/// <summary>
/// 获取用户角色列表
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="userId">用户主键</param>
/// <returns>主键数组</returns>
public string[] GetAllUserRoleIds(UserInfo userInfo, string userId)
{
string[] returnValue = null;
var parameter = ParameterUtil.CreateWithLog(userInfo, MethodBase.GetCurrentMethod());
ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider =>
{
returnValue = new PiUserRoleManager(dbProvider, userInfo).GetAllRoleIds(userId);
});
return(returnValue);
}
/// <summary>
/// 清除用户归属的角色
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="userId">用户主键</param>
/// <returns>影响行数</returns>
public int ClearUserRole(UserInfo userInfo, string userId)
{
int returnValue = 0;
var parameter = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.UserService_ClearUserRole, "用户:" + userId);
ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider =>
{
returnValue = new PiUserRoleManager(dbProvider, userInfo).ClearUserRole(userId);
});
return(returnValue);
}
/// <summary>
/// 获得角色中的用户主键
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="roleId">角色主键</param>
/// <returns>用户主键</returns>
public string[] GetRoleUserIds(UserInfo userInfo, string roleId)
{
string[] returnValue = null;
var parameter = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.RoleService_GetRoleUserIds);
ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider =>
{
returnValue = new PiUserRoleManager(dbProvider, userInfo).GetUserIds(roleId);
});
return(returnValue);
}
/// <summary>
/// 移除角色用户关联
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="roleId">角色主键</param>
/// <returns>影响行数</returns>
public int EliminateRoleUser(UserInfo userInfo, string roleId)
{
int returnValue = 0;
var parameter = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.RoleService_EliminateRoleUser, "角色主键:" + roleId);
ServiceUtil.ProcessRDIWriteDbWithTran(userInfo, parameter, dbProvider =>
{
returnValue = new PiUserRoleManager(dbProvider, userInfo).EliminateRoleUser(roleId);
});
return(returnValue);
}
public int ClearRole(string userId)
{
var returnValue = 0;
returnValue += this.SetProperty(PiUserTable.FieldId, userId, PiUserTable.FieldRoleId, null);
var userRoleManager = new PiUserRoleManager(this.DBProvider, this.UserInfo, PiUserRoleTable.TableName);
returnValue += userRoleManager.Delete(PiUserRoleTable.FieldUserId, userId);
return(returnValue);
}
/// <summary>
/// 清除指定角色的所有权限
///
/// 1.清除角色的用户归属。
/// 2.清除角色的模块权限。
/// 3.清除角色的操作权限。
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="roleId">角色主键</param>
/// <returns>影响的行数</returns>
public int ClearRolePermissionByRoleId(UserInfo userInfo, string roleId)
{
var returnValue = 0;
var parameter = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.PermissionService_ClearRolePermissionByRoleId, "角色主键:" + roleId);
ServiceUtil.ProcessRDIWriteDbWithTran(userInfo, parameter, dbProvider =>
{
returnValue += new PiUserRoleManager(dbProvider, userInfo).EliminateRoleUser(roleId);
returnValue += new RolePermissionManager(dbProvider, userInfo).RevokeAll(roleId);
returnValue += new RoleScopeManager(dbProvider, userInfo).RevokeAll(roleId);
});
return(returnValue);
}
/// <summary>
/// 用户是否在某个角色里的判断
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="userId">用户主键</param>
/// <param name="roleCode">角色编号</param>
/// <returns>存在</returns>
public bool UserInRole(UserInfo userInfo, string userId, string roleCode)
{
bool returnValue = false;
var parameter = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.UserService_UserInRole);
ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider =>
{
var userRoleManager = new PiUserRoleManager(dbProvider, userInfo);
returnValue = userRoleManager.UserInRole(userId, roleCode);
});
return(returnValue);
}
/// <summary>
/// 用户从角色中移除
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="userId">用户主键</param>
/// <param name="removeRoleIds">移除角色</param>
/// <returns></returns>
