/// <summary> /// 用户角色关系是否有模块权限 /// </summary> /// <param name="roleId">角色主键</param> /// <param name="permissionItemCode">权限编号</param> /// <returns>有角色权限</returns> public bool CheckPermissionByRole(string roleId, string permissionItemCode) { BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper, UserInfo); string permissionItemId = permissionItemManager.GetProperty(new KeyValuePair <string, object>(BasePermissionItemEntity.FieldCode, permissionItemCode), BasePermissionItemEntity.FieldId); // 判断当前判断的权限是否存在,否则很容易出现前台设置了权限,后台没此项权限 // 需要自动的能把前台判断过的权限,都记录到后台来 #if (DEBUG) if (String.IsNullOrEmpty(permissionItemId)) { BasePermissionItemEntity permissionItemEntity = new BasePermissionItemEntity(); permissionItemEntity.Code = permissionItemCode; permissionItemEntity.FullName = permissionItemCode; permissionItemEntity.ParentId = string.Empty; permissionItemEntity.IsScope = 0; permissionItemEntity.AllowDelete = 1; permissionItemEntity.AllowEdit = 1; permissionItemEntity.DeletionStateCode = 0; permissionItemEntity.Enabled = 1; // 这里是防止主键重复? // permissionEntity.ID = BaseBusinessLogic.NewGuid(); permissionItemManager.AddEntity(permissionItemEntity); } else { // 更新最后一次访问日期,设置为当前服务器日期 SQLBuilder sqlBuilder = new SQLBuilder(DbHelper); sqlBuilder.BeginUpdate(this.CurrentTableName); sqlBuilder.SetDBNow(BasePermissionItemEntity.FieldLastCall); sqlBuilder.SetWhere(BasePermissionItemEntity.FieldId, permissionItemId); sqlBuilder.EndUpdate(); } #endif if (string.IsNullOrEmpty(permissionItemId)) { return(false); } string sqlQuery = " SELECT COUNT(*) " + " FROM " + this.CurrentTableName + " WHERE " + "(" + BasePermissionEntity.FieldResourceCategory + " = '" + BaseRoleEntity.TableName + "') " + " AND (" + BasePermissionEntity.FieldEnabled + " = 1) " + " AND (" + BasePermissionEntity.FieldResourceId + " = '" + roleId + "' ) " + " AND (" + BasePermissionEntity.FieldPermissionItemId + " = '" + permissionItemId + "') "; int rowCount = 0; object returnObject = DbHelper.ExecuteScalar(sqlQuery); if (returnObject != null) { rowCount = int.Parse(returnObject.ToString()); } return(rowCount > 0); }
public new string GetIdByCode(string permissionItemCode) { string tableName = BasePermissionScopeEntity.TableName; if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode)) { tableName = BaseSystemInfo.SystemCode + "PermissionItem"; } BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper, this.UserInfo, tableName); // 这里应该是若不存在就自动加一个操作权限 return(permissionItemManager.GetIdByAdd(permissionItemCode)); }
/// <summary> /// 用户角色关系是否有模块权限 /// </summary> /// <param name="roleId">角色主键</param> /// <param name="permissionItemCode">权限编号</param> /// <returns>有角色权限</returns> public bool CheckPermissionByRole(string roleId, string permissionItemCode) { BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper, UserInfo); string permissionItemId = permissionItemManager.GetProperty(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldCode, permissionItemCode), BasePermissionItemEntity.FieldId); // 判断当前判断的权限是否存在,否则很容易出现前台设置了权限,后台没此项权限 // 需要自动的能把前台判断过的权限,都记录到后台来 #if (DEBUG) if (String.IsNullOrEmpty(permissionItemId)) { BasePermissionItemEntity permissionItemEntity = new BasePermissionItemEntity(); permissionItemEntity.Code = permissionItemCode; permissionItemEntity.FullName = permissionItemCode; permissionItemEntity.ParentId = string.Empty; permissionItemEntity.IsScope = 0; permissionItemEntity.AllowDelete = 1; permissionItemEntity.AllowEdit = 1; permissionItemEntity.DeletionStateCode = 0; permissionItemEntity.Enabled = 1; // 这里是防止主键重复? // permissionEntity.ID = BaseBusinessLogic.NewGuid(); permissionItemManager.AddEntity(permissionItemEntity); } else { // 更新最后一次访问日期,设置为当前服务器日期 SQLBuilder sqlBuilder = new SQLBuilder(DbHelper); sqlBuilder.BeginUpdate(this.CurrentTableName); sqlBuilder.SetDBNow(BasePermissionItemEntity.FieldLastCall); sqlBuilder.SetWhere(BasePermissionItemEntity.FieldId, permissionItemId); sqlBuilder.EndUpdate(); } #endif if (string.IsNullOrEmpty(permissionItemId)) { return false; } string sqlQuery = " SELECT COUNT(*) " + " FROM " + this.CurrentTableName + " WHERE " + "(" + BasePermissionEntity.FieldResourceCategory + " = '" + BaseRoleEntity.TableName + "') " + " AND (" + BasePermissionEntity.FieldEnabled + " = 1) " + " AND (" + BasePermissionEntity.FieldResourceId + " = '" + roleId + "' ) " + " AND (" + BasePermissionEntity.FieldPermissionItemId + " = '" + permissionItemId + "') "; int rowCount = 0; object returnObject = DbHelper.ExecuteScalar(sqlQuery); if (returnObject != null) { rowCount = int.Parse(returnObject.ToString()); } return rowCount > 0; }
