/// <summary>
/// 管理用户查询对象
/// </summary>
/// <param name="adminUserFilter">管理用户筛选对象</param>
/// <returns></returns>
public IQuery CreateAdminQueryObject(AdminUserFilterDto adminUserFilter)
{
if (adminUserFilter == null)
{
return(null);
}
IQuery userQuery = CreateQueryObject(adminUserFilter, true) ?? QueryFactory.Create <UserQuery>();
#region 角色筛选
if (adminUserFilter.RoleFilter != null)
{
IQuery roleQuery = this.Instance <IRoleBusiness>().CreateQueryObject(adminUserFilter.RoleFilter);
if (roleQuery != null && roleQuery.Criterias.Count > 0)
{
roleQuery.AddQueryFields <RoleQuery>(c => c.SysNo);
IQuery userRoleQuery = QueryFactory.Create <UserRoleQuery>();
userRoleQuery.And <UserRoleQuery>(u => u.RoleSysNo, CriteriaOperator.In, roleQuery);
userRoleQuery.AddQueryFields <UserRoleQuery>(u => u.UserSysNo);
userQuery.And <UserQuery>(c => c.SysNo, CriteriaOperator.In, userRoleQuery);
}
}
#endregion
return(userQuery);
}
/// <summary>
/// 设置上级分组
/// </summary>
/// <param name="parentGroup">上级分组</param>
public void SetParentGroup(JobGroup parentGroup, bool init = true)
{
int parentLevel = 0;
string parentCode = string.Empty;
if (parentGroup != null)
{
parentLevel = parentGroup.Level;
parentCode = parentGroup.Code;
}
if (parentCode == code && !IdentityValueIsNone())
{
throw new Exception("不能将分组本身设置为自己的上级分组");
}
//排序
IQuery sortQuery = QueryFactory.Create <JobGroupQuery>(r => r.Parent == parentCode);
sortQuery.AddQueryFields <JobGroupQuery>(c => c.Sort);
int maxSortIndex = repository.Max <int>(sortQuery);
sort = maxSortIndex + 1;
parent.SetValue(parentGroup, true);
//等级
int newLevel = parentLevel + 1;
bool modifyChild = newLevel != level;
level = newLevel;
if (modifyChild)
{
//修改所有子集信息
ModifyChildGroup();
}
}
/// <summary>
/// 批量删除权限分组
/// </summary>
/// <param name="groupIds">分组编号</param>
/// <returns></returns>
public static Result RemoveAuthorityGroup(IEnumerable <long> groupIds)
{
#region 参数判断
if (groupIds.IsNullOrEmpty())
{
return(Result.FailedResult("没有指定任何要删除的权限分组"));
}
#endregion
//删除分组信息
IQuery parentRemoveCondition = QueryFactory.Create();
parentRemoveCondition.In <AuthorityGroupQuery>(r => r.SysNo, groupIds);
authorityGroupRepository.Remove(parentRemoveCondition);
//删除下级
IQuery childQuery = QueryFactory.Create();
childQuery.In <AuthorityGroupQuery>(r => r.Parent, groupIds);
childQuery.AddQueryFields <AuthorityGroupQuery>(r => r.SysNo);
List <AuthorityGroup> authorityGroupList = authorityGroupRepository.GetList(childQuery);
if (authorityGroupList.IsNullOrEmpty())
{
return(Result.SuccessResult("没有需要删除的下级分组"));
}
RemoveAuthorityGroup(authorityGroupList.Select(r => r.SysNo));
return(Result.SuccessResult("删除成功"));
}
/// <summary>
/// 授权操作绑定权限筛选
/// </summary>
/// <param name="filter">筛选对象</param>
/// <returns></returns>
IQuery CreateAuthorityQueryObject(AuthorityOperationBindAuthorityFilterDto filter)
{
if (filter == null)
{
return(null);
}
IQuery query = CreateAuthorityQueryObject(filter, true) ?? QueryFactory.Create <AuthorityQuery>();
#region 授权操作筛选
if (filter.AuthorityOperationFilter != null)
{
IQuery operationQuery = CreateAuthorityOperationQueryObject(filter.AuthorityOperationFilter);
