/// <summary>
/// 删除权限
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="permissionItemCode">权限编号</param>
/// <returns>影响行数</returns>
public int DeletePermission(BaseUserInfo userInfo, string permissionItemCode)
{
// 加强安全验证防止未授权匿名调用
#if (!DEBUG)
LogOnService.UserIsLogOn(userInfo);
#endif
int returnValue = 0;
using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType))
{
try
{
dbHelper.Open(UserCenterDbConnection);
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(dbHelper, userInfo);
string id = permissionItemManager.GetId(new KeyValuePair <string, object>(BasePermissionItemEntity.FieldCode, permissionItemCode));
if (!String.IsNullOrEmpty(id))
{
// 在删除时,可能会把相关的其他配置权限会删除掉,所以需要调用这个方法。
returnValue = permissionItemManager.Delete(id);
}
}
catch (Exception ex)
{
BaseExceptionManager.LogException(dbHelper, userInfo, ex);
throw ex;
}
finally
{
dbHelper.Close();
}
}
return(returnValue);
}
public BasePermissionScopeEntity GetConstraintEntity(string resourceCategory, string resourceId, string tableName, string permissionCode = "Resource.AccessPermission")
{
BasePermissionScopeEntity entity = null;
string permissionId = string.Empty;
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(this.UserInfo);
permissionId = permissionItemManager.GetIdByAdd(permissionCode);
List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >();
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceCategory, resourceCategory));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceId, resourceId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetCategory, "Table"));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetId, tableName));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionItemId, permissionId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldDeletionStateCode, 0));
// 1:先获取是否有这样的主键,若有进行更新操作。
BasePermissionScopeManager manager = new BasePermissionScopeManager(this.DbHelper, this.UserInfo);
DataTable dt = manager.GetDataTable(parameters);
if (dt.Rows.Count > 0)
{
entity = new BasePermissionScopeEntity(dt);
}
return(entity);
}
/// <summary>
///
/// </summary>
/// <param name="userInfo"></param>
/// <param name="resourceCategory"></param>
/// <param name="targetId"></param>
/// <param name="targetResourceCategory"></param>
/// <param name="permissionItemCode"></param>
/// <returns></returns>
public string[] GetPermissionScopeResourceIds(BaseUserInfo userInfo, string resourceCategory, string targetId, string targetResourceCategory, string permissionItemCode)
{
// 写入调试信息
#if (DEBUG)
int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod());
#endif
// 加强安全验证防止未授权匿名调用
#if (!DEBUG)
LogOnService.UserIsLogOn(userInfo);
#endif
string[] returnValue = null;
using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType))
{
try
{
dbHelper.Open(UserCenterDbConnection);
string tableName = BasePermissionItemEntity.TableName;
if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
{
tableName = BaseSystemInfo.SystemCode + "PermissionItem";
}
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(dbHelper, userInfo, tableName);
string permissionItemId = permissionItemManager.GetId(new KeyValuePair <string, object>(BasePermissionItemEntity.FieldCode, permissionItemCode));
List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >();
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetId, targetId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceCategory, resourceCategory));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionItemId, permissionItemId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetCategory, targetResourceCategory));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldEnabled, 1));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldDeletionStateCode, 0));
tableName = BasePermissionScopeEntity.TableName;
if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
{
tableName = BaseSystemInfo.SystemCode + "PermissionScope";
}
returnValue = DbLogic.GetProperties(dbHelper, tableName, parameters, 0, BasePermissionScopeEntity.FieldResourceId);
BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, MethodBase.GetCurrentMethod());
}
catch (Exception ex)
{
BaseExceptionManager.LogException(dbHelper, userInfo, ex);
throw ex;
}
finally
{
dbHelper.Close();
}
}
// 写入调试信息
#if (DEBUG)
BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart);
#endif
return(returnValue);
}
/// <summary>
/// 添加操作权限项
/// </summary>
/// <param name="userInfo">当前用户</param>
/// <param name="permissionEntity">权限定义实体</param>
/// <param name="statusCode">状态码</param>
/// <param name="statusMessage">状态信息</param>
/// <returns>主键</returns>
public string Add(BaseUserInfo userInfo, BasePermissionItemEntity permissionItemEntity, out string statusCode, out string statusMessage)
{
// 写入调试信息
#if (DEBUG)
int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod());
#endif
// 加强安全验证防止未授权匿名调用
#if (!DEBUG)
LogOnService.UserIsLogOn(userInfo);
#endif
statusCode = string.Empty;
statusMessage = string.Empty;
string returnValue = string.Empty;
using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType))
{
try
{
dbHelper.Open(UserCenterDbConnection);
// 数据库事务开始
// dbHelper.BeginTransaction();
string tableName = BasePermissionItemEntity.TableName;
if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
{
tableName = BaseSystemInfo.SystemCode + "PermissionItem";
}
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(dbHelper, userInfo, tableName);
returnValue = permissionItemManager.Add(permissionItemEntity, out statusCode);
// 获得状态消息
statusMessage = permissionItemManager.GetStateMessage(statusCode);
