protected void Page_Load(object sender, EventArgs e)
{
PageBar1.PageSize = NowPageCount();// UIBiz.CommonInfo.PageCount;
PageBar2.PageSize = NowPageCount(); //UIBiz.CommonInfo.PageCount;
isChangePageSize = this.Search_ReSetPageSize1.isChangePageSize;
string showCata = Request.QueryString["showCata"] == null ? "" : Request.QueryString["showCata"];
this.catalogID = Request.QueryString["CatalogID"] == null ? "00000000-0000-0000-0000-000000000000" : Request.QueryString["CatalogID"].ToString();
//分类检索
if (showCata == "1")
{
List<ObjectRule> rules = new List<ObjectRule>(1);
ISecurityObject securityObj = new SecurityObject(new Guid(this.catalogID), SecurityObjectType.Items);
ObjectRule or = new ObjectRule(securityObj, new User(CurrentUser.UserId), OperatorMethod.Deny);
rules.Add(or);
ObjectRule.CheckRules(rules);
// if (!Catalog.GetCataRight(CurrentUser.UserId, new Guid(this.catalogID)))
if (rules[0].IsValidate)
{
ShowMessage("您没有权限浏览此分类!");
Response.Redirect(FormsAuthentication.DefaultUrl, true);
}
// this.cataNav.Visible = true;
this.BindCataNav();
}
//关键字或高级搜索
else
{
this.keyword = Request.QueryString["keyword"] == null ? "" : Request.QueryString["keyword"].ToString();
this.keyword = Server.UrlDecode(this.keyword);
this.beginDate = Request.QueryString["BeginDate"].ToString();//上传时间起始日期
this.endDate = Request.QueryString["EndDate"].ToString();//上传时间结束日期
// this.cataNav.Visible = false; ;
}
if (isChangePageSize == "1")
{
this.Search_ReSetPageSize1.isChangePageSize = string.Empty;
_curpage = 0;
}
if (!Page.IsPostBack || isChangePageSize == "1")
{
BindData(PageBar1.PageSize, _curpage);
}
}
/// <summary>
/// ÉèÖÃRule
/// </summary>
/// <param name="rules"></param>
public static bool SetRules(List<ObjectRule> rules, SecurityObject secObj, System.Collections.ArrayList opers)
{
QJVRMS.Common.SerializeObjectFactory sof = new QJVRMS.Common.SerializeObjectFactory();
string rulesStr = sof.SerializeToBase64(rules);
string secObjStr = sof.SerializeToBase64(secObj);
string opersStr = sof.SerializeToBase64(opers);
return SetRules(rulesStr, secObjStr, opersStr);
//string sqlRuleFormat = "insert into AccessControlLIst (ObjectId,ObjectType,OperatorId,OperatorMethod)"
// + " values ('{0}',{1},'{2}',{3});";
//StringBuilder sqlBuilder = new StringBuilder();
//sqlBuilder.Append("Begin Tran Begin try {0}");
//string sqlRuleDelFormat = "Delete from AccessControlLIst Where ObjectId='{0}' and OperatorId='{1}';";
//StringBuilder sqlDelBuilder = new StringBuilder();
//if (rules.Count != 0)
//{
// foreach (IRule rule in rules)
// {
// string sqlTemp = string.Empty;
// string objId = rule.SecurityObject.ObjectId.ToString();
// string objType = ((int)rule.SecurityObject.ObjectType).ToString();
// string operId = rule.Operator.OperatorId.ToString();
// string method = ((int)rule.Method).ToString();
// sqlTemp = string.Format(sqlRuleFormat, objId, objType, operId, method);
// sqlBuilder.Append(sqlTemp);
// sqlTemp = string.Format(sqlRuleDelFormat, objId, operId);
// sqlDelBuilder.Append(sqlTemp);
// }
//}
//else
//{
// foreach (IOperator oper in opers)
// {
// sqlDelBuilder.Append(string.Format(sqlRuleDelFormat, secObj.ObjectId.ToString(), oper.OperatorId.ToString()));
// }
//}
//sqlBuilder.Append(" Commit End Try Begin Catch IF @@TRANCOUNT > 0 Rollback DECLARE @ErrMsg nvarchar(4000), @ErrSeverity int"
