public void RevokePermission(operation mOperation, objectRbac mObject, role mRole)
{
role TempRole = Mapping(mRole);
if (TempRole == null)
{
throw new Exception("Role Does not exist in system.");
}
objectRbac tempObject = Mapping(mObject);
operation tempOperation = Mapping(mOperation);
if (tempOperation == null || tempObject == null)
{
return;
}
//Grant permission
string hsql = "from permission per where per.ObjectRBAC = :ObjectRBAC AND per.Operation = :Operation ";
List <permission> _lst = PermissionSrv.GetbyHQuery(hsql, new SQLParam("ObjectRBAC", tempObject), new SQLParam("ObjectRBAC", tempOperation));
permission TempPermission = (_lst == null || _lst.Count == 0) ? null : _lst[0];
if (TempPermission != null)
{
if (TempRole.Permissions.Contains(TempPermission))
{
TempRole.Permissions.Remove(TempPermission);
RoleSrv.CommitChanges();
}
}
}
public void UnInstallObject(string mObject)
{
if (_App == null)
{
return;
}
IoperationService OperationSrv = new operationService(SessionFactoryConfigPath);
IobjectService ObjectSrv = new objectService(SessionFactoryConfigPath);
IpermissionService PermissionSrv = new permissionService(SessionFactoryConfigPath);
objectRbac tempObject = ObjectSrv.GetByName(mObject, _App.AppID);
if (tempObject == null)
{
return;
}
string HQL = "from permission per where per.ObjectRBAC = :ObjectRBAC";
IList <permission> PerList = PermissionSrv.GetbyHQuery(HQL, new SQLParam("ObjectRBAC", tempObject));
foreach (permission per in PerList)
{
per.Roles.Clear();
PermissionSrv.Delete(per);
}
ObjectSrv.Delete(tempObject);
ObjectSrv.CommitChanges();
}
public void GrantPermission(string mObject, string mOperation, string[] mRoles)
{
if (_App == null)
{
return;
}
string HQL = "from role r where r.AppID = :AppID AND r.name in ({0})";
string ParaStr = ":" + string.Join(",:", mRoles);
HQL = string.Format(HQL, ParaStr);
SQLParam[] paramList = new SQLParam[mRoles.Length + 1];
paramList[0] = new SQLParam("AppID", _App.AppID);
for (int i = 0; i < mRoles.Length; i++)
{
paramList[i + 1] = new SQLParam(mRoles[i], mRoles[i]);
}
List <role> RoleLst = RoleSrv.GetbyHQuery(HQL, paramList);
if (RoleLst == null || RoleLst.Count == 0)
{
return;
}
//Grant permission
permission TempPermission = PermissionSrv.GetPermission(mObject, mOperation, _App.AppID);
if (TempPermission == null)
{
objectRbac tempObject = ObjectSrv.GetByName(mObject, _App.AppID);
operation tempOperation = OperationSrv.GetByName(mOperation, _App.AppID);
if (tempObject == null || tempOperation == null)
{
return;
}
TempPermission = new permission();
TempPermission.AppID = _App.AppID;
TempPermission.name = tempObject.name + ":" + tempOperation.name;
TempPermission.ObjectRBAC = tempObject;
TempPermission.Operation = tempOperation;
TempPermission.Roles = new List <role>();
foreach (role r in RoleLst)
{
TempPermission.Roles.Add(r);
}
PermissionSrv.CreateNew(TempPermission);
PermissionSrv.CommitChanges();
}
else
{
foreach (role r in RoleLst)
{
if (!TempPermission.Roles.Contains(r))
{
TempPermission.Roles.Add(r);
}
}
PermissionSrv.CommitChanges();
}
}
public void DeleteObject(objectRbac mObject)
{
objectRbac tempObject = Mapping(mObject);
if (tempObject != null)
{
ObjectSrv.Delete(tempObject);
}
ObjectSrv.CommitChanges();
}
public IList <operation> GetOperationsOnRoleObject(string mRole, string mObject)
{
if (_App == null)
{
return(null);
}
role TempRole = RoleSrv.GetByName(mRole, _App.AppID);
objectRbac TempObject = ObjectSrv.GetByName(mObject, _App.AppID);
return((from per in TempRole.Permissions where (per.ObjectRBAC == TempObject) select per.Operation).ToList <operation>());
}
public IList <operation> RoleOperationsOnObject(role mRole, objectRbac mObject)
{
role TempRole = Mapping(mRole);
objectRbac TempObject = Mapping(mObject);
