/// <summary>
/// 用户角色关系是否有模块权限
/// </summary>
/// <param name="roleId">角色主键</param>
/// <param name="permissionItemCode">权限编号</param>
/// <returns>有角色权限</returns>
public bool CheckPermissionByRole(string roleId, string permissionItemCode)
{
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper, UserInfo);
string permissionItemId = permissionItemManager.GetProperty(new KeyValuePair <string, object>(BasePermissionItemEntity.FieldCode, permissionItemCode), BasePermissionItemEntity.FieldId);
// 判断当前判断的权限是否存在,否则很容易出现前台设置了权限,后台没此项权限
// 需要自动的能把前台判断过的权限,都记录到后台来
#if (DEBUG)
if (String.IsNullOrEmpty(permissionItemId))
{
BasePermissionItemEntity permissionItemEntity = new BasePermissionItemEntity();
permissionItemEntity.Code = permissionItemCode;
permissionItemEntity.FullName = permissionItemCode;
permissionItemEntity.ParentId = string.Empty;
permissionItemEntity.IsScope = 0;
permissionItemEntity.AllowDelete = 1;
permissionItemEntity.AllowEdit = 1;
permissionItemEntity.DeletionStateCode = 0;
permissionItemEntity.Enabled = 1;
// 这里是防止主键重复?
// permissionEntity.ID = BaseBusinessLogic.NewGuid();
permissionItemManager.AddEntity(permissionItemEntity);
}
else
{
// 更新最后一次访问日期,设置为当前服务器日期
SQLBuilder sqlBuilder = new SQLBuilder(DbHelper);
sqlBuilder.BeginUpdate(this.CurrentTableName);
sqlBuilder.SetDBNow(BasePermissionItemEntity.FieldLastCall);
sqlBuilder.SetWhere(BasePermissionItemEntity.FieldId, permissionItemId);
sqlBuilder.EndUpdate();
}
#endif
if (string.IsNullOrEmpty(permissionItemId))
{
return(false);
}
string sqlQuery = " SELECT COUNT(*) "
+ " FROM " + this.CurrentTableName
+ " WHERE " + "(" + BasePermissionEntity.FieldResourceCategory + " = '" + BaseRoleEntity.TableName + "') "
+ " AND (" + BasePermissionEntity.FieldEnabled + " = 1) "
+ " AND (" + BasePermissionEntity.FieldResourceId + " = '" + roleId + "' ) "
+ " AND (" + BasePermissionEntity.FieldPermissionItemId + " = '" + permissionItemId + "') ";
int rowCount = 0;
object returnObject = DbHelper.ExecuteScalar(sqlQuery);
if (returnObject != null)
{
rowCount = int.Parse(returnObject.ToString());
}
return(rowCount > 0);
}
public new string GetIdByCode(string permissionItemCode)
{
string tableName = BasePermissionScopeEntity.TableName;
if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
{
tableName = BaseSystemInfo.SystemCode + "PermissionItem";
}
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper, this.UserInfo, tableName);
// 这里应该是若不存在就自动加一个操作权限
return(permissionItemManager.GetIdByAdd(permissionItemCode));
}
/// <summary>
/// 用户角色关系是否有模块权限
/// </summary>
/// <param name="roleId">角色主键</param>
/// <param name="permissionItemCode">权限编号</param>
/// <returns>有角色权限</returns>
public bool CheckPermissionByRole(string roleId, string permissionItemCode)
{
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper, UserInfo);
string permissionItemId = permissionItemManager.GetProperty(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldCode, permissionItemCode), BasePermissionItemEntity.FieldId);
// 判断当前判断的权限是否存在,否则很容易出现前台设置了权限,后台没此项权限
// 需要自动的能把前台判断过的权限,都记录到后台来
#if (DEBUG)
if (String.IsNullOrEmpty(permissionItemId))
{
BasePermissionItemEntity permissionItemEntity = new BasePermissionItemEntity();
permissionItemEntity.Code = permissionItemCode;
permissionItemEntity.FullName = permissionItemCode;
permissionItemEntity.ParentId = string.Empty;
permissionItemEntity.IsScope = 0;
permissionItemEntity.AllowDelete = 1;
permissionItemEntity.AllowEdit = 1;
permissionItemEntity.DeletionStateCode = 0;
permissionItemEntity.Enabled = 1;
// 这里是防止主键重复?
// permissionEntity.ID = BaseBusinessLogic.NewGuid();
permissionItemManager.AddEntity(permissionItemEntity);
}
else
{
// 更新最后一次访问日期,设置为当前服务器日期
SQLBuilder sqlBuilder = new SQLBuilder(DbHelper);
sqlBuilder.BeginUpdate(this.CurrentTableName);
sqlBuilder.SetDBNow(BasePermissionItemEntity.FieldLastCall);
sqlBuilder.SetWhere(BasePermissionItemEntity.FieldId, permissionItemId);
sqlBuilder.EndUpdate();
}
#endif
if (string.IsNullOrEmpty(permissionItemId))
{
return false;
}
string sqlQuery = " SELECT COUNT(*) "
+ " FROM " + this.CurrentTableName
+ " WHERE " + "(" + BasePermissionEntity.FieldResourceCategory + " = '" + BaseRoleEntity.TableName + "') "
+ " AND (" + BasePermissionEntity.FieldEnabled + " = 1) "
+ " AND (" + BasePermissionEntity.FieldResourceId + " = '" + roleId + "' ) "
+ " AND (" + BasePermissionEntity.FieldPermissionItemId + " = '" + permissionItemId + "') ";
int rowCount = 0;
object returnObject = DbHelper.ExecuteScalar(sqlQuery);
if (returnObject != null)
{
rowCount = int.Parse(returnObject.ToString());
}
return rowCount > 0;
}
/// <summary>
/// 判断用户是否有有相应的权限
/// </summary>
/// <param name="userId">用户主键</param>
/// <param name="permissionItemCode">权限编号</param>
/// <returns>有权限</returns>
public bool CheckPermission(string userId, string permissionItemCode)
{
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper);
string permissionItemId = permissionItemManager.GetIdByCode(permissionItemCode);
// 没有找到相应的权限
if (String.IsNullOrEmpty(permissionItemId))
{
return(false);
}
List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >();
parameters.Add(new KeyValuePair <string, object>(BasePermissionEntity.FieldResourceCategory, BaseUserEntity.TableName));
parameters.Add(new KeyValuePair <string, object>(BasePermissionEntity.FieldResourceId, userId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionEntity.FieldEnabled, "1"));
return(DbLogic.Exists(DbHelper, this.CurrentTableName, parameters));
}
/// <summary>
/// 添加操作权限
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="permissionCode">权限编号</param>
/// <returns>主键</returns>
public string AddPermission(BaseUserInfo userInfo, string permissionCode)
{
// 加强安全验证防止未授权匿名调用
#if (!DEBUG)
LogOnService.UserIsLogOn(userInfo);
#endif
string returnValue = string.Empty;
using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType))
{
try
{
dbHelper.Open(UserCenterDbConnection);
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(dbHelper, userInfo);
string statusCode = string.Empty;
BasePermissionItemEntity permissionItemEntity = new BasePermissionItemEntity();
permissionItemEntity.Code = permissionCode;
permissionItemEntity.Enabled = 1;
permissionItemEntity.AllowDelete = 1;
permissionItemEntity.AllowEdit = 1;
permissionItemEntity.IsScope = 0;
returnValue = permissionItemManager.Add(permissionItemEntity, out statusCode);
BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, AppMessage.MSG0091, MethodBase.GetCurrentMethod());
}
catch (Exception ex)
{
BaseExceptionManager.LogException(dbHelper, userInfo, ex);
throw ex;
}
finally
{
dbHelper.Close();
}
}
return returnValue;
}
/// <summary>
/// 获取委托列表
/// </summary>
/// <param name="permissionItemCode">操作权限编号</param>
/// <param name="userId">用户主键</param>
/// <returns>数据表</returns>
public DataTable GetAuthorizeDT(string permissionItemCode, string userId = null)
{
if (userId == null)
{
userId = this.UserInfo.Id;
}
// 获取别人委托我的列表
string permissionItemId = string.Empty;
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(this.UserInfo);
permissionItemId = permissionItemManager.GetIdByCode(permissionItemCode);
BasePermissionScopeManager permissionScopeManager = new BasePermissionScopeManager(this.UserInfo);
string[] names = new string[]{
BasePermissionScopeEntity.FieldDeletionStateCode
, BasePermissionScopeEntity.FieldEnabled
, BasePermissionScopeEntity.FieldResourceCategory
, BasePermissionScopeEntity.FieldPermissionItemId
