/// <summary> /// 获取用户有权限访问的模块主键 /// </summary> /// <param name="userId">用户主键</param> /// <returns>主键数组</returns> public string[] GetIDsByUser(string userId) { // 公开的模块谁都可以访问 string[] openModuleIds = null; var parameters = new List <KeyValuePair <string, object> > { new KeyValuePair <string, object>(PiModuleTable.FieldIsPublic, 1), new KeyValuePair <string, object>(PiModuleTable.FieldEnabled, 1), new KeyValuePair <string, object>(PiModuleTable.FieldDeleteMark, 0) }; openModuleIds = this.GetIds(parameters); string[] twoModuleIds = null; if (!string.IsNullOrEmpty(userId)) { // 按第一个解决方案进行计算 (用户 ---> 权限 --- 权限 <--- 菜单) // 获取用户的所有权限ID数组 // PiPermissionManager permissionManager = new PiPermissionManager(DBProvider, UserInfo); // DataTable dtPermission = permissionManager.GetPermissionByUser(UserInfo.Id); // string[] permissionItemIds = BusinessLogic.FieldToArray(dtPermission, BasePermissionItemEntity.FieldId); /* * string[] oneModuleIds = new string[0]; * if ((permissionItemIds != null) && (permissionItemIds.Length > 0)) * { * // 获取所有跟这个权限有关联的模块ID数组 * string sqlQuery = string.Empty; * sqlQuery = " SELECT " + PiPermissionTable.FieldResourceId + " FROM " + PiPermissionTable.TableName + " WHERE " + PiPermissionTable.FieldResourceCategory + " = '" + PiModuleTable.TableName + "' " + " AND " + PiPermissionTable.FieldPermissionId + " IN (" + BusinessLogic.ObjectsToList(permissionItemIds) + ")"; + + dtPermission = DBProvider.Fill(sqlQuery); + oneModuleIds = BusinessLogic.FieldToArray(dtPermission, PiPermissionTable.FieldResourceId); + } */ //按第二个解决方案进行计算 (用户 ---> 模块访问权限 ---> 菜单) string tableName = PiPermissionScopeTable.TableName; PiPermissionScopeManager permissionScopeManager = new PiPermissionScopeManager(DBProvider, UserInfo, tableName); // 模块访问,连同用户本身的,还有角色的,全部获取出来 string permissionItemCode = "Resource.AccessPermission"; twoModuleIds = permissionScopeManager.GetResourceScopeIds(userId, PiModuleTable.TableName, permissionItemCode); // 这些模块是有效的才可以 parameters = new List <KeyValuePair <string, object> > { new KeyValuePair <string, object>(PiModuleTable.FieldId, twoModuleIds), new KeyValuePair <string, object>(PiModuleTable.FieldEnabled, 1), new KeyValuePair <string, object>(PiModuleTable.FieldDeleteMark, 0) }; twoModuleIds = this.GetProperties(parameters, PiModuleTable.FieldId); } // 返回相应的模块列表 string[] moduleIds = BusinessLogic.Concat(openModuleIds, twoModuleIds); return(moduleIds); }
// // 授予授权范围的实现部分 // #region private string GrantUser(PiPermissionScopeManager permissionScopeManager, string userId, string permissionItemCode, string grantUserId) 为了提高授权的运行速度 /// <summary> /// 为了提高授权的运行速度 /// </summary> /// <param name="permissionScopeManager">权限域读写器</param> /// <param name="userId">员工主键</param> /// <param name="permissionItemCode">权限项代码</param> /// <param name="grantUserId">权限主键</param> /// <returns>主键</returns> private string GrantUser(PiPermissionScopeManager permissionScopeManager, string userId, string permissionItemCode, string grantUserId) { var returnValue = string.Empty; var names = new string[5]; var values = new string[5]; names[0] = PiPermissionScopeTable.FieldResourceCategory; values[0] = PiUserTable.TableName; names[1] = PiPermissionScopeTable.FieldResourceId; values[1] = userId; names[2] = PiPermissionScopeTable.FieldTargetCategory; values[2] = PiUserTable.TableName; names[3] = PiPermissionScopeTable.FieldTargetId; values[3] = grantUserId; names[4] = PiPermissionScopeTable.FieldPermissionId; values[4] = this.GetIdByCode(permissionItemCode); if (!this.Exists(names, values)) { var resourcePermissionScopeEntity = new PiPermissionScopeEntity { PermissionId = this.GetIdByCode(permissionItemCode), ResourceCategory = PiUserTable.TableName, ResourceId = userId, TargetCategory = PiUserTable.TableName, TargetId = grantUserId, Enabled = 1, DeleteMark = 0 }; return(permissionScopeManager.Add(resourcePermissionScopeEntity)); } return(returnValue); }
