/// 获取审核状态表
        /// </summary>
        /// <param name="enabled">审核状态</param>
        /// <param name="startDate"></param>
        /// <param name="paramEnd"></param>
        /// <returns>数据表</returns>
        public DataTable Search(int enabled, DateTime startDate, DateTime endDate)
        {
            string sqlQuery = " SELECT A.*, B." + BaseStaffTable.FieldRealName + " AS StaffFullName "
                              + " ,C." + BaseStaffTable.FieldUserName + " AS AuditName "
                              + "   FROM " + BaseWorkReportTable.TableName + " AS A"
                              + " LEFT JOIN " + BaseStaffTable.TableName + " AS B ON B." + BaseStaffTable.FieldId + "=A." + BaseWorkReportTable.FieldStaffId
                              + " LEFT JOIN " + BaseStaffTable.TableName + " AS C ON C." + BaseStaffTable.FieldId + "=A." + BaseWorkReportTable.FieldAuditStaffId;

            //+ " WHERE A." + BaseWorkReportTable.FieldEnabled + " = ? ";

            // 设置审核状态
            sqlQuery += " WHERE A." + BaseWorkReportTable.FieldEnabled + " = " + enabled;
            if (startDate.ToString().Trim().Length > 0)
            {
                sqlQuery += " AND A." + BaseWorkReportTable.FieldWorkDate + " >= '" + startDate + "'";
            }
            if (endDate.ToString().Trim().Length > 0)
            {
                sqlQuery += " AND A." + BaseWorkReportTable.FieldWorkDate + " <= '" + endDate + "'";
            }
            // 是否系统管理员
            if (!UserInfo.IsAdministrator)
            {
                BasePermissionScopeManager permissionScopeManager = new BasePermissionScopeManager(DbHelper, UserInfo);
                string[] staffIds = permissionScopeManager.GetUserIds(UserInfo.Id, "Resource.ManagePermission");
                string   staffs   = BaseBusinessLogic.ObjectsToList(staffIds);
                sqlQuery += " AND A." + BaseWorkReportTable.FieldStaffId + " IN (" + staffs + ")";
            }
            sqlQuery += " ORDER BY " + BaseWorkReportTable.FieldWorkDate + " DESC ";

            return(DbHelper.Fill(sqlQuery));
        }
Esempio n. 2
0
 /// <summary>
 /// 设置条件
 /// </summary>
 /// <param name="targetFiled">目标字段</param>
 /// <param name="targetValue">值</param>
 /// <param name="relation">条件 AND OR</param>
 /// <returns>条件语句</returns>
 public void SetWhere(string targetFiled, object targetValue, string targetFiledName = null, string relation = " AND ")
 {
     if (string.IsNullOrEmpty(targetFiledName))
     {
         targetFiledName = targetFiled;
     }
     if (WhereSql.Length == 0)
     {
         WhereSql = new StringBuilder(" WHERE ");
     }
     else
     {
         WhereSql.Append(relation);
     }
     if (targetValue is Array)
     {
         // this.WhereSql.Append(targetFiled + " IN (" + string.Join(",", targetValue) + ")");
         this.WhereSql.Append(targetFiled + " IN (" + BaseBusinessLogic.ObjectsToList((object[])targetValue, "'") + ")");
         return;
     }
     // 这里需要对 null 进行处理
     if ((targetValue == null) || ((targetValue is string) && string.IsNullOrEmpty((string)targetValue)))
     {
         this.WhereSql.Append(targetFiled + " IS NULL ");
     }
     else
     {
         this.WhereSql.Append(targetFiled + " = " + DotNet.Utilities.DbHelper.GetParameter(this.DbType, targetFiledName));
         this.AddParameter(targetFiledName, targetValue);
     }
     // return this.WhereSql;
 }
Esempio n. 3
0
 /// <summary>
 /// 设置条件
 /// </summary>
 /// <param name="targetFiled">字段名</param>
 /// <param name="targetValues">字段值</param>
 /// <returns>条件语句</returns>
 public string SetWhere(string targetFiled, Object[] targetValues)
 {
     if (WhereSql.Length == 0)
     {
         WhereSql = " WHERE ";
     }
     this.WhereSql += targetFiled + " IN (" + BaseBusinessLogic.ObjectsToList(targetValues) + ")";
     return(this.WhereSql);
 }
        /// <summary>
        /// 获取数据表
        /// </summary>
        /// <param name="dbHelper">数据库连接</param>
        /// <param name="tableName">目标表名</param>
        /// <param name="name">字段名</param>
        /// <param name="values">字段值</param>
        /// <param name="targetField">目标字段</param>
        /// <returns>数据表</returns>
        public static string[] GetProperties(IDbHelper dbHelper, string tableName, string name, Object[] values, string targetField)
        {
            string sqlQuery = " SELECT " + targetField
                              + "   FROM " + tableName
                              + "  WHERE " + name + " IN (" + BaseBusinessLogic.ObjectsToList(values) + ")";
            DataTable dataTable = dbHelper.Fill(sqlQuery);