if (TempRole.AppID != App.AppID || TempObject.AppID != App.AppID)
{
return(null);
}
return((from per in TempRole.Permissions where (per.ObjectRBAC == TempObject) select per.Operation).ToList <operation>());
}
public IList <operation> GetOperationsOnRoleObject(string mRole, string mObject)
{
if (_App == null)
{
return(null);
}
IobjectService ObjectSrv = new objectService(SessionFactoryConfigPath);
IroleService RoleSrv = new roleService(SessionFactoryConfigPath);
role TempRole = RoleSrv.GetByName(mRole, _App.AppID);
objectRbac TempObject = ObjectSrv.GetByName(mObject, _App.AppID);
return((from per in TempRole.Permissions where (per.ObjectRBAC == TempObject) select per.Operation).ToList <operation>());
}
private objectRbac Mapping(objectRbac mObject)
{
objectRbac tempObject;
if (mObject.objectid > 0)
{
tempObject = ObjectSrv.Getbykey(mObject.objectid);
}
else
{
tempObject = ObjectSrv.GetByName(mObject.name, App.AppID);
}
return(tempObject);
}
public IList <operation> UserOperationsOnObject(user mUser, objectRbac mObject)
{
IList <operation> _ret = new List <operation>();
objectRbac TempObject = Mapping(mObject);
IList <role> Role_Lst = AuthorizedRoles(mUser);
foreach (role r in Role_Lst)
{
List <operation> operationLst = (from per in r.Permissions where (per.ObjectRBAC == TempObject) select per.Operation).ToList <operation>();
foreach (operation op in operationLst)
{
if (!_ret.Contains(op))
{
_ret.Add(op);
}
}
}
return(_ret);
}
public void GrantPermission(objectRbac mObject, operation mOperation, role mRole)
{
role TempRole = Mapping(mRole);
if (TempRole == null)
{
throw new Exception("Role Does not exist in system.");
}
objectRbac tempObject = Mapping(mObject);
operation tempOperation = Mapping(mOperation);
//Grant permission
string hsql = "from permission per where per.ObjectRBAC = :ObjectRBAC AND per.Operation = :Operation ";
List <permission> _lst = PermissionSrv.GetbyHQuery(hsql, new SQLParam("ObjectRBAC", tempObject), new SQLParam("ObjectRBAC", tempOperation));
permission TempPermission = (_lst == null || _lst.Count == 0) ? null : _lst[0];
if (TempPermission == null)
{
TempPermission = new permission();
TempPermission.AppID = App.AppID;
TempPermission.name = tempObject.name + ":" + tempOperation.name;
TempPermission.ObjectRBAC = tempObject;
TempPermission.Operation = tempOperation;
PermissionSrv.CreateNew(TempPermission);
TempRole.Permissions.Add(TempPermission);
RoleSrv.CommitChanges();
}
else
{
if (!TempRole.Permissions.Contains(TempPermission))
{
TempRole.Permissions.Add(TempPermission);
RoleSrv.CommitChanges();
}
}
}
public ActionResult UpdateObj(ObjectView obj)
{
if (ModelState.IsValid)
{
var checkname = _iService.Query.FirstOrDefault(x => x.name.ToUpper() == obj.name.ToUpper());
if (checkname == null || checkname.objectid == obj.objectid)
{
try
{
objectRbac p = new objectRbac();
p = _iService.Getbykey(obj.objectid);
p.name = obj.name.Trim();
var _nhomcn_object = _INHOMCHUCNANG_OBJECTService.Getbykey(obj.objectid);
_nhomcn_object.NHOMCHUCNANGID = obj.nhomchucnangid;
_iService.BeginTran();
_INHOMCHUCNANG_OBJECTService.Update(_nhomcn_object);
_iService.Update(p);
_iService.CommitTran();
_iLogSystemService.CreateNew(HttpContext.User.Identity.Name, "Cập nhật chức năng", "Thực hiện chức năng cập nhật chức năng", Helper.GetIPAddress.GetVisitorIPAddress(), HttpContext.Request.Browser.Browser);
}
catch (Exception e)
{
_iService.RolbackTran();
ViewData["EditError"] = e.Message;
}
}
else
{
ViewData["EditError"] = "Tên đã tồn tại, xin chọn tên khác!";
}
}
else
{
ViewData["EditError"] = "Bạn phải nhập đầy đủ thông tin!";
}
return(PartialView("ObjectPartial", GetAllObjectView()));
}
public void InstallObject(string mObject, string[] mOperations)
{
if (_App == null)
{
return;
}
