", string.Empty).ToString();
string strOPType = (string)GetRequestData("opType", string.Empty);
ExceptionHelper.TrueThrow(strOPType == string.Empty, "对不起,系统传输数据缺少“opType”!");
if (false == IsPostBack)
{
using (DbContext context = DbContext.GetContext(AccreditResource.ConnAlias))
{
InitPageObject();
switch (strOPType)
{
case "Update":
string strObjGuid = (string)GetRequestData("objGuid", string.Empty);
ExceptionHelper.TrueThrow(string.IsNullOrEmpty(strObjGuid), "对不起,系统传输数据缺少“objGuid”!");
DataSet ds = OGUReader.GetObjectsDetail("ORGANIZATIONS",
strObjGuid,
SearchObjectColumn.SEARCH_GUID,
strParentGuid,
SearchObjectColumn.SEARCH_GUID);
ExceptionHelper.TrueThrow((ds == null) || (ds.Tables.Count == 0) || (ds.Tables[0].Rows.Count == 0),
"对不起,系统中没有找到指定的对象!");
organizationData.Value = InnerCommon.GetXmlDoc(ds).OuterXml;
string strAllPathName = OGUCommonDefine.DBValueToString(ds.Tables[0].Rows[0]["ALL_PATH_NAME"]);
if (strAllPathName.LastIndexOf("\\") >= 0)
{
parentAllPathName.Value = strAllPathName.Substring(0, strAllPathName.LastIndexOf("\\"));
}
break;
case "Insert":
string strSql = "SELECT ALL_PATH_NAME FROM ORGANIZATIONS WHERE GUID = "
+ TSqlBuilder.Instance.CheckQuotationMark(strParentGuid, true);
parentAllPathName.Value = InnerCommon.ExecuteScalar(strSql).ToString();
break;
default: ExceptionHelper.TrueThrow(true, "对不起,系统传输数据“opType”不正确!");
break;
}
}
CheckPermission(strOPType);
}
}
protected void Page_Load(object sender, System.EventArgs e)
{
// 在此处放置用户代码以初始化页面
string sortID = GetRequestData("sortID", "0").ToString();
string strSql = @"SELECT UOL.*, ALT.DISPLAYNAME AS APP_DISPLAYNAME, AOT.DISPLAYNAME AS OP_DISPLAYNAME
FROM USER_OPEATION_LOG UOL, APP_LOG_TYPE ALT, APP_OPERATION_TYPE AOT
WHERE ALT.GUID = AOT.APP_GUID
AND UOL.APP_GUID = ALT.GUID
AND UOL.OP_GUID = AOT.GUID
AND UOL.ID = " + TSqlBuilder.Instance.CheckQuotationMark(sortID, true);
XmlDocument doc = InnerCommon.GetXmlDoc(InnerCommon.ExecuteDataset(strSql));
SetControlValue(doc.DocumentElement.FirstChild);
}
/// <summary>
/// 查询某应用下某种类型的所有功能
/// </summary>
private void DoQueryFunction()
{
XmlElement root = _XmlRequest.DocumentElement;
string strAppID = root.GetAttribute("app_id");
string strClassify = root.GetAttribute("classify");
string strFuncSetID = root.GetAttribute("parent_id");
string strSQL = string.Empty;
if (strFuncSetID == string.Empty)
{
strSQL = "SELECT ID,APP_ID,NAME,CODE_NAME,DESCRIPTION,SORT_ID,CHILDREN_COUNT,RESOURCE_LEVEL,LOWEST_SET,INHERITED,CLASSIFY,1 AS TYPE "
+ " FROM FUNCTION_SETS "
+ " WHERE APP_ID = " + TSqlBuilder.Instance.CheckQuotationMark(strAppID, true)
+ " AND CLASSIFY = " + TSqlBuilder.Instance.CheckQuotationMark(strClassify, true)
+ " AND LEN(RESOURCE_LEVEL) = 3";
strSQL += " union all SELECT ID,APP_ID,NAME,CODE_NAME,DESCRIPTION,SORT_ID,0 AS CHILDREN_COUNT,'' AS RESOURCE_LEVEL,'' "
+ "AS LOWEST_SET,INHERITED,CLASSIFY,0 AS TYPE"
+ " FROM FUNCTIONS "
+ " WHERE APP_ID = " + TSqlBuilder.Instance.CheckQuotationMark(strAppID, true)
+ " AND CLASSIFY = " + TSqlBuilder.Instance.CheckQuotationMark(strClassify, true)
+ " AND ID NOT IN (SELECT FUNC_ID AS ID FROM FUNC_SET_TO_FUNCS)"
