public BasePermissionScopeEntity GetConstraintEntity(string resourceCategory, string resourceId, string tableName, string permissionCode = "Resource.AccessPermission")
{
BasePermissionScopeEntity entity = null;
string permissionId = string.Empty;
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(this.UserInfo);
permissionId = permissionItemManager.GetIdByAdd(permissionCode);
List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >();
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceCategory, resourceCategory));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceId, resourceId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetCategory, "Table"));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetId, tableName));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionItemId, permissionId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldDeletionStateCode, 0));
// 1:先获取是否有这样的主键,若有进行更新操作。
BasePermissionScopeManager manager = new BasePermissionScopeManager(this.DbHelper, this.UserInfo);
DataTable dt = manager.GetDataTable(parameters);
if (dt.Rows.Count > 0)
{
entity = new BasePermissionScopeEntity(dt);
}
return(entity);
}
/// <summary>
/// 获取用户的件约束表达式
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="tableName">表名</param>
/// <returns>主键</returns>
public string GetUserConstraint(string tableName, string permissionCode = "Resource.AccessPermission")
{
string returnValue = string.Empty;
// 这里是获取用户的条件表达式
// 1: 首先用户在哪些角色里是有效的?
// 2: 这些角色都有哪些哪些条件约束?
// 3: 组合约束条件?
// 4:用户本身的约束条件?
string permissionId = string.Empty;
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(this.UserInfo);
permissionId = permissionItemManager.GetIdByAdd(permissionCode);
BaseUserManager manager = new BaseUserManager(this.DbHelper, this.UserInfo);
string[] roleIds = manager.GetAllRoleIds(UserInfo.Id);
if (roleIds == null || roleIds.Length == 0)
{
return(returnValue);
}
BasePermissionScopeManager scopeManager = new BasePermissionScopeManager(this.DbHelper, this.UserInfo);
List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >();
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceCategory, BaseRoleEntity.TableName));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceId, roleIds));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetCategory, "Table"));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetId, tableName));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionItemId, permissionId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldEnabled, 1));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldDeletionStateCode, 0));
DataTable dtPermissionScope = scopeManager.GetDataTable(parameters);
string permissionConstraint = string.Empty;
foreach (DataRow dataRow in dtPermissionScope.Rows)
{
permissionConstraint = dataRow[BasePermissionScopeEntity.FieldPermissionConstraint].ToString();
permissionConstraint = permissionConstraint.Trim();
if (!string.IsNullOrEmpty(permissionConstraint))
{
returnValue += " AND " + permissionConstraint;
}
}
if (!string.IsNullOrEmpty(returnValue))
{
returnValue = returnValue.Substring(5);
// 解析替换约束表达式标准函数
returnValue = ConstraintUtil.PrepareParameter(this.UserInfo, returnValue);
}
return(returnValue);
}
public new string GetIdByCode(string permissionItemCode)
{
string tableName = BasePermissionScopeEntity.TableName;
if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
{
tableName = BaseSystemInfo.SystemCode + "PermissionItem";
}
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper, this.UserInfo, tableName);
// 这里应该是若不存在就自动加一个操作权限
return(permissionItemManager.GetIdByAdd(permissionItemCode));
}
/// <summary>
/// 设置约束条件
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="resourceCategory">资源类别</param>
/// <param name="resourceId">资源主键</param>
/// <param name="tableName">表名</param>
/// <param name="constraint">约束</param>
/// <param name="enabled">有效</param>
/// <param name="permissionCode">操作权限项</param>
/// <returns>主键</returns>
public string SetConstraint(string resourceCategory, string resourceId, string tableName, string permissionCode, string constraint, bool enabled = true)
{
string returnValue = string.Empty;
string permissionId = string.Empty;
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(this.UserInfo);
permissionId = permissionItemManager.GetIdByAdd(permissionCode);
List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >();
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceCategory, resourceCategory));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceId, resourceId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetCategory, "Table"));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetId, tableName));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionItemId, permissionId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldDeletionStateCode, 0));
BasePermissionScopeManager manager = new BasePermissionScopeManager(this.DbHelper, this.UserInfo);
// 1:先获取是否有这样的主键,若有进行更新操作。
// 2:若没有进行添加操作。
returnValue = manager.GetId(parameters);
if (!string.IsNullOrEmpty(returnValue))
{
parameters = new List <KeyValuePair <string, object> >();
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionConstraint, constraint));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldEnabled, enabled ? 1 : 0));
manager.SetProperty(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldId, returnValue), parameters);
}
else
{
BasePermissionScopeEntity entity = new BasePermissionScopeEntity();
entity.ResourceCategory = resourceCategory;
entity.ResourceId = resourceId;
entity.TargetCategory = "Table";
entity.TargetId = tableName;
entity.PermissionConstraint = constraint;
entity.PermissionId = int.Parse(permissionId);
entity.DeletionStateCode = 0;
entity.Enabled = enabled ? 1: 0;
returnValue = manager.Add(entity);
}
return(returnValue);
}
/// <summary>
/// 获取约束条件(所有的约束)
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="resourceCategory">资源类别</param>
/// <param name="resourceId">资源主键</param>
/// <returns>数据表</returns>
public DataTable GetConstraintDT(string resourceCategory, string resourceId, string permissionCode = "Resource.AccessPermission")
{
DataTable dataTable = new DataTable(BaseTableColumnsEntity.TableName);
/*
* -- 这里是都有哪些表?