public int RemoveUserFromRole(UserInfo userInfo, string userId, string[] removeRoleIds)
{
int returnValue = 0;
var parameter = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.UserService_RemoveUserFromRole);
ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider =>
{
if (removeRoleIds != null)
{
returnValue += new PiUserRoleManager(dbProvider, userInfo).RemoveFormRole(userId, removeRoleIds);
}
});
return(returnValue);
}
/// <summary>
/// 用户添加到角色
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="userId">用户主键</param>
/// <param name="addRoleIds">加入角色</param>
/// <returns>影响的行数</returns>
public int AddUserToRole(UserInfo userInfo, string userId, string[] addRoleIds)
{
int returnValue = 0;
var parameter = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.UserService_AddUserToRole, "用户主键:" + userId + ",加入角色:" + BusinessLogic.ArrayToList(addRoleIds));
ServiceUtil.ProcessRDIWriteDbWithTran(userInfo, parameter, dbProvider =>
{
var userRoleManager = new PiUserRoleManager(dbProvider, userInfo);
if (addRoleIds != null)
{
returnValue += userRoleManager.AddToRole(userId, addRoleIds);
}
});
return(returnValue);
}
/// <summary>
/// 用户添加到角色
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="roleId">角色主键</param>
/// <param name="addUserIds">用户主键数组</param>
/// <returns>影响行数</returns>
public int AddUserToRole(UserInfo userInfo, string roleId, string[] addUserIds)
{
var returnValue = 0;
var parameter = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.RoleService_AddUserToRole);
ServiceUtil.ProcessRDIWriteDbWithTran(userInfo, parameter, dbProvider =>
{
if (addUserIds != null)
{
returnValue += new PiUserRoleManager(dbProvider, userInfo).AddToRole(addUserIds, roleId);
}
});
return(returnValue);
}
/// <summary>
/// 清除指定用户的所有权限
///
/// 1.清除用户的角色归属。
/// 2.清除用户的模块权限。
/// 3.清除用户的操作权限。
/// </summary>
/// <param name="userId">用户主键</param>
/// <returns>大于0回收成功</returns>
public int ClearUserPermissionByUserId(string userId)
{
int returnValue = 0;
PiUserRoleManager userRoleManager = new PiUserRoleManager(DBProvider, UserInfo);
returnValue += userRoleManager.EliminateRoleUser(userId);
var userPermissionManager = new UserPermissionManager(DBProvider, UserInfo);
returnValue += userPermissionManager.RevokeAll(userId);
var userPermissionScopeManager = new UserScopeManager(DBProvider, UserInfo);
returnValue += userPermissionScopeManager.RevokeAll(userId);
return(returnValue);
}
//
// 加入到角色
//
#region public string AddToRole(string userId, string roleId) 为了提高授权的运行速度
/// <summary>
/// 为了提高授权的运行速度
/// </summary>
/// <param name="userId">用户主键</param>
/// <param name="roleId">角色主键</param>
/// <returns>主键</returns>
public string AddToRole(string userId, string roleId)
{
var returnValue = string.Empty;
var userRoleEntity = new PiUserRoleEntity
{
UserId = userId,
RoleId = roleId,
Enabled = 1,
DeleteMark = 0
};
var tableName = PiUserRoleTable.TableName;
var userRoleManager = new PiUserRoleManager(this.DBProvider, this.UserInfo, tableName);
return(userRoleManager.Add(userRoleEntity));
}
/// <summary>
/// 获得用户授权范围
/// </summary>
/// <param name="userId">员工主键</param>
/// <param name="permissionItemScopeCode"></param>
/// <returns>数据表</returns>
public DataTable GetDTByPermission(string userId, string permissionItemScopeCode)
{
DataTable returnValue = new DataTable(this.CurrentTableName);
string[] names = null;
object[] values = null;
// 这里需要判断,是系统权限?
bool isRole = false;
PiUserRoleManager userRoleManager = new PiUserRoleManager(this.DBProvider, this.UserInfo);
// 用户管理员
isRole = userRoleManager.UserInRole(userId, "UserAdmin");
if (isRole)
{
names = new string[] { PiModuleTable.FieldCategory, PiModuleTable.FieldDeleteMark, PiModuleTable.FieldEnabled };
values = new object[] { "System", 0, 1 };
returnValue = this.GetDT(names, values, PiModuleTable.FieldSortCode);
returnValue.TableName = this.CurrentTableName;
return(returnValue);
}
// 这里需要判断,是业务权限?