, BasePermissionScopeEntity.FieldTargetCategory
, BasePermissionScopeEntity.FieldTargetId};
Object[] values = new Object[] { 0, 1, BaseUserEntity.TableName, permissionItemId, BaseUserEntity.TableName, userId };
// 排除过期的,此方法有性能问题,已经放到后台的Sql中处理。 comment by zgl on 2011-10-27
//DataTable dt = permissionScopeManager.GetDataTable(names, values);
//for (int i = 0; i < dt.Rows.Count; i++)
//{
// if (!string.IsNullOrEmpty(dt.Rows[i][BasePermissionScopeEntity.FieldEndDate].ToString()))
// {
// // 过期的不显示
// if (DateTime.Parse(dt.Rows[i][BasePermissionScopeEntity.FieldEndDate].ToString()).Date < DateTime.Now.Date)
// {
// dt.Rows.RemoveAt(i);
// // dt 行数会减少
// i--;
// }
// }
//}
//排除过期的,已经放到后台的Sql中处理。
DataTable dt = permissionScopeManager.GetAuthoriedList(BaseUserEntity.TableName, permissionItemId, BaseUserEntity.TableName, userId);
string[] userIds = BaseBusinessLogic.FieldToArray(dt, BasePermissionScopeEntity.FieldResourceId);
BaseUserManager userManager = new BaseUserManager(this.UserInfo);
return userManager.GetDataTable(userIds);
}
/// <summary>
/// 是否有相应的权限
/// </summary>
/// <param name="userId">用户主键</param>
/// <param name="permissionItemCode">权限编号</param>
/// <returns>是否有权限</returns>
public bool IsModuleAuthorized(string userId, string moduleCode, string permissionItemCode)
{
BaseModuleManager moduleManager = new BaseModuleManager(DbHelper);
string moduleId = moduleManager.GetIdByCode(moduleCode);
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper);
string permissionItemId = permissionItemManager.GetIdByCode(permissionItemCode);
// 判断员工权限
if (this.CheckUserModulePermission(userId, moduleId, permissionItemId))
{
return true;
}
// 判断员工角色权限
if (this.CheckRoleModulePermission(userId, moduleId, permissionItemId))
{
return true;
}
return false;
}
/// <summary>
/// 按某个权限获取员工 Sql
/// </summary>
/// <param name="managerUserId">管理用户主键</param>
/// <param name="permissionItemCode">权限编号</param>
/// <returns>Sql</returns>
public string GetUserIdsSql(string managerUserId, string permissionItemCode)
{
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper);
string permissionItemId = permissionItemManager.GetIdByCode(permissionItemCode);
string sqlQuery = string.Empty;
// 直接管理的用户
sqlQuery = " SELECT BasePermissionScope.TargetId AS " + BaseBusinessLogic.FieldId
+ " FROM BasePermissionScope "
+ " WHERE (BasePermissionScope.TargetCategory = '" + BaseUserEntity.TableName + "'"
+ " AND BasePermissionScope.ResourceId = '" + managerUserId + "'"
+ " AND BasePermissionScope.ResourceCategory = '" + BaseUserEntity.TableName + "'"
+ " AND BasePermissionScope.PermissionId = '" + permissionItemId + "'"
+ " AND BasePermissionScope.TargetId IS NOT NULL) ";
// 被管理部门的列表
string[] organizeIds = this.GetOrganizeIds(managerUserId, permissionItemCode, false);
if (organizeIds != null && organizeIds.Length > 0)
{
// 是否仅仅是自己的还有点儿问题
if (StringUtil.Exists(organizeIds, ((int)PermissionScope.User).ToString()))
{
sqlQuery += " UNION SELECT '" + this.UserInfo.Id + "' AS Id ";
}
else
{
string organizes = BaseBusinessLogic.ObjectsToList(organizeIds);
if (!String.IsNullOrEmpty(organizes))
{
// 被管理的组织机构包含的用户,公司、部门、工作组
// sqlQuery += " UNION "
// + " SELECT " + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldUserId + " AS " + BaseBusinessLogic.FieldId
// + " FROM " + BaseStaffEntity.TableName
// + " WHERE (" + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldCompanyId + " IN (" + organizes + ") "
// + " OR " + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldDepartmentId + " IN (" + organizes + ") "
// + " OR " + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldWorkgroupId + " IN (" + organizes + ")) ";
sqlQuery += " UNION "
+ " SELECT " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldId + " AS " + BaseBusinessLogic.FieldId
+ " FROM " + BaseUserEntity.TableName
+ " WHERE (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldDeletionStateCode + " = 0 ) "
+ " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldEnabled + " = 1 ) "
+ " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldCompanyId + " IN (" + organizes + ") "
+ " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldSubCompanyId + " IN (" + organizes + ") "
+ " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldDepartmentId + " IN (" + organizes + ") "
+ " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldWorkgroupId + " IN (" + organizes + ")) ";
}
}
}
// 被管理角色列表
string[] roleIds = this.GetRoleIds(managerUserId, permissionItemCode);
if (roleIds.Length > 0)
{
string roles = BaseBusinessLogic.ObjectsToList(roleIds);
if (!String.IsNullOrEmpty(roles))
{
// 被管理的角色包含的员工
sqlQuery += " UNION "
+ " SELECT " + BaseUserRoleEntity.TableName + "." + BaseUserRoleEntity.FieldUserId + " AS " + BaseBusinessLogic.FieldId
+ " FROM " + BaseUserRoleEntity.TableName
+ " WHERE (" + BaseUserRoleEntity.TableName + "." + BaseUserRoleEntity.FieldEnabled + " = 1 "
+ " AND " + BaseUserRoleEntity.TableName + "." + BaseUserRoleEntity.FieldDeletionStateCode + " = 0 "
+ " AND " + BaseUserRoleEntity.TableName + "." + BaseUserRoleEntity.FieldRoleId + " IN (" + roles + ")) ";
}
}
return sqlQuery;
}
/// <summary>
/// 用户的所有可授权范围(有授权权限的权限列表)
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="userId">用户主键</param>
/// <param name="permissionItemCode">权限域编号</param>
/// <returns>数据表</returns>
public DataTable GetPermissionItemDTByPermissionScope(BaseUserInfo userInfo, string userId, string permissionItemCode)
{
// 写入调试信息
#if (DEBUG)
int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod());
#endif
// 加强安全验证防止未授权匿名调用
#if (!DEBUG)
LogOnService.UserIsLogOn(userInfo);
#endif
DataTable dataTable = new DataTable(BasePermissionItemEntity.TableName);
using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType))
{
try
{
dbHelper.Open(UserCenterDbConnection);
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(dbHelper, userInfo);
string permissionItemId = permissionItemManager.GetId(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldCode, permissionItemCode));
// 数据库里没有设置可授权的权限项,系统自动增加一个权限配置项
if (String.IsNullOrEmpty(permissionItemId) && permissionItemCode.Equals("Resource.ManagePermission"))
{
BasePermissionItemEntity permissionItemEntity = new BasePermissionItemEntity();
permissionItemEntity.Code = "Resource.ManagePermission";
permissionItemEntity.FullName = "资源管理范围权限(系统默认)";
permissionItemEntity.IsScope = 1;
permissionItemEntity.Enabled = 1;
permissionItemEntity.AllowDelete = 0;
permissionItemEntity.AllowDelete = 0;
permissionItemManager.AddEntity(permissionItemEntity);
}
dataTable = permissionItemManager.GetDataTableByUser(userId, permissionItemCode);
dataTable.TableName = BasePermissionItemEntity.TableName;
BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, AppMessage.PermissionService_GetPermissionItemDTByPermission, MethodBase.GetCurrentMethod());
}
catch (Exception ex)
{
BaseExceptionManager.LogException(dbHelper, userInfo, ex);
throw ex;
}
finally
{
dbHelper.Close();
}
}
// 写入调试信息
#if (DEBUG)
BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart);
#endif
return dataTable;
}
/// <summary>
/// 获取约束条件(所有的约束)
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="resourceCategory">资源类别</param>
/// <param name="resourceId">资源主键</param>
/// <returns>数据表</returns>
public DataTable GetConstraintDT(string resourceCategory, string resourceId, string permissionCode = "Resource.AccessPermission")
{
DataTable dataTable = new DataTable(BaseTableColumnsEntity.TableName);
/*
-- 这里是都有哪些表?
