public bool login(string userId, string password)
{
Database db = SecuritySettings.GetDb();
DbConnection conn = db.CreateConnection();
try
{
// if (conn.State == ConnectionState.Closed)
conn.Open();
DbCommand cmd = conn.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = @"select [user_id],[password],[display_name],[group_id] from xsys_user_account where [user_id]=@UserId" +
@" or bind_email=@UserId" +
@" or bind_mobile=@UserId";
SqlParameter pr = new SqlParameter();
pr.ParameterName = "@UserId";
pr.Value = userId;
cmd.Parameters.Add(pr);
DbDataReader reader = cmd.ExecuteReader();
try
{
if (!reader.HasRows)
{
throw new XUserException("用户或口令错误");
}
while (reader.Read())
{
object p = reader["password"];
object u = reader["user_id"];
object n = reader["display_name"];
object g = reader["group_id"];
if (p.ToString().Equals(Crypto.Encrypt(password)))
{
userContext.Id = u.ToString();
userContext.Name = n.ToString();
if (String.IsNullOrEmpty(userContext.Name))
{
userContext.Name = userContext.Id;
}
userContext.GroupId = g.ToString();
isLogin = true;
return(true);
}
}
}
finally
{
reader.Close();
}
throw new XUserException("用户或口令错误");
}
finally
{
conn.Close();
}
throw new XUserException("用户或口令错误");
}
private static bool isPermissionObject(string objectId)
{
Database db = SecuritySettings.GetDb();
DbCommand cmd = db.GetSqlStringCommand(SecurityDataScripts.HasPermissionObject);
db.AddInParameter(cmd, "@objectId", DbType.String, objectId);
object r = db.ExecuteScalar(cmd);
return((r is int) && (int)r > 0);
}
public bool _CheckObjectPermission(string objectType, string objectId, PermissionTypes permissionType)
{
//nocheck this folder /xj-service/
if (userContext.Id.Equals(BuiltinUsers.admin, StringComparison.OrdinalIgnoreCase))
{
return(true);
}
if (objectId.StartsWith("/xj-service/", StringComparison.OrdinalIgnoreCase))
{
return(true);
}
if (isAdminObject(objectType))
{
return(IsAdminRoleUser);
}
if (isAdminObject(objectId))
{
return(IsAdminRoleUser);
}
if (IsAdminRoleUser)
{
return(true);
}
Database db = SecuritySettings.GetDb();
DbConnection conn = db.CreateConnection();
try
{
// if (conn.State != ConnectionState.Open)
conn.Open();
DbCommand cmd = conn.CreateCommand();
cmd.CommandType = CommandType.Text;
if (objectType.Equals("ListData", StringComparison.OrdinalIgnoreCase))
{
if (objectId.EndsWith(".html", StringComparison.OrdinalIgnoreCase))
{
objectId = objectId.Remove(objectId.LastIndexOf(".html", StringComparison.OrdinalIgnoreCase));
}
if (objectId.EndsWith(".htm", StringComparison.OrdinalIgnoreCase))
{
objectId = objectId.Remove(objectId.LastIndexOf(".htm", StringComparison.OrdinalIgnoreCase));
}
objectId = objectId.TrimStart('/');
}
cmd.CommandText = @"select [object_id] from xsys_role_permissions where [object_id]='" + objectId + "' and [object_type]='" + objectType + "'";
DbDataReader reader = cmd.ExecuteReader();
try
{
if (!reader.HasRows)
{
return(true);
}
}
finally
{
reader.Close();
}
// cmd = conn.CreateCommand();
cmd.CommandText = @"select [permission] from xsys_role_permissions where [object_id]='" + objectId + "' and [object_type]='" + objectType + "'" +
" and role_id in (select role_id from xsys_user_roles where [user_id]='" + userContext.Id + "') ";
reader = cmd.ExecuteReader();
try
{
if (!reader.HasRows)
{
return(false);
}
while (reader.Read())
{
PermissionTypes p = (PermissionTypes)reader.GetInt32(0);
if ((permissionType & p) != 0)
{
return(true);
}
}
}
catch (Exception e)
{
throw new Exception("安全检查时,安全系统配置错误" + e.Message);
}
finally
{
reader.Close();
}
return(false);
}
catch (Exception e)
{
throw new Exception("安全检查时,安全系统配置错误" + e.Message);
}
finally
{
conn.Close();
}
}