// list acls I share to other
public List <CACLEntity> ListMyAcls()
{
String filter = "this.Acl_Creator=" + Usr_Id.ToString();
List <CACLEntity> userAcls = new CACLEntity(ConnString).GetObjectList(filter);
return(userAcls);
}
/// <summary>
/// 批准归档申请——赵英武
/// </summary>
/// <param name="apply"></param>
/// <param name="archiveResource"></param>
public void PermitApply(int apply, int archiveResource)
{
CACLEntity acl = new CACLEntity();
acl.Acl_Operation = (int)ACLOPERATION.AUDITAPPLY;
acl.Acl_Resource = this.Usr_Organize;
if (!CheckPrivilege(acl))
{
throw new Exception("没有管理归档申请的权限!");
}
CApplyEntity aRes = new CApplyEntity().Load(apply);
if (aRes.App_Audited == (int)AUDITE.AUDITED || aRes.App_Audited == (int)AUDITE.UNAUDITED)
{
throw new Exception("该资源已审核!");
}
try
{
this.CopyResource(aRes.App_ResId, archiveResource);
aRes.Permit();
}
catch (Exception ex)
{
throw (ex);
}
}
public void DeleteACLs()
{
String filter = "this.Acl_Resource=" + Res_Id;
CACLEntity en = new CACLEntity(ConnString);
en.Delete(filter);
}
public COrganizeEntity CreateOrganize(String organizeName)
{
try
{
// Check privilege
CACLEntity acl = new CACLEntity();
acl.Acl_Resource = 0;
acl.Acl_Operation = (int)ACLOPERATION.CREATEORGANIZE;
if (!CheckPrivilege(acl))
{
throw new Exception("当前用户无创建组织权限");
}
// create resource for this organize
CResourceEntity res = new CResourceEntity(ConnString);
res.Res_Name = organizeName;
res.Res_Parent = 0;
res.Res_Type = (int)RESOURCETYPE.ORGANIZERESOURCE;
res.Res_Id = res.Insert();
// create default storage folder named as organize resource id
String organizePath = Path.Combine(MidLayerSettings.AppPath, res.Res_Id.ToString() + organizeName);
Directory.CreateDirectory(organizePath);
// create resource for default folder of organize
CResourceEntity folderRes = new CResourceEntity(ConnString);
folderRes.Res_Name = res.Res_Id.ToString() + organizeName;
folderRes.Res_Parent = 0;
folderRes.Res_Type = (int)RESOURCETYPE.FOLDERRESOURCE;
folderRes.Res_Id = folderRes.Insert();
// Create organize entity
COrganizeEntity organize = new COrganizeEntity(ConnString);
organize.Org_Name = organizeName;
//organize = res.Res_Id;
organize.Org_Resource = res.Res_Id;
organize.Insert();
// create archive folder for organzie
String archivePath = Path.Combine(organizePath, "Archive");
Directory.CreateDirectory(archivePath);
// create resource for archive folder
CResourceEntity archiveRes = new CResourceEntity(ConnString);
archiveRes.Res_Name = "Archive";
archiveRes.Res_Parent = folderRes.Res_Id;
archiveRes.Res_Type = (int)RESOURCETYPE.FOLDERRESOURCE;
archiveRes.Res_Id = archiveRes.Insert();
organize.Org_ArchiveRes = archiveRes.Res_Id;
organize.Update();
return(organize);
}
catch (Exception ex)
{
throw (ex);
}
}
public List <CACLEntity> ListMyAcls(int sharedResource)
{
String filter = "this.Acl_Creator=" + Usr_Id.ToString();
filter += " and this.Acl_Resource=" + sharedResource.ToString();
List <CACLEntity> userAcls = new CACLEntity(ConnString).GetObjectList(filter);
return(userAcls);
}
public List <CACLEntity> GetUserACLs()
{
String filter = "this.Acl_Role=" + Usr_Id.ToString();
filter += " and this.Acl_RType=" + ((int)ACLROLETYPE.USERROLE).ToString();
List <CACLEntity> userAcls = new CACLEntity(ConnString).GetObjectList(filter);
return(userAcls);
}
public void Permit(int userId, ACLROLETYPE roleType, int resourceId, ACLOPERATION operation)
{
// user have to have write privilege on resource
