public string GetFunctionList()
{
List <Function> FunctionListAll = new List <Function>();
using (DataTable table = SqlHelper.ExecuteDataset(CommonInfo.ConQJVRMS, CommandType.StoredProcedure, "Function_GetFunction").Tables[0])
{
foreach (DataRow row in table.Rows)
{
Function f = new Function();
f.Description = row["Description"].ToString();
f.FunctionName = row["FunctionName"].ToString();
f.UrlPath = row["UrlPath"].ToString();
f.FunctionID = new Guid(row["FunctionId"].ToString());
f.OrderFlag = int.Parse(row["orderFlag"].ToString());
if (row["parentid"] == DBNull.Value)
{
f.ParentFunctionId = null;
}
else
{
f.ParentFunctionId = new Guid(row["parentId"].ToString());
}
FunctionListAll.Add(f);
}
}
SerializeObjectFactory sof = new SerializeObjectFactory();
return(sof.SerializeToBase64(FunctionListAll));
}
public string GetTopFunctionList()
{
string sql = "SELECT * FROM dbo.FunctionList WHERE parentId IS NULL ORDER BY orderFlag";
IList <Function> TopFunctionList = new List <Function>();
using (DataTable table = SqlHelper.ExecuteDataset(CommonInfo.ConQJVRMS, CommandType.Text, sql).Tables[0])
{
foreach (DataRow row in table.Rows)
{
Function f = new Function();
f.Description = row["Description"].ToString();
f.FunctionName = row["FunctionName"].ToString();
f.UrlPath = row["UrlPath"].ToString();
f.FunctionID = new Guid(row["FunctionId"].ToString());
f.OrderFlag = int.Parse(row["orderFlag"].ToString());
if (row["parentid"] == DBNull.Value)
{
f.ParentFunctionId = null;
}
else
{
f.ParentFunctionId = new Guid(row["parentId"].ToString());
}
TopFunctionList.Add(f);
}
}
SerializeObjectFactory sof = new SerializeObjectFactory();
return(sof.SerializeToBase64(TopFunctionList));
}
/// <summary>
/// Get All Function
/// </summary>
/// <param name="groupID"></param>
/// <returns></returns>
public static List <Function> GetFunctionList()
{
SerializeObjectFactory sof = new SerializeObjectFactory();
FunctionService fs = new FunctionService();
string funListStr = fs.GetFunctionList();
object o = sof.DesializeFromBase64(funListStr);
List <Function> list = (List <Function>)o;
return(list);
//List<Function> FunctionListAll = new List<Function>();
//using (DataTable table = SqlHelper.ExecuteDataset(SqlHelper.SqlCon_QJVRMS, CommandType.StoredProcedure, "Function_GetFunction").Tables[0])
//{
// foreach (DataRow row in table.Rows)
// {
// Function f = new Function();
// f.description = row["Description"].ToString();
// f.functionName = row["FunctionName"].ToString();
// f.urlPath = row["UrlPath"].ToString();
// f.functionID = row["FunctionId"].ToString();
// f.orderFlag = int.Parse(row["orderFlag"].ToString());
// FunctionListAll.Add(f);
// }
//}
//return FunctionListAll;
}
public string AuthUserByAD(string domain, string loginfullName, string loginId, string password)
{
IADsUser adUser = null;
try
{
adUser = ADHelper.AuthenticateUser(domain, loginfullName, loginId, password);
User user = new User();
user.UserId = new Guid(adUser.GUID);
user.GroupId = Guid.NewGuid();
user.UserName = adUser.FullName;
user.GroupName = string.Empty;
user.IsDownLoad = string.Empty;
// returnObj = user;
SerializeObjectFactory sof = new SerializeObjectFactory();
return(sof.SerializeToBase64(user));
}
catch (Exception ex)
{
LogWriter.WriteExceptionLog(ex);
return(string.Empty);
}
}
public IList <Function> GetTopFunctionList()
{
SerializeObjectFactory sof = new SerializeObjectFactory();
FunctionService fs = new FunctionService();
string topFunctionList = fs.GetTopFunctionList();
object o = sof.DesializeFromBase64(topFunctionList);
IList <Function> list = (IList <Function>)o;
return(list);
}
public bool ModifyRole(string roleName, string description, Guid roleId, string securityObjs, int method)
{
SerializeObjectFactory sof = new SerializeObjectFactory();
