public void LoadCurrentContainerAndPermissionsTest()
{
SCAclAdapter adapter = SCAclAdapter.Instance;
SCObjectGenerator.PreareTestOguObjectForDelete();
var parent1 = (SCOrganization)SchemaObjectAdapter.Instance.LoadByCodeName("Organizations", "groupHQ", SchemaObjectStatus.Normal, DateTime.MinValue);
var role1 = (SCRole)SchemaObjectAdapter.Instance.LoadByCodeName("Roles", "系统管理员", SchemaObjectStatus.Normal, DateTime.MinValue);
var role2 = (SCRole)SchemaObjectAdapter.Instance.LoadByCodeName("Roles", "系统维护员", SchemaObjectStatus.Normal, DateTime.MinValue);
var container = new PC.Permissions.SCAclContainer(parent1);
container.Members.Add("AddChildren", role1);
container.Members.Add("DeleteChildren", role1);
container.Members.Add("UpdateChildren", role2);
container.Members.Add("EditPermissionsOfChildren", role2);
container.Members.Add("AddChildren", role2);
PC.Executors.SCObjectOperations.Instance.UpdateObjectAcl(container);
var user = (SCUser)SchemaObjectAdapter.Instance.LoadByCodeName("Users", "fanhy", SchemaObjectStatus.Normal, DateTime.MinValue);
Thread.Sleep(2000);
var result = adapter.LoadCurrentContainerAndPermissions(user.ID, new string[] { parent1.ID });
Assert.IsTrue((from PC.Permissions.SCContainerAndPermission p in result where p.ContainerPermission == "AddChildren" && p.ContainerID == parent1.ID select p).Any());
Assert.IsTrue((from PC.Permissions.SCContainerAndPermission p in result where p.ContainerPermission == "DeleteChildren" && p.ContainerID == parent1.ID select p).Any());
}
private void ImportAcl(IImportContext context, PC.Executors.ISCObjectOperations executor, PC.SCApplication targetApp, PC.Permissions.SCAclItem[] acls)
{
if (acls.Length > 0)
{
var container = new PC.Permissions.SCAclContainer(targetApp);
context.AppendLogFormat("正在替 {0} 合并ACL定义\r\n", targetApp.ToDescription());
var oldPermissions = PC.Adapters.SCAclAdapter.Instance.LoadByContainerID(targetApp.ID, DateTime.MinValue);
PC.Permissions.SCAclMemberCollection members = new PC.Permissions.SCAclMemberCollection();
foreach (var item in acls)
{
ImportService.Instance.WithEffectObject <PC.SchemaObjectBase>(item.MemberID, role =>
{
members.Add(item.ContainerPermission, role);
}, null);
}
if (oldPermissions != null && oldPermissions.Count > 0)
{
members.MergeChangedItems(oldPermissions);
}
container.Members.CopyFrom(members);
PC.Adapters.SCAclAdapter.Instance.Update(container);
}
}
protected void SetContainerMemberAndPermissions(PC.SchemaObjectBase container, PC.SCRole member, string[] permissions)
{
PC.Permissions.SCAclContainer cc = new PC.Permissions.SCAclContainer(container);
if (permissions != null)
{
foreach (string permission in permissions)
{
cc.Members.AddNotExistsItem(new PC.Permissions.SCAclItem(permission, member));
}
}
var old = PC.Adapters.SCAclAdapter.Instance.LoadByContainerID(container.ID, DateTime.MinValue);
if (old != null)
{
cc.Members.MergeChangedItems(old);
}
PC.Adapters.SCAclAdapter.Instance.Update(cc);
}
public void ReplaceAcl()
{
SCObjectGenerator.PreareTestOguObjectForDelete();
var parent1 = (SCOrganization)SchemaObjectAdapter.Instance.LoadByCodeName("Organizations", "groupHQ", SchemaObjectStatus.Normal, DateTime.MinValue);
var parent2 = (SCOrganization)SchemaObjectAdapter.Instance.LoadByCodeName("Organizations", "流程管理部", SchemaObjectStatus.Normal, DateTime.MinValue);
var role1 = (SCRole)SchemaObjectAdapter.Instance.LoadByCodeName("Roles", "系统管理员", SchemaObjectStatus.Normal, DateTime.MinValue);