SELECT ItemValue, ItemName
FROM ItemsTablePermissionScope
WHERE (DeletionStateCode = 0)
AND (Enabled = 1)
ORDER BY ItemsTablePermissionScope.SortCode
*/
/*
-- 这里是都有有哪些表达式
SELECT Id, TargetId, PermissionConstraint -- 对什么表有什么表达式?
FROM BasePermissionScope
WHERE (ResourceId = 10000000)
AND (ResourceCategory = 'BaseRole') -- 什么角色?
AND (TargetId = 'BaseUser')
AND (TargetCategory = 'Table')
AND (PermissionId = 10000001) -- 有什么权限?(资源访问权限)
AND (DeletionStateCode = 0)
AND (Enabled = 1)
*/
string permissionId = string.Empty;
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(this.UserInfo);
permissionId = permissionItemManager.GetIdByAdd(permissionCode);
string sqlQuery = @" SELECT BasePermissionScope.Id
, ItemsTablePermissionScope.ItemValue AS TableCode
, ItemsTablePermissionScope.ItemName AS TableName
, BasePermissionScope.PermissionConstraint
, ItemsTablePermissionScope.SortCode
FROM (
SELECT ItemValue
, ItemName
, SortCode
FROM ItemsTablePermissionScope
WHERE (DeletionStateCode = 0)
AND (Enabled = 1)
) AS ItemsTablePermissionScope LEFT OUTER JOIN
(SELECT Id
, TargetId
, PermissionConstraint
FROM BasePermissionScope
WHERE (ResourceCategory = '" + resourceCategory + @"')
AND (ResourceId = " + resourceId + @")
AND (TargetCategory = 'Table')
AND (PermissionId = " + permissionId.ToString() + @")
AND (DeletionStateCode = 0)
AND (Enabled = 1)
) AS BasePermissionScope
ON ItemsTablePermissionScope.ItemValue = BasePermissionScope.TargetId
ORDER BY ItemsTablePermissionScope.SortCode ";
dataTable = this.Fill(sqlQuery);
dataTable.TableName = BaseTableColumnsEntity.TableName;
return dataTable;
}
public BasePermissionScopeEntity GetConstraintEntity(string resourceCategory, string resourceId, string tableName, string permissionCode = "Resource.AccessPermission")
{
BasePermissionScopeEntity entity = null;
string permissionId = string.Empty;
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(this.UserInfo);
permissionId = permissionItemManager.GetIdByAdd(permissionCode);
List<KeyValuePair<string, object>> parameters = new List<KeyValuePair<string, object>>();
parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldResourceCategory, resourceCategory));
parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldResourceId, resourceId));
parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldTargetCategory, "Table"));
parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldTargetId, tableName));
parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldPermissionItemId, permissionId));
parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldDeletionStateCode, 0));
// 1:先获取是否有这样的主键,若有进行更新操作。
BasePermissionScopeManager manager = new BasePermissionScopeManager(this.DbHelper, this.UserInfo);
DataTable dt = manager.GetDataTable(parameters);
if (dt.Rows.Count > 0)
{
entity = new BasePermissionScopeEntity(dt);
}
return entity;
}
/// <summary>
/// 操作权限列表
/// </summary>
/// <param name="moduleId">模块主键</param>
/// <returns>数据表</returns>
private DataTable GetPermissionItemDT(string moduleId)
{
string commandText = @" SELECT *
FROM BasePermissionItem
WHERE (Id IN
(SELECT PermissionId
FROM BasePermission
WHERE (ResourceId = '" + moduleId + @"')
AND (ResourceCategory = 'BaseModule')
AND (DeletionStateCode = 0)))
AND (Enabled = 1)
AND (DeletionStateCode = 0)
ORDER BY SortCode ";
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(this.UserInfo);
return permissionItemManager.Fill(commandText);
}
/// <summary>
/// 更新实体
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="permissionItemEntity">实体</param>
/// <param name="statusCode">状态码</param>
/// <param name="statusMessage">状态信息</param>
/// <returns>影响行数</returns>
public int Update(BaseUserInfo userInfo, BasePermissionItemEntity permissionItemEntity, out string statusCode, out string statusMessage)
{
// 写入调试信息
#if (DEBUG)
int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod());
#endif
// 加强安全验证防止未授权匿名调用
#if (!DEBUG)
LogOnService.UserIsLogOn(userInfo);
#endif
statusCode = string.Empty;
statusMessage = string.Empty;
int returnValue = 0;
using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType))
{
try
{
dbHelper.Open(UserCenterDbConnection);
string tableName = BasePermissionItemEntity.TableName;
if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
{
tableName = BaseSystemInfo.SystemCode + "PermissionItem";
}
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(dbHelper, userInfo, tableName);
returnValue = permissionItemManager.Update(permissionItemEntity, out statusCode);
// 获得状态消息
statusMessage = permissionItemManager.GetStateMessage(statusCode);
BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, AppMessage.PermissionItemService_Update, MethodBase.GetCurrentMethod());
}
catch (Exception ex)
{
BaseExceptionManager.LogException(dbHelper, userInfo, ex);
throw ex;
}
finally
{
dbHelper.Close();
}
}
// 写入调试信息
#if (DEBUG)
BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart);
#endif
return returnValue;
}
/// <summary>
/// 按编号获取实体
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="code">编号</param>
/// <returns>实体</returns>
public BasePermissionItemEntity GetEntityByCode(BaseUserInfo userInfo, string code)
{
// 写入调试信息
#if (DEBUG)
int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod());
#endif
// 加强安全验证防止未授权匿名调用
#if (!DEBUG)
LogOnService.UserIsLogOn(userInfo);
#endif
BasePermissionItemEntity permissionItemEntity = null;
using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType))
{
try
{
dbHelper.Open(UserCenterDbConnection);
string tableName = BasePermissionItemEntity.TableName;
if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
{
tableName = BaseSystemInfo.SystemCode + "PermissionItem";
}
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(dbHelper, userInfo, tableName);
permissionItemEntity = new BasePermissionItemEntity(permissionItemManager.GetDataTableByCode(code));
BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, AppMessage.PermissionItemService_GetEntityByCode, MethodBase.GetCurrentMethod());
}
catch (Exception ex)
{
BaseExceptionManager.LogException(dbHelper, userInfo, ex);
throw ex;
}
finally
{
dbHelper.Close();
}
}
// 写入调试信息
#if (DEBUG)
BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart);
#endif
return permissionItemEntity;
}
/// <summary>
/// 批量移动实体
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="permissionItemIds">权限项主键数组</param>
/// <param name="parentId">父主键</param>