if (operationQuery != null)
{
operationQuery.AddQueryFields <AuthorityOperationQuery>(c => c.SysNo);
IQuery authBindOperationQuery = QueryFactory.Create <AuthorityBindOperationQuery>();
authBindOperationQuery.And <AuthorityBindOperationQuery>(c => c.AuthorithOperation, CriteriaOperator.In, operationQuery);
authBindOperationQuery.AddQueryFields <AuthorityBindOperationQuery>(c => c.AuthorityCode);
query.And <AuthorityQuery>(c => c.Code, CriteriaOperator.In, authBindOperationQuery);
}
}
#endregion
return(query);
}
/// <summary>
/// 设置上级分组
/// </summary>
/// <param name="parentGroup">上级分组</param>
public void SetParentGroup(AuthorityGroup parentGroup)
{
int parentLevel = 0;
long parentSysNo = 0;
if (parentGroup != null)
{
parentLevel = parentGroup.Level;
parentSysNo = parentGroup.SysNo;
}
if (parentSysNo == SysNo && !IdentityValueIsNone())
{
throw new Exception("不能将分组本身设置为上级分组");
}
//排序
IQuery sortQuery = QueryManager.Create <AuthorityGroupQuery>(r => r.Parent == parentSysNo);
sortQuery.AddQueryFields <AuthorityGroupQuery>(c => c.Sort);
int maxSortIndex = repository.Max <int>(sortQuery);
Sort = maxSortIndex + 1;
parent.SetValue(parentGroup, true);
//等级
int newLevel = parentLevel + 1;
bool modifyChild = newLevel != Level;
Level = newLevel;
if (modifyChild)
{
//修改所有子集信息
ModifyChildAuthorityGroupParentGroup();
}
}
/// <summary>
/// 批量删除角色
/// </summary>
/// <param name="roleIds">角色编号</param>
/// <returns></returns>
public static void RemoveRole(IEnumerable <long> roleIds)
{
#region 参数判断
if (roleIds.IsNullOrEmpty())
{
return;
}
#endregion
//删除角色信息
IQuery parentRemoveCondition = QueryFactory.Create();
parentRemoveCondition.In <RoleQuery>(r => r.SysNo, roleIds);
roleRepository.Remove(parentRemoveCondition);
//删除子类
IQuery childQuery = QueryFactory.Create();
childQuery.In <RoleQuery>(r => r.Parent, roleIds);
childQuery.AddQueryFields <RoleQuery>(r => r.SysNo);
List <Role> roleList = roleRepository.GetList(childQuery);
if (roleList.IsNullOrEmpty())
{
return;
}
RemoveRole(roleList.Select(r => r.SysNo));
}
/// <summary>
/// 角色权限筛选
/// </summary>
/// <param name="filter">筛选信息</param>
/// <returns></returns>
IQuery CreateAuthorityQueryObject(RoleAuthorityFilterDto filter)
{
if (filter == null)
{
return(null);
}
IQuery query = CreateAuthorityQueryObject(filter, true) ?? QueryFactory.Create <AuthorityQuery>();
#region 角色授权筛选
if (filter.RoleFilter != null)
{
IQuery roleFilter = this.Instance <IRoleBusiness>().CreateQueryObject(filter.RoleFilter);
if (roleFilter != null)
{
roleFilter.AddQueryFields <RoleQuery>(c => c.SysNo);
IQuery roleBindAuthQuery = QueryFactory.Create <RoleAuthorizeQuery>();
roleBindAuthQuery.And <RoleAuthorizeQuery>(c => c.Role, CriteriaOperator.In, roleFilter);
roleBindAuthQuery.AddQueryFields <RoleAuthorizeQuery>(c => c.Authority);
query.And <AuthorityQuery>(c => c.Code, CriteriaOperator.In, roleBindAuthQuery);
}
}
#endregion
return(query);
}
/// <summary>
/// 设置上级角色
/// </summary>
/// <param name="role">上级角色</param>
public void SetParentRole(Role parentRole)
{
int parentLevel = 0;
long parentSysNo = 0;
if (parentRole != null)
{
parentLevel = parentRole.Level;
parentSysNo = parentRole.SysNo;
