public void LoadCurrentContainerAndPermissionsTest() { SCAclAdapter adapter = SCAclAdapter.Instance; SCObjectGenerator.PreareTestOguObjectForDelete(); var parent1 = (SCOrganization)SchemaObjectAdapter.Instance.LoadByCodeName("Organizations", "groupHQ", SchemaObjectStatus.Normal, DateTime.MinValue); var role1 = (SCRole)SchemaObjectAdapter.Instance.LoadByCodeName("Roles", "系统管理员", SchemaObjectStatus.Normal, DateTime.MinValue); var role2 = (SCRole)SchemaObjectAdapter.Instance.LoadByCodeName("Roles", "系统维护员", SchemaObjectStatus.Normal, DateTime.MinValue); var container = new PC.Permissions.SCAclContainer(parent1); container.Members.Add("AddChildren", role1); container.Members.Add("DeleteChildren", role1); container.Members.Add("UpdateChildren", role2); container.Members.Add("EditPermissionsOfChildren", role2); container.Members.Add("AddChildren", role2); PC.Executors.SCObjectOperations.Instance.UpdateObjectAcl(container); var user = (SCUser)SchemaObjectAdapter.Instance.LoadByCodeName("Users", "fanhy", SchemaObjectStatus.Normal, DateTime.MinValue); Thread.Sleep(2000); var result = adapter.LoadCurrentContainerAndPermissions(user.ID, new string[] { parent1.ID }); Assert.IsTrue((from PC.Permissions.SCContainerAndPermission p in result where p.ContainerPermission == "AddChildren" && p.ContainerID == parent1.ID select p).Any()); Assert.IsTrue((from PC.Permissions.SCContainerAndPermission p in result where p.ContainerPermission == "DeleteChildren" && p.ContainerID == parent1.ID select p).Any()); }
private void ImportAcl(IImportContext context, PC.Executors.ISCObjectOperations executor, PC.SCApplication targetApp, PC.Permissions.SCAclItem[] acls) { if (acls.Length > 0) { var container = new PC.Permissions.SCAclContainer(targetApp); context.AppendLogFormat("正在替 {0} 合并ACL定义\r\n", targetApp.ToDescription()); var oldPermissions = PC.Adapters.SCAclAdapter.Instance.LoadByContainerID(targetApp.ID, DateTime.MinValue); PC.Permissions.SCAclMemberCollection members = new PC.Permissions.SCAclMemberCollection(); foreach (var item in acls) { ImportService.Instance.WithEffectObject <PC.SchemaObjectBase>(item.MemberID, role => { members.Add(item.ContainerPermission, role); }, null); } if (oldPermissions != null && oldPermissions.Count > 0) { members.MergeChangedItems(oldPermissions); } container.Members.CopyFrom(members); PC.Adapters.SCAclAdapter.Instance.Update(container); } }
protected void SetContainerMemberAndPermissions(PC.SchemaObjectBase container, PC.SCRole member, string[] permissions) { PC.Permissions.SCAclContainer cc = new PC.Permissions.SCAclContainer(container); if (permissions != null) { foreach (string permission in permissions) { cc.Members.AddNotExistsItem(new PC.Permissions.SCAclItem(permission, member)); } } var old = PC.Adapters.SCAclAdapter.Instance.LoadByContainerID(container.ID, DateTime.MinValue); if (old != null) { cc.Members.MergeChangedItems(old); } PC.Adapters.SCAclAdapter.Instance.Update(cc); }