/// <summary> /// 判断用户是否有有相应的权限 /// </summary> /// <param name="userId">用户主键</param> /// <param name="permissionItemCode">权限编号</param> /// <returns>有权限</returns> public bool CheckPermission(string userId, string permissionItemCode) { BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper); string permissionItemId = permissionItemManager.GetIdByCode(permissionItemCode); // 没有找到相应的权限 if (String.IsNullOrEmpty(permissionItemId)) { return(false); } List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >(); parameters.Add(new KeyValuePair <string, object>(BasePermissionEntity.FieldResourceCategory, BaseUserEntity.TableName)); parameters.Add(new KeyValuePair <string, object>(BasePermissionEntity.FieldResourceId, userId)); parameters.Add(new KeyValuePair <string, object>(BasePermissionEntity.FieldEnabled, "1")); return(DbLogic.Exists(DbHelper, this.CurrentTableName, parameters)); }
/// <summary> /// 添加操作权限 /// </summary> /// <param name="userInfo">用户</param> /// <param name="permissionCode">权限编号</param> /// <returns>主键</returns> public string AddPermission(BaseUserInfo userInfo, string permissionCode) { // 加强安全验证防止未授权匿名调用 #if (!DEBUG) LogOnService.UserIsLogOn(userInfo); #endif string returnValue = string.Empty; using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType)) { try { dbHelper.Open(UserCenterDbConnection); BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(dbHelper, userInfo); string statusCode = string.Empty; BasePermissionItemEntity permissionItemEntity = new BasePermissionItemEntity(); permissionItemEntity.Code = permissionCode; permissionItemEntity.Enabled = 1; permissionItemEntity.AllowDelete = 1; permissionItemEntity.AllowEdit = 1; permissionItemEntity.IsScope = 0; returnValue = permissionItemManager.Add(permissionItemEntity, out statusCode); BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, AppMessage.MSG0091, MethodBase.GetCurrentMethod()); } catch (Exception ex) { BaseExceptionManager.LogException(dbHelper, userInfo, ex); throw ex; } finally { dbHelper.Close(); } } return returnValue; }
/// <summary> /// 获取委托列表 /// </summary> /// <param name="permissionItemCode">操作权限编号</param> /// <param name="userId">用户主键</param> /// <returns>数据表</returns> public DataTable GetAuthorizeDT(string permissionItemCode, string userId = null) { if (userId == null) { userId = this.UserInfo.Id; } // 获取别人委托我的列表 string permissionItemId = string.Empty; BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(this.UserInfo); permissionItemId = permissionItemManager.GetIdByCode(permissionItemCode); BasePermissionScopeManager permissionScopeManager = new BasePermissionScopeManager(this.UserInfo); string[] names = new string[]{ BasePermissionScopeEntity.FieldDeletionStateCode , BasePermissionScopeEntity.FieldEnabled , BasePermissionScopeEntity.FieldResourceCategory , BasePermissionScopeEntity.FieldPermissionItemId , BasePermissionScopeEntity.FieldTargetCategory , BasePermissionScopeEntity.FieldTargetId}; Object[] values = new Object[] { 0, 1, BaseUserEntity.TableName, permissionItemId, BaseUserEntity.TableName, userId }; // 排除过期的,此方法有性能问题,已经放到后台的Sql中处理。 comment by zgl on 2011-10-27 //DataTable dt = permissionScopeManager.GetDataTable(names, values); //for (int i = 0; i < dt.Rows.Count; i++) //{ // if (!string.IsNullOrEmpty(dt.Rows[i][BasePermissionScopeEntity.FieldEndDate].ToString())) // { // // 过期的不显示 // if (DateTime.Parse(dt.Rows[i][BasePermissionScopeEntity.FieldEndDate].ToString()).Date < DateTime.Now.Date) // { // dt.Rows.RemoveAt(i); // // dt 行数会减少 // i--; // } // } //} //排除过期的,已经放到后台的Sql中处理。 DataTable dt = permissionScopeManager.GetAuthoriedList(BaseUserEntity.TableName, permissionItemId, BaseUserEntity.TableName, userId); string[] userIds = BaseBusinessLogic.FieldToArray(dt, BasePermissionScopeEntity.FieldResourceId); BaseUserManager userManager = new BaseUserManager(this.UserInfo); return userManager.GetDataTable(userIds); }
/// <summary> /// 是否有相应的权限 /// </summary> /// <param name="userId">用户主键</param> /// <param name="permissionItemCode">权限编号</param> /// <returns>是否有权限</returns> public bool IsModuleAuthorized(string userId, string moduleCode, string permissionItemCode) { BaseModuleManager moduleManager = new BaseModuleManager(DbHelper); string moduleId = moduleManager.GetIdByCode(moduleCode); BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper); string permissionItemId = permissionItemManager.GetIdByCode(permissionItemCode); // 判断员工权限 if (this.CheckUserModulePermission(userId, moduleId, permissionItemId)) { return true; } // 判断员工角色权限 if (this.CheckRoleModulePermission(userId, moduleId, permissionItemId)) { return true; } return false; }
