/// <summary> /// 添加特权 /// </summary> /// <param name="privilege"></param> public void AddPrivilege(Privilege privilege) { this.m_privileges.Add(privilege); }
/// <summary> /// 根据合并规则对指定特权进行合并 /// </summary> /// <param name="target"></param> internal void Merge(Privilege target) { foreach (Privilege current in this.m_privileges) { if (current.Name.Equals(target.Name, StringComparison.OrdinalIgnoreCase)) { if (target.Permission == PermissionType.INHERIT) { return; } switch (current.Permission) { case PermissionType.DEFAULT_ALLOW: if (target.Permission != PermissionType.DEFAULT_DENY) { current.Permission = target.Permission; } break; case PermissionType.DEFAULT_DENY: if (target.Permission != PermissionType.DEFAULT_ALLOW) { current.Permission = target.Permission; } break; case PermissionType.INHERIT: current.Permission = target.Permission; break; case PermissionType.ALLOW: if ((target.Permission == PermissionType.DENY) || (target.Permission == PermissionType.ENFORCE_ALLOW) || (target.Permission == PermissionType.ENFORCE_DENY)) { current.Permission = target.Permission; } break; case PermissionType.DENY: if ((target.Permission == PermissionType.ENFORCE_ALLOW) || (target.Permission == PermissionType.ENFORCE_DENY)) { current.Permission = target.Permission; } break; case PermissionType.ENFORCE_ALLOW: if (target.Permission == PermissionType.ENFORCE_DENY) { current.Permission = target.Permission; } break; case PermissionType.ENFORCE_DENY: break; default: break; } return; } } this.Privileges.Add(target); }
/// <summary> /// 查询满足给定权限的用户集合(使用动态权限查询,仅查询有效的用户) /// </summary> /// <param name="privilege"></param> /// <returns></returns> public IList<Account> SelectAccountsByPrivilege(Privilege privilege) { Check.Require(privilege != null); IList<Account> accounts = new List<Account>(); foreach (Account account in this.AccountDao.SelectAllEnabled()) { PrivilegeGroup privilegeGroup = this.GetDynamicPrivileges(account); foreach (Privilege toTest in privilegeGroup.Privileges) { if (string.Equals(toTest.Name, privilege.Name, StringComparison.OrdinalIgnoreCase)) { if (toTest.Permission == privilege.Permission) { accounts.Add(account); } } } } return accounts; }