public void ReplaceAcl() { SCObjectGenerator.PreareTestOguObjectForDelete(); var parent1 = (SCOrganization)SchemaObjectAdapter.Instance.LoadByCodeName("Organizations", "groupHQ", SchemaObjectStatus.Normal, DateTime.MinValue); var parent2 = (SCOrganization)SchemaObjectAdapter.Instance.LoadByCodeName("Organizations", "流程管理部", SchemaObjectStatus.Normal, DateTime.MinValue); var role1 = (SCRole)SchemaObjectAdapter.Instance.LoadByCodeName("Roles", "系统管理员", SchemaObjectStatus.Normal, DateTime.MinValue); var role2 = (SCRole)SchemaObjectAdapter.Instance.LoadByCodeName("Roles", "系统维护员", SchemaObjectStatus.Normal, DateTime.MinValue); var container = new PC.Permissions.SCAclContainer(parent1); container.Members.Add("AddChildren", role1); container.Members.Add("DeleteChildren", role1); container.Members.Add("UpdateChildren", role2); container.Members.Add("EditPermissionsOfChildren", role2); container.Members.Add("AddChildren", role2); PC.Executors.SCObjectOperations.Instance.UpdateObjectAcl(container); var childAcls = PC.Adapters.SCAclAdapter.Instance.LoadByContainerID(parent2.ID, DateTime.MinValue); Assert.IsTrue(childAcls.Count == 0); SCReplaceAclRecursivelyExecutor executor = new SCReplaceAclRecursivelyExecutor(SOA.DataObjects.Security.Actions.SCOperationType.ReplaceAclRecursively, parent1) { }; executor.Execute(); childAcls = PC.Adapters.SCAclAdapter.Instance.LoadByContainerID(parent2.ID, DateTime.MinValue); Assert.IsTrue(childAcls.Count == 5); Assert.IsTrue((from p in childAcls where p.ContainerID == parent2.ID && p.ContainerPermission == "AddChildren" && p.MemberID == role1.ID select p).Any()); Assert.IsTrue((from p in childAcls where p.ContainerID == parent2.ID && p.ContainerPermission == "DeleteChildren" && p.MemberID == role1.ID select p).Any()); Assert.IsTrue((from p in childAcls where p.ContainerID == parent2.ID && p.ContainerPermission == "UpdateChildren" && p.MemberID == role2.ID select p).Any()); Assert.IsTrue((from p in childAcls where p.ContainerID == parent2.ID && p.ContainerPermission == "EditPermissionsOfChildren" && p.MemberID == role2.ID select p).Any()); Assert.IsTrue((from p in childAcls where p.ContainerID == parent2.ID && p.ContainerPermission == "AddChildren" && p.MemberID == role2.ID select p).Any()); }
public override void ExecuteEachOrganization(SCObjectSet objectSet, IImportContext context, IDictionary<string, PC.SchemaObjectBase> knownObjects, PC.SCOrganization org, Dictionary<string, IList<PC.SCOrganization>> orgToOrgRelations, Dictionary<string, IList<PC.SCUser>> orgToUserRelations, Dictionary<string, IList<PC.SCGroup>> orgToGroupRelations) { if (objectSet.HasAcls) { context.SetStatus(Owner.currentSteps, Owner.allSteps, string.Format("正在寻找 {0} 的ACL。", org.ToDescription())); var allAcls = ImportService.Instance.FilterAcls(objectSet.Acls, acl => acl.ContainerID == org.ID && acl.Status == SchemaObjectStatus.Normal).ToList(); var summaryName = org.ToDescription(); try { var newContainer = new PC.Permissions.SCAclContainer(org); foreach (var acl in allAcls) { ImportService.Instance.WithEffectObject<PC.SchemaObjectBase>(acl.MemberID, knownObjects, role => { newContainer.Members.Add(acl.ContainerPermission, role); }, null); } var oldMembers = PC.Adapters.SCAclAdapter.Instance.LoadByContainerID(org.ID, DateTime.MinValue); if (oldMembers != null) { newContainer.Members.MergeChangedItems(oldMembers); } context.SetStatusAndLog(Owner.currentSteps, Owner.allSteps, string.Format("正在替换 {0} 的ACL:", summaryName)); PC.Adapters.SCAclAdapter.Instance.Update(newContainer); } catch (Exception ex) { context.AppendLogFormat("对象 {0} 的ACL操作失败,原因是:{1}\r\n", summaryName, ex.Message); } } }
