/// <summary> /// 解析被授权对象的表达式 /// </summary> /// <param name="strExpression">被授权对象的表达式</param> /// <param name="objType">输出参数,被授权对象的类型</param> /// <param name="objID">输出参数,被授权对象ID</param> /// <param name="objParentID">输出参数,被授权对象的父对象的ID</param> /// <param name="userAccessLevel">输出参数,被授权对象中限定的人员级别</param> public static void getObjInfo(string strExpression, out string objType, out string objID, out string objParentID, out string userAccessLevel) { ParseExpression pe = new ParseExpression(); pe.UserFunctions = new DoExpParsing(); getObjInfo(strExpression, out objType, out objID, out objParentID, out userAccessLevel, pe); }
//得到表达式中对人员所属的限定信息 private static string GetBelongTo(string strExp) { ParseExpression pe = new ParseExpression(); pe.OutputIdentifiers = true; pe.UserFunctions = (IExpParsing) new DoExpParsing(); pe.ChangeExpression(strExp); ParseIdentifier pi = GetIdentifiers(pe.Identifiers, "belongto"); if (pi == null) { return(""); } string strValue = String.Empty; //得到类别 pi = pi.SubIdentifier.NextIdentifier; strValue = pi.Identifier.ToUpper(); //得到objId pi = pi.NextIdentifier.NextIdentifier; strValue += "," + pi.Identifier; //得到parentId pi = pi.NextIdentifier.NextIdentifier; strValue += "," + pi.Identifier; return(strValue.Replace("\"", "")); }
//获得表达式中定义的人员级别限定信息 private static string GetUserRank(string strExp) { ParseExpression pe = new ParseExpression(); pe.OutputIdentifiers = true; pe.UserFunctions = (IExpParsing) new DoExpParsing(); pe.ChangeExpression(strExp); ParseIdentifier pi = GetIdentifiers(pe.Identifiers, "UserRank"); if (pi == null) { return(""); } string strValue = String.Empty; //得到限定的级别 pi = pi.SubIdentifier.NextIdentifier; strValue = pi.Identifier; //得到操作符 pi = pi.NextIdentifier.NextIdentifier; strValue = pi.Identifier + "," + strValue; return(strValue.Replace("\"", "")); }
//级别 private static bool UserRank(string strRank, string op) { ParseExpression pe = new ParseExpression(); pe.UserFunctions = (IExpParsing) new DoExpParsing(); pe.ChangeExpression("curuserrank" + op + strRank); object oValue = pe.Value(); return((bool)oValue); }
/// <summary> /// 解析被授权对象的表达式 /// </summary> /// <param name="strExpression">被授权对象的表达式</param> /// <param name="objType">输出参数,被授权对象的类型</param> /// <param name="objID">输出参数,被授权对象ID</param> /// <param name="objParentID">输出参数,被授权对象的父对象的ID</param> /// <param name="userAccessLevel">输出参数,被授权对象中限定的人员级别</param> public static void getObjInfo(string strExpression, out string objType, out string objID, out string objParentID, out string userAccessLevel) { ParseExpression pe = new ParseExpression(); pe.UserFunctions = new DoExpParsing(); getObjInfo(strExpression, out objType, out objID, out objParentID, out userAccessLevel, pe); }
/// <summary> /// 解析被授权对象的表达式 /// </summary> /// <param name="strExpression">被授权对象的表达式</param> /// <param name="objType">输出参数,被授权对象的类型</param> /// <param name="objID">输出参数,被授权对象ID</param> /// <param name="objParentID">输出参数,被授权对象的父对象的ID</param> /// <param name="userAccessLevel">输出参数,被授权对象中限定的人员级别</param> /// <param name="pe">表达式解析类</param> public static void getObjInfo(string strExpression, out string objType, out string objID, out string objParentID, out string userAccessLevel, ParseExpression pe) { objType = string.Empty; objID = string.Empty; objParentID = string.Empty; userAccessLevel = string.Empty; string strTemp; string[] strList; strTemp = string.Format("GetBelongTo({0})", DoExpParsing.AddDoubleQuotationMark(strExpression)); pe.ChangeExpression(strTemp); strList = pe.Value().ToString().Split(new char[] { ',', ';' }); if (strList.Length > 0 && strList[0] != string.Empty) objType = strList[0]; if (strList.Length > 1) objID = strList[1]; if (strList.Length > 2) objParentID = strList[2]; if (objType != "USERS") { strTemp = string.Format("GetUserRank({0})", DoExpParsing.AddDoubleQuotationMark(strExpression)); pe.ChangeExpression(strTemp); strList = pe.Value().ToString().Split(new char[] { ',', ';' }); if (strList.Length > 1) { userAccessLevel = strList[1]; } } }
//级别 private static bool UserRank(string strRank, string op) { ParseExpression pe = new ParseExpression(); pe.UserFunctions = (IExpParsing)new DoExpParsing(); pe.ChangeExpression("curuserrank" + op + strRank); object oValue = pe.Value(); return (bool)oValue; }
//得到表达式中对人员所属的限定信息 private static string GetBelongTo(string strExp) { ParseExpression pe = new ParseExpression(); pe.OutputIdentifiers = true; pe.UserFunctions = (IExpParsing)new DoExpParsing(); pe.ChangeExpression(strExp); ParseIdentifier pi = GetIdentifiers(pe.Identifiers, "belongto"); if (pi == null) return ""; string strValue = String.Empty; //得到类别 pi = pi.SubIdentifier.NextIdentifier; strValue = pi.Identifier.ToUpper(); //得到objId pi = pi.NextIdentifier.NextIdentifier; strValue += "," + pi.Identifier; //得到parentId pi = pi.NextIdentifier.NextIdentifier; strValue += "," + pi.Identifier; return strValue.Replace("\"", ""); }
//获得表达式中定义的人员级别限定信息 private static string GetUserRank(string strExp) { ParseExpression pe = new ParseExpression(); pe.OutputIdentifiers = true; pe.UserFunctions = (IExpParsing)new DoExpParsing(); pe.ChangeExpression(strExp); ParseIdentifier pi = GetIdentifiers(pe.Identifiers, "UserRank"); if (pi == null) return ""; string strValue = String.Empty; //得到限定的级别 pi = pi.SubIdentifier.NextIdentifier; strValue = pi.Identifier; //得到操作符 pi = pi.NextIdentifier.NextIdentifier; strValue = pi.Identifier + "," + strValue; return strValue.Replace("\"", ""); }
private static object DoUserFunction(string strFuncName, ParamObject[] arrParams, ParseExpression parseObj) { object oValue = null; switch (strFuncName.ToLower()) { case "organizations": case "users": case "groups": oValue = strFuncName.ToUpper(); break; //人员级别判定 case "userrank": ExceptionHelper.TrueThrow <ApplicationException>(arrParams.Length != 2, "函数" + strFuncName + "参数个数有误!"); if (arrParams.Length == 2) { //string oValue = UserRank(AddDoubleQuotationMark(arrParams[0].Value.ToString()), arrParams[1].Value.ToString()); } break; //当前人员Guid case "curuserid": oValue = "001416f3-f108-454e-9033-62b5a300e347"; break; //当前人员级别 case "curuserrank": oValue = "NAVVY_U"; break; //本关区 case "curcustomsscope": //oValue = ObjectID(arrParams[0].Value.ToString()); break; //本部门 case "curdepartscope": //oValue = CurObjetBelongTo(arrParams[0].Value.ToString()); break; //自定机构服务范围 case "userdefinescope": //oValue = CurRankLevel(); break; //人员级别名称 case "userrankname": oValue = UserRankName(arrParams[0].Value.ToString()); break; //得到表达式中对人员级别的限定信息 case "getuserrank": oValue = GetUserRank(arrParams[0].Value.ToString()); break; //属于某对象 case "belongto": oValue = true; break; //得到表达式中对人员所属的限定信息 case "getbelongto": oValue = GetBelongTo(arrParams[0].Value.ToString()); break; default: ExceptionHelper.TrueThrow <ApplicationException>(true, "不存在函数:" + strFuncName); break; } return(oValue); }