+ " ORDER BY TYPE DESC, SORT_ID";
}
else
{
strSQL = "SELECT ID,APP_ID,NAME,CODE_NAME,DESCRIPTION,SORT_ID,CHILDREN_COUNT,RESOURCE_LEVEL,LOWEST_SET,INHERITED,CLASSIFY,1 AS TYPE "
+ " FROM FUNCTION_SETS "
+ " WHERE APP_ID = " + TSqlBuilder.Instance.CheckQuotationMark(strAppID, true)
+ " AND CLASSIFY = " + TSqlBuilder.Instance.CheckQuotationMark(strClassify, true)
+ " AND LEN(RESOURCE_LEVEL) = LEN((SELECT RESOURCE_LEVEL FROM FUNCTION_SETS WHERE ID = "
+ TSqlBuilder.Instance.CheckQuotationMark(strFuncSetID, true) + ")) + 3"
+ " AND RESOURCE_LEVEL LIKE (SELECT RESOURCE_LEVEL FROM FUNCTION_SETS WHERE ID = "
+ TSqlBuilder.Instance.CheckQuotationMark(strFuncSetID, true) + ") + '%'";
strSQL += " union all SELECT ID,APP_ID,NAME,CODE_NAME,DESCRIPTION,SORT_ID,0 AS CHILDREN_COUNT,'' AS RESOURCE_LEVEL,'' AS LOWEST_SET,INHERITED,CLASSIFY,0 AS TYPE "
+ " FROM FUNCTIONS "
+ " WHERE APP_ID = " + TSqlBuilder.Instance.CheckQuotationMark(strAppID, true)
+ " AND CLASSIFY = " + TSqlBuilder.Instance.CheckQuotationMark(strClassify, true)
+ " AND ID IN (SELECT FUNC_ID AS ID FROM FUNC_SET_TO_FUNCS WHERE FUNC_SET_ID = " + TSqlBuilder.Instance.CheckQuotationMark(strFuncSetID, true) + ")"
+ " ORDER BY SORT_ID;";
}
_XmlResult = InnerCommon.GetXmlDoc(InnerCommon.ExecuteDataset(strSQL));
}
private void UpdateObjects(string strOrgGuid)
{
string strObjGuid = (string)GetRequestData("objGuid", string.Empty);
DataSet ds = OGUReader.GetObjectsDetail("USERS",
strObjGuid,
SearchObjectColumn.SEARCH_USER_GUID,
strOrgGuid,
SearchObjectColumn.SEARCH_GUID);
ExceptionHelper.TrueThrow((ds == null) || (ds.Tables.Count == 0) || (ds.Tables[0].Rows.Count == 0),
"对不起,系统中没有找到指定的对象!");
userData.Value = InnerCommon.GetXmlDoc(ds).OuterXml;
string strAllPathName = OGUCommonDefine.DBValueToString(ds.Tables[0].Rows[0]["ALL_PATH_NAME"]);
if (strAllPathName.LastIndexOf("\\") >= 0)
{
parentAllPathName.Value = strAllPathName.Substring(0, strAllPathName.LastIndexOf("\\"));
}
}
private void DoQueryFuncSetToRole()
{
XmlElement root = _XmlRequest.DocumentElement;
string strAppID = root.GetAttribute("app_id");
string strFuncSetID = root.GetAttribute("func_set_id");
string strSQL = @"SELECT FUNC_ID INTO #FUNC_IDS
FROM FUNC_SET_TO_FUNCS
WHERE FUNC_SET_ID IN(
SELECT ID FROM FUNCTION_SETS
WHERE APP_ID = {0}
AND RESOURCE_LEVEL LIKE (SELECT RESOURCE_LEVEL FROM FUNCTION_SETS WHERE ID = {1} ) + '%'
AND CLASSIFY = (SELECT CLASSIFY FROM FUNCTION_SETS WHERE ID = {1}));
SELECT ID INTO #ROLE_IDS
FROM ROLES
WHERE APP_ID = {0}
AND (SELECT COUNT(DISTINCT FUNC_ID) FROM ROLE_TO_FUNCTIONS WHERE ROLE_TO_FUNCTIONS.ROLE_ID = ROLES.ID AND FUNC_ID IN (SELECT * FROM #FUNC_IDS)) = (SELECT COUNT(*) FROM #FUNC_IDS)
AND (SELECT COUNT(*) FROM #FUNC_IDS) > 0;
SELECT ID,APP_ID,NAME,CODE_NAME,DESCRIPTION,CLASSIFY,SORT_ID,INHERITED,ALLOW_DELEGATE, {1} AS FUNC_ID FROM ROLES
WHERE ID IN (SELECT * FROM #ROLE_IDS)
AND APP_ID = {0}
AND CLASSIFY = ( SELECT CLASSIFY FROM FUNCTION_SETS WHERE ID = {1} )
UNION ALL
SELECT ID,APP_ID,NAME,CODE_NAME,DESCRIPTION,CLASSIFY,SORT_ID,INHERITED,ALLOW_DELEGATE,'' AS FUNC_ID FROM ROLES
