/// <summary>
/// 授予用户操作权限
/// </summary>
/// <param name="sysId"></param>
/// <param name="userId"></param>
/// <param name="selectedRightIds">当前选择授予的权限列表</param>
public void AddUserRights(int sysId, int userId, List <int> selectedRightIds)
{
if (sysId <= 0)
{
throw new NotRightException();
}
//权限判断
User user = loginService.HaveAdminRightForUserGrant(sysId, userId, true);
//不能直接给渠道方面的用户分配操作权限,只能给他们分配角色
if (user.AccountType == UserTypeOptions.Channel || user.AccountType == UserTypeOptions.ChannelPartner)
{
throw new NotRightException();
}
List <int> rangeRightIds = loginService.LoginUser.AccountType == UserTypeOptions.ProductAdmin
? DARightsHelper.GetUserRights(sysId, loginService.LoginUser.ID, loginService.LoginUser.AccountType).Select(a => a.RightID).ToList()
: null;
DARightsHelper.AddUserRights(sysId, userId, selectedRightIds, rangeRightIds);
//记录登录日志
string rights = string.Empty;
selectedRightIds.ForEach((i) => { rights += i.ToString() + ","; });
rights = rights.TrimEnd(',');
loginService.AddLog(
"AddUserRights",
string.Format("添加用户权限(UserID={0},SysID={1},Rights={2})", userId, sysId, rights));
}
/// <summary>
/// 获取用户权限(仅用于权限分配)
/// </summary>
/// <param name="sysId"></param>
/// <param name="userId"></param>
/// <returns></returns>
public List <RightItem> GetUserRights(int sysId, int userId)
{
//权限判断
User user = loginService.HaveAdminRightForUserGrant(sysId, userId, true);
return(DARightsHelper.GetUserRights(sysId, userId, user.AccountType));
}
/// <summary>
/// 设置用户的权限
/// </summary>
/// <param name="user"></param>
/// <param name="sysId"></param>
private void SetUserRights(UserContext user, int sysId)
{
UserTypeOptions userType = user.LoginUser.AccountType;
bool isSuperAdmin = userType == UserTypeOptions.SuperAdmin;
bool isWhiteUser = user.LoginUser.IsWhiteUser;
if (user.AvailableRights == null)
{
List <Right> availableRights = DABasicInfoHelper.GetRights(sysId, -1, CacheTimeOption.Short);
List <int> rights = DARightsHelper.GetUserRights(sysId, user.LoginUser.ID, user.LoginUser.AccountType).Select(a => a.RightID).ToList();
user.AvailableRights = availableRights.Where(a => (isSuperAdmin || internalRequest || !a.OnlyInternal || isWhiteUser) && rights.Contains(a.ID)).ToList();
}
//只有report才有这些权限
if (sysId == DACommonHelper.REPORT_SYS_ID)
{
if (user.AvailableSofts == null)
{
//从Report平台获得的产品权限
List <Soft> availableSofts = GetAvailableSofts();
List <int> rights = DARightsHelper.GetUserSoftRights(user.LoginUser.ID).Select(a => a.RightID).ToList();
user.AvailableSofts = availableSofts.Where(a => a.Status == StatusOptions.Valid && (isSuperAdmin || internalRequest || !a.OnlyInternal || isWhiteUser) && rights.Contains(a.ID)).ToList();
}
if (user.AvailableProjectSources == null)
{
List <ProjectSource> availableProjectSources = GetAvailableProjectSources();
List <int> rights = DARightsHelper.GetUserProjectSourceRights(user.LoginUser.ID).Select(a => a.RightID).ToList();
user.AvailableProjectSources = availableProjectSources.Where(a => (isSuperAdmin || internalRequest || !a.OnlyInternal || isWhiteUser) && rights.Contains(a.ProjectSourceID)).ToList();
}
if (internalRequest && user.AvailableResIds == null)
{
user.AvailableResIds = DARightsHelper.GetUserResRights(user.LoginUser.ID).Select(a => a.RightID).ToList();
}
}
else
{
if (user.AvailableSofts == null)
{
user.AvailableSofts = new List <Soft>();
}
if (user.AvailableProjectSources == null)
{
user.AvailableProjectSources = new List <ProjectSource>();
}
if (internalRequest && user.AvailableResIds == null)
{
user.AvailableResIds = new List <int>();
}
}
if (user.AdminSystems == null)
{
List <SystemInfo> systems = DABasicInfoHelper.GetSystems(CacheTimeOption.Short);
List <int> sysIds = DARightsHelper.GetAdminSystemIds(user.LoginUser.ID);
user.AdminSystems = systems.Where(a => sysIds.Contains(a.ID)).ToList();
}
}
/// <summary>
/// 获取权限信息列表
/// </summary>
/// <param name="sysId"></param>
/// <returns></returns>
public List <Right> GetRights(int sysId)
{
//权限判断
loginService.HaveAdminRight(sysId);
List <Right> rights = DABasicInfoHelper.GetRights(sysId, -1);
if (loginService.LoginUser.AccountType == UserTypeOptions.ProductAdmin)
{
List <RightItem> rangeRights = DARightsHelper.GetUserRights(sysId, loginService.LoginUser.ID, loginService.LoginUser.AccountType);
var availableRights = from r in rights
join rr in rangeRights
on r.ID equals rr.RightID
select r;
return(availableRights.ToList());
}
return(rights);
}
/// <summary>
/// 授予角色操作权限
/// </summary>
/// <param name="roleId"></param>
/// <param name="rightIds"></param>
public void AddRoleRights(int roleId, List <int> rightIds)
{
//权限判断
Role role = loginService.HaveAdminRightForRole(roleId);
List <int> rangeRightIds = loginService.LoginUser.AccountType == UserTypeOptions.ProductAdmin
? DARightsHelper.GetUserRights(role.SystemID, loginService.LoginUser.ID, loginService.LoginUser.AccountType).Select(a => a.RightID).ToList()
: null;
DARightsHelper.AddRoleRights(roleId, rightIds, rangeRightIds);
//记录登录日志
string rights = string.Empty;
rightIds.ForEach((i) => { rights += i.ToString() + ","; });
rights = rights.TrimEnd(',');
loginService.AddLog(
"AddRoleRights",
string.Format("添加角色权限(RoleID={0},Rights={1})", roleId, rights));
}
/// <summary>
/// 获取指定用户在指定系统所有拥有的权限信息(专门用于第三方系统调用)
/// </summary>
/// <param name="sysId"></param>
/// <param name="account"></param>
/// <param name="sign"></param>
/// <returns></returns>
public string GetUserRightsJson(int sysId, string account, string sign)
{
try
{
//验证请求参数
if (sysId <= 0 || string.IsNullOrEmpty(account) || string.IsNullOrEmpty(sign))
{
return("{\"State\":1,\"Message\":\"请求参数无效。\"}");
}
//限定配置过的IP才能请求
string clientIp = DACommonHelper.GetClientIP();
//if (clientIp != "127.0.0.1"
// && !clientIp.StartsWith("10.")
