/// <summary> /// 检查用户对于一批目录是否具有指定权限,返回具有权限的目录Id列表 /// </summary> /// <param name="handle"></param> /// <param name="permission"></param> /// <param name="toFilterDirIdList"></param> /// <returns></returns> public List <string> FilterDirIds(LibHandle handle, DMFuncPermissionEnum permission, List <string> toFilterDirIdList) { if (handle == LibHandleCache.Default.GetSystemHandle() || string.IsNullOrEmpty(handle.UserId) || handle.UserId == "admin") { return(toFilterDirIdList);//系统用户则直接原样返回 } string personId = handle.PersonId; DMUserPermission userPermission = DMUserPermissionCache.Default.GetCacheItem(personId); if (userPermission.IsUnlimited) { return(toFilterDirIdList);//用户权限不受限制则直接原样返回 } Dictionary <string, List <string> > dicDirId_DirIds = DirLinkAddress.GetDirIdsForDirs(toFilterDirIdList); if (dicDirId_DirIds == null) { return(new List <string>()); } List <string> resultList = new List <string>(); try { //使用每个目录的目录标识列表(含自身和所有父级目录)检查是否可用权限 resultList = (from item in toFilterDirIdList where dicDirId_DirIds.ContainsKey(item) && userPermission.CheckCan(dicDirId_DirIds[item], string.Empty, permission) select item).ToList(); } catch (Exception exp) { DMCommonMethod.WriteLog("FilterDocIds", exp.Message); } return(resultList); }
/// <summary> /// 检查用户对于指定目录(或及指定文档)是否具有指定的权限 /// </summary> /// <param name="dirId">目录标识,如果文档标识不为空则目录标识可为空</param> /// <param name="docId">文档标识,为空则仅判断目录</param> /// <param name="func">操作功能项</param> /// <returns></returns> public bool CheckCan(string dirId, string docId, DMFuncPermissionEnum func) { if (string.IsNullOrEmpty(dirId) && string.IsNullOrEmpty(docId)) { return(false);//不能两者都为空 } //找到目录或文档的所有上级目录然后再检查权限 if (string.IsNullOrEmpty(docId)) { DirLinkAddress dirLink = new DirLinkAddress(dirId, new LibDataAccess()); if (dirLink.DirType == DirTypeEnum.Private) { return(true); } List <string> dirIds = dirLink.ParentDirIdList; dirIds.Add(dirId);//将本级目录标识加入 return(CheckCan(dirIds, string.Empty, func)); } else { DirLinkAddress dirLink = new DirLinkAddress(false, docId, new LibDataAccess(), true); if (dirLink.DirType == DirTypeEnum.Private) { return(true); } return(CheckCan(dirLink.ParentDirIdList, docId, func)); } }
//导入、导出、打印等可能需要的方法需要编写覆盖基类的方法,应在相关方法中检查权限 /// <summary> /// 权限检查 /// </summary> /// <param name="permission"></param> /// <returns></returns> protected bool CheckPermission(string dirId, DMFuncPermissionEnum permission) { bool ret = true;//因DMFuncPermissionEnum权限项的值能覆盖FuncPermissionEnum的值,可以直接转换使用 if (LibHandleCache.Default.GetSystemHandle().Handle != this.Handle.Handle && this.Handle.UserId != "admin") { ret = DMPermissionControl.Default.HasPermission(this.Handle, dirId, string.Empty, permission); if (!ret) { this.ManagerMessage.AddMessage(LibMessageKind.Error, "当前人员不具备操作权限。"); } } return(ret); }
/// <summary> /// 检查用户是否具有对于指定目录(或及指定文档)的指定权限 /// </summary> /// <param name="handle"></param> /// <param name="dirId"></param> /// <param name="docId">如果参数为空则指针对目录的检查</param> /// <param name="funcPermission"></param> /// <returns></returns> public bool HasPermission(LibHandle handle, string dirId, string docId, DMFuncPermissionEnum funcPermission) { bool ret = false; if (handle == LibHandleCache.Default.GetSystemHandle() || string.IsNullOrEmpty(handle.UserId) || handle.UserId == "admin") { ret = true; } else { string personId = handle.PersonId; DMUserPermission userPermission = DMUserPermissionCache.Default.GetCacheItem(personId); if (userPermission.IsUnlimited) { ret = true; } else { return(userPermission.CheckCan(dirId, docId, funcPermission)); } } return(ret); }
