public override string GetIdByCode(string permissionItemCode)
{
PiPermissionItemManager permissionItemManager = new PiPermissionItemManager(DBProvider);
// 这里应该是若不存在就自动加一个操作权限
return(permissionItemManager.GetIdByAdd(permissionItemCode));
}
/// <summary>
/// 设置约束条件
/// </summary>
/// <param name="resourceCategory">资源类别</param>
/// <param name="resourceId">资源主键</param>
/// <param name="tableName">表名</param>
/// <param name="constraint">约束</param>
/// <param name="enabled">有效</param>
/// <param name="permissionCode">操作权限项</param>
/// <returns>主键</returns>
public string SetConstraint(string resourceCategory, string resourceId, string tableName, string permissionCode, string constraint, bool enabled = true)
{
string returnValue = string.Empty;
string permissionId = string.Empty;
PiPermissionItemManager permissionItemManager = new PiPermissionItemManager(this.UserInfo);
permissionId = permissionItemManager.GetIdByAdd(permissionCode);
PiPermissionScopeManager manager = new PiPermissionScopeManager(this.DBProvider, this.UserInfo);
string[] names =
{
PiPermissionScopeTable.FieldResourceCategory
, PiPermissionScopeTable.FieldResourceId
, PiPermissionScopeTable.FieldTargetCategory
, PiPermissionScopeTable.FieldTargetId
, PiPermissionScopeTable.FieldPermissionId
, PiPermissionScopeTable.FieldDeleteMark
};
Object[] values =
{
resourceCategory
, resourceId
, "Table"
, tableName
, permissionId
, 0
};
// 1:先获取是否有这样的主键,若有进行更新操作。
// 2:若没有进行添加操作。
returnValue = manager.GetId(names, values);
if (!string.IsNullOrEmpty(returnValue))
{
string[] targetFields = { PiPermissionScopeTable.FieldPermissionConstraint, PiPermissionScopeTable.FieldEnabled };
Object[] targetValues = { constraint, enabled ? 1 : 0 };
manager.SetProperty(PiPermissionScopeTable.FieldId, returnValue, targetFields, targetValues);
}
else
{
PiPermissionScopeEntity entity = new PiPermissionScopeEntity
{
ResourceCategory = resourceCategory,
ResourceId = resourceId,
TargetCategory = "Table",
TargetId = tableName,
PermissionConstraint = constraint,
PermissionId = permissionId,
DeleteMark = 0,
Enabled = enabled ? 1 : 0
};
returnValue = manager.Add(entity);
}
return(returnValue);
}
public PiPermissionScopeEntity GetConstraintEntity(string resourceCategory, string resourceId, string tableName, string permissionCode = "Resource.AccessPermission")
{
PiPermissionScopeEntity entity = null;
string permissionId = string.Empty;
PiPermissionItemManager permissionItemManager = new PiPermissionItemManager(this.UserInfo);
permissionId = permissionItemManager.GetIdByAdd(permissionCode);
PiPermissionScopeManager manager = new PiPermissionScopeManager(this.DBProvider, this.UserInfo);
string[] names =
{
PiPermissionScopeTable.FieldResourceCategory
, PiPermissionScopeTable.FieldResourceId
, PiPermissionScopeTable.FieldTargetCategory
, PiPermissionScopeTable.FieldTargetId
, PiPermissionScopeTable.FieldPermissionId
, PiPermissionScopeTable.FieldDeleteMark
};
Object[] values =
{
resourceCategory
, resourceId
, "Table"
, tableName
, permissionId
, 0
};
// 1:先获取是否有这样的主键,若有进行更新操作。
DataTable dt = manager.GetDT(names, values);
if (dt.Rows.Count > 0)
{
entity = BaseEntity.Create <PiPermissionScopeEntity>(dt);
}
return(entity);
}
//
// ResourcePermission 权限判断
//
#region public bool CheckPermissionByUser(string userId, string permissionItemCode, string permissionItemName = null) 是否有相应的权限
/// <summary>
/// 是否有相应的权限
/// </summary>
/// <param name="userId">用户主键</param>
/// <param name="permissionItemCode">权限编号</param>
/// <param name="permissionItemName">权限名称</param>
/// <returns>是否有权限</returns>
public bool CheckPermissionByUser(string userId, string permissionItemCode, string permissionItemName = null)
{
// 若不存在就需要自动能增加一个操作权限项
var permissionItemManager = new PiPermissionItemManager(DBProvider, UserInfo, PiPermissionItemTable.TableName);
var permissionItemId = permissionItemManager.GetIdByAdd(permissionItemCode, permissionItemName);
var permissionItemEntity = permissionItemManager.GetEntity(permissionItemId);
// 先判断用户类别
if (UserInfo.IsAdministrator)
{
return(true);
}
// 没有找到相应的权限
if (String.IsNullOrEmpty(permissionItemId))
{
return(false);
}
// 这里需要判断,是系统权限?