/// <returns>影响行数</returns>
public int BatchMoveTo(BaseUserInfo userInfo, string[] permissionItemIds, string parentId)
{
// 写入调试信息
#if (DEBUG)
int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod());
#endif
// 加强安全验证防止未授权匿名调用
#if (!DEBUG)
LogOnService.UserIsLogOn(userInfo);
#endif
int returnValue = 0;
using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType))
{
try
{
dbHelper.Open(UserCenterDbConnection);
string tableName = BasePermissionItemEntity.TableName;
if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
{
tableName = BaseSystemInfo.SystemCode + "PermissionItem";
}
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(dbHelper, userInfo, tableName);
for (int i = 0; i < permissionItemIds.Length; i++)
{
returnValue += permissionItemManager.MoveTo(permissionItemIds[i], parentId);
}
BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, AppMessage.PermissionItemService_BatchMoveTo, MethodBase.GetCurrentMethod());
}
catch (Exception ex)
{
BaseExceptionManager.LogException(dbHelper, userInfo, ex);
throw ex;
}
finally
{
dbHelper.Close();
}
}
// 写入调试信息
#if (DEBUG)
BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart);
#endif
return returnValue;
}
public new string GetIdByCode(string permissionItemCode)
{
string tableName = BaseRoleEntity.TableName;
if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
{
tableName = BaseSystemInfo.SystemCode + "PermissionItem";
}
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper);
// 这里应该是若不存在就自动加一个操作权限
return permissionItemManager.GetIdByAdd(permissionItemCode);
}
/// <summary>
/// 撤销用户权限
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="userName">用户名</param>
/// <param name="permissionItemCode">权限编号</param>
/// <returns>主键</returns>
public int RevokeUserPermission(BaseUserInfo userInfo, string userName, string permissionItemCode)
{
// 加强安全验证防止未授权匿名调用
#if (!DEBUG)
LogOnService.UserIsLogOn(userInfo);
#endif
int returnValue = 0;
using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType))
{
try
{
dbHelper.Open(UserCenterDbConnection);
BaseUserManager userManager = new BaseUserManager(dbHelper, userInfo);
string userId = userManager.GetId(new KeyValuePair<string, object>(BaseUserEntity.FieldUserName, userName));
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(dbHelper, userInfo);
string permissionItemId = permissionItemManager.GetId(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldCode, permissionItemCode));
if (!String.IsNullOrEmpty(userId) && !String.IsNullOrEmpty(permissionItemId))
{
BaseUserPermissionManager userPermissionManager = new BaseUserPermissionManager(dbHelper, userInfo);
returnValue = userPermissionManager.Revoke(userId, permissionItemId);
}
}
catch (Exception ex)
{
BaseExceptionManager.LogException(dbHelper, userInfo, ex);
throw ex;
}
finally
{
dbHelper.Close();
}
}
return returnValue;
}
/// <summary>
/// 删除权限
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="permissionItemCode">权限编号</param>
/// <returns>影响行数</returns>
public int DeletePermission(BaseUserInfo userInfo, string permissionItemCode)
{
// 加强安全验证防止未授权匿名调用
#if (!DEBUG)
LogOnService.UserIsLogOn(userInfo);
#endif
int returnValue = 0;
using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType))
{
try
{
dbHelper.Open(UserCenterDbConnection);
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(dbHelper, userInfo);
string id = permissionItemManager.GetId(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldCode, permissionItemCode));
if (!String.IsNullOrEmpty(id))
{
// 在删除时,可能会把相关的其他配置权限会删除掉,所以需要调用这个方法。
returnValue = permissionItemManager.Delete(id);
}
}
catch (Exception ex)
{
BaseExceptionManager.LogException(dbHelper, userInfo, ex);
throw ex;
}
finally
{
dbHelper.Close();
}
}
return returnValue;
}
/// <summary>
/// 设置约束条件
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="resourceCategory">资源类别</param>
/// <param name="resourceId">资源主键</param>
/// <param name="tableName">表名</param>
/// <param name="constraint">约束</param>
/// <param name="enabled">有效</param>
/// <param name="permissionCode">操作权限项</param>
/// <returns>主键</returns>
public string SetConstraint(string resourceCategory, string resourceId, string tableName, string permissionCode, string constraint, bool enabled = true)
{
string returnValue = string.Empty;
string permissionId = string.Empty;
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(this.UserInfo);
permissionId = permissionItemManager.GetIdByAdd(permissionCode);
List<KeyValuePair<string, object>> parameters = new List<KeyValuePair<string, object>>();
parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldResourceCategory, resourceCategory));
parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldResourceId, resourceId));
parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldTargetCategory, "Table"));
parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldTargetId, tableName));
parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldPermissionItemId, permissionId));
parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldDeletionStateCode, 0));
BasePermissionScopeManager manager = new BasePermissionScopeManager(this.DbHelper, this.UserInfo);
// 1:先获取是否有这样的主键,若有进行更新操作。
// 2:若没有进行添加操作。
returnValue = manager.GetId(parameters);
if (!string.IsNullOrEmpty(returnValue))
{
parameters = new List<KeyValuePair<string, object>>();
parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldPermissionConstraint, constraint));
parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldEnabled, enabled ? 1 : 0));
manager.SetProperty(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldId, returnValue), parameters);
}
else
{
BasePermissionScopeEntity entity = new BasePermissionScopeEntity();
entity.ResourceCategory = resourceCategory;
entity.ResourceId = resourceId;
entity.TargetCategory = "Table";
entity.TargetId = tableName;
entity.PermissionConstraint = constraint;
entity.PermissionId = int.Parse(permissionId);
entity.DeletionStateCode = 0;
entity.Enabled = enabled ? 1: 0;
returnValue = manager.Add(entity);
}
return returnValue;
}
/// <summary>
/// 获取用户的件约束表达式
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="tableName">表名</param>
/// <returns>主键</returns>
public string GetUserConstraint(string tableName, string permissionCode = "Resource.AccessPermission")
{
string returnValue = string.Empty;
// 这里是获取用户的条件表达式
// 1: 首先用户在哪些角色里是有效的?
// 2: 这些角色都有哪些哪些条件约束?
// 3: 组合约束条件?
