private void AuthorityCheck(PermissionObjectType objectType, string guid, string treeNodeName, string userName = null)
{
var projectSeries = new ProjectSeries();
if (objectType == PermissionObjectType.Task)
{
var task = m_dbAdapter.Task.GetTask(guid);
var project = m_dbAdapter.Project.GetProjectById(task.ProjectId);
projectSeries = m_dbAdapter.ProjectSeries.GetById(project.ProjectSeriesId.Value);
CheckIsAdmin(projectSeries, userName);
}
if (objectType == PermissionObjectType.TaskGroup)
{
var taskGroup = m_dbAdapter.TaskGroup.GetByGuid(guid);
var project = m_dbAdapter.Project.GetProjectById(taskGroup.ProjectId);
projectSeries = m_dbAdapter.ProjectSeries.GetById(project.ProjectSeriesId.Value);
CheckIsAdmin(projectSeries, userName);
}
if (objectType == PermissionObjectType.Project)
{
var project = m_dbAdapter.Project.GetProjectByGuid(guid);
projectSeries = m_dbAdapter.ProjectSeries.GetById(project.ProjectSeriesId.Value);
CheckIsAdmin(projectSeries, userName);
}
if (objectType == PermissionObjectType.ProjectSeries)
{
projectSeries = m_dbAdapter.ProjectSeries.GetByGuid(guid);
CheckIsAdmin(projectSeries, userName);
}
CommUtils.Assert(projectSeries.CreateUserName.Equals(CurrentUserName, StringComparison.CurrentCultureIgnoreCase) ||
projectSeries.PersonInCharge.Equals(CurrentUserName, StringComparison.CurrentCultureIgnoreCase),
"当前用户[" + CurrentUserName + "]没有修改[" + treeNodeName + "]的权限");
}
public List <string> GetObjectUids(string userName, PermissionObjectType objectType, PermissionType type)
{
var records = m_db.Fetch <ABSMgrConn.TablePermission>(
"SELECT * FROM " + m_defaultTableName
+ " where user_name = @0 and permission_object_type_id = @1 and permission_type = @2",
userName, (int)objectType, (int)type);
return(records.ConvertAll(x => x.permission_object_unique_identifier));
}
public List <Permission> GetByObjectUid(string objectUid, PermissionObjectType objectType, PermissionType type)
{
var records = m_db.Fetch <ABSMgrConn.TablePermission>(
"SELECT * FROM " + m_defaultTableName
+ " where permission_object_unique_identifier = @0 and permission_object_type_id = @1 and permission_type = @2",
objectUid, (int)objectType, (int)type);
return(records.ToList().ConvertAll(x => new Permission(x)));
}
//移除用户对uid的全部权限
private void RemovePermissionByObjType(PermissionObjectType permissionObjectType, List <string> uids, List <string> userNames)
{
var permissions = m_dbAdapter.Permission.GetAllPermission(userNames, uids);
foreach (var permission in permissions)
{
CommUtils.AssertEquals(permission.ObjectType, permissionObjectType,
"检测到权限类型错误:uid={0};objType={1}", permission.ObjectUniqueIdentifier, permission.ObjectType);
}
m_dbAdapter.Permission.DeletePermission(permissions);
}
public Permission NewPermission(string userName, string objectUid, PermissionObjectType objectType, PermissionType type)
{
var permission = new Permission()
{
UserName = userName,
ObjectUniqueIdentifier = objectUid,
Type = type,
ObjectType = objectType
};
return(NewPermission(permission));
}
private void SetPermissionByObjType(PermissionObjectType permissionObjectType, string uid,
List <TeamMember> teamMembers, List <TeamAdmin> teamAdmins, List <string> adminUserNames)
{
Func <Dictionary <string, List <Permission> >, string, List <Permission> > getPermission =
(dict, userName) => dict.Keys.Contains(userName, StringComparer.OrdinalIgnoreCase) ? dict[userName.ToLower()] : new List <Permission>();
var userNames = teamMembers.Select(x => x.UserName).ToList();
var userPermissions = m_dbAdapter.Permission.GetAllPermission(userNames, uid);
foreach (var teamMember in teamMembers)
{
//为项目成员操作ProjectSeries设置只读权限
//操作其他内容(如TaskGroup、Task)设置TeamMember拥有的权限
if (permissionObjectType == PermissionObjectType.ProjectSeries)
{
SetPermission(teamMember.UserName, uid, permissionObjectType,
getPermission(userPermissions, teamMember.UserName), true, false, false);
}
else
{
SetPermission(teamMember, uid, permissionObjectType,
getPermission(userPermissions, teamMember.UserName));
}
}
var teamAdminUserNames = teamAdmins.Select(x => x.UserName).ToList();