/// <summary> /// 检查用户对于一批文档是否具有指定权限,返回具有权限的文档Id列表 /// </summary> /// <param name="handle"></param> /// <param name="permission"></param> /// <param name="toFilterDocIdList"></param> /// <returns></returns> public List <string> FilterDocIds(LibHandle handle, DMFuncPermissionEnum permission, List <string> toFilterDocIdList) { if (handle == LibHandleCache.Default.GetSystemHandle() || string.IsNullOrEmpty(handle.UserId) || handle.UserId == "admin") { return(toFilterDocIdList);//系统用户则直接原样返回 } string personId = handle.PersonId; DMUserPermission userPermission = DMUserPermissionCache.Default.GetCacheItem(personId); if (userPermission.IsUnlimited) { return(toFilterDocIdList);//用户权限不受限制则直接原样返回 } Dictionary <string, List <DocInfo> > dicDocId_DirIds = DirLinkAddress.GetParentDirIdsForDocs(toFilterDocIdList); if (dicDocId_DirIds == null) { return(null); } List <string> resultList = new List <string>(); Dictionary <string, List <string> > tempDic = new Dictionary <string, List <string> >(); foreach (KeyValuePair <string, List <DocInfo> > item in dicDocId_DirIds) { foreach (DocInfo temp in item.Value) { if (temp.DirType == DirTypeEnum.Private && temp.CreatorId == personId) { if (!resultList.Contains(item.Key)) { resultList.Add(item.Key); break; } } else { if (tempDic.ContainsKey(item.Key)) { tempDic[item.Key].Add(temp.DirId); } else { tempDic.Add(item.Key, new List <string>() { temp.DirId }); } } } } try { //使用每个文档的标识和父目录标识列表检查是否可用权限 resultList.AddRange((from item in toFilterDocIdList where tempDic.ContainsKey(item) && userPermission.CheckCan(tempDic[item], item, permission) select item).ToList()); } catch (Exception exp) { DMCommonMethod.WriteLog("FilterDocIds", exp.Message); } return(resultList); }
/// <summary> /// 检查用户对于指定目录(或指定文档)是否具有指定的权限 /// </summary> /// <param name="parentDirIds">目录文档所在的目录列表(从顶级到最后目录),如果是为目录进行查询则应包含本级目录</param> /// <param name="docId">文档标识,为空则仅判断目录</param> /// <param name="func">操作功能项</param> /// <returns></returns> public bool CheckCan(List <string> parentDirIds, string docId, DMFuncPermissionEnum func) { if (parentDirIds == null || parentDirIds.Count == 0) { return(false); } lock (_LockObjOfDicDirAndDoc) { //先检是否有某个所在目录的管理权限 string manageDir = (from item in _DicDirectoryPowers where parentDirIds.Contains(item.Key) && ((item.Value & (int)DMFuncPermissionEnum.Manage) == (int)DMFuncPermissionEnum.Manage) select item.Key).FirstOrDefault(); if (string.IsNullOrEmpty(manageDir) == false) { return(true);//有管理权限则直接返回true } //检查文档是否有管理权限 if (string.IsNullOrEmpty(docId) == false) { string manageDoc = (from item in _DicDocumentPowers where item.Key.Equals(docId) && ((item.Value & (int)DMFuncPermissionEnum.Manage) == (int)DMFuncPermissionEnum.Manage) select item.Key).FirstOrDefault(); if (string.IsNullOrEmpty(manageDoc) == false) { return(true);//有管理权限则直接返回true } } //否则将逐级目录权限项相“或” List <int> permissionList = (from item in _DicDirectoryPowers where parentDirIds.Contains(item.Key) select item.Value).ToList(); int mergePermission = 0; bool isFirst = true; foreach (int dirPer in permissionList) { if (isFirst) { mergePermission = dirPer; isFirst = false; } else { mergePermission = mergePermission | dirPer;//合并权限,一个权限项无论是父目录设置了true还是子目录设置了true,都可用。 } } if (string.IsNullOrEmpty(docId) || _DicDocumentPowers.ContainsKey(docId) == false) { //检查目录权限 if ((mergePermission & (int)func) == (int)func) { return(true); } } else { if (isFirst == false) { mergePermission = mergePermission | _DicDocumentPowers[docId];//再与文档权限相或 } else { mergePermission = _DicDocumentPowers[docId]; } bool isCan = (mergePermission & (int)func) == (int)func; if (isCan) { return(true); } } } if (func == DMFuncPermissionEnum.Browse && string.IsNullOrEmpty(docId)) { //对于仅检查目录的浏览权限的,再进行特殊处理 string dirId = parentDirIds.Last(); return(CheckDirCanBrowse(dirId)); } else { return(false); } }