/// <summary>
/// 是否有相应的权限
/// </summary>
/// <param name="userId">用户主键</param>
/// <param name="permissionItemCode">权限编号</param>
/// <param name="permissionItemName">权限名称</param>
/// <returns>是否有权限</returns>
public bool CheckPermissionByUser(string userId, string permissionItemCode, string permissionItemName = null)
{
// 若不存在就需要自动能增加一个操作权限项
string tableName = BasePermissionItemEntity.TableName;
if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
{
tableName = BaseSystemInfo.SystemCode + "PermissionItem";
}
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper, UserInfo, tableName);
string permissionItemId = permissionItemManager.GetIdByAdd(permissionItemCode, permissionItemName);
BasePermissionItemEntity permissionItemEntity = permissionItemManager.GetEntity(permissionItemId);
// 先判断用户类别
if (UserInfo.IsAdministrator)
{
return true;
}
// 没有找到相应的权限
if (String.IsNullOrEmpty(permissionItemId))
{
return false;
}
// 这里需要判断,是系统权限?
bool returnValue = false;
BaseUserManager userManager = new BaseUserManager(this.DbHelper, this.UserInfo);
if (!string.IsNullOrEmpty(permissionItemEntity.CategoryCode) && permissionItemEntity.CategoryCode.Equals("System"))
{
// 用户管理员
returnValue = userManager.IsInRoleByCode(userId, "UserAdmin");
if (returnValue)
{
return returnValue;
}
}
// 这里需要判断,是业务权限?
if (!string.IsNullOrEmpty(permissionItemEntity.CategoryCode) && permissionItemEntity.CategoryCode.Equals("Application"))
{
returnValue = userManager.IsInRoleByCode(userId, "Admin");
if (returnValue)
{
return returnValue;
}
}
// 判断用户权限
if (this.CheckUserPermission(userId, permissionItemId))
{
return true;
}
// 判断用户角色权限
if (this.CheckUserRolePermission(userId, permissionItemId))
{
return true;
}
// 判断用户组织机构权限,这里有开关是为了提高性能用的,
// 下面的函数接着还可以提高性能,可以进行一次判断就可以了,其实不用执行4次判断,浪费I/O,浪费性能。
if (BaseSystemInfo.UseOrganizePermission)
{
if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.WorkgroupId))
{
return true;
}
else if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.DepartmentId))
{
return true;
}
else if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.SubCompanyId))
{
return true;
}
else if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.CompanyId))
{
return true;
}
}
return false;
}
/// <summary>
/// 获得用户授权范围
/// </summary>
/// <param name="staffId">员工主键</param>
/// <returns>数据表</returns>
public DataTable GetDataTableByUser(string userId, string permissionItemCode)
{
DataTable returnValue = new DataTable(this.CurrentTableName);
List<KeyValuePair<string, object>> parameters = new List<KeyValuePair<string, object>>();
// 这里需要判断,是系统权限?
bool isRole = false;
BaseUserManager userManager = new BaseUserManager(this.DbHelper, this.UserInfo);
// 用户管理员
isRole = userManager.IsInRoleByCode(userId, "UserAdmin");
if (isRole)
{
parameters.Add(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldCategoryCode, "System"));
parameters.Add(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldEnabled, 1));
parameters.Add(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldDeletionStateCode, 0));
returnValue = this.GetDataTable(parameters, BasePermissionItemEntity.FieldSortCode);
returnValue.TableName = this.CurrentTableName;
return returnValue;
}
// 这里需要判断,是业务权限?