/// <summary> /// 判断是可修改的合法机构服务范围 /// </summary> /// <param name="trans"></param> /// <param name="scopeNode">要修改的服务范围-被授权对象关系的XML结点</param> /// <param name="userScopes">当前人员的机构范围</param> /// <param name="pe">表达式解析对象</param> /// <param name="scopeName">当前服务范围名称(输出参数)</param> /// <returns></returns> private bool isValidScope(XmlNode scopeNode, ArrayList userScopes, ParseExpression pe, out string scopeName) { using (DbContext context = DbContext.GetContext(AppResource.ConnAlias)) { //查当前机构服务范围的信息 scopeName = string.Empty; string scopeID = scopeNode.SelectSingleNode(".//SCOPE_ID").InnerText; string expID = scopeNode.SelectSingleNode(".//EXP_ID").InnerText; //查询被授权对象的相关信息 string strExp = string.Empty;//被授权对象表达式 string strSql = string.Format("SELECT * FROM EXPRESSIONS WHERE ID = {0}", TSqlBuilder.Instance.CheckQuotationMark(expID, true)); DataTable expDT = InnerCommon.ExecuteDataset(strSql).Tables[0]; if (expDT.Rows.Count > 0) { strExp = expDT.Rows[0]["EXPRESSION"].ToString(); } string objType; string objID; string objParentID; string userAccessLevel; DoExpParsing.getObjInfo(strExp, out objType, out objID, out objParentID, out userAccessLevel, pe); //查询机构服务范围的全路径 strSql = string.Format("SELECT * FROM SCOPES WHERE ID = {0}", TSqlBuilder.Instance.CheckQuotationMark(scopeID, true)); DataTable scopeDT = InnerCommon.ExecuteDataset(strSql).Tables[0]; string scopeExp = string.Empty; ArrayList scopePaths = new ArrayList(); if (scopeDT.Rows.Count > 0) { //如果是数据服务范围,不做判断 if (scopeDT.Rows[0]["CLASSIFY"].ToString() == "n") return true; scopePaths.Add(scopeDT.Rows[0]["DESCRIPTION"].ToString()); scopeExp = scopeDT.Rows[0]["EXPRESSION"].ToString(); scopeName = scopeDT.Rows[0]["NAME"].ToString(); #region 根据当前的被授权对象,得到本关区或本部门的全路径 if (scopeExp == "curDepartScope(curUserId)" || scopeExp == "curCustomsScope(curUserId)") { DataTable dt = null; //本部门 if (scopeExp == "curDepartScope(curUserId)") { dt = OGUReader.GetObjectParentOrgs(objType, objID, SearchObjectColumn.SEARCH_GUID, true, false, string.Empty, string.Empty).Tables[0]; } //本关区 else if (scopeExp == "curCustomsScope(curUserId)") { dt = OGUReader.GetObjectDepOrgs(objType, objID, SearchObjectColumn.SEARCH_GUID, 2, string.Empty).Tables[0]; } scopePaths.Clear(); for (int j = 0; j < dt.Rows.Count; j++) { string strs = dt.Rows[j]["ALL_PATH_NAME"].ToString(); if (strs.Length > 0) scopePaths.Add(strs); } } #endregion } #region 判断合法性 for (int i = 0; i < scopePaths.Count; i++) { for (int j = 0; j < userScopes.Count; j++) { if (scopePaths[i].ToString().IndexOf(userScopes[j].ToString()) >= 0) return true; } } #endregion #region 如果是总管理员则通过 DataTable detailDT = OGUReader.GetObjectsDetail(objID).Tables[0]; if (detailDT.Rows.Count > 0 && detailDT.Rows[0]["OBJECTCLASS"].ToString() == "USERS") { return SecurityCheck.IsAdminUser(detailDT.Rows[0]["LOGON_NAME"].ToString(), UserValueType.LogonName); } #endregion return false; } }
/// <summary> /// 解析被授权对象的表达式 /// </summary> /// <param name="strExpression">被授权对象的表达式</param> /// <param name="objType">输出参数,被授权对象的类型</param> /// <param name="objID">输出参数,被授权对象ID</param> /// <param name="objParentID">输出参数,被授权对象的父对象的ID</param> /// <param name="userAccessLevel">输出参数,被授权对象中限定的人员级别</param> /// <param name="pe">表达式解析类</param> public static void getObjInfo(string strExpression, out string objType, out string objID, out string objParentID, out string userAccessLevel, ParseExpression pe) { objType = string.Empty; objID = string.Empty; objParentID = string.Empty; userAccessLevel = string.Empty; string strTemp; string[] strList; strTemp = string.Format("GetBelongTo({0})", DoExpParsing.AddDoubleQuotationMark(strExpression)); pe.ChangeExpression(strTemp); strList = pe.Value().ToString().Split(new char[] { ',', ';' }); if (strList.Length > 0 && strList[0] != string.Empty) { objType = strList[0]; } if (strList.Length > 1) { objID = strList[1]; } if (strList.Length > 2) { objParentID = strList[2]; } if (objType != "USERS") { strTemp = string.Format("GetUserRank({0})", DoExpParsing.AddDoubleQuotationMark(strExpression)); pe.ChangeExpression(strTemp); strList = pe.Value().ToString().Split(new char[] { ',', ';' }); if (strList.Length > 1) { userAccessLevel = strList[1]; } } }
/// <summary> /// 插入被授权对象 /// </summary> /// <Insert app_code_name="ASDF" use_scope="y" role_classify="y"> /// <EXPRESSIONS ALL_PATH_NAME=\"中国海关\01海关总署\00署领导\杨国勋" OBJ_ID="5e3aa542-29c3-40b5-b4cc-617045223c22"> /// <SET> /// <EXPRESSION>BelongTo(USERS, "5e3aa542-29c3-40b5-b4cc-617045223c22", "65eb8160-f0fa-4f1c-8984-2649788fe1d0")</EXPRESSION> /// <ROLE_ID>ec16e6b8-5a94-4b9c-963c-08ace45dffd7</ROLE_ID> /// <NAME>杨国勋</NAME> /// <INHERITED>n</INHERITED> /// <CLASSIFY>0</CLASSIFY> /// </SET> /// </EXPRESSIONS> /// <EXPRESSIONS> /// <SET> /// ... /// </SET> /// </EXPRESSIONS> /// </Insert> protected void InsertExp(XmlDocument xmlDocInsert) { using (TransactionScope scope = TransactionScopeFactory.Create()) { using (DbContext context = DbContext.GetContext(AppResource.ConnAlias)) { string appCodeName = xmlDocInsert.DocumentElement.GetAttribute("app_code_name"); string roleClassify = xmlDocInsert.DocumentElement.GetAttribute("role_classify"); string strPreRoleID = string.Empty; #region 判断权限 bool hasPermi = false; if (roleClassify == "y")//自授权角色 hasPermi = SecurityCheck.DoesUserHasPermissions(LogOnUserInfo.UserLogOnName, appCodeName, "SELF_MAINTAIN_FUNC"); else if (roleClassify == "n")//应用授权角色 hasPermi = SecurityCheck.DoesUserHasPermissions(LogOnUserInfo.UserLogOnName, appCodeName, "ADD_OBJECT_FUNC"); bool defaultPermi = false;//默认权限 if (false == hasPermi) { bool adminUser = SecurityCheck.IsAdminUser(LogOnUserInfo.UserLogOnName); if (adminUser) { //总管理员,在通用授权管理系统中,增加被授权对象,总有权限 if (appCodeName == AppResource.AppCodeName) hasPermi = true; else//在其它系统中,只能加自己 { XmlNodeList expNodes = xmlDocInsert.SelectNodes(".//EXPRESSION"); for (int i = 0; i < expNodes.Count; i++) if (expNodes.Item(i).InnerText.IndexOf(LogOnUserInfo.UserGuid) >= 0) { defaultPermi = true; break; } } } } ExceptionHelper.TrueThrow<ApplicationException>(false == hasPermi && !defaultPermi, "没有相应的权限!"); #endregion ParseExpression pe = new ParseExpression(); pe.UserFunctions = (IExpParsing)(new DoExpParsing()); //可同时插入多个被授权对象 DataTable appTempDT = null; string strAppID = string.Empty; string strRoleCodeName = string.Empty; for (int i = 0; i < xmlDocInsert.FirstChild.ChildNodes.Count; i++) { XmlNode nodeSet = xmlDocInsert.FirstChild.ChildNodes[i].SelectSingleNode(".//SET"); string strExp = nodeSet.SelectSingleNode(".//EXPRESSION").InnerText; string strClassify = nodeSet.SelectSingleNode(".//CLASSIFY").InnerText; //在默认权限下,只能加自己 if (false == hasPermi && defaultPermi) if (strExp.IndexOf(LogOnUserInfo.UserGuid) < 0) continue; #region 构建Sql //get description string strDescription = xmlDocInsert.FirstChild.ChildNodes[i].Attributes["ALL_PATH_NAME"].Value; //增加description结点 XmlHelper.AppendNode(nodeSet, "DESCRIPTION", strDescription); //增加modify_time结点 string strModifyTime = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss.fff"); XmlHelper.AppendNode(nodeSet, "MODIFY_TIME", strModifyTime); //去掉role_id结点 XmlNode roleIDNode = nodeSet.SelectSingleNode(".