/// <summary> /// 获取能访问的字段列表 /// </summary> /// <param name="userId">用户代码</param> /// <param name="tableCode">表名</param> /// <returns>数据表</returns> public DataTable GetTableColumns(string userId, string tableCode) { // 当前用户对哪些资源有权限(用户自己的权限 + 相应的角色拥有的权限) PiPermissionScopeManager permissionScopeManager = new PiPermissionScopeManager(DBProvider, UserInfo); string[] ids = permissionScopeManager.GetResourceScopeIds(userId, "TableColumns", "ColumnAccess"); // 获取有效的,没删除标志的 string sqlQuery = " SELECT * FROM " + CiTableColumnsTable.TableName + " WHERE (" + CiTableColumnsTable.FieldDeleteMark + " = 0 AND " + CiTableColumnsTable.FieldEnabled + " = 1) "; // 是否指定了表名 if (!string.IsNullOrEmpty(tableCode)) { sqlQuery += " AND (" + CiTableColumnsTable.FieldTableCode + "= '" + tableCode + "') "; } // 公开的或者按权限来过滤字段 sqlQuery += " AND (" + CiTableColumnsTable.FieldIsPublic + " = 1 "; if (ids != null && ids.Length > 0) { string idList = BusinessLogic.ArrayToList(ids, "'"); sqlQuery += " OR " + CiTableColumnsTable.FieldId + " IN (" + idList + ")"; } sqlQuery += ") ORDER BY " + CiTableColumnsTable.FieldSortCode; return(DBProvider.Fill(sqlQuery)); }
/// <summary> /// 按日期获取日志 /// </summary> /// <param name="userInfo">用户</param> /// <param name="beginDate">开始时间</param> /// <param name="endDate">结束时间</param> /// <param name="userId">用户主键</param> /// <param name="moduleId">模块主键</param> /// <returns>数据表</returns> public DataTable GetDTByDate(UserInfo userInfo, string beginDate, string endDate, string userId, string moduleId) { var dataTable = new DataTable(CiLogTable.TableName); var parameter = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.LogService_GetDTByDate); ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider => { var logManager = new LogManager(dbProvider, userInfo); if (!string.IsNullOrEmpty(userId)) { dataTable = logManager.GetDTByDateByUserIds(new[] { userId }, CiLogTable.FieldProcessId, moduleId, beginDate, endDate); } else { if (userInfo.IsAdministrator) { dataTable = logManager.GetDTByDate(CiLogTable.FieldProcessId, moduleId, beginDate, endDate); } else { var piPermissionScopeManager = new PiPermissionScopeManager(dbProvider, userInfo); string[] userIds = piPermissionScopeManager.GetUserIds(userInfo.Id, "Resource.ManagePermission"); dataTable = logManager.GetDTByDateByUserIds(userIds, CiLogTable.FieldProcessId, moduleId, beginDate, endDate); } } dataTable.TableName = CiLogTable.TableName; }); return(dataTable); }
/// <summary> /// 设置约束条件 /// </summary> /// <param name="resourceCategory">资源类别</param> /// <param name="resourceId">资源主键</param> /// <param name="tableName">表名</param> /// <param name="constraint">约束</param> /// <param name="enabled">有效</param> /// <param name="permissionCode">操作权限项</param> /// <returns>主键</returns> public string SetConstraint(string resourceCategory, string resourceId, string tableName, string permissionCode, string constraint, bool enabled = true) { string returnValue = string.Empty; string permissionId = string.Empty; PiPermissionItemManager permissionItemManager = new PiPermissionItemManager(this.UserInfo); permissionId = permissionItemManager.GetIdByAdd(permissionCode); PiPermissionScopeManager manager = new PiPermissionScopeManager(this.DBProvider, this.UserInfo); string[] names = { PiPermissionScopeTable.FieldResourceCategory , PiPermissionScopeTable.FieldResourceId , PiPermissionScopeTable.FieldTargetCategory , PiPermissionScopeTable.FieldTargetId , PiPermissionScopeTable.FieldPermissionId , PiPermissionScopeTable.FieldDeleteMark }; Object[] values = { resourceCategory , resourceId , "Table" , tableName , permissionId , 0 }; // 1:先获取是否有这样的主键,若有进行更新操作。 // 2:若没有进行添加操作。 returnValue = manager.GetId(names, values); if (!string.IsNullOrEmpty(returnValue)) { string[] targetFields = { PiPermissionScopeTable.FieldPermissionConstraint, PiPermissionScopeTable.FieldEnabled }; Object[] targetValues = { constraint, enabled ? 1 : 0 }; manager.SetProperty(PiPermissionScopeTable.FieldId, returnValue, targetFields, targetValues); } else { PiPermissionScopeEntity entity = new PiPermissionScopeEntity { ResourceCategory = resourceCategory, ResourceId = resourceId, TargetCategory = "Table", TargetId = tableName, PermissionConstraint = constraint, PermissionId = permissionId, DeleteMark = 0, Enabled = enabled ? 1 : 0 }; returnValue = manager.Add(entity); } return(returnValue); }
public int RevokeAll(string organizeId) { List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> > { new KeyValuePair <string, object>(PiPermissionScopeTable.FieldResourceCategory, PiOrganizeTable.TableName), new KeyValuePair <string, object>(PiPermissionScopeTable.FieldResourceId, organizeId) }; PiPermissionScopeManager permissionScopeManager = new PiPermissionScopeManager(DBProvider, UserInfo, this.CurrentTableName); return(permissionScopeManager.Delete(parameters)); }
/// <summary> /// 获取用户的某个资源的权限范围(树型资源) /// </summary> /// <param name="userInfo">用户</param> /// <param name="userId">用户主键</param> /// <param name="targetCategory">目标类别</param> /// <param name="permissionItemCode">权限编号</param> /// <param name="childrens">是否含子节点</param> /// <returns>主键数组</returns> public string[] GetTreeResourceScopeIds(UserInfo userInfo, string userId, string targetCategory, string permissionItemCode, bool childrens) { string[] returnValue = null; var parameter = ParameterUtil.CreateWithLog(userInfo, MethodBase.GetCurrentMethod()); ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider => { returnValue = new PiPermissionScopeManager(dbProvider, userInfo).GetTreeResourceScopeIds(userId, targetCategory, permissionItemCode, childrens); }); return(returnValue); }
/// <summary> /// 撤消资源的权限范围 /// </summary> /// <param name="userInfo">用户</param> /// <param name="resourceCategory">资源分类</param> /// <param name="resourceId">资源主键</param> /// <param name="targetCategory">目标类别</param> /// <param name="permissionItemId">权限主键</param> /// <returns>影响的行数</returns> public int ClearPermissionScopeTarget(UserInfo userInfo, string resourceCategory, string resourceId, string targetCategory, string permissionItemId) { var returnValue = 0; var parameter = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.PermissionService_ClearPermissionScopeTarget); ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider => { returnValue = new PiPermissionScopeManager(dbProvider, userInfo).RevokeResourcePermissionScopeTarget(resourceCategory, resourceId, targetCategory, permissionItemId); }); return(returnValue); }
/// <summary> /// 移除权限范围 /// </summary> /// <param name="userInfo">用户</param> /// <param name="resourceCategory">资源分类</param> /// <param name="resourceIds">资源主键</param> /// <param name="targetCategory">目标分类</param> /// <param name="revokeTargetId">目标主键</param> /// <param name="permissionItemId">操作权限项</param> /// <returns>影响行数</returns> public int RevokePermissionScopeTarget(UserInfo userInfo, string resourceCategory, string[] resourceIds, string targetCategory, string revokeTargetId, string permissionItemId) { var returnValue = 0; var parameter = ParameterUtil.CreateWithLog(userInfo, MethodBase.GetCurrentMethod()); ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider => { returnValue = new PiPermissionScopeManager(dbProvider, userInfo).RevokeResourcePermissionScopeTarget(resourceCategory, resourceIds, targetCategory, revokeTargetId, permissionItemId); }); return(returnValue); }
