/// <summary>
///
/// </summary>
/// <param name="applicationId"></param>
/// <param name="roleCode"></param>
/// <returns></returns>
public PermissionCollection GetRolePermissions(int applicationId, int roleID)
{
try
{
PermissionCollection collection = new PermissionCollection();
// create sql param
SqlParameter prmApplicationID = new SqlParameter("@ApplicationID", SqlDbType.Int, 4);
prmApplicationID.Direction = ParameterDirection.Input;
prmApplicationID.Value = applicationId;
SqlParameter prmRoleID = new SqlParameter("@RoleID", SqlDbType.Int, 4);
prmRoleID.Direction = ParameterDirection.Input;
prmRoleID.Value = roleID;
using (IDataReader dr = Database.ExecuteReader("UspGetRolePermissions", CommandType.StoredProcedure, prmApplicationID, prmRoleID))
{
while (dr.Read())
{
Permission permission = Populate(dr);
collection.Add(permission);
}
}
return(collection);
}
catch (Exception ex)
{
throw ex;
}
}
/// <summary>
///
/// </summary>
/// <param name="iResourceID"></param>
/// <param name="strUserName"></param>
/// <param name="strRoleCode"></param>
/// <returns></returns>
public PermissionCollection GetPermissionOnResourceByUserRole(int iResourceID, string strUserName, string strRoleCode, bool bIsAllowed)
{
try
{
PermissionCollection collection = new PermissionCollection();
// create sql param
SqlParameter prmResourceID = new SqlParameter("@ResourceID", SqlDbType.Int, 4);
prmResourceID.Direction = ParameterDirection.Input;
prmResourceID.Value = iResourceID;
SqlParameter prmUserName = new SqlParameter("@UserName", SqlDbType.VarChar, 50);
prmUserName.Direction = ParameterDirection.Input;
prmUserName.Value = strUserName;
if (string.IsNullOrEmpty(strUserName))
{
prmUserName.Value = DBNull.Value;
}
SqlParameter prmRoleCode = new SqlParameter("@RoleCode", SqlDbType.VarChar, 50);
prmRoleCode.Direction = ParameterDirection.Input;
prmRoleCode.Value = strRoleCode;
SqlParameter prmIsAllowed = new SqlParameter("@IsAllowed", SqlDbType.Bit);
prmIsAllowed.Direction = ParameterDirection.Input;
prmIsAllowed.Value = bIsAllowed;
if (string.IsNullOrEmpty(strRoleCode))
{
prmRoleCode.Value = DBNull.Value;
}
using (IDataReader dr = Database.ExecuteReader("UspGetPermissionOnResourceByUserRole", CommandType.StoredProcedure
, prmResourceID, prmUserName, prmRoleCode, prmIsAllowed))
{
while (dr.Read())
{
Permission permission = Populate(dr);
collection.Add(permission);
}
}
return(collection);
}
catch (Exception ex)
{
throw ex;
}
}
internal static PermissionCollection GetCollection(DataTable dataItems)
{
PermissionCollection listCollection = new PermissionCollection();
Permission current = null;
if (dataItems != null)
{
for (int i = 0; i < dataItems.Rows.Count; i++)
{
current = new Permission(dataItems.Rows[i]);
listCollection.Add(current);
}
}
else
{
throw new Exception("You cannot create a Permission collection from a null data table.");
}
return(listCollection);
}
internal PermissionCollection InitPermissions(String[] PermissionIndex)
{
PermissionCollection permissionCollection = new PermissionCollection();
if (PermissionIndex == null || PermissionIndex.Length == 0)
{
return(permissionCollection);
}
StringBuilder Sql_Permissions = new StringBuilder();
//增加查询条件 Scdel=0 2013-10-17
Sql_Permissions.Append("select * from sys_auth_Permissions where Scdel=0 and ID in ");
Sql_Permissions.Append(string.Concat("('", string.Join("','", PermissionIndex), "')"));
Sql_Permissions.Append(" order by ClsInfo");
StringBuilder Sql_FieldPermission = new StringBuilder();
Sql_FieldPermission.Append("select * from sys_auth_FieldPermission where FieldsID in (");
//增加查询条件 Scdel=0 2013-10-17
Sql_FieldPermission.Append("select ID from sys_auth_Permissions where Scdel=0 and ID in ");
Sql_FieldPermission.Append(string.Concat("('", string.Join("','", PermissionIndex), "')"));
Sql_FieldPermission.Append(" And ClsInfo='Fields'");
Sql_FieldPermission.Append(") order by Indentity");
StringBuilder Sql_RecordPermission = new StringBuilder();
