/// <summary> /// 获得用户sourceID在角色roleID委派中的被委派对象的显示名称 /// </summary> /// <param name="xmlDoc"></param> protected void GetRoleDelegationUser(XmlDocument xmlDoc) { using (DbContext context = DbContext.GetContext(AppResource.ConnAlias)) { string strSourceID = xmlDoc.DocumentElement.GetAttribute("sourceID"); string strRoleID = xmlDoc.DocumentElement.GetAttribute("roleID"); string strSQL = "SELECT TARGET_ID, START_TIME, END_TIME FROM DELEGATIONS WHERE SOURCE_ID = " + TSqlBuilder.Instance.CheckQuotationMark(strSourceID, true) + " AND ROLE_ID = " + TSqlBuilder.Instance.CheckQuotationMark(strRoleID, true); DataSet ds = InnerCommon.ExecuteDataset(strSQL); _XmlResult = InnerCommon.GetXmlDoc(ds); string strTargetID = string.Empty; if (ds.Tables[0].Rows.Count != 0) { strTargetID = ds.Tables[0].Rows[0]["TARGET_ID"].ToString(); } if (strTargetID != string.Empty) { ds = OGUReader.GetObjectsDetail("USERS", strTargetID, SearchObjectColumn.SEARCH_GUID, string.Empty, SearchObjectColumn.SEARCH_NULL); string strDisplayName = ds.Tables[0].Rows[0]["DISPLAY_NAME"].ToString(); XmlHelper.AppendNode <string>(_XmlResult.DocumentElement.SelectSingleNode("DELEGATIONS"), "TARGET_DISPLAYNAME", strDisplayName); } } }
/// <summary> /// 查询某功能与所有角色的对应关系 /// </summary> private void DoQueryFuncToRole() { XmlElement root = _XmlRequest.DocumentElement; string strAppID = root.GetAttribute("app_id"); string strFuncID = root.GetAttribute("func_id"); string strSQL = @"SELECT ID,APP_ID,NAME,CODE_NAME,DESCRIPTION,CLASSIFY,SORT_ID,INHERITED,ALLOW_DELEGATE,{1} AS FUNC_ID FROM ROLES WHERE APP_ID = {0} AND ID IN (SELECT ROLE_ID AS ID FROM ROLE_TO_FUNCTIONS WHERE FUNC_ID = {1}) AND CLASSIFY = (SELECT CLASSIFY FROM FUNCTIONS WHERE ID = {1}) union all SELECT ID,APP_ID,NAME,CODE_NAME,DESCRIPTION,CLASSIFY,SORT_ID,INHERITED,ALLOW_DELEGATE,'' AS FUNC_ID FROM ROLES WHERE APP_ID = {0} AND ID NOT IN (SELECT ROLE_ID AS ID FROM ROLE_TO_FUNCTIONS WHERE FUNC_ID = {1}) AND CLASSIFY = (SELECT CLASSIFY FROM FUNCTIONS WHERE ID = {1}) ORDER BY SORT_ID" ; strSQL = string.Format(strSQL, TSqlBuilder.Instance.CheckQuotationMark(strAppID, true), TSqlBuilder.Instance.CheckQuotationMark(strFuncID, true)); #if DEBUG Debug.WriteLine(strSQL.ToString()); #endif _XmlResult = InnerCommon.GetXmlDoc(InnerCommon.ExecuteDataset(strSQL)); }
private void DoQueryExpScope() { XmlElement root = _XmlRequest.DocumentElement; string strAppID = TSqlBuilder.Instance.CheckQuotationMark(root.GetAttribute("app_id"), true); string strExpID = TSqlBuilder.Instance.CheckQuotationMark(root.GetAttribute("exp_id"), true); string strSQL = @"SELECT SCOPE_ID INTO #SCOPE_IDS FROM EXP_TO_SCOPES WHERE EXP_ID = {1} SELECT * , {1} AS EXP_ID FROM SCOPES WHERE APP_ID = {0} AND ID IN (SELECT * FROM #SCOPE_IDS) UNION ALL SELECT * , '' AS EXP_ID FROM SCOPES WHERE APP_ID = {0} AND ID NOT IN (SELECT * FROM #SCOPE_IDS) ORDER BY EXP_ID DESC, DESCRIPTION " ; strSQL = string.Format(strSQL, strAppID, strExpID); _XmlResult = InnerCommon.GetXmlDoc(InnerCommon.ExecuteDataset(strSQL)); }