            return(BaseBusinessLogic.FieldToArray(dataTable, targetField));
        }
Esempio n. 5
0
        private string GetDataTableSql(string[] userIds, string name, string value, string beginDate, string endDate)
        {
            string sqlQuery = " SELECT * FROM " + BaseLogEntity.TableName + " WHERE 1=1 ";

            if (!string.IsNullOrEmpty(value))
            {
                sqlQuery += " AND " + name + " = '" + value + "' ";
            }
            if (!string.IsNullOrEmpty(beginDate) && !string.IsNullOrEmpty(endDate))
            {
                beginDate = DateTime.Parse(beginDate.ToString()).ToShortDateString();
                endDate   = DateTime.Parse(endDate.ToString()).AddDays(1).ToShortDateString();
            }
            // 注意安全问题
            if (userIds != null)
            {
                sqlQuery += " AND " + BaseLogEntity.FieldUserId + " IN (" + BaseBusinessLogic.ObjectsToList(userIds) + ") ";
            }
            switch (DbHelper.CurrentDbType)
            {
            case CurrentDbType.Access:
                // Access 中的时间分隔符 是 “#”
                if (beginDate.Trim().Length > 0)
                {
                    sqlQuery += " AND CreateOn >= #" + beginDate + "#";
                }
                if (endDate.Trim().Length > 0)
                {
                    sqlQuery += " AND CreateOn <= #" + endDate + "#";
                }
                break;

            case CurrentDbType.SqlServer:
                if (beginDate.Trim().Length > 0)
                {
                    sqlQuery += " AND CreateOn >= '" + beginDate + "'";
                }
                if (endDate.Trim().Length > 0)
                {
                    sqlQuery += " AND CreateOn <= '" + endDate + "'";
                }
                break;

            case CurrentDbType.Oracle:
                if (beginDate.Trim().Length > 0)
                {
                    sqlQuery += " AND CreateOn >= TO_DATE( '" + beginDate + "','yyyy-mm-dd hh24-mi-ss') ";
                }
                if (endDate.Trim().Length > 0)
                {
                    sqlQuery += " AND CreateOn <= TO_DATE('" + endDate + "','yyyy-mm-dd hh24-mi-ss')";
                }
                break;
            }
            sqlQuery += " ORDER BY CreateOn DESC ";
            return(sqlQuery);
        }
Esempio n. 6
0
 private void SelectMulti()
 {
     if (BaseInterfaceLogic.CheckInputSelectAnyOne(this.grdStaff, "colSelected"))
     {
         if (this.CheckInput())
         {
             this.SelectedIds      = this.GetSelectedIds();
             this.SelectedFullName = BaseBusinessLogic.ObjectsToList(this.GetSelectedFullNames());
             this.DialogResult     = DialogResult.OK;
             this.Close();
         }
     }
 }
Esempio n. 7
0
        public DataTable GetDataTableByIds(string[] userIds)
        {
            string sqlQuery = " SELECT " + BaseUserEntity.TableName + ".* "
                              + "        , ( SELECT " + BaseRoleEntity.FieldRealName
                              + "  FROM " + BaseRoleEntity.TableName
                              + " WHERE " + BaseRoleEntity.FieldId + " = " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldRoleId + ") AS RoleName "
                              + "   FROM " + BaseUserEntity.TableName;