public override void ExecuteEachOrganization(SCObjectSet objectSet, IImportContext context, IDictionary <string, PC.SchemaObjectBase> knownObjects, PC.SCOrganization org, Dictionary <string, IList <PC.SCOrganization> > orgToOrgRelations, Dictionary <string, IList <PC.SCUser> > orgToUserRelations, Dictionary <string, IList <PC.SCGroup> > orgToGroupRelations) { if (objectSet.HasAcls) { context.SetStatus(Owner.currentSteps, Owner.allSteps, string.Format("正在寻找 {0} 的ACL。", org.ToDescription())); var allAcls = ImportService.Instance.FilterAcls(objectSet.Acls, acl => acl.ContainerID == org.ID && acl.Status == SchemaObjectStatus.Normal).ToList(); var summaryName = org.ToDescription(); try { var newContainer = new PC.Permissions.SCAclContainer(org); foreach (var acl in allAcls) { ImportService.Instance.WithEffectObject <PC.SchemaObjectBase>(acl.MemberID, knownObjects, role => { newContainer.Members.Add(acl.ContainerPermission, role); }, null); } var oldMembers = PC.Adapters.SCAclAdapter.Instance.LoadByContainerID(org.ID, DateTime.MinValue); if (oldMembers != null) { newContainer.Members.MergeChangedItems(oldMembers); } context.SetStatusAndLog(Owner.currentSteps, Owner.allSteps, string.Format("正在替换 {0} 的ACL:", summaryName)); PC.Adapters.SCAclAdapter.Instance.Update(newContainer); } catch (Exception ex) { context.AppendLogFormat("对象 {0} 的ACL操作失败,原因是:{1}\r\n", summaryName, ex.Message); } } }
public void UpdateObjectAcl(string ownerID, ClientAclItem[] clientAcls) { var owner = PC.Adapters.SchemaObjectAdapter.Instance.Load(ownerID); if (owner == null || owner.Status != SchemaObjectStatus.Normal) { throw new InvalidOperationException("指定对象不存在或已删除"); } PC.Permissions.SCAclContainer container = new PC.Permissions.SCAclContainer(owner); foreach (ClientAclItem item in clientAcls) { if (item.Status == ClientSchemaObjectStatus.Normal) { container.Members.Add(item.ToSCAcl()); } } container.Members.MergeChangedItems(PC.Adapters.SCAclAdapter.Instance.LoadByContainerID(ownerID, DateTime.MinValue)); Facade.UpdateObjectAcl(container); }
public override void DoImport(SCObjectSet objectSet, IImportContext context) { if (objectSet.HasAcls) { context.SetStatus(0, 1, "正在寻找当前组织内组织的ACL。"); var pendingOrgs = new List <SCOrganization>(objectSet.Objects.Count); foreach (SCOrganization item in ImportService.Instance.FilterNormalObjects <SCOrganization>(objectSet.Objects)) { // 进行过滤,保留当前组织中的组织 if (objectSet.Relations.Exists(r => r.ParentID == this.Parent.ID && r.Status == SchemaObjectStatus.Normal && r.ID == item.ID)) { pendingOrgs.Add(item); } } int allCount = pendingOrgs.Count; int count = 0; foreach (SCOrganization item in pendingOrgs) { var summaryName = item.ToDescription(); count++; var pendingAcls = ImportService.Instance.FilterAcls(objectSet.Acls, acl => acl.ContainerID == item.ID && acl.Status == SchemaObjectStatus.Normal); try { var newContainer = new PC.Permissions.SCAclContainer(item); PC.Permissions.SCAclMemberCollection members = new PC.Permissions.SCAclMemberCollection(); foreach (var acl in pendingAcls) { ImportService.Instance.WithEffectObject <SchemaObjectBase>(acl.MemberID, role => { members.Add(acl.ContainerPermission, role); }, null); } var oldMembers = PC.Adapters.SCAclAdapter.Instance.LoadByContainerID(item.ID, DateTime.MinValue); if (oldMembers != null) { members.MergeChangedItems(oldMembers); } newContainer.Members.CopyFrom(members); context.SetStatus(count, allCount, "正在替换对象ACL:" + summaryName); PC.Adapters.SCAclAdapter.Instance.Update(newContainer); } catch (Exception ex) { context.AppendLogFormat("对项 {0} 的ACL操作失败,原因是:{1}\r\n", summaryName, ex.Message); } } } }