// 写入日志信息
BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, AppMessage.PermissionItemService_Add, MethodBase.GetCurrentMethod());
// 数据库事务提交
// dbHelper.CommitTransaction();
}
catch (Exception ex)
{
// 数据库事务回滚
// dbHelper.RollbackTransaction();
// 记录异常信息
BaseExceptionManager.LogException(dbHelper, userInfo, ex);
throw ex;
}
finally
{
dbHelper.Close();
}
}
// 写入调试信息
#if (DEBUG)
BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart);
#endif
return(returnValue);
}
/// <summary>
/// 用户的所有可授权范围(有授权权限的权限列表)
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="userId">用户主键</param>
/// <param name="permissionItemCode">权限域编号</param>
/// <returns>数据表</returns>
public DataTable GetPermissionItemDTByPermissionScope(BaseUserInfo userInfo, string userId, string permissionItemCode)
{
// 写入调试信息
#if (DEBUG)
int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod());
#endif
// 加强安全验证防止未授权匿名调用
#if (!DEBUG)
LogOnService.UserIsLogOn(userInfo);
#endif
DataTable dataTable = new DataTable(BasePermissionItemEntity.TableName);
using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType))
{
try
{
dbHelper.Open(UserCenterDbConnection);
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(dbHelper, userInfo);
string permissionItemId = permissionItemManager.GetId(new KeyValuePair <string, object>(BasePermissionItemEntity.FieldCode, permissionItemCode));
// 数据库里没有设置可授权的权限项,系统自动增加一个权限配置项
if (String.IsNullOrEmpty(permissionItemId) && permissionItemCode.Equals("Resource.ManagePermission"))
{
BasePermissionItemEntity permissionItemEntity = new BasePermissionItemEntity();
permissionItemEntity.Code = "Resource.ManagePermission";
permissionItemEntity.FullName = "资源管理范围权限(系统默认)";
permissionItemEntity.IsScope = 1;
permissionItemEntity.Enabled = 1;
permissionItemEntity.AllowDelete = 0;
permissionItemEntity.AllowDelete = 0;
permissionItemManager.AddEntity(permissionItemEntity);
}
dataTable = permissionItemManager.GetDataTableByUser(userId, permissionItemCode);
dataTable.TableName = BasePermissionItemEntity.TableName;
BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, AppMessage.PermissionService_GetPermissionItemDTByPermission, MethodBase.GetCurrentMethod());
}
catch (Exception ex)
{
BaseExceptionManager.LogException(dbHelper, userInfo, ex);
throw ex;
}
finally
{
dbHelper.Close();
}
}
// 写入调试信息
#if (DEBUG)
BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart);
#endif
return(dataTable);
}
/// <summary>
/// 获取用户的件约束表达式
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="tableName">表名</param>
/// <returns>主键</returns>
public string GetUserConstraint(string tableName, string permissionCode = "Resource.AccessPermission")
{
string returnValue = string.Empty;
// 这里是获取用户的条件表达式
// 1: 首先用户在哪些角色里是有效的?
// 2: 这些角色都有哪些哪些条件约束?
// 3: 组合约束条件?
// 4:用户本身的约束条件?
string permissionId = string.Empty;
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(this.UserInfo);
permissionId = permissionItemManager.GetIdByAdd(permissionCode);
BaseUserManager manager = new BaseUserManager(this.DbHelper, this.UserInfo);
string[] roleIds = manager.GetAllRoleIds(UserInfo.Id);
if (roleIds == null || roleIds.Length == 0)
{
return(returnValue);
}
BasePermissionScopeManager scopeManager = new BasePermissionScopeManager(this.DbHelper, this.UserInfo);
List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >();
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceCategory, BaseRoleEntity.TableName));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceId, roleIds));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetCategory, "Table"));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetId, tableName));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionItemId, permissionId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldEnabled, 1));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldDeletionStateCode, 0));
DataTable dtPermissionScope = scopeManager.GetDataTable(parameters);
string permissionConstraint = string.Empty;
foreach (DataRow dataRow in dtPermissionScope.Rows)
{
permissionConstraint = dataRow[BasePermissionScopeEntity.FieldPermissionConstraint].ToString();
permissionConstraint = permissionConstraint.Trim();
if (!string.IsNullOrEmpty(permissionConstraint))
{
returnValue += " AND " + permissionConstraint;
}
}
if (!string.IsNullOrEmpty(returnValue))
{
returnValue = returnValue.Substring(5);
// 解析替换约束表达式标准函数
returnValue = ConstraintUtil.PrepareParameter(this.UserInfo, returnValue);
}
return(returnValue);
}
/// <summary>
/// 用户角色关系是否有模块权限
/// </summary>
/// <param name="roleId">角色主键</param>
/// <param name="permissionItemCode">权限编号</param>
/// <returns>有角色权限</returns>
public bool CheckPermissionByRole(string roleId, string permissionItemCode)
{
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper, UserInfo);
string permissionItemId = permissionItemManager.GetProperty(new KeyValuePair <string, object>(BasePermissionItemEntity.FieldCode, permissionItemCode), BasePermissionItemEntity.FieldId);
// 判断当前判断的权限是否存在,否则很容易出现前台设置了权限,后台没此项权限
// 需要自动的能把前台判断过的权限,都记录到后台来
#if (DEBUG)
if (String.IsNullOrEmpty(permissionItemId))
{
BasePermissionItemEntity permissionItemEntity = new BasePermissionItemEntity();
permissionItemEntity.Code = permissionItemCode;
permissionItemEntity.FullName = permissionItemCode;
permissionItemEntity.ParentId = string.Empty;
permissionItemEntity.IsScope = 0;
permissionItemEntity.AllowDelete = 1;
permissionItemEntity.AllowEdit = 1;
permissionItemEntity.DeletionStateCode = 0;
permissionItemEntity.Enabled = 1;
// 这里是防止主键重复?