Sql_RecordPermission.Append("Select * from sys_auth_RecordPermission where RecordsID in (");
//增加查询条件 Scdel=0 2013-10-17
Sql_RecordPermission.Append("select ID from sys_auth_Permissions where Scdel=0 and ID in ");
Sql_RecordPermission.Append(string.Concat("('", string.Join("','", PermissionIndex), "')"));
Sql_RecordPermission.Append(" And ClsInfo='Records'");
Sql_RecordPermission.Append(") order by Indentity");
StringBuilder Sql_FunctionPermission = new StringBuilder();
Sql_FunctionPermission.Append("Select * from sys_auth_FunctionPermission where FunctionsID in (");
//增加查询条件 Scdel=0 2013-10-17
Sql_FunctionPermission.Append("select ID from sys_auth_Permissions where Scdel=0 and ID in ");
Sql_FunctionPermission.Append(string.Concat("('", string.Join("','", PermissionIndex), "')"));
Sql_FunctionPermission.Append(" And ClsInfo='Functions'");
Sql_FunctionPermission.Append(") order by Indentity");
StringBuilder Sql_DataPermission = new StringBuilder();
Sql_DataPermission.Append("Select * from sys_auth_DataPermission where TableID in (");
//增加查询条件 Scdel=0 2013-10-17
Sql_DataPermission.Append("select ID from sys_auth_Permissions where Scdel=0 and ID in ");
Sql_DataPermission.Append(string.Concat("('", string.Join("','", PermissionIndex), "')"));
Sql_DataPermission.Append(" And ClsInfo='Datas'");
Sql_DataPermission.Append(") order by TableID");
List <String> Sql_Commands = new List <string>();
Sql_Commands.Add(Sql_Permissions.ToString());
Sql_Commands.Add(Sql_FieldPermission.ToString());
Sql_Commands.Add(Sql_RecordPermission.ToString());
Sql_Commands.Add(Sql_FunctionPermission.ToString());
Sql_Commands.Add(Sql_DataPermission.ToString());
DataSet dataset = GetDataSet(Sql_Commands.ToArray());
if (dataset != null)
{
DataTable PermissionDataTable = dataset.Tables["sys_auth_Permissions"];
DataTable FieldPermissionDataTable = dataset.Tables["sys_auth_FieldPermission"];
DataTable RecordPermissionDataTable = dataset.Tables["sys_auth_RecordPermission"];
DataTable FunctionPermissionDataTable = dataset.Tables["sys_auth_FunctionPermission"];
DataTable DataPermissionDataTable = dataset.Tables["sys_auth_DataPermission"];
foreach (DataRow Row in PermissionDataTable.Rows)
{
String Index = Row["ID"].ToString();
String Cls = Row["ClsInfo"].ToString();
String ModelIndex = Row["ModuleID"].ToString();
String Description = Row["Description"].ToString();
PermissionType Type = Type = (PermissionType)Enum.Parse(typeof(PermissionType), Cls);
if (Type == PermissionType.Records)
{
RecordsPermission recordsPermission = new RecordsPermission();
recordsPermission.ModuleID = ModelIndex;
recordsPermission.Index = Index;
recordsPermission.Caption = Description;
permissionCollection.Add(recordsPermission);
DataRow[] RecordRows = RecordPermissionDataTable.Select("RecordsID='" + Index + "'");
foreach (DataRow RecordRow in RecordRows)
{
RecordListElement recordListElement = new RecordListElement();
recordListElement.Caption = RecordRow["Description"].ToString();
recordListElement.Index = RecordRow["Indentity"].ToString();
recordListElement.Code = RecordRow["RecordCode"].ToString();
recordsPermission.RecordPermissionList.Add(recordListElement);
}
}
else if (Type == PermissionType.Fields)
{
FieldsPermission fieldsPermission = new FieldsPermission();
fieldsPermission.ModuleID = ModelIndex;
fieldsPermission.Index = Index;
fieldsPermission.Caption = Description;
fieldsPermission.FieldsName = Description;
permissionCollection.Add(fieldsPermission);
DataRow[] FieldRows = FieldPermissionDataTable.Select("FieldsID='" + Index + "'");
foreach (DataRow FieldRow in FieldRows)
{
FieldPermission fieldPermission = new FieldPermission();
fieldPermission.Index = FieldRow["Indentity"].ToString();
fieldPermission.FieldName = FieldRow["Description"].ToString();
fieldPermission.Editable = Convert.ToBoolean(FieldRow["Editable"]);
fieldPermission.Viewable = Convert.ToBoolean(FieldRow["Viewable"]);
fieldsPermission.Fields.Add(fieldPermission);
}
}