/// <summary> /// 批量删除约束条件 /// </summary> /// <param name="userInfo">用户</param> /// <param name="ids">主键数组</param> /// <returns>影响行数</returns> public int BatchDeleteConstraint(UserInfo userInfo, string[] ids) { var returnValue = 0; var parameter = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.TableColumnsService_BatchDeleteConstraint); ServiceUtil.ProcessRDIWriteDbWithTran(userInfo, parameter, dbProvider => { returnValue = new PiPermissionScopeManager(dbProvider, userInfo).SetDeleted(ids); }); return(returnValue); }
/// <summary> /// 获得指定用户的数据权限范围 /// </summary> /// <param name="userInfo">用户</param> /// <param name="userId">用户主键</param> /// <param name="permissionItemCode">数据权限编号</param> /// <returns>数据权限范围</returns> public PermissionScope GetPermissionScopeByUserId(UserInfo userInfo, string userId, string permissionItemCode) { var returnValue = PermissionScope.None; var parameter = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.PermissionService_GetPermissionScopeByUserId); ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider => { returnValue = new PiPermissionScopeManager(dbProvider, userInfo).GetUserPermissionScope(userId, permissionItemCode); }); return(returnValue); }
public int RevokeModules(string organizeId, string permissionItemCode, string[] revokeModuleIds) { int returnValue = 0; PiPermissionScopeManager permissionScopeManager = new PiPermissionScopeManager(DBProvider, UserInfo, this.CurrentTableName); for (int i = 0; i < revokeModuleIds.Length; i++) { this.RevokeModule(permissionScopeManager, organizeId, permissionItemCode, revokeModuleIds[i]); returnValue++; } return(returnValue); }
public int RevokeModules(string[] userIds, string permissionItemCode, string revokeModuleId) { int returnValue = 0; PiPermissionScopeManager permissionScopeManager = new PiPermissionScopeManager(DBProvider, UserInfo); for (int i = 0; i < userIds.Length; i++) { this.RevokeModule(permissionScopeManager, userIds[i], permissionItemCode, revokeModuleId); returnValue++; } return(returnValue); }
public int GrantPermissionItemes(string[] userIds, string permissionItemCode, string grantPermissionId) { int returnValue = 0; PiPermissionScopeManager permissionScopeManager = new PiPermissionScopeManager(DBProvider, UserInfo); for (int i = 0; i < userIds.Length; i++) { this.GrantPermissionItem(permissionScopeManager, userIds[i], permissionItemCode, grantPermissionId); returnValue++; } return(returnValue); }
public int GrantModules(string[] organizeIds, string permissionItemCode, string grantModuleId) { int returnValue = 0; PiPermissionScopeManager permissionScopeManager = new PiPermissionScopeManager(DBProvider, UserInfo, this.CurrentTableName); for (int i = 0; i < organizeIds.Length; i++) { this.GrantModule(permissionScopeManager, organizeIds[i], permissionItemCode, grantModuleId); returnValue++; } return(returnValue); }
public int GrantModules(string userId, string permissionItemCode, string[] grantModuleIds) { int returnValue = 0; PiPermissionScopeManager permissionScopeManager = new PiPermissionScopeManager(DBProvider, UserInfo); for (int i = 0; i < grantModuleIds.Length; i++) { this.GrantModule(permissionScopeManager, userId, permissionItemCode, grantModuleIds[i]); returnValue++; } return(returnValue); }
public int RevokePermissionItems(string userId, string permissionItemCode, string[] revokePermissionIds) { int returnValue = 0; PiPermissionScopeManager permissionScopeManager = new PiPermissionScopeManager(DBProvider, UserInfo); for (int i = 0; i < revokePermissionIds.Length; i++) { this.RevokePermissionItem(permissionScopeManager, userId, permissionItemCode, revokePermissionIds[i]); returnValue++; } return(returnValue); }