// permissionEntity.ID = BaseBusinessLogic.NewGuid();
permissionItemManager.AddEntity(permissionItemEntity);
}
else
{
// 更新最后一次访问日期,设置为当前服务器日期
SQLBuilder sqlBuilder = new SQLBuilder(DbHelper);
sqlBuilder.BeginUpdate(this.CurrentTableName);
sqlBuilder.SetDBNow(BasePermissionItemEntity.FieldLastCall);
sqlBuilder.SetWhere(BasePermissionItemEntity.FieldId, permissionItemId);
sqlBuilder.EndUpdate();
}
#endif
if (string.IsNullOrEmpty(permissionItemId))
{
return(false);
}
string sqlQuery = " SELECT COUNT(*) "
+ " FROM " + this.CurrentTableName
+ " WHERE " + "(" + BasePermissionEntity.FieldResourceCategory + " = '" + BaseRoleEntity.TableName + "') "
+ " AND (" + BasePermissionEntity.FieldEnabled + " = 1) "
+ " AND (" + BasePermissionEntity.FieldResourceId + " = '" + roleId + "' ) "
+ " AND (" + BasePermissionEntity.FieldPermissionItemId + " = '" + permissionItemId + "') ";
int rowCount = 0;
object returnObject = DbHelper.ExecuteScalar(sqlQuery);
if (returnObject != null)
{
rowCount = int.Parse(returnObject.ToString());
}
return(rowCount > 0);
}
public new string GetIdByCode(string permissionItemCode)
{
string tableName = BasePermissionScopeEntity.TableName;
if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
{
tableName = BaseSystemInfo.SystemCode + "PermissionItem";
}
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper, this.UserInfo, tableName);
// 这里应该是若不存在就自动加一个操作权限
return(permissionItemManager.GetIdByAdd(permissionItemCode));
}
/// <summary>
/// 按父节点获取列表
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="parentId">父节点主键</param>
/// <returns>数据表</returns>
public DataTable GetDataTableByParent(BaseUserInfo userInfo, string parentId)
{
// 写入调试信息
#if (DEBUG)
int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod());
#endif
// 加强安全验证防止未授权匿名调用
#if (!DEBUG)
LogOnService.UserIsLogOn(userInfo);
#endif
DataTable dataTable = new DataTable(BasePermissionItemEntity.TableName);
using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType))
{
try
{
dbHelper.Open(UserCenterDbConnection);
string tableName = BasePermissionItemEntity.TableName;
if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
{
tableName = BaseSystemInfo.SystemCode + "PermissionItem";
}
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(dbHelper, userInfo, tableName);
List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >();
parameters.Add(new KeyValuePair <string, object>(BasePermissionItemEntity.FieldParentId, parentId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionItemEntity.FieldDeletionStateCode, 0));
dataTable = permissionItemManager.GetDataTable(parameters, BasePermissionItemEntity.FieldSortCode);
dataTable.TableName = BasePermissionItemEntity.TableName;
BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, AppMessage.PermissionItemService_GetDataTableByParent, MethodBase.GetCurrentMethod());
}
catch (Exception ex)
{
BaseExceptionManager.LogException(dbHelper, userInfo, ex);
throw ex;
}
finally
{
dbHelper.Close();
}
}
// 写入调试信息
#if (DEBUG)
BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart);
#endif
return(dataTable);
}
/// <summary>
/// 获取实体
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="id">主键</param>
/// <returns>实体</returns>
public BasePermissionItemEntity GetEntity(BaseUserInfo userInfo, string id)
{
// 写入调试信息
#if (DEBUG)
int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod());
#endif
// 加强安全验证防止未授权匿名调用
#if (!DEBUG)
LogOnService.UserIsLogOn(userInfo);
#endif
BasePermissionItemEntity permissionItemEntity = new BasePermissionItemEntity();
using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType))
{
try
{
dbHelper.Open(UserCenterDbConnection);
// 创建实现类
string tableName = BasePermissionItemEntity.TableName;
if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
{
tableName = BaseSystemInfo.SystemCode + "PermissionItem";
}
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(dbHelper, userInfo, tableName);
DataTable returnDataTable = new DataTable(BasePermissionItemEntity.TableName);
returnDataTable = permissionItemManager.GetDataTableById(id);
permissionItemEntity = new BasePermissionItemEntity(returnDataTable);
BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, AppMessage.PermissionItemService_GetEntity, MethodBase.GetCurrentMethod());
}
catch (Exception ex)
{
BaseExceptionManager.LogException(dbHelper, userInfo, ex);
throw ex;
}
finally
{
dbHelper.Close();
}
}
// 写入调试信息
#if (DEBUG)
BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart);
#endif
return(permissionItemEntity);
}
/// <summary>