SecurityObject[] objs = (SecurityObject[])sof.DesializeFromBase64(securityObjs);
string formatcreateSql = string.Empty;
formatcreateSql = @"insert into accessControlList (ObjectId,ObjectType,OperatorId,OperatorMethod)
values ('{0}',{1},'{2}',{3})";
string createSql = string.Empty;
string sql = string.Empty;
sql = "Begin Tran Begin try ";
sql += "update Roles set RoleName='{0}',Description='{1}' where roleId='{2}'";
sql = string.Format(sql, roleName, description, roleId.ToString());
sql += " delete from accessControlList where OperatorId='{0}' ";
sql = string.Format(sql, roleId.ToString());
foreach (ISecurityObject secobj in objs)
{
string secObjId = secobj.ObjectId.ToString();
int oType = (int)secobj.ObjectType;
int methodIndex = method;
createSql = string.Format(formatcreateSql, secObjId, oType.ToString(), roleId.ToString(), methodIndex.ToString());
sql += createSql;
}
sql += " Commit End try ";
sql += "Begin Catch IF @@TRANCOUNT > 0 Rollback"
+ " DECLARE @ErrMsg nvarchar(4000), @ErrSeverity int"
+ " SELECT @ErrMsg = ERROR_MESSAGE(),"
+ " @ErrSeverity = ERROR_SEVERITY()"
+ "RAISERROR(@ErrMsg, @ErrSeverity, 1)"
+ " End Catch";
try
{
SqlHelper.ExecuteNonQuery(CommonInfo.ConQJVRMS, CommandType.Text, sql);
return(true);
}
catch (Exception ex)
{
QJVRMS.Common.LogWriter.WriteExceptionLog(ex);
return(false);
}
}
public string AuthUserByForm(string loginName, string password, string IPAddress)
{
string encryptPassword = Encryption.Encrypt(password);
SqlParameter[] Parameters = new SqlParameter[4];
Parameters[0] = new SqlParameter("@loginName", SqlDbType.NVarChar);
Parameters[1] = new SqlParameter("@password", SqlDbType.VarChar, 50);
Parameters[2] = new SqlParameter("@IPAddress", SqlDbType.NVarChar, 15);
Parameters[3] = new SqlParameter("@IsValidated", SqlDbType.Bit);
Parameters[0].Value = loginName;
Parameters[1].Value = encryptPassword;
Parameters[2].Value = IPAddress;
Parameters[3].Direction = ParameterDirection.Output;
try
{
using (DataTable resTable = SqlHelper.ExecuteDataset(CommonInfo.ConQJVRMS, CommandType.StoredProcedure, "dbo.Users_ValidateUserAndGetUser", Parameters).Tables[0])
{
if (resTable.Rows.Count != 0)
{
if (!bool.Parse(Parameters[3].Value.ToString()))
{
return(null);
}
DataRow reader = resTable.Rows[0];
User user = new User();
user.UserId = new Guid(reader["UserId"].ToString());
user.GroupId = new Guid(reader["Groupid"].ToString());
user.UserName = reader["UserName"].ToString();
user.GroupName = reader["GroupName"].ToString();
user.IsDownLoad = reader["IsDownLoad"].ToString();
// returnObj = user;
SerializeObjectFactory sof = new SerializeObjectFactory();
return(sof.SerializeToBase64(user));
// return true;
}
else
{
return(null);
}
}
}
catch (Exception ex)
{
LogWriter.WriteExceptionLog(ex);
return(null);
}
}
public User GetUser(Guid userId)
{
//string sql = "select * from Users where loginName=@loginName and IsLocked=0";
//SqlParameter[] Parameters = new SqlParameter[1];
//Parameters[0] = new SqlParameter("@userId", SqlDbType.UniqueIdentifier);
//Parameters[0].Value = userId;
User user = null;
//Guid groupId;
//bool isLocked;
//bool isIPValidate;
//string loginName, UserName, Email, Telphone, isdownload;
//DateTime createDate;
//using (IDataReader reader = SqlHelper.ExecuteReader(SqlHelper.SqlCon_QJVRMS, CommandType.StoredProcedure, "dbo.Users_GetUserByUserId", Parameters))
//{
// if (!reader.Read())
// {
// throw new Exception("用户ID不存在!");
// }
// groupId = new Guid(reader["groupId"].ToString());
// isLocked = bool.Parse(reader["IsLocked"].ToString());
// isIPValidate = bool.Parse(reader["IsIPValidate"].ToString());
// isdownload = reader["IsDownLoad"].ToString();
// loginName = reader["logInName"].ToString();
// UserName = reader["Username"].ToString();
// Email = reader["email"].ToString();
// Telphone = reader["Tel"].ToString();