protected void DoQueryObj() { XmlElement root = _XmlRequest.DocumentElement; string strTable = root.GetAttribute("type"); string strAppID = root.GetAttribute("app_id"); string strObjID = root.GetAttribute("id"); string strAnd; if (strTable == "APPLICATIONS") { strAnd = string.Empty; } else { strAnd = string.Format(" AND APP_ID = {0}", TSqlBuilder.Instance.CheckQuotationMark(strAppID, true)); } string strSQL = @"SELECT * FROM {0} WHERE ID = {1} {2}" ; strSQL = string.Format(strSQL, strTable, TSqlBuilder.Instance.CheckQuotationMark(strObjID, true), strAnd); _XmlResult = InnerCommon.GetXmlDoc(InnerCommon.ExecuteDataset(strSQL)); }
private void AddSidelineObjects(string strOrgGuid) { string strObjGuid = (string)GetRequestData("objGuid", string.Empty); DataSet ds, orgDs; DataRow row; ds = OGUReader.GetObjectsDetail("USERS", strObjGuid, SearchObjectColumn.SEARCH_USER_GUID, strOrgGuid, SearchObjectColumn.SEARCH_GUID); ExceptionHelper.TrueThrow((ds == null) || (ds.Tables.Count == 0) || (ds.Tables[0].Rows.Count == 0), "对不起,系统中没有找到指定的对象!"); row = ds.Tables[0].Rows[0]; string strSParentGuid = (string)GetRequestData("SParentGuid", string.Empty); orgDs = OGUReader.GetObjectsDetail("ORGANIZATIONS", strSParentGuid, SearchObjectColumn.SEARCH_GUID, string.Empty, SearchObjectColumn.SEARCH_NULL); parentAllPathName.Value = OGUCommonDefine.DBValueToString(orgDs.Tables[0].Rows[0]["ALL_PATH_NAME"]); row["ALL_PATH_NAME"] = parentAllPathName.Value + "\\" + OGUCommonDefine.DBValueToString(row["OBJ_NAME"]); row["SIDELINE"] = 1; row["CREATE_TIME"] = row["END_TIME"] = row["START_TIME"] = row["RANK_NAME"] = DBNull.Value; userData.Value = InnerCommon.GetXmlDoc(ds).OuterXml; }
private void DoQueryFuncSetToFunc() { XmlElement root = _XmlRequest.DocumentElement; string strAppID = TSqlBuilder.Instance.CheckQuotationMark(root.GetAttribute("app_id"), true); string strFuncSetID = TSqlBuilder.Instance.CheckQuotationMark(root.GetAttribute("func_set_id"), true); string strSQL = @"SELECT FUNC_ID INTO #FUNC_IDS FROM FUNC_SET_TO_FUNCS WHERE FUNC_SET_ID = {0}; SELECT FUNC_ID INTO #FUNC_IDS2 FROM FUNC_SET_TO_FUNCS WHERE FUNC_ID IN (SELECT ID FROM FUNCTIONS WHERE APP_ID = {1}); SELECT *, 0 AS TYPE, {0} AS FUNC_SET_ID FROM FUNCTIONS WHERE ID IN (SELECT * FROM #FUNC_IDS) AND APP_ID = {1} AND CLASSIFY = (SELECT CLASSIFY FROM FUNCTION_SETS WHERE ID = {0}) UNION ALL SELECT *, 0 AS TYPE, '' AS FUNC_SET_ID FROM FUNCTIONS WHERE ID NOT IN (SELECT * FROM #FUNC_IDS2) AND APP_ID = {1} AND CLASSIFY = (SELECT CLASSIFY FROM FUNCTION_SETS WHERE ID = {0}) ORDER BY FUNC_SET_ID DESC, SORT_ID" ; strSQL = string.Format(strSQL, strFuncSetID, strAppID); _XmlResult = InnerCommon.GetXmlDoc(InnerCommon.ExecuteDataset(strSQL)); }
