protected void BindUserEntityPermissions(QueryBase q, AccessRightValue access) { //get entity permissions var roles = _user?.Roles?.Select(r => r.RoleId); if (!roles.Any()) { OnException(_loc["notspecified_userroles"]); } var entities = q is QueryExpression ? (q as QueryExpression).GetAllEntityNames() : new List <string>() { q.EntityName }; var entIds = _entityFinder.FindByNames(entities.ToArray()).Select(n => n.EntityId); _user.RoleObjectAccessEntityPermission = _roleObjectAccessEntityPermissionService.GetPermissions(entIds, roles, access); }
public List <RoleObjectAccessEntityPermission> GetPermissions(IEnumerable <Guid> entityIds, IEnumerable <Guid> roleIds, AccessRightValue access) { Sql s = Sql.Builder.Append(@"SELECT MAX([RoleObjectAccess].[AccessRightsMask]) AS AccessRightsMask,[EntityPermission].[EntityId] AS EntityId,[EntityPermission].[AccessRight] AS AccessRight FROM RoleObjectAccess WITH(NOLOCK) INNER JOIN EntityPermission AS EntityPermission WITH(NOLOCK) ON EntityPermission.[EntityPermissionId]=RoleObjectAccess.[ObjectId] WHERE [EntityPermission].[EntityId] IN (@0) AND [RoleObjectAccess].[RoleId] IN (@1) AND [EntityPermission].[AccessRight] = @2 GROUP BY [EntityPermission].[EntityId],[EntityPermission].[AccessRight]", entityIds, roleIds, (int)access); return(_repository.ExecuteQuery(s.SQL, s.Arguments)); }
public RoleObjectAccessEntityPermission FindUserPermission(string entityName, string userAccountName, AccessRightValue access) { Sql s = Sql.Builder.Append(@"SELECT a.AccessRight,MAX(b.AccessRightsMask) AccessRightsMask FROM EntityPermission a INNER JOIN RoleObjectAccess b ON a.EntityPermissionId = b.ObjectId INNER JOIN Entity c ON a.EntityId = c.EntityId AND c.AuthorizationEnabled=1 AND c.Name=@0 INNER JOIN SystemUserRoles d ON b.RoleId = d.RoleId INNER JOIN SystemUser e ON d.SystemUserId = e.SystemUserId AND e.LoginName=@1 WHERE a.AccessRight=@2 GROUP BY a.AccessRight", entityName, userAccountName, access); return(_repository.Find(s.SQL, s.Arguments)); }
/// <summary> /// 校验实体权限 /// </summary> /// <param name="entity"></param> /// <param name="access"></param> /// <param name="entityMetadata"></param> protected void VerifyEntityPermission(Entity entity, AccessRightValue access, Schema.Domain.Entity entityMetadata = null) { entityMetadata = entityMetadata ?? GetEntityMetaData(entity.Name); //authorization disabled or user is administrator group if (!entityMetadata.AuthorizationEnabled || _user.IsSuperAdmin) { return; } bool hasPermission = false; //operation permission var roleEntityPermission = _roleObjectAccessEntityPermissionService.FindUserPermission(entity.Name, _user.LoginName, access); //if (roleEntityPermission == null) return; //permission depth var depth = "none"; if (roleEntityPermission != null) { var data = entity.UnWrapAttributeValue(); if (entityMetadata.EntityMask == EntityMaskEnum.Organization) { var b = data.GetGuidValue("organizationid"); hasPermission = (roleEntityPermission.AccessRightsMask != EntityPermissionDepth.None && this._user.OrganizationId.Equals(b)); } else { var ownerIdType = data.GetIntValue("owneridtype"); //full if (roleEntityPermission.AccessRightsMask == EntityPermissionDepth.Organization) { hasPermission = true; } else if (ownerIdType == (int)OwnerTypes.SystemUser) { //basic if (roleEntityPermission.AccessRightsMask == EntityPermissionDepth.Self) { hasPermission = data.GetGuidValue("ownerid").Equals(this._user.SystemUserId); } //local else if (roleEntityPermission.AccessRightsMask == EntityPermissionDepth.BusinessUnit) { var b = data.GetGuidValue("owningbusinessunit"); hasPermission = _user.BusinessUnitId.Equals(b); } //deep else if (roleEntityPermission.AccessRightsMask == EntityPermissionDepth.BusinessUnitAndChild) { var b = data.GetGuidValue("owningbusinessunit"); hasPermission = _businessUnitService.IsChild(this._user.BusinessUnitId, b); } } else if (ownerIdType == (int)OwnerTypes.Team) { //basic if (roleEntityPermission.AccessRightsMask == EntityPermissionDepth.Self) { hasPermission = data.GetGuidValue("ownerid").Equals(this._user.SystemUserId); } //local else if (roleEntityPermission.AccessRightsMask == EntityPermissionDepth.BusinessUnit) { var b = data.GetGuidValue("owningbusinessunit"); hasPermission = _user.BusinessUnitId.Equals(b); } //deep else if (roleEntityPermission.AccessRightsMask == EntityPermissionDepth.BusinessUnitAndChild) { var b = data.GetGuidValue("owningbusinessunit"); hasPermission = _businessUnitService.IsChild(this._user.BusinessUnitId, b); } } } depth = roleEntityPermission.AccessRightsMask.ToString(); } //shared permission if (!hasPermission) { var objectId = entity.GetIdValue(); var poa = _principalObjectAccessService.Find(n => n.ObjectId == objectId && n.AccessRightsMask == access); hasPermission = poa != null; } if (!hasPermission) { var msg = Enum.GetName(typeof(AccessRightValue), access); msg = _loc["security_" + msg]; OnException(string.Format(_loc["security_noentitypermission"] + " " + depth, entityMetadata.LocalizedName, msg)); } }
public List <RoleObjectAccessEntityPermission> GetPermissions(IEnumerable <Guid> entityIds, IEnumerable <Guid> roleIds, AccessRightValue access) { return(_roleObjectAccessEntityPermissionRepository.GetPermissions(entityIds, roleIds, access)); }
public RoleObjectAccessEntityPermission FindUserPermission(string entityName, string userAccountName, AccessRightValue access) { return(_roleObjectAccessEntityPermissionRepository.FindUserPermission(entityName, userAccountName, access)); }