/// <summary> /// 按某个权限获取员工 Sql /// </summary> /// <param name="managerUserId">管理用户主键</param> /// <param name="permissionItemCode">权限编号</param> /// <returns>Sql</returns> public string GetUserIdsSql(string managerUserId, string permissionItemCode) { BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper); string permissionItemId = permissionItemManager.GetIdByCode(permissionItemCode); string sqlQuery = string.Empty; // 直接管理的用户 sqlQuery = " SELECT BasePermissionScope.TargetId AS " + BaseBusinessLogic.FieldId + " FROM BasePermissionScope " + " WHERE (BasePermissionScope.TargetCategory = '" + BaseUserEntity.TableName + "'" + " AND BasePermissionScope.ResourceId = '" + managerUserId + "'" + " AND BasePermissionScope.ResourceCategory = '" + BaseUserEntity.TableName + "'" + " AND BasePermissionScope.PermissionId = '" + permissionItemId + "'" + " AND BasePermissionScope.TargetId IS NOT NULL) "; // 被管理部门的列表 string[] organizeIds = this.GetOrganizeIds(managerUserId, permissionItemCode, false); if (organizeIds != null && organizeIds.Length > 0) { // 是否仅仅是自己的还有点儿问题 if (StringUtil.Exists(organizeIds, ((int)PermissionScope.User).ToString())) { sqlQuery += " UNION SELECT '" + this.UserInfo.Id + "' AS Id "; } else { string organizes = BaseBusinessLogic.ObjectsToList(organizeIds); if (!String.IsNullOrEmpty(organizes)) { // 被管理的组织机构包含的用户,公司、部门、工作组 // sqlQuery += " UNION " // + " SELECT " + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldUserId + " AS " + BaseBusinessLogic.FieldId // + " FROM " + BaseStaffEntity.TableName // + " WHERE (" + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldCompanyId + " IN (" + organizes + ") " // + " OR " + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldDepartmentId + " IN (" + organizes + ") " // + " OR " + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldWorkgroupId + " IN (" + organizes + ")) "; sqlQuery += " UNION " + " SELECT " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldId + " AS " + BaseBusinessLogic.FieldId + " FROM " + BaseUserEntity.TableName + " WHERE (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldDeletionStateCode + " = 0 ) " + " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldEnabled + " = 1 ) " + " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldCompanyId + " IN (" + organizes + ") " + " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldSubCompanyId + " IN (" + organizes + ") " + " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldDepartmentId + " IN (" + organizes + ") " + " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldWorkgroupId + " IN (" + organizes + ")) "; } } } // 被管理角色列表 string[] roleIds = this.GetRoleIds(managerUserId, permissionItemCode); if (roleIds.Length > 0) { string roles = BaseBusinessLogic.ObjectsToList(roleIds); if (!String.IsNullOrEmpty(roles)) { // 被管理的角色包含的员工 sqlQuery += " UNION " + " SELECT " + BaseUserRoleEntity.TableName + "." + BaseUserRoleEntity.FieldUserId + " AS " + BaseBusinessLogic.FieldId + " FROM " + BaseUserRoleEntity.TableName + " WHERE (" + BaseUserRoleEntity.TableName + "." + BaseUserRoleEntity.FieldEnabled + " = 1 " + " AND " + BaseUserRoleEntity.TableName + "." + BaseUserRoleEntity.FieldDeletionStateCode + " = 0 " + " AND " + BaseUserRoleEntity.TableName + "." + BaseUserRoleEntity.FieldRoleId + " IN (" + roles + ")) "; } } return sqlQuery; }
/// <summary> /// 用户的所有可授权范围(有授权权限的权限列表) /// </summary> /// <param name="userInfo">用户</param> /// <param name="userId">用户主键</param> /// <param name="permissionItemCode">权限域编号</param> /// <returns>数据表</returns> public DataTable GetPermissionItemDTByPermissionScope(BaseUserInfo userInfo, string userId, string permissionItemCode) { // 写入调试信息 #if (DEBUG) int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod()); #endif // 加强安全验证防止未授权匿名调用 #if (!DEBUG) LogOnService.UserIsLogOn(userInfo); #endif DataTable dataTable = new DataTable(BasePermissionItemEntity.TableName); using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType)) { try { dbHelper.Open(UserCenterDbConnection); BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(dbHelper, userInfo); string permissionItemId = permissionItemManager.GetId(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldCode, permissionItemCode)); // 数据库里没有设置可授权的权限项,系统自动增加一个权限配置项 if (String.IsNullOrEmpty(permissionItemId) && permissionItemCode.Equals("Resource.ManagePermission")) { BasePermissionItemEntity permissionItemEntity = new BasePermissionItemEntity(); permissionItemEntity.Code = "Resource.ManagePermission"; permissionItemEntity.FullName = "资源管理范围权限(系统默认)"; permissionItemEntity.IsScope = 1; permissionItemEntity.Enabled = 1; permissionItemEntity.AllowDelete = 0; permissionItemEntity.AllowDelete = 0; permissionItemManager.AddEntity(permissionItemEntity); } dataTable = permissionItemManager.GetDataTableByUser(userId, permissionItemCode); dataTable.TableName = BasePermissionItemEntity.TableName; BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, AppMessage.PermissionService_GetPermissionItemDTByPermission, MethodBase.GetCurrentMethod()); } catch (Exception ex) { BaseExceptionManager.LogException(dbHelper, userInfo, ex); throw ex; } finally { dbHelper.Close(); } } // 写入调试信息 #if (DEBUG) BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart); #endif return dataTable; }