var returnValue = false;
var userManager = new PiUserManager(this.DBProvider, this.UserInfo);
var userRoleManager = new PiUserRoleManager(this.DBProvider, this.UserInfo);
if (!string.IsNullOrEmpty(permissionItemEntity.CategoryCode) && permissionItemEntity.CategoryCode.Equals("System"))
{
// 用户管理员拥有所有的系统权限,不需要授予。
returnValue = userRoleManager.UserInRole(userId, "UserAdmin");
if (returnValue)
{
return(returnValue);
}
}
// 这里需要判断,是业务(应用)权限?
if (!string.IsNullOrEmpty(permissionItemEntity.CategoryCode) && permissionItemEntity.CategoryCode.Equals("Application"))
{
//业务管理员拥有所有的业务(应用)权限,不需要授予。
returnValue = userRoleManager.UserInRole(userId, "Admin");
if (returnValue)
{
return(returnValue);
}
}
// 判断用户权限
if (this.CheckUserPermission(userId, permissionItemId))
{
return(true);
}
// 判断用户角色权限
if (this.CheckUserRolePermission(userId, permissionItemId))
{
return(true);
}
// 判断用户组织机构权限,这里有开关是为了提高性能用的,
// 下面的函数接着还可以提高性能,可以进行一次判断就可以了,其实不用执行4次判断,浪费I/O,浪费性能。
if (SystemInfo.EnableOrganizePermission)
{
//得到用户所有所在的部门(以公司、分支机构、部门、子部门、工作组),包括兼职部门
var organizeIds = userManager.GetAllOrganizeIds(userId);
if (this.CheckUserOrganizePermission(userId, permissionItemId, organizeIds))
{
return(true);
}
}
return(false);
}
/// <summary>
/// 获取用户的条件约束表达式
/// </summary>
/// <param name="tableName">表名</param>
/// <param name="permissionCode">权限代码</param>
/// <returns>主键</returns>
public string GetUserConstraint(string tableName, string permissionCode = "Resource.AccessPermission")
{
string returnValue = string.Empty;
// 这里是获取用户的条件表达式
// 1: 首先用户在哪些角色里是有效的?
// 2: 这些角色都有哪些哪些条件约束?
// 3: 组合约束条件?
// 4:用户本身的约束条件?
