public PiPermissionScopeEntity GetConstraintEntity(string resourceCategory, string resourceId, string tableName, string permissionCode = "Resource.AccessPermission")
{
PiPermissionScopeEntity entity = null;
string permissionId = string.Empty;
PiPermissionItemManager permissionItemManager = new PiPermissionItemManager(this.UserInfo);
permissionId = permissionItemManager.GetIdByAdd(permissionCode);
PiPermissionScopeManager manager = new PiPermissionScopeManager(this.DBProvider, this.UserInfo);
string[] names =
{
PiPermissionScopeTable.FieldResourceCategory
, PiPermissionScopeTable.FieldResourceId
, PiPermissionScopeTable.FieldTargetCategory
, PiPermissionScopeTable.FieldTargetId
, PiPermissionScopeTable.FieldPermissionId
, PiPermissionScopeTable.FieldDeleteMark
};
Object[] values =
{
resourceCategory
, resourceId
, "Table"
, tableName
, permissionId
, 0
};
// 1:先获取是否有这样的主键,若有进行更新操作。
DataTable dt = manager.GetDT(names, values);
if (dt.Rows.Count > 0)
{
entity = BaseEntity.Create <PiPermissionScopeEntity>(dt);
}
return(entity);
}
//
// 授予授权范围的实现部分
//
#region private string GrantOrganize(PiPermissionScopeManager permissionScopeManager, string roleId, string permissionItemCode, string grantOrganizeId) 为了提高授权的运行速度
/// <summary>
/// 为了提高授权的运行速度
/// </summary>
/// <param name="permissionScopeManager">权限域读写器</param>
/// <param name="permissionItemCode">权限代码</param>
/// <param name="roleId">员工主键</param>
/// <param name="grantOrganizeId">权限主键</param>
/// <returns>主键</returns>
private string GrantOrganize(PiPermissionScopeManager permissionScopeManager, string roleId, string permissionItemCode, string grantOrganizeId)
{
string returnValue = string.Empty;
string[] names = new string[5];
string[] values = new string[5];
names[0] = PiPermissionScopeTable.FieldResourceCategory;
values[0] = PiRoleTable.TableName;
names[1] = PiPermissionScopeTable.FieldResourceId;
values[1] = roleId;
names[2] = PiPermissionScopeTable.FieldTargetCategory;
values[2] = PiOrganizeTable.TableName;
names[3] = PiPermissionScopeTable.FieldTargetId;
values[3] = grantOrganizeId;
names[4] = PiPermissionScopeTable.FieldPermissionId;
values[4] = this.GetIdByCode(permissionItemCode);
// Nick Deng 优化数据权限设置,没有权限和其他任意一种权限互斥
// 即当没有权限时,该角色对应该数据权限的其他权限都应删除
// 当该角色拥有对应该数据权限的其他权限时,删除该角色的没有权限的权限
PiPermissionScopeEntity resourcePermissionScopeEntity = new PiPermissionScopeEntity();
DataTable dt = new DataTable();
if (!this.Exists(names, values))
{
resourcePermissionScopeEntity.PermissionId = this.GetIdByCode(permissionItemCode);
resourcePermissionScopeEntity.ResourceCategory = PiRoleTable.TableName;
resourcePermissionScopeEntity.ResourceId = roleId;
resourcePermissionScopeEntity.TargetCategory = PiOrganizeTable.TableName;
resourcePermissionScopeEntity.TargetId = grantOrganizeId;
resourcePermissionScopeEntity.Enabled = 1;
resourcePermissionScopeEntity.DeleteMark = 0;
returnValue = permissionScopeManager.Add(resourcePermissionScopeEntity);
if (grantOrganizeId != ((int)PermissionScope.None).ToString())
{
values[3] = ((int)PermissionScope.None).ToString();
if (this.Exists(names, values))
{
dt = permissionScopeManager.GetDT(names, values);
if (dt != null && dt.Rows.Count > 0)
{
permissionScopeManager.DeleteEntity(dt.Rows[0]["Id"].ToString());
}
}
}
else
{
string[] namesForDel = new string[4];
string[] valuesForDel = new string[4];
namesForDel[0] = names[0];
valuesForDel[0] = values[0];
namesForDel[1] = names[1];
valuesForDel[1] = values[1];
namesForDel[2] = names[2];
valuesForDel[2] = values[2];
namesForDel[3] = names[4];
valuesForDel[3] = values[4];
dt = permissionScopeManager.GetDT(namesForDel, valuesForDel);
for (int i = 0; i < dt.Rows.Count; i++)
{
if (dt.Rows[i]["TARGETID"].ToString() != ((int)PermissionScope.None).ToString())
{
permissionScopeManager.DeleteEntity(dt.Rows[0]["ID"].ToString());
}
}
}
}
return(returnValue);
}
/// <summary>
/// 获取用户的条件约束表达式
/// </summary>
/// <param name="tableName">表名</param>
/// <param name="permissionCode">权限代码</param>
/// <returns>主键</returns>
public string GetUserConstraint(string tableName, string permissionCode = "Resource.AccessPermission")
{
string returnValue = string.Empty;
// 这里是获取用户的条件表达式
// 1: 首先用户在哪些角色里是有效的?
// 2: 这些角色都有哪些哪些条件约束?
// 3: 组合约束条件?
// 4:用户本身的约束条件?
string permissionId = string.Empty;
PiPermissionItemManager permissionItemManager = new PiPermissionItemManager(this.UserInfo);
permissionId = permissionItemManager.GetIdByAdd(permissionCode);
PiUserRoleManager manager = new PiUserRoleManager(this.DBProvider, this.UserInfo);
string[] roleIds = manager.GetAllRoleIds(UserInfo.Id);
if (roleIds == null || roleIds.Length == 0)
{
return(returnValue);
}
PiPermissionScopeManager scopeManager = new PiPermissionScopeManager(this.DBProvider, this.UserInfo);
string[] names =
{
PiPermissionScopeTable.FieldResourceCategory
, PiPermissionScopeTable.FieldResourceId
, PiPermissionScopeTable.FieldTargetCategory
, PiPermissionScopeTable.FieldTargetId
, PiPermissionScopeTable.FieldPermissionId
, PiPermissionScopeTable.FieldEnabled
, PiPermissionScopeTable.FieldDeleteMark
};
Object[] values =
{
PiRoleTable.TableName
, roleIds
, "Table"
, tableName
, permissionId
, 1
, 0
};
DataTable dtPermissionScope = scopeManager.GetDT(names, values);
string permissionConstraint = string.Empty;
foreach (DataRow dataRow in dtPermissionScope.Rows)
{
permissionConstraint = dataRow[PiPermissionScopeTable.FieldPermissionConstraint].ToString();
permissionConstraint = permissionConstraint.Trim();
if (!string.IsNullOrEmpty(permissionConstraint))
{
returnValue += " AND " + permissionConstraint;
}
}
//得到当前用户的约束条件
string userConstraint = this.GetConstraint(PiUserTable.TableName, this.UserInfo.Id, tableName) ?? "";
if (!string.IsNullOrEmpty(userConstraint))
{
returnValue += " AND " + userConstraint;
}
if (!string.IsNullOrEmpty(returnValue))
{
returnValue = returnValue.Substring(5);
// 解析替换约束表达式标准函数
returnValue = ConstraintUtil.PrepareParameter(this.UserInfo, returnValue);
}
return(returnValue);
}