else if (Type == PermissionType.Functions)
{
FunctionsPermission functionsPermission = new FunctionsPermission();
functionsPermission.ModuleID = ModelIndex;
functionsPermission.Index = Index;
functionsPermission.Caption = Description;
permissionCollection.Add(functionsPermission);
DataRow[] FunctionRows = FunctionPermissionDataTable.Select("FunctionsID='" + Index + "'");
foreach (DataRow FunctionRow in FunctionRows)
{
FunctionPermission functionPermission = new FunctionPermission();
functionPermission.Caption = FunctionRow["Description"].ToString();
functionPermission.Index = FunctionRow["Indentity"].ToString();
functionsPermission.Functions.Add(functionPermission);
}
}
else if (Type == PermissionType.Datas)
{
DatasPermission datasPermission = new DatasPermission();
datasPermission.ModuleID = ModelIndex;
datasPermission.Index = Index;
datasPermission.Caption = Description;
permissionCollection.Add(datasPermission);
DataRow[] DataRows = DataPermissionDataTable.Select("TableID='" + Index + "'");
foreach (DataRow DataRow in DataRows)
{
DataPermission dataPermission = new DataPermission();
dataPermission.Index = DataRow["TableID"].ToString();
dataPermission.FieldName = DataRow["FieldName"].ToString();
String FieldValueList = DataRow["FieldValues"].ToString();
if (!string.IsNullOrEmpty(FieldValueList))
{
String[] Values = FieldValueList.Split(new Char[] { ';' }, StringSplitOptions.RemoveEmptyEntries);
dataPermission.Values.AddRange(Values);
}
datasPermission.Conditions.Add(dataPermission);
}
}
}
}
return(permissionCollection);
}
/// <summary>
/// Returns the permissions for the given codesource object.
/// The implementation of this method first calls super.getPermissions
/// and then adds permissions based on the URL of the codesource.
/// <para>
/// If the protocol of this URL is "jar", then the permission granted
/// is based on the permission that is required by the URL of the Jar
/// file.
/// </para>
/// <para>
/// If the protocol is "file" and there is an authority component, then
/// permission to connect to and accept connections from that authority
/// may be granted. If the protocol is "file"
/// and the path specifies a file, then permission to read that
/// file is granted. If protocol is "file" and the path is
/// a directory, permission is granted to read all files
/// and (recursively) all files and subdirectories contained in
/// that directory.
/// </para>
/// <para>
/// If the protocol is not "file", then permission
/// to connect to and accept connections from the URL's host is granted.
/// </para>
/// </summary>
/// <param name="codesource"> the codesource </param>
/// <exception cref="NullPointerException"> if {@code codesource} is {@code null}. </exception>
/// <returns> the permissions granted to the codesource </returns>
protected internal override PermissionCollection GetPermissions(CodeSource codesource)
{
PermissionCollection perms = base.GetPermissions(codesource);
URL url = codesource.Location;
Permission p;
URLConnection urlConnection;
try
{
urlConnection = url.OpenConnection();
p = urlConnection.Permission;
}
catch (IOException)
{
p = null;
urlConnection = null;
}
if (p is FilePermission)
{
// if the permission has a separator char on the end,
// it means the codebase is a directory, and we need
// to add an additional permission to read recursively
String path = p.Name;
if (path.EndsWith(File.Separator))
{
path += "-";
p = new FilePermission(path, SecurityConstants.FILE_READ_ACTION);
}
}
else if ((p == null) && (url.Protocol.Equals("file")))
{
String path = url.File.Replace('/', System.IO.Path.DirectorySeparatorChar);
path = ParseUtil.decode(path);
if (path.EndsWith(File.Separator))
{
path += "-";
}
p = new FilePermission(path, SecurityConstants.FILE_READ_ACTION);
}
else
{
/// <summary>
/// Not loading from a 'file:' URL so we want to give the class
/// permission to connect to and accept from the remote host
/// after we've made sure the host is the correct one and is valid.