/// <summary> /// 查询应用(app_id)中包含用户(UserID)的所有角色 /// </summary> /// <param name="xmlDoc"></param> /// <remarks> /// <code> /// <getAppDelegationRoles logonName="userLogonName" appID="app_id" appCodeName="app_code_name"></getAppDelegationRoles> /// </code> /// </remarks> protected void GetAppDelegationRoles(XmlDocument xmlDoc) { string strLogonName = xmlDoc.DocumentElement.GetAttribute("logonName"); string strAppCodeName = xmlDoc.DocumentElement.GetAttribute("appCodeName"); DataSet ds = SecurityCheck.GetUserAllowDelegteRoles(strLogonName, strAppCodeName, UserValueType.LogonName, RightMaskType.All); _XmlResult = InnerCommon.GetXmlDoc(ds); }
protected void Page_Load(object sender, System.EventArgs e) { // 在此处放置用户代码以初始化页面 string sortID = GetRequestData("sortID", "0").ToString(); string strSql = @"SELECT * FROM SYS_USER_LOGON WHERE ID = " + TSqlBuilder.Instance.CheckQuotationMark(sortID, true); XmlDocument doc = InnerCommon.GetXmlDoc(InnerCommon.ExecuteDataset(strSql)); SetControlValue(doc.DocumentElement.FirstChild); }
/// <summary> /// 查询某应用下的所有服务范围 /// </summary> private void DoQueryAppScope() { XmlElement root = _XmlRequest.DocumentElement; string strAppID = root.GetAttribute("app_id"); string strSQL = "SELECT ID,APP_ID,NAME,CODE_NAME, EXPRESSION,DESCRIPTION,CLASSIFY,SORT_ID,INHERITED " + " FROM SCOPES " + " WHERE APP_ID = " + TSqlBuilder.Instance.CheckQuotationMark(strAppID, true) + " ORDER BY DESCRIPTION"; _XmlResult = InnerCommon.GetXmlDoc(InnerCommon.ExecuteDataset(strSQL)); }
/// <summary> /// 查询角色、功能或功能集合的信息 /// </summary> /// <param name="xmlDoc"></param> protected void GetObjInfo(XmlDocument xmlDoc) { XmlElement root = xmlDoc.DocumentElement; string strTableName = root.GetAttribute("type"); string strID = root.GetAttribute("id"); string strSQL = "SELECT * FROM " + TSqlBuilder.Instance.CheckQuotationMark(strTableName, false) + " WHERE ID = " + TSqlBuilder.Instance.CheckQuotationMark(strID, true); DataSet ds = InnerCommon.ExecuteDataset(strSQL); _XmlResult = InnerCommon.GetXmlDoc(ds); }
private void DoQueryRoleToExp() { using (DbContext context = DbContext.GetContext(AppResource.ConnAlias)) { XmlElement root = _XmlRequest.DocumentElement; string strAppID = root.GetAttribute("app_id"); string strRoleID = root.GetAttribute("role_id"); //string strSQL = "SELECT ID, ROLE_ID, NAME, EXPRESSION, DESCRIPTION, SORT_ID, INHERITED, CLASSIFY " // + " FROM EXPRESSIONS " // + " WHERE ROLE_ID = " + TSqlBuilder.Instance.CheckQuotationMark(strRoleID) // + " ORDER BY CLASSIFY DESC, DESCRIPTION, SORT_ID"; string strSQL = string.Format("SELECT CODE_NAME FROM APPLICATIONS WHERE ID = {0}; SELECT CODE_NAME FROM ROLES WHERE ID={1}", TSqlBuilder.Instance.CheckQuotationMark(strAppID, true), TSqlBuilder.Instance.CheckQuotationMark(strRoleID, true)); DataSet ds = InnerCommon.ExecuteDataset(strSQL); string strAppCodeName = string.Empty; string strRoleCodeName = string.Empty; if (ds.Tables[0].Rows.Count > 0) { strAppCodeName = ds.Tables[0].Rows[0]["CODE_NAME"].ToString(); } if (ds.Tables[1].Rows.Count > 0) { strRoleCodeName = ds.Tables[1].Rows[0]["CODE_NAME"].ToString(); } //如果不是总管理员,则得到机构管理范围 string strOrgRoot = string.Empty; if (false == SecurityCheck.IsAdminUser(LogOnUserInfo.UserLogOnName)) { ds = SecurityCheck.GetUserFunctionsScopes(LogOnUserInfo.UserLogOnName, strAppCodeName, "ADD_OBJECT_FUNC,DELETE_OBJECT_FUNC,MODIFY_OBJECT_FUNC"); for (int i = 0; i < ds.Tables[0].Rows.Count; i++) { if (strOrgRoot == string.Empty) { strOrgRoot += ds.Tables[0].Rows[i]["DESCRIPTION"].ToString(); } else { strOrgRoot += "," + ds.Tables[0].Rows[i]["DESCRIPTION"].ToString(); } } if (strOrgRoot == string.Empty) { strOrgRoot = "NoOrgRoot"; } } ds = SecurityCheck.GetChildrenInRoles(strOrgRoot, strAppCodeName, strRoleCodeName, false, false, false); _XmlResult = InnerCommon.GetXmlDoc(ds); } }
/// <summary> /// 查询某应用下某类型的所有角色 /// </summary> private void DoQueryRole() { XmlElement root = _XmlRequest.DocumentElement; string strAppID = root.GetAttribute("app_id"); string strClassify = root.GetAttribute("classify"); string strSQL = "SELECT ID,APP_ID,NAME,CODE_NAME,DESCRIPTION,CLASSIFY,SORT_ID,INHERITED,ALLOW_DELEGATE " + " FROM ROLES WHERE APP_ID = " + TSqlBuilder.Instance.CheckQuotationMark(strAppID, true) + " AND CLASSIFY = " + TSqlBuilder.Instance.CheckQuotationMark(strClassify, true) + " ORDER BY SORT_ID"; _XmlResult = InnerCommon.GetXmlDoc(InnerCommon.ExecuteDataset(strSQL)); }
/// <summary> /// 查询userID在应用的角色中存在的所有应用 /// </summary> /// <param name="xmlDoc"></param> /// <remarks> /// <code> /// <getDelegationApps logonName="userlogonname" idType="logonName" appID="application_id"></getDelegationApps> /// </code> /// </remarks> protected void GetDelegationApplications(XmlDocument xmlDoc) { string strLogonName = xmlDoc.DocumentElement.GetAttribute("logonName"); DataSet ds = SecurityCheck.GetUserApplicationsForDelegation(strLogonName, UserValueType.LogonName, RightMaskType.All); _XmlResult = InnerCommon.GetXmlDoc(ds); ds = OGUReader.GetObjectsDetail("USERS", strLogonName, SearchObjectColumn.SEARCH_LOGON_NAME, string.Empty, SearchObjectColumn.SEARCH_NULL); string strDisplayName = ds.Tables[0].Rows[0]["DISPLAY_NAME"].ToString(); _XmlResult.DocumentElement.SetAttribute("displayName", strDisplayName); }
protected void Page_Load(object sender, System.EventArgs e) { // 在此处放置用户代码以初始化页面 Response.Cache.SetNoStore(); secFrm.Value = Request.QueryString["secFrm"]; string strSql = @"SELECT DISTINCT DISPLAYNAME FROM APP_LOG_TYPE WHERE VISIBLE = 'y' AND CODE_NAME <> 'appall' ORDER BY DISPLAYNAME" ; HiddenXml.DocumentContent = InnerCommon.GetXmlDoc(InnerCommon.ExecuteDataset(strSql)).DocumentElement.OuterXml; }
protected void Page_Load(object sender, System.EventArgs e) { Response.Cache.SetNoStore(); string strParentGuid = (string)GetRequestData("parentGuid", string.Empty).ToString(); string strOPType = (string)GetRequestData("opType", string.Empty); ExceptionHelper.TrueThrow(strOPType == string.Empty, "对不起,系统传输数据缺少“opType”!"); if (false == IsPostBack) { using (DbContext context = DbContext.GetContext(AccreditResource.ConnAlias)) { InitPageObject(); switch (strOPType) { case "Update": string strObjGuid = (string)GetRequestData("objGuid", string.Empty); ExceptionHelper.TrueThrow(string.IsNullOrEmpty(strObjGuid), "对不起,系统传输数据缺少“objGuid”!"); DataSet ds = OGUReader.GetObjectsDetail("ORGANIZATIONS", strObjGuid, SearchObjectColumn.SEARCH_GUID, strParentGuid, SearchObjectColumn.SEARCH_GUID); ExceptionHelper.TrueThrow((ds == null) || (ds.Tables.Count == 0) || (ds.Tables[0].Rows.Count == 0), "对不起,系统中没有找到指定的对象!"); organizationData.Value = InnerCommon.GetXmlDoc(ds).OuterXml; string strAllPathName = OGUCommonDefine.DBValueToString(ds.Tables[0].Rows[0]["ALL_PATH_NAME"]); if (strAllPathName.LastIndexOf("\\") >= 0) { parentAllPathName.Value = strAllPathName.Substring(0, strAllPathName.LastIndexOf("\\")); } break; case "Insert": string strSql = "SELECT ALL_PATH_NAME FROM ORGANIZATIONS WHERE GUID = " + TSqlBuilder.Instance.CheckQuotationMark(strParentGuid, true); parentAllPathName.Value = InnerCommon.ExecuteScalar(strSql).ToString(); break; default: ExceptionHelper.TrueThrow(true, "对不起,系统传输数据“opType”不正确!"); break; } } CheckPermission(strOPType); } }
protected void Page_Load(object sender, System.EventArgs e) { // 在此处放置用户代码以初始化页面 string sortID = GetRequestData("sortID", "0").ToString(); string strSql = @"SELECT UOL.*, ALT.DISPLAYNAME AS APP_DISPLAYNAME, AOT.DISPLAYNAME AS OP_DISPLAYNAME FROM USER_OPEATION_LOG UOL, APP_LOG_TYPE ALT, APP_OPERATION_TYPE AOT WHERE ALT.GUID = AOT.APP_GUID AND UOL.APP_GUID = ALT.GUID AND UOL.OP_GUID = AOT.GUID AND UOL.ID = " + TSqlBuilder.Instance.CheckQuotationMark(sortID, true); XmlDocument doc = InnerCommon.GetXmlDoc(InnerCommon.ExecuteDataset(strSql)); SetControlValue(doc.DocumentElement.FirstChild); }
/// <summary> /// 查询某应用下某种类型的所有功能 /// </summary> private void DoQueryFunction() { XmlElement root = _XmlRequest.DocumentElement; string strAppID = root.GetAttribute("app_id"); string strClassify = root.GetAttribute("classify"); string strFuncSetID = root.GetAttribute("parent_id"); string strSQL = string.Empty; if (strFuncSetID == string.Empty) { strSQL = "SELECT ID,APP_ID,NAME,CODE_NAME,DESCRIPTION,SORT_ID,CHILDREN_COUNT,RESOURCE_LEVEL,LOWEST_SET,INHERITED,CLASSIFY,1 AS TYPE " + " FROM FUNCTION_SETS " + " WHERE APP_ID = " + TSqlBuilder.Instance.CheckQuotationMark(strAppID, true) + " AND CLASSIFY = " + TSqlBuilder.Instance.CheckQuotationMark(strClassify, true) + " AND LEN(RESOURCE_LEVEL) = 3"; strSQL += " union all SELECT ID,APP_ID,NAME,CODE_NAME,DESCRIPTION,SORT_ID,0 AS CHILDREN_COUNT,'' AS RESOURCE_LEVEL,'' " + "AS LOWEST_SET,INHERITED,CLASSIFY,0 AS TYPE" + " FROM FUNCTIONS " + " WHERE APP_ID = " + TSqlBuilder.Instance.CheckQuotationMark(strAppID, true) + " AND CLASSIFY = " + TSqlBuilder.Instance.CheckQuotationMark(strClassify, true) + " AND ID NOT IN (SELECT FUNC_ID AS ID FROM FUNC_SET_TO_FUNCS)" + " ORDER BY TYPE DESC, SORT_ID"; } else { strSQL = "SELECT ID,APP_ID,NAME,CODE_NAME,DESCRIPTION,SORT_ID,CHILDREN_COUNT,RESOURCE_LEVEL,LOWEST_SET,INHERITED,CLASSIFY,1 AS TYPE " + " FROM FUNCTION_SETS " + " WHERE APP_ID = " + TSqlBuilder.Instance.CheckQuotationMark(strAppID, true) + " AND