/// <summary>
/// 获取用户有权限访问的模块主键
/// </summary>
/// <param name="userId">用户主键</param>
/// <returns>主键数组</returns>
public string[] GetIDsByUser(string userId)
{
// 公开的模块谁都可以访问
string[] openModuleIds = null;
var parameters = new List <KeyValuePair <string, object> >
{
new KeyValuePair <string, object>(PiModuleTable.FieldIsPublic, 1),
new KeyValuePair <string, object>(PiModuleTable.FieldEnabled, 1),
new KeyValuePair <string, object>(PiModuleTable.FieldDeleteMark, 0)
};
openModuleIds = this.GetIds(parameters);
string[] twoModuleIds = null;
if (!string.IsNullOrEmpty(userId))
{
// 按第一个解决方案进行计算 (用户 ---> 权限 --- 权限 <--- 菜单)
// 获取用户的所有权限ID数组
// PiPermissionManager permissionManager = new PiPermissionManager(DBProvider, UserInfo);
// DataTable dtPermission = permissionManager.GetPermissionByUser(UserInfo.Id);
// string[] permissionItemIds = BusinessLogic.FieldToArray(dtPermission, BasePermissionItemEntity.FieldId);
/*
* string[] oneModuleIds = new string[0];
* if ((permissionItemIds != null) && (permissionItemIds.Length > 0))
* {
* // 获取所有跟这个权限有关联的模块ID数组
* string sqlQuery = string.Empty;
* sqlQuery = " SELECT " + PiPermissionTable.FieldResourceId
+ " FROM " + PiPermissionTable.TableName
+ " WHERE " + PiPermissionTable.FieldResourceCategory + " = '" + PiModuleTable.TableName + "' "
+ " AND " + PiPermissionTable.FieldPermissionId + " IN (" + BusinessLogic.ObjectsToList(permissionItemIds) + ")";
+
+ dtPermission = DBProvider.Fill(sqlQuery);
+ oneModuleIds = BusinessLogic.FieldToArray(dtPermission, PiPermissionTable.FieldResourceId);
+ }
*/
//按第二个解决方案进行计算 (用户 ---> 模块访问权限 ---> 菜单)
string tableName = PiPermissionScopeTable.TableName;
PiPermissionScopeManager permissionScopeManager = new PiPermissionScopeManager(DBProvider, UserInfo, tableName);
// 模块访问,连同用户本身的,还有角色的,全部获取出来
string permissionItemCode = "Resource.AccessPermission";
twoModuleIds = permissionScopeManager.GetResourceScopeIds(userId, PiModuleTable.TableName, permissionItemCode);
// 这些模块是有效的才可以
parameters = new List <KeyValuePair <string, object> >
{
new KeyValuePair <string, object>(PiModuleTable.FieldId, twoModuleIds),
new KeyValuePair <string, object>(PiModuleTable.FieldEnabled, 1),
new KeyValuePair <string, object>(PiModuleTable.FieldDeleteMark, 0)
};
twoModuleIds = this.GetProperties(parameters, PiModuleTable.FieldId);
}
// 返回相应的模块列表
string[] moduleIds = BusinessLogic.Concat(openModuleIds, twoModuleIds);
return(moduleIds);
}
//
// 授予授权范围的实现部分
//
#region private string GrantUser(PiPermissionScopeManager permissionScopeManager, string userId, string permissionItemCode, string grantUserId) 为了提高授权的运行速度
/// <summary>
/// 为了提高授权的运行速度
/// </summary>
/// <param name="permissionScopeManager">权限域读写器</param>
/// <param name="userId">员工主键</param>
/// <param name="permissionItemCode">权限项代码</param>
/// <param name="grantUserId">权限主键</param>
/// <returns>主键</returns>
private string GrantUser(PiPermissionScopeManager permissionScopeManager, string userId, string permissionItemCode, string grantUserId)
{
var returnValue = string.Empty;
var names = new string[5];
var values = new string[5];
names[0] = PiPermissionScopeTable.FieldResourceCategory;
values[0] = PiUserTable.TableName;
names[1] = PiPermissionScopeTable.FieldResourceId;
values[1] = userId;
names[2] = PiPermissionScopeTable.FieldTargetCategory;
values[2] = PiUserTable.TableName;
names[3] = PiPermissionScopeTable.FieldTargetId;
values[3] = grantUserId;
names[4] = PiPermissionScopeTable.FieldPermissionId;
values[4] = this.GetIdByCode(permissionItemCode);
if (!this.Exists(names, values))
{
var resourcePermissionScopeEntity = new PiPermissionScopeEntity
{
PermissionId = this.GetIdByCode(permissionItemCode),
ResourceCategory = PiUserTable.TableName,
ResourceId = userId,
TargetCategory = PiUserTable.TableName,