// + " SELECT @ErrMsg = ERROR_MESSAGE(),"
// + " @ErrSeverity = ERROR_SEVERITY()"
// + " RAISERROR(@ErrMsg, @ErrSeverity, 1)"
// + " End Catch");
//string finalSql = sqlBuilder.ToString();
//finalSql = string.Format(finalSql, sqlDelBuilder.ToString());
//try
//{
// SqlHelper.ExecuteNonQuery(SqlHelper.SqlCon_QJVRMS, CommandType.Text, finalSql);
// return true;
//}
//catch(Exception ex)
//{
// LogWriter.WriteExceptionLog(ex);
// return false;
//}
}
/// <summary>
/// ÉèÖÃRule
/// </summary>
/// <param name="rules"></param>
public static bool SetRules(List <ObjectRule> rules, SecurityObject secObj, System.Collections.ArrayList opers)
{
QJVRMS.Common.SerializeObjectFactory sof = new QJVRMS.Common.SerializeObjectFactory();
string rulesStr = sof.SerializeToBase64(rules);
string secObjStr = sof.SerializeToBase64(secObj);
string opersStr = sof.SerializeToBase64(opers);
return(SetRules(rulesStr, secObjStr, opersStr));
//string sqlRuleFormat = "insert into AccessControlLIst (ObjectId,ObjectType,OperatorId,OperatorMethod)"
// + " values ('{0}',{1},'{2}',{3});";
//StringBuilder sqlBuilder = new StringBuilder();
//sqlBuilder.Append("Begin Tran Begin try {0}");
//string sqlRuleDelFormat = "Delete from AccessControlLIst Where ObjectId='{0}' and OperatorId='{1}';";
//StringBuilder sqlDelBuilder = new StringBuilder();
//if (rules.Count != 0)
//{
// foreach (IRule rule in rules)
// {
// string sqlTemp = string.Empty;
// string objId = rule.SecurityObject.ObjectId.ToString();
// string objType = ((int)rule.SecurityObject.ObjectType).ToString();
// string operId = rule.Operator.OperatorId.ToString();
// string method = ((int)rule.Method).ToString();
// sqlTemp = string.Format(sqlRuleFormat, objId, objType, operId, method);
// sqlBuilder.Append(sqlTemp);
// sqlTemp = string.Format(sqlRuleDelFormat, objId, operId);
// sqlDelBuilder.Append(sqlTemp);
// }
//}
//else
//{
// foreach (IOperator oper in opers)
// {
// sqlDelBuilder.Append(string.Format(sqlRuleDelFormat, secObj.ObjectId.ToString(), oper.OperatorId.ToString()));
// }
//}
//sqlBuilder.Append(" Commit End Try Begin Catch IF @@TRANCOUNT > 0 Rollback DECLARE @ErrMsg nvarchar(4000), @ErrSeverity int"
// + " SELECT @ErrMsg = ERROR_MESSAGE(),"
// + " @ErrSeverity = ERROR_SEVERITY()"
// + " RAISERROR(@ErrMsg, @ErrSeverity, 1)"
// + " End Catch");
//string finalSql = sqlBuilder.ToString();
//finalSql = string.Format(finalSql, sqlDelBuilder.ToString());
//try
//{
// SqlHelper.ExecuteNonQuery(SqlHelper.SqlCon_QJVRMS, CommandType.Text, finalSql);
// return true;
//}
//catch(Exception ex)
//{
// LogWriter.WriteExceptionLog(ex);
// return false;
//}
}
protected void btnSetUserFun_Click(object sender, EventArgs e)
{
List<ObjectRule> rules = new List<ObjectRule>(100);
User user = null;
SecurityObject secObj = null;
Guid objId = new Guid(this.hiCurrentCataId.Value);
secObj = new SecurityObject(objId, SecurityObjectType.Items);
ArrayList opers = new ArrayList(100);
foreach (GridViewRow row in userList.Rows)
{
Guid userId = new Guid(userList.DataKeys[row.RowIndex].Value.ToString());
user = new User(userId);
opers.Add(user);
ObjectRule newRule;
CheckBox chk = row.FindControl("funUpChk") as CheckBox;
newRule = new ObjectRule(secObj, user, OperatorMethod.Write);