isRole = userRoleManager.UserInRole(userId, "Admin");
if (isRole)
{
names = new string[] { PiModuleTable.FieldCategory, PiModuleTable.FieldDeleteMark, PiModuleTable.FieldEnabled };
values = new object[] { "Application", 0, 1 };
returnValue = this.GetDT(names, values, PiModuleTable.FieldSortCode);
returnValue.TableName = this.CurrentTableName;
return(returnValue);
}
PiPermissionScopeManager permissionScopeManager = new PiPermissionScopeManager(DBProvider, UserInfo);
string[] moduleIds = permissionScopeManager.GetTreeResourceScopeIds(userId, PiModuleTable.TableName, permissionItemScopeCode, true);
//不加载子节点
//string[] moduleIds = permissionScopeManager.GetTreeResourceScopeIds(userId, PiModuleTable.TableName, permissionItemScopeCode, false);
//// 有效的,未被删除的
names = new string[] { PiModuleTable.FieldId, PiModuleTable.FieldDeleteMark, PiModuleTable.FieldEnabled };
values = new object[] { moduleIds, 0, 1 };
returnValue = this.GetDT(names, values, PiModuleTable.FieldSortCode);
returnValue.TableName = this.CurrentTableName;
return(returnValue);
}
//////////////////////////////////////////////////////////////////////////////////////////////////////
/// 用户权限判断相关(需要实现对外调用)
//////////////////////////////////////////////////////////////////////////////////////////////////////
#region public bool IsInRole(UserInfo userInfo, string userId, string roleName) 指定用户是否在指定的角色里
/// <summary>
/// 指定用户是否在指定的角色里
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="userId">用户主键</param>
/// <param name="roleName">角色名称</param>
/// <returns>指定用户是否在指定角色里,true:是,false:否</returns>
public bool IsInRole(UserInfo userInfo, string userId, string roleName)
{
var returnValue = false;
var parameter = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.PermissionService_IsInRole);
ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider =>
{
// 先获得角色主键
string roleCode = new PiRoleManager(dbProvider, userInfo).GetProperty(PiRoleTable.FieldRealName, roleName, PiRoleTable.FieldCode);
// 判断用户的默认角色
if (!string.IsNullOrEmpty(roleCode))
{
returnValue = new PiUserRoleManager(dbProvider, userInfo).UserInRole(userId, roleCode);
}
});
return(returnValue);
}
//
// ResourcePermission 权限判断
//
#region public bool CheckPermissionByUser(string userId, string permissionItemCode, string permissionItemName = null) 是否有相应的权限
/// <summary>
/// 是否有相应的权限
/// </summary>
/// <param name="userId">用户主键</param>
/// <param name="permissionItemCode">权限编号</param>
/// <param name="permissionItemName">权限名称</param>
/// <returns>是否有权限</returns>
public bool CheckPermissionByUser(string userId, string permissionItemCode, string permissionItemName = null)
{
// 若不存在就需要自动能增加一个操作权限项
var permissionItemManager = new PiPermissionItemManager(DBProvider, UserInfo, PiPermissionItemTable.TableName);
var permissionItemId = permissionItemManager.GetIdByAdd(permissionItemCode, permissionItemName);
var permissionItemEntity = permissionItemManager.GetEntity(permissionItemId);
// 先判断用户类别
if (UserInfo.IsAdministrator)
{
return(true);
}
// 没有找到相应的权限
if (String.IsNullOrEmpty(permissionItemId))
{
return(false);
}
// 这里需要判断,是系统权限?
var returnValue = false;
var userManager = new PiUserManager(this.DBProvider, this.UserInfo);
var userRoleManager = new PiUserRoleManager(this.DBProvider, this.UserInfo);
if (!string.IsNullOrEmpty(permissionItemEntity.CategoryCode) && permissionItemEntity.CategoryCode.Equals("System"))
{
// 用户管理员拥有所有的系统权限,不需要授予。
returnValue = userRoleManager.UserInRole(userId, "UserAdmin");
if (returnValue)
{
return(returnValue);
}
}
// 这里需要判断,是业务(应用)权限?
