public static WcfError ValidateSession(String session, String moduleName)
{
//第一步,获取用户
using (ISession hibernateSession = NHibernateHelper.CurrentHelper.OpenSession())
{
var query =
hibernateSession.CreateQuery("from SessionToken where SessionGuid = ?");
query.SetString(0, session);
var sessionToken = query.List <SessionToken>().FirstOrDefault();
if (sessionToken?.User == null || sessionToken.User <= 0)
{
return(WcfError.InvalidSession);
}
//timeout
if (sessionToken.LastOperationTime < DateTime.Now.Subtract(new TimeSpan(0, 0, TimeoutInSecond)))
{
return(WcfError.SessionTimeout);
}
sessionToken.LastOperationTime = DateTime.Now;
sessionToken.LastOperation = moduleName;
hibernateSession.Update(sessionToken);
hibernateSession.Flush();
//找到Module
query =
hibernateSession.CreateQuery("from ModuleFunction where end_date is null and FunctionQualifier = ?");
query.SetString(0, moduleName);
var module = query.List <ModuleFunction>().FirstOrDefault();
if (module == null)
{
// ReSharper disable once ConditionIsAlwaysTrueOrFalse
if (DEBUG_ALLOW_EVERYTHING)
// ReSharper disable once HeuristicUnreachableCode
#pragma warning disable 162
{
query =
hibernateSession.CreateQuery(
"from ModuleFunction where end_date is null and FunctionQualifier = ?");
query.SetString(0, "[DEBUG]" + moduleName);
module = query.List <ModuleFunction>().FirstOrDefault();
if (module == null)
{
module = new ModuleFunction
{
FunctionQualifier = "[DEBUG]" + moduleName,
BusinessName = moduleName,
ServiceName = moduleName
};
module.Id = (int)hibernateSession.Save(module);
hibernateSession.Flush();
}
}
else
// ReSharper disable once HeuristicUnreachableCode
{
return(WcfError.NoSuchModule);
}
#pragma warning restore 162
}
int userId = sessionToken.User.Value;
//找到该用户的所有用户组,看是否有权限
var user = hibernateSession.Get <User>(userId);
var privilege = PrivilegeApi.GetModuleFunctionPrivilege(userId, module.Id, hibernateSession);
if (privilege != null)
{
if (privilege.Status == PermissionStateTrue)
{
return(WcfError.None);
}
else
{
return(WcfError.InsufficientPrivilege);
}
}
//TODO:寻找用户组间接授权
//没有授权
// ReSharper disable once ConditionIsAlwaysTrueOrFalse
if (DEBUG_ALLOW_EVERYTHING)
// ReSharper disable once HeuristicUnreachableCode
#pragma warning disable 162
{
var result = new ModuleFunctionMap();
result.State = PermissionStateTrue;
result.ModuleId = module.Id;
result.EntityId = userId;
result.EntityTypeId = EntityStructureApi.GetStructureByTypeName("UserGroup")?.Id ?? 0;
result.Description = "[Debug]为用户[" + user.Name + "]赋予" + module.FunctionQualifier + "的执行权限。";
hibernateSession.Save(result);
hibernateSession.Flush();
return(WcfError.None);
}
else
{
// ReSharper disable once HeuristicUnreachableCode
return(WcfError.InsufficientPrivilege);
}
#pragma warning restore 162
}
}
internal static ModulePrivilegeRelationship GetModuleFunctionPrivilege(int userId, int moduleId, GroupTrees userGroupTrees, ISession hibernateSession = null)
{
var mySession = hibernateSession ?? NHibernateHelper.CurrentHelper.OpenSession();
try
{
var user = mySession.Get <User>(userId);
var privilegeResult = new ModulePrivilegeRelationship()
{
FunctionId = moduleId
};
//注意优先级
//第一级,用户自己的设置
var query =
mySession.CreateQuery("from ModuleFunctionMap where end_date is null and EntityTypeId = " +
EntityStructureApi.GetStructureByTypeName("User")?.Id
+ " and EntityId = " + userId + " and ModuleId = " + moduleId);
var result = query.List <ModuleFunctionMap>().FirstOrDefault();
if (result != null)
{
privilegeResult.IsGroupLevel = false;
privilegeResult.Source = user.Name;
privilegeResult.Status = result.State;
return(privilegeResult);
}
privilegeResult.IsGroupLevel = true;
var groupPrivileges = new Dictionary <int, int>();
foreach (var leaf in userGroupTrees.Leaves)
{
var node = leaf;
bool found = false;
while (true)
{
if (found)
{
groupPrivileges[node.GroupId] = -1;
}
else
{
int status;
if (!groupPrivileges.TryGetValue(node.GroupId, out status))
{
query =
mySession.CreateQuery("from ModuleFunctionMap where end_date is null and EntityTypeId = " +
EntityStructureApi.GetStructureByTypeName("UserGroup")?.Id
+ " and EntityId = ? and ModuleId = " + moduleId);
query.SetInt32(0, node.GroupId);
result = query.List <ModuleFunctionMap>().FirstOrDefault();
if (result != null)
{
groupPrivileges.Add(node.GroupId, result.State);
found = true;
}
else
{
groupPrivileges.Add(node.GroupId, -1);
}
}
}
if (node.Parent == null)
{
break;
}
node = node.Parent;
}
}
if (groupPrivileges.ContainsValue(SessionManager.PermissionStateFalse))
{
privilegeResult.Status = SessionManager.PermissionStateFalse;
privilegeResult.Source = mySession.Get <UserGroup>(
groupPrivileges.First(gp => gp.Value == SessionManager.PermissionStateFalse).Key).Name;
return(privilegeResult);
}
else if (groupPrivileges.ContainsValue(SessionManager.PermissionStateTrue))
{
privilegeResult.Status = SessionManager.PermissionStateTrue;
privilegeResult.Source = mySession.Get <UserGroup>(
groupPrivileges.First(gp => gp.Value == SessionManager.PermissionStateTrue).Key).Name;
return(privilegeResult);
}
return(null);
}
finally
{
if (hibernateSession == null)
{
mySession.Dispose();
}
}
}