// createDate = DateTime.Parse(reader["CreateDate"].ToString());
//}
//user = new User(loginName, UserName, userId, groupId, isLocked, Email, Telphone, createDate, isdownload, isIPValidate);
//return user;
QJVRMS.Business.MemWS.MemberShipService mss = new QJVRMS.Business.MemWS.MemberShipService();
string objStr = mss.GetUserById(userId);
SerializeObjectFactory sof = new SerializeObjectFactory();
object o = sof.DesializeFromBase64(objStr);
user = (User)o;
return(user);
}
public string AuthClientUser(string loginName, string password)
{
string encryptPassword = Encryption.Encrypt(password);
string sql = "select UserId,UserName from Users"
+ " where loginName=@loginName and password = @password and IsLocked=0";
SqlParameter[] Parameters = new SqlParameter[2];
Parameters[0] = new SqlParameter("@loginName", SqlDbType.NVarChar);
Parameters[1] = new SqlParameter("@password", SqlDbType.VarChar, 50);
Parameters[0].Value = loginName;
Parameters[1].Value = encryptPassword;
try
{
using (DataTable resTable = SqlHelper.ExecuteDataset(CommonInfo.ConQJVRMS, CommandType.Text, sql, Parameters).Tables[0])
{
if (resTable.Rows.Count != 0)
{
DataRow reader = resTable.Rows[0];
User user = new User();
user.UserId = new Guid(reader["UserId"].ToString());
user.UserName = reader["UserName"].ToString();
SerializeObjectFactory sof = new SerializeObjectFactory();
Quanjing.Security.FTPInfo ftp = new Quanjing.Security.FTPInfo(CommonInfo.FtpAddress, CommonInfo.FtpUser, CommonInfo.FtpPwd, "");
ftp.SetUserId(user.UserId);
return(sof.SerializeToBase64(ftp));
// return true;
}
else
{
return(null);
}
}
}
catch (Exception ex)
{
LogWriter.WriteExceptionLog(ex);
return(null);
}
}
public string CheckUsers(string domainName, string OU, string adminId, string adminPwd, string listUserStr)
{
List <User> userList = new List <User>();
SerializeObjectFactory sof = new SerializeObjectFactory();
try
{
List <string> userIdList = (List <string>)sof.DesializeFromBase64(listUserStr);
ADHelper.SearchUser(domainName, OU, adminId, adminPwd, userIdList, userList);
return(sof.SerializeToBase64(userList));
}
catch (Exception ex)
{
LogWriter.WriteExceptionLog(ex);
return(string.Empty);
}
}
public bool AuthUserByAD(string domain, string loginfullName, string loginId, string password, ref object returnObj)
{
//IADsUser adUser = null;
//try
//{
// adUser = ADHelper.AuthenticateUser(domain, loginfullName, loginId, password);
// User user = new User();
// user.UserId = new Guid(adUser.GUID);
// user.GroupId = Guid.NewGuid();
// user.UserName = adUser.FullName;
// user.GroupName = "Test";
// user.IsDownLoad = string.Empty;
// returnObj = user;
// return true;
//}
//catch (Exception ex)
//{
// LogWriter.WriteExceptionLog(ex);
// return false;
//}
QJVRMS.Business.MemWS.MemberShipService mss = new QJVRMS.Business.MemWS.MemberShipService();
SerializeObjectFactory sof = new SerializeObjectFactory();
try
{
string objStr = mss.AuthUserByAD(domain, loginfullName, loginId, password);
object o = sof.DesializeFromBase64(objStr);
QJVRMS.Business.User user = (QJVRMS.Business.User)o;
returnObj = user;
return(true);
}
catch
{
return(false);
}
}
public string CheckRules(string rulesStr)
{
SerializeObjectFactory sof = new SerializeObjectFactory();
StringBuilder sqlQuery = new StringBuilder();
List <ObjectRule> rules = null;
try
{
rules = (List <ObjectRule>)sof.DesializeFromBase64(rulesStr);
string sql = "CREATE TABLE #RuleList(ruleId uniqueidentifier);";
sqlQuery.Append(sql);
foreach (IRule rule in rules)
{
sqlQuery.Append(rule.GetSqlQuery());
}
sql = "select * from #RuleList";
sqlQuery.Append(sql);
using (DataTable dt = SqlHelper.ExecuteDataset(CommonInfo.ConQJVRMS, CommandType.Text, sqlQuery.ToString()).Tables[0])
{
foreach (IRule rule in rules)
{