if (!string.IsNullOrEmpty(permissionItemEntity.CategoryCode) && permissionItemEntity.CategoryCode.Equals("Application"))
{
//业务管理员拥有所有的业务(应用)权限,不需要授予。
returnValue = userRoleManager.UserInRole(userId, "Admin");
if (returnValue)
{
return(returnValue);
}
}
// 判断用户权限
if (this.CheckUserPermission(userId, permissionItemId))
{
return(true);
}
// 判断用户角色权限
if (this.CheckUserRolePermission(userId, permissionItemId))
{
return(true);
}
// 判断用户组织机构权限,这里有开关是为了提高性能用的,
// 下面的函数接着还可以提高性能,可以进行一次判断就可以了,其实不用执行4次判断,浪费I/O,浪费性能。
if (SystemInfo.EnableOrganizePermission)
{
//得到用户所有所在的部门(以公司、分支机构、部门、子部门、工作组),包括兼职部门
var organizeIds = userManager.GetAllOrganizeIds(userId);
if (this.CheckUserOrganizePermission(userId, permissionItemId, organizeIds))
{
return(true);
}
}
return(false);
}
//
// 从角色中删除员工
//
#region public int RemoveFormRole(string userId, string roleId) 撤销角色权限
/// <summary>
/// 从角色中删除员工
/// </summary>
/// <param name="userId">员工主键</param>
/// <param name="roleId">角色主键</param>
/// <returns>影响行数</returns>
public int RemoveFormRole(string userId, string roleId)
{
var userRoleManager = new PiUserRoleManager(this.DBProvider, this.UserInfo, PiUserRoleTable.TableName);
return(userRoleManager.Delete(PiUserRoleTable.FieldUserId, userId, PiUserRoleTable.FieldRoleId, roleId));
}
/// <summary>
/// 获取用户的条件约束表达式
/// </summary>
/// <param name="tableName">表名</param>
/// <param name="permissionCode">权限代码</param>
/// <returns>主键</returns>
public string GetUserConstraint(string tableName, string permissionCode = "Resource.AccessPermission")
{
string returnValue = string.Empty;
// 这里是获取用户的条件表达式
// 1: 首先用户在哪些角色里是有效的?
// 2: 这些角色都有哪些哪些条件约束?
// 3: 组合约束条件?
// 4:用户本身的约束条件?
string permissionId = string.Empty;
PiPermissionItemManager permissionItemManager = new PiPermissionItemManager(this.UserInfo);
permissionId = permissionItemManager.GetIdByAdd(permissionCode);
PiUserRoleManager manager = new PiUserRoleManager(this.DBProvider, this.UserInfo);
string[] roleIds = manager.GetAllRoleIds(UserInfo.Id);
if (roleIds == null || roleIds.Length == 0)
{
return(returnValue);
}
PiPermissionScopeManager scopeManager = new PiPermissionScopeManager(this.DBProvider, this.UserInfo);
string[] names =
{
PiPermissionScopeTable.FieldResourceCategory
, PiPermissionScopeTable.FieldResourceId
, PiPermissionScopeTable.FieldTargetCategory
, PiPermissionScopeTable.FieldTargetId
, PiPermissionScopeTable.FieldPermissionId
, PiPermissionScopeTable.FieldEnabled
, PiPermissionScopeTable.FieldDeleteMark
};
Object[] values =
{
PiRoleTable.TableName
, roleIds
, "Table"
, tableName
, permissionId
, 1
, 0
};
DataTable dtPermissionScope = scopeManager.GetDT(names, values);
string permissionConstraint = string.Empty;
foreach (DataRow dataRow in dtPermissionScope.Rows)
{
permissionConstraint = dataRow[PiPermissionScopeTable.FieldPermissionConstraint].ToString();
permissionConstraint = permissionConstraint.Trim();
if (!string.IsNullOrEmpty(permissionConstraint))
{
returnValue += " AND " + permissionConstraint;
}
}
//得到当前用户的约束条件
string userConstraint = this.GetConstraint(PiUserTable.TableName, this.UserInfo.Id, tableName) ?? "";
if (!string.IsNullOrEmpty(userConstraint))
{
returnValue += " AND " + userConstraint;
}
if (!string.IsNullOrEmpty(returnValue))
{
returnValue = returnValue.Substring(5);
// 解析替换约束表达式标准函数
returnValue = ConstraintUtil.PrepareParameter(this.UserInfo, returnValue);
}
return(returnValue);
}