// && !clientIp.StartsWith("192.168.")
// && !Regex.IsMatch(clientIp, @"^172\.(1([6-9]{1})|2([0-9]{1})|3([0-1]{1}))(\.[0-9]+){2}$")
// && !GetUserRightsJson_ClientIP.Contains(clientIp))
//{
// return "{\"State\":2,\"Message\":\"当前请求IP无效。\"}";
//}
//指定的系统必须存在
SystemInfo system = DABasicInfoHelper.GetSystem(sysId, CacheTimeOption.Short);
if (system == null)
{
return("{\"State\":101,\"Message\":\"当前系统不存在。\"}");
}
if (system.Status == StatusOptions.Invalid)
{
return("{\"State\":102,\"Message\":\"当前系统已被禁用。\"}");
}
//请求有做MD5校验
string md5 = CryptoHelper.MD5_Encrypt(string.Format("{0}{1}{2}", sysId, system.Md5Key, account));
if (md5.ToLower() != sign.ToLower())
{
return("{\"State\":3,\"Message\":\"无效的请求。\"}");
}
//验证用户有效性
User user = DABasicInfoHelper.GetUser(account);
if (user == null)
{
return("{\"State\":103,\"Message\":\"用户不存在。\"}");
}
if (user.Status == StatusOptions.Invalid)
{
return("{\"State\":104,\"Message\":\"用户已被禁用。\"}");
}
if (user.AccountType != UserTypeOptions.SuperAdmin &&
(DateTime.Now > user.EndTime || DateTime.Now < user.BeginTime))
{
return("{\"State\":105,\"Message\":\"用户权限已过期。\"}");
}
List <UserSystem> userSystems = DARightsHelper.GetUserSystems(user.ID);
UserSystem userSystem = userSystems.FirstOrDefault(a => a.SystemID == sysId);
if (userSystem == null)
{
return("{\"State\":106,\"Message\":\"用户没有当前系统的访问权限。\"}");
}
//提取用户权限
List <Right> allRights = DABasicInfoHelper.GetRights(sysId, -1, CacheTimeOption.Short);
List <RightItem> myRights = DARightsHelper.GetUserRights(sysId, user.ID, user.AccountType);
var rights = from a in allRights
join b in myRights on a.ID equals b.RightID
where a.Status == StatusOptions.Valid
select a;
if (rights.Count() == 0)
{
return("{\"State\":107,\"Message\":\"用户没有当前系统的操作权限。\"}");
}
//生成正常返回JSON
StringBuilder result = new StringBuilder("{\"State\":0,\"Message\":\"OK\",");
result.AppendFormat("\"System\":{{\"ID\":{0},\"Name\":\"{1}\",\"Url\":\"{2}\"}},", system.ID, system.Name, system.Url);
result.AppendFormat("\"User\":{{\"ID\":{0},\"Account\":\"{1}\",\"TrueName\":\"{2}\",\"UserType\":{3},\"Email\":\"{4}\",\"Department\":\"{5}\",\"LastLoginTime\":\"{6}\"}},"
, user.ID, user.Account, user.TrueName, userSystem.Admin ? (int)user.AccountType : 0, user.Email, user.Department, userSystem.LastLoginTime.ToString("yyyy-MM-dd HH:mm:ss"));
result.Append("\"Rights\":[");
foreach (var right in rights)
{
result.AppendFormat("{{\"ID\":{0},\"PID\":{1},\"Name\":\"{2}\",\"Level\":{3},\"Type\":{4},\"SortIndex\":{5},\"URL\":\"{6}\"}},"
, right.ID, right.ParentID, right.Name, right.RightLevel, (int)right.RightType, right.SortIndex, right.PageUrl);
}
//更新最后一次访问时间
DABasicInfoHelper.UpdateSystemLastLoginTime(sysId, user.ID);
//记录日志
DABasicInfoHelper.AddAdminLog(
new AdminLog
{
Account = user.Account,
TrueName = user.TrueName,
AccountType = user.AccountType,
AddTime = DateTime.Now,
IP = clientIp,
PageUrl = "GetUserRightsJson",
SystemID = sysId,
Memo = string.Format("{0}系统获取用户{1}权限", system.Name, user.Account)
});
return(result.ToString(0, result.Length - 1) + "]}");
}
catch (Exception ex)
{
LogHelper.WriteException("GetUserRightsJson异常", ex);
return("{\"State\":4,\"Message\":\"系统异常。\"}");
}
}
