public static WcfError ValidateSession(String session, String moduleName) { //第一步,获取用户 using (ISession hibernateSession = NHibernateHelper.CurrentHelper.OpenSession()) { var query = hibernateSession.CreateQuery("from SessionToken where SessionGuid = ?"); query.SetString(0, session); var sessionToken = query.List <SessionToken>().FirstOrDefault(); if (sessionToken?.User == null || sessionToken.User <= 0) { return(WcfError.InvalidSession); } //timeout if (sessionToken.LastOperationTime < DateTime.Now.Subtract(new TimeSpan(0, 0, TimeoutInSecond))) { return(WcfError.SessionTimeout); } sessionToken.LastOperationTime = DateTime.Now; sessionToken.LastOperation = moduleName; hibernateSession.Update(sessionToken); hibernateSession.Flush(); //找到Module query = hibernateSession.CreateQuery("from ModuleFunction where end_date is null and FunctionQualifier = ?"); query.SetString(0, moduleName); var module = query.List <ModuleFunction>().FirstOrDefault(); if (module == null) { // ReSharper disable once ConditionIsAlwaysTrueOrFalse if (DEBUG_ALLOW_EVERYTHING) // ReSharper disable once HeuristicUnreachableCode #pragma warning disable 162 { query = hibernateSession.CreateQuery( "from ModuleFunction where end_date is null and FunctionQualifier = ?"); query.SetString(0, "[DEBUG]" + moduleName); module = query.List <ModuleFunction>().FirstOrDefault(); if (module == null) { module = new ModuleFunction { FunctionQualifier = "[DEBUG]" + moduleName, BusinessName = moduleName, ServiceName = moduleName }; module.Id = (int)hibernateSession.Save(module); hibernateSession.Flush(); } } else // ReSharper disable once HeuristicUnreachableCode { return(WcfError.NoSuchModule); } #pragma warning restore 162 } int userId = sessionToken.User.Value; //找到该用户的所有用户组,看是否有权限 var user = hibernateSession.Get <User>(userId); var privilege = PrivilegeApi.GetModuleFunctionPrivilege(userId, module.Id, hibernateSession); if (privilege != null) { if (privilege.Status == PermissionStateTrue) { return(WcfError.None); } else { return(WcfError.InsufficientPrivilege); } } //TODO:寻找用户组间接授权 //没有授权 // ReSharper disable once ConditionIsAlwaysTrueOrFalse if (DEBUG_ALLOW_EVERYTHING) // ReSharper disable once HeuristicUnreachableCode #pragma warning disable 162 { var result = new ModuleFunctionMap(); result.State = PermissionStateTrue; result.ModuleId = module.Id; result.EntityId = userId; result.EntityTypeId = EntityStructureApi.GetStructureByTypeName("UserGroup")?.Id ?? 0; result.Description = "[Debug]为用户[" + user.Name + "]赋予" + module.FunctionQualifier + "的执行权限。"; hibernateSession.Save(result); hibernateSession.Flush(); return(WcfError.None); } else { // ReSharper disable once HeuristicUnreachableCode return(WcfError.InsufficientPrivilege); } #pragma warning restore 162 } }
internal static ModulePrivilegeRelationship GetModuleFunctionPrivilege(int userId, int moduleId, GroupTrees userGroupTrees, ISession hibernateSession = null) { var mySession = hibernateSession ?? NHibernateHelper.CurrentHelper.OpenSession(); try { var user = mySession.Get <User>(userId); var privilegeResult = new ModulePrivilegeRelationship() { FunctionId = moduleId }; //注意优先级 //第一级,用户自己的设置 var query = mySession.CreateQuery("from ModuleFunctionMap where end_date is null and EntityTypeId = " + EntityStructureApi.GetStructureByTypeName("User")?.Id + " and EntityId = " + userId + " and ModuleId = " + moduleId); var result = query.List <ModuleFunctionMap>().FirstOrDefault(); if (result != null) { privilegeResult.IsGroupLevel = false; privilegeResult.Source = user.Name; privilegeResult.Status = result.State; return(privilegeResult); } privilegeResult.IsGroupLevel = true; var groupPrivileges = new Dictionary <int, int>(); foreach (var leaf in userGroupTrees.Leaves) { var node = leaf; bool found = false; while (true) { if (found) { groupPrivileges[node.GroupId] = -1; } else { int status; if (!groupPrivileges.TryGetValue(node.GroupId, out status)) { query = mySession.CreateQuery("from ModuleFunctionMap where end_date is null and EntityTypeId = " + EntityStructureApi.GetStructureByTypeName("UserGroup")?.Id + " and EntityId = ? and ModuleId = " + moduleId); query.SetInt32(0, node.GroupId); result = query.List <ModuleFunctionMap>().FirstOrDefault(); if (result != null) { groupPrivileges.Add(node.GroupId, result.State); found = true; } else { groupPrivileges.Add(node.GroupId, -1); } } } if (node.Parent == null) { break; } node = node.Parent; } } if (groupPrivileges.ContainsValue(SessionManager.PermissionStateFalse)) { privilegeResult.Status = SessionManager.PermissionStateFalse; privilegeResult.Source = mySession.Get <UserGroup>( groupPrivileges.First(gp => gp.Value == SessionManager.PermissionStateFalse).Key).Name; return(privilegeResult); } else if (groupPrivileges.ContainsValue(SessionManager.PermissionStateTrue)) { privilegeResult.Status = SessionManager.PermissionStateTrue; privilegeResult.Source = mySession.Get <UserGroup>( groupPrivileges.First(gp => gp.Value == SessionManager.PermissionStateTrue).Key).Name; return(privilegeResult); } return(null); } finally { if (hibernateSession == null) { mySession.Dispose(); } } }