public int RevokeAll(string userId) { string[] names = new string[2]; string[] values = new string[2]; names[0] = PiPermissionScopeTable.FieldResourceCategory; values[0] = PiUserTable.TableName; names[1] = PiPermissionScopeTable.FieldResourceId; values[1] = userId; PiPermissionScopeManager permissionScopeManager = new PiPermissionScopeManager(DBProvider, UserInfo); return(permissionScopeManager.Delete(names, values)); }
public int ClearOrganizePermissionScope(string organizeId, string permissionItemCode) { List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> > { new KeyValuePair <string, object>(PiPermissionScopeTable.FieldResourceCategory, PiOrganizeTable.TableName), new KeyValuePair <string, object>(PiPermissionScopeTable.FieldResourceId, organizeId), new KeyValuePair <string, object>(PiPermissionScopeTable.FieldPermissionId, this.GetIdByCode(permissionItemCode)) }; PiPermissionScopeManager permissionScopeManager = new PiPermissionScopeManager(DBProvider, UserInfo, this.CurrentTableName); return(permissionScopeManager.Delete(parameters)); }
/// <summary> /// 按某个权限范围获取特定用户可访问的组织机构主键数组 /// </summary> /// <param name="userInfo">用户</param> /// <param name="userId">用户主键</param> /// <param name="permissionItemCode">操作权限编号</param> /// <returns>主键数组</returns> public string[] GetOrganizeIdsByPermissionScope(UserInfo userInfo, string userId, string permissionItemCode) { string[] returnValue = null; var parameter = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.PermissionService_GetOrganizeIdsByPermissionScope); ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider => { if (!String.IsNullOrEmpty(permissionItemCode)) { returnValue = new PiPermissionScopeManager(dbProvider, userInfo).GetOrganizeIds(userId, permissionItemCode); } }); return(returnValue); }
// // 撤销授权范围的实现部分 // #region private int RevokeModule(PiPermissionScopeManager permissionScopeManager, string organizeId, string permissionItemCode, string revokeModuleId) 为了提高授权的运行速度 /// <summary> /// 为了提高授权的运行速度 /// </summary> /// <param name="permissionScopeManager">权限域读写器</param> /// <param name="organizeId">组织机构主键</param> /// <param name="permissionItemCode">权限代码</param> /// <param name="revokeModuleId">回收的模块主键</param> /// <returns>主键</returns> private int RevokeModule(PiPermissionScopeManager permissionScopeManager, string organizeId, string permissionItemCode, string revokeModuleId) { List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> > { new KeyValuePair <string, object>(PiPermissionScopeTable.FieldResourceCategory, PiOrganizeTable.TableName), new KeyValuePair <string, object>(PiPermissionScopeTable.FieldResourceId, organizeId), new KeyValuePair <string, object>(PiPermissionScopeTable.FieldTargetCategory, PiModuleTable.TableName), new KeyValuePair <string, object>(PiPermissionScopeTable.FieldTargetId, revokeModuleId), new KeyValuePair <string, object>(PiPermissionScopeTable.FieldPermissionId, this.GetIdByCode(permissionItemCode)) }; return(permissionScopeManager.Delete(parameters)); }
/// <summary> /// 清除用户权限范围 /// </summary> /// <param name="userId">用户主键</param> /// <param name="permissionItemCode">操作权限编号</param> /// <returns>受影响的行数</returns> public int ClearUserPermissionScope(string userId, string permissionItemCode) { string[] names = new string[3]; string[] values = new string[3]; names[0] = PiPermissionScopeTable.FieldResourceCategory; values[0] = PiUserTable.TableName; names[1] = PiPermissionScopeTable.FieldResourceId; values[1] = userId; names[2] = PiPermissionScopeTable.FieldPermissionId; values[2] = this.GetIdByCode(permissionItemCode); PiPermissionScopeManager permissionScopeManager = new PiPermissionScopeManager(DBProvider, UserInfo); return(permissionScopeManager.Delete(names, values)); }