TargetId = grantUserId,
Enabled = 1,
DeleteMark = 0
};
return(permissionScopeManager.Add(resourcePermissionScopeEntity));
}
return(returnValue);
}
/// <summary>
/// 获取能访问的字段列表
/// </summary>
/// <param name="userId">用户代码</param>
/// <param name="tableCode">表名</param>
/// <returns>数据表</returns>
public DataTable GetTableColumns(string userId, string tableCode)
{
// 当前用户对哪些资源有权限(用户自己的权限 + 相应的角色拥有的权限)
PiPermissionScopeManager permissionScopeManager = new PiPermissionScopeManager(DBProvider, UserInfo);
string[] ids = permissionScopeManager.GetResourceScopeIds(userId, "TableColumns", "ColumnAccess");
// 获取有效的,没删除标志的
string sqlQuery = " SELECT * FROM " + CiTableColumnsTable.TableName + " WHERE (" + CiTableColumnsTable.FieldDeleteMark + " = 0 AND " + CiTableColumnsTable.FieldEnabled + " = 1) ";
// 是否指定了表名
if (!string.IsNullOrEmpty(tableCode))
{
sqlQuery += " AND (" + CiTableColumnsTable.FieldTableCode + "= '" + tableCode + "') ";
}
// 公开的或者按权限来过滤字段
sqlQuery += " AND (" + CiTableColumnsTable.FieldIsPublic + " = 1 ";
if (ids != null && ids.Length > 0)
{
string idList = BusinessLogic.ArrayToList(ids, "'");
sqlQuery += " OR " + CiTableColumnsTable.FieldId + " IN (" + idList + ")";
}
sqlQuery += ") ORDER BY " + CiTableColumnsTable.FieldSortCode;
return(DBProvider.Fill(sqlQuery));
}
/// <summary>
/// 按日期获取日志
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="beginDate">开始时间</param>
/// <param name="endDate">结束时间</param>
/// <param name="userId">用户主键</param>
/// <param name="moduleId">模块主键</param>
/// <returns>数据表</returns>
public DataTable GetDTByDate(UserInfo userInfo, string beginDate, string endDate, string userId, string moduleId)
{
var dataTable = new DataTable(CiLogTable.TableName);
var parameter = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.LogService_GetDTByDate);
ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider =>
{
var logManager = new LogManager(dbProvider, userInfo);
if (!string.IsNullOrEmpty(userId))
{
dataTable = logManager.GetDTByDateByUserIds(new[] { userId }, CiLogTable.FieldProcessId, moduleId, beginDate, endDate);
}
else
{
if (userInfo.IsAdministrator)
{
dataTable = logManager.GetDTByDate(CiLogTable.FieldProcessId, moduleId, beginDate, endDate);
}
else
{
var piPermissionScopeManager = new PiPermissionScopeManager(dbProvider, userInfo);
string[] userIds = piPermissionScopeManager.GetUserIds(userInfo.Id, "Resource.ManagePermission");
dataTable = logManager.GetDTByDateByUserIds(userIds, CiLogTable.FieldProcessId, moduleId, beginDate, endDate);
}
}
dataTable.TableName = CiLogTable.TableName;
});
return(dataTable);
}
/// <summary>
/// 设置约束条件
/// </summary>
/// <param name="resourceCategory">资源类别</param>
/// <param name="resourceId">资源主键</param>
/// <param name="tableName">表名</param>
/// <param name="constraint">约束</param>
/// <param name="enabled">有效</param>
/// <param name="permissionCode">操作权限项</param>
/// <returns>主键</returns>
public string SetConstraint(string resourceCategory, string resourceId, string tableName, string permissionCode, string constraint, bool enabled = true)
{
string returnValue = string.Empty;
string permissionId = string.Empty;
PiPermissionItemManager permissionItemManager = new PiPermissionItemManager(this.UserInfo);
permissionId = permissionItemManager.GetIdByAdd(permissionCode);
PiPermissionScopeManager manager = new PiPermissionScopeManager(this.DBProvider, this.UserInfo);
string[] names =
{
PiPermissionScopeTable.FieldResourceCategory
, PiPermissionScopeTable.FieldResourceId
, PiPermissionScopeTable.FieldTargetCategory
, PiPermissionScopeTable.FieldTargetId
, PiPermissionScopeTable.FieldPermissionId
, PiPermissionScopeTable.FieldDeleteMark
};
Object[] values =
{
resourceCategory
, resourceId
, "Table"
, tableName
, permissionId
, 0
};