            // 是否需要过滤数据,要考虑安全性
            //if (userIds != null && userIds.Length > 0)
            //{
            sqlQuery += " WHERE Id IN (" + BaseBusinessLogic.ObjectsToList(userIds) + ")";
            //}
            sqlQuery += " ORDER BY " + BaseUserEntity.FieldSortCode;
            return(DbHelper.Fill(sqlQuery));
        }
        /// <summary>
        /// 获取在线用户,客服
        /// </summary>
        /// <param name="userIds"></param>
        /// <returns></returns>
        public string[] GetOnLineUserIds(string[] userIds)
        {
            string[] result = null;

            string sqlQuery = "SELECT " + BaseUserLogOnEntity.FieldId
                              + "  FROM " + this.CurrentTableName
                              + " WHERE " + BaseUserLogOnEntity.FieldUserOnLine + " = 1 ";

            if (userIds != null && userIds.Length > 0)
            {
                sqlQuery += " AND " + BaseUserLogOnEntity.FieldId + " IN (" + BaseBusinessLogic.ObjectsToList(userIds) + ") ";
            }
            DataTable dt = this.DbHelper.Fill(sqlQuery);

            result = BaseBusinessLogic.FieldToArray(dt, BaseUserLogOnEntity.FieldId);

            return(result);
        }
Esempio n. 9
0
        //
        // 读取列表部分 填充IDataReader 常用
        //

        #region public static IDataReader GetDataReader(IDbHelper dbHelper, string tableName, string name, object[] values, string order = null) 获取数据表 一参 参数为数组
        /// <summary>
        /// 获取数据表 一参 参数为数组
        /// </summary>
        /// <param name="dbHelper">数据库连接</param>
        /// <param name="tableName">数据来源表名</param>
        /// <param name="name">字段名</param>
        /// <param name="value">字段值</param>
        /// <param name="order">排序</param>
        /// <returns>数据表</returns>
        public static IDataReader GetDataReader(IDbHelper dbHelper, string tableName, string name, object[] values, string order = null)
        {
            string sqlQuery = " SELECT * "
                              + "   FROM " + tableName;

            if (values == null)
            {
                sqlQuery += "  WHERE " + name + " IS NULL";
            }
            else
            {
                sqlQuery += "  WHERE " + name + " IN (" + BaseBusinessLogic.ObjectsToList(values) + ")";
            }
            if (!String.IsNullOrEmpty(order))
            {
                sqlQuery += " ORDER BY " + order;
            }
            return(dbHelper.ExecuteReader(sqlQuery));
        }
        /// <summary>
        /// 获取数据表 一参 参数为数组
        /// </summary>
        /// <param name="dbHelper">数据库类型</param>
        /// <param name="dbHelper">数据库连接</param>
        /// <param name="tableName">数据来源表名</param>
        /// <param name="name">字段名</param>
        /// <param name="value">字段值</param>
        /// <param name="order">排序</param>
        /// <returns>数据表</returns>
        public static DataTable GetDataTable(CurrentDbType DbType, IDbHelper dbHelper, string tableName, string name, object[] values, string order = null)
        {
            string sqlQuery = " SELECT * "
                              + "   FROM " + tableName;

            if (values == null)
            {
                sqlQuery += "  WHERE " + name + " IS NULL";
            }
            else
            {
                sqlQuery += "  WHERE " + name + " IN (" + BaseBusinessLogic.ObjectsToList(DbType, values) + ")";
            }
            if (!String.IsNullOrEmpty(order))
            {
                sqlQuery += " ORDER BY " + order;
            }
            return(dbHelper.Fill(sqlQuery));
        }
Esempio n. 11
0
        /// <summary>
        /// 获取用户能显示的县?查看的范围
        /// 由于底层数据可以县,所以需要能选上层的省才可以
        /// </summary>
        /// <returns>县列表</returns>
        public List <BaseAreaEntity> GetUserDistrict(string userId, string cityId, string permissionId)
        {
            string tableName = this.UserInfo.SystemCode + "PermissionScope";

            cityId = SecretUtil.SqlSafe(cityId);
            List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >();

            parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceCategory, BaseUserEntity.TableName));
            parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceId, userId));
            parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionId, permissionId));
            parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldEnabled, 1));
            parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldDeletionStateCode, 0));