}
if (parentSysNo == _sysNo && !PrimaryValueIsNone())
{
throw new AppException("不能将角色本身设置为自己的上级角色");
}
//排序
IQuery sortQuery = QueryFactory.Create <RoleQuery>(r => r.Parent == parentSysNo);
sortQuery.AddQueryFields <RoleQuery>(c => c.SortIndex);
int maxSortIndex = roleRepository.Max <int>(sortQuery);
_sortIndex = maxSortIndex + 1;
_parent.SetValue(parentRole, true);
//等级
int newLevel = parentLevel + 1;
bool modifyChild = newLevel != _level;
_level = newLevel;
if (modifyChild)
{
//修改所有子集信息
ModifyChildRole();
}
}
/// <summary>
/// 初始化排序
/// </summary>
void InitSort()
{
var parentId = parent.CurrentValue?.Id ?? 0;
IQuery sortQuery = QueryManager.Create <OperationGroupEntity>(r => r.Parent == parentId && r.Id != Id);
sortQuery.AddQueryFields <OperationGroupEntity>(c => c.Sort);
int maxSort = repository.Max <int>(sortQuery);
Sort = maxSort + 1;
}
/// <summary>
/// 用户授权筛选
/// </summary>
/// <param name="filter">筛选信息</param>
/// <returns></returns>
IQuery CreateAuthorityQueryObject(UserAuthorityFilterDto filter)
{
if (filter == null)
{
return(null);
}
IQuery query = CreateAuthorityQueryObject(filter, true) ?? QueryFactory.Create <AuthorityQuery>();
#region 用户授权筛选
if (filter.UserFilter != null)
{
IQuery userQuery = this.Instance <IUserBusiness>().CreateQueryObject(filter.UserFilter);
if (userQuery != null)
{
userQuery.AddQueryFields <UserQuery>(c => c.SysNo);
#region 用户或者角色绑定的授权
IQuery userOrRoleBindAuthQuery = QueryFactory.Create();
//用户授权
IQuery userAuthBindQuery = QueryFactory.Create <UserAuthorizeQuery>(c => c.Disable == false);
userAuthBindQuery.And <UserAuthorizeQuery>(c => c.User, CriteriaOperator.In, userQuery);
userAuthBindQuery.AddQueryFields <UserAuthorizeQuery>(c => c.Authority);
IQuery userAuthQuery = QueryFactory.Create <AuthorityQuery>();
userAuthQuery.And <AuthorityQuery>(c => c.Code, CriteriaOperator.In, userAuthBindQuery);
userOrRoleBindAuthQuery.And(userAuthQuery);
//角色授权
IQuery userRoleBindQuery = QueryFactory.Create <UserRoleQuery>();
userRoleBindQuery.And <UserRoleQuery>(c => c.UserSysNo, CriteriaOperator.In, userQuery);
userRoleBindQuery.AddQueryFields <UserRoleQuery>(c => c.RoleSysNo);
IQuery roleAuthBindQuery = QueryFactory.Create <RoleAuthorizeQuery>();
roleAuthBindQuery.And <RoleAuthorizeQuery>(c => c.Role, CriteriaOperator.In, userRoleBindQuery);
roleAuthBindQuery.AddQueryFields <RoleAuthorizeQuery>(c => c.Authority);
IQuery roleAuthQuery = QueryFactory.Create <AuthorityQuery>();
roleAuthQuery.And <AuthorityQuery>(c => c.Code, CriteriaOperator.In, roleAuthBindQuery);
userOrRoleBindAuthQuery.Or(roleAuthQuery);
query.And(userOrRoleBindAuthQuery);
#endregion
//排除用户禁用的授权
IQuery userDisableAuthQuery = QueryFactory.Create <UserAuthorizeQuery>(c => c.Disable == true);
userDisableAuthQuery.And <UserAuthorizeQuery>(c => c.User, CriteriaOperator.In, userQuery);
userDisableAuthQuery.AddQueryFields <UserAuthorizeQuery>(c => c.Authority);
query.And <AuthorityQuery>(c => c.Code, CriteriaOperator.NotIn, userDisableAuthQuery);
}
}
#endregion
return(query);
}
/// <summary>
/// 加载操作对应的权限信息
/// </summary>
/// <returns></returns>
List<Authority> LoadAuthority()
{
