public static void ApplayRecordPermision(BPMConnection cn, JsonItemCollection items, string rsid, string tableName, string jsonitemKeyAttrName)
{
//获得资源上的记录级权限种类
UserResourcePermisionCollection resourcePerms = UserResourceSecurityManager.GetResourcePermisions(cn, rsid);
BPMObjectNameCollection permNames = new BPMObjectNameCollection();
foreach (UserResourcePermision resourcePerm in resourcePerms)
{
if (resourcePerm.PermType == UserResourcePermisionType.Record)
{
permNames.Add(resourcePerm.PermName);
}
}
//应用权限
foreach (JsonItem item in items)
{
string key = Convert.ToString(item.Attributes[jsonitemKeyAttrName]);
bool[] rv = RecordSecurityManager.CheckPermision(cn, tableName, key, permNames);
JsonItem jsonPerm = new JsonItem();
item.Attributes["perm"] = jsonPerm;
for (int i = 0; i < permNames.Count; i++)
{
jsonPerm.Attributes[permNames[i]] = rv[i];
}
}
}
public virtual JObject GetACL(HttpContext context)
{
YZRequest request = new YZRequest(context);
string rsid = request.GetString("rsid");
string table = request.GetString("table");
string key = request.GetString("key");
string datasource = request.GetString("datasource", null);
JObject rv = new JObject();
using (BPMConnection cn = new BPMConnection())
{
cn.WebOpen();
UserResource userResource = UserResource.Open(cn, rsid);
UserResourcePermisionCollection perms = UserResource.GetPermisions(cn, rsid);
RDACL acl = RecordSecurityManager.LoadACL(cn, table, key, datasource);
JArray jperms = new JArray();
rv["perms"] = jperms;
foreach (UserResourcePermision perm in perms)
{
if (perm.PermType != UserResourcePermisionType.Record)
{
continue;
}
JObject jperm = new JObject();
jperms.Add(jperm);
jperm["PermName"] = perm.PermName;
jperm["PermType"] = perm.PermType.ToString();
jperm["PermDisplayName"] = perm.PermDisplayName;
}
JObject jacl = new JObject();
rv["acl"] = jacl;
JArray jaces = new JArray();
jacl["aces"] = jaces;
URACECollection uraces = this.RDACEs2URACEs(acl.ACEs);
foreach (URACE ace in uraces)
{
//获得ACE角色的显示名
string displayName = ace.GetSIDDisplayName(cn);
if (String.IsNullOrEmpty(displayName))
{
continue;
}
JObject jace = JObject.FromObject(ace);
jaces.Add(jace);
jace["DisplayName"] = displayName;
}
}
return(rv);
}
public virtual void SaveResource(HttpContext context)
{
YZRequest request = new YZRequest(context);
string mode = request.GetString("mode");
JsonSerializer serializer = new JsonSerializer();
StreamReader reader = new StreamReader(context.Request.InputStream);
using (JsonTextReader streamReader = new JsonTextReader(reader))
{
JArray @params = serializer.Deserialize(streamReader) as JArray;
UserResource resource = @params[0].ToObject <UserResource>(serializer);
UserResourcePermisionCollection perms = @params[1].ToObject <UserResourcePermisionCollection>(serializer);
using (BPMConnection cn = new BPMConnection())
{
cn.WebOpen();
if (mode == "edit")
{
string rsid = request.GetString("rsid");
UserResource.Save(cn, rsid, resource, perms);
}
else
{
string parentRsid = request.GetString("parentRsid", null);
UserResource.SaveAs(cn, parentRsid, resource, perms);
}
}
}
}
public virtual JObject GetResourcePerms(HttpContext context)
{
YZRequest request = new YZRequest(context);
