public bool updateRole(Role role, string roleId) { if (String.IsNullOrEmpty(roleId)) { throw new Exception("角色Id不能为空"); } if (existsRole(role.Id) && !roleId.Equals(role.Id, StringComparison.OrdinalIgnoreCase)) { throw new Exception("角色Id" + role.Id + "已经存在,不能将" + roleId + "修改成" + role.Id); } DatabaseAdmin dba = SecuritySettings.getDBA(); DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.UpdateRoleSql); dba.addInParameter(cmd, "@Id", DbType.String, role.Id); dba.addInParameter(cmd, "@DisplayName", DbType.String, role.DisplayName); dba.addInParameter(cmd, "@Remark", DbType.String, role.Remark); dba.addInParameter(cmd, "@oldId", DbType.String, roleId); bool ret = dba.execNonQuery(cmd) != 0; if (!ret) { throw new XUserException("角色修改失败,角色" + roleId + "不存在"); } return(ret); }
public static void deleteUserRole(string userId, string roleId) { DatabaseAdmin dba = SecuritySettings.getDBA(); DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.deleteUserRoleSQL); dba.addInParameter(cmd, "@roleId", DbType.String, roleId); dba.addInParameter(cmd, "@userId", DbType.String, userId); dba.execNonQuery(cmd); }
public bool updateUser(User user, string userId) { // if (!(Security.user.Id.Equals(user.Id) && Security.IsAdminRoleUser)) // throw new XUserException("无权操作"); if (existsUser(user.Id) && user.Id != userId) { throw new XUserException("用户" + user.Id + "已经存在,法将用户" + userId + "改为" + user.Id); } DatabaseAdmin dba = SecuritySettings.getDBA(); DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.UpdateUserSql); dba.addInParameter(cmd, "@Id", DbType.String, user.Id); dba.addInParameter(cmd, "@DisplayName", DbType.String, user.DisplayName); dba.addInParameter(cmd, "@IsDisable", DbType.Boolean, user.IsDisable); dba.addInParameter(cmd, "@IsActive", DbType.Boolean, user.IsActive); dba.addInParameter(cmd, "@Email", DbType.AnsiString, user.Email); dba.addInParameter(cmd, "@Mobile", DbType.AnsiString, user.Mobile); dba.addInParameter(cmd, "@GroupId", DbType.AnsiString, user.GroupId); dba.addInParameter(cmd, "@oldId", DbType.AnsiString, userId); bool ret = dba.execNonQuery(cmd) != 0; if (!ret) { throw new XUserException(userId + "用户未发现"); } return(ret); }
/// <summary> /// 设置角色的对象权限 /// </summary> /// <param name="roleId"></param> /// <param name="objectId"></param> /// <param name="permission"></param> public static void setPermission(string roleId, string objectId, PermissionTypes permission) { PermissionTypes oldPerm = getRoleObjectPermission(roleId, objectId); oldPerm = oldPerm | permission; DatabaseAdmin dba = SecuritySettings.getDBA(); DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.SetRoleObjectPermissionSql); dba.addInParameter(cmd, "@roleId", DbType.String, roleId); dba.addInParameter(cmd, "@objectId", DbType.String, objectId); dba.addInParameter(cmd, "@permission", DbType.Int32, oldPerm); dba.execNonQuery(cmd); //for(PermissionTypes }
public void appendUserRole(string userId, string roleId) { DatabaseAdmin dba = SecuritySettings.getDBA(); DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.CheckUserRolesSQl); dba.addInParameter(cmd, "@roleId", DbType.String, roleId); dba.addInParameter(cmd, "@userId", DbType.String, userId); object c = dba.executeScalar(cmd); if ((int)c < 1) { cmd = dba.getSqlStringCommand(SecurityDataScripts.AppendUserRolesSQl); dba.addInParameter(cmd, "@roleId", DbType.String, roleId); dba.addInParameter(cmd, "@userId", DbType.String, userId); } dba.execNonQuery(cmd); }