DataRow[] rows = dt.Select("ruleId='" + rule.RuleId.ToString() + "'");
if (rows.Length > 0)
{
rule.IsValidate = true;
}
}
}
}
catch (Exception ex)
{
QJVRMS.Common.LogWriter.WriteExceptionLog(ex);
return(null);
}
return(sof.SerializeToBase64(rules));
}
public string GetUserById(Guid userId)
{
//string sql = "select * from Users where loginName=@loginName and IsLocked=0";
SqlParameter[] Parameters = new SqlParameter[1];
Parameters[0] = new SqlParameter("@userId", SqlDbType.UniqueIdentifier);
Parameters[0].Value = userId;
QJVRMS.Business.User user = null;
Guid groupId;
bool isLocked;
bool isIPValidate;
string loginName, UserName, Email, Telphone, isdownload, groupName;
DateTime createDate;
using (IDataReader reader = SqlHelper.ExecuteReader(CommonInfo.ConQJVRMS, CommandType.StoredProcedure, "dbo.Users_GetUserByUserId", Parameters))
{
if (!reader.Read())
{
throw new Exception("用户ID不存在!");
}
groupId = new Guid(reader["groupId"].ToString());
isLocked = bool.Parse(reader["IsLocked"].ToString());
isIPValidate = bool.Parse(reader["IsIPValidate"].ToString());
isdownload = reader["IsDownLoad"].ToString();
loginName = reader["logInName"].ToString();
UserName = reader["Username"].ToString();
groupName = reader["groupName"].ToString();
Email = reader["email"].ToString();
Telphone = reader["Tel"].ToString();
createDate = DateTime.Parse(reader["CreateDate"].ToString());
}
user = new User(loginName, UserName, userId, groupId, isLocked, Email, Telphone, createDate, isdownload, isIPValidate);
user.GroupName = groupName;
SerializeObjectFactory sof = new SerializeObjectFactory();
return(sof.SerializeToBase64(user));
}
public string GetUserByLoginName(string loginName)
{
string sql = " select u.*,g.GroupName from Users u,[Group] g where u.loginName=@loginName and u.groupId=g.groupId";
SqlParameter[] Parameters = new SqlParameter[1];
Parameters[0] = new SqlParameter("@loginName", SqlDbType.NVarChar);
Parameters[0].Value = loginName;
QJVRMS.Business.User user = null;
Guid groupId, UserId;
bool isLocked, isIPValidate;
string UserName, Email, Telphone, isdownload, groupName;
DateTime createDate;
using (IDataReader reader = SqlHelper.ExecuteReader(CommonInfo.ConQJVRMS, CommandType.Text, sql, Parameters))
{
if (!reader.Read())
{
throw new Exception("用户登录ID不存在!");
}
groupId = new Guid(reader["groupId"].ToString());
isLocked = bool.Parse(reader["IsLocked"].ToString());
isIPValidate = bool.Parse(reader["IsIPValidate"].ToString());
isdownload = reader["IsDownLoad"].ToString();
UserId = new Guid(reader["UserId"].ToString());
UserName = reader["Username"].ToString();
groupName = reader["groupName"].ToString();
Email = reader["email"].ToString();
Telphone = reader["Tel"].ToString();
createDate = DateTime.Parse(reader["CreateDate"].ToString());
}
user = new User(loginName, UserName, UserId, groupId, isLocked, Email, Telphone, createDate, isdownload, isIPValidate);
user.GroupName = groupName;
SerializeObjectFactory sof = new SerializeObjectFactory();
return(sof.SerializeToBase64(user));
}
public static List <User> CheckUsers(string domainName, string OU, string adminId, string adminPwd, List <string> userIdList)
{
List <User> userList = new List <User>();
// ADHelper.SearchUser(domainName, OU, adminId, adminPwd, userIdList, userList);
QJVRMS.Business.MemWS.MemberShipService mss = new QJVRMS.Business.MemWS.MemberShipService();
SerializeObjectFactory sof = new SerializeObjectFactory();
//System.Collections.ArrayList al = new System.Collections.ArrayList(userIdList.Count);
//foreach (string var in userIdList)
//{
// al.Add(var);
//}
string idString = sof.SerializeToBase64(userIdList);
string returnUserList = mss.CheckUsers(domainName, OU, adminId, adminPwd, idString);
object o = sof.DesializeFromBase64(returnUserList);
List <User> users = (List <User>)o;
//foreach (IADsUser adUser in adList)