/// <summary> /// 获取约束条件(所有的约束) /// </summary> /// <param name="userInfo">用户</param> /// <param name="resourceCategory">资源类别</param> /// <param name="resourceId">资源主键</param> /// <returns>数据表</returns> public DataTable GetConstraintDT(string resourceCategory, string resourceId, string permissionCode = "Resource.AccessPermission") { DataTable dataTable = new DataTable(BaseTableColumnsEntity.TableName); /* -- 这里是都有哪些表? SELECT ItemValue, ItemName FROM ItemsTablePermissionScope WHERE (DeletionStateCode = 0) AND (Enabled = 1) ORDER BY ItemsTablePermissionScope.SortCode */ /* -- 这里是都有有哪些表达式 SELECT Id, TargetId, PermissionConstraint -- 对什么表有什么表达式? FROM BasePermissionScope WHERE (ResourceId = 10000000) AND (ResourceCategory = 'BaseRole') -- 什么角色? AND (TargetId = 'BaseUser') AND (TargetCategory = 'Table') AND (PermissionId = 10000001) -- 有什么权限?(资源访问权限) AND (DeletionStateCode = 0) AND (Enabled = 1) */ string permissionId = string.Empty; BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(this.UserInfo); permissionId = permissionItemManager.GetIdByAdd(permissionCode); string sqlQuery = @" SELECT BasePermissionScope.Id , ItemsTablePermissionScope.ItemValue AS TableCode , ItemsTablePermissionScope.ItemName AS TableName , BasePermissionScope.PermissionConstraint , ItemsTablePermissionScope.SortCode FROM ( SELECT ItemValue , ItemName , SortCode FROM ItemsTablePermissionScope WHERE (DeletionStateCode = 0) AND (Enabled = 1) ) AS ItemsTablePermissionScope LEFT OUTER JOIN (SELECT Id , TargetId , PermissionConstraint FROM BasePermissionScope WHERE (ResourceCategory = '" + resourceCategory + @"') AND (ResourceId = " + resourceId + @") AND (TargetCategory = 'Table') AND (PermissionId = " + permissionId.ToString() + @") AND (DeletionStateCode = 0) AND (Enabled = 1) ) AS BasePermissionScope ON ItemsTablePermissionScope.ItemValue = BasePermissionScope.TargetId ORDER BY ItemsTablePermissionScope.SortCode "; dataTable = this.Fill(sqlQuery); dataTable.TableName = BaseTableColumnsEntity.TableName; return dataTable; }
public BasePermissionScopeEntity GetConstraintEntity(string resourceCategory, string resourceId, string tableName, string permissionCode = "Resource.AccessPermission") { BasePermissionScopeEntity entity = null; string permissionId = string.Empty; BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(this.UserInfo); permissionId = permissionItemManager.GetIdByAdd(permissionCode); List<KeyValuePair<string, object>> parameters = new List<KeyValuePair<string, object>>(); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldResourceCategory, resourceCategory)); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldResourceId, resourceId)); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldTargetCategory, "Table")); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldTargetId, tableName)); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldPermissionItemId, permissionId)); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldDeletionStateCode, 0)); // 1:先获取是否有这样的主键,若有进行更新操作。 BasePermissionScopeManager manager = new BasePermissionScopeManager(this.DbHelper, this.UserInfo); DataTable dt = manager.GetDataTable(parameters); if (dt.Rows.Count > 0) { entity = new BasePermissionScopeEntity(dt); } return entity; }
/// <summary> /// 操作权限列表 /// </summary> /// <param name="moduleId">模块主键</param> /// <returns>数据表</returns> private DataTable GetPermissionItemDT(string moduleId) { string commandText = @" SELECT * FROM BasePermissionItem WHERE (Id IN (SELECT PermissionId FROM BasePermission WHERE (ResourceId = '" + moduleId + @"') AND (ResourceCategory = 'BaseModule') AND (DeletionStateCode = 0))) AND (Enabled = 1) AND (DeletionStateCode = 0) ORDER BY SortCode "; BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(this.UserInfo); return permissionItemManager.Fill(commandText); }
