/// <summary>
/// 检查权限编码是否存在
/// </summary>
/// <param name="code">权限编码</param>
/// <returns></returns>
public static bool ExistAuthorityCode(string code)
{
if (code.IsNullOrEmpty())
{
return(false);
}
IQuery query = QueryFactory.Create <AuthorityQuery>(c => c.Code == code);
return(authRepository.Exist(query));
}
/// <summary>
/// 检查权限编码是否存在
/// </summary>
/// <param name="nowSysNo">当前系统编号</param>
/// <param name="code">权限编码</param>
/// <returns></returns>
public bool ExistAuthorityCode(long nowSysNo, string code)
{
if (code.IsNullOrEmpty())
{
return(false);
}
IQuery query = QueryFactory.Create <AuthorityQuery>(c => c.Code == code && c.SysNo != nowSysNo);
return(authRepository.Exist(query));
}
/// <summary>
/// 用户授权验证
/// </summary>
/// <param name="auth">授权验证信息</param>
/// <returns></returns>
public bool Authentication(Authentication auth)
{
if (auth == null || auth.User == null || auth.Operation == null)
{
return(false);
}
#region 用户信息验证
User nowUser = userService.GetUser(auth.User.SysNo);//当前用户
if (nowUser == null)
{
return(false);
}
if (nowUser.SuperUser)
{
return(true);//超级用户不受权限控制
}
#endregion
#region 授权操作信息验证
AuthorityOperation nowOperation = authorityOperationService.GetAuthorityOperation(auth.Operation.ControllerCode, auth.Operation.ActionCode);//授权操作信息
if (nowOperation == null || nowOperation.Status == AuthorityOperationStatus.关闭)
{
return(false);
}
if (nowOperation.AuthorizeType == AuthorityOperationAuthorizeType.无限制)
{
return(true);
}
#endregion
#region 授权验证
//权限
IQuery authorityQuery = QueryManager.Create <AuthorityQuery>(a => a.Status == AuthorityStatus.启用);
authorityQuery.AddQueryFields <AuthorityQuery>(a => a.Code);
//操作绑定权限
IQuery operationBindQuery = QueryManager.Create <AuthorityBindOperationQuery>(a => a.AuthorityOperationSysNo == nowOperation.SysNo);
operationBindQuery.AddQueryFields <AuthorityBindOperationQuery>(a => a.AuthoritySysNo);
authorityQuery.And <AuthorityQuery>(a => a.Code, CriteriaOperator.In, operationBindQuery);
//当前用户可以使用
IQuery userAuthorizeQuery = QueryManager.Create <UserAuthorizeQuery>(a => a.UserSysNo == auth.User.SysNo && a.Disable == false);
userAuthorizeQuery.AddQueryFields <UserAuthorizeQuery>(a => a.AuthoritySysNo);
//用户角色
IQuery userRoleQuery = QueryManager.Create <UserRoleQuery>(a => a.UserSysNo == auth.User.SysNo);
userRoleQuery.AddQueryFields <UserRoleQuery>(r => r.RoleSysNo);
//角色权限
IQuery roleAuthorizeQuery = QueryManager.Create <RoleAuthorizeQuery>();
roleAuthorizeQuery.AddQueryFields <RoleAuthorizeQuery>(a => a.AuthoritySysNo);
roleAuthorizeQuery.And <RoleAuthorizeQuery>(a => a.RoleSysNo, CriteriaOperator.In, userRoleQuery);
//用户或用户角色拥有权限
IQuery userAndRoleAuthorityQuery = QueryManager.Create();
userAndRoleAuthorityQuery.And <AuthorityQuery>(a => a.Code, CriteriaOperator.In, userAuthorizeQuery); //用户拥有权限
userAndRoleAuthorityQuery.Or <AuthorityQuery>(a => a.Code, CriteriaOperator.In, roleAuthorizeQuery); //或者角色拥有权限
authorityQuery.And(userAndRoleAuthorityQuery);
//去除用户禁用的
IQuery userDisableAuthorizeQuery = QueryManager.Create <UserAuthorizeQuery>(a => a.UserSysNo == auth.User.SysNo && a.Disable == true);
userDisableAuthorizeQuery.AddQueryFields <UserAuthorizeQuery>(a => a.AuthoritySysNo);
authorityQuery.And <AuthorityQuery>(a => a.Code, CriteriaOperator.NotIn, userDisableAuthorizeQuery);
return(authorityRepository.Exist(authorityQuery));
#endregion
}