public bool AddUsersToGroups(UserBase[] users, int[] groupIds)
{
if (ArrayIsNullOrEmpty(users) || ArrayIsNullOrEmpty(groupIds))
{
throw new ArgumentNullException("users,groupIds", "Users or UserGroups can not be null or empty!");
}
bool flag = false;
_session.BeginTransaction();
try
{
foreach (int gid in groupIds)
{
UserGroup grp = UserGroup.Retrieve(_session, gid);
flag = AddUsersToGroup(users, grp);
_session.Commit();
}
}
catch
{
_session.Rollback();
throw;
}
return flag;
}
public IList<IUserGroup> GetUserGroupsForUser(UserBase user)
{
using (Session session = new Session())
{
AuthorizationRepository repository = new AuthorizationRepository(session);
return repository.GetGroupsForUser(user);
}
}
/// <summary>
/// 新增用户到用户组
/// </summary>
/// <param name="user"></param>
/// <param name="session"></param>
/// <returns></returns>
public bool AddUser(UserBase user, ISession session)
{
if (!this.UserIsInGroup(user, session))
{
UserToGroup utg = new UserToGroup();
utg.CreateTime = DateTime.Now;
utg.GroupId = this.GroupId;
utg.OperateBy = SecuritySession.CurrentUser.UserId;
utg.UserId = user.UserId;
return utg.Create(session);
}
else
{
return false;
}
}
/// <summary>
/// 获取可以分配给用户的用户组
/// </summary>
/// <param name="user"></param>
/// <returns></returns>
public IList<UserGroup> GetAssigningGroupsForUser(UserBase user)
{
IList<UserGroup> grps = new List<UserGroup>();
//string sql = @"select * from sys_usergroup g where g.group_id not in (select group_id from sys_user_to_group where user_id=@USER_ID)";
string oql = "select g.* from UserGroup g where g.GroupId not in(select GroupId from UserToGroup where UserId=@UserId)";
return _session
.CreateObjectQuery(oql)
.Attach(typeof(UserGroup))
.Attach(typeof(UserToGroup))
.SetValue("@UserId", user.UserId, DbTypeInfo.Int32())
.List<UserGroup>();
}
/// <summary>
/// 是否允许操作
/// </summary>
/// <param name="user"></param>
/// <param name="operation"></param>
/// <returns></returns>
public static bool IsAllowed(UserBase user, string operation)
{
return(_azService.IsAllowed(user, operation));
}
/// <summary>
/// 用户是否有操作某个指定对象的权限
/// </summary>
/// <param name="user"></param>
/// <param name="operation"></param>
/// <param name="key"></param>
/// <returns></returns>
public static bool IsAllowed(UserBase user, string operation, IEntitySecurityKey key)
{
return _azService.IsAllowed(user, operation, key);
}
private bool AddUsersToGroup(UserBase[] users, UserGroup grp)
{
bool flag = false;
if (grp != null)
{
foreach (UserBase user in users)
{
if (!grp.UserIsInGroup(user, this._session))
{
if (user != null)
{
flag = grp.AddUser(user, this._session);
}
}
}
}
return flag;
}
public void RemoveUser(UserBase user)
{
//如果User是IEntity,则调用其本身的Delete方法,否则使用EntityManager删除它。
if (user is IEntity)
{
IEntity userEntity = (IEntity)user;
userEntity.Delete(this._session);
}
else
{
EntityManager.Delete(this._session, user.GetType(), user.UserId);
}
}
void IAuthorizationRepository.RemoveUsersFromGroups(UserBase[] users, IUserGroup[] userGroups)
{
if (ArrayIsNullOrEmpty(users) || ArrayIsNullOrEmpty(userGroups))
{
throw new ArgumentNullException("users,groups", "Users or UserGroups can not be null or empty!");
}
foreach (IUserGroup grp in userGroups)
{
if (!grp.RemoveUserFromGroup(users, this._session))
{
throw new ApplicationException(string.Format("从用户组{0}中移出用户失败!", grp.Name));
}
}
}
public void AddPermissionsToQuery(UserBase urser, string operation, Magic.Framework.ORM.IEntityQuery criteria)
{
}
/// <summary>
/// 验证用户,并返回合法用户的
/// </summary>
/// <param name="session"></param>
/// <param name="userName"></param>
/// <param name="password"></param>
/// <param name="validUser"></param>
/// <returns>true:通过,false:不通过</returns>
private bool ValidateUser(string userName, string password, out UserBase validUser)
{
validUser = null;
if (string.IsNullOrEmpty(userName) || string.IsNullOrEmpty(password))
{
throw new ArgumentNullException("UserName and Password can not be NULL!");
}
using (ISession session = new Session())
{
IList<Magic.Sys.User> list = session.CreateEntityQuery<Magic.Sys.User>()
.And(Exp.Eq("UserName", userName))
// .And(Exp.Eq("Password", Magic.Security.Utility.Encryption.MD5(password, 32)))
.And(Exp.Eq("Password",password))