CACLEntity acl = new CACLEntity();
acl.Acl_Resource = resourceId;
acl.Acl_Operation = (int)ACLOPERATION.WRITE;
if (!CheckPrivilege(acl))
{
throw new Exception("没有写权限");
}
List <CACLEntity> userAcls = new List <CACLEntity>();
if (roleType == ACLROLETYPE.USERROLE)
{
CUserEntity user = new CUserEntity(ConnString).Load(userId);
userAcls = user.GetUserACLs();
}
else if (roleType == ACLROLETYPE.GROUPROLE)
{
CGroupEntity group = new CGroupEntity(ConnString).Load(userId);
userAcls = group.GetGroupACLs();
}
// check if this acl conflicts with others
CResourceEntity resource = new CResourceEntity(ConnString).Load(resourceId);
foreach (CACLEntity userAcl in userAcls)
{
if (resource.IsChild(userAcl.Acl_Resource) && userAcl.Acl_Operation == (int)operation)
{
throw new Exception("与其他权限冲突");
}
}
// create acl
CACLEntity acl1 = new CACLEntity(ConnString);
acl1.Acl_Resource = resourceId;
acl1.Acl_Role = userId;
acl1.Acl_RType = (int)roleType;
acl1.Acl_Operation = (int)operation;
acl1.Acl_Creator = this.Usr_Id;
acl1.Acl_CreateTime = DateTime.Now;
acl1.Insert();
// remove all child privileges
foreach (CACLEntity ua in userAcls)
{
resource = new CResourceEntity(ConnString).Load(ua.Acl_Resource);
if (resource.IsChild(resourceId) && ua.Acl_Operation == (int)operation)
{
ua.Delete();
}
}
}
public List <CACLEntity> GetGroupACLs()
{
String filter = "this.Acl_Role=" + Grp_Id.ToString();
filter += " and this.Acl_RType=" + ((int)ACLROLETYPE.GROUPROLE).ToString();
List <CACLEntity> acls = new CACLEntity(ConnString).GetObjectList(filter);
return(acls);
}
// newUser.Usr_Organize neend be set
public CUserEntity CreateAdminlUser(CUserEntity newUser)
{
try
{
// Check privilege
CACLEntity acl = new CACLEntity();
acl.Acl_Operation = (int)ACLOPERATION.CRETAEORGANIZEADMIN;
acl.Acl_Resource = Usr_Organize;
if (!CheckPrivilege(acl))
{
throw new Exception("当前用户无创建管理员用户权限");
}
// create admin
newUser.Usr_Type = (int)USERTYPE.ORGANIZEADMIN;
CUserEntity user = CreateUser(newUser);
// add acls to admin, organize acl, root dir acl
COrganizeEntity organize = new COrganizeEntity(ConnString);
organize = organize.Load(user.Usr_Organize);
/*
* CACLEntity acl1 = new CACLEntity(ConnString);
* acl1.Acl_CreateTime = DateTime.Now;
* acl1.Acl_Creator = Usr_Id;
* acl1.Acl_Operation = 0;
* acl1.Acl_Resource = organize.Org_Id;
* acl1.Acl_Role = user.Usr_Id;
* acl1.Acl_RType = (int)ACLROLETYPE.USERROLE;
* acl1.Acl_Id = acl1.Insert();
*/
CACLEntity acl2 = new CACLEntity(ConnString);
acl2.Acl_CreateTime = DateTime.Now;
acl2.Acl_Creator = Usr_Id;
acl2.Acl_Operation = (int)ACLOPERATION.WRITE;
acl2.Acl_Resource = organize.Org_Resource;
acl2.Acl_Role = user.Usr_Id;
acl2.Acl_RType = (int)ACLROLETYPE.USERROLE;
acl2.Acl_Id = acl2.Insert();
CACLEntity acl3 = new CACLEntity(ConnString);
acl3.Acl_CreateTime = DateTime.Now;
acl3.Acl_Creator = Usr_Id;
acl3.Acl_Operation = (int)ACLOPERATION.READ;
acl3.Acl_Resource = organize.Org_Resource;
acl3.Acl_Role = user.Usr_Id;
acl3.Acl_RType = (int)ACLROLETYPE.USERROLE;
acl3.Acl_Id = acl3.Insert();
return(user);
}
catch (Exception e)
{
throw e;
}
}
public void ModifyGroup(CGroupEntity group)
{
// Check privilege
CACLEntity acl = new CACLEntity();
acl.Acl_Operation = (int)ACLOPERATION.CREATENORMALUSER;
acl.Acl_Resource = Usr_Organize;
if (!CheckPrivilege(acl))
{
throw new Exception("当前用户无修改用户组权限");
}
group.ConnString = ConnString;
group.Update();
}
public void ModifyUser(CUserEntity user)
{
// Check privilege