// 1:先获取是否有这样的主键,若有进行更新操作。
// 2:若没有进行添加操作。
returnValue = manager.GetId(names, values);
if (!string.IsNullOrEmpty(returnValue))
{
string[] targetFields = { PiPermissionScopeTable.FieldPermissionConstraint, PiPermissionScopeTable.FieldEnabled };
Object[] targetValues = { constraint, enabled ? 1 : 0 };
manager.SetProperty(PiPermissionScopeTable.FieldId, returnValue, targetFields, targetValues);
}
else
{
PiPermissionScopeEntity entity = new PiPermissionScopeEntity
{
ResourceCategory = resourceCategory,
ResourceId = resourceId,
TargetCategory = "Table",
TargetId = tableName,
PermissionConstraint = constraint,
PermissionId = permissionId,
DeleteMark = 0,
Enabled = enabled ? 1 : 0
};
returnValue = manager.Add(entity);
}
return(returnValue);
}
public int RevokeAll(string organizeId)
{
List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >
{
new KeyValuePair <string, object>(PiPermissionScopeTable.FieldResourceCategory, PiOrganizeTable.TableName),
new KeyValuePair <string, object>(PiPermissionScopeTable.FieldResourceId, organizeId)
};
PiPermissionScopeManager permissionScopeManager = new PiPermissionScopeManager(DBProvider, UserInfo, this.CurrentTableName);
return(permissionScopeManager.Delete(parameters));
}
/// <summary>
/// 获取用户的某个资源的权限范围(树型资源)
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="userId">用户主键</param>
/// <param name="targetCategory">目标类别</param>
/// <param name="permissionItemCode">权限编号</param>
/// <param name="childrens">是否含子节点</param>
/// <returns>主键数组</returns>
public string[] GetTreeResourceScopeIds(UserInfo userInfo, string userId, string targetCategory, string permissionItemCode, bool childrens)
{
string[] returnValue = null;
var parameter = ParameterUtil.CreateWithLog(userInfo, MethodBase.GetCurrentMethod());
ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider =>
{
returnValue = new PiPermissionScopeManager(dbProvider, userInfo).GetTreeResourceScopeIds(userId, targetCategory, permissionItemCode, childrens);
});
return(returnValue);
}
/// <summary>
/// 撤消资源的权限范围
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="resourceCategory">资源分类</param>
/// <param name="resourceId">资源主键</param>
/// <param name="targetCategory">目标类别</param>
/// <param name="permissionItemId">权限主键</param>
/// <returns>影响的行数</returns>
public int ClearPermissionScopeTarget(UserInfo userInfo, string resourceCategory, string resourceId, string targetCategory, string permissionItemId)
{
var returnValue = 0;
var parameter = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.PermissionService_ClearPermissionScopeTarget);
ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider =>
{
returnValue = new PiPermissionScopeManager(dbProvider, userInfo).RevokeResourcePermissionScopeTarget(resourceCategory, resourceId, targetCategory, permissionItemId);
});
return(returnValue);
}
/// <summary>
/// 移除权限范围
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="resourceCategory">资源分类</param>
/// <param name="resourceIds">资源主键</param>
/// <param name="targetCategory">目标分类</param>
/// <param name="revokeTargetId">目标主键</param>
/// <param name="permissionItemId">操作权限项</param>
/// <returns>影响行数</returns>
public int RevokePermissionScopeTarget(UserInfo userInfo, string resourceCategory, string[] resourceIds, string targetCategory, string revokeTargetId, string permissionItemId)
{
var returnValue = 0;
var parameter = ParameterUtil.CreateWithLog(userInfo, MethodBase.GetCurrentMethod());
ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider =>
{
returnValue = new PiPermissionScopeManager(dbProvider, userInfo).RevokeResourcePermissionScopeTarget(resourceCategory, resourceIds, targetCategory, revokeTargetId, permissionItemId);
});
return(returnValue);
}
/// <summary>
/// 批量删除约束条件