/// </summary>
URL locUrl = url;
if (urlConnection is JarURLConnection)
{
locUrl = ((JarURLConnection)urlConnection).JarFileURL;
}
String host = locUrl.Host;
if (host != null && (host.Length() > 0))
{
p = new SocketPermission(host, SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION);
}
}
// make sure the person that created this class loader
// would have this permission
if (p != null)
{
//JAVA TO C# CONVERTER WARNING: The original Java variable was marked 'final':
//ORIGINAL LINE: final SecurityManager sm = System.getSecurityManager();
SecurityManager sm = System.SecurityManager;
if (sm != null)
{
//JAVA TO C# CONVERTER WARNING: The original Java variable was marked 'final':
//ORIGINAL LINE: final java.security.Permission fp = p;
Permission fp = p;
AccessController.doPrivileged(new PrivilegedActionAnonymousInnerClassHelper3(this, sm, fp), Acc);
}
perms.Add(p);
}
return(perms);
}
public void GenerateReport()
{
StringBuilder SQL_DataSource = new StringBuilder();
SQL_DataSource.Append("select a.nodecode as foldercode,b.description as foldername,c.nodecode as modulecode,d.description as modulename,d.id ");
SQL_DataSource.Append("from sys_engs_ItemInfo as b,");
SQL_DataSource.Append("(SELECT NodeCode,ralationid FROM sys_engs_Tree ");
SQL_DataSource.Append("WHERE (SUBSTRING(NodeCode, 0, 13) IN");
SQL_DataSource.Append("(SELECT NodeCode FROM sys_engs_Tree AS sys_engs_Tree_1 WHERE (NodeType = '@unit_施工单位'))) and nodetype = '@folder') as a,");
SQL_DataSource.Append("(SELECT NodeCode,ralationid FROM sys_engs_Tree ");
SQL_DataSource.Append("WHERE (SUBSTRING(NodeCode, 0, 13) IN (SELECT NodeCode FROM sys_engs_Tree AS sys_engs_Tree_1 WHERE (NodeType = '@unit_施工单位'))) and nodetype = '@module') as c,");
//增加查询条件 Scdel=0 2013-10-17
SQL_DataSource.Append("sys_biz_Module as d where b.Scdel=0 and b.id = a.ralationid and c.ralationid = d.id and c.nodecode like a.nodecode + '%' order by a.nodecode,c.nodecode");
DataTable DataSource = GetDataTable(SQL_DataSource.ToString());
DataTable DataResule = new DataTable();
DataColumn Column = new DataColumn("CompanyName");
Column.DataType = typeof(String);
DataResule.Columns.Add(Column);
Column = new DataColumn("CompanyCode");
Column.DataType = typeof(String);
DataResule.Columns.Add(Column);
Column = new DataColumn("ModelCode");
Column.DataType = typeof(String);
DataResule.Columns.Add(Column);
Column = new DataColumn("FolderName");
Column.DataType = typeof(String);
DataResule.Columns.Add(Column);
Column = new DataColumn("ModuleName");
Column.DataType = typeof(String);
DataResule.Columns.Add(Column);
Column = new DataColumn("PXRate");
Column.DataType = System.Type.GetType("System.Decimal");
DataResule.Columns.Add(Column);
Column = new DataColumn("YZRate");
Column.DataType = System.Type.GetType("System.Decimal");
DataResule.Columns.Add(Column);
Column = new DataColumn("SelectTable");
Column.DataType = typeof(String);
DataResule.Columns.Add(Column);
foreach (DataRow Row in DataSource.Rows)
{
String TableName = "biz_norm_extent_" + Row["id"].ToString();
StringBuilder SQL_Company = new StringBuilder();
SQL_Company.Append("select a.Description,b.NodeCode from sys_engs_CompanyInfo as a,sys_engs_Tree as b");
//增加查询条件 Scdel=0 2013-10-17
SQL_Company.Append("where a.Scdel=0 and");
SQL_Company.Append("b.NodeCode ='");
SQL_Company.Append(Row["foldercode"].ToString().Substring(0, 12));
SQL_Company.Append("' and a.id = b.ralationid");
DataTable CompanyInfo = GetDataTable(SQL_Company.ToString());
DataRow newRow = DataResule.NewRow();
newRow["CompanyName"] = CompanyInfo.Rows[0]["Description"].ToString();
newRow["CompanyCode"] = CompanyInfo.Rows[0]["NodeCode"].ToString();
newRow["FolderName"] = Row["FolderName"].ToString();
newRow["ModuleName"] = Row["ModuleName"].ToString();
newRow["SelectTable"] = TableName;