if (!AllowLazyLoad(r => r.Authoritys))
{
return _authoritys.CurrentValue;
}
IQuery query = QueryFactory.Create();
IQuery bindQuery = QueryFactory.Create(AuthorityBindOperationQuery.ObjectName);
bindQuery.AddQueryFields<AuthorityBindOperationQuery>(a => a.AuthorityCode);
bindQuery.And<AuthorityBindOperationQuery>(a => a.AuthorithOperation == _sysNo);
query.And<AuthorityQuery>(a => a.Code, CriteriaOperator.In, bindQuery);
return this.Instance<IAuthorityRepository>().GetList(query);
}
/// <summary>
/// 加载操作对应的权限信息
/// </summary>
/// <returns></returns>
List <Authority> LoadAuthority()
{
if (!AllowLazyLoad(r => r.Authoritys))
{
return(authoritys.CurrentValue);
}
IQuery query = QueryManager.Create();
IQuery bindQuery = QueryManager.Create <AuthorityBindOperationQuery>();
bindQuery.AddQueryFields <AuthorityBindOperationQuery>(a => a.AuthoritySysNo);
bindQuery.And <AuthorityBindOperationQuery>(a => a.AuthorityOperationSysNo == SysNo);
query.And <AuthorityQuery>(a => a.Code, CriteriaOperator.In, bindQuery);
return(this.Instance <IAuthorityRepository>().GetList(query));
}
/// <summary>
/// 生成服务调度计划查询对象
/// </summary>
/// <param name="filter">查询信息</param>
/// <returns></returns>
IQuery CreateQueryObject(ServerScheduleTriggerFilterDto filter)
{
if (filter == null)
{
return(null);
}
IQuery triggerQuery = CreateQueryObject(filter, true) ?? QueryFactory.Create <TriggerQuery>();
#region 任务筛选
IQuery jobQuery = this.Instance <IJobBusiness>().CreateQueryObject(filter.JobFilter);
if (jobQuery != null && jobQuery.Criterias.Count > 0)
{
jobQuery.AddQueryFields <JobQuery>(c => c.Id);
triggerQuery.And <TriggerQuery>(c => c.Job, CriteriaOperator.In, jobQuery);
}
#endregion
#region 务筛选
IQuery serverQuery = this.Instance <IServerNodeBusiness>().CreateQueryObject(filter.ServerFilter);
if (serverQuery != null && serverQuery.Criterias.Count > 0)
{
IQuery triggerServerFilterQuery = QueryFactory.Create();
serverQuery.AddQueryFields <ServerNodeQuery>(c => c.Id);
IQuery triggerServerQuery = QueryFactory.Create <TriggerServerQuery>();
triggerServerQuery.And <TriggerServerQuery>(c => c.Server, CriteriaOperator.In, serverQuery);
triggerServerQuery.AddQueryFields <TriggerServerQuery>(c => c.Trigger);
triggerServerFilterQuery.And <TriggerQuery>(c => c.Id, CriteriaOperator.In, triggerServerQuery);
//服务承载任务针对所有的执行计划
IQuery serverJobHostQuery = QueryFactory.Create <JobServerHostQuery>();
serverJobHostQuery.And <JobServerHostQuery>(c => c.Server, CriteriaOperator.In, serverQuery);
serverJobHostQuery.AddQueryFields <JobServerHostQuery>(c => c.Job);
IQuery applyToAllServerQuery = QueryFactory.Create();
applyToAllServerQuery.And <TriggerQuery>(c => c.Job, CriteriaOperator.In, serverJobHostQuery);
applyToAllServerQuery.And <TriggerQuery>(c => c.ApplyTo == TaskTriggerApplyTo.所有);
triggerServerFilterQuery.Or(applyToAllServerQuery);
triggerQuery.And(triggerServerFilterQuery);
}
#endregion
return(triggerQuery);
}
/// <summary>
/// 管理用户查询对象
/// </summary>
/// <param name="adminUserFilter">管理用户筛选对象</param>
/// <returns></returns>
public IQuery CreateAdminQueryObject(AdminUserFilterDto adminUserFilter)
{
if (adminUserFilter == null)
{