// 4:用户本身的约束条件?
string permissionId = string.Empty;
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(this.UserInfo);
permissionId = permissionItemManager.GetIdByAdd(permissionCode);
BaseUserManager manager = new BaseUserManager(this.DbHelper, this.UserInfo);
string[] roleIds = manager.GetAllRoleIds(UserInfo.Id);
if (roleIds == null || roleIds.Length == 0)
{
return returnValue;
}
BasePermissionScopeManager scopeManager = new BasePermissionScopeManager(this.DbHelper, this.UserInfo);
List<KeyValuePair<string, object>> parameters = new List<KeyValuePair<string, object>>();
parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldResourceCategory, BaseRoleEntity.TableName));
parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldResourceId, roleIds));
parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldTargetCategory, "Table"));
parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldTargetId, tableName));
parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldPermissionItemId, permissionId));
parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldEnabled, 1));
parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldDeletionStateCode, 0));
DataTable dtPermissionScope = scopeManager.GetDataTable(parameters);
string permissionConstraint = string.Empty;
foreach (DataRow dataRow in dtPermissionScope.Rows)
{
permissionConstraint = dataRow[BasePermissionScopeEntity.FieldPermissionConstraint].ToString();
permissionConstraint = permissionConstraint.Trim();
if (!string.IsNullOrEmpty(permissionConstraint))
{
returnValue += " AND " + permissionConstraint;
}
}
if (!string.IsNullOrEmpty(returnValue))
{
returnValue = returnValue.Substring(5);
// 解析替换约束表达式标准函数
returnValue = ConstraintUtil.PrepareParameter(this.UserInfo, returnValue);
}
return returnValue;
}
/// <summary>
/// 按主键数组获取列表
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="ids">组织机构主键</param>
/// <returns>数据表</returns>
public DataTable GetDataTableByIds(BaseUserInfo userInfo, string[] ids)
{
// 写入调试信息
#if (DEBUG)
int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod());
#endif
// 加强安全验证防止未授权匿名调用
#if (!DEBUG)
LogOnService.UserIsLogOn(userInfo);
#endif
DataTable dataTable = new DataTable(BasePermissionItemEntity.TableName);
using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType))
{
try
{
dbHelper.Open(UserCenterDbConnection);
BasePermissionItemManager permissionItem = new BasePermissionItemManager(dbHelper, userInfo);
dataTable = permissionItem.GetDataTable(BasePermissionItemEntity.FieldId, ids, BasePermissionItemEntity.FieldSortCode);
dataTable.TableName = BasePermissionItemEntity.TableName;
BaseLogManager.Instance.Add(dbHelper, userInfo, serviceName, AppMessage.PermissionItemService_GetDataTable, MethodBase.GetCurrentMethod());
}
catch (Exception ex)
{
BaseExceptionManager.LogException(dbHelper, userInfo, ex);
throw ex;
}
finally
{
dbHelper.Close();
}
}
// 写入调试信息
#if (DEBUG)
BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart);
#endif
return dataTable;
}
/// <summary>
/// 获得某个用户的所有权限列表
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="userId">用户主键</param>
/// <returns>数据表</returns>
public DataTable GetPermissionDTByUser(BaseUserInfo userInfo, string userId)
{
// 写入调试信息
#if (DEBUG)
int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod());
#endif
// 加强安全验证防止未授权匿名调用
#if (!DEBUG)
LogOnService.UserIsLogOn(userInfo);
#endif
DataTable dataTable = new DataTable(BasePermissionItemEntity.TableName);
using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType))
{
try
{
dbHelper.Open(UserCenterDbConnection);
string tableName = BasePermissionItemEntity.TableName;
if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
{
tableName = BaseSystemInfo.SystemCode + "PermissionItem";
}
// 是否超级管理员
BaseUserManager userManager = new BaseUserManager(dbHelper, userInfo);
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(dbHelper, userInfo, tableName);
if (userManager.IsAdministrator(userId))
{
dataTable = permissionItemManager.GetDataTable();
}
else
{
tableName = BasePermissionEntity.TableName;
if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
{
tableName = BaseSystemInfo.SystemCode + "Permission";
}
BasePermissionManager permissionManager = new BasePermissionManager(dbHelper, userInfo, tableName);
string[] ids = permissionManager.GetPermissionIdsByUser(userId);
// 若是以前赋予的权限,后来有些权限设置为无效了,那就不应该再获取哪些无效的权限才对。
// bug修正:没有赋值DataTable,导致返回值空
dataTable = permissionItemManager.GetDataTable(
new KeyValuePair<string, object>(BasePermissionItemEntity.FieldId, ids)
, new KeyValuePair<string, object>(BasePermissionItemEntity.FieldEnabled, 1)
, new KeyValuePair<string, object>(BasePermissionItemEntity.FieldDeletionStateCode, 0));
}
dataTable.TableName = tableName;
BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, AppMessage.PermissionService_GetPermissionDTByUser, MethodBase.GetCurrentMethod());
}
catch (Exception ex)
{
BaseExceptionManager.LogException(dbHelper, userInfo, ex);
throw ex;
}
finally
{
dbHelper.Close();
}
}
// 写入调试信息
#if (DEBUG)
BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart);
#endif
return dataTable;
}
/// <summary>
/// 获取授权范围
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="userId">用户主键</param>
/// <returns>数据表</returns>
public DataTable GetLicensedDT(BaseUserInfo userInfo, string userId)
{
// 写入调试信息
#if (DEBUG)
int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod());
#endif
// 加强安全验证防止未授权匿名调用
#if (!DEBUG)
LogOnService.UserIsLogOn(userInfo);
#endif
DataTable dataTable = new DataTable(BasePermissionItemEntity.TableName);
using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType))
{
try
{
dbHelper.Open(UserCenterDbConnection);
string tableName = BasePermissionItemEntity.TableName;
if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
{
tableName = BaseSystemInfo.SystemCode + "PermissionItem";
}
BasePermissionItemManager permissionAdminManager = new BasePermissionItemManager(dbHelper, userInfo, tableName);
string permissionItemId = permissionAdminManager.GetId(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldDeletionStateCode, 0), new KeyValuePair<string, object>(BasePermissionItemEntity.FieldCode, "Resource.ManagePermission"));
dataTable = permissionAdminManager.GetDataTableByUser(userId, permissionItemId);
dataTable.TableName = BasePermissionItemEntity.TableName;
BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, AppMessage.PermissionItemService_GetLicensedDT, MethodBase.GetCurrentMethod());
}
catch (Exception ex)
{
BaseExceptionManager.LogException(dbHelper, userInfo, ex);
throw ex;
}
finally
{
dbHelper.Close();
}
}
// 写入调试信息
#if (DEBUG)
BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart);
#endif
return dataTable;
}
public DataTable Search(string permissionScopeItemCode, string search, string[] roleIds, bool? enabled, string auditStates,string departmentId)
{
search = StringUtil.GetSearchString(search);
string sqlQuery = " SELECT " + BaseUserEntity.TableName + ".* "
+ "," + BaseRoleEntity.TableName + "." + BaseRoleEntity.FieldRealName + " AS RoleName "
+ " FROM " + BaseUserEntity.TableName
+ " LEFT OUTER JOIN " + BaseRoleEntity.TableName
+ " ON " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldRoleId + " = " + BaseRoleEntity.TableName + "." + BaseRoleEntity.FieldId
// 被删除的排出在外比较好一些
+ " WHERE " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldDeletionStateCode + " = 0 "
+ " AND " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldIsVisible + " = 1 ";
if (!String.IsNullOrEmpty(search))
{
sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldUserName + " LIKE '" + search + "'"
+ " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldCode + " LIKE '" + search + "'"
+ " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldRealName + " LIKE '" + search + "'"
+ " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldQuickQuery + " LIKE '" + search + "'"
+ " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldDepartmentName + " LIKE '" + search + "'"
+ " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldDescription + " LIKE '" + search + "')";
}
if (!string.IsNullOrEmpty(departmentId))
{
BaseOrganizeManager organizeManager = new BaseOrganizeManager(this.DbHelper, this.UserInfo);
string[] organizeIds = organizeManager.GetChildrensId(BaseOrganizeEntity.FieldId, departmentId, BaseOrganizeEntity.FieldParentId);
if (organizeIds != null && organizeIds.Length > 0)
{
sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldCompanyId + " IN (" + StringUtil.ArrayToList(organizeIds) + ")"
+ " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldDepartmentId + " IN (" + StringUtil.ArrayToList(organizeIds) + ")"
+ " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldWorkgroupId + " IN (" + StringUtil.ArrayToList(organizeIds) + "))";