/// <summary> /// 更新实体 /// </summary> /// <param name="userInfo">用户</param> /// <param name="permissionItemEntity">实体</param> /// <param name="statusCode">状态码</param> /// <param name="statusMessage">状态信息</param> /// <returns>影响行数</returns> public int Update(BaseUserInfo userInfo, BasePermissionItemEntity permissionItemEntity, out string statusCode, out string statusMessage) { // 写入调试信息 #if (DEBUG) int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod()); #endif // 加强安全验证防止未授权匿名调用 #if (!DEBUG) LogOnService.UserIsLogOn(userInfo); #endif statusCode = string.Empty; statusMessage = string.Empty; int returnValue = 0; using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType)) { try { dbHelper.Open(UserCenterDbConnection); string tableName = BasePermissionItemEntity.TableName; if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode)) { tableName = BaseSystemInfo.SystemCode + "PermissionItem"; } BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(dbHelper, userInfo, tableName); returnValue = permissionItemManager.Update(permissionItemEntity, out statusCode); // 获得状态消息 statusMessage = permissionItemManager.GetStateMessage(statusCode); BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, AppMessage.PermissionItemService_Update, MethodBase.GetCurrentMethod()); } catch (Exception ex) { BaseExceptionManager.LogException(dbHelper, userInfo, ex); throw ex; } finally { dbHelper.Close(); } } // 写入调试信息 #if (DEBUG) BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart); #endif return returnValue; }
/// <summary> /// 按编号获取实体 /// </summary> /// <param name="userInfo">用户</param> /// <param name="code">编号</param> /// <returns>实体</returns> public BasePermissionItemEntity GetEntityByCode(BaseUserInfo userInfo, string code) { // 写入调试信息 #if (DEBUG) int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod()); #endif // 加强安全验证防止未授权匿名调用 #if (!DEBUG) LogOnService.UserIsLogOn(userInfo); #endif BasePermissionItemEntity permissionItemEntity = null; using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType)) { try { dbHelper.Open(UserCenterDbConnection); string tableName = BasePermissionItemEntity.TableName; if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode)) { tableName = BaseSystemInfo.SystemCode + "PermissionItem"; } BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(dbHelper, userInfo, tableName); permissionItemEntity = new BasePermissionItemEntity(permissionItemManager.GetDataTableByCode(code)); BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, AppMessage.PermissionItemService_GetEntityByCode, MethodBase.GetCurrentMethod()); } catch (Exception ex) { BaseExceptionManager.LogException(dbHelper, userInfo, ex); throw ex; } finally { dbHelper.Close(); } } // 写入调试信息 #if (DEBUG) BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart); #endif return permissionItemEntity; }
/// <summary> /// 批量移动实体 /// </summary> /// <param name="userInfo">用户</param> /// <param name="permissionItemIds">权限项主键数组</param> /// <param name="parentId">父主键</param> /// <returns>影响行数</returns> public int BatchMoveTo(BaseUserInfo userInfo, string[] permissionItemIds, string parentId) { // 写入调试信息 #if (DEBUG) int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod()); #endif // 加强安全验证防止未授权匿名调用 #if (!DEBUG) LogOnService.UserIsLogOn(userInfo); #endif int returnValue = 0; using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType)) { try { dbHelper.Open(UserCenterDbConnection); string tableName = BasePermissionItemEntity.TableName; if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode)) { tableName = BaseSystemInfo.SystemCode + "PermissionItem"; } BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(dbHelper, userInfo, tableName); for (int i = 0; i < permissionItemIds.Length; i++) { returnValue += permissionItemManager.MoveTo(permissionItemIds[i], parentId); } BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, AppMessage.PermissionItemService_BatchMoveTo, MethodBase.GetCurrentMethod()); } catch (Exception ex) { BaseExceptionManager.LogException(dbHelper, userInfo, ex); throw ex; } finally { dbHelper.Close(); } } // 写入调试信息 #if (DEBUG) BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart); #endif return returnValue; }
public new string GetIdByCode(string permissionItemCode) { string tableName = BaseRoleEntity.TableName; if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode)) { tableName = BaseSystemInfo.SystemCode + "PermissionItem"; } BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper); // 这里应该是若不存在就自动加一个操作权限 return permissionItemManager.GetIdByAdd(permissionItemCode); }