CLASSIFY = " + TSqlBuilder.Instance.CheckQuotationMark(strClassify, true) + " AND LEN(RESOURCE_LEVEL) = LEN((SELECT RESOURCE_LEVEL FROM FUNCTION_SETS WHERE ID = " + TSqlBuilder.Instance.CheckQuotationMark(strFuncSetID, true) + ")) + 3" + " AND RESOURCE_LEVEL LIKE (SELECT RESOURCE_LEVEL FROM FUNCTION_SETS WHERE ID = " + TSqlBuilder.Instance.CheckQuotationMark(strFuncSetID, true) + ") + '%'"; strSQL += " union all SELECT ID,APP_ID,NAME,CODE_NAME,DESCRIPTION,SORT_ID,0 AS CHILDREN_COUNT,'' AS RESOURCE_LEVEL,'' AS LOWEST_SET,INHERITED,CLASSIFY,0 AS TYPE " + " FROM FUNCTIONS " + " WHERE APP_ID = " + TSqlBuilder.Instance.CheckQuotationMark(strAppID, true) + " AND CLASSIFY = " + TSqlBuilder.Instance.CheckQuotationMark(strClassify, true) + " AND ID IN (SELECT FUNC_ID AS ID FROM FUNC_SET_TO_FUNCS WHERE FUNC_SET_ID = " + TSqlBuilder.Instance.CheckQuotationMark(strFuncSetID, true) + ")" + " ORDER BY SORT_ID;"; } _XmlResult = InnerCommon.GetXmlDoc(InnerCommon.ExecuteDataset(strSQL)); }
private void UpdateObjects(string strOrgGuid) { string strObjGuid = (string)GetRequestData("objGuid", string.Empty); DataSet ds = OGUReader.GetObjectsDetail("USERS", strObjGuid, SearchObjectColumn.SEARCH_USER_GUID, strOrgGuid, SearchObjectColumn.SEARCH_GUID); ExceptionHelper.TrueThrow((ds == null) || (ds.Tables.Count == 0) || (ds.Tables[0].Rows.Count == 0), "对不起,系统中没有找到指定的对象!"); userData.Value = InnerCommon.GetXmlDoc(ds).OuterXml; string strAllPathName = OGUCommonDefine.DBValueToString(ds.Tables[0].Rows[0]["ALL_PATH_NAME"]); if (strAllPathName.LastIndexOf("\\") >= 0) { parentAllPathName.Value = strAllPathName.Substring(0, strAllPathName.LastIndexOf("\\")); } }
private void DoQueryFuncSetToRole() { XmlElement root = _XmlRequest.DocumentElement; string strAppID = root.GetAttribute("app_id"); string strFuncSetID = root.GetAttribute("func_set_id"); string strSQL = @"SELECT FUNC_ID INTO #FUNC_IDS FROM FUNC_SET_TO_FUNCS WHERE FUNC_SET_ID IN( SELECT ID FROM FUNCTION_SETS WHERE APP_ID = {0} AND RESOURCE_LEVEL LIKE (SELECT RESOURCE_LEVEL FROM FUNCTION_SETS WHERE ID = {1} ) + '%' AND CLASSIFY = (SELECT CLASSIFY FROM FUNCTION_SETS WHERE ID = {1})); SELECT ID INTO #ROLE_IDS FROM ROLES WHERE APP_ID = {0} AND (SELECT COUNT(DISTINCT FUNC_ID) FROM ROLE_TO_FUNCTIONS WHERE ROLE_TO_FUNCTIONS.ROLE_ID = ROLES.ID AND FUNC_ID IN (SELECT * FROM #FUNC_IDS)) = (SELECT COUNT(*) FROM #FUNC_IDS) AND (SELECT COUNT(*) FROM #FUNC_IDS) > 0; SELECT ID,APP_ID,NAME,CODE_NAME,DESCRIPTION,CLASSIFY,SORT_ID,INHERITED,ALLOW_DELEGATE, {1} AS FUNC_ID FROM ROLES WHERE ID IN (SELECT * FROM #ROLE_IDS) AND APP_ID = {0} AND CLASSIFY = ( SELECT CLASSIFY FROM FUNCTION_SETS WHERE ID = {1} ) UNION ALL SELECT ID,APP_ID,NAME,CODE_NAME,DESCRIPTION,CLASSIFY,SORT_ID,INHERITED,ALLOW_DELEGATE,'' AS FUNC_ID FROM ROLES WHERE ID NOT IN (SELECT * FROM #ROLE_IDS) AND APP_ID = {0} AND CLASSIFY = ( SELECT CLASSIFY FROM FUNCTION_SETS WHERE ID = {1} ) ORDER BY SORT_ID; SELECT * FROM FUNCTIONS WHERE ID IN (SELECT * FROM #FUNC_IDS)" ; strSQL = string.Format(strSQL, TSqlBuilder.Instance.CheckQuotationMark(strAppID, true), TSqlBuilder.Instance.CheckQuotationMark(strFuncSetID, true)); #if DEBUG Debug.Write(strSQL.ToString()); #endif _XmlResult = InnerCommon.GetXmlDoc(InnerCommon.ExecuteDataset(strSQL)); }