}
}
if (!String.IsNullOrEmpty(auditStates))
{
sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldAuditStatus + " = '" + auditStates + "')";
}
if (enabled != null)
{
sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldEnabled + " = " + ((bool)enabled ? 1:0) + ")";
}
if ((roleIds != null) && (roleIds.Length > 0))
{
string roles = StringUtil.ArrayToList(roleIds, "'");
sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldRoleId + " IN (" + roles + ") ";
sqlQuery += " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldId + " IN (" + "SELECT " + BaseUserRoleEntity.FieldUserId + " FROM " + BaseUserRoleEntity.TableName + " WHERE " + BaseUserRoleEntity.FieldRoleId + " IN (" + roles + ")" + "))";
}
// 是否过滤用户, 获得组织机构列表, 这里需要一个按用户过滤得功能
if ((!UserInfo.IsAdministrator) && (BaseSystemInfo.UsePermissionScope))
{
// string permissionScopeItemCode = "Resource.ManagePermission";
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(this.DbHelper, this.UserInfo);
string permissionScopeItemId = permissionItemManager.GetId(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldCode, permissionScopeItemCode));
if (!string.IsNullOrEmpty(permissionScopeItemId))
{
// 从小到大的顺序进行显示,防止错误发生
BaseUserScopeManager userPermissionScopeManager = new BaseUserScopeManager(this.DbHelper, this.UserInfo);
string[] organizeIds = userPermissionScopeManager.GetOrganizeIds(this.UserInfo.Id, permissionScopeItemId);
// 没有任何数据权限
if (StringUtil.Exists(organizeIds, ((int)PermissionScope.None).ToString()))
{
sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldId + " = NULL ) ";
}
// 按详细设定的数据
if (StringUtil.Exists(organizeIds, ((int)PermissionScope.Detail).ToString()))
{
BasePermissionScopeManager permissionScopeManager = new BasePermissionScopeManager(DbHelper, UserInfo);
string[] userIds = permissionScopeManager.GetUserIds(UserInfo.Id, permissionScopeItemCode);
sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldId + " IN (" + BaseBusinessLogic.ObjectsToList(userIds) + ")) ";
}
// 自己的数据,仅本人
if (StringUtil.Exists(organizeIds, ((int)PermissionScope.User).ToString()))
{
sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldId + " = " + this.UserInfo.Id + ") ";
}
// 用户所在工作组数据
if (StringUtil.Exists(organizeIds, ((int)PermissionScope.UserWorkgroup).ToString()))
{
sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldWorkgroupId + " = " + this.UserInfo.WorkgroupId + ") ";
}
// 用户所在部门数据
if (StringUtil.Exists(organizeIds, ((int)PermissionScope.UserDepartment).ToString()))
{
sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldDepartmentId + " = " + this.UserInfo.DepartmentId + ") ";
}
// 用户所在分支机构数据
if (StringUtil.Exists(organizeIds, ((int)PermissionScope.UserSubCompany).ToString()))
{
sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldSubCompanyId + " = " + this.UserInfo.SubCompanyId + ") ";
}
// 用户所在公司数据
if (StringUtil.Exists(organizeIds, ((int)PermissionScope.UserCompany).ToString()))
{
sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldCompanyId + " = " + this.UserInfo.CompanyId + ") ";
}
// 全部数据,这里就不用设置过滤条件了
if (StringUtil.Exists(organizeIds, ((int)PermissionScope.All).ToString()))
{
}
}
}
sqlQuery += " ORDER BY " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldSortCode;
return DbHelper.Fill(sqlQuery);
}
/// <summary>
/// 获取资源权限范围主键数组
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="resourceCategory">资源分类</param>
/// <param name="resourceId">资源主键</param>
/// <param name="targetCategory">目标类别</param>
/// <param name="permissionItemCode">权限编号</param>
/// <returns>主键数组</returns>
public string[] GetPermissionScopeTargetIds(BaseUserInfo userInfo, string resourceCategory, string resourceId, string targetCategory, string permissionItemCode)
{
// 写入调试信息
#if (DEBUG)
int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod());
#endif
// 加强安全验证防止未授权匿名调用
#if (!DEBUG)
LogOnService.UserIsLogOn(userInfo);
#endif
string[] returnValue = null;
using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType))
{
try
{
dbHelper.Open(UserCenterDbConnection);
string tableName = BasePermissionItemEntity.TableName;
if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
{
tableName = BaseSystemInfo.SystemCode + "PermissionItem";
}
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(dbHelper, userInfo, tableName);
string permissionItemId = permissionItemManager.GetId(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldCode, permissionItemCode));
List<KeyValuePair<string, object>> parameters = new List<KeyValuePair<string, object>>();
parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldResourceCategory, resourceCategory));
parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldResourceId, resourceId));
parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldTargetCategory, targetCategory));
parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldPermissionItemId, permissionItemId));
parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldEnabled, 1));
parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldDeletionStateCode, 0));
tableName = BasePermissionScopeEntity.TableName;
if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
{
tableName = BaseSystemInfo.SystemCode + "PermissionScope";
}
returnValue = DbLogic.GetProperties(dbHelper, tableName, parameters, 0, BasePermissionScopeEntity.FieldTargetId);
BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, AppMessage.PermissionService_GetPermissionScopeTargetIds, MethodBase.GetCurrentMethod());
}
catch (Exception ex)
{
BaseExceptionManager.LogException(dbHelper, userInfo, ex);
throw ex;
}
finally
{
dbHelper.Close();
}
}
// 写入调试信息
#if (DEBUG)
BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart);
#endif
return returnValue;
}
/// <summary>
/// 按某个权限获取组织机构 Sql
/// </summary>
/// <param name="managerUserId">管理用户主键</param>
/// <param name="permissionItemCode">权限编号</param>
/// <returns>Sql</returns>
public string GetOrganizeIdsSql(string managerUserId, string permissionItemCode)
{
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper);
string permissionItemId = permissionItemManager.GetIdByCode(permissionItemCode);
string sqlQuery = string.Empty;
sqlQuery = " SELECT " + BasePermissionScopeEntity.FieldTargetId
+ " FROM " + BasePermissionScopeEntity.TableName
// 有效的,并且不为空的组织机构主键
+ " WHERE (" + BasePermissionScopeEntity.FieldTargetCategory + " = '" + BaseOrganizeEntity.TableName + "') "
+ " AND ( " + BasePermissionScopeEntity.TableName + "." + BasePermissionScopeEntity.FieldDeletionStateCode + " = 0) "
+ " AND ( " + BasePermissionScopeEntity.TableName + "." + BasePermissionScopeEntity.FieldEnabled + " = 1) "
+ " AND ( " + BasePermissionScopeEntity.TableName + "." + BasePermissionScopeEntity.FieldTargetId + " IS NOT NULL) "
// 自己直接由相应权限的组织机构
+ " AND ((" + BasePermissionScopeEntity.FieldResourceCategory + " = '" + BaseUserEntity.TableName + "' "
+ " AND " + BasePermissionScopeEntity.FieldResourceId + " = '" + managerUserId + "')"
+ " OR (" + BasePermissionScopeEntity.FieldResourceCategory + " = '" + BaseRoleEntity.TableName + "' "
+ " AND " + BasePermissionScopeEntity.FieldResourceId + " IN ( "
// 获得属于那些角色有相应权限的组织机构
+ " SELECT " + BaseUserRoleEntity.FieldRoleId
+ " FROM " + BaseUserRoleEntity.TableName
+ " WHERE " + BaseUserRoleEntity.FieldUserId + " = '" + managerUserId + "'"
+ " AND " + BaseUserRoleEntity.FieldDeletionStateCode + " = 0 "
+ " AND " + BaseUserRoleEntity.FieldEnabled + " = 1"
// 修正不会读取用户默认角色权限域范围BUG
+ " Union SELECT " + BaseUserEntity.FieldRoleId
+ " FROM " + BaseUserEntity.TableName
+ " WHERE " + BaseUserEntity.FieldId + " = '" + managerUserId + "'"
+ " AND " + BaseUserEntity.FieldDeletionStateCode + " = 0 "
+ " AND " + BaseUserEntity.FieldEnabled + " = 1"
+ "))) "
// 并且是指定的本权限
+ " AND (" + BasePermissionScopeEntity.FieldPermissionItemId + " = '" + permissionItemId + "') ";
return sqlQuery;
}
/// <summary>
/// 是否有相应的权限
/// </summary>
/// <param name="userId">用户主键</param>
/// <param name="permissionItemCode">权限编号</param>
/// <param name="permissionItemName">权限名称</param>
/// <returns>是否有权限</returns>
public bool CheckPermissionByUser(string userId, string permissionItemCode, string permissionItemName = null)
{
// 若不存在就需要自动能增加一个操作权限项
string tableName = BasePermissionItemEntity.TableName;
if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
{
tableName = BaseSystemInfo.SystemCode + "PermissionItem";
}
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper, UserInfo, tableName);
string permissionItemId = permissionItemManager.GetIdByAdd(permissionItemCode, permissionItemName);
BasePermissionItemEntity permissionItemEntity = permissionItemManager.GetEntity(permissionItemId);
// 先判断用户类别
if (UserInfo.IsAdministrator)
{
return true;
}
// 没有找到相应的权限
if (String.IsNullOrEmpty(permissionItemId))
{
return false;
}
// 这里需要判断,是系统权限?