            BasePermissionScopeManager permissionScopeManager = new BasePermissionScopeManager(this.DbHelper, this.UserInfo, tableName);

            string[] areaIds = permissionScopeManager.GetProperties(parameters, BasePermissionScopeEntity.FieldTargetId);

            string where = BaseAreaEntity.FieldId + " IN (" + BaseBusinessLogic.ObjectsToList(areaIds) + ") AND ((ParentId = '" + cityId + "' AND Layer = 6) OR (Id = '" + cityId + "' AND Layer = 6)) AND Enabled = 1 AND DeletionStateCode = 0 ";
            return(this.GetList <BaseAreaEntity>(where));
        }
Esempio n. 12
0
        /// <summary>
        /// 获取子节点列表
        /// </summary>
        /// <param name="dbHelper">数据库连接</param>
        /// <param name="tableName">目标表明</param>
        /// <param name="fieldId">主键字段</param>
        /// <param name="ids">主键数组</param>
        /// <param name="fieldParentId">父亲节点字段</param>
        /// <param name="order">排序</param>
        /// <param name="idOnly">只需要主键</param>
        /// <returns>数据表</returns>
        public static DataTable GetChildrens(IDbHelper dbHelper, string tableName, string fieldId, string[] ids, string fieldParentId, string order, bool idOnly)
        {
            string sqlQuery = string.Empty;

            if (idOnly)
            {
                sqlQuery = "   SELECT " + fieldId;
            }
            else
            {
                sqlQuery = "   SELECT * ";
            }
            sqlQuery += "          FROM " + tableName
                        + "    START WITH " + fieldId + " IN (" + BaseBusinessLogic.ObjectsToList(ids) + ")"
                        + "  CONNECT BY PRIOR " + fieldId + " = " + fieldParentId;
            if (!String.IsNullOrEmpty(order))
            {
                sqlQuery += " ORDER BY " + order;
            }
            return(dbHelper.Fill(sqlQuery));
        }
        /// <summary>
        /// 按工作组、部门、公司获用户列表
        /// </summary>
        /// <param name="organizeIds">主键数组</param>
        /// <returns>数据表</returns>
        public DataTable GetDataTableByOrganizes(string[] organizeIds)
        {
            string organizeList = BaseBusinessLogic.ObjectsToList(organizeIds);
            string sqlQuery     = " SELECT * "
                                  + " FROM " + BaseUserEntity.TableName
                                  // 从用户表里去找
                                  + " WHERE (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldDeletionStateCode + " = 0 ) "
                                  + "       AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldWorkgroupId + " IN ( " + organizeList + ") "
                                  + "       OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldDepartmentId + " IN (" + organizeList + ") "
                                  + "       OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldSubCompanyId + " IN (" + organizeList + ") "
                                  + "       OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldCompanyId + " IN (" + organizeList + ")) "
                                  // 从用户兼职表里去取用户
                                  + " OR " + BaseUserEntity.FieldId + " IN ("
                                  + " SELECT " + BaseUserOrganizeEntity.FieldUserId
                                  + "   FROM " + BaseUserOrganizeEntity.TableName
                                  + "  WHERE (" + BaseUserOrganizeEntity.TableName + "." + BaseUserOrganizeEntity.FieldDeletionStateCode + " = 0 ) "
                                  + "       AND (" + BaseUserOrganizeEntity.TableName + "." + BaseUserOrganizeEntity.FieldWorkgroupId + " IN ( " + organizeList + ") "
                                  + "       OR " + BaseUserOrganizeEntity.TableName + "." + BaseUserOrganizeEntity.FieldDepartmentId + " IN (" + organizeList + ") "
                                  + "       OR " + BaseUserOrganizeEntity.TableName + "." + BaseUserOrganizeEntity.FieldCompanyId + " IN (" + organizeList + "))) "
                                  + " ORDER BY " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldSortCode;

