public bool AddRole(Guid transactionid, AdminInfo admin, RoleInfo role, out string strJsonResult)
{
bool result = true;
strJsonResult = string.Empty;
ErrorCodeInfo error = new ErrorCodeInfo();
string message = string.Empty;
string paramstr = string.Empty;
paramstr += $"AdminID:{admin.UserID}";
paramstr += $"||AdminAccount:{admin.UserAccount}";
paramstr += $"||RoleName:{role.RoleName}";
//paramstr += $"||ControlLimit:{role.ControlLimit.ToString()}";
//paramstr += $"||ControlLimitID:{role.ControlLimitID}";
paramstr += $"||Members:";
for (int i = 0; i < role.UserList.Count; i++)
{
paramstr += role.UserList[i].UserID + ",";
}
paramstr += $"||ControlLimitOus:";
for (int i = 0; i < role.ControlLimitOuList.Count; i++)
{
paramstr += role.ControlLimitOuList[i].OuID + ",";
}
string funname = "AddRole";
try
{
do
{
error = role.AddCheckProp();
if (error.Code != ErrorCode.None)
{
strJsonResult = JsonHelper.ReturnJson(false, Convert.ToInt32(error.Code), error.Info);
LoggerHelper.Info(admin.UserAccount, funname, paramstr, Convert.ToString(error.Code), false, transactionid);
result = false;
break;
}
DirectoryEntry entry = new DirectoryEntry();
CommonProvider commonProvider = new CommonProvider();
RoleDBProvider provider = new RoleDBProvider();
List <ControlLimitOuInfo> controlLimitOus = new List <ControlLimitOuInfo>();
List <string> controlOUdistinguishedNames = new List <string>();
for (int i = 0; i < role.ControlLimitOuList.Count; i++)
{
if (!commonProvider.GetADEntryByGuid(role.ControlLimitOuList[i].OuID, out entry, out message))
{
error.Code = ErrorCode.SearchADDataError;
strJsonResult = JsonHelper.ReturnJson(false, Convert.ToInt32(error.Code), error.Info);
LoggerHelper.Info(admin.UserAccount, funname, paramstr, Convert.ToString(error.Code), false, transactionid);
LoggerHelper.Error("AddRole调用GetADEntryByGuid异常", paramstr, message, transactionid);
result = false;
break;
}
string OUdistinguishedName = Convert.ToString(entry.Properties["distinguishedName"].Value);
if (!controlOUdistinguishedNames.Contains(OUdistinguishedName))
{
controlOUdistinguishedNames.Add(OUdistinguishedName);
ControlLimitOuInfo controlLimitOu = new ControlLimitOuInfo();
controlLimitOu.OuID = role.ControlLimitOuList[i].OuID;
controlLimitOu.OUdistinguishedName = OUdistinguishedName;
controlLimitOus.Add(controlLimitOu);
}
}
if (result)
{
if (controlOUdistinguishedNames.Count == 0)
{
error.Code = ErrorCode.ControlOUPathNotEmpty;
strJsonResult = JsonHelper.ReturnJson(false, Convert.ToInt32(error.Code), error.Info);
LoggerHelper.Info(admin.UserAccount, funname, paramstr, Convert.ToString(error.Code), false, transactionid);
LoggerHelper.Error("AddRole异常", paramstr, error.Info, transactionid);
result = false;
break;
}
if (!CheckControlOUdistinguishedNames(transactionid, controlOUdistinguishedNames, out error))
{
strJsonResult = JsonHelper.ReturnJson(false, Convert.ToInt32(error.Code), error.Info);
LoggerHelper.Info(admin.UserAccount, funname, paramstr, Convert.ToString(error.Code), false, transactionid);
LoggerHelper.Error("AddRole异常", paramstr, error.Info, transactionid);
result = false;
break;
}
string members = string.Empty;
for (int i = 0; i < role.UserList.Count; i++)
{
if (!commonProvider.GetADEntryByGuid(role.UserList[i].UserID, out entry, out message))
{
LoggerHelper.Error("AddRole调用GetADEntryByGuid异常", paramstr, message, transactionid);
continue;
}
string DisplayName = entry.Properties["cn"].Value == null ? "" : Convert.ToString(entry.Properties["cn"].Value);
string UserAccount = entry.Properties["userPrincipalName"].Value == null ? "" : Convert.ToString(entry.Properties["userPrincipalName"].Value);