public bool deleteUser(string userId) { DatabaseAdmin dba = SecuritySettings.getDBA(); DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.DeleteUserSQL); dba.addInParameter(cmd, "@user_id", DbType.String, userId); return(dba.execNonQuery(cmd) != 0); }
public static PermissionTypes getRoleObjectPermission(string roleId, string objectId) { DatabaseAdmin dba = SecuritySettings.getDBA(); DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.RoleObjectPermissionSql); dba.addInParameter(cmd, "@roleId", DbType.String, roleId); dba.addInParameter(cmd, "@objectId", DbType.String, objectId); object ret = dba.executeScalar(cmd); if (ret != null && ret is int) { return((PermissionTypes)ret); } else { return(PermissionTypes.None); } }
public bool existsUser(string userId) { DatabaseAdmin dba = SecuritySettings.getDBA(); DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.CheckUserExistsSQL); dba.addInParameter(cmd, "@user_id", DbType.String, userId); object o = dba.executeScalar(cmd); return(o != null); }
/// <summary> /// 用权限类型设置角色的对象权限 /// </summary> /// <param name="roleId">角色ID</param> /// <param name="objectId">对象ID</param> /// <param name="type">权限类型字符串:None/Read/Write/Execute/DoAll</param> /// <param name="enable"></param> public static void setPermission(string roleId, string objectId, string type, bool enable) { PermissionTypes permission = (PermissionTypes)Enum.Parse(typeof(PermissionTypes), type); PermissionTypes oldPerm = getRoleObjectPermission(roleId, objectId); oldPerm = oldPerm | permission; if (!enable) { oldPerm = oldPerm ^ permission; } DatabaseAdmin dba = SecuritySettings.getDBA(); DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.SetRoleObjectPermissionSql); dba.addInParameter(cmd, "@roleId", DbType.String, roleId); dba.addInParameter(cmd, "@objectId", DbType.String, objectId); dba.addInParameter(cmd, "@permission", DbType.Int32, oldPerm); dba.execNonQuery(cmd); }
public bool addRole(Role role) { if (existsRole(role.Id)) { throw new XUserException("角色" + role.Id + "已经存在"); } DatabaseAdmin dba = SecuritySettings.getDBA(); DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.InsertRoleSql); dba.addInParameter(cmd, "@Id", DbType.String, role.Id); dba.addInParameter(cmd, "@DisplayName", DbType.String, role.DisplayName); dba.addInParameter(cmd, "@Remark", DbType.String, role.Remark); bool ret = dba.execNonQuery(cmd) != 0; if (!ret) { throw new XUserException("角色添加失败"); } return(ret); }
public bool appendRoles(UserRoleIds userRoleIds) { string userId = userRoleIds.UserId; DatabaseAdmin dba = SecuritySettings.getDBA(); for (int i = 0; i < userRoleIds.RoleIds.Count; i++) { DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.CheckUserRolesSQl); string roleId = userRoleIds.RoleIds[i]; dba.addInParameter(cmd, "@roleId", DbType.String, roleId); dba.addInParameter(cmd, "@userId", DbType.String, userId); object c = dba.executeScalar(cmd); if ((int)c < 1) { cmd = dba.getSqlStringCommand(SecurityDataScripts.AppendUserRolesSQl); dba.addInParameter(cmd, "@roleId", DbType.String, roleId); dba.addInParameter(cmd, "@userId", DbType.String, userId); } dba.execNonQuery(cmd); } return(true); }