            return(DbHelper.Fill(sqlQuery));
        }
Esempio n. 14
0
 /// <summary>
 /// 选择用户
 /// </summary>
 /// <param name="close">关闭窗体</param>
 private void SelectMulti(bool close = true)
 {
     if (BaseInterfaceLogic.CheckInputSelectAnyOne(this.grdUser, "colSelected"))
     {
         this.SelectedIds      = this.GetSelectedIds();
         this.SelectedFullName = BaseBusinessLogic.ObjectsToList(this.GetSelectedFullNames());
         if (!close)
         {
             if (this.OnSelected != null)
             {
                 // 进行委托处理
                 if (this.OnSelected(this.SelectedIds))
                 {
                     this.RemoveUser(this.SelectedIds);
                     this.SelectedIds = null;
                 }
                 // 清除选中的数据
                 return;
             }
         }
         this.DialogResult = DialogResult.OK;
         this.Close();
     }
 }
Esempio n. 15
0
        public DataTable Search(string permissionScopeItemCode, string search, string[] roleIds, bool?enabled, string auditStates, string departmentId)
        {
            search = StringUtil.GetSearchString(search);
            string sqlQuery = " SELECT " + BaseUserEntity.TableName + ".* "
                              + "," + BaseRoleEntity.TableName + "." + BaseRoleEntity.FieldRealName + " AS RoleName "
                              + " FROM " + BaseUserEntity.TableName
                              + "      LEFT OUTER JOIN " + BaseRoleEntity.TableName
                              + "      ON " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldRoleId + " = " + BaseRoleEntity.TableName + "." + BaseRoleEntity.FieldId
                              // 被删除的排出在外比较好一些
                              + " WHERE " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldDeletionStateCode + " = 0 "
                              + " AND " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldIsVisible + " = 1 ";

            if (!String.IsNullOrEmpty(search))
            {
                sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldUserName + " LIKE '" + search + "'"
                            + " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldCode + " LIKE '" + search + "'"
                            + " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldRealName + " LIKE '" + search + "'"
                            + " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldQuickQuery + " LIKE '" + search + "'"
                            + " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldDepartmentName + " LIKE '" + search + "'"
                            + " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldDescription + " LIKE '" + search + "')";
            }
            if (!string.IsNullOrEmpty(departmentId))
            {
                BaseOrganizeManager organizeManager = new BaseOrganizeManager(this.DbHelper, this.UserInfo);
                string[]            organizeIds     = organizeManager.GetChildrensId(BaseOrganizeEntity.FieldId, departmentId, BaseOrganizeEntity.FieldParentId);
                if (organizeIds != null && organizeIds.Length > 0)
                {
                    sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldCompanyId + " IN (" + StringUtil.ArrayToList(organizeIds) + ")"
                                + " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldDepartmentId + " IN (" + StringUtil.ArrayToList(organizeIds) + ")"
                                + " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldWorkgroupId + " IN (" + StringUtil.ArrayToList(organizeIds) + "))";
                }
            }
            if (!String.IsNullOrEmpty(auditStates))
            {
                sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldAuditStatus + " = '" + auditStates + "')";
            }
            if (enabled != null)
            {
                sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldEnabled + " = " + ((bool)enabled ? 1:0) + ")";
            }
            if ((roleIds != null) && (roleIds.Length > 0))
            {
                string roles = StringUtil.ArrayToList(roleIds, "'");
                sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldRoleId + " IN (" + roles + ") ";
                sqlQuery += "      OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldId + " IN (" + "SELECT " + BaseUserRoleEntity.FieldUserId + " FROM " + BaseUserRoleEntity.TableName + " WHERE " + BaseUserRoleEntity.FieldRoleId + " IN (" + roles + ")" + "))";
            }

            // 是否过滤用户, 获得组织机构列表, 这里需要一个按用户过滤得功能
            if ((!UserInfo.IsAdministrator) && (BaseSystemInfo.UsePermissionScope))
            {
                // string permissionScopeItemCode = "Resource.ManagePermission";
                BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(this.DbHelper, this.UserInfo);
                string permissionScopeItemId = permissionItemManager.GetId(new KeyValuePair <string, object>(BasePermissionItemEntity.FieldCode, permissionScopeItemCode));
                if (!string.IsNullOrEmpty(permissionScopeItemId))
                {
                    // 从小到大的顺序进行显示,防止错误发生
                    BaseUserScopeManager userPermissionScopeManager = new BaseUserScopeManager(this.DbHelper, this.UserInfo);
                    string[]             organizeIds = userPermissionScopeManager.GetOrganizeIds(this.UserInfo.Id, permissionScopeItemId);