rules.Add(newRule);
if (chk.Checked)
{
newRule.IsValidate = true;
}
else
{
newRule.IsValidate = false;
}
CheckBox echk = row.FindControl("funEditChk") as CheckBox;
newRule = new ObjectRule(secObj, user, OperatorMethod.Modify);
rules.Add(newRule);
if (echk.Checked)
{
newRule.IsValidate = true;
}
else
{
newRule.IsValidate = false;
}
CheckBox dchk = row.FindControl("funReadChk") as CheckBox;
newRule = new ObjectRule(secObj, user, OperatorMethod.Deny);
rules.Add(newRule);
if (dchk.Checked)
{
newRule.IsValidate = true;
}
else
{
newRule.IsValidate = false;
}
CheckBox downChk = row.FindControl("funDownChk") as CheckBox;
newRule = new ObjectRule(secObj, user, OperatorMethod.Download);
rules.Add(newRule);
newRule.IsValidate = downChk.Checked;
//针对当前类的子类设置权限(子类应自动继承父类权限)
DataTable childCatalog = Catalog.GetCatalogTableByParentId(objId);
foreach (DataRow cata in childCatalog.Rows)
{
SecurityObject cSecObj = new SecurityObject(new Guid(cata["catalogId"].ToString()),
SecurityObjectType.Items);
ObjectRule cOrUp = new ObjectRule(cSecObj, user, OperatorMethod.Write);
cOrUp.IsValidate = chk.Checked;
rules.Add(cOrUp);
ObjectRule cOrEdit = new ObjectRule(cSecObj, user, OperatorMethod.Modify);
cOrEdit.IsValidate = echk.Checked;
rules.Add(cOrEdit);
ObjectRule cOrDeny = new ObjectRule(cSecObj, user, OperatorMethod.Deny);
cOrDeny.IsValidate = dchk.Checked;
rules.Add(cOrDeny);
ObjectRule cOrDown = new ObjectRule(cSecObj, user, OperatorMethod.Download);
cOrDown.IsValidate = downChk.Checked;
rules.Add(cOrDown);
}
}
if (ObjectRule.SetRules(rules, secObj, opers))
{
ShowMessage("用户权限设置成功");
}
else
{
ShowMessage("用户权限设置失败");
}
}
/// <summary>
/// 判断某个用户对某个资源是否具有某个操作权限
/// </summary>
/// <param name="userId"></param>
/// <param name="resourceId"></param>
/// <returns></returns>
public bool IsUserResource(Guid userId, Guid resourceId,int method)
{
bool _b = false;
DataSet ds = this.GetResourceCatalogByItemId(resourceId.ToString());
int icount = ds.Tables[0].Rows.Count;
List<ObjectRule> rules = new List<ObjectRule>(icount);
foreach (DataRow dr in ds.Tables[0].Rows)
{
ISecurityObject securityObj = new SecurityObject(new Guid(dr["CatalogId"].ToString()), SecurityObjectType.Items);
ObjectRule or = new ObjectRule(securityObj, new User(userId), (OperatorMethod)method);
rules.Add(or);
}
ObjectRule.CheckRules(rules);
foreach (ObjectRule obj in rules)
{
_b = _b || obj.IsValidate;
}
return _b;
}
protected void btnSearchUser_Click(object sender, EventArgs e)
{
QJVRMS.Business.Group userGroup = new QJVRMS.Business.Group(CurrentGroupId);
DataTable dt = userGroup.SelectUsers(this.txtloginName.Text.Trim(), this.txtUserName.Text.Trim());
Hashtable userRules = new Hashtable();
Dictionary<int, string> methodDict = WebUI.UIBiz.CommonInfo.GetMethodDict();
foreach (DataRow row in dt.Rows)
{
ISecurityObject securityObj = new SecurityObject(new Guid(this.hiCurrentCataId.Value), SecurityObjectType.Items);
List<ObjectRule> rules = new List<ObjectRule>();
User user = new User(new Guid(row["userId"].ToString()));
foreach (KeyValuePair<int, string> methodEntry in methodDict)
{
OperatorMethod method = (OperatorMethod)((int)methodEntry.Key);
ObjectRule rule = new ObjectRule(securityObj, user, method);
rules.Add(rule);
}
userRules.Add(user, rules);
ObjectRule.CheckRules(rules);