public bool addUser(User user) { if (String.IsNullOrEmpty(user.Id) || !(UserInfoExpress.isEmail(user.Id) || UserInfoExpress.isMobile(user.Id))) { throw new XUserException("新用户注册,必须填写手机号或电子邮件!"); } if (existsUser(user.Id)) { throw new XUserException("新用户注册,用户" + user.Id + "已经被别人使用!"); } user.Password = Crypto.Encrypt(user.Password); if (UserInfoExpress.isEmail(user.Id) && string.IsNullOrEmpty(user.Email)) { user.Email = user.Id; } if (UserInfoExpress.isMobile(user.Id) && string.IsNullOrEmpty(user.Mobile)) { user.Mobile = user.Id; } DatabaseAdmin dba = SecuritySettings.getDBA(); DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.InsertUserSql); dba.addInParameter(cmd, "@Id", DbType.String, user.Id); dba.addInParameter(cmd, "@DisplayName", DbType.String, user.DisplayName); dba.addInParameter(cmd, "@Password", DbType.String, user.Password); dba.addInParameter(cmd, "@create_date", DbType.DateTime, DateTime.Now); dba.addInParameter(cmd, "@IsDisable", DbType.Boolean, user.IsDisable); dba.addInParameter(cmd, "@IsActive", DbType.Boolean, user.IsActive); dba.addInParameter(cmd, "@Email", DbType.AnsiString, user.Email); dba.addInParameter(cmd, "@Mobile", DbType.AnsiString, user.Mobile); dba.addInParameter(cmd, "@GroupId", DbType.AnsiString, user.GroupId); bool ret = dba.execNonQuery(cmd) != 0; if (!ret) { throw new XUserException("用户添加失败"); } return(ret); }
public Dictionary <string, PermissionObject> getRolePermissionDict(string roleId, string objType) { DatabaseAdmin dba = SecuritySettings.getDBA(); DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.GetPermissionObjectsSql); dba.addInParameter(cmd, "@roleId", DbType.String, roleId); dba.addInParameter(cmd, "@objType", DbType.String, objType); DataTable tb = dba.executeTable(cmd); Dictionary <string, PermissionObject> ret = new Dictionary <string, PermissionObject>(); foreach (DataRow r in tb.Rows) { int p = 0; PermissionObject permObj = new PermissionObject(); permObj.ObjectId = r["object_id"].ToString(); permObj.ObjectType = r["object_type"].ToString(); int.TryParse(r["permission"].ToString(), out p); permObj.Permission = (PermissionTypes)p; ret.Add(permObj.ObjectId, permObj); } return(ret); }
public bool repassword(string password1, string password2) { if (!Security.IsLogin) { throw new XUserException("请先登录"); } if (password1.Equals(password2)) { throw new XUserException("两次输入的密码不一致"); } DatabaseAdmin dba = SecuritySettings.getDBA(); DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.InsertUserSql); dba.addInParameter(cmd, "@Id", DbType.String, Security.user.Id); return(dba.execNonQuery(cmd) != 0); }
private List <ListDataRow> getSubTableRows(Dictionary <string, string> pks, SubTableSchema subSchema) { DatabaseAdmin dba = DatabaseAdmin.getInstance(); DataSource subDs = new DataSource(subSchema.Name); DataSourceSchema dss = subDs.getSchema(); if (dss.SelectCommand.CommandType != CommandType.TableDirect) { throw new XException(string.Format(Lang.SubTableSelCommandTypeOnlyIsTable, subSchema.Name)); } StringBuilder sb = new StringBuilder("select * from "); sb.Append(dss.SelectCommand.CommandText); sb.Append(" "); sb.Append(" where "); Hashtable ps = new Hashtable(); for (int i = 0; i < subSchema.Fks.Count; i++) { string fk = subSchema.Fks[i]; string pk = _schema.PrimaryKeys[i]; sb.Append(fk); sb.Append("=@"); sb.Append(pk); sb.Append(" and "); ps.Add("@" + pk, pks[pk].ToString()); } sb.Remove(sb.Length - 5, 5); DbCommand cmd = dba.getSqlStringCommand(sb.ToString()); foreach (string key in ps.Keys) { dba.addInParameter(cmd, key, DbType.String, ps[key]); } DataTable tb = dba.executeTable(cmd); List <ListDataRow> rows = new List <ListDataRow>(); foreach (DataRow row in tb.Rows) { rows.Add(DataSourceComm.readRow(tb, dss, row)); } return(rows); }