/// <summary> /// 员工撤销授权 /// </summary> /// <param name="userIds">用户主键数组</param> /// <param name="permissionItemCode">权限代码</param> /// <param name="revokeUserIds">撤销用户主键数组</param> /// <returns>受影响的数量</returns> public int RevokeUsers(string[] userIds, string permissionItemCode, string[] revokeUserIds) { var returnValue = 0; var permissionScopeManager = new PiPermissionScopeManager(DBProvider, UserInfo); for (var i = 0; i < userIds.Length; i++) { for (var j = 0; j < revokeUserIds.Length; j++) { this.RevokeUser(permissionScopeManager, userIds[i], permissionItemCode, revokeUserIds[j]); returnValue++; } } return(returnValue); }
public int GrantPermissionItems(string[] roleIds, string permissionItemCode, string[] grantPermissionIds) { int returnValue = 0; PiPermissionScopeManager permissionScopeManager = new PiPermissionScopeManager(DBProvider, UserInfo); for (int i = 0; i < roleIds.Length; i++) { for (int j = 0; j < grantPermissionIds.Length; j++) { this.GrantPermissionItem(permissionScopeManager, roleIds[i], permissionItemCode, grantPermissionIds[j]); returnValue++; } } return(returnValue); }
public int RevokeOrganizes(string[] roleIds, string permissionItemCode, string[] revokeOrganizeIds) { int returnValue = 0; PiPermissionScopeManager permissionScopeManager = new PiPermissionScopeManager(DBProvider, UserInfo); for (int i = 0; i < roleIds.Length; i++) { for (int j = 0; j < revokeOrganizeIds.Length; j++) { this.RevokeOrganize(permissionScopeManager, roleIds[i], permissionItemCode, revokeOrganizeIds[j]); returnValue++; } } return(returnValue); }
////////////////////////////////////////////////////////////////////////////////////////////////////// /// 用户权限范围判断相关 /// 按某个权限范围获取特定用户可访问的特定资源(这个权限范围主要指数据权限【如:资源管理权限、资源访问权限等】) ////////////////////////////////////////////////////////////////////////////////////////////////////// #region public DataTable GetUserDTByPermissionScope(UserInfo userInfo, string userId, string permissionItemCode) 按某个权限范围获取特定用户可访问的用户列表 /// <summary> /// 按某个权限范围获取特定用户可访问的用户列表 /// </summary> /// <param name="userInfo">用户</param> /// <param name="userId">用户主键</param> /// <param name="permissionItemCode">操作权限编号</param> /// <returns>数据表</returns> public DataTable GetUserDTByPermissionScope(UserInfo userInfo, string userId, string permissionItemCode) { var dataTable = new DataTable(PiUserTable.TableName); var parameter = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.PermissionService_GetUserDTByPermissionScope); ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider => { var permissionScopeManager = new PiPermissionScopeManager(dbProvider, userInfo); if (!String.IsNullOrEmpty(permissionItemCode)) { dataTable = permissionScopeManager.GetUserDT(userInfo.Id, permissionItemCode); } dataTable.TableName = PiUserTable.TableName; }); return(dataTable); }
// // 授予授权范围的实现部分 // #region private string GrantPermissionItem(PiPermissionScopeManager permissionScopeManager, string id, string userId, string grantPermissionId) 为了提高授权的运行速度 /// <summary> /// 为了提高授权的运行速度 /// </summary> /// <param name="permissionScopeManager">权限域读写器</param> /// <param name="userId">员工主键</param> /// <param name="permissionItemCode">权限代码</param> /// <param name="grantPermissionId">权限主键</param> /// <returns>主键</returns> private string GrantPermissionItem(PiPermissionScopeManager permissionScopeManager, string userId, string permissionItemCode, string grantPermissionId) { string returnValue = string.Empty; PiPermissionScopeEntity resourcePermissionScopeEntity = new PiPermissionScopeEntity { PermissionId = this.GetIdByCode(permissionItemCode), ResourceCategory = PiUserTable.TableName, ResourceId = userId, TargetCategory = PiPermissionItemTable.TableName, TargetId = grantPermissionId, Enabled = 1, DeleteMark = 0 }; return(permissionScopeManager.Add(resourcePermissionScopeEntity)); }