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="ids">主键数组</param>
/// <returns>影响行数</returns>
public int BatchDeleteConstraint(UserInfo userInfo, string[] ids)
{
var returnValue = 0;
var parameter = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.TableColumnsService_BatchDeleteConstraint);
ServiceUtil.ProcessRDIWriteDbWithTran(userInfo, parameter, dbProvider =>
{
returnValue = new PiPermissionScopeManager(dbProvider, userInfo).SetDeleted(ids);
});
return(returnValue);
}
/// <summary>
/// 获得指定用户的数据权限范围
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="userId">用户主键</param>
/// <param name="permissionItemCode">数据权限编号</param>
/// <returns>数据权限范围</returns>
public PermissionScope GetPermissionScopeByUserId(UserInfo userInfo, string userId, string permissionItemCode)
{
var returnValue = PermissionScope.None;
var parameter = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.PermissionService_GetPermissionScopeByUserId);
ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider =>
{
returnValue = new PiPermissionScopeManager(dbProvider, userInfo).GetUserPermissionScope(userId, permissionItemCode);
});
return(returnValue);
}
public int RevokeModules(string organizeId, string permissionItemCode, string[] revokeModuleIds)
{
int returnValue = 0;
PiPermissionScopeManager permissionScopeManager = new PiPermissionScopeManager(DBProvider, UserInfo, this.CurrentTableName);
for (int i = 0; i < revokeModuleIds.Length; i++)
{
this.RevokeModule(permissionScopeManager, organizeId, permissionItemCode, revokeModuleIds[i]);
returnValue++;
}
return(returnValue);
}
public int RevokeModules(string[] userIds, string permissionItemCode, string revokeModuleId)
{
int returnValue = 0;
PiPermissionScopeManager permissionScopeManager = new PiPermissionScopeManager(DBProvider, UserInfo);
for (int i = 0; i < userIds.Length; i++)
{
this.RevokeModule(permissionScopeManager, userIds[i], permissionItemCode, revokeModuleId);
returnValue++;
}
return(returnValue);
}
public int GrantPermissionItemes(string[] userIds, string permissionItemCode, string grantPermissionId)
{
int returnValue = 0;
PiPermissionScopeManager permissionScopeManager = new PiPermissionScopeManager(DBProvider, UserInfo);
for (int i = 0; i < userIds.Length; i++)
{
this.GrantPermissionItem(permissionScopeManager, userIds[i], permissionItemCode, grantPermissionId);
returnValue++;
}
return(returnValue);
}
public int GrantModules(string[] organizeIds, string permissionItemCode, string grantModuleId)
{
int returnValue = 0;
PiPermissionScopeManager permissionScopeManager = new PiPermissionScopeManager(DBProvider, UserInfo, this.CurrentTableName);
for (int i = 0; i < organizeIds.Length; i++)
{
this.GrantModule(permissionScopeManager, organizeIds[i], permissionItemCode, grantModuleId);
returnValue++;
}
return(returnValue);
}
public int GrantModules(string userId, string permissionItemCode, string[] grantModuleIds)
{
int returnValue = 0;
PiPermissionScopeManager permissionScopeManager = new PiPermissionScopeManager(DBProvider, UserInfo);
for (int i = 0; i < grantModuleIds.Length; i++)
{
this.GrantModule(permissionScopeManager, userId, permissionItemCode, grantModuleIds[i]);
returnValue++;
}
return(returnValue);
}
public int RevokePermissionItems(string userId, string permissionItemCode, string[] revokePermissionIds)
{
int returnValue = 0;
PiPermissionScopeManager permissionScopeManager = new PiPermissionScopeManager(DBProvider, UserInfo);
for (int i = 0; i < revokePermissionIds.Length; i++)
{
this.RevokePermissionItem(permissionScopeManager, userId, permissionItemCode, revokePermissionIds[i]);
returnValue++;
}
return(returnValue);
}
public int RevokeAll(string userId)
{
string[] names = new string[2];
string[] values = new string[2];
names[0] = PiPermissionScopeTable.FieldResourceCategory;