var teamAdminUserPermissions = m_dbAdapter.Permission.GetAllPermission(teamAdminUserNames, uid);
foreach (var teamAdmin in teamAdmins)
{
//设置项目管理员权限
SetPermission(teamAdmin.UserName, uid, permissionObjectType,
getPermission(teamAdminUserPermissions, teamAdmin.UserName), true, true, true);
}
var adminPermissions = m_dbAdapter.Permission.GetAllPermission(adminUserNames, uid);
foreach (var adminUserName in adminUserNames)
{
SetPermission(adminUserName, uid, permissionObjectType,
getPermission(adminPermissions, adminUserName), true, true, true);
}
}
private void AddParentPermission(string uid, string username, PermissionObjectType objectTypePermission)
{
if (objectTypePermission == PermissionObjectType.Task)
{
var task = m_dbAdapter.Task.GetTask(uid);
var taskGroup = m_dbAdapter.TaskGroup.GetById(task.TaskGroupId.Value);
var project = m_dbAdapter.Project.GetProjectById(taskGroup.ProjectId);
var projectSeries = m_dbAdapter.ProjectSeries.GetById(project.ProjectSeriesId.Value);
m_dbAdapter.Permission.NewPermission(username, taskGroup.Guid, PermissionObjectType.TaskGroup, PermissionType.Read);
m_dbAdapter.Project.NewEditProductLog(EditProductType.EditPermission, project.ProjectId,
"用户[" + username + ")],ObjectType[" + PermissionObjectType.TaskGroup.ToString() +
"]中添加[Read]权限", "");
m_dbAdapter.Permission.NewPermission(username, project.ProjectGuid, PermissionObjectType.Project, PermissionType.Read);
m_dbAdapter.Project.NewEditProductLog(EditProductType.EditPermission, project.ProjectId,
"用户[" + username + ")],ObjectType[" + PermissionObjectType.Project.ToString() +
"]中添加[Read]权限", "");
m_dbAdapter.Permission.NewPermission(username, projectSeries.Guid, PermissionObjectType.ProjectSeries, PermissionType.Read);
m_dbAdapter.Project.NewEditProductLog(EditProductType.EditPermission, project.ProjectId,
"用户[" + username + ")],ObjectType[" + PermissionObjectType.ProjectSeries.ToString() +
"]中添加[Read]权限", "");
}
if (objectTypePermission == PermissionObjectType.TaskGroup)
{
var taskGroup = m_dbAdapter.TaskGroup.GetByGuid(uid);
var project = m_dbAdapter.Project.GetProjectById(taskGroup.ProjectId);
var projectSeries = m_dbAdapter.ProjectSeries.GetById(project.ProjectSeriesId.Value);
m_dbAdapter.Permission.NewPermission(username, project.ProjectGuid, PermissionObjectType.Project, PermissionType.Read);
m_dbAdapter.Project.NewEditProductLog(EditProductType.EditPermission, project.ProjectId,
"用户[" + username + ")],ObjectType[" + PermissionObjectType.Project.ToString() +
"]中添加[Read]权限", "");
m_dbAdapter.Permission.NewPermission(username, projectSeries.Guid, PermissionObjectType.ProjectSeries, PermissionType.Read);
m_dbAdapter.Project.NewEditProductLog(EditProductType.EditPermission, project.ProjectId,
"用户[" + username + ")],ObjectType[" + objectTypePermission.ToString() +
"]中添加[Read]权限", "");
}
}
public PermissionObjectType PermissionObjectTypeGet(int id)
{
PermissionObjectType retVal = null;
using (IDbConnection conn = DbHelper.GetDBConnection())
{
try
{
var para = new DynamicParameters();
para.Add("@p_Id", id, dbType: DbType.Int32);
retVal = conn.Query <PermissionObjectType>("dbo.PermissionObjectType_Get", para, commandType: CommandType.StoredProcedure).FirstOrDefault();
}
catch (Exception ex)
{
Log.Error(ex);
throw;
}
}
return(retVal);
}
public bool PermissionObjectTypeSave(PermissionObjectType obj)
{
bool retVal = true;
string procName = (obj.Id == 0 ? "dbo.PermissionObjectType_New" : "dbo.PermissionObjectType_Edit");
using (IDbConnection conn = DbHelper.GetDBConnection())
{
try
{
var para = new DynamicParameters();
para.Add("@p_FdpPermissionObjectType", obj.FdpPermissionObjectType, dbType: DbType.String, size: 50);
para.Add("@p_Description", obj.Description, dbType: DbType.String, size: -1);
if (obj.Id == 0)
{
para.Add("@p_Id", dbType: DbType.Int32, direction: ParameterDirection.Output);
}
else
{
para.Add("@p_Id", obj.Id, dbType: DbType.Int32);
}
conn.Execute(procName, para, commandType: CommandType.StoredProcedure);
if (obj.Id == 0)
{
obj.Id = para.Get <int>("@p_Id");
}
}
catch (Exception ex)
{
Log.Error(ex);
throw;
}
}
return(retVal);
}