string permissionId = string.Empty;
PiPermissionItemManager permissionItemManager = new PiPermissionItemManager(this.UserInfo);
permissionId = permissionItemManager.GetIdByAdd(permissionCode);
PiUserRoleManager manager = new PiUserRoleManager(this.DBProvider, this.UserInfo);
string[] roleIds = manager.GetAllRoleIds(UserInfo.Id);
if (roleIds == null || roleIds.Length == 0)
{
return(returnValue);
}
PiPermissionScopeManager scopeManager = new PiPermissionScopeManager(this.DBProvider, this.UserInfo);
string[] names =
{
PiPermissionScopeTable.FieldResourceCategory
, PiPermissionScopeTable.FieldResourceId
, PiPermissionScopeTable.FieldTargetCategory
, PiPermissionScopeTable.FieldTargetId
, PiPermissionScopeTable.FieldPermissionId
, PiPermissionScopeTable.FieldEnabled
, PiPermissionScopeTable.FieldDeleteMark
};
Object[] values =
{
PiRoleTable.TableName
, roleIds
, "Table"
, tableName
, permissionId
, 1
, 0
};
DataTable dtPermissionScope = scopeManager.GetDT(names, values);
string permissionConstraint = string.Empty;
foreach (DataRow dataRow in dtPermissionScope.Rows)
{
permissionConstraint = dataRow[PiPermissionScopeTable.FieldPermissionConstraint].ToString();
permissionConstraint = permissionConstraint.Trim();
if (!string.IsNullOrEmpty(permissionConstraint))
{
returnValue += " AND " + permissionConstraint;
}
}
//得到当前用户的约束条件
string userConstraint = this.GetConstraint(PiUserTable.TableName, this.UserInfo.Id, tableName) ?? "";
if (!string.IsNullOrEmpty(userConstraint))
{
returnValue += " AND " + userConstraint;
}
if (!string.IsNullOrEmpty(returnValue))
{
returnValue = returnValue.Substring(5);
// 解析替换约束表达式标准函数
returnValue = ConstraintUtil.PrepareParameter(this.UserInfo, returnValue);
}
return(returnValue);
}
/// <summary>
/// 获取约束条件(所有的约束)
/// </summary>
/// <param name="resourceCategory">资源类别</param>
/// <param name="resourceId">资源主键</param>
/// <param name="permissionCode">权限代码</param>
/// <returns>数据表</returns>
public DataTable GetConstraintDT(string resourceCategory, string resourceId, string permissionCode = "Resource.AccessPermission")
{
DataTable dataTable = new DataTable(CiTableColumnsTable.TableName);
/*
* -- 这里是都有哪些表?
* SELECT ItemValue, ItemName
* FROM PiTablePermissionScope
* WHERE (DeleteMark = 0)
* AND (Enabled = 1)
* ORDER BY PiTablePermissionScope.SortCode
*/
/*
* -- 这里是都有有哪些表达式
* SELECT Id, TargetId, PermissionConstraint -- 对什么表有什么表达式?
* FROM PiPermissionScope
* WHERE (ResourceId = 10000000)
* AND (ResourceCategory = 'PiRole') -- 什么角色?
* AND (TargetId = 'PiUser')
* AND (TargetCategory = 'Table')
* AND (PermissionId = 10000001) -- 有什么权限?(资源访问权限)
* AND (DeleteMark = 0)
* AND (Enabled = 1)
*/
string permissionId = string.Empty;
PiPermissionItemManager permissionItemManager = new PiPermissionItemManager(this.UserInfo);
permissionId = permissionItemManager.GetIdByAdd(permissionCode);
string sqlQuery = @" SELECT PIPERMISSIONSCOPE.ID
, PITABLEPERMISSIONSCOPE.ITEMVALUE TABLECODE
, PITABLEPERMISSIONSCOPE.ITEMNAME TABLENAME
, PIPERMISSIONSCOPE.PERMISSIONCONSTRAINT
, PITABLEPERMISSIONSCOPE.SORTCODE
FROM (
SELECT ITEMVALUE
, ITEMNAME
, SORTCODE
FROM PITABLEPERMISSIONSCOPE
WHERE (DELETEMARK = 0)
AND (ENABLED = 1)
) PITABLEPERMISSIONSCOPE LEFT OUTER JOIN
(SELECT ID
, TARGETID
, PERMISSIONCONSTRAINT
FROM PIPERMISSIONSCOPE
WHERE (RESOURCECATEGORY = '" + resourceCategory + @"')
AND (RESOURCEID = '" + resourceId + @"')
AND (TARGETCATEGORY = 'Table')
AND (PERMISSIONID = '" + permissionId + @"')
AND (DELETEMARK = 0)
AND (ENABLED = 1)
) PIPERMISSIONSCOPE
ON PITABLEPERMISSIONSCOPE.ITEMVALUE = PIPERMISSIONSCOPE.TARGETID
ORDER BY PITABLEPERMISSIONSCOPE.SORTCODE ";
dataTable = this.Fill(sqlQuery);
dataTable.TableName = CiTableColumnsTable.TableName;
return(dataTable);
}
