/// <summary>
/// 检查用户对于一批目录是否具有指定权限,返回具有权限的目录Id列表
/// </summary>
/// <param name="handle"></param>
/// <param name="permission"></param>
/// <param name="toFilterDirIdList"></param>
/// <returns></returns>
public List <string> FilterDirIds(LibHandle handle, DMFuncPermissionEnum permission, List <string> toFilterDirIdList)
{
if (handle == LibHandleCache.Default.GetSystemHandle() || string.IsNullOrEmpty(handle.UserId) || handle.UserId == "admin")
{
return(toFilterDirIdList);//系统用户则直接原样返回
}
string personId = handle.PersonId;
DMUserPermission userPermission = DMUserPermissionCache.Default.GetCacheItem(personId);
if (userPermission.IsUnlimited)
{
return(toFilterDirIdList);//用户权限不受限制则直接原样返回
}
Dictionary <string, List <string> > dicDirId_DirIds = DirLinkAddress.GetDirIdsForDirs(toFilterDirIdList);
if (dicDirId_DirIds == null)
{
return(new List <string>());
}
List <string> resultList = new List <string>();
try
{
//使用每个目录的目录标识列表(含自身和所有父级目录)检查是否可用权限
resultList = (from item in toFilterDirIdList
where dicDirId_DirIds.ContainsKey(item) && userPermission.CheckCan(dicDirId_DirIds[item], string.Empty, permission)
select item).ToList();
}
catch (Exception exp)
{
DMCommonMethod.WriteLog("FilterDocIds", exp.Message);
}
return(resultList);
}
/// <summary>
/// 检查用户对于指定目录(或及指定文档)是否具有指定的权限
/// </summary>
/// <param name="dirId">目录标识,如果文档标识不为空则目录标识可为空</param>
/// <param name="docId">文档标识,为空则仅判断目录</param>
/// <param name="func">操作功能项</param>
/// <returns></returns>
public bool CheckCan(string dirId, string docId, DMFuncPermissionEnum func)
{
if (string.IsNullOrEmpty(dirId) && string.IsNullOrEmpty(docId))
{
return(false);//不能两者都为空
}
//找到目录或文档的所有上级目录然后再检查权限
if (string.IsNullOrEmpty(docId))
{
DirLinkAddress dirLink = new DirLinkAddress(dirId, new LibDataAccess());
if (dirLink.DirType == DirTypeEnum.Private)
{
return(true);
}
List <string> dirIds = dirLink.ParentDirIdList;
dirIds.Add(dirId);//将本级目录标识加入
return(CheckCan(dirIds, string.Empty, func));
}
else
{
DirLinkAddress dirLink = new DirLinkAddress(false, docId, new LibDataAccess(), true);
if (dirLink.DirType == DirTypeEnum.Private)
{
return(true);
}
return(CheckCan(dirLink.ParentDirIdList, docId, func));
}
}
//导入、导出、打印等可能需要的方法需要编写覆盖基类的方法,应在相关方法中检查权限
/// <summary>
/// 权限检查
/// </summary>
/// <param name="permission"></param>
/// <returns></returns>
protected bool CheckPermission(string dirId, DMFuncPermissionEnum permission)
{
bool ret = true;//因DMFuncPermissionEnum权限项的值能覆盖FuncPermissionEnum的值,可以直接转换使用
if (LibHandleCache.Default.GetSystemHandle().Handle != this.Handle.Handle && this.Handle.UserId != "admin")
{
ret = DMPermissionControl.Default.HasPermission(this.Handle, dirId, string.Empty, permission);
if (!ret)
{
this.ManagerMessage.AddMessage(LibMessageKind.Error, "当前人员不具备操作权限。");
}
}
return(ret);
}
/// <summary>
/// 检查用户是否具有对于指定目录(或及指定文档)的指定权限
/// </summary>
/// <param name="handle"></param>
/// <param name="dirId"></param>
/// <param name="docId">如果参数为空则指针对目录的检查</param>
/// <param name="funcPermission"></param>
/// <returns></returns>
public bool HasPermission(LibHandle handle, string dirId, string docId, DMFuncPermissionEnum funcPermission)
{
bool ret = false;
if (handle == LibHandleCache.Default.GetSystemHandle() || string.IsNullOrEmpty(handle.UserId) || handle.UserId == "admin")
{
ret = true;
}
else
{
string personId = handle.PersonId;
DMUserPermission userPermission = DMUserPermissionCache.Default.GetCacheItem(personId);
if (userPermission.IsUnlimited)
{
ret = true;
}
else
{
return(userPermission.CheckCan(dirId, docId, funcPermission));
}
}
return(ret);
}
/// <summary>
/// 检查用户对于一批文档是否具有指定权限,返回具有权限的文档Id列表
/// </summary>
/// <param name="handle"></param>
/// <param name="permission"></param>