/// <summary> /// 撤销用户权限 /// </summary> /// <param name="userInfo">用户</param> /// <param name="userName">用户名</param> /// <param name="permissionItemCode">权限编号</param> /// <returns>主键</returns> public int RevokeUserPermission(BaseUserInfo userInfo, string userName, string permissionItemCode) { // 加强安全验证防止未授权匿名调用 #if (!DEBUG) LogOnService.UserIsLogOn(userInfo); #endif int returnValue = 0; using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType)) { try { dbHelper.Open(UserCenterDbConnection); BaseUserManager userManager = new BaseUserManager(dbHelper, userInfo); string userId = userManager.GetId(new KeyValuePair<string, object>(BaseUserEntity.FieldUserName, userName)); BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(dbHelper, userInfo); string permissionItemId = permissionItemManager.GetId(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldCode, permissionItemCode)); if (!String.IsNullOrEmpty(userId) && !String.IsNullOrEmpty(permissionItemId)) { BaseUserPermissionManager userPermissionManager = new BaseUserPermissionManager(dbHelper, userInfo); returnValue = userPermissionManager.Revoke(userId, permissionItemId); } } catch (Exception ex) { BaseExceptionManager.LogException(dbHelper, userInfo, ex); throw ex; } finally { dbHelper.Close(); } } return returnValue; }
/// <summary> /// 删除权限 /// </summary> /// <param name="userInfo">用户</param> /// <param name="permissionItemCode">权限编号</param> /// <returns>影响行数</returns> public int DeletePermission(BaseUserInfo userInfo, string permissionItemCode) { // 加强安全验证防止未授权匿名调用 #if (!DEBUG) LogOnService.UserIsLogOn(userInfo); #endif int returnValue = 0; using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType)) { try { dbHelper.Open(UserCenterDbConnection); BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(dbHelper, userInfo); string id = permissionItemManager.GetId(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldCode, permissionItemCode)); if (!String.IsNullOrEmpty(id)) { // 在删除时,可能会把相关的其他配置权限会删除掉,所以需要调用这个方法。 returnValue = permissionItemManager.Delete(id); } } catch (Exception ex) { BaseExceptionManager.LogException(dbHelper, userInfo, ex); throw ex; } finally { dbHelper.Close(); } } return returnValue; }
/// <summary> /// 设置约束条件 /// </summary> /// <param name="userInfo">用户</param> /// <param name="resourceCategory">资源类别</param> /// <param name="resourceId">资源主键</param> /// <param name="tableName">表名</param> /// <param name="constraint">约束</param> /// <param name="enabled">有效</param> /// <param name="permissionCode">操作权限项</param> /// <returns>主键</returns> public string SetConstraint(string resourceCategory, string resourceId, string tableName, string permissionCode, string constraint, bool enabled = true) { string returnValue = string.Empty; string permissionId = string.Empty; BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(this.UserInfo); permissionId = permissionItemManager.GetIdByAdd(permissionCode); List<KeyValuePair<string, object>> parameters = new List<KeyValuePair<string, object>>(); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldResourceCategory, resourceCategory)); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldResourceId, resourceId)); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldTargetCategory, "Table")); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldTargetId, tableName)); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldPermissionItemId, permissionId)); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldDeletionStateCode, 0)); BasePermissionScopeManager manager = new BasePermissionScopeManager(this.DbHelper, this.UserInfo); // 1:先获取是否有这样的主键,若有进行更新操作。 // 2:若没有进行添加操作。 returnValue = manager.GetId(parameters); if (!string.IsNullOrEmpty(returnValue)) { parameters = new List<KeyValuePair<string, object>>(); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldPermissionConstraint, constraint)); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldEnabled, enabled ? 1 : 0)); manager.SetProperty(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldId, returnValue), parameters); } else { BasePermissionScopeEntity entity = new BasePermissionScopeEntity(); entity.ResourceCategory = resourceCategory; entity.ResourceId = resourceId; entity.TargetCategory = "Table"; entity.TargetId = tableName; entity.PermissionConstraint = constraint; entity.PermissionId = int.Parse(permissionId); entity.DeletionStateCode = 0; entity.Enabled = enabled ? 1: 0; returnValue = manager.Add(entity); } return returnValue; }