.List<User>();
if (list == null || list.Count == 0)
{
return false;
}
validUser = list[0];
return true;
}
}
private void SetCurrentUser(UserBase user)
{
if (CheckHttpContext())
{
HttpContext.Current.Session[USER_SESSION_ID] = user;
}
}
public bool UserIsInGroup(UserBase user,ISession session)
{
string oql = @"select 1 from UserToGroup";
return
session.CreateObjectQuery(oql)
.Attach(typeof(UserToGroup))
.And(Exp.Eq("UserId", user.UserId))
.And(Exp.Eq("GroupId", this.GroupId))
.Count() > 0;
}
/// <summary>
/// 用户是否有操作某个指定对象的权限
/// </summary>
/// <param name="user"></param>
/// <param name="operation"></param>
/// <param name="key"></param>
/// <returns></returns>
public static bool IsAllowed(UserBase user, string operation, IEntitySecurityKey key)
{
return(_azService.IsAllowed(user, operation, key));
}
/// <summary>
/// 获取指定用户所在的用户组
/// </summary>
/// <param name="user"></param>
/// <returns></returns>
public IList<IUserGroup> GetGroupsForUser(UserBase user)
{
string oql = @"select g.* from UserGroup g inner join UserToGroup ug on g.GroupId=ug.GroupId
where UserId=@UserId";
IList<IUserGroup> grps = new List<IUserGroup>();
ObjectQuery query = _session.CreateObjectQuery(oql).Attach(typeof(UserGroup)).Attach(typeof(UserToGroup));
query.SetValue("@UserId", user.UserId, DbTypeInfo.Int32());
IList<UserGroup> userGroups = query.List<UserGroup>();
foreach (UserGroup ug in userGroups)
grps.Add(ug);
return grps;
}
bool IAuthorizationRepository.AddUsersToGroups(UserBase[] users, IUserGroup[] userGroups)
{
if (ArrayIsNullOrEmpty(users) || ArrayIsNullOrEmpty(userGroups))
{
throw new ArgumentNullException("users,groups", "Users or UserGroups can not be null or empty!");
}
bool flag = false;
foreach (UserGroup grp in userGroups)
{
flag = this.AddUsersToGroup(users, grp);
}
return flag;
}
public bool IsAllowed(UserBase user, string operation)
{
return true;
}
/// <summary>
/// 判断用户是否在用户组
/// </summary>
/// <param name="user"></param>
/// <param name="group"></param>
/// <returns></returns>
public bool IsUserInGroup(UserBase user, IUserGroup group)
{
if (group == null)
throw new ArgumentNullException("group");
if (user == null)
throw new ArgumentNullException("user");
return IsUserInGroup(user.UserId, ((UserGroup)group).GroupId);
}
public bool IsAllowed(UserBase user, string operation, IEntitySecurityKey key)
{
return true;
}
public void RemoveUsersFromGroups(UserBase[] users, int[] groupIds)
{
if (ArrayIsNullOrEmpty(users) || ArrayIsNullOrEmpty(groupIds))
{
throw new ArgumentNullException("users,groupIds", "Users or UserGroups can not be null or empty!");
}
this._session.BeginTransaction();
try
{
foreach (int gid in groupIds)
{
UserGroup group = UserGroup.Retrieve(_session, gid);
if (!group.RemoveUserFromGroup(users, this._session))
{
throw new ApplicationException(string.Format("从用户组{0}中移出用户失败!", group.Name));
}
}
_session.Commit();
}
catch
{
this._session.Rollback();
throw;
}
}
public AuthorizationInformation GetAuthorizationInformation(UserBase urser, string operation)
{
return new AuthorizationInformation();
}
/// <summary>
/// 是否允许操作
/// </summary>
/// <param name="user"></param>
/// <param name="operation"></param>
/// <returns></returns>
public static bool IsAllowed(UserBase user, string operation)
{
return _azService.IsAllowed(user, operation);
}
/// <summary>
/// 获取当前用户在指定用户组上的所有祖先用户组
/// </summary>
/// <param name="user"></param>
/// <param name="group"></param>
/// <returns></returns>
public IList<IUserGroup> GetAncestryAssociation(UserBase user, IUserGroup group)
{
return null;
}
/// <summary>
/// 向查询添加权限控制
/// </summary>
/// <param name="urser"></param>
/// <param name="operation"></param>
/// <param name="criteria"></param>
public static void AddPermissionsToQuery(UserBase urser, string operation, Magic.Framework.ORM.IEntityQuery criteria)
{
_azService.AddPermissionsToQuery(urser, operation, criteria);
}
/// <summary>
/// 向查询添加权限控制
/// </summary>
/// <param name="urser"></param>
/// <param name="operation"></param>
/// <param name="criteria"></param>
public static void AddPermissionsToQuery(UserBase urser, string operation, Magic.Framework.ORM.IEntityQuery criteria)
{
_azService.AddPermissionsToQuery(urser, operation, criteria);
}