values[0] = PiUserTable.TableName;
names[1] = PiPermissionScopeTable.FieldResourceId;
values[1] = userId;
PiPermissionScopeManager permissionScopeManager = new PiPermissionScopeManager(DBProvider, UserInfo);
return(permissionScopeManager.Delete(names, values));
}
public int ClearOrganizePermissionScope(string organizeId, string permissionItemCode)
{
List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >
{
new KeyValuePair <string, object>(PiPermissionScopeTable.FieldResourceCategory, PiOrganizeTable.TableName),
new KeyValuePair <string, object>(PiPermissionScopeTable.FieldResourceId, organizeId),
new KeyValuePair <string, object>(PiPermissionScopeTable.FieldPermissionId, this.GetIdByCode(permissionItemCode))
};
PiPermissionScopeManager permissionScopeManager = new PiPermissionScopeManager(DBProvider, UserInfo, this.CurrentTableName);
return(permissionScopeManager.Delete(parameters));
}
/// <summary>
/// 按某个权限范围获取特定用户可访问的组织机构主键数组
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="userId">用户主键</param>
/// <param name="permissionItemCode">操作权限编号</param>
/// <returns>主键数组</returns>
public string[] GetOrganizeIdsByPermissionScope(UserInfo userInfo, string userId, string permissionItemCode)
{
string[] returnValue = null;
var parameter = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.PermissionService_GetOrganizeIdsByPermissionScope);
ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider =>
{
if (!String.IsNullOrEmpty(permissionItemCode))
{
returnValue = new PiPermissionScopeManager(dbProvider, userInfo).GetOrganizeIds(userId, permissionItemCode);
}
});
return(returnValue);
}
//
// 撤销授权范围的实现部分
//
#region private int RevokeModule(PiPermissionScopeManager permissionScopeManager, string organizeId, string permissionItemCode, string revokeModuleId) 为了提高授权的运行速度
/// <summary>
/// 为了提高授权的运行速度
/// </summary>
/// <param name="permissionScopeManager">权限域读写器</param>
/// <param name="organizeId">组织机构主键</param>
/// <param name="permissionItemCode">权限代码</param>
/// <param name="revokeModuleId">回收的模块主键</param>
/// <returns>主键</returns>
private int RevokeModule(PiPermissionScopeManager permissionScopeManager, string organizeId, string permissionItemCode, string revokeModuleId)
{
List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >
{
new KeyValuePair <string, object>(PiPermissionScopeTable.FieldResourceCategory, PiOrganizeTable.TableName),
new KeyValuePair <string, object>(PiPermissionScopeTable.FieldResourceId, organizeId),
new KeyValuePair <string, object>(PiPermissionScopeTable.FieldTargetCategory, PiModuleTable.TableName),
new KeyValuePair <string, object>(PiPermissionScopeTable.FieldTargetId, revokeModuleId),
new KeyValuePair <string, object>(PiPermissionScopeTable.FieldPermissionId,
this.GetIdByCode(permissionItemCode))
};
return(permissionScopeManager.Delete(parameters));
}
/// <summary>
/// 清除用户权限范围
/// </summary>
/// <param name="userId">用户主键</param>
/// <param name="permissionItemCode">操作权限编号</param>
/// <returns>受影响的行数</returns>
public int ClearUserPermissionScope(string userId, string permissionItemCode)
{
string[] names = new string[3];
string[] values = new string[3];
names[0] = PiPermissionScopeTable.FieldResourceCategory;
values[0] = PiUserTable.TableName;
names[1] = PiPermissionScopeTable.FieldResourceId;
values[1] = userId;
names[2] = PiPermissionScopeTable.FieldPermissionId;
values[2] = this.GetIdByCode(permissionItemCode);
PiPermissionScopeManager permissionScopeManager = new PiPermissionScopeManager(DBProvider, UserInfo);
return(permissionScopeManager.Delete(names, values));
}
/// <summary>
/// 员工撤销授权
/// </summary>
/// <param name="userIds">用户主键数组</param>
/// <param name="permissionItemCode">权限代码</param>
/// <param name="revokeUserIds">撤销用户主键数组</param>
/// <returns>受影响的数量</returns>