* SELECT ItemValue, ItemName
* FROM ItemsTablePermissionScope
* WHERE (DeletionStateCode = 0)
* AND (Enabled = 1)
* ORDER BY ItemsTablePermissionScope.SortCode
*/
/*
* -- 这里是都有有哪些表达式
* SELECT Id, TargetId, PermissionConstraint -- 对什么表有什么表达式?
* FROM BasePermissionScope
* WHERE (ResourceId = 10000000)
* AND (ResourceCategory = 'BaseRole') -- 什么角色?
* AND (TargetId = 'BaseUser')
* AND (TargetCategory = 'Table')
* AND (PermissionId = 10000001) -- 有什么权限?(资源访问权限)
* AND (DeletionStateCode = 0)
* AND (Enabled = 1)
*/
string permissionId = string.Empty;
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(this.UserInfo);
permissionId = permissionItemManager.GetIdByAdd(permissionCode);
string sqlQuery = @" SELECT BasePermissionScope.Id
, ItemsTablePermissionScope.ItemValue AS TableCode
, ItemsTablePermissionScope.ItemName AS TableName
, BasePermissionScope.PermissionConstraint
, ItemsTablePermissionScope.SortCode
FROM (
SELECT ItemValue
, ItemName
, SortCode
FROM ItemsTablePermissionScope
WHERE (DeletionStateCode = 0)
AND (Enabled = 1)
) AS ItemsTablePermissionScope LEFT OUTER JOIN
(SELECT Id
, TargetId
, PermissionConstraint
FROM BasePermissionScope
WHERE (ResourceCategory = '" + resourceCategory + @"')
AND (ResourceId = " + resourceId + @")
AND (TargetCategory = 'Table')
AND (PermissionId = " + permissionId.ToString() + @")
AND (DeletionStateCode = 0)
AND (Enabled = 1)
) AS BasePermissionScope
ON ItemsTablePermissionScope.ItemValue = BasePermissionScope.TargetId
ORDER BY ItemsTablePermissionScope.SortCode ";
dataTable = this.Fill(sqlQuery);
dataTable.TableName = BaseTableColumnsEntity.TableName;
return(dataTable);
}
//
// ResourcePermission 权限判断
//
#region public bool CheckPermissionByUser(string userId, string permissionItemCode, string permissionItemName = null) 是否有相应的权限
/// <summary>
/// 是否有相应的权限
/// </summary>
/// <param name="userId">用户主键</param>
/// <param name="permissionItemCode">权限编号</param>
/// <param name="permissionItemName">权限名称</param>
/// <returns>是否有权限</returns>
public bool CheckPermissionByUser(string userId, string permissionItemCode, string permissionItemName = null)
{
// 若不存在就需要自动能增加一个操作权限项
string tableName = BasePermissionItemEntity.TableName;
if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
{
tableName = BaseSystemInfo.SystemCode + "PermissionItem";
}
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper, UserInfo, tableName);
string permissionItemId = permissionItemManager.GetIdByAdd(permissionItemCode, permissionItemName);
BasePermissionItemEntity permissionItemEntity = permissionItemManager.GetEntity(permissionItemId);
// 先判断用户类别
if (UserInfo.IsAdministrator)
{
return(true);
}
// 没有找到相应的权限
if (String.IsNullOrEmpty(permissionItemId))
{
return(false);
}
// 这里需要判断,是系统权限?
bool returnValue = false;
BaseUserManager userManager = new BaseUserManager(this.DbHelper, this.UserInfo);
if (!string.IsNullOrEmpty(permissionItemEntity.CategoryCode) && permissionItemEntity.CategoryCode.Equals("System"))
{
// 用户管理员
returnValue = userManager.IsInRoleByCode(userId, "UserAdmin");
if (returnValue)
{
return(returnValue);
}
}
// 这里需要判断,是业务权限?
if (!string.IsNullOrEmpty(permissionItemEntity.CategoryCode) && permissionItemEntity.CategoryCode.Equals("Application"))
{
returnValue = userManager.IsInRoleByCode(userId, "Admin");
if (returnValue)
{
return(returnValue);
}
}
// 判断用户权限
if (this.CheckUserPermission(userId, permissionItemId))
{
return(true);
}
// 判断用户角色权限
if (this.CheckUserRolePermission(userId, permissionItemId))
{
return(true);
}
// 判断用户组织机构权限,这里有开关是为了提高性能用的,
// 下面的函数接着还可以提高性能,可以进行一次判断就可以了,其实不用执行4次判断,浪费I/O,浪费性能。
if (BaseSystemInfo.UseOrganizePermission)
{
if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.WorkgroupId))
{
return(true);
}
else if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.DepartmentId))
{
return(true);
}
else if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.SubCompanyId))
{
return(true);
}
else if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.CompanyId))
{
return(true);
}
}
return(false);
}