/// 批量移动实体
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="permissionItemIds">权限项主键数组</param>
/// <param name="parentId">父主键</param>
/// <returns>影响行数</returns>
public int BatchMoveTo(BaseUserInfo userInfo, string[] permissionItemIds, string parentId)
{
// 写入调试信息
#if (DEBUG)
int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod());
#endif
// 加强安全验证防止未授权匿名调用
#if (!DEBUG)
LogOnService.UserIsLogOn(userInfo);
#endif
int returnValue = 0;
using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType))
{
try
{
dbHelper.Open(UserCenterDbConnection);
string tableName = BasePermissionItemEntity.TableName;
if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
{
tableName = BaseSystemInfo.SystemCode + "PermissionItem";
}
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(dbHelper, userInfo, tableName);
for (int i = 0; i < permissionItemIds.Length; i++)
{
returnValue += permissionItemManager.MoveTo(permissionItemIds[i], parentId);
}
BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, AppMessage.PermissionItemService_BatchMoveTo, MethodBase.GetCurrentMethod());
}
catch (Exception ex)
{
BaseExceptionManager.LogException(dbHelper, userInfo, ex);
throw ex;
}
finally
{
dbHelper.Close();
}
}
// 写入调试信息
#if (DEBUG)
BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart);
#endif
return(returnValue);
}
/// <summary>
/// 获取委托列表
/// </summary>
/// <param name="permissionItemCode">操作权限编号</param>
/// <param name="userId">用户主键</param>
/// <returns>数据表</returns>
public DataTable GetAuthorizeDT(string permissionItemCode, string userId = null)
{
if (userId == null)
{
userId = this.UserInfo.Id;
}
// 获取别人委托我的列表
string permissionItemId = string.Empty;
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(this.UserInfo);
permissionItemId = permissionItemManager.GetIdByCode(permissionItemCode);
BasePermissionScopeManager permissionScopeManager = new BasePermissionScopeManager(this.UserInfo);
string[] names = new string[] {
BasePermissionScopeEntity.FieldDeletionStateCode
, BasePermissionScopeEntity.FieldEnabled
, BasePermissionScopeEntity.FieldResourceCategory
, BasePermissionScopeEntity.FieldPermissionItemId
, BasePermissionScopeEntity.FieldTargetCategory
, BasePermissionScopeEntity.FieldTargetId
};
Object[] values = new Object[] { 0, 1, BaseUserEntity.TableName, permissionItemId, BaseUserEntity.TableName, userId };
// 排除过期的,此方法有性能问题,已经放到后台的Sql中处理。 comment by zgl on 2011-10-27
//DataTable dt = permissionScopeManager.GetDataTable(names, values);
//for (int i = 0; i < dt.Rows.Count; i++)
//{
// if (!string.IsNullOrEmpty(dt.Rows[i][BasePermissionScopeEntity.FieldEndDate].ToString()))
// {
// // 过期的不显示
// if (DateTime.Parse(dt.Rows[i][BasePermissionScopeEntity.FieldEndDate].ToString()).Date < DateTime.Now.Date)
// {
// dt.Rows.RemoveAt(i);
// // dt 行数会减少
// i--;
// }
// }
//}
//排除过期的,已经放到后台的Sql中处理。
DataTable dt = permissionScopeManager.GetAuthoriedList(BaseUserEntity.TableName, permissionItemId, BaseUserEntity.TableName, userId);
string[] userIds = BaseBusinessLogic.FieldToArray(dt, BasePermissionScopeEntity.FieldResourceId);
BaseUserManager userManager = new BaseUserManager(this.UserInfo);
return(userManager.GetDataTable(userIds));
}
/// <summary>
/// 设置约束条件
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="resourceCategory">资源类别</param>
/// <param name="resourceId">资源主键</param>
/// <param name="tableName">表名</param>
/// <param name="constraint">约束</param>
/// <param name="enabled">有效</param>
/// <param name="permissionCode">操作权限项</param>
/// <returns>主键</returns>
public string SetConstraint(string resourceCategory, string resourceId, string tableName, string permissionCode, string constraint, bool enabled = true)
{
string returnValue = string.Empty;
string permissionId = string.Empty;
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(this.UserInfo);
permissionId = permissionItemManager.GetIdByAdd(permissionCode);
List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >();
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceCategory, resourceCategory));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceId, resourceId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetCategory, "Table"));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetId, tableName));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionItemId, permissionId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldDeletionStateCode, 0));
BasePermissionScopeManager manager = new BasePermissionScopeManager(this.DbHelper, this.UserInfo);
// 1:先获取是否有这样的主键,若有进行更新操作。