IoperationService OperationSrv = new operationService(SessionFactoryConfigPath);
IobjectService ObjectSrv = new objectService(SessionFactoryConfigPath);
IpermissionService PermissionSrv = new permissionService(SessionFactoryConfigPath);
objectRbac tempObject = ObjectSrv.GetByName(mObject, _App.AppID);
if (tempObject != null)
{
return;
}
tempObject = new objectRbac();
tempObject.AppID = _App.AppID;
tempObject.name = mObject;
ObjectSrv.CreateNew(tempObject);
foreach (string ope in mOperations)
{
operation TempOpe = OperationSrv.GetByName(ope, _App.AppID);
if (TempOpe == null)
{
TempOpe = new operation();
TempOpe.name = ope;
TempOpe.AppID = _App.AppID;
OperationSrv.CreateNew(TempOpe);
}
permission TempPermission = new permission();
TempPermission.AppID = _App.AppID;
TempPermission.name = tempObject.name + ":" + TempOpe.name;
TempPermission.ObjectRBAC = tempObject;
TempPermission.Operation = TempOpe;
PermissionSrv.CreateNew(TempPermission);
}
PermissionSrv.CommitChanges();
}
public ActionResult AddNewPms(ObjectPermission obpms)
{
if (ModelState.IsValid && Session["MultiType"] != null)
{
var checkPermissionInObject =
_iPMSService.Query.Where(m => m.ObjectRBAC.objectid == obpms.ObjectId)
.Select(n => n.permissionid)
.ToList();
int count = checkPermissionInObject.Count;
if (count < 8)
{
var checkname = _iPMSService.Query.FirstOrDefault(x => x.name.ToUpper() == obpms.PmsName.ToUpper());
if (checkname == null)
{
try
{
objectRbac objRb = new objectRbac();
objRb.objectid = obpms.ObjectId;
permission p = new permission();
p.AppID = 1;
p.name = obpms.PmsName.Trim();
p.Description = obpms.DesPms.Trim();
p.ObjectRBAC = objRb;
var Type_pms = new TYPE_PERMISSION();
string TYPE_PERMISSIONMULTI = Session["MultiType"].ToString();
_iPMSService.BeginTran();
_iPMSService.CreateNew(p);
Type_pms.PERMISSIONID = p.permissionid;
Type_pms.TYPE_PERMISSIONMULTI = TYPE_PERMISSIONMULTI;
Type_pms.LOAI_PERMISSION = obpms.LoaiPermission;
_ITYPE_PERMISSIONService.CreateNew(Type_pms);
_iPMSService.CommitTran();
_iLogSystemService.CreateNew(HttpContext.User.Identity.Name, "Thêm mới tác vụ ", "Thực hiện chức năng thêm mới tác vụ", Helper.GetIPAddress.GetVisitorIPAddress(), HttpContext.Request.Browser.Browser);
}
catch (Exception e)
{
_iPMSService.RolbackTran();
ViewData["EditError"] = e.Message;
}
}
else
{
ViewData["EditError"] = "Tên đã tồn tại, xin chọn tên khác!";
}
}
else
{
ViewData["EditError"] = "Một chức năng chỉ chứa tối đa 8 tác vụ, nhóm hiện đã có 8 tác vụ, vui lòng chọn chức năng khác!";
}
}
else
{
ViewData["EditError"] = "Bạn phải nhập đầy đủ thông tin";
}
Session["MultiType"] = null;
Session["MultiTypeCheckEdit"] = null;
return(PartialView("PERMISSIONPartial", GetAllPms()));
}
public ActionResult UpdatePms(ObjectPermission obpms)
{
if ((ModelState.IsValid && Session["MultiTypeCheckEdit"] == null) || (ModelState.IsValid && Session["MultiType"] != null))
{
var checkPermissionInObject =
_iPMSService.Query.Where(m => m.ObjectRBAC.objectid == obpms.ObjectId)
.Select(n => n.permissionid)
.ToList();
int count = checkPermissionInObject.Count;
if (count <= 8)
{
var checkname = _iPMSService.Query.FirstOrDefault(x => x.name.ToUpper() == obpms.PmsName.ToUpper());
if (checkname == null || checkname.permissionid == obpms.PermissionId)
{
try
{
objectRbac objRecord = new objectRbac();
objRecord.objectid = obpms.ObjectId;
permission p = new permission();
p = _iPMSService.Getbykey(obpms.PermissionId);
p.name = obpms.PmsName.Trim();
p.Description = obpms.DesPms.Trim();
p.ObjectRBAC = objRecord;
_iPMSService.BeginTran();
if (Session["MultiType"] != null)
{
var Type_pms = _ITYPE_PERMISSIONService.Getbykey(obpms.PermissionId);
string TYPE_PERMISSIONMULTI = Session["MultiType"].ToString();
Type_pms.TYPE_PERMISSIONMULTI = TYPE_PERMISSIONMULTI;