var role2 = (SCRole)SchemaObjectAdapter.Instance.LoadByCodeName("Roles", "系统维护员", SchemaObjectStatus.Normal, DateTime.MinValue);
var container = new PC.Permissions.SCAclContainer(parent1);
container.Members.Add("AddChildren", role1);
container.Members.Add("DeleteChildren", role1);
container.Members.Add("UpdateChildren", role2);
container.Members.Add("EditPermissionsOfChildren", role2);
container.Members.Add("AddChildren", role2);
PC.Executors.SCObjectOperations.Instance.UpdateObjectAcl(container);
var childAcls = PC.Adapters.SCAclAdapter.Instance.LoadByContainerID(parent2.ID, DateTime.MinValue);
Assert.IsTrue(childAcls.Count == 0);
SCReplaceAclRecursivelyExecutor executor = new SCReplaceAclRecursivelyExecutor(SOA.DataObjects.Security.Actions.SCOperationType.ReplaceAclRecursively, parent1)
{
};
executor.Execute();
childAcls = PC.Adapters.SCAclAdapter.Instance.LoadByContainerID(parent2.ID, DateTime.MinValue);
Assert.IsTrue(childAcls.Count == 5);
Assert.IsTrue((from p in childAcls where p.ContainerID == parent2.ID && p.ContainerPermission == "AddChildren" && p.MemberID == role1.ID select p).Any());
Assert.IsTrue((from p in childAcls where p.ContainerID == parent2.ID && p.ContainerPermission == "DeleteChildren" && p.MemberID == role1.ID select p).Any());
Assert.IsTrue((from p in childAcls where p.ContainerID == parent2.ID && p.ContainerPermission == "UpdateChildren" && p.MemberID == role2.ID select p).Any());
Assert.IsTrue((from p in childAcls where p.ContainerID == parent2.ID && p.ContainerPermission == "EditPermissionsOfChildren" && p.MemberID == role2.ID select p).Any());
Assert.IsTrue((from p in childAcls where p.ContainerID == parent2.ID && p.ContainerPermission == "AddChildren" && p.MemberID == role2.ID select p).Any());
}
public override void ExecuteEachOrganization(SCObjectSet objectSet, IImportContext context, IDictionary<string, PC.SchemaObjectBase> knownObjects, PC.SCOrganization org, Dictionary<string, IList<PC.SCOrganization>> orgToOrgRelations, Dictionary<string, IList<PC.SCUser>> orgToUserRelations, Dictionary<string, IList<PC.SCGroup>> orgToGroupRelations)
{
if (objectSet.HasAcls)
{
context.SetStatus(Owner.currentSteps, Owner.allSteps, string.Format("正在寻找 {0} 的ACL。", org.ToDescription()));
var allAcls = ImportService.Instance.FilterAcls(objectSet.Acls, acl => acl.ContainerID == org.ID && acl.Status == SchemaObjectStatus.Normal).ToList();
var summaryName = org.ToDescription();
try
{
var newContainer = new PC.Permissions.SCAclContainer(org);
foreach (var acl in allAcls)
{
ImportService.Instance.WithEffectObject<PC.SchemaObjectBase>(acl.MemberID, knownObjects, role =>
{
newContainer.Members.Add(acl.ContainerPermission, role);
}, null);
}
var oldMembers = PC.Adapters.SCAclAdapter.Instance.LoadByContainerID(org.ID, DateTime.MinValue);
if (oldMembers != null)
{
newContainer.Members.MergeChangedItems(oldMembers);
}
context.SetStatusAndLog(Owner.currentSteps, Owner.allSteps, string.Format("正在替换 {0} 的ACL:", summaryName));
PC.Adapters.SCAclAdapter.Instance.Update(newContainer);
}
catch (Exception ex)
{
context.AppendLogFormat("对象 {0} 的ACL操作失败,原因是:{1}\r\n", summaryName, ex.Message);
}
}
}
public override void ExecuteEachOrganization(SCObjectSet objectSet, IImportContext context, IDictionary <string, PC.SchemaObjectBase> knownObjects, PC.SCOrganization org, Dictionary <string, IList <PC.SCOrganization> > orgToOrgRelations, Dictionary <string, IList <PC.SCUser> > orgToUserRelations, Dictionary <string, IList <PC.SCGroup> > orgToGroupRelations)