// 2:若没有进行添加操作。
returnValue = manager.GetId(parameters);
if (!string.IsNullOrEmpty(returnValue))
{
parameters = new List <KeyValuePair <string, object> >();
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionConstraint, constraint));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldEnabled, enabled ? 1 : 0));
manager.SetProperty(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldId, returnValue), parameters);
}
else
{
BasePermissionScopeEntity entity = new BasePermissionScopeEntity();
entity.ResourceCategory = resourceCategory;
entity.ResourceId = resourceId;
entity.TargetCategory = "Table";
entity.TargetId = tableName;
entity.PermissionConstraint = constraint;
entity.PermissionId = int.Parse(permissionId);
entity.DeletionStateCode = 0;
entity.Enabled = enabled ? 1: 0;
returnValue = manager.Add(entity);
}
return(returnValue);
}
/// <summary>
/// 判断用户是否有有相应的权限
/// </summary>
/// <param name="userId">用户主键</param>
/// <param name="permissionItemCode">权限编号</param>
/// <returns>有权限</returns>
public bool CheckPermission(string userId, string permissionItemCode)
{
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper);
string permissionItemId = permissionItemManager.GetIdByCode(permissionItemCode);
// 没有找到相应的权限
if (String.IsNullOrEmpty(permissionItemId))
{
return(false);
}
List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >();
parameters.Add(new KeyValuePair <string, object>(BasePermissionEntity.FieldResourceCategory, BaseUserEntity.TableName));
parameters.Add(new KeyValuePair <string, object>(BasePermissionEntity.FieldResourceId, userId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionEntity.FieldEnabled, "1"));
return(DbLogic.Exists(DbHelper, this.CurrentTableName, parameters));
}
/// <summary>
/// 获取关联的权限项列表
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="moduleId">主键</param>
/// <returns>数据表</returns>
public DataTable GetPermissionDT(BaseUserInfo userInfo, string moduleId)
{
// 写入调试信息
#if (DEBUG)
int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod());
#endif
// 加强安全验证防止未授权匿名调用
#if (!DEBUG)
LogOnService.UserIsLogOn(userInfo);
#endif
DataTable dataTable = new DataTable(BasePermissionItemEntity.TableName);
using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType))
{
try
{
dbHelper.Open(UserCenterDbConnection);
BasePermissionModuleManager modulePermissionManager = new BasePermissionModuleManager(dbHelper, userInfo);
string[] ids = modulePermissionManager.GetPermissionIds(moduleId);
BasePermissionItemManager permissionAdminManager = new BasePermissionItemManager(dbHelper, userInfo);
dataTable = permissionAdminManager.GetDataTable(ids);
dataTable.TableName = BasePermissionItemEntity.TableName;
BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, AppMessage.ModuleService_GetPermissionDT, MethodBase.GetCurrentMethod());
}
catch (Exception ex)
{
BaseExceptionManager.LogException(dbHelper, userInfo, ex);
throw ex;
}
finally
{
dbHelper.Close();
}
}
// 写入调试信息
#if (DEBUG)
BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart);
#endif
return(dataTable);
}
/////////////////////////////////////////////////////////////////////////////////////////////////////////
/// 测试权限用的
/////////////////////////////////////////////////////////////////////////////////////////////////////////
#region public string AddPermission(BaseUserInfo userInfo, string permissionCode)
/// <summary>
/// 添加操作权限
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="permissionCode">权限编号</param>
/// <returns>主键</returns>
public string AddPermission(BaseUserInfo userInfo, string permissionCode)
{
// 加强安全验证防止未授权匿名调用
#if (!DEBUG)
LogOnService.UserIsLogOn(userInfo);
#endif
string returnValue = string.Empty;
using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType))
{
try
{
dbHelper.Open(UserCenterDbConnection);
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(dbHelper, userInfo);
string statusCode = string.Empty;
BasePermissionItemEntity permissionItemEntity = new BasePermissionItemEntity();
permissionItemEntity.Code = permissionCode;
permissionItemEntity.Enabled = 1;
permissionItemEntity.AllowDelete = 1;
permissionItemEntity.AllowEdit = 1;
permissionItemEntity.IsScope = 0;
returnValue = permissionItemManager.Add(permissionItemEntity, out statusCode);
BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, AppMessage.MSG0091, MethodBase.GetCurrentMethod());
}
catch (Exception ex)
{
BaseExceptionManager.LogException(dbHelper, userInfo, ex);
throw ex;
}
finally
{
dbHelper.Close();
}
}
return(returnValue);
}