/// <param name="toFilterDocIdList"></param>
/// <returns></returns>
public List <string> FilterDocIds(LibHandle handle, DMFuncPermissionEnum permission, List <string> toFilterDocIdList)
{
if (handle == LibHandleCache.Default.GetSystemHandle() || string.IsNullOrEmpty(handle.UserId) || handle.UserId == "admin")
{
return(toFilterDocIdList);//系统用户则直接原样返回
}
string personId = handle.PersonId;
DMUserPermission userPermission = DMUserPermissionCache.Default.GetCacheItem(personId);
if (userPermission.IsUnlimited)
{
return(toFilterDocIdList);//用户权限不受限制则直接原样返回
}
Dictionary <string, List <DocInfo> > dicDocId_DirIds = DirLinkAddress.GetParentDirIdsForDocs(toFilterDocIdList);
if (dicDocId_DirIds == null)
{
return(null);
}
List <string> resultList = new List <string>();
Dictionary <string, List <string> > tempDic = new Dictionary <string, List <string> >();
foreach (KeyValuePair <string, List <DocInfo> > item in dicDocId_DirIds)
{
foreach (DocInfo temp in item.Value)
{
if (temp.DirType == DirTypeEnum.Private && temp.CreatorId == personId)
{
if (!resultList.Contains(item.Key))
{
resultList.Add(item.Key);
break;
}
}
else
{
if (tempDic.ContainsKey(item.Key))
{
tempDic[item.Key].Add(temp.DirId);
}
else
{
tempDic.Add(item.Key, new List <string>()
{
temp.DirId
});
}
}
}
}
try {
//使用每个文档的标识和父目录标识列表检查是否可用权限
resultList.AddRange((from item in toFilterDocIdList
where tempDic.ContainsKey(item) && userPermission.CheckCan(tempDic[item], item, permission)
select item).ToList());
}
catch (Exception exp)
{
DMCommonMethod.WriteLog("FilterDocIds", exp.Message);
}
return(resultList);
}
/// <summary>
/// 检查用户对于指定目录(或指定文档)是否具有指定的权限
/// </summary>
/// <param name="parentDirIds">目录文档所在的目录列表(从顶级到最后目录),如果是为目录进行查询则应包含本级目录</param>
/// <param name="docId">文档标识,为空则仅判断目录</param>
/// <param name="func">操作功能项</param>
/// <returns></returns>
public bool CheckCan(List <string> parentDirIds, string docId, DMFuncPermissionEnum func)
{
if (parentDirIds == null || parentDirIds.Count == 0)
{
return(false);
}
lock (_LockObjOfDicDirAndDoc)
{
//先检是否有某个所在目录的管理权限
string manageDir = (from item in _DicDirectoryPowers
where parentDirIds.Contains(item.Key) && ((item.Value & (int)DMFuncPermissionEnum.Manage) == (int)DMFuncPermissionEnum.Manage)
select item.Key).FirstOrDefault();
if (string.IsNullOrEmpty(manageDir) == false)
{
return(true);//有管理权限则直接返回true
}
//检查文档是否有管理权限
if (string.IsNullOrEmpty(docId) == false)
{
string manageDoc = (from item in _DicDocumentPowers
where item.Key.Equals(docId) && ((item.Value & (int)DMFuncPermissionEnum.Manage) == (int)DMFuncPermissionEnum.Manage)
select item.Key).FirstOrDefault();
if (string.IsNullOrEmpty(manageDoc) == false)
{
return(true);//有管理权限则直接返回true
}
}
//否则将逐级目录权限项相“或”
List <int> permissionList = (from item in _DicDirectoryPowers
where parentDirIds.Contains(item.Key)
select item.Value).ToList();
int mergePermission = 0;
bool isFirst = true;
foreach (int dirPer in permissionList)
{
if (isFirst)
{
mergePermission = dirPer;
isFirst = false;
}
else
{
mergePermission = mergePermission | dirPer;//合并权限,一个权限项无论是父目录设置了true还是子目录设置了true,都可用。
}
}
if (string.IsNullOrEmpty(docId) || _DicDocumentPowers.ContainsKey(docId) == false)
{
//检查目录权限
if ((mergePermission & (int)func) == (int)func)
{
return(true);
}
}
else
{
if (isFirst == false)
{
mergePermission = mergePermission | _DicDocumentPowers[docId];//再与文档权限相或
}
else
{
mergePermission = _DicDocumentPowers[docId];
}
bool isCan = (mergePermission & (int)func) == (int)func;
if (isCan)
{
return(true);
}
}
}
if (func == DMFuncPermissionEnum.Browse && string.IsNullOrEmpty(docId))
{
//对于仅检查目录的浏览权限的,再进行特殊处理
string dirId = parentDirIds.Last();
return(CheckDirCanBrowse(dirId));
}
else
{
return(false);
}
}