{
if (objectSet.HasAcls)
{
context.SetStatus(Owner.currentSteps, Owner.allSteps, string.Format("正在寻找 {0} 的ACL。", org.ToDescription()));
var allAcls = ImportService.Instance.FilterAcls(objectSet.Acls, acl => acl.ContainerID == org.ID && acl.Status == SchemaObjectStatus.Normal).ToList();
var summaryName = org.ToDescription();
try
{
var newContainer = new PC.Permissions.SCAclContainer(org);
foreach (var acl in allAcls)
{
ImportService.Instance.WithEffectObject <PC.SchemaObjectBase>(acl.MemberID, knownObjects, role =>
{
newContainer.Members.Add(acl.ContainerPermission, role);
}, null);
}
var oldMembers = PC.Adapters.SCAclAdapter.Instance.LoadByContainerID(org.ID, DateTime.MinValue);
if (oldMembers != null)
{
newContainer.Members.MergeChangedItems(oldMembers);
}
context.SetStatusAndLog(Owner.currentSteps, Owner.allSteps, string.Format("正在替换 {0} 的ACL:", summaryName));
PC.Adapters.SCAclAdapter.Instance.Update(newContainer);
}
catch (Exception ex)
{
context.AppendLogFormat("对象 {0} 的ACL操作失败,原因是:{1}\r\n", summaryName, ex.Message);
}
}
}
public void UpdateObjectAcl(string ownerID, ClientAclItem[] clientAcls)
{
var owner = PC.Adapters.SchemaObjectAdapter.Instance.Load(ownerID);
if (owner == null || owner.Status != SchemaObjectStatus.Normal)
{
throw new InvalidOperationException("指定对象不存在或已删除");
}
PC.Permissions.SCAclContainer container = new PC.Permissions.SCAclContainer(owner);
foreach (ClientAclItem item in clientAcls)
{
if (item.Status == ClientSchemaObjectStatus.Normal)
{
container.Members.Add(item.ToSCAcl());
}
}
container.Members.MergeChangedItems(PC.Adapters.SCAclAdapter.Instance.LoadByContainerID(ownerID, DateTime.MinValue));
Facade.UpdateObjectAcl(container);
}
public void ReplaceAcl()
{
SCObjectGenerator.PreareTestOguObjectForDelete();
var parent1 = (SCOrganization)SchemaObjectAdapter.Instance.LoadByCodeName("Organizations", "groupHQ", SchemaObjectStatus.Normal, DateTime.MinValue);
var parent2 = (SCOrganization)SchemaObjectAdapter.Instance.LoadByCodeName("Organizations", "流程管理部", SchemaObjectStatus.Normal, DateTime.MinValue);
var role1 = (SCRole)SchemaObjectAdapter.Instance.LoadByCodeName("Roles", "系统管理员", SchemaObjectStatus.Normal, DateTime.MinValue);
var role2 = (SCRole)SchemaObjectAdapter.Instance.LoadByCodeName("Roles", "系统维护员", SchemaObjectStatus.Normal, DateTime.MinValue);
var container = new PC.Permissions.SCAclContainer(parent1);
container.Members.Add("AddChildren", role1);
container.Members.Add("DeleteChildren", role1);
container.Members.Add("UpdateChildren", role2);
container.Members.Add("EditPermissionsOfChildren", role2);
container.Members.Add("AddChildren", role2);
PC.Executors.SCObjectOperations.Instance.UpdateObjectAcl(container);
var childAcls = PC.Adapters.SCAclAdapter.Instance.LoadByContainerID(parent2.ID, DateTime.MinValue);
Assert.IsTrue(childAcls.Count == 0);
SCReplaceAclRecursivelyExecutor executor = new SCReplaceAclRecursivelyExecutor(SOA.DataObjects.Security.Actions.SCOperationType.ReplaceAclRecursively, parent1) { };
executor.Execute();
childAcls = PC.Adapters.SCAclAdapter.Instance.LoadByContainerID(parent2.ID, DateTime.MinValue);
Assert.IsTrue(childAcls.Count == 5);
Assert.IsTrue((from p in childAcls where p.ContainerID == parent2.ID && p.ContainerPermission == "AddChildren" && p.MemberID == role1.ID select p).Any());