//{
// User user = new User();
// user.Email = adUser.EmailAddress;
// user.UserLoginName = adUser.Name;
// user.UserId = new Guid(adUser.GUID);
// user.Telphone = adUser.TelephoneNumber.ToString();
// userList.Add(user);
//}
return(users);
}
public bool AddADUsersToDB(string userListStr, Guid groupid)
{
DataTable userTable = new DataTable();
userTable.Columns.Add("UserId", typeof(Guid));
userTable.Columns.Add("GroupId", typeof(Guid));
userTable.Columns.Add("loginName", typeof(string));
userTable.Columns.Add("UserName", typeof(string));
userTable.Columns.Add("Tel", typeof(string));
userTable.Columns.Add("Email", typeof(string));
userTable.Columns.Add("uType", typeof(string));
userTable.Columns.Add("password", typeof(string));
userTable.Columns.Add("isLocked", typeof(string));
userTable.Columns.Add("isDownload", typeof(string));
userTable.Columns.Add("isIpValidate", typeof(string));
userTable.Columns.Add("IpAddress", typeof(string));
userTable.Columns.Add("CreateDate", typeof(DateTime));
SerializeObjectFactory sof = new SerializeObjectFactory();
ArrayList userList = (ArrayList)sof.DesializeFromBase64(userListStr);
foreach (object ouser in userList)
{
QJVRMS.Business.User user = ouser as QJVRMS.Business.User;
DataRow userRow = userTable.NewRow();
userRow["UserId"] = user.UserId;
userRow["GroupId"] = groupid;
userRow["loginName"] = user.UserLoginName;
userRow["UserName"] = user.UserName;
userRow["Tel"] = user.Telphone;
userRow["Email"] = user.Email;
userRow["uType"] = "1";
userRow["password"] = "******";
userTable.Rows.Add(userRow);
}
SqlConnection con = null;
SqlTransaction trans = null;
try
{
con = new SqlConnection(CommonInfo.ConQJVRMS);
con.Open();
trans = con.BeginTransaction();
SqlHelperExtend.Update("Users", userTable, trans);
trans.Commit();
return(true);
}
catch (Exception ex)
{
trans.Rollback();
LogWriter.WriteExceptionLog(ex);
return(false);
}
finally
{
if (con != null)
{
con.Close();
}
}
}
/// <summary>
/// and IPAddress validate
/// </summary>
/// <param name="loginName"></param>
/// <param name="password"></param>
/// <param name="returnObj"></param>
/// <returns></returns>
public bool AuthUserByForm(string loginName, string password, string IPAddress, ref object returnObj)
{
string encryptPassword = Encryption.Encrypt(password);
//SqlParameter[] Parameters = new SqlParameter[4];
//Parameters[0] = new SqlParameter("@loginName", SqlDbType.NVarChar);
//Parameters[1] = new SqlParameter("@password", SqlDbType.VarChar, 50);
//Parameters[2] = new SqlParameter("@IPAddress", SqlDbType.NVarChar, 15);
//Parameters[3] = new SqlParameter("@IsValidated", SqlDbType.Bit);
//Parameters[0].Value = loginName;
//Parameters[1].Value = encryptPassword;
//Parameters[2].Value = IPAddress;
//Parameters[3].Direction = ParameterDirection.Output;
//try
//{
// using (DataTable resTable = SqlHelper.ExecuteDataset(SqlHelper.SqlCon_QJVRMS, CommandType.StoredProcedure, "dbo.Users_ValidateUserAndGetUser", Parameters).Tables[0])
// {
// if (resTable.Rows.Count != 0)
// {
// if (!bool.Parse(Parameters[3].Value.ToString()))
// {
// return false;
// }
// DataRow reader = resTable.Rows[0];
// User user = new User();
// user.UserId = new Guid(reader["UserId"].ToString());
// user.GroupId = new Guid(reader["Groupid"].ToString());
// user.UserName = reader["UserName"].ToString();
// user.GroupName = reader["GroupName"].ToString();
// user.IsDownLoad = reader["IsDownLoad"].ToString();
// returnObj = user;
// return true;
// }
// else
// {
// return false;
// }
// }
//}
//catch (Exception ex)
//{
// LogWriter.WriteExceptionLog(ex, true);
// return false;
//}
QJVRMS.Business.MemWS.MemberShipService mss = new QJVRMS.Business.MemWS.MemberShipService();
SerializeObjectFactory sof = new SerializeObjectFactory();
try
{
string objStr = null;