/// <summary> /// 获取用户的件约束表达式 /// </summary> /// <param name="userInfo">用户</param> /// <param name="tableName">表名</param> /// <returns>主键</returns> public string GetUserConstraint(string tableName, string permissionCode = "Resource.AccessPermission") { string returnValue = string.Empty; // 这里是获取用户的条件表达式 // 1: 首先用户在哪些角色里是有效的? // 2: 这些角色都有哪些哪些条件约束? // 3: 组合约束条件? // 4:用户本身的约束条件? string permissionId = string.Empty; BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(this.UserInfo); permissionId = permissionItemManager.GetIdByAdd(permissionCode); BaseUserManager manager = new BaseUserManager(this.DbHelper, this.UserInfo); string[] roleIds = manager.GetAllRoleIds(UserInfo.Id); if (roleIds == null || roleIds.Length == 0) { return returnValue; } BasePermissionScopeManager scopeManager = new BasePermissionScopeManager(this.DbHelper, this.UserInfo); List<KeyValuePair<string, object>> parameters = new List<KeyValuePair<string, object>>(); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldResourceCategory, BaseRoleEntity.TableName)); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldResourceId, roleIds)); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldTargetCategory, "Table")); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldTargetId, tableName)); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldPermissionItemId, permissionId)); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldEnabled, 1)); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldDeletionStateCode, 0)); DataTable dtPermissionScope = scopeManager.GetDataTable(parameters); string permissionConstraint = string.Empty; foreach (DataRow dataRow in dtPermissionScope.Rows) { permissionConstraint = dataRow[BasePermissionScopeEntity.FieldPermissionConstraint].ToString(); permissionConstraint = permissionConstraint.Trim(); if (!string.IsNullOrEmpty(permissionConstraint)) { returnValue += " AND " + permissionConstraint; } } if (!string.IsNullOrEmpty(returnValue)) { returnValue = returnValue.Substring(5); // 解析替换约束表达式标准函数 returnValue = ConstraintUtil.PrepareParameter(this.UserInfo, returnValue); } return returnValue; }
/// <summary> /// 按主键数组获取列表 /// </summary> /// <param name="userInfo">用户</param> /// <param name="ids">组织机构主键</param> /// <returns>数据表</returns> public DataTable GetDataTableByIds(BaseUserInfo userInfo, string[] ids) { // 写入调试信息 #if (DEBUG) int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod()); #endif // 加强安全验证防止未授权匿名调用 #if (!DEBUG) LogOnService.UserIsLogOn(userInfo); #endif DataTable dataTable = new DataTable(BasePermissionItemEntity.TableName); using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType)) { try { dbHelper.Open(UserCenterDbConnection); BasePermissionItemManager permissionItem = new BasePermissionItemManager(dbHelper, userInfo); dataTable = permissionItem.GetDataTable(BasePermissionItemEntity.FieldId, ids, BasePermissionItemEntity.FieldSortCode); dataTable.TableName = BasePermissionItemEntity.TableName; BaseLogManager.Instance.Add(dbHelper, userInfo, serviceName, AppMessage.PermissionItemService_GetDataTable, MethodBase.GetCurrentMethod()); } catch (Exception ex) { BaseExceptionManager.LogException(dbHelper, userInfo, ex); throw ex; } finally { dbHelper.Close(); } } // 写入调试信息 #if (DEBUG) BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart); #endif return dataTable; }
/// <summary> /// 获得某个用户的所有权限列表 /// </summary> /// <param name="userInfo">用户</param> /// <param name="userId">用户主键</param> /// <returns>数据表</returns> public DataTable GetPermissionDTByUser(BaseUserInfo userInfo, string userId) { // 写入调试信息 #if (DEBUG) int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod()); #endif // 加强安全验证防止未授权匿名调用 #if (!DEBUG) LogOnService.UserIsLogOn(userInfo); #endif DataTable dataTable = new DataTable(BasePermissionItemEntity.TableName); using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType)) { try { dbHelper.Open(UserCenterDbConnection); string tableName = BasePermissionItemEntity.TableName; if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode)) { tableName = BaseSystemInfo.SystemCode + "PermissionItem"; } // 是否超级管理员 BaseUserManager userManager = new BaseUserManager(dbHelper, userInfo); BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(dbHelper, userInfo, tableName); if (userManager.IsAdministrator(userId)) { dataTable = permissionItemManager.GetDataTable(); } else { tableName = BasePermissionEntity.TableName; if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode)) { tableName = BaseSystemInfo.SystemCode + "Permission"; } BasePermissionManager permissionManager = new BasePermissionManager(dbHelper, userInfo, tableName); string[] ids = permissionManager.GetPermissionIdsByUser(userId); // 若是以前赋予的权限,后来有些权限设置为无效了,那就不应该再获取哪些无效的权限才对。 // bug修正:没有赋值DataTable,导致返回值空 dataTable = permissionItemManager.GetDataTable( new KeyValuePair<string, object>(BasePermissionItemEntity.FieldId, ids) , new KeyValuePair<string, object>(BasePermissionItemEntity.FieldEnabled, 1) , new KeyValuePair<string, object>(BasePermissionItemEntity.FieldDeletionStateCode, 0)); } dataTable.TableName = tableName; BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, AppMessage.PermissionService_GetPermissionDTByUser, MethodBase.GetCurrentMethod()); } catch (Exception ex) { BaseExceptionManager.LogException(dbHelper, userInfo, ex); throw ex; } finally { dbHelper.Close(); } } // 写入调试信息 #if (DEBUG) BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart); #endif return dataTable; }
