/// <summary>
/// 递归替换子对象的Acl
/// </summary>
/// <param name="container"></param>
/// <param name="forceReplace">是否强制覆盖</param>
/// <returns></returns>
public ISCAclContainer ReplaceAclRecursively(ISCAclContainer container, bool forceReplace)
{
SCReplaceAclRecursivelyExecutor executor =
new SCReplaceAclRecursivelyExecutor(SCOperationType.ReplaceAclRecursively, container)
{
ForceReplace = forceReplace
};
if (this._NeedCheckPermissions)
{
CheckUpdateAclPermissions(SCOperationType.UpdateObjectAcl, ((SchemaObjectBase)container).ID);
}
ISCAclContainer result = null;
ExecuteWithActions(SCOperationType.UpdateObjectAcl, () => SCActionContext.Current.DoActions(() => result = (ISCAclContainer)executor.Execute()));
return(result);
}
public void ReplaceAcl()
{
SCObjectGenerator.PreareTestOguObjectForDelete();
var parent1 = (SCOrganization)SchemaObjectAdapter.Instance.LoadByCodeName("Organizations", "groupHQ", SchemaObjectStatus.Normal, DateTime.MinValue);
var parent2 = (SCOrganization)SchemaObjectAdapter.Instance.LoadByCodeName("Organizations", "流程管理部", SchemaObjectStatus.Normal, DateTime.MinValue);
var role1 = (SCRole)SchemaObjectAdapter.Instance.LoadByCodeName("Roles", "系统管理员", SchemaObjectStatus.Normal, DateTime.MinValue);
var role2 = (SCRole)SchemaObjectAdapter.Instance.LoadByCodeName("Roles", "系统维护员", SchemaObjectStatus.Normal, DateTime.MinValue);
var container = new PC.Permissions.SCAclContainer(parent1);
container.Members.Add("AddChildren", role1);
container.Members.Add("DeleteChildren", role1);
container.Members.Add("UpdateChildren", role2);
container.Members.Add("EditPermissionsOfChildren", role2);
container.Members.Add("AddChildren", role2);
PC.Executors.SCObjectOperations.Instance.UpdateObjectAcl(container);
var childAcls = PC.Adapters.SCAclAdapter.Instance.LoadByContainerID(parent2.ID, DateTime.MinValue);
Assert.IsTrue(childAcls.Count == 0);
SCReplaceAclRecursivelyExecutor executor = new SCReplaceAclRecursivelyExecutor(SOA.DataObjects.Security.Actions.SCOperationType.ReplaceAclRecursively, parent1) { };
executor.Execute();
childAcls = PC.Adapters.SCAclAdapter.Instance.LoadByContainerID(parent2.ID, DateTime.MinValue);
Assert.IsTrue(childAcls.Count == 5);
Assert.IsTrue((from p in childAcls where p.ContainerID == parent2.ID && p.ContainerPermission == "AddChildren" && p.MemberID == role1.ID select p).Any());
Assert.IsTrue((from p in childAcls where p.ContainerID == parent2.ID && p.ContainerPermission == "DeleteChildren" && p.MemberID == role1.ID select p).Any());
Assert.IsTrue((from p in childAcls where p.ContainerID == parent2.ID && p.ContainerPermission == "UpdateChildren" && p.MemberID == role2.ID select p).Any());
Assert.IsTrue((from p in childAcls where p.ContainerID == parent2.ID && p.ContainerPermission == "EditPermissionsOfChildren" && p.MemberID == role2.ID select p).Any());
Assert.IsTrue((from p in childAcls where p.ContainerID == parent2.ID && p.ContainerPermission == "AddChildren" && p.MemberID == role2.ID select p).Any());
}
/// <summary>
/// 递归替换子对象的Acl
/// </summary>
/// <param name="container"></param>
/// <param name="forceReplace">是否强制覆盖</param>
/// <returns></returns>
public ISCAclContainer ReplaceAclRecursively(ISCAclContainer container, bool forceReplace)
{
SCReplaceAclRecursivelyExecutor executor =
new SCReplaceAclRecursivelyExecutor(SCOperationType.ReplaceAclRecursively, container) { ForceReplace = forceReplace };
if (this._NeedCheckPermissions)
CheckUpdateAclPermissions(SCOperationType.UpdateObjectAcl, ((SchemaObjectBase)container).ID);
ISCAclContainer result = null;
ExecuteWithActions(SCOperationType.UpdateObjectAcl, () => SCActionContext.Current.DoActions(() => result = (ISCAclContainer)executor.Execute()));
return result;
}