isRole = userManager.IsInRoleByCode(userId, "Admin");
if (isRole)
{
parameters = new List<KeyValuePair<string, object>>();
parameters.Add(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldCategoryCode, "Application"));
parameters.Add(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldEnabled, 1));
parameters.Add(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldDeletionStateCode, 0));
returnValue = this.GetDataTable(parameters, BasePermissionItemEntity.FieldSortCode);
returnValue.TableName = this.CurrentTableName;
return returnValue;
}
BasePermissionScopeManager permissionScopeManager = new BasePermissionScopeManager(DbHelper, UserInfo);
string[] permissionItemIds = permissionScopeManager.GetTreeResourceScopeIds(userId, BasePermissionItemEntity.TableName, permissionItemCode, true);
// 有效的,未被删除的
parameters = new List<KeyValuePair<string, object>>();
parameters.Add(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldId, permissionItemIds));
parameters.Add(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldEnabled, 1));
parameters.Add(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldDeletionStateCode, 0));
returnValue = this.GetDataTable(parameters, BasePermissionItemEntity.FieldSortCode);
returnValue.TableName = this.CurrentTableName;
return returnValue;
}
/// <summary>
/// 用户是否在指定的角色里
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="UserId">用户主键</param>
/// <param name="roleName">角色名称</param>
/// <returns>在角色里</returns>
public bool IsInRole(BaseUserInfo userInfo, string userId, string roleName)
{
// 写入调试信息
#if (DEBUG)
int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod());
#endif
// 加强安全验证防止未授权匿名调用
#if (!DEBUG)
LogOnService.UserIsLogOn(userInfo);
#endif
bool returnValue = false;
using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType))
{
try
{
dbHelper.Open(UserCenterDbConnection);
// 先获得角色主键
BaseRoleManager roleManager = new BaseRoleManager(dbHelper, userInfo);
string roleCode = roleManager.GetProperty(new KeyValuePair<string, object>(BaseRoleEntity.FieldRealName, roleName), BaseRoleEntity.FieldCode);
// 判断用户的默认角色
if (!string.IsNullOrEmpty(roleCode))
{
BaseUserManager userManager = new BaseUserManager(dbHelper, userInfo);
returnValue = userManager.IsInRoleByCode(userId, roleCode);
}
BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, AppMessage.PermissionService_IsInRole, MethodBase.GetCurrentMethod());
}
catch (Exception ex)
{
BaseExceptionManager.LogException(dbHelper, userInfo, ex);
throw ex;
}
finally
{
dbHelper.Close();
}
}
// 写入调试信息
#if (DEBUG)
BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart);
#endif
return returnValue;
}
/// <summary>
/// 按某个权限获取员工 数据表
/// </summary>
/// <param name="userId">管理用户主键</param>
/// <param name="permissionItemCode">权限编号</param>
/// <returns>数据表</returns>
public DataTable GetUserDT(string userId, string permissionItemCode)
{
//string[] names = null;
//object[] values = null;
DataTable returnValue = new DataTable(BaseRoleEntity.TableName);
// 这里需要判断,是系统权限?
bool isRole = false;
BaseUserManager userManager = new BaseUserManager(this.DbHelper, this.UserInfo);
// 用户管理员,这里需要判断,是业务权限?
isRole = userManager.IsInRoleByCode(userId, "UserAdmin") || userManager.IsInRoleByCode(userId, "Admin");
if (isRole)
{
BaseUserManager manager = new BaseUserManager(this.DbHelper, this.UserInfo);
List<KeyValuePair<string, object>> parameters = new List<KeyValuePair<string, object>>();
parameters.Add(new KeyValuePair<string, object>(BaseUserEntity.FieldIsVisible, 1));
parameters.Add(new KeyValuePair<string, object>(BaseUserEntity.FieldEnabled, 1));
parameters.Add(new KeyValuePair<string, object>(BaseUserEntity.FieldDeletionStateCode, 0));
returnValue = manager.GetDataTable(parameters, BaseModuleEntity.FieldSortCode);
returnValue.TableName = this.CurrentTableName;
return returnValue;
}
string sqlQuery = string.Empty;
sqlQuery = " SELECT * FROM " + BaseUserEntity.TableName;
sqlQuery += " WHERE " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldDeletionStateCode + " = 0 "
+ " AND " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldIsVisible + " = 1 "
+ " AND " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldEnabled + " = 1 "
+ " AND " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldId + " IN ("
+ this.GetUserIdsSql(userId, permissionItemCode)
+ " ) "
+ " ORDER BY " + BaseUserEntity.FieldSortCode;
return DbHelper.Fill(sqlQuery);
}
/// <summary>
/// 用户是否在某个角色里的判断
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="userId">用户主键</param>
/// <param name="roleCode">角色编号</param>
/// <returns>存在</returns>
public bool UserIsInRole(BaseUserInfo userInfo, string userId, string roleCode)
{
// 写入调试信息
#if (DEBUG)
int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod());
#endif
// 加强安全验证防止未授权匿名调用
#if (!DEBUG)
LogOnService.UserIsLogOn(userInfo);
#endif
bool returnValue = false;
using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType))
{
try
{
dbHelper.Open(UserCenterDbConnection);
BaseUserManager userManager = new BaseUserManager(dbHelper, userInfo);
returnValue = userManager.IsInRoleByCode(userId, roleCode);
BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, AppMessage.UserService_UserInRole, MethodBase.GetCurrentMethod());
}
catch (Exception ex)
{
BaseExceptionManager.LogException(dbHelper, userInfo, ex);
throw ex;
}
finally
{
dbHelper.Close();
}
}
// 写入调试信息
#if (DEBUG)
BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart);
#endif
return returnValue;
}