string rsid = request.GetString("rsid");
JObject rv = new JObject();
//获得数据
using (BPMConnection cn = new BPMConnection())
{
cn.WebOpen();
UserResource userResource = UserResource.Open(cn, rsid);
rv["ResourceName"] = userResource.ResourceName;
UserResourcePermisionCollection perms = UserResource.GetPermisions(cn, rsid);
URACL acl = UserResource.GetACL(cn, rsid);
JArray jperms = new JArray();
rv["perms"] = jperms;
foreach (UserResourcePermision perm in perms)
{
JObject jperm = JObject.FromObject(perm);
jperms.Add(jperm);
JArray jRoles = new JArray();
jperm["roles"] = jRoles;
BPMObjectNameCollection checkedSids = new BPMObjectNameCollection();
foreach (URACE ace in acl.ACEs)
{
if (checkedSids.Contains(ace.SID))
{
continue;
}
checkedSids.Add(ace.SID);
SecurityToken token = new SecurityToken();
token.SIDs.Add(ace.SID);
if (acl.HasPermision(token, perm.PermName))
{
JObject jRole = new JObject();
jRoles.Add(jRole);
jRole["Name"] = ace.GetSIDDisplayName(cn);
}
}
}
}
return(rv);
}
public virtual JObject GetACL(HttpContext context)
{
YZRequest request = new YZRequest(context);
string rsid = request.GetString("rsid");
JObject rv = new JObject();
using (BPMConnection cn = new BPMConnection())
{
cn.WebOpen();
UserResource userResource = UserResource.Open(cn, rsid);
UserResourcePermisionCollection perms = UserResource.GetPermisions(cn, rsid);
URACL acl = UserResource.GetACL(cn, rsid);
JArray jperms = new JArray();
rv["perms"] = jperms;
foreach (UserResourcePermision perm in perms)
{
JObject jperm = new JObject();
jperms.Add(jperm);
jperm["PermName"] = perm.PermName;
jperm["PermType"] = perm.PermType.ToString();
jperm["PermDisplayName"] = perm.PermDisplayName;
}
JObject jacl = new JObject();
rv["acl"] = jacl;
JArray jaces = new JArray();
jacl["aces"] = jaces;
foreach (URACE ace in acl.ACEs)
{
//获得ACE角色的显示名
string displayName = ace.GetSIDDisplayName(cn);
if (String.IsNullOrEmpty(displayName))
{
continue;
}
JObject jace = JObject.FromObject(ace);
jaces.Add(jace);
jace["DisplayName"] = displayName;
}
}
return(rv);
}
public static void ApplayPermision(BPMConnection cn, JsonItemCollection items)
{
for (int moduleIndex = 0; moduleIndex < items.Count; moduleIndex++)
{
JsonItem item = items[moduleIndex];
bool moduleExecute = true;
if (item.Attributes.ContainsKey("modulePerm"))
{
YZModulePermision perm = item.Attributes["modulePerm"] as YZModulePermision;
item.Attributes.Remove("modulePerm");
//检查模块权限
moduleExecute = UserResourceSecurityManager.CheckPermision(cn, perm.RSID, "Execute");
if (moduleExecute)
{
//获得模块config配置项
JsonItem config = null;
if (item.Attributes.ContainsKey("config"))
{
config = item.Attributes["config"] as JsonItem;
}
else
{
config = new JsonItem();
item.Attributes["config"] = config;
}
//在config配置项下建perm配置
JsonItem jsonPerm = new JsonItem();
config.Attributes["perm"] = jsonPerm;
//记录模块rsid
jsonPerm.Attributes["rsid"] = perm.RSID;
//生成工具条上的访问权限
if (perm.GenToolbarPermision)
{
//获得工具条上的模块级权限种类
UserResourcePermisionCollection resourcePerms = UserResourceSecurityManager.GetResourcePermisions(cn, perm.RSID);
BPMObjectNameCollection permNames = new BPMObjectNameCollection();
foreach (UserResourcePermision resourcePerm in resourcePerms)