bool returnValue = false;
BaseUserManager userManager = new BaseUserManager(this.DbHelper, this.UserInfo);
if (!string.IsNullOrEmpty(permissionItemEntity.CategoryCode) && permissionItemEntity.CategoryCode.Equals("System"))
{
// 用户管理员
returnValue = userManager.IsInRoleByCode(userId, "UserAdmin");
if (returnValue)
{
return returnValue;
}
}
// 这里需要判断,是业务权限?
if (!string.IsNullOrEmpty(permissionItemEntity.CategoryCode) && permissionItemEntity.CategoryCode.Equals("Application"))
{
returnValue = userManager.IsInRoleByCode(userId, "Admin");
if (returnValue)
{
return returnValue;
}
}
// 判断用户权限
if (this.CheckUserPermission(userId, permissionItemId))
{
return true;
}
// 判断用户角色权限
if (this.CheckUserRolePermission(userId, permissionItemId))
{
return true;
}
// 判断用户组织机构权限,这里有开关是为了提高性能用的,
// 下面的函数接着还可以提高性能,可以进行一次判断就可以了,其实不用执行4次判断,浪费I/O,浪费性能。
if (BaseSystemInfo.UseOrganizePermission)
{
if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.WorkgroupId))
{
return true;
}
else if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.DepartmentId))
{
return true;
}
else if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.SubCompanyId))
{
return true;
}
else if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.CompanyId))
{
return true;
}
}
return false;
}
/// <summary>
/// 获得用户的某个权限范围资源主键数组
/// </summary>
/// <param name="userId">用户</param>
/// <param name="targetCategory">资源分类</param>
/// <param name="permissionItemCode">权限编号</param>
/// <returns>主键数组</returns>
public string[] GetResourceScopeIds(string userId, string targetCategory, string permissionItemCode)
{
string tableName = BasePermissionItemEntity.TableName;
if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
{
tableName = BaseSystemInfo.SystemCode + "PermissionItem";
}
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper, UserInfo, tableName);
string permissionItemId = permissionItemManager.GetId(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldCode, permissionItemCode));
BaseUserManager userManager = new BaseUserManager(DbHelper, UserInfo);
string defaultRoleId = userManager.GetProperty(userId, BaseUserEntity.FieldRoleId);
tableName = BaseUserRoleEntity.TableName;
if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
{
tableName = BaseSystemInfo.SystemCode + "UserRole";
}
this.CurrentTableName = "BasePermissionScope";
if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
{
this.CurrentTableName = BaseSystemInfo.SystemCode + "PermissionScope";
}
string sqlQuery = string.Empty;
sqlQuery =
// 用户的权限
" SELECT TargetId "
+ " FROM " + this.CurrentTableName
+ " WHERE (" + this.CurrentTableName + ".ResourceCategory = '" + BaseUserEntity.TableName + "') "
+ " AND (ResourceId = '" + userId + "') "
+ " AND (TargetCategory = '" + targetCategory + "') "
+ " AND (PermissionId = '" + permissionItemId + "') "
+ " AND (Enabled = 1) "
+ " AND (DeletionStateCode = 0)"
+ " UNION "
// 用户归属的角色的权限
+ " SELECT TargetId "
+ " FROM " + this.CurrentTableName
+ " WHERE (ResourceCategory = '" + BaseRoleEntity.TableName + "') "
+ " AND (TargetCategory = '" + targetCategory + "') "
+ " AND (PermissionId = '" + permissionItemId + "') "
+ " AND (DeletionStateCode = 0)"
+ " AND (Enabled = 1) "
+ " AND ((ResourceId IN ( "
+ " SELECT RoleId "
+ " FROM " + tableName
+ " WHERE (UserId = '" + userId + "') "
+ " AND (Enabled = 1) "
+ " AND (DeletionStateCode = 0) ) ";
if (!string.IsNullOrEmpty(defaultRoleId))
{
// 用户的默认角色
sqlQuery += " OR (ResourceId = '" + defaultRoleId + "')";
}
sqlQuery += " ) "
+ " ) ";
DataTable dataTable = DbHelper.Fill(sqlQuery);
string[] resourceIds = BaseBusinessLogic.FieldToArray(dataTable, BasePermissionScopeEntity.FieldTargetId);
// 按部门获取权限
if (BaseSystemInfo.UseOrganizePermission)
{
sqlQuery = string.Empty;
BaseUserEntity userEntity = new BaseUserManager(this.DbHelper).GetEntity(userId);
sqlQuery = " SELECT TargetId "
+ " FROM " + this.CurrentTableName
+ " WHERE (" + this.CurrentTableName + ".ResourceCategory = '" +
BaseOrganizeEntity.TableName + "') "
+ " AND (ResourceId = '" + userEntity.CompanyId + "' OR "
+ " ResourceId = '" + userEntity.DepartmentId + "' OR "
+ " ResourceId = '" + userEntity.SubCompanyId + "' OR"
+ " ResourceId = '" + userEntity.WorkgroupId + "') "
+ " AND (TargetCategory = '" + targetCategory + "') "
+ " AND (PermissionId = '" + permissionItemId + "') "
+ " AND (Enabled = 1) "
+ " AND (DeletionStateCode = 0)";
dataTable = DbHelper.Fill(sqlQuery);
string[] resourceIdsByOrganize = BaseBusinessLogic.FieldToArray(dataTable,
BasePermissionScopeEntity.FieldTargetId);
resourceIds = StringUtil.Concat(resourceIds, resourceIdsByOrganize);
}
if (targetCategory.Equals(BaseOrganizeEntity.TableName))
{
TransformPermissionScope(userId, ref resourceIds, userManager);
}
return resourceIds;
}
/// <summary>
/// 判断用户是否有有相应的权限
/// </summary>
/// <param name="userId">用户主键</param>
/// <param name="permissionItemCode">权限编号</param>
/// <returns>有权限</returns>
public bool CheckPermission(string userId, string permissionItemCode)
{
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper);
string permissionItemId = permissionItemManager.GetIdByCode(permissionItemCode);
// 没有找到相应的权限
if (String.IsNullOrEmpty(permissionItemId))
{
return false;
}
List<KeyValuePair<string, object>> parameters = new List<KeyValuePair<string, object>>();
parameters.Add(new KeyValuePair<string, object>(BasePermissionEntity.FieldResourceCategory, BaseUserEntity.TableName));
parameters.Add(new KeyValuePair<string, object>(BasePermissionEntity.FieldResourceId, userId));
parameters.Add(new KeyValuePair<string, object>(BasePermissionEntity.FieldEnabled, "1"));
return DbLogic.Exists(DbHelper, this.CurrentTableName, parameters);
}
/// <summary>
/// 按某个权限获取角色 Sql
/// </summary>
/// <param name="managerUserId">管理用户主键</param>
/// <param name="permissionItemCode">权限编号</param>