CACLEntity acl = new CACLEntity();
acl.Acl_Operation = (int)ACLOPERATION.CREATENORMALUSER;
acl.Acl_Resource = Usr_Organize;
if (!CheckPrivilege(acl))
{
throw new Exception("当前用户无修改用户权限");
}
user.ConnString = ConnString;
user.Update();
}
// List all Descendants of root that current user can read
public List <CResourceEntity> ListDescendants(int root)
{
CACLEntity acl1 = new CACLEntity(ConnString);
acl1.Acl_Resource = root;
acl1.Acl_Operation = (int)ACLOPERATION.READ;
CResourceEntity parent = new CResourceEntity(ConnString).Load(root);
if (CheckPrivilege(acl1))
{
return(parent.ListChildResources());
}
List <CResourceEntity> resources = new List <CResourceEntity>();
List <CACLEntity> acls = GetAllACLs();
foreach (CACLEntity acl in acls)
{
if (acl.Acl_Operation != (int)ACLOPERATION.READ && acl.Acl_Operation != (int)ACLOPERATION.WRITE)
{
continue;
}
CResourceEntity res = new CResourceEntity(ConnString).Load(acl.Acl_Resource);
if (res.Res_Type != (int)RESOURCETYPE.FILERESOURCE && res.Res_Type != (int)RESOURCETYPE.FOLDERRESOURCE)
{
continue;
}
bool existed = false;
foreach (CResourceEntity r in resources)
{
if (r.Res_Id == res.Res_Id)
{
existed = true;
break;
}
}
if (!existed && res.IsChild(parent.Res_Id))
{
resources.Add(res);
}
}
return(resources);
}
public void DeleteGroup(int groupId)
{
// Check privilege
CACLEntity acl = new CACLEntity();
acl.Acl_Operation = (int)ACLOPERATION.CREATENORMALUSER;
acl.Acl_Resource = Usr_Organize;
if (!CheckPrivilege(acl))
{
throw new Exception("当前用户无修改用户组权限");
}
CGroupEntity group = new CGroupEntity(ConnString).Load(groupId);
group.Delete();
}
public void DeleteUser(int userId)
{
// Check privilege
CACLEntity acl = new CACLEntity();
acl.Acl_Operation = (int)ACLOPERATION.CREATENORMALUSER;
acl.Acl_Resource = Usr_Organize;
if (!CheckPrivilege(acl))
{
throw new Exception("当前用户无删除用户权限");
}
CUserEntity user = new CUserEntity(ConnString).Load(userId);
user.Delete();
}
public void RemoveUserFromGroup(int groupId, int userId)
{
// Check privilege
CACLEntity acl = new CACLEntity();
acl.Acl_Operation = (int)ACLOPERATION.CREATENORMALUSER;
acl.Acl_Resource = Usr_Organize;
if (!CheckPrivilege(acl))
{
throw new Exception("当前用户无修改用户组权限");
}
String filter = "this.Urg_Group=" + groupId + " and this.Urg_User=" + userId;
new CUserGroupEntity(ConnString).Delete(filter);
}
public void Deny(int userId, ACLROLETYPE roleType, int resourceId, ACLOPERATION operation)
{
// user have to have write privilege on resource
CACLEntity acl = new CACLEntity();
acl.Acl_Resource = resourceId;
acl.Acl_Operation = (int)ACLOPERATION.WRITE;
if (!CheckPrivilege(acl))
{
throw new Exception("没有写权限");
}
String filter = "this.Acl_Resource=" + resourceId + " and this.Acl_Operation=" + (int)operation;
filter += " and this.Acl_Role=" + userId + " and this.Acl_RType=" + (int)roleType;
new CACLEntity(ConnString).Delete(filter);
}
public void CutResource(int srcResId, int dstResId)
{
// copy resource
CACLEntity acl = new CACLEntity(ConnString);
acl.Acl_Resource = srcResId;
acl.Acl_Operation = (int)ACLOPERATION.WRITE;
if (!CheckPrivilege(acl))
{
throw new Exception("没有写权限!");
}
acl.Acl_Resource = dstResId;
acl.Acl_Operation = (int)ACLOPERATION.WRITE;
if (!CheckPrivilege(acl))
{
throw new Exception("没有写权限!");
}
CResourceEntity srcRes = new CResourceEntity(ConnString).Load(srcResId);
CResourceEntity dstRes = new CResourceEntity(ConnString).Load(dstResId);
String srcPath = srcRes.MakeFullPath();