public void SetPermission(string userName, string uid, PermissionObjectType objectType, List <Permission> curPermissions, bool read, bool write, bool execute)
{
Action <bool, PermissionType> resetPermission = (permissionType, dbPermissionType) =>
{
var permission = curPermissions.SingleOrDefault(x => x.Type == dbPermissionType &&
x.UserName.Equals(userName, StringComparison.CurrentCultureIgnoreCase) &&
x.ObjectUniqueIdentifier == uid);
if (permissionType && permission == null)
{
m_dbAdapter.Permission.NewPermission(userName, uid, objectType, dbPermissionType);
}
if (!permissionType && permission != null)
{
m_dbAdapter.Permission.DeletePermission(permission);
}
};
resetPermission(read, PermissionType.Read);
resetPermission(write, PermissionType.Write);
resetPermission(execute, PermissionType.Execute);
}
protected void CheckPermission(string checkUserName, PermissionObjectType objectType,
string objectUniqueId, PermissionType permissionType)
{
CommUtils.AssertHasPermission(CurrentUserName, checkUserName, objectType, objectUniqueId, permissionType);
}
protected void CheckPermission(PermissionObjectType objectType, string objectUniqueId,
PermissionType permissionType)
{
CheckPermission(CurrentUserName, objectType, objectUniqueId, permissionType);
}
public void SetPermission(ProjectSeries projectSeries, Project project, string uid, PermissionObjectType objectType)
{
var adminUsernames = new List <string> {
projectSeries.CreateUserName, projectSeries.PersonInCharge
};
adminUsernames = adminUsernames.Distinct(StringComparer.OrdinalIgnoreCase).ToList();
var projectId = project.ProjectId;
var teamMembers = m_dbAdapter.TeamMember.GetByProjectId(projectId);
var teamAdmins = m_dbAdapter.TeamAdmin.GetByProjectId(projectId);
//给[负责人和创建者]添加所有权限。
foreach (var adminUsername in adminUsernames)
{
SetPermission(adminUsername, uid, objectType, new List <Permission>(), true, true, true);
}
//给[项目管理员]添加所有权限。
foreach (var teamAdmin in teamAdmins)
{
SetPermission(teamAdmin.UserName, uid, objectType, new List <Permission>(), true, true, true);
}
//给[项目成员]添加其拥有的权限权限。
foreach (var teamMember in teamMembers)
{
SetPermission(teamMember.UserName, uid, objectType, new List <Permission>(), teamMember.Read, teamMember.Write, teamMember.Execute);
}
}
//根据teamMember中的权限设置,重置该用户的所有权限
private void SetPermission(TeamMember teamMember, string uid, PermissionObjectType objectType, List <Permission> curPermissions)
{
SetPermission(teamMember.UserName, uid, objectType, curPermissions, teamMember.Read, teamMember.Write, teamMember.Execute);
}
public static void AssertHasPermission(string loginUserName, string checkUserName,
PermissionObjectType objectType, string objectUid, PermissionType permissionType)
{
var userInfo = new UserInfo(loginUserName);
var permissionManager = new DBAdapter().Permission;
var hasPermission = permissionManager.HasPermission(checkUserName,
objectUid, permissionType);
if (!hasPermission)
{
var objectName = string.Empty;
var objectTypeName = string.Empty;
switch (objectType)
{
case PermissionObjectType.ProjectSeries:
objectTypeName = "产品";
objectName = new DBAdapter().ProjectSeries.GetByGuid(objectUid).Name;
break;
case PermissionObjectType.Project:
objectTypeName = "产品";
objectName = new DBAdapter().Project.GetProjectByGuid(objectUid).Name;
break;
case PermissionObjectType.TaskGroup:
objectTypeName = "工作组";
objectName = new DBAdapter().TaskGroup.GetByGuid(objectUid).Name;
break;
case PermissionObjectType.Task:
objectTypeName = "工作";
objectName = new DBAdapter().Task.GetTask(objectUid).Description;
break;
default:
objectTypeName = "未知";
objectName = "未知";
break;
}
var action = string.Empty;
switch (permissionType)
{
case PermissionType.Read:
action = "读取";
break;
case PermissionType.Write:
action = "修改";
break;
case PermissionType.Execute:
action = "操作";
break;
default:
action = "未知";
break;
}
//var loader = new UserProfileLoader(loginUserName);
//var checkUserDisplayName = loader.GetDisplayRealNameAndUserName(checkUserName);
Assert(hasPermission, "用户{0}没有{1}[{2}]的[{3}]权限",
checkUserName, objectTypeName, objectName, action);
}
}