WHERE ID NOT IN (SELECT * FROM #ROLE_IDS)
AND APP_ID = {0}
AND CLASSIFY = ( SELECT CLASSIFY FROM FUNCTION_SETS WHERE ID = {1} )
ORDER BY SORT_ID;
SELECT * FROM FUNCTIONS WHERE ID IN (SELECT * FROM #FUNC_IDS)" ;
strSQL = string.Format(strSQL, TSqlBuilder.Instance.CheckQuotationMark(strAppID, true), TSqlBuilder.Instance.CheckQuotationMark(strFuncSetID, true));
#if DEBUG
Debug.Write(strSQL.ToString());
#endif
_XmlResult = InnerCommon.GetXmlDoc(InnerCommon.ExecuteDataset(strSQL));
}
/// <summary>
/// 查询某角色与所有功能的对应关系
/// </summary>
private void DoQueryRoleToFunc()
{
XmlElement root = _XmlRequest.DocumentElement;
string strAppID = root.GetAttribute("app_id");
string strRoleID = root.GetAttribute("role_id");
string strSQL = "SELECT ID,APP_ID,NAME,CODE_NAME,DESCRIPTION,CLASSIFY,SORT_ID,INHERITED,"
+ TSqlBuilder.Instance.CheckQuotationMark(strRoleID, true) + " AS ROLE_ID "
+ " FROM FUNCTIONS "
+ " WHERE APP_ID = " + TSqlBuilder.Instance.CheckQuotationMark(strAppID, true)
+ " AND ID IN (SELECT FUNC_ID AS ID FROM ROLE_TO_FUNCTIONS WHERE ROLE_ID = "
+ TSqlBuilder.Instance.CheckQuotationMark(strRoleID, true)
+ ")";
strSQL += " union all SELECT ID,APP_ID,NAME,CODE_NAME,DESCRIPTION,CLASSIFY,SORT_ID,INHERITED,'' AS ROLE_ID "
+ " FROM FUNCTIONS "
+ " WHERE APP_ID = " + TSqlBuilder.Instance.CheckQuotationMark(strAppID, true)
+ " AND ID NOT IN (SELECT FUNC_ID AS ID FROM ROLE_TO_FUNCTIONS WHERE ROLE_ID = "
+ TSqlBuilder.Instance.CheckQuotationMark(strRoleID, true)
+ ")"
+ " ORDER BY SORT_ID";
_XmlResult = InnerCommon.GetXmlDoc(InnerCommon.ExecuteDataset(strSQL));
}
//查询当前用户有权限的应用
private void DoQueryApplication()
{
using (DbContext context = DbContext.GetContext(AppResource.ConnAlias))
{
ExceptionHelper.TrueThrow(this.LogOnUserInfo == null, "没有登录者信息");
//********************
//查询权限确定应用范围
//********************
XmlElement root = _XmlRequest.DocumentElement;
string strParentID = root.GetAttribute("parent_id");
string strSQL = string.Empty;
bool bAdminUser = SecurityCheck.IsAdminUser(LogOnUserInfo.UserLogOnName);
string strAppLevels = string.Empty;
if (false == bAdminUser)
{
#region 得到父应用的resource_level
strSQL = string.Format("SELECT RESOURCE_LEVEL FROM APPLICATIONS WHERE ID = {0}",
TSqlBuilder.Instance.CheckQuotationMark(strParentID, true));
string strParentLevel = string.Empty;
object obj = InnerCommon.ExecuteScalar(strSQL);
if (obj != null)
{
strParentLevel = obj.ToString();
}
string strTemp = string.Empty;
DataTable userApps = SecurityCheck.GetUserApplications(LogOnUserInfo.UserLogOnName,
UserValueType.LogonName, RightMaskType.Self).Tables[0];
for (int i = 0; i < userApps.Rows.Count; i++)
{
strTemp = userApps.Rows[i]["RESOURCE_LEVEL"].ToString();
if (strTemp.Length >= strParentLevel.Length + 3 &&
strTemp.Substring(0, strParentLevel.Length) == strParentLevel)
{
if (strAppLevels == string.Empty)
{
strAppLevels += strTemp.Substring(0, strParentLevel.Length + 3);
}
else
{
strAppLevels += "," + strTemp.Substring(0, strParentLevel.Length + 3);
}
}
}
#endregion
}
#region Prepare SQL
