internal static void InitSecurityContext(WebControls.BannerNotice notice) { if (TimePointContext.Current.UseCurrentTime) { // switch (MCS.Library.PCPassport.Principal.PCPrincipal.PCCurrent.KeyRoleStatus) // { // case MCS.Library.PCPassport.Principal.SecurityStatus.Ready: // break; // case MCS.Library.PCPassport.Principal.SecurityStatus.ConfigNotReady: // notice.Text = "尚未配置管理应用或管理角色,操作将不受ACL控制,请联系管理员处理此安全风险。"; // break; // case MCS.Library.PCPassport.Principal.SecurityStatus.KeyRoleEmpty: // notice.Text = "管理角色中无任何人员,操作将不受ACL控制,请联系管理员处理此安全风险。"; // break; // default: // break; // } } }
/* internal static void ValidateAdminRole(MCS.Library.OGUPermission.IRole role) { string[] parts = role.FullCodeName.Split(':'); if (parts.Length != 2 || parts[0].Length == 0 || parts[1].Length == 0) throw new FormatException("角色的全名格式有误"); var app = PC.Adapters.SchemaObjectAdapter.Instance.LoadByCodeName("Applications", parts[0], DateTime.MinValue) as PC.SCApplication; var role1 = PC.Adapters.SchemaObjectAdapter.Instance.LoadByCodeName("Roles", parts[1], DateTime.MinValue) as PC.SCRole; if (app == null) throw new ManageRoleNotExistException(parts[0], parts[1]); if (PC.Adapters.SCMemberRelationAdapter.Instance.Load(app.ID, role1.ID) == null) throw new ManageRoleNotExistException(parts[0], parts[1], string.Format("存在无效的配置,指定的角色全名对应无效的对象{0}", parts[0], parts[1])); } */ internal static ManageAclStatus GetAdminRoleStatus(BannerNotice notice) { ManageAclStatus result; var adminRole = ObjectSchemaSettings.GetConfig().GetAdminRole(); if (adminRole != null) { // 检查授权 try { // Util.ValidateAdminRole(adminRole); // 经过这步,基本确定配置和当前对象无误 string[] parts = adminRole.FullCodeName.Split(':'); string adminRoleID; if (parts.Length != 2) { throw new FormatException("配置文件中的管理角色路径格式错误。"); } try { adminRoleID = adminRole.ID; // 有可能抛异常 } catch (Exception ex) { throw new ManageRoleNotExistException(parts[0], parts[1], ex); } if (Util.IsRoleEmpty(adminRoleID)) { notice.Text = string.Format("管理角色{0}尚无任何人员,权限已完全开放,请联系管理员立即处理此安全风险。", adminRole.FullCodeName); notice.RenderType = WebControls.NoticeType.Warning; result = ManageAclStatus.NobodyIn; } else { result = ManageAclStatus.Ready; } } catch (ManageRoleNotExistException m) { notice.Text = m.Message + " 请联系管理员"; notice.RenderType = WebControls.NoticeType.Error; result = ManageAclStatus.RoleNotExists; } } else { notice.RenderType = WebControls.NoticeType.Error; notice.Text = "系统尚未配置管理应用和角色,授权管理操作对所有用户开放,为了防范安全风险请联系管理员立即修改配置并重启服务。"; result = ManageAclStatus.NoConfig; } return result; }