}
foreach (KeyValuePair<int, string> methodEntry in methodDict)
{
string mIndex = methodEntry.Key.ToString();
dt.Columns.Add(mIndex, typeof(bool));
}
foreach (DictionaryEntry entry in userRules)
{
User user = entry.Key as User;
List<ObjectRule> rules = entry.Value as List<ObjectRule>;
DataRow[] users = dt.Select("userId='" + user.UserId.ToString() + "'");
foreach (IRule rule in rules)
{
string methodKey = ((int)rule.Method).ToString();
users[0][methodKey] = rule.IsValidate;
}
}
this.userList.DataSource = dt;
this.userList.DataBind();
}
//设定权限
protected void btnSetRoleFun_Click(object sender, EventArgs e)
{
List<ObjectRule> rules = new List<ObjectRule>(100);
Role role = null;
SecurityObject secObj = null;
Guid objId = new Guid(this.hiCurrentCataId.Value);
secObj = new SecurityObject(objId, SecurityObjectType.Items);
ArrayList opers = new ArrayList(100);
foreach (GridViewRow row in roleGroupList.Rows)
{
Guid roleId = new Guid(roleGroupList.DataKeys[row.RowIndex].Value.ToString());
role = new Role();
role.RoleId = roleId;
opers.Add(role);
ObjectRule newRule;
CheckBox chkRead = row.FindControl("funReadChk") as CheckBox;
newRule = new ObjectRule(secObj, role, OperatorMethod.Deny);
rules.Add(newRule);
newRule.IsValidate = chkRead.Checked;
CheckBox chkWrite = row.FindControl("funUpChk") as CheckBox;
newRule = new ObjectRule(secObj, role, OperatorMethod.Write);
rules.Add(newRule);
newRule.IsValidate = chkWrite.Checked;
CheckBox chkEdit = row.FindControl("funEditChk") as CheckBox;
newRule = new ObjectRule(secObj, role, OperatorMethod.Modify);
rules.Add(newRule);
newRule.IsValidate = chkEdit.Checked;
CheckBox chkDownload = row.FindControl("funDownChk") as CheckBox;
newRule = new ObjectRule(secObj, role, OperatorMethod.Download);
rules.Add(newRule);
newRule.IsValidate = chkDownload.Checked;
//针对当前类的子类设置权限(子类应自动继承父类权限)
DataTable childCatalog = Catalog.GetCatalogTableByParentId(objId);
foreach (DataRow cata in childCatalog.Rows)
{
SecurityObject cSecObj = new SecurityObject(new Guid(cata["catalogId"].ToString()),
SecurityObjectType.Items);
ObjectRule cOrRead = new ObjectRule(cSecObj, role, OperatorMethod.Deny);
cOrRead.IsValidate = chkRead.Checked;
ObjectRule cOrWrite = new ObjectRule(cSecObj, role, OperatorMethod.Write);
cOrWrite.IsValidate = chkWrite.Checked;
ObjectRule cOrEdit = new ObjectRule(cSecObj, role, OperatorMethod.Modify);
cOrEdit.IsValidate = chkEdit.Checked;
ObjectRule cOrDown = new ObjectRule(cSecObj, role, OperatorMethod.Download);
cOrDown.IsValidate = chkDownload.Checked;
rules.Add(cOrRead);
rules.Add(cOrWrite);
rules.Add(cOrEdit);
rules.Add(cOrDown);
}
}
if (ObjectRule.SetRules(rules, secObj, opers))
{
ShowMessage("角色权限设置成功");
}
else
{
ShowMessage("角色权限设置失败");
}
}
/// <summary>
/// 绑定用户组定义功能
/// </summary>
void BindRoleControlList()
{
Dictionary<int, string> methodDict = WebUI.UIBiz.CommonInfo.GetMethodDict();
//注意修改 当为superadmin时
RoleCollection roles = Role.GetRoleCollection(CurrentGroupId);
Hashtable roleRules = new Hashtable();
foreach (Role role in roles)
{
ISecurityObject securityObj = new SecurityObject(new Guid(this.hiCurrentCataId.Value), SecurityObjectType.Items);
List<ObjectRule> rules = new List<ObjectRule>();
foreach (KeyValuePair<int, string> methodEntry in methodDict)
{