// // 撤销授权范围的实现部分 // #region private int RevokeUser(PiPermissionScopeManager permissionScopeManager, string roleId, string permissionItemCode, string revokeUserId) 为了提高授权的运行速度 /// <summary> /// 为了提高授权的运行速度 /// </summary> /// <param name="permissionScopeManager">权限域读写器</param> /// <param name="roleId">员工主键</param> /// <param name="permissionItemCode">权限代码</param> /// <param name="revokeUserId">权限主键</param> /// <returns>主键</returns> private int RevokeUser(PiPermissionScopeManager permissionScopeManager, string roleId, string permissionItemCode, string revokeUserId) { string[] names = new string[5]; string[] values = new string[5]; names[0] = PiPermissionScopeTable.FieldResourceCategory; values[0] = PiRoleTable.TableName; names[1] = PiPermissionScopeTable.FieldResourceId; values[1] = roleId; names[2] = PiPermissionScopeTable.FieldTargetCategory; values[2] = PiUserTable.TableName; names[3] = PiPermissionScopeTable.FieldTargetId; values[3] = revokeUserId; names[4] = PiPermissionScopeTable.FieldPermissionId; values[4] = this.GetIdByCode(permissionItemCode); return(permissionScopeManager.Delete(names, values)); }
/// <summary> /// 某个用户是否对某个模块有相应的权限 /// </summary> /// <param name="userInfo">用户</param> /// <param name="userId">用户主键</param> /// <param name="moduleCode">模块编号</param> /// <param name="permissionItemCode"></param> /// <returns>是否有权限,true:是,false:否</returns> public bool IsModuleAuthorizedByUserId(UserInfo userInfo, string userId, string moduleCode, string permissionItemCode) { var returnValue = false; var parameter = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.PermissionService_IsModuleAuthorizedByUserId); ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider => { // 是否超级管理员 var userManager = new PiUserManager(dbProvider, userInfo); returnValue = userManager.IsAdministrator(userId); if (!returnValue) { returnValue = new PiPermissionScopeManager(dbProvider).IsModuleAuthorized(userId, moduleCode, permissionItemCode); } }); return(returnValue); }
/// <summary> /// 获得用户授权范围 /// </summary> /// <param name="userId">员工主键</param> /// <param name="permissionItemScopeCode"></param> /// <returns>数据表</returns> public DataTable GetDTByPermission(string userId, string permissionItemScopeCode) { DataTable returnValue = new DataTable(this.CurrentTableName); string[] names = null; object[] values = null; // 这里需要判断,是系统权限? bool isRole = false; PiUserRoleManager userRoleManager = new PiUserRoleManager(this.DBProvider, this.UserInfo); // 用户管理员 isRole = userRoleManager.UserInRole(userId, "UserAdmin"); if (isRole) { names = new string[] { PiModuleTable.FieldCategory, PiModuleTable.FieldDeleteMark, PiModuleTable.FieldEnabled }; values = new object[] { "System", 0, 1 }; returnValue = this.GetDT(names, values, PiModuleTable.FieldSortCode); returnValue.TableName = this.CurrentTableName; return(returnValue); } // 这里需要判断,是业务权限? isRole = userRoleManager.UserInRole(userId, "Admin"); if (isRole) { names = new string[] { PiModuleTable.FieldCategory, PiModuleTable.FieldDeleteMark, PiModuleTable.FieldEnabled }; values = new object[] { "Application", 0, 1 }; returnValue = this.GetDT(names, values, PiModuleTable.FieldSortCode); returnValue.TableName = this.CurrentTableName; return(returnValue); } PiPermissionScopeManager permissionScopeManager = new PiPermissionScopeManager(DBProvider, UserInfo); string[] moduleIds = permissionScopeManager.GetTreeResourceScopeIds(userId, PiModuleTable.TableName, permissionItemScopeCode, true); //不加载子节点 //string[] moduleIds = permissionScopeManager.GetTreeResourceScopeIds(userId, PiModuleTable.TableName, permissionItemScopeCode, false); //// 有效的,未被删除的 names = new string[] { PiModuleTable.FieldId, PiModuleTable.FieldDeleteMark, PiModuleTable.FieldEnabled }; values = new object[] { moduleIds, 0, 1 }; returnValue = this.GetDT(names, values, PiModuleTable.FieldSortCode); returnValue.TableName = this.CurrentTableName; return(returnValue); }