//====================================================================================== public bool Can(User my, TA2 action, int targetUserID, int lastEditUserID, out NoPermissionType reason) { bool result; //目标从未修改,或者目标被修改过,且是本人修改的 if (targetUserID == lastEditUserID || lastEditUserID == my.UserID) { result = Can(my, action, targetUserID, out reason); } //目标被修改过,且不是本人修改的 else { NoPermissionType tempReason; result = Can(my, action, lastEditUserID, out tempReason); if (result == false) { if (tempReason == NoPermissionType.NoPermission) { reason = NoPermissionType.NoPermission; } else { reason = NoPermissionType.NoPermissionForLastEditor; } } else { reason = NoPermissionType.NoPermission; } } return(result); }
public bool Can(int operatorUserID, TA2 action, int targetUserID, out NoPermissionType reason) { User user = UserBO.Instance.GetUser(operatorUserID, GetUserOption.WithGuest); if (user == null) { reason = NoPermissionType.NoPermission; return(false); } return(Can(user, action, targetUserID, out reason)); }
/// <summary> /// 验证操作者是否具有编辑某条数据的权限 /// </summary> /// <param name="operatorID">操作者ID</param> /// <param name="dataOwnerID">数据所有者ID</param> /// <param name="lastEditorID">数据最后编辑者ID</param> /// <returns>操作者具有编辑权限则返回true否则返回false</returns> protected bool CheckEditPermission(int editorID, int dataOwnerID) { if (editorID == dataOwnerID) { return(true); //2009-07-09 喳喳鸟又说不判断最后编辑者了 Permission.Can(editorID, UseAction); } else { NoPermissionType reason = NoPermissionType.NoPermission; return(ManagePermission.Can(editorID, ManageAction, dataOwnerID, out reason)); } }
/// <summary> /// 验证操作者是否具有编辑某条数据的权限 /// </summary> /// <param name="operatorID">操作者ID</param> /// <param name="dataOwnerID">数据所有者ID</param> /// <param name="lastEditorID">数据最后编辑者ID</param> /// <returns>操作者具有编辑权限则返回true否则返回false</returns> protected bool CheckEditPermission(int editorID, int dataOwnerID, int lastEditorID) { if (editorID == dataOwnerID) //2009-07-09 喳喳鸟又说不判断最后编辑者了 && editorID == lastEditorID) { return(true); //2009-07-09 喳喳鸟又说不判断最后编辑者了 Permission.Can(editorID, UseAction); } else { /* 2009-0714 据喳喳鸟要求在没有专门给管理员编辑内容的页面前,不要提供让管理员编辑别人数据的功能*/ /*什么乱七八糟的,不懂。 注释的代码被我恢复了 wen*/ NoPermissionType reason = NoPermissionType.NoPermission; return(ManagePermission.Can(editorID, ManageAction, dataOwnerID, lastEditorID, out reason)); } }
public bool Can(User my, TA2 action, Role targetRole, out NoPermissionType reason) { reason = NoPermissionType.NoPermission; //如果是创始人,直接返回true if (my.IsOwner) { return(true); } //管理类权限而我不是管理员 if (IsManagement && my.IsManager == false) { return(false); } int actionIndex = GetActionValue(action); #region 检查权限的逻辑 Permission <TA1, TA2> permission; PermissionLimit limit; switch (Permissions.GetPermissionTargetType(actionIndex)) { case PermissionTargetType.Content: limit = AllSettings.Current.PermissionSettings.ContentPermissionLimit; break; case PermissionTargetType.User: limit = AllSettings.Current.PermissionSettings.UserPermissionLimit; break; default: throw new NotSupportedException("Action with target must defined 'PermissionSetWithTargetType'"); } Role operatorMaxRole = Role.Everyone; if (limit.LimitType != PermissionLimitType.Unlimited) { if (limit.LimitType != PermissionLimitType.ExcludeCustomRoles) { operatorMaxRole = my.MaxRole; } } bool allow = false; bool beforeCheck; foreach (UserRole userRole in my.Roles) { //不是管理员 if (IsManagement && userRole.Role.IsManager == false) { continue; } permission = Permissions.AlwaysGetPermission(userRole.RoleID); beforeCheck = BeforePermissionCheck(my, userRole.RoleID, action); if (CanSetDeny && beforeCheck && permission.IsDenyTA2(actionIndex)) { reason = NoPermissionType.NoPermission; return(false); } if (beforeCheck == false) { continue; } if (allow == false) { if (permission.IsAllowTA2(actionIndex)) { //有这个权限,开始判断对具体的这个用户组是否真的有权限 if (limit.LimitType == PermissionLimitType.Unlimited) { allow = true; } else if (limit.LimitType == PermissionLimitType.RoleLevelLowerMe) { if (operatorMaxRole > targetRole) { allow = true; } } else if (limit.LimitType == PermissionLimitType.RoleLevelLowerOrSameMe) { if (operatorMaxRole >= targetRole) { allow = true; } } else if (limit.LimitType == PermissionLimitType.ExcludeCustomRoles) { List <Guid> excludeRoleIds; if (limit.ExcludeRoles.TryGetValue(userRole.RoleID, out excludeRoleIds)) { if (excludeRoleIds != null) { //不能管理目标用户 if (excludeRoleIds.Contains(targetRole.RoleID)) { reason = NoPermissionType.NoPermissionForTargetUser; continue; } } } allow = true; } else { throw new NotSupportedException(); } //已经是有权限了,但对这个用户组没权限,那么可以立即返回false if (allow == false) { reason = NoPermissionType.NoPermissionForTargetUser; return(false); } //有权限,且对这个用户组也有权限,且本类型的权限没有“禁止”的情况,那么可以立即返回true else if (this.CanSetDeny == false) { return(true); } } } } #endregion if (allow) { reason = NoPermissionType.NoPermission; } return(allow); }