OperatorMethod method = (OperatorMethod)((int)methodEntry.Key);
ObjectRule rule = new ObjectRule(securityObj, role, method);
rules.Add(rule);
}
roleRules.Add(role, rules);
ObjectRule.CheckRules(rules);
}
DataTable roleMethod = new DataTable();
DataColumn dc = new DataColumn("roleName");
roleMethod.Columns.Add(dc);
dc = new DataColumn("roleId");
roleMethod.Columns.Add(dc);
foreach (KeyValuePair<int, string> methodEntry in methodDict)
{
string mIndex = methodEntry.Key.ToString();
roleMethod.Columns.Add(mIndex, typeof(bool));
}
//foreach (KeyValuePair<int, string> methodEntry in methodDict)
//{
// TemplateField field = new TemplateField();
// // CheckBoxField field = new CheckBoxField();
// WebUI.UIBiz.GridViewTempla template = new WebUI.UIBiz.GridViewTempla(ListItemType.Item, string.Empty);
// field.HeaderText = methodEntry.Value.ToString();
// // field.DataField = methodEntry.Key.ToString();
// // field.ReadOnly = false;
// field.ItemTemplate = template;
// roleGroupList.Columns.Add(field);
// DataColumn methodDc = new DataColumn(methodEntry.Key.ToString());
// roleMethod.Columns.Add(methodDc);
//}
foreach (DictionaryEntry entry in roleRules)
{
Role role = entry.Key as Role;
List<ObjectRule> rules = entry.Value as List<ObjectRule>;
DataRow dr = roleMethod.NewRow();
dr["roleName"] = role.RoleName;
dr["roleId"] = role.RoleId.ToString();
foreach (IRule rule in rules)
{
string methodKey = ((int)rule.Method).ToString();
dr[methodKey] = rule.IsValidate;
}
roleMethod.Rows.Add(dr);
}
DataView dv = roleMethod.DefaultView;
dv.Sort = "RoleName";
roleGroupList.DataSource = dv;
roleGroupList.DataBind();
// TemplateColumn roleColumn = new TemplateColumn();
}
public static bool ModifyRole(string roleName, string description, Guid roleId, SecurityObject[] secObj, OperatorMethod method)
{
// string formatcreateSql = string.Empty;
// formatcreateSql = @"insert into accessControlList (ObjectId,ObjectType,OperatorId,OperatorMethod)
// values ('{0}',{1},'{2}',{3})";
// string createSql = string.Empty;
// string sql = string.Empty;
// sql = "Begin Tran Begin try ";
// sql += "update Roles set RoleName='{0}',Description='{1}' where roleId='{2}'";
// sql = string.Format(sql, roleName, description, roleId.ToString());
// sql += " delete from accessControlList where OperatorId='{0}' ";
// sql = string.Format(sql, roleId.ToString());
// foreach (ISecurityObject secobj in secObj)
// {
// string secObjId = secobj.ObjectId.ToString();
// int oType = (int)secobj.ObjectType;
// int methodIndex = (int)method;
// createSql = string.Format(formatcreateSql, secObjId, oType.ToString(), roleId.ToString(), methodIndex.ToString());
// sql += createSql;
// }
// sql += " Commit End try ";
// sql += "Begin Catch IF @@TRANCOUNT > 0 Rollback"
// + " DECLARE @ErrMsg nvarchar(4000), @ErrSeverity int"
// + " SELECT @ErrMsg = ERROR_MESSAGE(),"
// + " @ErrSeverity = ERROR_SEVERITY()"
// + "RAISERROR(@ErrMsg, @ErrSeverity, 1)"
// + " End Catch";
// try
// {
// SqlHelper.ExecuteNonQuery(SqlHelper.SqlCon_QJVRMS, CommandType.Text, sql);
// return true;
// }
// catch (Exception e)
// {
// // QJVRMS.Common.LogWriter.WriteExceptionLog(e, true);
// return false;
// }
QJVRMS.Common.SerializeObjectFactory sof = new QJVRMS.Common.SerializeObjectFactory();
string objStr = sof.SerializeToBase64(secObj);