//ROLE_ID"); string strRoleID = roleIDNode.InnerText; nodeSet.RemoveChild(roleIDNode); //去掉inherited结点 XmlNode inheritedNode = nodeSet.SelectSingleNode(".//INHERITED"); string strInherited = inheritedNode.InnerText; nodeSet.RemoveChild(inheritedNode); //得到所有的已存在的被授权对象的GUID string strSql = string.Empty; //0.如果表达式已存在,则跳过 strSql = string.Format("SELECT COUNT(*) FROM EXPRESSIONS WHERE ROLE_ID = {0} AND CLASSIFY = {1} AND EXPRESSION = {2}", TSqlBuilder.Instance.CheckQuotationMark(strRoleID, true), TSqlBuilder.Instance.CheckQuotationMark(strClassify, true), TSqlBuilder.Instance.CheckQuotationMark(strExp, true)); #endregion int iCount = (int)InnerCommon.ExecuteScalar(strSql); if (iCount != 0) continue; //1.本应用增加 InsertExpOfApplication(nodeSet, strRoleID, strInherited); //2.子应增加 //自授权的被授权对象不继承 if (roleClassify == "n") { #region 自授权的被授权对象不继承 if (strRoleID != strPreRoleID || appTempDT == null) { //get app_id, code_name of role strSql = "SELECT APP_ID, CODE_NAME FROM ROLES WHERE ID = {0}"; strSql = string.Format(strSql, TSqlBuilder.Instance.CheckQuotationMark(strRoleID, true)); DataTable DT = InnerCommon.ExecuteDataset(strSql).Tables[0]; strAppID = DT.Rows[0]["APP_ID"].ToString(); strRoleCodeName = DT.Rows[0]["CODE_NAME"].ToString(); //根据inherited_state确定继承链 Database database = DatabaseFactory.Create(context); DbCommand command = database.CreateStoredProcedureCommand("GET_INHERITED_APPLICATIONS"); database.AddInParameter(command, "APP_ID", DbType.String, strAppID); database.AddInParameter(command, "INHERITED_STATE", DbType.Int32, (int)(InheritedState.ROLES | InheritedState.OBJECT)); appTempDT = database.ExecuteDataSet(command).Tables[0]; } strPreRoleID = strRoleID; for (int j = 0; j < appTempDT.Rows.Count; j++) { string subAppID = appTempDT.Rows[j]["ID"].ToString(); //get subRoleID strSql = "SELECT ID FROM ROLES WHERE APP_ID = {0} AND CODE_NAME = {1} AND INHERITED = 'y'"; strSql = string.Format(strSql, TSqlBuilder.Instance.CheckQuotationMark(subAppID, true), TSqlBuilder.Instance.CheckQuotationMark(strRoleCodeName, true)); object obj = InnerCommon.ExecuteScalar(strSql); if (obj != null) InsertExpOfApplication(nodeSet, obj.ToString(), "y"); } #endregion } } } scope.Complete(); } //写日志 UserDataWrite.InsertUserLog(AppResource.AppCodeName, LogOpType.ADD_OBJECT_FUNC.ToString(), "给角色增加被授权对象", xmlDocInsert.OuterXml); }
/// <summary> /// 校验用户自定义表达式 /// </summary> /// <param name="strFuncName">函数名称</param> /// <param name="arrParams">函数中使用的参数组</param> /// <param name="parseObj">表达解析式</param> /// <returns>用户自定义表达式的解析结果</returns> public object CheckUserFunction(string strFuncName, ParamObject[] arrParams, ParseExpression parseObj) { return DoUserFunction(strFuncName, arrParams, parseObj); }
/// <summary> /// 校验用户自定义表达式 /// </summary> /// <param name="strFuncName">函数名称</param> /// <param name="arrParams">函数中使用的参数组</param> /// <param name="parseObj">表达解析式</param> /// <returns>用户自定义表达式的解析结果</returns> public object CheckUserFunction(string strFuncName, ParamObject[] arrParams, ParseExpression parseObj) { return(DoUserFunction(strFuncName, arrParams, parseObj)); }
