Example #1
0
        public void Permit(int userId, ACLROLETYPE roleType, int resourceId, ACLOPERATION operation)
        {
            // user have to have write privilege on resource
            CACLEntity acl = new CACLEntity();

            acl.Acl_Resource  = resourceId;
            acl.Acl_Operation = (int)ACLOPERATION.WRITE;
            if (!CheckPrivilege(acl))
            {
                throw new Exception("没有写权限");
            }

            List <CACLEntity> userAcls = new List <CACLEntity>();

            if (roleType == ACLROLETYPE.USERROLE)
            {
                CUserEntity user = new CUserEntity(ConnString).Load(userId);
                userAcls = user.GetUserACLs();
            }
            else if (roleType == ACLROLETYPE.GROUPROLE)
            {
                CGroupEntity group = new CGroupEntity(ConnString).Load(userId);
                userAcls = group.GetGroupACLs();
            }

            // check if this acl conflicts with others
            CResourceEntity resource = new CResourceEntity(ConnString).Load(resourceId);

            foreach (CACLEntity userAcl in userAcls)
            {
                if (resource.IsChild(userAcl.Acl_Resource) && userAcl.Acl_Operation == (int)operation)
                {
                    throw new Exception("与其他权限冲突");
                }
            }

            // create acl
            CACLEntity acl1 = new CACLEntity(ConnString);

            acl1.Acl_Resource   = resourceId;
            acl1.Acl_Role       = userId;
            acl1.Acl_RType      = (int)roleType;
            acl1.Acl_Operation  = (int)operation;
            acl1.Acl_Creator    = this.Usr_Id;
            acl1.Acl_CreateTime = DateTime.Now;
            acl1.Insert();

            // remove all child privileges
            foreach (CACLEntity ua in userAcls)
            {
                resource = new CResourceEntity(ConnString).Load(ua.Acl_Resource);
                if (resource.IsChild(resourceId) && ua.Acl_Operation == (int)operation)
                {
                    ua.Delete();
                }
            }
        }
Example #2
0
        public void ModifyGroup(CGroupEntity group)
        {
            // Check privilege
            CACLEntity acl = new CACLEntity();

            acl.Acl_Operation = (int)ACLOPERATION.CREATENORMALUSER;
            acl.Acl_Resource  = Usr_Organize;
            if (!CheckPrivilege(acl))
            {
                throw new Exception("当前用户无修改用户组权限");
            }

            group.ConnString = ConnString;
            group.Update();
        }
Example #3
0
        public void DeleteGroup(int groupId)
        {
            // Check privilege
            CACLEntity acl = new CACLEntity();

            acl.Acl_Operation = (int)ACLOPERATION.CREATENORMALUSER;
            acl.Acl_Resource  = Usr_Organize;
            if (!CheckPrivilege(acl))
            {
                throw new Exception("当前用户无修改用户组权限");
            }

            CGroupEntity group = new CGroupEntity(ConnString).Load(groupId);

            group.Delete();
        }
Example #4
0
        public List <CGroupEntity> GetUserGroups()
        {
            String                  filter     = "this.Urg_User=" + this.Usr_Id;
            CUserGroupEntity        userGroup  = new CUserGroupEntity(ConnString);
            List <CUserGroupEntity> userGroups = userGroup.GetObjectList(filter);

            List <CGroupEntity> groups = new List <CGroupEntity>();
            CGroupEntity        group  = new CGroupEntity(ConnString);

            foreach (CUserGroupEntity ug in userGroups)
            {
                CGroupEntity g = group.Load(ug.Urg_Group);
                if (g != null)
                {
                    groups.Add(g);
                }
            }
            return(groups);
        }