return(null);
}
IQuery userQuery = CreateQueryObject(adminUserFilter, true) ?? QueryFactory.Create <UserQuery>();
#region 角色筛选
if (adminUserFilter.RoleFilter != null)
{
IQuery roleQuery = this.Instance <IRoleBusiness>().CreateQueryObject(adminUserFilter.RoleFilter);
if (roleQuery != null && roleQuery.Criterias.Count > 0)
{
roleQuery.AddQueryFields <RoleQuery>(c => c.SysNo);
IQuery userRoleQuery = QueryFactory.Create <UserRoleQuery>();
userRoleQuery.And <UserRoleQuery>(u => u.RoleSysNo, CriteriaOperator.In, roleQuery);
userRoleQuery.AddQueryFields <UserRoleQuery>(u => u.UserSysNo);
userQuery.And <UserQuery>(c => c.SysNo, CriteriaOperator.In, userRoleQuery);
}
}
if (!adminUserFilter.WithoutRoles.IsNullOrEmpty())
{
IQuery withRoleQuery = QueryFactory.Create <UserRoleQuery>();
withRoleQuery.In <UserRoleQuery>(r => r.RoleSysNo, adminUserFilter.WithoutRoles);
withRoleQuery.AddQueryFields <UserRoleQuery>(r => r.UserSysNo);
userQuery.And <UserQuery>(u => u.SysNo, CriteriaOperator.NotIn, withRoleQuery);
}
#endregion
#region 加载数据
if (adminUserFilter.LoadRole)
{
userQuery.SetLoadPropertys <AdminUser>(true, c => c.Roles);
}
#endregion
return(userQuery);
}
/// <summary>
/// 设置上级分组
/// </summary>
/// <param name="parentGroup">上级分组</param>
public void SetParentGroup(AuthorityOperationGroup parentGroup)
{
int parentLevel = 0;
long parentSysNo = 0;
if (parentGroup != null)
{
if (sysNo == parentGroup.SysNo && !IdentityValueIsNone())
{
throw new Exception("不能将分组数据设置为自己的上级分组");
}
if (parentGroup.Root != null && parentGroup.Root.SysNo == sysNo)
{
throw new Exception("不能将当前分组的下级设置为上级分组");
}
parentLevel = parentGroup.Level;
parentSysNo = parentGroup.SysNo;
root.SetValue(parentGroup.Root, false);
}
else
{
root.SetValue(null, false);
}
//排序
IQuery sortQuery = QueryFactory.Create <AuthorityOperationGroupQuery>(r => r.Parent == parentSysNo);
sortQuery.AddQueryFields <AuthorityOperationGroupQuery>(c => c.Sort);
int maxSortIndex = repository.Max <int>(sortQuery);
sort = maxSortIndex + 1;
parent.SetValue(parentGroup, true);
//等级
int newLevel = parentLevel + 1;
bool modifyChild = newLevel != level;
level = newLevel;
if (modifyChild)
{
//修改所有子集信息
ModifyChildAuthorityGroupParentGroup();
}
}
/// <summary>
/// 修改用户授权
/// </summary>
/// <param name="userAuthorizes">用户授权信息</param>
/// <returns></returns>
public static Result ModifyUserAuthorize(IEnumerable <UserAuthorize> userAuthorizes)
{
if (userAuthorizes.IsNullOrEmpty())
{
return(Result.FailedResult("没有指定任何要修改的用户授权信息"));
}
#region 角色授权
List <long> userIds = userAuthorizes.Select(c => c.User?.SysNo ?? 0).Distinct().ToList();
IQuery userRoleBindQuery = QueryFactory.Create <UserRoleQuery>(c => userIds.Contains(c.UserSysNo));
userRoleBindQuery.AddQueryFields <UserRoleQuery>(c => c.RoleSysNo);
IQuery roleAuthBindQuery = QueryFactory.Create <RoleAuthorizeQuery>();
roleAuthBindQuery.And <RoleAuthorizeQuery>(c => c.Role, CriteriaOperator.In, userRoleBindQuery);
roleAuthBindQuery.AddQueryFields <RoleAuthorizeQuery>(c => c.Authority);
IQuery authQuery = QueryFactory.Create <AuthorityQuery>();
authQuery.And <AuthorityQuery>(c => c.Code, CriteriaOperator.In, roleAuthBindQuery);