/// <summary> /// 查询某角色与所有功能的对应关系 /// </summary> private void DoQueryRoleToFunc() { XmlElement root = _XmlRequest.DocumentElement; string strAppID = root.GetAttribute("app_id"); string strRoleID = root.GetAttribute("role_id"); string strSQL = "SELECT ID,APP_ID,NAME,CODE_NAME,DESCRIPTION,CLASSIFY,SORT_ID,INHERITED," + TSqlBuilder.Instance.CheckQuotationMark(strRoleID, true) + " AS ROLE_ID " + " FROM FUNCTIONS " + " WHERE APP_ID = " + TSqlBuilder.Instance.CheckQuotationMark(strAppID, true) + " AND ID IN (SELECT FUNC_ID AS ID FROM ROLE_TO_FUNCTIONS WHERE ROLE_ID = " + TSqlBuilder.Instance.CheckQuotationMark(strRoleID, true) + ")"; strSQL += " union all SELECT ID,APP_ID,NAME,CODE_NAME,DESCRIPTION,CLASSIFY,SORT_ID,INHERITED,'' AS ROLE_ID " + " FROM FUNCTIONS " + " WHERE APP_ID = " + TSqlBuilder.Instance.CheckQuotationMark(strAppID, true) + " AND ID NOT IN (SELECT FUNC_ID AS ID FROM ROLE_TO_FUNCTIONS WHERE ROLE_ID = " + TSqlBuilder.Instance.CheckQuotationMark(strRoleID, true) + ")" + " ORDER BY SORT_ID"; _XmlResult = InnerCommon.GetXmlDoc(InnerCommon.ExecuteDataset(strSQL)); }
//查询当前用户有权限的应用 private void DoQueryApplication() { using (DbContext context = DbContext.GetContext(AppResource.ConnAlias)) { ExceptionHelper.TrueThrow(this.LogOnUserInfo == null, "没有登录者信息"); //******************** //查询权限确定应用范围 //******************** XmlElement root = _XmlRequest.DocumentElement; string strParentID = root.GetAttribute("parent_id"); string strSQL = string.Empty; bool bAdminUser = SecurityCheck.IsAdminUser(LogOnUserInfo.UserLogOnName); string strAppLevels = string.Empty; if (false == bAdminUser) { #region 得到父应用的resource_level strSQL = string.Format("SELECT RESOURCE_LEVEL FROM APPLICATIONS WHERE ID = {0}", TSqlBuilder.Instance.CheckQuotationMark(strParentID, true)); string strParentLevel = string.Empty; object obj = InnerCommon.ExecuteScalar(strSQL); if (obj != null) { strParentLevel = obj.ToString(); } string strTemp = string.Empty; DataTable userApps = SecurityCheck.GetUserApplications(LogOnUserInfo.UserLogOnName, UserValueType.LogonName, RightMaskType.Self).Tables[0]; for (int i = 0; i < userApps.Rows.Count; i++) { strTemp = userApps.Rows[i]["RESOURCE_LEVEL"].ToString(); if (strTemp.Length >= strParentLevel.Length + 3 && strTemp.Substring(0, strParentLevel.Length) == strParentLevel) { if (strAppLevels == string.Empty) { strAppLevels += strTemp.Substring(0, strParentLevel.Length + 3); } else { strAppLevels += "," + strTemp.Substring(0, strParentLevel.Length + 3); } } } #endregion } #region Prepare SQL strSQL = "SELECT ID,NAME, CODE_NAME, DESCRIPTION, SORT_ID, RESOURCE_LEVEL, CHILDREN_COUNT, ADD_SUBAPP, USE_SCOPE, INHERITED_STATE " + "FROM APPLICATIONS "; if (strParentID != "") { strSQL += "WHERE LEFT(RESOURCE_LEVEL, LEN(RESOURCE_LEVEL)-3) = (SELECT RESOURCE_LEVEL FROM APPLICATIONS WHERE ID = " + TSqlBuilder.Instance.CheckQuotationMark(strParentID, true) + ") "; } else { strSQL += "WHERE LEN(RESOURCE_LEVEL) = 3 "; } if (strAppLevels != string.Empty) { strSQL += string.Format("\n AND RESOURCE_LEVEL IN ({0})", InnerCommon.AddMulitStrWithQuotationMark(strAppLevels)); } else if (false == bAdminUser) { strSQL += "\n AND (1=0)"; } strSQL += " ORDER BY SORT_ID"; #endregion DataSet ds = InnerCommon.ExecuteDataset(strSQL); _XmlResult = InnerCommon.GetXmlDoc(ds); DataTable userRoleDT = null; DataTable appFuncDT = null; foreach (XmlNode xNode in _XmlResult.FirstChild.ChildNodes) { string appCodeName = xNode.SelectSingleNode(".//CODE_NAME").InnerText; if (false == bAdminUser) { if (userRoleDT == null) { userRoleDT = SecurityCheck.GetUserApplicationsRoles(LogOnUserInfo.UserLogOnName, UserValueType.LogonName, RightMaskType.Self, DelegationMaskType.Original).Tables[0]; } if (appFuncDT == null) { string roleIDs = "''"; foreach (DataRow row in userRoleDT.Rows) { roleIDs += string.Format(",'{0}'", row["ID"]); } strSQL = string.Format(@"SELECT A.CODE_NAME APP_CODE_NAME, F.CODE_NAME FUN_CODE_NAME FROM ROLES R INNER JOIN APPLICATIONS A ON R.APP_ID = A.ID INNER JOIN ROLE_TO_FUNCTIONS RF ON R.ID = RF.ROLE_ID INNER JOIN FUNCTIONS F ON RF.FUNC_ID = F.ID WHERE R.ID IN ({0})" , roleIDs); appFuncDT = InnerCommon.ExecuteDataset(strSQL).Tables[0]; } //显示服务范围结点 if (appFuncDT.Select(string.Format("[APP_CODE_NAME]= '{0}' AND [FUN_CODE_NAME] IN ( 'ADD_SCOPE_FUNC','DELETE_SCOPE_FUNC' )", appCodeName)).Length > 0) { XmlHelper.AppendNode(xNode, "APP_SCOPES", "True"); } else { XmlHelper.AppendNode(xNode, "APP_SCOPES", "False"); } //显示自授权结点 if (appFuncDT.Select(string.Format("[APP_CODE_NAME]= '{0}' AND [FUN_CODE_NAME] IN ( 'SELF_MAINTAIN_FUNC' )", appCodeName)).Length > 0) { XmlHelper.AppendNode(xNode, "SELF_MAINTAIN_FUNC", "True"); } else { XmlHelper.AppendNode(xNode, "SELF_MAINTAIN_FUNC", "False"); } //显示应用角色结点 if (appFuncDT.Select(string.Format("[APP_CODE_NAME]= '{0}' AND [FUN_CODE_NAME] IN ( 'MODIFY_SCOPE_FUNC','ADD_ROLE_FUNC','DELETE_ROLE_FUNC','MODIFY_ROLE_FUNC','ADD_OBJECT_FUNC','DELETE_OBJECT_FUNC','MODIFY_OBJECT_FUNC' )", appCodeName)).Length > 0) { XmlHelper.AppendNode(xNode, "APP_ROLES", "True"); } else { XmlHelper.AppendNode(xNode, "APP_ROLES", "False"); } //显示应用功能结点 if (appFuncDT.Select(string.Format("[APP_CODE_NAME]= '{0}' AND [FUN_CODE_NAME] IN ( 'ADD_FUNCTION_FUNC','DELETE_FUNCTION_FUNC','MODIFY_FUNCTION_FUNC','RTF_MAINTAIN_FUNC' )", appCodeName)).Length > 0) { XmlHelper.AppendNode(xNode, "APP_FUNCTIONS", "True"); } else { XmlHelper.AppendNode(xNode, "APP_FUNCTIONS", "False"); } } else { XmlHelper.AppendNode(xNode, "APP_SCOPES", "True"); XmlHelper.AppendNode(xNode, "SELF_MAINTAIN_FUNC", "True"); XmlHelper.AppendNode(xNode, "APP_ROLES", "True"); XmlHelper.AppendNode(xNode, "APP_FUNCTIONS", "True"); } } } }