/// <summary>
/// 撤销角色权限
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="roleName">角色名</param>
/// <param name="permissionItemCode">权限编号</param>
/// <returns>主键</returns>
public int RevokeRolePermission(BaseUserInfo userInfo, string roleName, string permissionItemCode)
{
// 加强安全验证防止未授权匿名调用
#if (!DEBUG)
LogOnService.UserIsLogOn(userInfo);
#endif
int returnValue = 0;
using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType))
{
try
{
dbHelper.Open(UserCenterDbConnection);
BaseRoleManager roleManager = new BaseRoleManager(dbHelper, userInfo);
string roleId = roleManager.GetId(new KeyValuePair <string, object>(BaseRoleEntity.FieldRealName, roleName));
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(dbHelper, userInfo);
string permissionItemId = permissionItemManager.GetId(new KeyValuePair <string, object>(BasePermissionItemEntity.FieldCode, permissionItemCode));
if (!String.IsNullOrEmpty(roleId) && !String.IsNullOrEmpty(permissionItemId))
{
BaseRolePermissionManager rolePermissionManager = new BaseRolePermissionManager(dbHelper, userInfo);
returnValue = rolePermissionManager.Revoke(roleId, permissionItemId);
}
}
catch (Exception ex)
{
BaseExceptionManager.LogException(dbHelper, userInfo, ex);
throw ex;
}
finally
{
dbHelper.Close();
}
}
return(returnValue);
}
/// <summary>
/// 获得某个用户的所有权限列表
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="userId">用户主键</param>
/// <returns>数据表</returns>
public DataTable GetPermissionDTByUser(BaseUserInfo userInfo, string userId)
{
// 写入调试信息
#if (DEBUG)
int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod());
#endif
// 加强安全验证防止未授权匿名调用
#if (!DEBUG)
LogOnService.UserIsLogOn(userInfo);
#endif
DataTable dataTable = new DataTable(BasePermissionItemEntity.TableName);
using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType))
{
try
{
dbHelper.Open(UserCenterDbConnection);
string tableName = BasePermissionItemEntity.TableName;
if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
{
tableName = BaseSystemInfo.SystemCode + "PermissionItem";
}
// 是否超级管理员
BaseUserManager userManager = new BaseUserManager(dbHelper, userInfo);
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(dbHelper, userInfo, tableName);
if (userManager.IsAdministrator(userId))
{
dataTable = permissionItemManager.GetDataTable();
}
else
{
tableName = BasePermissionEntity.TableName;
if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
{
tableName = BaseSystemInfo.SystemCode + "Permission";
}
BasePermissionManager permissionManager = new BasePermissionManager(dbHelper, userInfo, tableName);
string[] ids = permissionManager.GetPermissionIdsByUser(userId);
// 若是以前赋予的权限,后来有些权限设置为无效了,那就不应该再获取哪些无效的权限才对。
// bug修正:没有赋值DataTable,导致返回值空
dataTable = permissionItemManager.GetDataTable(
new KeyValuePair <string, object>(BasePermissionItemEntity.FieldId, ids)
, new KeyValuePair <string, object>(BasePermissionItemEntity.FieldEnabled, 1)
, new KeyValuePair <string, object>(BasePermissionItemEntity.FieldDeletionStateCode, 0));
}
dataTable.TableName = tableName;
BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, AppMessage.PermissionService_GetPermissionDTByUser, MethodBase.GetCurrentMethod());
}
catch (Exception ex)
{
BaseExceptionManager.LogException(dbHelper, userInfo, ex);
throw ex;
}
finally
{
dbHelper.Close();
}
}
// 写入调试信息
#if (DEBUG)
BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart);
#endif
return(dataTable);
}
//
// ResourcePermission 权限判断
//
#region public bool CheckPermissionByUser(string userId, string permissionItemCode, string permissionItemName = null) 是否有相应的权限
/// <summary>
/// 是否有相应的权限
/// </summary>
/// <param name="userId">用户主键</param>
/// <param name="permissionItemCode">权限编号</param>
/// <param name="permissionItemName">权限名称</param>
/// <returns>是否有权限</returns>
public bool CheckPermissionByUser(string userId, string permissionItemCode, string permissionItemName = null)
{
// 若不存在就需要自动能增加一个操作权限项
string tableName = BasePermissionItemEntity.TableName;
if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode))
{
tableName = BaseSystemInfo.SystemCode + "PermissionItem";
}
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper, UserInfo, tableName);
string permissionItemId = permissionItemManager.GetIdByAdd(permissionItemCode, permissionItemName);
BasePermissionItemEntity permissionItemEntity = permissionItemManager.GetEntity(permissionItemId);
// 先判断用户类别
if (UserInfo.IsAdministrator)
{
return(true);
}
// 没有找到相应的权限
if (String.IsNullOrEmpty(permissionItemId))
{
return(false);
}
// 这里需要判断,是系统权限?