authQuery.AddQueryFields <AuthorityQuery>(c => c.Code);
IEnumerable <Authority> roleAuthoritys = AuthorityService.GetAuthorityList(authQuery);
List <string> roleAuthorityCodes = roleAuthoritys.Select(c => c.Code).ToList();
#endregion
List <UserAuthorize> saveUserAuthorizes = new List <UserAuthorize>();
userAuthRepository.Remove(userAuthorizes.ToArray()); //移除授权数据
List <UserAuthorize> disableAuthorizes = userAuthorizes.Where(c => c.Disable && roleAuthorityCodes.Contains(c.Authority?.Code)).ToList(); //角色拥有但是用户显示禁用掉的授权
if (!disableAuthorizes.IsNullOrEmpty())
{
saveUserAuthorizes.AddRange(disableAuthorizes);
}
List <UserAuthorize> enableAuthorizes = userAuthorizes.Where(c => !c.Disable && !roleAuthorityCodes.Contains(c.Authority?.Code)).ToList();//用户单独授权的权限
if (!enableAuthorizes.IsNullOrEmpty())
{
saveUserAuthorizes.AddRange(enableAuthorizes);
}
if (!saveUserAuthorizes.IsNullOrEmpty())
{
userAuthRepository.Save(saveUserAuthorizes.ToArray());
}
return(Result.SuccessResult("修改成功"));
}
/// <summary>
/// 根据查询条件生成查询对象
/// </summary>
/// <param name="filter">查询条件</param>
/// <returns></returns>
IQuery CreateQueryObject(JobServerHostFilterDto filter)
{
if (filter == null)
{
return(null);
}
IQuery query = QueryFactory.Create(filter);
if (!filter.Servers.IsNullOrEmpty())
{
query.In <JobServerHostQuery>(c => c.Server, filter.Servers);
}
if (!filter.Jobs.IsNullOrEmpty())
{
query.In <JobServerHostQuery>(c => c.Job, filter.Jobs);
}
if (filter.RunStatus.HasValue)
{
query.Equal <JobServerHostQuery>(c => c.RunStatus, filter.RunStatus.Value);
}
if (!filter.ServerKey.IsNullOrEmpty())
{
IQuery serverQuery = QueryFactory.Create <ServerNodeQuery>();
serverQuery.And <ServerNodeQuery>(QueryOperator.OR, CriteriaOperator.Like, filter.ServerKey, null, c => c.Name, c => c.Host);
serverQuery.AddQueryFields <ServerNodeQuery>(c => c.Id);
query.And <JobServerHostQuery>(c => c.Server, CriteriaOperator.In, serverQuery);
}
if (!filter.JobKey.IsNullOrEmpty())
{
IQuery jobQuery = QueryFactory.Create <JobQuery>();
jobQuery.And <JobQuery>(QueryOperator.OR, CriteriaOperator.Like, filter.JobKey, null, c => c.Name);
jobQuery.AddQueryFields <JobQuery>(c => c.Id);
query.And <JobServerHostQuery>(c => c.Job, CriteriaOperator.In, jobQuery);
}
return(query);
}
/// <summary>
/// 创建查询对象
/// </summary>
/// <returns>返回查询对象</returns>
public override IQuery CreateQuery()
{
IQuery query = base.CreateQuery() ?? QueryManager.Create <PermissionEntity>(this);
#region 用户授权筛选
if (UserFilter != null)
{
IQuery userQuery = UserFilter.CreateQuery();
if (userQuery != null)
{
userQuery.AddQueryFields <UserEntity>(c => c.Id);
//用户或者用户绑定角色的授权权限
IQuery userOrRolePermissionQuery = QueryManager.Create();
#region 用户授权
IQuery userBindingPermissionQuery = QueryManager.Create <UserPermissionEntity>(c => c.Disable == false);
userBindingPermissionQuery.EqualInnerJoin(userQuery);
userBindingPermissionQuery.AddQueryFields <UserPermissionEntity>(c => c.PermissionId);
IQuery userPermissionQuery = QueryManager.Create <PermissionEntity>();
userPermissionQuery.In <PermissionEntity>(c => c.Id, userBindingPermissionQuery);
userOrRolePermissionQuery.And(userPermissionQuery);