public int RevokeUsers(string[] userIds, string permissionItemCode, string[] revokeUserIds)
{
var returnValue = 0;
var permissionScopeManager = new PiPermissionScopeManager(DBProvider, UserInfo);
for (var i = 0; i < userIds.Length; i++)
{
for (var j = 0; j < revokeUserIds.Length; j++)
{
this.RevokeUser(permissionScopeManager, userIds[i], permissionItemCode, revokeUserIds[j]);
returnValue++;
}
}
return(returnValue);
}
public int GrantPermissionItems(string[] roleIds, string permissionItemCode, string[] grantPermissionIds)
{
int returnValue = 0;
PiPermissionScopeManager permissionScopeManager = new PiPermissionScopeManager(DBProvider, UserInfo);
for (int i = 0; i < roleIds.Length; i++)
{
for (int j = 0; j < grantPermissionIds.Length; j++)
{
this.GrantPermissionItem(permissionScopeManager, roleIds[i], permissionItemCode, grantPermissionIds[j]);
returnValue++;
}
}
return(returnValue);
}
public int RevokeOrganizes(string[] roleIds, string permissionItemCode, string[] revokeOrganizeIds)
{
int returnValue = 0;
PiPermissionScopeManager permissionScopeManager = new PiPermissionScopeManager(DBProvider, UserInfo);
for (int i = 0; i < roleIds.Length; i++)
{
for (int j = 0; j < revokeOrganizeIds.Length; j++)
{
this.RevokeOrganize(permissionScopeManager, roleIds[i], permissionItemCode, revokeOrganizeIds[j]);
returnValue++;
}
}
return(returnValue);
}
//////////////////////////////////////////////////////////////////////////////////////////////////////
/// 用户权限范围判断相关
/// 按某个权限范围获取特定用户可访问的特定资源(这个权限范围主要指数据权限【如:资源管理权限、资源访问权限等】)
//////////////////////////////////////////////////////////////////////////////////////////////////////
#region public DataTable GetUserDTByPermissionScope(UserInfo userInfo, string userId, string permissionItemCode) 按某个权限范围获取特定用户可访问的用户列表
/// <summary>
/// 按某个权限范围获取特定用户可访问的用户列表
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="userId">用户主键</param>
/// <param name="permissionItemCode">操作权限编号</param>
/// <returns>数据表</returns>
public DataTable GetUserDTByPermissionScope(UserInfo userInfo, string userId, string permissionItemCode)
{
var dataTable = new DataTable(PiUserTable.TableName);
var parameter = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.PermissionService_GetUserDTByPermissionScope);
ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider =>
{
var permissionScopeManager = new PiPermissionScopeManager(dbProvider, userInfo);
if (!String.IsNullOrEmpty(permissionItemCode))
{
dataTable = permissionScopeManager.GetUserDT(userInfo.Id, permissionItemCode);
}
dataTable.TableName = PiUserTable.TableName;
});
return(dataTable);
}
//
// 授予授权范围的实现部分
//
#region private string GrantPermissionItem(PiPermissionScopeManager permissionScopeManager, string id, string userId, string grantPermissionId) 为了提高授权的运行速度
/// <summary>
/// 为了提高授权的运行速度
/// </summary>
/// <param name="permissionScopeManager">权限域读写器</param>
/// <param name="userId">员工主键</param>
/// <param name="permissionItemCode">权限代码</param>
/// <param name="grantPermissionId">权限主键</param>
/// <returns>主键</returns>
private string GrantPermissionItem(PiPermissionScopeManager permissionScopeManager, string userId, string permissionItemCode, string grantPermissionId)
{
string returnValue = string.Empty;
PiPermissionScopeEntity resourcePermissionScopeEntity = new PiPermissionScopeEntity
{
PermissionId = this.GetIdByCode(permissionItemCode),
ResourceCategory = PiUserTable.TableName,
ResourceId = userId,
TargetCategory = PiPermissionItemTable.TableName,
TargetId = grantPermissionId,
Enabled = 1,
DeleteMark = 0
};
return(permissionScopeManager.Add(resourcePermissionScopeEntity));
}
//
// 撤销授权范围的实现部分
//
#region private int RevokeUser(PiPermissionScopeManager permissionScopeManager, string roleId, string permissionItemCode, string revokeUserId) 为了提高授权的运行速度
