/// <summary>
/// 获得用户授权范围
/// </summary>
/// <param name="userId">员工主键</param>
/// <param name="permissionItemScopeCode"></param>
/// <returns>数据表</returns>
public DataTable GetDTByPermission(string userId, string permissionItemScopeCode)
{
DataTable returnValue = new DataTable(this.CurrentTableName);
string[] names = null;
object[] values = null;
// 这里需要判断,是系统权限?
bool isRole = false;
PiUserRoleManager userRoleManager = new PiUserRoleManager(this.DBProvider, this.UserInfo);
// 用户管理员
isRole = userRoleManager.UserInRole(userId, "UserAdmin");
if (isRole)
{
names = new string[] { PiModuleTable.FieldCategory, PiModuleTable.FieldDeleteMark, PiModuleTable.FieldEnabled };
values = new object[] { "System", 0, 1 };
returnValue = this.GetDT(names, values, PiModuleTable.FieldSortCode);
returnValue.TableName = this.CurrentTableName;
return(returnValue);
}
// 这里需要判断,是业务权限?
isRole = userRoleManager.UserInRole(userId, "Admin");
if (isRole)
{
names = new string[] { PiModuleTable.FieldCategory, PiModuleTable.FieldDeleteMark, PiModuleTable.FieldEnabled };
values = new object[] { "Application", 0, 1 };
returnValue = this.GetDT(names, values, PiModuleTable.FieldSortCode);
returnValue.TableName = this.CurrentTableName;
return(returnValue);
}
PiPermissionScopeManager permissionScopeManager = new PiPermissionScopeManager(DBProvider, UserInfo);
string[] moduleIds = permissionScopeManager.GetTreeResourceScopeIds(userId, PiModuleTable.TableName, permissionItemScopeCode, true);
//不加载子节点
//string[] moduleIds = permissionScopeManager.GetTreeResourceScopeIds(userId, PiModuleTable.TableName, permissionItemScopeCode, false);
//// 有效的,未被删除的
names = new string[] { PiModuleTable.FieldId, PiModuleTable.FieldDeleteMark, PiModuleTable.FieldEnabled };
values = new object[] { moduleIds, 0, 1 };
returnValue = this.GetDT(names, values, PiModuleTable.FieldSortCode);
returnValue.TableName = this.CurrentTableName;
return(returnValue);
}
/// <summary>
/// 用户是否在某个角色里的判断
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="userId">用户主键</param>
/// <param name="roleCode">角色编号</param>
/// <returns>存在</returns>
public bool UserInRole(UserInfo userInfo, string userId, string roleCode)
{
bool returnValue = false;
var parameter = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.UserService_UserInRole);
ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider =>
{
var userRoleManager = new PiUserRoleManager(dbProvider, userInfo);
returnValue = userRoleManager.UserInRole(userId, roleCode);
});
return(returnValue);
}
//
// ResourcePermission 权限判断
//
#region public bool CheckPermissionByUser(string userId, string permissionItemCode, string permissionItemName = null) 是否有相应的权限
/// <summary>
/// 是否有相应的权限
/// </summary>
/// <param name="userId">用户主键</param>
/// <param name="permissionItemCode">权限编号</param>
/// <param name="permissionItemName">权限名称</param>
/// <returns>是否有权限</returns>
public bool CheckPermissionByUser(string userId, string permissionItemCode, string permissionItemName = null)
{
// 若不存在就需要自动能增加一个操作权限项
var permissionItemManager = new PiPermissionItemManager(DBProvider, UserInfo, PiPermissionItemTable.TableName);
var permissionItemId = permissionItemManager.GetIdByAdd(permissionItemCode, permissionItemName);
var permissionItemEntity = permissionItemManager.GetEntity(permissionItemId);
// 先判断用户类别
if (UserInfo.IsAdministrator)
{
return(true);
}
// 没有找到相应的权限
if (String.IsNullOrEmpty(permissionItemId))
{
return(false);
}
// 这里需要判断,是系统权限?
var returnValue = false;
var userManager = new PiUserManager(this.DBProvider, this.UserInfo);
var userRoleManager = new PiUserRoleManager(this.DBProvider, this.UserInfo);
if (!string.IsNullOrEmpty(permissionItemEntity.CategoryCode) && permissionItemEntity.CategoryCode.Equals("System"))
{
// 用户管理员拥有所有的系统权限,不需要授予。
returnValue = userRoleManager.UserInRole(userId, "UserAdmin");
if (returnValue)
{
return(returnValue);
}
}
// 这里需要判断,是业务(应用)权限?
if (!string.IsNullOrEmpty(permissionItemEntity.CategoryCode) && permissionItemEntity.CategoryCode.Equals("Application"))
{
//业务管理员拥有所有的业务(应用)权限,不需要授予。
returnValue = userRoleManager.UserInRole(userId, "Admin");
if (returnValue)
{
return(returnValue);
}
}
// 判断用户权限
if (this.CheckUserPermission(userId, permissionItemId))
{
return(true);
}
// 判断用户角色权限
if (this.CheckUserRolePermission(userId, permissionItemId))
{
return(true);
}
// 判断用户组织机构权限,这里有开关是为了提高性能用的,
// 下面的函数接着还可以提高性能,可以进行一次判断就可以了,其实不用执行4次判断,浪费I/O,浪费性能。
if (SystemInfo.EnableOrganizePermission)
{
//得到用户所有所在的部门(以公司、分支机构、部门、子部门、工作组),包括兼职部门
var organizeIds = userManager.GetAllOrganizeIds(userId);
if (this.CheckUserOrganizePermission(userId, permissionItemId, organizeIds))
{
return(true);
}
}
return(false);
}