strSQL = "SELECT ID,NAME, CODE_NAME, DESCRIPTION, SORT_ID, RESOURCE_LEVEL, CHILDREN_COUNT, ADD_SUBAPP, USE_SCOPE, INHERITED_STATE "
+ "FROM APPLICATIONS ";
if (strParentID != "")
{
strSQL += "WHERE LEFT(RESOURCE_LEVEL, LEN(RESOURCE_LEVEL)-3) = (SELECT RESOURCE_LEVEL FROM APPLICATIONS WHERE ID = "
+ TSqlBuilder.Instance.CheckQuotationMark(strParentID, true) + ") ";
}
else
{
strSQL += "WHERE LEN(RESOURCE_LEVEL) = 3 ";
}
if (strAppLevels != string.Empty)
{
strSQL += string.Format("\n AND RESOURCE_LEVEL IN ({0})", InnerCommon.AddMulitStrWithQuotationMark(strAppLevels));
}
else
if (false == bAdminUser)
{
strSQL += "\n AND (1=0)";
}
strSQL += " ORDER BY SORT_ID";
#endregion
DataSet ds = InnerCommon.ExecuteDataset(strSQL);
_XmlResult = InnerCommon.GetXmlDoc(ds);
DataTable userRoleDT = null;
DataTable appFuncDT = null;
foreach (XmlNode xNode in _XmlResult.FirstChild.ChildNodes)
{
string appCodeName = xNode.SelectSingleNode(".//CODE_NAME").InnerText;
if (false == bAdminUser)
{
if (userRoleDT == null)
{
userRoleDT = SecurityCheck.GetUserApplicationsRoles(LogOnUserInfo.UserLogOnName, UserValueType.LogonName,
RightMaskType.Self, DelegationMaskType.Original).Tables[0];
}
if (appFuncDT == null)
{
string roleIDs = "''";
foreach (DataRow row in userRoleDT.Rows)
{
roleIDs += string.Format(",'{0}'", row["ID"]);
}
strSQL = string.Format(@"SELECT A.CODE_NAME APP_CODE_NAME, F.CODE_NAME FUN_CODE_NAME
FROM ROLES R
INNER JOIN APPLICATIONS A ON R.APP_ID = A.ID
INNER JOIN ROLE_TO_FUNCTIONS RF ON R.ID = RF.ROLE_ID
INNER JOIN FUNCTIONS F ON RF.FUNC_ID = F.ID
WHERE R.ID IN ({0})" , roleIDs);
appFuncDT = InnerCommon.ExecuteDataset(strSQL).Tables[0];
}
//显示服务范围结点
if (appFuncDT.Select(string.Format("[APP_CODE_NAME]= '{0}' AND [FUN_CODE_NAME] IN ( 'ADD_SCOPE_FUNC','DELETE_SCOPE_FUNC' )", appCodeName)).Length > 0)
{
XmlHelper.AppendNode(xNode, "APP_SCOPES", "True");
}
else
{
XmlHelper.AppendNode(xNode, "APP_SCOPES", "False");
}
//显示自授权结点
if (appFuncDT.Select(string.Format("[APP_CODE_NAME]= '{0}' AND [FUN_CODE_NAME] IN ( 'SELF_MAINTAIN_FUNC' )", appCodeName)).Length > 0)
{
XmlHelper.AppendNode(xNode, "SELF_MAINTAIN_FUNC", "True");
}
else
{
XmlHelper.AppendNode(xNode, "SELF_MAINTAIN_FUNC", "False");
}
//显示应用角色结点
if (appFuncDT.Select(string.Format("[APP_CODE_NAME]= '{0}' AND [FUN_CODE_NAME] IN ( 'MODIFY_SCOPE_FUNC','ADD_ROLE_FUNC','DELETE_ROLE_FUNC','MODIFY_ROLE_FUNC','ADD_OBJECT_FUNC','DELETE_OBJECT_FUNC','MODIFY_OBJECT_FUNC' )", appCodeName)).Length > 0)
{
XmlHelper.AppendNode(xNode, "APP_ROLES", "True");
}
else
{
XmlHelper.AppendNode(xNode, "APP_ROLES", "False");
}
//显示应用功能结点
if (appFuncDT.Select(string.Format("[APP_CODE_NAME]= '{0}' AND [FUN_CODE_NAME] IN ( 'ADD_FUNCTION_FUNC','DELETE_FUNCTION_FUNC','MODIFY_FUNCTION_FUNC','RTF_MAINTAIN_FUNC' )", appCodeName)).Length > 0)
{
XmlHelper.AppendNode(xNode, "APP_FUNCTIONS", "True");
}
else
{
XmlHelper.AppendNode(xNode, "APP_FUNCTIONS", "False");
}
}
else
{
XmlHelper.AppendNode(xNode, "APP_SCOPES", "True");
XmlHelper.AppendNode(xNode, "SELF_MAINTAIN_FUNC", "True");
XmlHelper.AppendNode(xNode, "APP_ROLES", "True");
XmlHelper.AppendNode(xNode, "APP_FUNCTIONS", "True");
}
}
}
}