AdminInfo userRole = new AdminInfo();
if (provider.GetUserRole(transactionid, role.UserList[i].UserID, ref userRole, out error))
{
error.Code = ErrorCode.UserHaveRole;
string errormessage = DisplayName + "(" + UserAccount + ") 已存在角色";
strJsonResult = JsonHelper.ReturnJson(false, Convert.ToInt32(error.Code), errormessage);
LoggerHelper.Info(admin.UserAccount, funname, paramstr, Convert.ToString(error.Code), false, transactionid);
LoggerHelper.Error("AddRole调用GetUserRole异常", paramstr, errormessage, transactionid);
result = false;
break;
}
members += DisplayName + "(" + UserAccount + "),";
}
if (result)
{
members = string.IsNullOrEmpty(members) ? string.Empty : members.Remove(members.LastIndexOf(','), 1);
//检查权限
List <RoleParam> roleParams = new List <RoleParam>();
for (int i = 0; i < role.RoleList.Count; i++)
{
foreach (RoleParam param in role.RoleList[i].RoleParamList)
{
RoleParam roleParam = new RoleParam();
if (provider.GetRoleParam(transactionid, param.ParamID, out roleParam, out error))
{
roleParams.Add(roleParam);
}
}
}
var query = from r in roleParams where r.ParamCode.Equals("SameLevelOu") select r;
if (query.Any())
{
if (role.SameLevelOuList.Count == 0)
{
error.Code = ErrorCode.MustHaveSameLevelOuPath;
LoggerHelper.Info(admin.UserAccount, funname, paramstr, Convert.ToString(error.Code), false, transactionid);
strJsonResult = JsonHelper.ReturnJson(false, Convert.ToInt32(error.Code), error.Info);
result = false;
break;
}
}
//AD添加User
if (!provider.AddRole(transactionid, admin, ref role, out error))
{
strJsonResult = JsonHelper.ReturnJson(false, Convert.ToInt32(error.Code), error.Info);
LoggerHelper.Info(admin.UserAccount, funname, paramstr, Convert.ToString(error.Code), false, transactionid);
result = false;
break;
}
for (int i = 0; i < role.RoleList.Count; i++)
{
foreach (RoleParam param in role.RoleList[i].RoleParamList)
{
if (!provider.AddRoleModuleParam(transactionid, role.RoleID, param, out error))
{
continue;
}
}
}
for (int i = 0; i < role.UserList.Count; i++)
{
if (!provider.AddRoleMembers(transactionid, role.RoleID, role.UserList[i], out error))
{
continue;
}
}
for (int i = 0; i < controlLimitOus.Count; i++)
{
if (!provider.AddControlLimitOu(transactionid, role.RoleID, controlLimitOus[i], out error))
{
continue;
}
}
for (int i = 0; i < role.SameLevelOuList.Count; i++)
{
if (!provider.AddSameLevelOu(transactionid, role.RoleID, role.SameLevelOuList[i], out error))
{
continue;
}
}
error.Code = ErrorCode.None;
string json = JsonConvert.SerializeObject(role);
LoggerHelper.Info(admin.UserAccount, funname, paramstr, Convert.ToString(error.Code), true, transactionid);
strJsonResult = JsonHelper.ReturnJson(true, Convert.ToInt32(error.Code), error.Info, json);
#region 操作日志
LogInfo operateLog = new LogInfo();
operateLog.AdminID = admin.UserID;
operateLog.AdminAccount = admin.UserAccount;
operateLog.RoleID = admin.RoleID;
operateLog.ClientIP = _clientip;
operateLog.OperateResult = true;
operateLog.OperateType = "添加角色";
operateLog.OperateLog = $"{admin.UserAccount}于{DateTime.Now}添加角色。角色名称:{role.RoleName}," +
$"管理范围:{role.ControlLimitPath},成员:{members}";
LogManager.AddOperateLog(transactionid, operateLog);
#endregion
result = true;
}
}
} while (false);
}
catch (Exception ex)
{
error.Code = ErrorCode.Exception;
LoggerHelper.Info(admin.UserAccount, funname, paramstr, Convert.ToString(error.Code), false, transactionid);
LoggerHelper.Error("RoleManager调用AddRole异常", paramstr, ex.ToString(), transactionid);
strJsonResult = JsonHelper.ReturnJson(false, Convert.ToInt32(error.Code), error.Info);
result = false;
}
return(result);
}