QJVRMS.Business.RoleWS.RoleService rs = new QJVRMS.Business.RoleWS.RoleService();
return rs.ModifyRole(roleName, description, roleId, objStr, (int)method);
}
/// <summary>
/// 删除用户组
///
/// I:删除用户组用户
/// II:删除受控对象
/// </summary>
/// <param name="roleId"></param>
/// <returns></returns>
//public static bool Deleteuserda(Guid userId)
//{
// string sql = "Begin Tran Begin try "
// + " Delete from Users_inRoles where UserId=@userId"
// + " Delete from Users where UserId=@userId"
// + " Commit End Try"
// + " Begin Catch IF @@TRANCOUNT > 0 Rollback "
// + " DECLARE @ErrMsg nvarchar(4000), @ErrSeverity int "
// + " SELECT @ErrMsg = ERROR_MESSAGE(),"
// + " @ErrSeverity = ERROR_SEVERITY() "
// + " RAISERROR(@ErrMsg, @ErrSeverity, 1)"
// + " End Catch";
// SqlParameter[] Parameters = new SqlParameter[1];
// Parameters[0] = new SqlParameter("@userId", SqlDbType.UniqueIdentifier);
// Parameters[0].Value = userId;
// try
// {
// SqlHelper.ExecuteNonQuery(SqlHelper.SqlCon_QJVRMS, CommandType.Text, sql, Parameters);
// return true;
// }
// catch (Exception ex)
// {
// // QJVRMS.Common.LogWriter.WriteExceptionLog(ex, true);
// return false;
// }
//}
public static IRole NewRole(Guid groupId, string roleName, string description, SecurityObject[] secObj, OperatorMethod method)
{
//SqlParameter[] Parameters = new SqlParameter[4];
//Parameters[0] = new SqlParameter("@RoleName", SqlDbType.NVarChar);
//Parameters[1] = new SqlParameter("@description", SqlDbType.NVarChar);
//Parameters[2] = new SqlParameter("@groupId", SqlDbType.UniqueIdentifier);
//Parameters[3] = new SqlParameter("@roleId", SqlDbType.UniqueIdentifier);
//Parameters[3].Direction = ParameterDirection.Output;
//Parameters[0].Value = roleName;
//Parameters[1].Value = description;
//Parameters[2].Value = groupId;
//SqlTransaction trans = null;
Role role = null;
// using (SqlConnection con = new SqlConnection(SqlHelper.Con_QJVRMS))
// {
// con.Open();
// trans = con.BeginTransaction();
// try
// {
// SqlHelper.ExecuteNonQuery(trans, CommandType.StoredProcedure, "dbo.Role_CreateRole", Parameters);
// Guid roleId = new Guid(Parameters[3].Value.ToString());
// string formatcreateSql = @"insert into accessControlList (ObjectId,ObjectType,OperatorId,OperatorMethod)
// values ('{0}',{1},'{2}',{3})";
// string sql = string.Empty;
// foreach (ISecurityObject secobj in secObj)
// {
// string secObjId = secobj.ObjectId.ToString();
// int oType = (int)secobj.ObjectType;
// int methodIndex = (int)method;
// sql += string.Format(formatcreateSql, secObjId, oType.ToString(), roleId.ToString(), methodIndex.ToString());
// }
// if( sql != string.Empty )
// SqlHelper.ExecuteNonQuery(trans, CommandType.Text, sql);
// role = new Role(roleId, groupId, roleName, description);
// trans.Commit();
// }
// catch (Exception e)
// {
// trans.Rollback();
// // QJVRMS.Common.LogWriter.WriteExceptionLog(e, true);
// throw e;
// }
// }
QJVRMS.Common.SerializeObjectFactory sof = new QJVRMS.Common.SerializeObjectFactory();
string objStr = sof.SerializeToBase64(secObj);
QJVRMS.Business.RoleWS.RoleService rs = new QJVRMS.Business.RoleWS.RoleService();
Guid roleId = rs.NewRole(groupId, roleName, description, objStr, (int)method);
role = new Role(roleId, groupId, roleName, description);
return role;
}