if (dstRes.Res_Type != (int)RESOURCETYPE.FOLDERRESOURCE)
{
throw new Exception("粘贴的目标必须是目录!");
}
srcRes.MoveTo(dstRes);
// cut folder/file
String dstPath = dstRes.MakeFullPath();
dstPath = Path.Combine(dstPath, srcRes.Res_Name);
if (Directory.Exists(dstPath) || File.Exists(dstPath))
{
throw new Exception(dstPath + "与现有文件名冲突!");
}
if (srcRes.Res_Type == (int)RESOURCETYPE.FILERESOURCE)
{
File.Move(srcPath, dstPath);
}
else
{
Directory.Move(srcPath, dstPath);
}
}
public void AddUser2Group(int groupId, int userId)
{
// Check privilege
CACLEntity acl = new CACLEntity();
acl.Acl_Operation = (int)ACLOPERATION.CREATENORMALUSER;
acl.Acl_Resource = Usr_Organize;
if (!CheckPrivilege(acl))
{
throw new Exception("当前用户无修改用户组权限");
}
CUserGroupEntity userGroup = new CUserGroupEntity(ConnString);
userGroup.Urg_Group = groupId;
userGroup.Urg_User = userId;
userGroup.Insert();
}
// List all children that current user can read
public List <CResourceEntity> ListResources(int parentId)
{
CACLEntity acl = new CACLEntity(ConnString);
acl.Acl_Resource = parentId;
acl.Acl_Operation = (int)ACLOPERATION.READ;
List <CResourceEntity> files = new List <CResourceEntity>();
if (!CheckPrivilege(acl))
{
return(files);
}
CResourceEntity parent = new CResourceEntity(ConnString).Load(parentId);
return(parent.ListChildResources());
}
/// <summary>
/// 用户订阅文档——赵英武
/// </summary>
/// <param name="resId"></param>
public void BookRead(int resId)
{
CACLEntity acl = new CACLEntity();
acl.Acl_Resource = resId;
acl.Acl_Operation = (int)ACLOPERATION.READ;
if (!CheckPrivilege(acl))
{
throw new Exception("没有阅读权限!");
}
CMailEntity book = new CMailEntity();
book.M_Organize = this.Usr_Organize;
book.M_Resource = resId;
book.M_UsrId = this.Usr_Id;
book.M_UsrMail = this._Usr_Email;
book.Insert();
}
public void DeleteResource(int resourceId)
{
CACLEntity acl = new CACLEntity(ConnString);
acl.Acl_Resource = resourceId;
acl.Acl_Operation = (int)ACLOPERATION.WRITE;
if (!CheckPrivilege(acl))
{
throw new Exception("没有写权限");
}
CResourceEntity res = new CResourceEntity(ConnString).Load(resourceId);
res.Remove();
CMailEntity mailRes = new CMailEntity();
mailRes.Remove("this.M_Resource ='" + resourceId + "'");
}
public CUserEntity CreateNormalUser(CUserEntity newUser)
{
try
{
// Check privilege
CACLEntity acl = new CACLEntity();
acl.Acl_Operation = (int)ACLOPERATION.CREATENORMALUSER;
acl.Acl_Resource = Usr_Organize;
if (!CheckPrivilege(acl))
{
throw new Exception("当前用户无创建新用户权限");
}
// create user
newUser.Usr_Type = (int)USERTYPE.NORMALUSER;
CUserEntity user = CreateUser(newUser);
// add acl to user
CACLEntity acl2 = new CACLEntity(ConnString);
acl2.Acl_CreateTime = DateTime.Now;
acl2.Acl_Creator = Usr_Id;
acl2.Acl_Operation = (int)ACLOPERATION.WRITE;
acl2.Acl_Resource = user.Usr_Resource;
acl2.Acl_Role = user.Usr_Id;
acl2.Acl_RType = (int)ACLROLETYPE.USERROLE;
acl2.Acl_Id = acl2.Insert();
CACLEntity acl1 = new CACLEntity(ConnString);
acl1.Acl_CreateTime = DateTime.Now;
acl1.Acl_Creator = Usr_Id;
acl1.Acl_Operation = (int)ACLOPERATION.READ;
acl1.Acl_Resource = user.Usr_Resource;
acl1.Acl_Role = user.Usr_Id;
acl1.Acl_RType = (int)ACLROLETYPE.USERROLE;
acl1.Acl_Id = acl1.Insert();
return(user);
}
catch (Exception e)
{
throw e;
}
}
// return new resource id
public CResourceEntity CreateFile(int parentId, String fileName, out String filePath)
{
CACLEntity acl = new CACLEntity();
acl.Acl_Resource = parentId;