Assert.IsTrue((from p in childAcls where p.ContainerID == parent2.ID && p.ContainerPermission == "DeleteChildren" && p.MemberID == role1.ID select p).Any());
Assert.IsTrue((from p in childAcls where p.ContainerID == parent2.ID && p.ContainerPermission == "UpdateChildren" && p.MemberID == role2.ID select p).Any());
Assert.IsTrue((from p in childAcls where p.ContainerID == parent2.ID && p.ContainerPermission == "EditPermissionsOfChildren" && p.MemberID == role2.ID select p).Any());
Assert.IsTrue((from p in childAcls where p.ContainerID == parent2.ID && p.ContainerPermission == "AddChildren" && p.MemberID == role2.ID select p).Any());
}
public override void DoImport(SCObjectSet objectSet, IImportContext context)
{
if (objectSet.HasAcls)
{
context.SetStatus(0, 1, "正在寻找当前组织内组织的ACL。");
var pendingOrgs = new List <SCOrganization>(objectSet.Objects.Count);
foreach (SCOrganization item in ImportService.Instance.FilterNormalObjects <SCOrganization>(objectSet.Objects))
{
// 进行过滤,保留当前组织中的组织
if (objectSet.Relations.Exists(r => r.ParentID == this.Parent.ID && r.Status == SchemaObjectStatus.Normal && r.ID == item.ID))
{
pendingOrgs.Add(item);
}
}
int allCount = pendingOrgs.Count;
int count = 0;
foreach (SCOrganization item in pendingOrgs)
{
var summaryName = item.ToDescription();
count++;
var pendingAcls = ImportService.Instance.FilterAcls(objectSet.Acls, acl => acl.ContainerID == item.ID && acl.Status == SchemaObjectStatus.Normal);
try
{
var newContainer = new PC.Permissions.SCAclContainer(item);
PC.Permissions.SCAclMemberCollection members = new PC.Permissions.SCAclMemberCollection();
foreach (var acl in pendingAcls)
{
ImportService.Instance.WithEffectObject <SchemaObjectBase>(acl.MemberID, role =>
{
members.Add(acl.ContainerPermission, role);
}, null);
}
var oldMembers = PC.Adapters.SCAclAdapter.Instance.LoadByContainerID(item.ID, DateTime.MinValue);
if (oldMembers != null)
{
members.MergeChangedItems(oldMembers);
}
newContainer.Members.CopyFrom(members);
context.SetStatus(count, allCount, "正在替换对象ACL:" + summaryName);
PC.Adapters.SCAclAdapter.Instance.Update(newContainer);
}
catch (Exception ex)
{
context.AppendLogFormat("对项 {0} 的ACL操作失败,原因是:{1}\r\n", summaryName, ex.Message);
}
}
}
}
public void UpdateObjectAcl(string ownerID, ClientAclItem[] clientAcls)
{
var owner = PC.Adapters.SchemaObjectAdapter.Instance.Load(ownerID);
if (owner == null || owner.Status != SchemaObjectStatus.Normal)
throw new InvalidOperationException("指定对象不存在或已删除");
PC.Permissions.SCAclContainer container = new PC.Permissions.SCAclContainer(owner);
foreach (ClientAclItem item in clientAcls)
{
if (item.Status == ClientSchemaObjectStatus.Normal)
container.Members.Add(item.ToSCAcl());
}
container.Members.MergeChangedItems(PC.Adapters.SCAclAdapter.Instance.LoadByContainerID(ownerID, DateTime.MinValue));
Facade.UpdateObjectAcl(container);
}
private void ImportAcl(IImportContext context, PC.Executors.ISCObjectOperations executor, PC.SCApplication targetApp, PC.Permissions.SCAclItem[] acls)
{
if (acls.Length > 0)
{
var container = new PC.Permissions.SCAclContainer(targetApp);
context.AppendLogFormat("正在替 {0} 合并ACL定义\r\n", targetApp.ToDescription());
var oldPermissions = PC.Adapters.SCAclAdapter.Instance.LoadByContainerID(targetApp.ID, DateTime.MinValue);
PC.Permissions.SCAclMemberCollection members = new PC.Permissions.SCAclMemberCollection();
foreach (var item in acls)
{