///mss.GetUserByLoginName
string isAuthByRemote = ConfigurationManager.AppSettings["AuthByRemote"];
if (string.IsNullOrEmpty(isAuthByRemote))
{
isAuthByRemote = "0";
}
if (isAuthByRemote.Equals("1"))
{
//objStr = mss.GetUserByLoginName(loginName);
bool isUser = mss.IsUserExist(loginName);
//表里没有用户,调用集成验证
if (!isUser)
{
return(AuthUserByRequest(loginName, password, IPAddress, ref returnObj, true));
}
else
{
objStr = mss.GetUserByLoginName(loginName);
object o = sof.DesializeFromBase64(objStr);
QJVRMS.Business.User user = (QJVRMS.Business.User)o;
returnObj = user;
//用户不是系统管理员,调用集成验证
string superAdminId = ConfigurationManager.AppSettings["superAdminId"];
if (user.UserId.ToString().ToLower() != superAdminId.ToLower())
{
return(AuthUserByRequest(loginName, password, IPAddress, ref returnObj, false));
}
else
{
//是管理员,调用数据库验证
objStr = mss.AuthUserByForm(loginName, password, IPAddress);
if (string.IsNullOrEmpty(objStr))
{
return(false);
}
else
{
object o1 = sof.DesializeFromBase64(objStr);
QJVRMS.Business.User user1 = (QJVRMS.Business.User)o1;
returnObj = user1;
return(true);
}
}
//returnObj = user;
return(true);
}
}
else
{
objStr = mss.AuthUserByForm(loginName, password, IPAddress);
object o = sof.DesializeFromBase64(objStr);
QJVRMS.Business.User user = (QJVRMS.Business.User)o;
returnObj = user;
return(true);
}
}
catch (Exception ex)
{
LogWriter.WriteExceptionLog(ex);
return(false);
}
}
public static bool AuthUserByRequest(string loginName, string password, string ipAddress, ref object returnObj, bool isCreated)
{
string addressParam = ConfigurationManager.AppSettings["RequestUrl"];
string lnParam = ConfigurationManager.AppSettings["LoginNameParamName"];
string pParam = ConfigurationManager.AppSettings["PasswordParamName"];
string ipParam = ConfigurationManager.AppSettings["IPParamName"];
string url;
if (addressParam.Contains("?"))
{
url = addressParam + "&" + lnParam + "=" + loginName + "&" + pParam + "=" + password + "&" + ipParam + "=" + ipAddress;
}
else
{
url = addressParam + "?" + lnParam + "=" + loginName + "&" + pParam + "=" + password + "&" + ipParam + "=" + ipAddress;
}
string result = DoGetRequest(url);
if (result == "0")
{
//这里远程验证如果错误的话,就进行一次数据库验证
QJVRMS.Business.MemWS.MemberShipService mss = new QJVRMS.Business.MemWS.MemberShipService();
SerializeObjectFactory sof = new SerializeObjectFactory();
string objStr = mss.AuthUserByForm(loginName, password, ipAddress);
if (!string.IsNullOrEmpty(objStr))
{
object o = sof.DesializeFromBase64(objStr);
QJVRMS.Business.User user = (QJVRMS.Business.User)o;
returnObj = user;
return(true);
}
return(false);
}
else
{
//这里先要获得该用户的机构(groupId)和角色(roleId)
string[] arrIds = new Boss().GetVrmsId(loginName, password);
string roleId = arrIds[0];
string groupId = arrIds[1];
string email = arrIds[2];
if (string.IsNullOrEmpty(roleId))
{
roleId = ConfigurationManager.AppSettings["RoleID"];
}
if (string.IsNullOrEmpty(groupId))
{
groupId = "356b8e9c-005d-47ae-8aad-e7d1d60a1496";
}
if (string.IsNullOrEmpty(email))
{
email = loginName + "@quanjing.com";
}
if (isCreated)
{
MemberShipManager msm = new MemberShipManager();
//string email = loginName + "@sany.com.cn";
IUser u = msm.CreateUser(password, loginName, loginName,
new Guid(groupId), email, string.Empty, false, "false", false);
QJVRMS.Business.User user = (QJVRMS.Business.User)u;
//string roleID = ConfigurationManager.AppSettings["RoleID"];
string roleID = roleId;
//分配角色
Role.CreateRoleUsers(new Guid[] { new Guid(roleID) }, user.UserId);
returnObj = user;
}
else
{
QJVRMS.Business.MemWS.MemberShipService mss = new QJVRMS.Business.MemWS.MemberShipService();
SerializeObjectFactory sof = new SerializeObjectFactory();
//string objStr = mss.AuthUserByForm(loginName, password, ipAddress);
string objStr = mss.GetUserByLoginName(loginName);