                    // 没有任何数据权限
                    if (StringUtil.Exists(organizeIds, ((int)PermissionScope.None).ToString()))
                    {
                        sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldId + " = NULL ) ";
                    }
                    // 按详细设定的数据
                    if (StringUtil.Exists(organizeIds, ((int)PermissionScope.Detail).ToString()))
                    {
                        BasePermissionScopeManager permissionScopeManager = new BasePermissionScopeManager(DbHelper, UserInfo);
                        string[] userIds = permissionScopeManager.GetUserIds(UserInfo.Id, permissionScopeItemCode);
                        sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldId + " IN (" + BaseBusinessLogic.ObjectsToList(userIds) + ")) ";
                    }
                    // 自己的数据,仅本人
                    if (StringUtil.Exists(organizeIds, ((int)PermissionScope.User).ToString()))
                    {
                        sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldId + " = " + this.UserInfo.Id + ") ";
                    }
                    // 用户所在工作组数据
                    if (StringUtil.Exists(organizeIds, ((int)PermissionScope.UserWorkgroup).ToString()))
                    {
                        sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldWorkgroupId + " = " + this.UserInfo.WorkgroupId + ") ";
                    }
                    // 用户所在部门数据
                    if (StringUtil.Exists(organizeIds, ((int)PermissionScope.UserDepartment).ToString()))
                    {
                        sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldDepartmentId + " = " + this.UserInfo.DepartmentId + ") ";
                    }
                    // 用户所在分支机构数据
                    if (StringUtil.Exists(organizeIds, ((int)PermissionScope.UserSubCompany).ToString()))
                    {
                        sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldSubCompanyId + " = " + this.UserInfo.SubCompanyId + ") ";
                    }
                    // 用户所在公司数据
                    if (StringUtil.Exists(organizeIds, ((int)PermissionScope.UserCompany).ToString()))
                    {
                        sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldCompanyId + " = " + this.UserInfo.CompanyId + ") ";
                    }
                    // 全部数据,这里就不用设置过滤条件了
                    if (StringUtil.Exists(organizeIds, ((int)PermissionScope.All).ToString()))
                    {
                    }
                }
            }
            sqlQuery += " ORDER BY " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldSortCode;
            return(DbHelper.Fill(sqlQuery));
        }
Esempio n. 16
0
        /// <summary>
        /// 获取用户的管理网点
        /// </summary>
        /// <param name="result">数据权限主键</param>
        /// <returns>管理网点数组</returns>
        public string[] GetUserCompanyIds(string userId, string permissionId)
        {
            string[] result = null;

            // 用户有权限的省?获取省的网点?
            // 用户有权限的市?市的网点?
            // 用户有权限的县?县的网点?
            // 用户有权限的街道?街道的网点?
            List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >();

            parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceCategory, BaseUserEntity.TableName));
            parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceId, userId));
            parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionId, permissionId));
            parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldEnabled, 1));
            parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldDeletionStateCode, 0));

            string tableName = this.UserInfo.SystemCode + "PermissionScope";
            BasePermissionScopeManager permissionScopeManager = new BasePermissionScopeManager(this.DbHelper, this.UserInfo, tableName);

            string[] areaIds = permissionScopeManager.GetProperties(parameters, BasePermissionScopeEntity.FieldTargetId);

            // 按区域分割省、市、县、街道
            string[] province = null;
            string[] city     = null;
            string[] district = null;
            string[] street   = null;
            SplitArea(areaIds, out province, out city, out district, out street);

            string[] areaCompanyIds = null;
            if (areaIds != null && areaIds.Length > 0)
            {
                string commandText = " SELECT " + BaseOrganizeEntity.FieldId
                                     + "  FROM " + BaseOrganizeEntity.TableName
                                     + " WHERE " + BaseOrganizeEntity.FieldEnabled + " = 1 "
                                     + "       AND " + BaseOrganizeEntity.FieldDeletionStateCode + " = 0 "
                                     + "       AND (";
                if (province != null && province.Length > 0)
                {
                    commandText += BaseOrganizeEntity.FieldProvinceId + " IN (" + BaseBusinessLogic.ObjectsToList(province, "'") + ")";
                }
                if (city != null && city.Length > 0)
                {
                    if (province != null && province.Length > 0)
                    {
                        commandText += "  OR ";
                    }
                    commandText += BaseOrganizeEntity.FieldCityId + " IN (" + BaseBusinessLogic.ObjectsToList(city, "'") + ")";
                }
                if (district != null && district.Length > 0)
                {
                    if ((province != null && province.Length > 0) || (city != null && city.Length > 0))
                    {
                        commandText += "  OR ";
                    }
                    commandText += BaseOrganizeEntity.FieldDistrictId + " IN (" + BaseBusinessLogic.ObjectsToList(district, "'") + ")";
                }
                if (street != null && street.Length > 0)
                {
                    if ((province != null && province.Length > 0) || (city != null && city.Length > 0) || (district != null && district.Length > 0))
                    {
                        commandText += "  OR ";
                    }
                    commandText += BaseOrganizeEntity.FieldStreetId + " IN (" + BaseBusinessLogic.ObjectsToList(areaIds, "'") + ")";
                }
                commandText += ")";