/// <returns>Sql</returns>
public string GetRoleIdsSql(string managerUserId, string permissionItemCode)
{
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper);
string permissionItemId = permissionItemManager.GetIdByCode(permissionItemCode);
string sqlQuery = string.Empty;
// 被管理的角色
sqlQuery += " SELECT BasePermissionScope.TargetId AS " + BaseBusinessLogic.FieldId
+ " FROM BasePermissionScope "
+ " WHERE (BasePermissionScope.TargetId IS NOT NULL "
+ " AND BasePermissionScope.TargetCategory = '" + BaseRoleEntity.TableName + "' "
+ " AND ((BasePermissionScope.ResourceCategory = '" + BaseUserEntity.TableName + "' "
+ " AND BasePermissionScope.ResourceId = '" + managerUserId + "')"
// 以及 他所在的角色在管理的角色
+ " OR (BasePermissionScope.ResourceCategory = '" + BaseRoleEntity.TableName + "'"
+ " AND BasePermissionScope.ResourceId IN ( "
+ " SELECT RoleId "
+ " FROM " + BaseUserRoleEntity.TableName
+ " WHERE (" + BaseUserRoleEntity.FieldUserId + " = '" + managerUserId + "' "
+ " AND " + BaseUserRoleEntity.FieldEnabled + " = 1))))"
// 并且是指定的本权限
+ " AND " + BasePermissionScopeEntity.FieldPermissionItemId + " = '" + permissionItemId + "')";
// 被管理部门的列表
string[] organizeIds = this.GetOrganizeIds(managerUserId, permissionItemCode);
if (organizeIds.Length > 0)
{
string organizes = BaseBusinessLogic.ObjectsToList(organizeIds);
if (!String.IsNullOrEmpty(organizes))
{
// 被管理的组织机构包含的角色
sqlQuery += " UNION "
+ " SELECT " + BaseRoleEntity.TableName + "." + BaseRoleEntity.FieldId + " AS " + BaseBusinessLogic.FieldId
+ " FROM " + BaseRoleEntity.TableName
+ " WHERE " + BaseRoleEntity.TableName + "." + BaseRoleEntity.FieldEnabled + " = 1 "
+ " AND " + BaseRoleEntity.TableName + "." + BaseRoleEntity.FieldDeletionStateCode + " = 0 "
+ " AND " + BaseRoleEntity.TableName + "." + BaseRoleEntity.FieldOrganizeId + " IN (" + organizes + ") ";
}
}
return sqlQuery;
}
//
// ResourcePermission 权限判断
//
#region public bool CheckPermissionByUser(string userId, string permissionItemCode, string permissionItemName = null) 是否有相应的权限
/// <summary>
/// 是否有相应的权限
/// </summary>
/// <param name="userId">用户主键</param>
/// <param name="permissionItemCode">权限编号</param>
/// <param name="permissionItemName">权限名称</param>
/// <returns>是否有权限</returns>
public bool CheckPermissionByUser(string userId, string permissionItemCode, string permissionItemName = null)
{
// 若不存在就需要自动能增加一个操作权限项
string tableName = BasePermissionItemEntity.TableName;
if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
{
tableName = BaseSystemInfo.SystemCode + "PermissionItem";
}
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper, UserInfo, tableName);
string permissionItemId = permissionItemManager.GetIdByAdd(permissionItemCode, permissionItemName);
BasePermissionItemEntity permissionItemEntity = permissionItemManager.GetEntity(permissionItemId);
// 先判断用户类别
if (UserInfo.IsAdministrator)
{
return(true);
}
// 没有找到相应的权限
if (String.IsNullOrEmpty(permissionItemId))
{
return(false);
}
// 这里需要判断,是系统权限?
bool returnValue = false;
BaseUserManager userManager = new BaseUserManager(this.DbHelper, this.UserInfo);
if (!string.IsNullOrEmpty(permissionItemEntity.CategoryCode) && permissionItemEntity.CategoryCode.Equals("System"))
{
// 用户管理员
returnValue = userManager.IsInRoleByCode(userId, "UserAdmin");
if (returnValue)
{
return(returnValue);
}
}
// 这里需要判断,是业务权限?
if (!string.IsNullOrEmpty(permissionItemEntity.CategoryCode) && permissionItemEntity.CategoryCode.Equals("Application"))
{
returnValue = userManager.IsInRoleByCode(userId, "Admin");
if (returnValue)
{
return(returnValue);
}
}
// 判断用户权限
if (this.CheckUserPermission(userId, permissionItemId))
{
return(true);
}
// 判断用户角色权限
if (this.CheckUserRolePermission(userId, permissionItemId))
{
return(true);
}
// 判断用户组织机构权限,这里有开关是为了提高性能用的,
// 下面的函数接着还可以提高性能,可以进行一次判断就可以了,其实不用执行4次判断,浪费I/O,浪费性能。
if (BaseSystemInfo.UseOrganizePermission)
{
if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.WorkgroupId))
{
return(true);
}
else if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.DepartmentId))
{
return(true);
}
else if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.SubCompanyId))
{
return(true);
}
else if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.CompanyId))
{
return(true);
}
}
return(false);
}
/// <summary>
/// 授予用户模块的权限范围
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="userId">用户主键</param>
/// <param name="grantModuleIds">授予模块主键数组</param>
/// <returns>影响的行数</returns>
public int GrantUserModuleScopes(BaseUserInfo userInfo, string userId, string permissionScopeItemCode, string[] grantModuleIds)
{
// 写入调试信息
#if (DEBUG)
int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod());
#endif
// 加强安全验证防止未授权匿名调用
#if (!DEBUG)
LogOnService.UserIsLogOn(userInfo);
#endif
int returnValue = 0;
using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType))
{
try
{
dbHelper.Open(UserCenterDbConnection);
string tableName = BasePermissionScopeEntity.TableName;
if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
{
tableName = BaseSystemInfo.SystemCode + "PermissionScope";
}
BaseUserScopeManager userPermissionScopeManager = new BaseUserScopeManager(dbHelper, userInfo, tableName);
// 小心异常,检查一下参数的有效性
if (grantModuleIds != null)
{
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(dbHelper, userInfo);
returnValue += userPermissionScopeManager.GrantModules(userId, permissionScopeItemCode, grantModuleIds);
}
BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, AppMessage.PermissionService_GrantUserModuleScopes, MethodBase.GetCurrentMethod());
}
catch (Exception ex)
{
BaseExceptionManager.LogException(dbHelper, userInfo, ex);
throw ex;
}
finally
{
dbHelper.Close();
}
}
// 写入调试信息
#if (DEBUG)
BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart);
#endif
return returnValue;
}