object o = sof.DesializeFromBase64(objStr);
QJVRMS.Business.User user = (QJVRMS.Business.User)o;
returnObj = user;
//如果数据库里有这个用户的话,就更新一次密码(这里应该判断一下用户是否相等),更新一下角色、机构和email
mss.ResetPassword(user.UserId, password);
bool isDownloaded = false;
if (user.IsDownLoad.ToLower().Equals("true"))
{
isDownloaded = true;
}
mss.ModifyUserInfo1(user.UserId, new Guid(groupId), user.UserName, email, user.Telphone, user.IsLocked, isDownloaded, user.IsIPValidate);
Role.CreateRoleUsers(new Guid[] { new Guid(roleId) }, user.UserId);
}
}
return(true);
}
public Guid NewRole(Guid groupId, string roleName, string description, string securityObjs, int method)
{
SqlParameter[] Parameters = new SqlParameter[4];
Parameters[0] = new SqlParameter("@RoleName", SqlDbType.NVarChar);
Parameters[1] = new SqlParameter("@description", SqlDbType.NVarChar);
Parameters[2] = new SqlParameter("@groupId", SqlDbType.UniqueIdentifier);
Parameters[3] = new SqlParameter("@roleId", SqlDbType.UniqueIdentifier);
Parameters[3].Direction = ParameterDirection.Output;
Parameters[0].Value = roleName;
Parameters[1].Value = description;
Parameters[2].Value = groupId;
SerializeObjectFactory sof = new SerializeObjectFactory();
SecurityObject[] objs = (SecurityObject [])sof.DesializeFromBase64(securityObjs);
SqlTransaction trans = null;
Guid roleId;
using (SqlConnection con = new SqlConnection(CommonInfo.ConQJVRMS))
{
con.Open();
trans = con.BeginTransaction();
try
{
SqlHelper.ExecuteNonQuery(trans, CommandType.StoredProcedure, "Role_CreateRole", Parameters);
roleId = new Guid(Parameters[3].Value.ToString());
string formatcreateSql = @"insert into accessControlList (ObjectId,ObjectType,OperatorId,OperatorMethod)
values ('{0}',{1},'{2}',{3})";
string sql = string.Empty;
foreach (ISecurityObject secobj in objs)
{
string secObjId = secobj.ObjectId.ToString();
int oType = (int)secobj.ObjectType;
int methodIndex = method;
sql += string.Format(formatcreateSql, secObjId, oType.ToString(), roleId.ToString(), methodIndex.ToString());
}
if (sql != string.Empty)
{
SqlHelper.ExecuteNonQuery(trans, CommandType.Text, sql);
}
trans.Commit();
}
catch (Exception e)
{
trans.Rollback();
QJVRMS.Common.LogWriter.WriteExceptionLog(e, true);
throw e;
}
}
QJVRMS.Common.LogWriter.WriteLog("S", new string[] { "Test" });
return(roleId);
}
public void PutImageFromClient(string log)
{
SerializeObjectFactory sof = new SerializeObjectFactory();
Quanjing.Security.UploadLogInfo loginfo = sof.DesializeFromBase64(log) as Quanjing.Security.UploadLogInfo;
//this.AddImageStorage(loginfo.UserGuid,
// loginfo.OldFileName,
// loginfo.UserId,
// loginfo.PicRemark,
// string.Empty,
// string.Empty,
// DateTime.Now,
// DateTime.Now,
// DateTime.Now,
// string.Empty,
// loginfo.PicRemark,
// System.IO.Path.GetExtension(loginfo.UpLoadFileName),
// string.Empty, loginfo.ItemId,
// loginfo.ImageSerNum);
SqlParameter[] Parameters = new SqlParameter[15];
Parameters[0] = new SqlParameter("@userId", SqlDbType.UniqueIdentifier);
Parameters[1] = new SqlParameter("@FileName", SqlDbType.NVarChar);
Parameters[2] = new SqlParameter("@FolderName", SqlDbType.NVarChar);
Parameters[3] = new SqlParameter("@Caption", SqlDbType.NVarChar);
Parameters[4] = new SqlParameter("@Address", SqlDbType.NVarChar);
Parameters[5] = new SqlParameter("@Character", SqlDbType.NVarChar);
Parameters[6] = new SqlParameter("@StartDate", SqlDbType.DateTime);
Parameters[7] = new SqlParameter("@EndDate", SqlDbType.DateTime);
Parameters[8] = new SqlParameter("@shotDate", SqlDbType.DateTime);
Parameters[9] = new SqlParameter("@Keyword", SqlDbType.NVarChar);
Parameters[10] = new SqlParameter("Description", SqlDbType.NVarChar);
Parameters[11] = new SqlParameter("@ImageType", SqlDbType.NVarChar);
Parameters[12] = new SqlParameter("@Hvsp", SqlDbType.VarChar);