bool returnValue = false;
BaseUserManager userManager = new BaseUserManager(this.DbHelper, this.UserInfo);
if (!string.IsNullOrEmpty(permissionItemEntity.CategoryCode) && permissionItemEntity.CategoryCode.Equals("System"))
{
// 用户管理员
returnValue = userManager.IsInRoleByCode(userId, "UserAdmin");
if (returnValue)
{
return(returnValue);
}
}
// 这里需要判断,是业务权限?
if (!string.IsNullOrEmpty(permissionItemEntity.CategoryCode) && permissionItemEntity.CategoryCode.Equals("Application"))
{
returnValue = userManager.IsInRoleByCode(userId, "Admin");
if (returnValue)
{
return(returnValue);
}
}
// 判断用户权限
if (this.CheckUserPermission(userId, permissionItemId))
{
return(true);
}
// 判断用户角色权限
if (this.CheckUserRolePermission(userId, permissionItemId))
{
return(true);
}
// 判断用户组织机构权限,这里有开关是为了提高性能用的,
// 下面的函数接着还可以提高性能,可以进行一次判断就可以了,其实不用执行4次判断,浪费I/O,浪费性能。
if (BaseSystemInfo.UseOrganizePermission)
{
if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.WorkgroupId))
{
return(true);
}
else if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.DepartmentId))
{
return(true);
}
else if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.SubCompanyId))
{
return(true);
}
else if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.CompanyId))
{
return(true);
}
}
return(false);
}
/// <summary>
/// 获取约束条件(所有的约束)
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="resourceCategory">资源类别</param>
/// <param name="resourceId">资源主键</param>
/// <returns>数据表</returns>
public DataTable GetConstraintDT(string resourceCategory, string resourceId, string permissionCode = "Resource.AccessPermission")
{
DataTable dataTable = new DataTable(BaseTableColumnsEntity.TableName);
/*
* -- 这里是都有哪些表?
* SELECT ItemValue, ItemName
* FROM ItemsTablePermissionScope
* WHERE (DeletionStateCode = 0)
* AND (Enabled = 1)
* ORDER BY ItemsTablePermissionScope.SortCode
*/
/*
* -- 这里是都有有哪些表达式
* SELECT Id, TargetId, PermissionConstraint -- 对什么表有什么表达式?
* FROM BasePermissionScope
* WHERE (ResourceId = 10000000)
* AND (ResourceCategory = 'BaseRole') -- 什么角色?
* AND (TargetId = 'BaseUser')
* AND (TargetCategory = 'Table')
* AND (PermissionId = 10000001) -- 有什么权限?(资源访问权限)
* AND (DeletionStateCode = 0)
* AND (Enabled = 1)
*/
string permissionId = string.Empty;
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(this.UserInfo);
permissionId = permissionItemManager.GetIdByAdd(permissionCode);
string sqlQuery = @" SELECT BasePermissionScope.Id
, ItemsTablePermissionScope.ItemValue AS TableCode
, ItemsTablePermissionScope.ItemName AS TableName
, BasePermissionScope.PermissionConstraint
, ItemsTablePermissionScope.SortCode
FROM (
SELECT ItemValue
, ItemName
, SortCode
FROM ItemsTablePermissionScope
WHERE (DeletionStateCode = 0)
AND (Enabled = 1)
) AS ItemsTablePermissionScope LEFT OUTER JOIN
(SELECT Id
, TargetId
, PermissionConstraint
FROM BasePermissionScope
WHERE (ResourceCategory = '" + resourceCategory + @"')
AND (ResourceId = " + resourceId + @")
AND (TargetCategory = 'Table')
AND (PermissionId = " + permissionId.ToString() + @")
AND (DeletionStateCode = 0)
AND (Enabled = 1)
) AS BasePermissionScope
ON ItemsTablePermissionScope.ItemValue = BasePermissionScope.TargetId
ORDER BY ItemsTablePermissionScope.SortCode ";
dataTable = this.Fill(sqlQuery);
dataTable.TableName = BaseTableColumnsEntity.TableName;
return(dataTable);
}
public DataTable Search(string permissionScopeItemCode, string search, string[] roleIds, bool?enabled, string auditStates, string departmentId)
{
search = StringUtil.GetSearchString(search);
string sqlQuery = " SELECT " + BaseUserEntity.TableName + ".* "
+ "," + BaseRoleEntity.TableName + "." + BaseRoleEntity.FieldRealName + " AS RoleName "
+ " FROM " + BaseUserEntity.TableName
+ " LEFT OUTER JOIN " + BaseRoleEntity.TableName
+ " ON " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldRoleId + " = " + BaseRoleEntity.TableName + "." + BaseRoleEntity.FieldId
// 被删除的排出在外比较好一些
+ " WHERE " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldDeletionStateCode + " = 0 "
+ " AND " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldIsVisible + " = 1 ";
if (!String.IsNullOrEmpty(search))
{
sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldUserName + " LIKE '" + search + "'"
+ " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldCode + " LIKE '" + search + "'"
+ " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldRealName + " LIKE '" + search + "'"
+ " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldQuickQuery + " LIKE '" + search + "'"
+ " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldDepartmentName + " LIKE '" + search + "'"
+ " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldDescription + " LIKE '" + search + "')";
}
if (!string.IsNullOrEmpty(departmentId))
{
BaseOrganizeManager organizeManager = new BaseOrganizeManager(this.DbHelper, this.UserInfo);
string[] organizeIds = organizeManager.GetChildrensId(BaseOrganizeEntity.FieldId, departmentId, BaseOrganizeEntity.FieldParentId);
if (organizeIds != null && organizeIds.Length > 0)
{
sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldCompanyId + " IN (" + StringUtil.ArrayToList(organizeIds) + ")"
+ " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldDepartmentId + " IN (" + StringUtil.ArrayToList(organizeIds) + ")"
+ " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldWorkgroupId + " IN (" + StringUtil.ArrayToList(organizeIds) + "))";
}
}
if (!String.IsNullOrEmpty(auditStates))
{
sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldAuditStatus + " = '" + auditStates + "')";
}
if (enabled != null)
{
sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldEnabled + " = " + ((bool)enabled ? 1:0) + ")";
}
if ((roleIds != null) && (roleIds.Length > 0))
{
string roles = StringUtil.ArrayToList(roleIds, "'");
sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldRoleId + " IN (" + roles + ") ";
sqlQuery += " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldId + " IN (" + "SELECT " + BaseUserRoleEntity.FieldUserId + " FROM " + BaseUserRoleEntity.TableName + " WHERE " + BaseUserRoleEntity.FieldRoleId + " IN (" + roles + ")" + "))";
}
// 是否过滤用户, 获得组织机构列表, 这里需要一个按用户过滤得功能
if ((!UserInfo.IsAdministrator) && (BaseSystemInfo.UsePermissionScope))
{
// string permissionScopeItemCode = "Resource.ManagePermission";
BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(this.DbHelper, this.UserInfo);
string permissionScopeItemId = permissionItemManager.GetId(new KeyValuePair <string, object>(BasePermissionItemEntity.FieldCode, permissionScopeItemCode));
if (!string.IsNullOrEmpty(permissionScopeItemId))
{
// 从小到大的顺序进行显示,防止错误发生
BaseUserScopeManager userPermissionScopeManager = new BaseUserScopeManager(this.DbHelper, this.UserInfo);
string[] organizeIds = userPermissionScopeManager.GetOrganizeIds(this.UserInfo.Id, permissionScopeItemId);
// 没有任何数据权限
if (StringUtil.Exists(organizeIds, ((int)PermissionScope.None).ToString()))
{
sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldId + " = NULL ) ";
}
// 按详细设定的数据
if (StringUtil.Exists(organizeIds, ((int)PermissionScope.Detail).ToString()))
{
BasePermissionScopeManager permissionScopeManager = new BasePermissionScopeManager(DbHelper, UserInfo);
string[] userIds = permissionScopeManager.GetUserIds(UserInfo.Id, permissionScopeItemCode);
sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldId + " IN (" + BaseBusinessLogic.ObjectsToList(userIds) + ")) ";
}
// 自己的数据,仅本人
if (StringUtil.Exists(organizeIds, ((int)PermissionScope.User).ToString()))
{
sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldId + " = " + this.UserInfo.Id + ") ";
}
// 用户所在工作组数据
if (StringUtil.Exists(organizeIds, ((int)PermissionScope.UserWorkgroup).ToString()))
{
sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldWorkgroupId + " = " + this.UserInfo.WorkgroupId + ") ";
}
// 用户所在部门数据
if (StringUtil.Exists(organizeIds, ((int)PermissionScope.UserDepartment).ToString()))
{
sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldDepartmentId + " = " + this.UserInfo.DepartmentId + ") ";
}
// 用户所在分支机构数据
if (StringUtil.Exists(organizeIds, ((int)PermissionScope.UserSubCompany).ToString()))
{
sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldSubCompanyId + " = " + this.UserInfo.SubCompanyId + ") ";
}
// 用户所在公司数据
if (StringUtil.Exists(organizeIds, ((int)PermissionScope.UserCompany).ToString()))
{
sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldCompanyId + " = " + this.UserInfo.CompanyId + ") ";
}
// 全部数据,这里就不用设置过滤条件了
if (StringUtil.Exists(organizeIds, ((int)PermissionScope.All).ToString()))
{
}
}
}
sqlQuery += " ORDER BY " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldSortCode;
return(DbHelper.Fill(sqlQuery));
}