var listrole = _iroleService.Query.Where(m => m.Permissions.Any(n => n.permissionid == obpms.PermissionId));
foreach (var item in listrole)
{
var typerole = _iTypeRoleService.Query.FirstOrDefault(m => m.ROLE_ID == item.roleid) != null?_iTypeRoleService.Query.FirstOrDefault(m => m.ROLE_ID == item.roleid).TYPE : -1;
if (!(TYPE_PERMISSIONMULTI.Contains(typerole + "")))
{
IList <permission> listtam = item.Permissions;
var bientam_PMS = listtam.FirstOrDefault(m => m.permissionid == obpms.PermissionId);
listtam.Remove(bientam_PMS);
item.Permissions = listtam;
_iroleService.Update(item);
}
}
_ITYPE_PERMISSIONService.Update(Type_pms);
}
_iPMSService.Update(p);
_iPMSService.CommitTran();
_iLogSystemService.CreateNew(HttpContext.User.Identity.Name, "Cập nhật tác vụ ", "Thực hiện chức năng cập nhật tác vụ", Helper.GetIPAddress.GetVisitorIPAddress(), HttpContext.Request.Browser.Browser);
}
catch (Exception e)
{
_iPMSService.RolbackTran();
ViewData["EditError"] = e.Message;
}
}
else
{
ViewData["EditError"] = "Tên đã tồn tại, xin chọn tên khác!";
}
}
else
{
ViewData["EditError"] = "Một chức năng chỉ chứa tối đa 8 tác vụ, nhóm hiện đã có 8 tác vụ, vui lòng chọn chức năng khác!";
}
}
else
{
ViewData["EditError"] = "Bạn phải nhập đầy đủ thông tin";
}
Session["MultiType"] = null;
Session["MultiTypeCheckEdit"] = null;
return(PartialView("PERMISSIONPartial", GetAllPms()));
}
public void AddObject(objectRbac mObject)
{
mObject.AppID = App.AppID;
ObjectSrv.CreateNew(mObject);
}
public bool CheckAccess(session mSession, operation mOperation, objectRbac mObject)
{
throw new Exception("This method have not Implement.");
}
public Applications CreateNewApplication(string AppName, string AppDescription, string AppUrl, string username, string password)
{
Applications TempApp = GetByName(AppName);
if (TempApp != null)
{
throw new Exception("This Application is exist.");
}
userService UserSrv = new userService(SessionFactoryConfigPath);
roleService RoleSrv = new roleService(SessionFactoryConfigPath);
objectService ObjectSrv = new objectService(SessionFactoryConfigPath);
operationService OperationSrv = new operationService(SessionFactoryConfigPath);
permissionService PermitSrv = new permissionService(SessionFactoryConfigPath);
TempApp = new Applications();
TempApp.AppName = AppName;
TempApp.Description = AppDescription;
TempApp.URL = AppUrl;
user TemUser = UserSrv.GetByName(username);
if (TemUser != null)
{
throw new Exception("Root User is Exist in other Applications");
}
TemUser = new user();
TemUser.username = username;
TemUser.password = password;
role TemRole = new role();
TemRole.name = role.RootRole;
objectRbac TempObject = new objectRbac();
TempObject.name = objectRbac.Default;
operation TempOpe = new operation();
TempOpe.name = operation.Default;
TempOpe.canread = true;
permission TemPermission = new permission();
TemPermission.name = permission.Default;
//begin transaction
TempApp = CreateNew(TempApp);
TempObject.AppID = TempApp.AppID;
TempObject = ObjectSrv.CreateNew(TempObject);
TempOpe.AppID = TempApp.AppID;
TempOpe = OperationSrv.CreateNew(TempOpe);
TemPermission.AppID = TempApp.AppID;
TemPermission.ObjectRBAC = TempObject;
TemPermission.Operation = TempOpe;
TemPermission = PermitSrv.CreateNew(TemPermission);
TemRole.Permissions = new List <permission>();
TemRole.Permissions.Add(TemPermission);
TemRole.AppID = TempApp.AppID;
TemRole = RoleSrv.CreateNew(TemRole);
TemUser.ApplicationList = new List <Applications>();
TemUser.ApplicationList.Add(TempApp);
TemUser.Roles = new List <role>();
TemUser.Roles.Add(TemRole);
TemUser = UserSrv.CreateNew(TemUser);
CommitChanges();
return(TempApp);
}
public permission AddPermission(objectRbac mObject, operation mOperation, string PermissionName)
{
throw new Exception("This method have not Implement.");
}