private static object DoUserFunction(string strFuncName, ParamObject[] arrParams, ParseExpression parseObj) { object oValue = null; switch (strFuncName.ToLower()) { case "organizations": case "users": case "groups": oValue = strFuncName.ToUpper(); break; //人员级别判定 case "userrank": ExceptionHelper.TrueThrow<ApplicationException>(arrParams.Length != 2, "函数" + strFuncName + "参数个数有误!"); if (arrParams.Length == 2) { //string oValue = UserRank(AddDoubleQuotationMark(arrParams[0].Value.ToString()), arrParams[1].Value.ToString()); } break; //当前人员Guid case "curuserid": oValue = "001416f3-f108-454e-9033-62b5a300e347"; break; //当前人员级别 case "curuserrank": oValue = "NAVVY_U"; break; //本关区 case "curcustomsscope": //oValue = ObjectID(arrParams[0].Value.ToString()); break; //本部门 case "curdepartscope": //oValue = CurObjetBelongTo(arrParams[0].Value.ToString()); break; //自定机构服务范围 case "userdefinescope": //oValue = CurRankLevel(); break; //人员级别名称 case "userrankname": oValue = UserRankName(arrParams[0].Value.ToString()); break; //得到表达式中对人员级别的限定信息 case "getuserrank": oValue = GetUserRank(arrParams[0].Value.ToString()); break; //属于某对象 case "belongto": oValue = true; break; //得到表达式中对人员所属的限定信息 case "getbelongto": oValue = GetBelongTo(arrParams[0].Value.ToString()); break; default: ExceptionHelper.TrueThrow<ApplicationException>(true, "不存在函数:" + strFuncName); break; } return oValue; }
/// <summary> /// 维护表达式-服务范围对应关系 /// </summary> /// <param name="xmlDocDelete"></param> /// <returns></returns> /// <remarks> /// /// </remarks> /// <example> /// xmlDocModify文档格式 /// <code> /// <ETS app_code_name="NEW" use_scope="y"> /// <Delete> /// <EXP_TO_SCOPES> /// <WHERE> /// <EXP_ID operator="=">acdba130-bcbf-45c3-993a-a7bf8761abb8</EXP_ID> /// <SCOPE_ID operator="=">14ecc3c0-c30d-4329-96db-47edf47bfabc</SCOPE_ID> /// </WHERE> /// </EXP_TO_SCOPES> /// </Delete> /// <Insert> /// <EXP_TO_SCOPES> /// <SET> /// <EXP_ID>acdba130-bcbf-45c3-993a-a7bf8761abb8</EXP_ID> /// <SCOPE_ID>aecaa7d7-a1a6-4dfe-8626-05db003c714f</SCOPE_ID> /// </SET> /// </EXP_TO_SCOPES> /// </Insert> /// </ETS> /// /// </code> /// </example> protected XmlDocument ModifyExpToScope(XmlDocument xmlDocModify) { using (TransactionScope scope = TransactionScopeFactory.Create()) { string appCodeName = xmlDocModify.DocumentElement.GetAttribute("app_code_name"); ExceptionHelper.FalseThrow<ApplicationException>( SecurityCheck.DoesUserHasPermissions(LogOnUserInfo.UserLogOnName, appCodeName, "MODIFY_SCOPE_FUNC"), "没有相应权限!"); ParseExpression pe = new ParseExpression(); pe.UserFunctions = (IExpParsing)new DoExpParsing(); //得到当前用户的服务范围 ArrayList userScopeList = GetUserScopes(appCodeName, "MODIFY_SCOPE_FUNC", FunctionOrRole.Fuunction); XmlDocument curNodeDoc = new XmlDocument(); StringBuilder sqlBuilder = new StringBuilder(128); foreach (XmlNode curNode in xmlDocModify.FirstChild.ChildNodes) { string scopeName; bool bValid = isValidScope(curNode, userScopeList, pe, out scopeName); ExceptionHelper.TrueThrow<ApplicationException>(false == bValid, string.Format("范围({0})不在当前人员的机构服务范围内, 不可修改对应关系!", scopeName)); curNodeDoc.LoadXml(curNode.OuterXml); if (curNode.Name == "Delete") { sqlBuilder.Append(InnerCommon.GetDeleteSqlStr(curNodeDoc, this.GetXSDDocument("EXP_TO_SCOPES")) + ";" + Environment.NewLine); } else if (curNode.Name == "Insert") { sqlBuilder.Append(InnerCommon.GetInsertSqlStr(curNodeDoc, this.GetXSDDocument("EXP_TO_SCOPES")) + ";" + Environment.NewLine); } } if (sqlBuilder.Length > 0) InnerCommon.ExecuteNonQuery(sqlBuilder.ToString()); scope.Complete(); } //写日志 UserDataWrite.InsertUserLog(AppResource.AppCodeName, LogOpType.MODIFY_SCOPE_FUNC.ToString(), "修改服务范围-被授权对象之间的关系", xmlDocModify.OuterXml); return xmlDocModify; }