acl.Acl_Operation = (int)ACLOPERATION.WRITE;
if (!CheckPrivilege(acl))
{
throw new Exception("没有写权限");
}
// create folder
CResourceEntity parent = new CResourceEntity(MidLayerSettings.ConnectionString).Load(parentId);
if (parent == null)
{
throw new Exception("无法找到资源. ID=" + parentId);
}
String path = parent.MakeFullPath();
if (!Directory.Exists(path))
{
throw new Exception("目录不存在: " + path);
}
path = Path.Combine(path, fileName);
if (Directory.Exists(path) || File.Exists(path))
{
throw new Exception("名称冲突: " + path);
}
filePath = path;
// create resource
CResourceEntity res = new CResourceEntity(ConnString);
res.Res_Name = fileName;
res.Res_Type = (int)RESOURCETYPE.FILERESOURCE;
parent.CreateChildResource(res);
return(res);
}
/// <summary>
/// 不批准归档申请——赵英武
/// </summary>
/// <param name="apply"></param>
public void CancelApply(int apply)
{
CACLEntity acl = new CACLEntity();
acl.Acl_Operation = (int)ACLOPERATION.AUDITAPPLY;
acl.Acl_Resource = this.Usr_Organize;
if (!CheckPrivilege(acl))
{
throw new Exception("没有管理归档申请的权限!");
}
CApplyEntity aRes = new CApplyEntity().Load(apply);
if (aRes.App_Audited == (int)AUDITE.UNAUDITED || aRes.App_Audited == (int)AUDITE.AUDITED)
{
throw new Exception("该资源已审核!");
}
aRes.Cancel();
}
/// <summary>
/// 更新文件——赵英武
/// </summary>
/// <param name="resId"></param>
/// <param name="fileName"></param>
/// <param name="filePath"></param>
/// <returns></returns>
public CResourceEntity UpdateFile(int resId, String fileName, out String filePath)
{
CACLEntity acl = new CACLEntity();
acl.Acl_Resource = resId;
acl.Acl_Operation = (int)ACLOPERATION.WRITE;
if (!CheckPrivilege(acl))
{
throw new Exception("没有写权限");
}
CResourceEntity res = new CResourceEntity().Load(resId);
string path = res.MakeFullPath();
if (!System.IO.File.Exists(path))
{
throw new Exception("要更新的文件不存在!");
}
filePath = path;
res.Res_Name = fileName;
res.Update();
return(res);
}
public bool CheckPrivilege(CACLEntity acl)
{
// system admin has all privileges
if (Usr_Type == (int)USERTYPE.SYSTEMADMIN)
{
return(true);
}
// if resourceid of acl is 0, it's a system management
// and no users have the privilege except system admin
if (acl.Acl_Resource == 0)
{
return(false);
}
// if resourceid is the organize id of current user,
// the user must be system admin
if (acl.Acl_Resource == this.Usr_Organize)
{
if (this.Usr_Type == (int)USERTYPE.ORGANIZEADMIN)
{
return(true);
}
else
{
return(false);
}
}
// get all groups containing current user
String filter = "this.Urg_User="******"this.Acl_Operation=" + acl.Acl_Operation.ToString();
filter += " and this.Acl_Resource=" + resId.ToString();
filter += " and this.Acl_Role=" + Usr_Id.ToString();
filter += " and this.Acl_RType=" + ((int)ACLROLETYPE.USERROLE).ToString();
List <CACLEntity> acls = acl.GetObjectList(filter);
if (acls.Count > 0)
{
return(true);
}
// check if user's groups have right on this resource
foreach (CUserGroupEntity ug in userGroups)
{
filter = "this.Acl_Operation=" + acl.Acl_Operation.ToString();
filter += " and this.Acl_Resource=" + resId.ToString();
filter += " and this.Acl_Role=" + ug.Urg_Group.ToString();
filter += " and this.Acl_RType=" + ((int)ACLROLETYPE.GROUPROLE).ToString();
acls = acl.GetObjectList(filter);
if (acls.Count > 0)
{
return(true);
}
}
// get parent id of this resource
CResourceEntity resource = new CResourceEntity(ConnString).Load(resId);
if (resource == null)
{
break;
}
else
{
resId = resource.Res_Parent;
}
}
return(false);
}