public void UpdateObjectAcl(string ownerID, ClientAclItem[] clientAcls) { var owner = PC.Adapters.SchemaObjectAdapter.Instance.Load(ownerID); if (owner == null || owner.Status != SchemaObjectStatus.Normal) throw new InvalidOperationException("指定对象不存在或已删除"); PC.Permissions.SCAclContainer container = new PC.Permissions.SCAclContainer(owner); foreach (ClientAclItem item in clientAcls) { if (item.Status == ClientSchemaObjectStatus.Normal) container.Members.Add(item.ToSCAcl()); } container.Members.MergeChangedItems(PC.Adapters.SCAclAdapter.Instance.LoadByContainerID(ownerID, DateTime.MinValue)); Facade.UpdateObjectAcl(container); }
private void ImportAcl(IImportContext context, PC.Executors.ISCObjectOperations executor, PC.SCApplication targetApp, PC.Permissions.SCAclItem[] acls) { if (acls.Length > 0) { var container = new PC.Permissions.SCAclContainer(targetApp); context.AppendLogFormat("正在替 {0} 合并ACL定义\r\n", targetApp.ToDescription()); var oldPermissions = PC.Adapters.SCAclAdapter.Instance.LoadByContainerID(targetApp.ID, DateTime.MinValue); PC.Permissions.SCAclMemberCollection members = new PC.Permissions.SCAclMemberCollection(); foreach (var item in acls) { ImportService.Instance.WithEffectObject<PC.SchemaObjectBase>(item.MemberID, role => { members.Add(item.ContainerPermission, role); }, null); } if (oldPermissions != null && oldPermissions.Count > 0) { members.MergeChangedItems(oldPermissions); } container.Members.CopyFrom(members); PC.Adapters.SCAclAdapter.Instance.Update(container); } }
public override void DoImport(SCObjectSet objectSet, IImportContext context) { if (objectSet.HasAcls) { context.SetStatus(0, 1, "正在寻找当前组织内组织的ACL。"); var pendingOrgs = new List<SCOrganization>(objectSet.Objects.Count); foreach (SCOrganization item in ImportService.Instance.FilterNormalObjects<SCOrganization>(objectSet.Objects)) { // 进行过滤,保留当前组织中的组织 if (objectSet.Relations.Exists(r => r.ParentID == this.Parent.ID && r.Status == SchemaObjectStatus.Normal && r.ID == item.ID)) { pendingOrgs.Add(item); } } int allCount = pendingOrgs.Count; int count = 0; foreach (SCOrganization item in pendingOrgs) { var summaryName = item.ToDescription(); count++; var pendingAcls = ImportService.Instance.FilterAcls(objectSet.Acls, acl => acl.ContainerID == item.ID && acl.Status == SchemaObjectStatus.Normal); try { var newContainer = new PC.Permissions.SCAclContainer(item); PC.Permissions.SCAclMemberCollection members = new PC.Permissions.SCAclMemberCollection(); foreach (var acl in pendingAcls) { ImportService.Instance.WithEffectObject<SchemaObjectBase>(acl.MemberID, role => { members.Add(acl.ContainerPermission, role); }, null); } var oldMembers = PC.Adapters.SCAclAdapter.Instance.LoadByContainerID(item.ID, DateTime.MinValue); if (oldMembers != null) { members.MergeChangedItems(oldMembers); } newContainer.Members.CopyFrom(members); context.SetStatus(count, allCount, "正在替换对象ACL:" + summaryName); PC.Adapters.SCAclAdapter.Instance.Update(newContainer); } catch (Exception ex) { context.AppendLogFormat("对项 {0} 的ACL操作失败,原因是:{1}\r\n", summaryName, ex.Message); } } } }