Esempio n. 1
0
 internal static void InitSecurityContext(WebControls.BannerNotice notice)
 {
     if (TimePointContext.Current.UseCurrentTime)
     {
         // switch (MCS.Library.PCPassport.Principal.PCPrincipal.PCCurrent.KeyRoleStatus)
         // {
         //    case MCS.Library.PCPassport.Principal.SecurityStatus.Ready:
         //        break;
         //    case MCS.Library.PCPassport.Principal.SecurityStatus.ConfigNotReady:
         //        notice.Text = "尚未配置管理应用或管理角色,操作将不受ACL控制,请联系管理员处理此安全风险。";
         //        break;
         //    case MCS.Library.PCPassport.Principal.SecurityStatus.KeyRoleEmpty:
         //        notice.Text = "管理角色中无任何人员,操作将不受ACL控制,请联系管理员处理此安全风险。";
         //        break;
         //    default:
         //        break;
         // }
     }
 }
Esempio n. 2
0
        /*
		internal static void ValidateAdminRole(MCS.Library.OGUPermission.IRole role)
		{
			string[] parts = role.FullCodeName.Split(':');

			if (parts.Length != 2 || parts[0].Length == 0 || parts[1].Length == 0)
				throw new FormatException("角色的全名格式有误");

			var app = PC.Adapters.SchemaObjectAdapter.Instance.LoadByCodeName("Applications", parts[0], DateTime.MinValue) as PC.SCApplication;

			var role1 = PC.Adapters.SchemaObjectAdapter.Instance.LoadByCodeName("Roles", parts[1], DateTime.MinValue) as PC.SCRole;

			if (app == null)
				throw new ManageRoleNotExistException(parts[0], parts[1]);

			if (PC.Adapters.SCMemberRelationAdapter.Instance.Load(app.ID, role1.ID) == null)
				throw new ManageRoleNotExistException(parts[0], parts[1], string.Format("存在无效的配置,指定的角色全名对应无效的对象{0}", parts[0], parts[1]));
		}
        */

        internal static ManageAclStatus GetAdminRoleStatus(BannerNotice notice)
        {
            ManageAclStatus result;

            var adminRole = ObjectSchemaSettings.GetConfig().GetAdminRole();
            if (adminRole != null)
            {
                // 检查授权
                try
                {
                    // Util.ValidateAdminRole(adminRole);
                    // 经过这步,基本确定配置和当前对象无误
                    string[] parts = adminRole.FullCodeName.Split(':');

                    string adminRoleID;
                    if (parts.Length != 2)
                    {
                        throw new FormatException("配置文件中的管理角色路径格式错误。");
                    }

                    try
                    {
                        adminRoleID = adminRole.ID; // 有可能抛异常
                    }
                    catch (Exception ex)
                    {
                        throw new ManageRoleNotExistException(parts[0], parts[1], ex);
                    }

                    if (Util.IsRoleEmpty(adminRoleID))
                    {
                        notice.Text = string.Format("管理角色{0}尚无任何人员,权限已完全开放,请联系管理员立即处理此安全风险。", adminRole.FullCodeName);
                        notice.RenderType = WebControls.NoticeType.Warning;
                        result = ManageAclStatus.NobodyIn;
                    }
                    else
                    {
                        result = ManageAclStatus.Ready;
                    }
                }
                catch (ManageRoleNotExistException m)
                {
                    notice.Text = m.Message + " 请联系管理员";
                    notice.RenderType = WebControls.NoticeType.Error;
                    result = ManageAclStatus.RoleNotExists;
                }
            }
            else
            {
                notice.RenderType = WebControls.NoticeType.Error;
                notice.Text = "系统尚未配置管理应用和角色,授权管理操作对所有用户开放,为了防范安全风险请联系管理员立即修改配置并重启服务。";
                result = ManageAclStatus.NoConfig;
            }

            return result;
        }