{
if (resourcePerm.PermType == UserResourcePermisionType.Module)
{
permNames.Add(resourcePerm.PermName);
}
}
//记录工具条上的模块级权限许可情况
bool[] rv = UserResourceSecurityManager.CheckPermision(cn, perm.RSID, permNames);
for (int i = 0; i < permNames.Count; i++)
{
jsonPerm.Attributes[permNames[i]] = rv[i];
}
}
}
else
{
items.RemoveAt(moduleIndex);
moduleIndex--;
}
}
//此模块可见则检查子级
if (moduleExecute)
{
if (item.Attributes.ContainsKey("children"))
{
JsonItemCollection children = item.Attributes["children"] as JsonItemCollection;
if (children != null)
{
int allCount = children.Count;
ApplayPermision(cn, children);
if (allCount != 0 && children.Count == 0)
{
//item.Attributes["empty"] = true;
items.RemoveAt(moduleIndex);
moduleIndex--;
continue;
}
}
}
if (item.Attributes.ContainsKey("tabs"))
{
JsonItemCollection tabs = item.Attributes["tabs"] as JsonItemCollection;
if (tabs != null)
{
int allCount = tabs.Count;
ApplayPermision(cn, tabs);
if (allCount != 0 && tabs.Count == 0)
{
//item.Attributes["empty"] = true;
items.RemoveAt(moduleIndex);
moduleIndex--;
continue;
}
}
}
}
}
}
public static void ApplayPermision(BPMConnection cn, JArray items, bool userResource)
{
for (int moduleIndex = 0; moduleIndex < items.Count; moduleIndex++)
{
JObject item = items[moduleIndex] as JObject;
bool moduleExecute = true;
JToken token = item["modulePerm"];
if (token != null)
{
YZModulePermision perm = token.ToObject <YZModulePermision>();
item.Remove("modulePerm");
//检查模块权限
if (userResource)
{
moduleExecute = UserResource.CheckPermision(cn, perm.RSID, "Execute");
}
else
{
moduleExecute = SecurityManager.CheckPermision(cn, perm.RSID, BPMPermision.Execute);
}
if (moduleExecute)
{
//获得模块config配置项
JObject config = item["config"] as JObject;
if (config == null)
{
config = new JObject();
item["config"] = config;
}
//在config配置项下建perm配置
JObject jsonPerm = new JObject();
config["perm"] = jsonPerm;
//记录模块rsid
jsonPerm["rsid"] = perm.RSID;
//生成工具条上的访问权限
if (userResource)
{
if (perm.GenToolbarPermision)
{
//获得工具条上的模块级权限种类
UserResourcePermisionCollection resourcePerms = UserResource.GetPermisions(cn, perm.RSID);
BPMObjectNameCollection permNames = new BPMObjectNameCollection();
foreach (UserResourcePermision resourcePerm in resourcePerms)
{
if (resourcePerm.PermType == UserResourcePermisionType.Module)
{
permNames.Add(resourcePerm.PermName);
}
}
//记录工具条上的模块级权限许可情况
bool[] rv = UserResource.CheckPermision(cn, perm.RSID, permNames);
for (int i = 0; i < permNames.Count; i++)
{
jsonPerm[permNames[i]] = rv[i];
}
}
}
}
else
{
items.RemoveAt(moduleIndex);
moduleIndex--;
}
}
//此模块可见则检查子级
if (moduleExecute)
{
JArray children = item[YZJsonProperty.children] as JArray;
if (children != null)
{
int allCount = children.Count;
ApplayPermision(cn, children, userResource);
if (allCount != 0 && children.Count == 0)
{
//item.Attributes["empty"] = true;
items.RemoveAt(moduleIndex);
moduleIndex--;
continue;
}
}
JArray tabs = item["tabs"] as JArray;
if (tabs != null)
{
int allCount = tabs.Count;
ApplayPermision(cn, tabs, userResource);
if (allCount != 0 && tabs.Count == 0)
{
//item.Attributes["empty"] = true;
items.RemoveAt(moduleIndex);
moduleIndex--;
continue;
}
}
}
}
}