newRow["ModelCode"] = Row["modulecode"].ToString();
DataResule.Rows.Add(newRow);
}
StringBuilder Sql_Select = new StringBuilder();
Sql_Select.Append("select code from sys_auth_Organization where type = '");
Sql_Select.Append("监理单位");
Sql_Select.Append("'");
DataTable Organization = GetDataTable(Sql_Select.ToString());
if (Organization != null && Organization.Rows.Count > 0)
{
PermissionCollection Permissions = new PermissionCollection();
foreach (DataRow Row in Organization.Rows)
{
int PXCount;
int JZCount;
int AllCount;
Sql_Select = new StringBuilder();
//增加查询条件 Scdel=0 2013-10-17
Sql_Select.Append("select * from sys_auth_Users where Scdel=0 and code like '");
Sql_Select.Append(Row["code"].ToString());
Sql_Select.Append("%'");
DataTable Users = GetDataTable(Sql_Select.ToString());
if (Users != null && Users.Rows.Count > 0)
{
foreach (DataRow UserRow in Users.Rows)
{
RoleCollection Roles = RoleManager.InitRoleInformation(UserRow["ID"].ToString());
foreach (Role role in Roles)
{
PermissionCollection _Permissions = PermissionManager.InitPermissions(role.Index);
foreach (Permission Permission in _Permissions)
{
if (!Permissions.Contains(Permission))
{
Permissions.Add(Permission);
}
}
}
}
}
IAuthPolicy AuthPolicy = AuthManager.GetTreeAuth(TreeID, Permissions);
DataTable SelectData = new DataTable();
SelectData = DataResule.Clone();
StringBuilder Sql_JLSelect = new StringBuilder();
Sql_JLSelect.Append("select NodeCode from sys_engs_Tree where nodetype ='@unit_监理单位'");
DataTable JLData = GetDataTable(Sql_Select.ToString());
foreach (DataRow JLRow in JLData.Rows)
{
if (AuthPolicy.HasAuth(JLRow["NodeCode"].ToString()))
{
foreach (DataRow SelectRow in DataResule.Rows)
{
if (AuthPolicy.HasAuth(SelectRow["NodeCode"].ToString()))
{
StringBuilder SQL_PXCount = new StringBuilder();
SQL_PXCount.Append("select count(id) from ");
SQL_PXCount.Append(SelectRow["SelectTable"].ToString());
SQL_PXCount.Append("where trytype = '");
SQL_PXCount.Append("平行 and scpt ='");
SQL_PXCount.Append(JLRow["NodeCode"].ToString());
SQL_PXCount.Append("' and scct in (select id from ");
SQL_PXCount.Append(SelectRow["SelectTable"].ToString());
SQL_PXCount.Append(" where scpt ='");
SQL_PXCount.Append(SelectRow["modulecode"].ToString());
SQL_PXCount.Append("')");
PXCount = Convert.ToInt32(ExcuteScalar(SQL_PXCount.ToString()));
StringBuilder SQL_JZCount = new StringBuilder();
SQL_JZCount.Append("select count(id) from ");
SQL_JZCount.Append(SelectRow["SelectTable"].ToString());
SQL_JZCount.Append("where trytype = '");
SQL_JZCount.Append("见证 and scpt ='");
SQL_JZCount.Append(JLRow["NodeCode"].ToString());
SQL_JZCount.Append("' and scct in (select id from ");
SQL_JZCount.Append(SelectRow["SelectTable"].ToString());
SQL_JZCount.Append(" where scpt ='");
SQL_JZCount.Append(SelectRow["modulecode"].ToString());
SQL_JZCount.Append("')");
JZCount = Convert.ToInt32(ExcuteScalar(SQL_JZCount.ToString()));
StringBuilder SQL_ALLCount = new StringBuilder();
SQL_ALLCount.Append("select count(id) from ");
SQL_ALLCount.Append(SelectRow["SelectTable"].ToString());
SQL_ALLCount.Append("where scpt ='");
SQL_ALLCount.Append(SelectRow["modulecode"].ToString());
SQL_ALLCount.Append("'");
AllCount = Convert.ToInt32(ExcuteScalar(SQL_ALLCount.ToString()));
SelectRow["PXRate"] = PXCount / AllCount;
SelectRow["YZRate"] = JZCount / AllCount;
SelectData.ImportRow(SelectRow);
}
}
DrawSupervisionReport(SelectData, Row["Description"].ToString());
}
}
}
}
}
/// <summary>
/// 获得角色的权限点
/// </summary>
/// <param name="role"></param>
/// <returns></returns>
public PermissionCollection GetPermissions(int role)
{
var permissions = new PermissionCollection();
DbProvider.D<RoleAccess>().Where(x => x.RoleId == role).ToList().ForEach(access => permissions.Add(new Permission { ModuleKey = access.Module, NodeKey = access.Node }));
return permissions;
}