ImportService.Instance.WithEffectObject<PC.SchemaObjectBase>(item.MemberID, role =>
{
members.Add(item.ContainerPermission, role);
}, null);
}
if (oldPermissions != null && oldPermissions.Count > 0)
{
members.MergeChangedItems(oldPermissions);
}
container.Members.CopyFrom(members);
PC.Adapters.SCAclAdapter.Instance.Update(container);
}
}
public override void DoImport(SCObjectSet objectSet, IImportContext context)
{
if (objectSet.HasAcls)
{
context.SetStatus(0, 1, "正在寻找当前组织内组织的ACL。");
var pendingOrgs = new List<SCOrganization>(objectSet.Objects.Count);
foreach (SCOrganization item in ImportService.Instance.FilterNormalObjects<SCOrganization>(objectSet.Objects))
{
// 进行过滤,保留当前组织中的组织
if (objectSet.Relations.Exists(r => r.ParentID == this.Parent.ID && r.Status == SchemaObjectStatus.Normal && r.ID == item.ID))
{
pendingOrgs.Add(item);
}
}
int allCount = pendingOrgs.Count;
int count = 0;
foreach (SCOrganization item in pendingOrgs)
{
var summaryName = item.ToDescription();
count++;
var pendingAcls = ImportService.Instance.FilterAcls(objectSet.Acls, acl => acl.ContainerID == item.ID && acl.Status == SchemaObjectStatus.Normal);
try
{
var newContainer = new PC.Permissions.SCAclContainer(item);
PC.Permissions.SCAclMemberCollection members = new PC.Permissions.SCAclMemberCollection();
foreach (var acl in pendingAcls)
{
ImportService.Instance.WithEffectObject<SchemaObjectBase>(acl.MemberID, role =>
{
members.Add(acl.ContainerPermission, role);
}, null);
}
var oldMembers = PC.Adapters.SCAclAdapter.Instance.LoadByContainerID(item.ID, DateTime.MinValue);
if (oldMembers != null)
{
members.MergeChangedItems(oldMembers);
}
newContainer.Members.CopyFrom(members);
context.SetStatus(count, allCount, "正在替换对象ACL:" + summaryName);
PC.Adapters.SCAclAdapter.Instance.Update(newContainer);
}
catch (Exception ex)
{
context.AppendLogFormat("对项 {0} 的ACL操作失败,原因是:{1}\r\n", summaryName, ex.Message);
}
}
}
}
public void LoadCurrentContainerAndPermissionsTest()
{
SCAclAdapter adapter = SCAclAdapter.Instance;
SCObjectGenerator.PreareTestOguObjectForDelete();
var parent1 = (SCOrganization)SchemaObjectAdapter.Instance.LoadByCodeName("Organizations", "groupHQ", SchemaObjectStatus.Normal, DateTime.MinValue);
var role1 = (SCRole)SchemaObjectAdapter.Instance.LoadByCodeName("Roles", "系统管理员", SchemaObjectStatus.Normal, DateTime.MinValue);
var role2 = (SCRole)SchemaObjectAdapter.Instance.LoadByCodeName("Roles", "系统维护员", SchemaObjectStatus.Normal, DateTime.MinValue);
var container = new PC.Permissions.SCAclContainer(parent1);
container.Members.Add("AddChildren", role1);
container.Members.Add("DeleteChildren", role1);
container.Members.Add("UpdateChildren", role2);
container.Members.Add("EditPermissionsOfChildren", role2);
container.Members.Add("AddChildren", role2);
PC.Executors.SCObjectOperations.Instance.UpdateObjectAcl(container);
var user = (SCUser)SchemaObjectAdapter.Instance.LoadByCodeName("Users", "fanhy", SchemaObjectStatus.Normal, DateTime.MinValue);
Thread.Sleep(2000);
var result = adapter.LoadCurrentContainerAndPermissions(user.ID, new string[] { parent1.ID });
Assert.IsTrue((from PC.Permissions.SCContainerAndPermission p in result where p.ContainerPermission == "AddChildren" && p.ContainerID == parent1.ID select p).Any());
Assert.IsTrue((from PC.Permissions.SCContainerAndPermission p in result where p.ContainerPermission == "DeleteChildren" && p.ContainerID == parent1.ID select p).Any());
}
