// -------------------------------------------------------
// 查询
// -------------------------------------------------------
#region 函数:FindOne(string authorizationObjectType, string authorizationObjectId)
/// <summary>查询某条授权对象信息</summary>
/// <param name="authorizationObjectType">授权对象类型</param>
/// <param name="authorizationObjectId">授权对象标识</param>
/// <returns>返回一个<see cref="IAuthorizationObject"/>实例的详细信息</returns>
public IAuthorizationObject FindOne(string authorizationObjectType, string authorizationObjectId)
{
IAuthorizationObject authorizationObject = null;
switch (authorizationObjectType.ToLower())
{
case "account":
authorizationObject = MembershipManagement.Instance.AccountService[authorizationObjectId];
break;
case "role":
authorizationObject = MembershipManagement.Instance.RoleService[authorizationObjectId];
break;
case "organization":
authorizationObject = MembershipManagement.Instance.OrganizationUnitService[authorizationObjectId];
break;
case "group":
authorizationObject = MembershipManagement.Instance.GroupService[authorizationObjectId];
break;
case "generalrole":
authorizationObject = MembershipManagement.Instance.GeneralRoleService[authorizationObjectId];
break;
case "standardorganization":
authorizationObject = MembershipManagement.Instance.StandardOrganizationUnitService[authorizationObjectId];
break;
case "standardrole":
authorizationObject = MembershipManagement.Instance.StandardRoleService[authorizationObjectId];
break;
default:
throw new Exception(string.Format("未找到相关的授权对象类型:{0}。", authorizationObjectType));
}
return(authorizationObject);
}
/// <summary>检测用户是否拥有权限</summary>
/// <param name="account"></param>
/// <param name="roles"></param>
/// <returns></returns>
public static bool Check(IAccountInfo account, IAuthorizationScope[] authorizationScopes)
{
bool authenticated = false;
foreach (IAuthorizationScope authorizationScope in authorizationScopes)
{
IAuthorizationObject authorizationObject = authorizationScope.AuthorizationObject;
// 空对象: 未找到相关值..
if (authorizationObject == null)
{
continue;
}
switch (authorizationObject.Type)
{
case "account":
if (account.Id == authorizationObject.Id)
{
authenticated = true;
}
break;
case "role":
foreach (IAccountRoleRelationInfo relation in account.RoleRelations)
{
if (relation.RoleId == authorizationObject.Id)
{
authenticated = true;
break;
}
}
break;
case "organization":
foreach (IAccountOrganizationUnitRelationInfo relation in account.OrganizationUnitRelations)
{
if (relation.OrganizationUnitId == authorizationObject.Id)
{
authenticated = true;
break;
}
}
break;
// [未实现]
//case "generalrole":
// foreach (IAuthorizationObject organization.role in account.Roles)
// {
// if (organization.Id == authorizationObject.Id)
// {
// authenticated = true;
// break;
// }
// }
// break;
default:
break;
}
if (authenticated)
{
break;
}
}
return(authenticated);
}
/// <summary></summary>
public MembershipAuthorizationScope(EntityClass entity, AuthorityInfo authority, IAuthorizationObject authorizationObject)
{
this.EntityClass = entity;
this.Authority = authority;
this.AuthorizationObject = authorizationObject;
}
