/// <summary> /// 获取用户的列权限 /// </summary> /// <param name="userId">用户主键</param> /// <param name="tableCode">表名</param> /// <param name="permissionCode">操作权限</param> /// <returns>有权限的列数组</returns> public string[] GetColumns(string userId, string tableCode, string permissionCode = "Column.Access") { // Column.Edit string[] returnValue = null; if (permissionCode.Equals("Column.Deney") || permissionCode.Equals("Column.Edit")) { // 按数据权限来过滤数据 BasePermissionScopeManager permissionScopeManager = new BasePermissionScopeManager(DbHelper, UserInfo); returnValue = permissionScopeManager.GetResourceScopeIds(userId, tableCode, permissionCode); } else if (permissionCode.Equals("Column.Access")) { // 1: 用户有权限的列名 BasePermissionScopeManager permissionScopeManager = new BasePermissionScopeManager(DbHelper, UserInfo); returnValue = permissionScopeManager.GetResourceScopeIds(userId, tableCode, permissionCode); // 2: 先获取公开的列名 string[] publicIds = this.GetProperties(new KeyValuePair<string, object>(BaseTableColumnsEntity.FieldTableCode, tableCode), new KeyValuePair<string, object>(BaseTableColumnsEntity.FieldIsPublic, 1), BaseTableColumnsEntity.FieldColumnCode); returnValue = StringUtil.Concat(returnValue, publicIds); } return returnValue; }
/// <summary> /// 获取列表 /// </summary> /// <param name="userInfo">用户</param> /// <returns>数据表</returns> public DataTable GetDataTable(BaseUserInfo userInfo) { // 写入调试信息 #if (DEBUG) int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod()); #endif // 加强安全验证防止未授权匿名调用 #if (!DEBUG) LogOnService.UserIsLogOn(userInfo); #endif DataTable dataTable = new DataTable(BaseItemsEntity.TableName); using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType)) { try { dbHelper.Open(UserCenterDbConnection); string tableName = BaseItemsEntity.TableName; if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode)) { tableName = BaseSystemInfo.SystemCode + "Items"; } BaseItemsManager itemsManager = new BaseItemsManager(dbHelper, userInfo, tableName); // 若是系统管理员,那就返回全部数据 if (userInfo.IsAdministrator) { dataTable = itemsManager.GetDataTable(); } else { // 按数据权限来过滤数据 BasePermissionScopeManager permissionScopeManager = new BasePermissionScopeManager(dbHelper, userInfo); string[] ids = permissionScopeManager.GetResourceScopeIds(userInfo.Id, BaseItemsEntity.TableName, "Resource.ManagePermission"); dataTable = itemsManager.GetDataTable(ids); } dataTable.TableName = tableName; // 添加日志 BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, AppMessage.ItemsService_GetDataTable, MethodBase.GetCurrentMethod()); } catch (Exception ex) { BaseExceptionManager.LogException(dbHelper, userInfo, ex); throw ex; } finally { dbHelper.Close(); } } // 写入调试信息 #if (DEBUG) BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart); #endif return dataTable; }
/// <summary> /// 获取用户有权限访问的模块主键 /// </summary> /// <param name="userId">用户主键</param> /// <returns>主键数组</returns> public string[] GetIdsByUser(string userId) { // 公开的模块谁都可以访问 string[] openModuleIds = null; List<KeyValuePair<string, object>> parameters = new List<KeyValuePair<string, object>>(); parameters.Add(new KeyValuePair<string, object>(BaseModuleEntity.FieldIsPublic, 1)); parameters.Add(new KeyValuePair<string, object>(BaseModuleEntity.FieldEnabled, 1)); parameters.Add(new KeyValuePair<string, object>(BaseModuleEntity.FieldDeletionStateCode, 0)); openModuleIds = this.GetIds(parameters); string[] twoModuleIds = null; if (!string.IsNullOrEmpty(userId)) { // 按第一个解决方案进行计算 (用户 ---> 权限 --- 权限 <--- 菜单) // 获取用户的所有权限ID数组 // BasePermissionManager permissionManager = new BasePermissionManager(DbHelper, UserInfo); // DataTable dtPermission = permissionManager.GetPermissionByUser(UserInfo.Id); // string[] permissionItemIds = BaseBusinessLogic.FieldToArray(dtPermission, BasePermissionItemEntity.FieldId); /* string[] oneModuleIds = new string[0]; if ((permissionItemIds != null) && (permissionItemIds.Length > 0)) { // 获取所有跟这个权限有关联的模块ID数组 string sqlQuery = string.Empty; sqlQuery = " SELECT " + BasePermissionEntity.FieldResourceId + " FROM " + BasePermissionEntity.TableName + " WHERE " + BasePermissionEntity.FieldResourceCategory + " = '" + BaseModuleEntity.TableName + "' " + " AND " + BasePermissionEntity.FieldPermissionItemId + " IN (" + BaseBusinessLogic.ObjectsToList(permissionItemIds) + ")"; dtPermission = DbHelper.Fill(sqlQuery); oneModuleIds = BaseBusinessLogic.FieldToArray(dtPermission, BasePermissionEntity.FieldResourceId); } */ // 按第二个解决方案进行计算 (用户 ---> 模块访问权限 ---> 菜单) string tableName = BasePermissionScopeEntity.TableName; if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode)) { tableName = BaseSystemInfo.SystemCode + "PermissionScope"; } BasePermissionScopeManager permissionScopeManager = new BasePermissionScopeManager(DbHelper, UserInfo, tableName); // 模块访问,连同用户本身的,还有角色的,全部获取出来 string permissionItemCode = "Resource.AccessPermission"; twoModuleIds = permissionScopeManager.GetResourceScopeIds(userId, BaseModuleEntity.TableName, permissionItemCode); // 这些模块是有效的才可以 parameters = new List<KeyValuePair<string, object>>(); parameters.Add(new KeyValuePair<string, object>(BaseModuleEntity.FieldId, twoModuleIds)); parameters.Add(new KeyValuePair<string, object>(BaseModuleEntity.FieldEnabled, 1)); parameters.Add(new KeyValuePair<string, object>(BaseModuleEntity.FieldDeletionStateCode, 0)); twoModuleIds = this.GetProperties(parameters, BaseModuleEntity.FieldId); // 这里应该还缺少组织机构的模块权限,应该补上才对 } // 返回相应的模块列表 string[] moduleIds = StringUtil.Concat(openModuleIds, twoModuleIds); return moduleIds; }
/// <summary> /// 获取用户的某个资源的权限范围 /// </summary> /// <param name="userInfo">用户</param> /// <param name="userId">用户主键</param> /// <param name="targetCategory">目标类别</param> /// <param name="permissionItemCode">权限编号</param> /// <returns>主键数组</returns> public string[] GetResourceScopeIds(BaseUserInfo userInfo, string userId, string targetCategory, string permissionItemCode) { // 写入调试信息 #if (DEBUG) int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod()); #endif // 加强安全验证防止未授权匿名调用 #if (!DEBUG) LogOnService.UserIsLogOn(userInfo); #endif string[] returnValue = null; using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType)) { try { dbHelper.Open(UserCenterDbConnection); string tableName = BasePermissionScopeEntity.TableName; if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode)) { tableName = BaseSystemInfo.SystemCode + "PermissionScope"; } BasePermissionScopeManager permissionScopeManager = new BasePermissionScopeManager(dbHelper, userInfo, tableName); returnValue = permissionScopeManager.GetResourceScopeIds(userId, targetCategory, permissionItemCode); BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, AppMessage.PermissionService_GetResourceScopeIds, MethodBase.GetCurrentMethod()); } catch (Exception ex) { BaseExceptionManager.LogException(dbHelper, userInfo, ex); throw ex; } finally { dbHelper.Close(); } } // 写入调试信息 #if (DEBUG) BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart); #endif return returnValue; }
/// <summary> /// 获取能访问的字段列表 /// </summary> /// <param name="tableCode">表名</param> /// <returns>数据表</returns> public DataTable GetTableColumns(string userId, string tableCode) { // 当前用户对哪些资源有权限(用户自己的权限 + 相应的角色拥有的权限) BasePermissionScopeManager permissionScopeManager = new BasePermissionScopeManager(DbHelper, UserInfo); string[] ids = permissionScopeManager.GetResourceScopeIds(userId, "TableColumns", "ColumnAccess"); // 获取有效的,没删除标志的 string sqlQuery = " SELECT * FROM BaseTableColumns WHERE (DeletionStateCode = 0 AND Enabled = 1) "; // 是否指定了表名 if (!string.IsNullOrEmpty(tableCode)) { sqlQuery += " AND (TableCode = '" + tableCode + "') "; } // 公开的或者按权限来过滤字段 sqlQuery += " AND (IsPublic = 1 "; if (ids != null && ids.Length > 0) { string idList = StringUtil.ArrayToList(ids); sqlQuery += " OR Id IN (" + idList + ")"; } sqlQuery += ") ORDER BY SortCode "; return DbHelper.Fill(sqlQuery); }
/// <summary> /// 按某种权限获取主键列表 /// </summary> /// <param name="userId">用户主键</param> /// <param name="resourceCategory">资源分类</param> /// <param name="permissionItemCode">权限编号</param> /// <returns>数据表</returns> public DataTable GetDataTableByPermission(string userId, string resourceCategory, string permissionItemCode = "Resource.ManagePermission") { BasePermissionScopeManager permissionScopeManager = new BasePermissionScopeManager(DbHelper, UserInfo); string[] ids = permissionScopeManager.GetResourceScopeIds(userId, resourceCategory, permissionItemCode); DataTable dataTable = this.GetDataTable(ids); dataTable.DefaultView.Sort = BaseItemDetailsEntity.FieldSortCode; return dataTable; }