                BaseOrganizeManager organizeManager = new BaseOrganizeManager();
                DataTable           dt = organizeManager.Fill(commandText);
                areaCompanyIds = BaseBusinessLogic.FieldToArray(dt, BaseOrganizeEntity.FieldId);
            }

            // 用户直接有权限的网点
            parameters = new List <KeyValuePair <string, object> >();
            parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceCategory, BaseUserEntity.TableName));
            parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceId, userId));
            parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionId, permissionId));
            parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetCategory, BaseOrganizeEntity.TableName));
            parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldEnabled, 1));
            parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldDeletionStateCode, 0));
            string[] companyIds = permissionScopeManager.GetProperties(parameters, BasePermissionScopeEntity.FieldTargetId);

            result = StringUtil.Concat(companyIds, areaCompanyIds);
            return(result);
        }
Esempio n. 17
0
        /// <summary>
        /// 获取列表
        /// </summary>
        /// <param name="userInfo">用户</param>
        /// <returns>数据表</returns>
        public DataTable GetDataTable(BaseUserInfo userInfo)
        {
            // 写入调试信息
            #if (DEBUG)
            int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod());
            #endif

            // 加强安全验证防止未授权匿名调用
            #if (!DEBUG)
            LogOnService.UserIsLogOn(userInfo);
            #endif

            DataTable dataTable = new DataTable(BaseModuleEntity.TableName);
            using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType))
            {
                try
                {
                    dbHelper.Open(UserCenterDbConnection);
                    BaseFolderManager folderManager = new BaseFolderManager(dbHelper, userInfo);
                    // 检查相应的系统必备文件夹
                    folderManager.FolderCheck();
                    if (userInfo.IsAdministrator)
                    {
                        dataTable = folderManager.GetDataTable(BaseFolderEntity.FieldSortCode);
                    }
                    else
                    {
                        // 数据权限部分,部门的权限部分。
                        BasePermissionScopeManager permissionScopeManager = new BasePermissionScopeManager(dbHelper, userInfo);
                        string[] ids = permissionScopeManager.GetOrganizeIds(userInfo.Id, "Resource.ManagePermission");
                        // 获取安全等级,比自己小的。
                        string commandText = string.Format(@"SELECT * 
                                                               FROM BaseFolder 
                                                              WHERE (DeletionStateCode = 0 
                                                                    AND Enabled = 1 
                                                                    AND (IsPublic = 1 
                                                                         OR Id = 'UserSpace' 
                                                                         OR Id = 'CompanyFile' 
                                                                         OR Id = '{0}' 
                                                                         OR Id = '{1}' 
                                                                         OR Id = '{2}' 
                                                                         OR CreateUserId = '{3}')) ", userInfo.Id, userInfo.DepartmentId, userInfo.CompanyId, userInfo.Id);
                        if (ids != null && ids.Length > 0)
                        {
                            commandText += " OR ID IN (" + BaseBusinessLogic.ObjectsToList(ids) + ") ";
                        }
                        dataTable = folderManager.Fill(commandText);
                    }
                    dataTable.DefaultView.Sort = BaseFolderEntity.FieldSortCode;
                    dataTable.TableName        = BaseFolderEntity.TableName;
                    BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, MethodBase.GetCurrentMethod());
                }
                catch (Exception ex)
                {
                    BaseExceptionManager.LogException(dbHelper, userInfo, ex);
                    throw ex;
                }
                finally
                {
                    dbHelper.Close();
                }
            }

            // 写入调试信息
            #if (DEBUG)
            BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart);
            #endif

            return(dataTable);
        }