#endregion
#region 角色授权
//用户绑定的角色
IQuery userRoleQuery = QueryManager.Create <UserRoleEntity>();
userRoleQuery.EqualInnerJoin(userQuery);
var roleQuery = QueryManager.Create <RoleEntity>(r => r.Status == RoleStatus.Enable);
roleQuery.EqualInnerJoin(userRoleQuery);
//角色授权
var roleBindingPermissionQuery = QueryManager.Create <RolePermissionEntity>();
roleBindingPermissionQuery.EqualInnerJoin(roleQuery);
roleBindingPermissionQuery.AddQueryFields <RolePermissionEntity>(rp => rp.PermissionId);
var rolePermissionQuery = QueryManager.Create <PermissionEntity>();
rolePermissionQuery.In <PermissionEntity>(c => c.Id, roleBindingPermissionQuery);
userOrRolePermissionQuery.Or(rolePermissionQuery);
#endregion
query.And(userOrRolePermissionQuery);
#region 用户禁用授权
IQuery userDisablePermissionQuery = QueryManager.Create <UserPermissionEntity>(c => c.Disable == true);
userDisablePermissionQuery.EqualInnerJoin(userQuery);
userDisablePermissionQuery.AddQueryFields <UserPermissionEntity>(c => c.PermissionId);
query.NotIn <PermissionEntity>(c => c.Id, userDisablePermissionQuery);
#endregion
}
}
#endregion
return(query);
}
/// <summary>
/// 用户授权筛选
/// </summary>
/// <param name="filter">筛选信息</param>
/// <returns></returns>
IQuery CreateUserAuthorityQueryObject(UserAuthorityFilterDto filter)
{
if (filter == null)
{
return(null);
}
IQuery query = CreateAuthorityQueryObject(filter, true) ?? QueryManager.Create <AuthorityQuery>();
#region 用户授权筛选
if (filter.UserFilter != null)
{
IQuery userQuery = this.Instance <IUserBusiness>().CreateQueryObject(filter.UserFilter);
if (userQuery != null)
{
userQuery.AddQueryFields <UserQuery>(c => c.SysNo);
IQuery userOrRoleBindAuthQuery = QueryManager.Create();//用户和角色授权权限
#region 用户授权
IQuery userBindAuthQuery = QueryManager.Create <UserAuthorizeQuery>(c => c.Disable == false);
userBindAuthQuery.In <UserAuthorizeQuery>(c => c.UserSysNo, userQuery);
userBindAuthQuery.AddQueryFields <UserAuthorizeQuery>(c => c.AuthoritySysNo);
IQuery userAuthQuery = QueryManager.Create <AuthorityQuery>();
userAuthQuery.In <AuthorityQuery>(c => c.SysNo, userBindAuthQuery);
userOrRoleBindAuthQuery.And(userAuthQuery);
#endregion
#region 角色授权
//用户绑定的角色
var userRoleBindQuery = QueryManager.Create <UserRoleQuery>();
userRoleBindQuery.In <UserRoleQuery>(c => c.UserSysNo, userQuery);
userRoleBindQuery.AddQueryFields <UserRoleQuery>(c => c.RoleSysNo);
//包括所有上级角色
var roleQuery = QueryManager.Create <RoleQuery>(r => r.Status == RoleStatus.正常);
roleQuery.In <RoleQuery>(r => r.SysNo, userRoleBindQuery);
roleQuery.SetRecurve <RoleQuery>(r => r.SysNo, r => r.Parent, RecurveDirection.Up);
roleQuery.AddQueryFields <RoleQuery>(r => r.SysNo);
//角色授权
var roleAuthBindQuery = QueryManager.Create <RoleAuthorizeQuery>();
roleAuthBindQuery.In <RoleAuthorizeQuery>(c => c.RoleSysNo, roleQuery);
roleAuthBindQuery.AddQueryFields <RoleAuthorizeQuery>(c => c.AuthoritySysNo);
var roleAuthQuery = QueryManager.Create <AuthorityQuery>();
roleAuthQuery.In <AuthorityQuery>(c => c.SysNo, roleAuthBindQuery);
userOrRoleBindAuthQuery.Or(roleAuthQuery);
#endregion
query.And(userOrRoleBindAuthQuery);
#region 用户禁用授权