Parameters[13] = new SqlParameter("@ItemId", SqlDbType.UniqueIdentifier);
Parameters[14] = new SqlParameter("@serNum", SqlDbType.VarChar);
Parameters[0].Value = loginfo.UserGuid;
Parameters[1].Value = loginfo.OldFileName;
Parameters[2].Value = loginfo.UserId;
Parameters[3].Value = loginfo.PicRemark;
Parameters[4].Value = string.Empty;
Parameters[5].Value = string.Empty;
Parameters[6].Value = DateTime.Now;
Parameters[7].Value = DateTime.Now;
Parameters[8].Value = DateTime.Now;
Parameters[9].Value = string.Empty;
Parameters[10].Value = loginfo.PicRemark;
Parameters[11].Value = System.IO.Path.GetExtension(loginfo.UpLoadFileName);
Parameters[12].Value = string.Empty;
Parameters[13].Value = loginfo.ItemId;
Parameters[14].Value = loginfo.ImageSerNum;
System.Collections.Generic.List <Guid> catas = null;
catas = loginfo.CataList;
string sql = "Insert into ImageStorage_Catalogs (ImageStorageid,Catalogid) values (@itemId,@cataId)";
SqlConnection sc = null;
SqlTransaction trans = null;
try
{
sc = new SqlConnection(CommonInfo.ConQJVRMS);
sc.Open();
trans = sc.BeginTransaction();
SqlHelper.ExecuteNonQuery(trans, CommandType.StoredProcedure, "QJDAM_AddImageStorage", Parameters);
SqlParameter[] parames = new SqlParameter[2];
parames[0] = new SqlParameter("@itemId", SqlDbType.UniqueIdentifier);
parames[1] = new SqlParameter("@cataId", SqlDbType.UniqueIdentifier);
foreach (Guid cataId in catas)
{
parames[0].Value = loginfo.ItemId;
parames[1].Value = cataId;
SqlHelper.ExecuteNonQuery(trans, CommandType.Text, sql, parames);
}
trans.Commit();
}
catch (Exception ex)
{
trans.Rollback();
QJVRMS.Common.LogWriter.WriteExceptionLog(ex);
}
}
public bool SetRules(string rulesStr, string secObjStr, string opersStr)
{
SerializeObjectFactory sof = new SerializeObjectFactory();
List <ObjectRule> rules = (List <ObjectRule>)sof.DesializeFromBase64(rulesStr);
SecurityObject secObj = (SecurityObject)sof.DesializeFromBase64(secObjStr);
ArrayList opers = (ArrayList)sof.DesializeFromBase64(opersStr);
string sqlRuleFormat = "insert into AccessControlLIst (ObjectId,ObjectType,OperatorId,OperatorMethod)"
+ " values ('{0}',{1},'{2}',{3});";
StringBuilder sqlBuilder = new StringBuilder();
sqlBuilder.Append("Begin Tran Begin try {0}");
string sqlRuleDelFormat = "Delete from AccessControlLIst Where ObjectId='{0}' and OperatorId='{1}' and OperatorMethod={2};";
StringBuilder sqlDelBuilder = new StringBuilder();
// if (rules.Count != 0)
// {
foreach (ObjectRule rule in rules)
{
string sqlTemp = string.Empty;
string objId = rule.SecurityObject.ObjectId.ToString();
string objType = ((int)rule.SecurityObject.ObjectType).ToString();
string operId = rule.Operator.OperatorId.ToString();
string method = ((int)rule.Method).ToString();
if (rule.IsValidate)
{
sqlTemp = string.Format(sqlRuleFormat, objId, objType, operId, method);
sqlBuilder.Append(sqlTemp);
sqlTemp = string.Format(sqlRuleDelFormat, objId, operId, method);
sqlDelBuilder.Append(sqlTemp);
}
else
{
sqlTemp = string.Format(sqlRuleDelFormat, objId, operId, method);
sqlDelBuilder.Append(sqlTemp);
}
}
// }
//else
//{
// foreach (IOperator oper in opers)
// {
// sqlDelBuilder.Append(string.Format(sqlRuleDelFormat, secObj.ObjectId.ToString(), oper.OperatorId.ToString()));
// }
//}
sqlBuilder.Append(" Commit End Try Begin Catch IF @@TRANCOUNT > 0 Rollback DECLARE @ErrMsg nvarchar(4000), @ErrSeverity int"
+ " SELECT @ErrMsg = ERROR_MESSAGE(),"
+ " @ErrSeverity = ERROR_SEVERITY()"
+ " RAISERROR(@ErrMsg, @ErrSeverity, 1)"
+ " End Catch");
string finalSql = sqlBuilder.ToString();
finalSql = string.Format(finalSql, sqlDelBuilder.ToString());
try
{
SqlHelper.ExecuteNonQuery(CommonInfo.ConQJVRMS, CommandType.Text, finalSql);
return(true);
}
catch (Exception ex)
{
LogWriter.WriteExceptionLog(ex);
return(false);
}
}