/// <summary> /// 获取过滤表单的输入组件定义 /// </summary> /// <returns></returns> private DataSet updateSourceTableRow(ListDataRow row) { DatabaseAdmin dba = DatabaseAdmin.getInstance(_schema.ConnectionName); // Database db = dba.Database; DbCommand cmd = null; cmd = dba.getSqlStringCommand(" update " + _schema.TableName); StringBuilder sb = new StringBuilder(); StringBuilder sbWhere = new StringBuilder(); sb.Append(" update ["); sb.Append(_schema.TableName); sb.Append("] set "); bool first = true; foreach (string field in row.Keys) { string paramName = "@" + field.Replace(' ', '_'); FieldSchema fldSchema = null; if (field.StartsWith(XSqlBuilder.OLD_VERSION_PIX)) { string keyField = field.Replace(XSqlBuilder.OLD_VERSION_PIX, ""); fldSchema = _schema.Fields.GetItem(keyField); sbWhere.Append(" and ["); sbWhere.Append(keyField); sbWhere.Append("]="); sbWhere.Append(paramName); } else { fldSchema = _schema.Fields.GetItem(field); if (readOnlyFields.Contains(field)) { continue; } if (first) { first = false; } else { sb.Append(","); } sb.Append("["); sb.Append(field); sb.Append("]"); sb.Append("="); sb.Append(paramName); } dba.addInParameter(cmd, paramName, fldSchema.DataType, string.IsNullOrEmpty(row[field]) ? null : row[field]); } sbWhere.Remove(0, 5); if (sbWhere.Length < 2) { throw new XException(Lang.UpdateNoKey); } sb.Append(" where "); sb.Append(sbWhere.ToString()); cmd.CommandText = sb.ToString(); return(dba.executeDateSet(cmd)); }
private DbCommand getSelectCommand(int pageSize, int pageNo, string fields, Dictionary <string, string> queryParams, string where, string orderBy, string groupBy) { string connectionName = _schema.ConnectionName; string selectSql; // tableNames = new List<string>(); DbCommand cmd = null; switch (_schema.SelectCommand.CommandType) { case CommandType.TableDirect: if (pageNo > 1 || pageSize > 1) { cmd = getPagingSpCommand(_schema.SelectCommand.CommandText, pageSize, pageNo, fields, where, orderBy, groupBy); } if (cmd == null) { selectSql = XSqlBuilder.BuildTableSql(_schema.SelectCommand.CommandText, pageSize, pageNo, fields, where, orderBy, groupBy); cmd = dbAdmin.getSqlStringCommand(selectSql); } else { _schema.IsPagingByParams = true; } break; case CommandType.Text: selectSql = _schema.SelectCommand.CommandText; SqlParse xSql = new SqlParse(selectSql); cmd = dbAdmin.getSqlStringCommand(selectSql); // paramNames = xSql.GetParamNames(); break; case CommandType.StoredProcedure: selectSql = _schema.SelectCommand.CommandText; cmd = dbAdmin.GetStoredProcCommandWithSourceColumns(selectSql, fields.Split(',')); break; } if (_schema.SelectCommand != null && _schema.SelectCommand.QueryParams != null) { foreach (ParameterSchema ps in _schema.SelectCommand.QueryParams) { if (string.IsNullOrEmpty(ps.Id)) { continue; } string name = ps.Id; object value = ps.DefaultValue; if (queryParams != null && queryParams.ContainsKey(name)) { value = queryParams[name]; } //if (name.Equals(DataSourceConst.PagingPageNo, StringComparison.OrdinalIgnoreCase)) // value = pageNo; //if (name.Equals(DataSourceConst.PagingPageSize, StringComparison.OrdinalIgnoreCase)) // value = pageSize; if (cmd.Parameters.Contains(name)) { dbAdmin.Database.SetParameterValue(cmd, name, value); } else if (ps.Direction == ParameterDirection.Input) { dbAdmin.addInParameter(cmd, name, ps.DataType, value); } else { dbAdmin.AddOutParameter(cmd, name, ps.DataType, ps.DataSize); } } } return(cmd); }