IQuery userDisableAuthQuery = QueryManager.Create <UserAuthorizeQuery>(c => c.Disable == true);
userDisableAuthQuery.In <UserAuthorizeQuery>(c => c.UserSysNo, userQuery);
userDisableAuthQuery.AddQueryFields <UserAuthorizeQuery>(c => c.AuthoritySysNo);
query.NotIn <AuthorityQuery>(c => c.SysNo, userDisableAuthQuery);
#endregion
}
}
#endregion
return(query);
}
public static int MaxLevel(IQuery query)
{
query.AddQueryFields <RoleQuery>(r => r.Level);
return(roleRepository.Max <int>(query));
}
/// <summary>
/// 用户授权验证
/// </summary>
/// <param name="auth">授权验证信息</param>
/// <returns></returns>
public bool Authentication(Authentication auth)
{
if (auth == null || auth.User == null || auth.Operation == null)
{
return(false);
}
#region 用户信息验证
User nowUser = userService.GetUser(auth.User.SysNo);//当前用户
if (nowUser == null)
{
return(false);
}
if (nowUser.SuperUser)
{
return(true);//超级用户不受权限控制
}
#endregion
#region 授权操作信息验证
AuthorityOperation nowOperation = authorityOperationService.GetAuthorityOperation(auth.Operation.ControllerCode, auth.Operation.ActionCode);//授权操作信息
if (nowOperation == null || nowOperation.Status == AuthorityOperationStatus.关闭)
{
return(false);
}
if (nowOperation.AuthorizeType == AuthorityOperationAuthorizeType.无限制)
{
return(true);
}
#endregion
#region 授权验证
//权限
IQuery authorityQuery = QueryManager.Create <AuthorityQuery>(a => a.Status == AuthorityStatus.启用);
authorityQuery.AddQueryFields <AuthorityQuery>(a => a.Code);
//操作绑定权限
IQuery operationBindQuery = QueryManager.Create <AuthorityBindOperationQuery>(a => a.AuthorityOperationSysNo == nowOperation.SysNo);
operationBindQuery.AddQueryFields <AuthorityBindOperationQuery>(a => a.AuthoritySysNo);
authorityQuery.And <AuthorityQuery>(a => a.Code, CriteriaOperator.In, operationBindQuery);
//当前用户可以使用
IQuery userAuthorizeQuery = QueryManager.Create <UserAuthorizeQuery>(a => a.UserSysNo == auth.User.SysNo && a.Disable == false);
userAuthorizeQuery.AddQueryFields <UserAuthorizeQuery>(a => a.AuthoritySysNo);
//用户角色
IQuery userRoleQuery = QueryManager.Create <UserRoleQuery>(a => a.UserSysNo == auth.User.SysNo);
userRoleQuery.AddQueryFields <UserRoleQuery>(r => r.RoleSysNo);
//角色权限
IQuery roleAuthorizeQuery = QueryManager.Create <RoleAuthorizeQuery>();
roleAuthorizeQuery.AddQueryFields <RoleAuthorizeQuery>(a => a.AuthoritySysNo);
roleAuthorizeQuery.And <RoleAuthorizeQuery>(a => a.RoleSysNo, CriteriaOperator.In, userRoleQuery);
//用户或用户角色拥有权限
IQuery userAndRoleAuthorityQuery = QueryManager.Create();
userAndRoleAuthorityQuery.And <AuthorityQuery>(a => a.Code, CriteriaOperator.In, userAuthorizeQuery); //用户拥有权限
userAndRoleAuthorityQuery.Or <AuthorityQuery>(a => a.Code, CriteriaOperator.In, roleAuthorizeQuery); //或者角色拥有权限
authorityQuery.And(userAndRoleAuthorityQuery);
//去除用户禁用的
IQuery userDisableAuthorizeQuery = QueryManager.Create <UserAuthorizeQuery>(a => a.UserSysNo == auth.User.SysNo && a.Disable == true);
userDisableAuthorizeQuery.AddQueryFields <UserAuthorizeQuery>(a => a.AuthoritySysNo);
authorityQuery.And <AuthorityQuery>(a => a.Code, CriteriaOperator.NotIn, userDisableAuthorizeQuery);
return(authorityRepository.Exist(authorityQuery));
#endregion
}