/// <summary>
/// 为了提高授权的运行速度
/// </summary>
/// <param name="permissionScopeManager">权限域读写器</param>
/// <param name="roleId">员工主键</param>
/// <param name="permissionItemCode">权限代码</param>
/// <param name="revokeUserId">权限主键</param>
/// <returns>主键</returns>
private int RevokeUser(PiPermissionScopeManager permissionScopeManager, string roleId, string permissionItemCode, string revokeUserId)
{
string[] names = new string[5];
string[] values = new string[5];
names[0] = PiPermissionScopeTable.FieldResourceCategory;
values[0] = PiRoleTable.TableName;
names[1] = PiPermissionScopeTable.FieldResourceId;
values[1] = roleId;
names[2] = PiPermissionScopeTable.FieldTargetCategory;
values[2] = PiUserTable.TableName;
names[3] = PiPermissionScopeTable.FieldTargetId;
values[3] = revokeUserId;
names[4] = PiPermissionScopeTable.FieldPermissionId;
values[4] = this.GetIdByCode(permissionItemCode);
return(permissionScopeManager.Delete(names, values));
}
/// <summary>
/// 某个用户是否对某个模块有相应的权限
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="userId">用户主键</param>
/// <param name="moduleCode">模块编号</param>
/// <param name="permissionItemCode"></param>
/// <returns>是否有权限,true:是,false:否</returns>
public bool IsModuleAuthorizedByUserId(UserInfo userInfo, string userId, string moduleCode, string permissionItemCode)
{
var returnValue = false;
var parameter = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.PermissionService_IsModuleAuthorizedByUserId);
ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider =>
{
// 是否超级管理员
var userManager = new PiUserManager(dbProvider, userInfo);
returnValue = userManager.IsAdministrator(userId);
if (!returnValue)
{
returnValue = new PiPermissionScopeManager(dbProvider).IsModuleAuthorized(userId, moduleCode, permissionItemCode);
}
});
return(returnValue);
}
/// <summary>
/// 获得用户授权范围
/// </summary>
/// <param name="userId">员工主键</param>
/// <param name="permissionItemScopeCode"></param>
/// <returns>数据表</returns>
public DataTable GetDTByPermission(string userId, string permissionItemScopeCode)
{
DataTable returnValue = new DataTable(this.CurrentTableName);
string[] names = null;
object[] values = null;
// 这里需要判断,是系统权限?
bool isRole = false;
PiUserRoleManager userRoleManager = new PiUserRoleManager(this.DBProvider, this.UserInfo);
// 用户管理员
isRole = userRoleManager.UserInRole(userId, "UserAdmin");
if (isRole)
{
names = new string[] { PiModuleTable.FieldCategory, PiModuleTable.FieldDeleteMark, PiModuleTable.FieldEnabled };
values = new object[] { "System", 0, 1 };
returnValue = this.GetDT(names, values, PiModuleTable.FieldSortCode);
returnValue.TableName = this.CurrentTableName;
return(returnValue);
}
// 这里需要判断,是业务权限?
isRole = userRoleManager.UserInRole(userId, "Admin");
if (isRole)
{
names = new string[] { PiModuleTable.FieldCategory, PiModuleTable.FieldDeleteMark, PiModuleTable.FieldEnabled };
values = new object[] { "Application", 0, 1 };
returnValue = this.GetDT(names, values, PiModuleTable.FieldSortCode);
returnValue.TableName = this.CurrentTableName;
return(returnValue);
}
PiPermissionScopeManager permissionScopeManager = new PiPermissionScopeManager(DBProvider, UserInfo);
string[] moduleIds = permissionScopeManager.GetTreeResourceScopeIds(userId, PiModuleTable.TableName, permissionItemScopeCode, true);
//不加载子节点
//string[] moduleIds = permissionScopeManager.GetTreeResourceScopeIds(userId, PiModuleTable.TableName, permissionItemScopeCode, false);
//// 有效的,未被删除的
names = new string[] { PiModuleTable.FieldId, PiModuleTable.FieldDeleteMark, PiModuleTable.FieldEnabled };
values = new object[] { moduleIds, 0, 1 };
returnValue = this.GetDT(names, values, PiModuleTable.FieldSortCode);
returnValue.TableName = this.CurrentTableName;
return(returnValue);
}