/// <summary> /// 获取授权范围 /// </summary> /// <param name="userInfo">用户</param> /// <param name="userId">用户主键</param> /// <returns>数据表</returns> public DataTable GetLicensedDT(BaseUserInfo userInfo, string userId) { // 写入调试信息 #if (DEBUG) int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod()); #endif // 加强安全验证防止未授权匿名调用 #if (!DEBUG) LogOnService.UserIsLogOn(userInfo); #endif DataTable dataTable = new DataTable(BasePermissionItemEntity.TableName); using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType)) { try { dbHelper.Open(UserCenterDbConnection); string tableName = BasePermissionItemEntity.TableName; if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode)) { tableName = BaseSystemInfo.SystemCode + "PermissionItem"; } BasePermissionItemManager permissionAdminManager = new BasePermissionItemManager(dbHelper, userInfo, tableName); string permissionItemId = permissionAdminManager.GetId(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldDeletionStateCode, 0), new KeyValuePair<string, object>(BasePermissionItemEntity.FieldCode, "Resource.ManagePermission")); dataTable = permissionAdminManager.GetDataTableByUser(userId, permissionItemId); dataTable.TableName = BasePermissionItemEntity.TableName; BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, AppMessage.PermissionItemService_GetLicensedDT, MethodBase.GetCurrentMethod()); } catch (Exception ex) { BaseExceptionManager.LogException(dbHelper, userInfo, ex); throw ex; } finally { dbHelper.Close(); } } // 写入调试信息 #if (DEBUG) BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart); #endif return dataTable; }
public DataTable Search(string permissionScopeItemCode, string search, string[] roleIds, bool? enabled, string auditStates,string departmentId) { search = StringUtil.GetSearchString(search); string sqlQuery = " SELECT " + BaseUserEntity.TableName + ".* " + "," + BaseRoleEntity.TableName + "." + BaseRoleEntity.FieldRealName + " AS RoleName " + " FROM " + BaseUserEntity.TableName + " LEFT OUTER JOIN " + BaseRoleEntity.TableName + " ON " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldRoleId + " = " + BaseRoleEntity.TableName + "." + BaseRoleEntity.FieldId // 被删除的排出在外比较好一些 + " WHERE " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldDeletionStateCode + " = 0 " + " AND " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldIsVisible + " = 1 "; if (!String.IsNullOrEmpty(search)) { sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldUserName + " LIKE '" + search + "'" + " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldCode + " LIKE '" + search + "'" + " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldRealName + " LIKE '" + search + "'" + " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldQuickQuery + " LIKE '" + search + "'" + " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldDepartmentName + " LIKE '" + search + "'" + " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldDescription + " LIKE '" + search + "')"; } if (!string.IsNullOrEmpty(departmentId)) { BaseOrganizeManager organizeManager = new BaseOrganizeManager(this.DbHelper, this.UserInfo); string[] organizeIds = organizeManager.GetChildrensId(BaseOrganizeEntity.FieldId, departmentId, BaseOrganizeEntity.FieldParentId); if (organizeIds != null && organizeIds.Length > 0) { sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldCompanyId + " IN (" + StringUtil.ArrayToList(organizeIds) + ")" + " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldDepartmentId + " IN (" + StringUtil.ArrayToList(organizeIds) + ")" + " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldWorkgroupId + " IN (" + StringUtil.ArrayToList(organizeIds) + "))"; } } if (!String.IsNullOrEmpty(auditStates)) { sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldAuditStatus + " = '" + auditStates + "')"; } if (enabled != null) { sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldEnabled + " = " + ((bool)enabled ? 1:0) + ")"; } if ((roleIds != null) && (roleIds.Length > 0)) { string roles = StringUtil.ArrayToList(roleIds, "'"); sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldRoleId + " IN (" + roles + ") "; sqlQuery += " OR " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldId + " IN (" + "SELECT " + BaseUserRoleEntity.FieldUserId + " FROM " + BaseUserRoleEntity.TableName + " WHERE " + BaseUserRoleEntity.FieldRoleId + " IN (" + roles + ")" + "))"; } // 是否过滤用户, 获得组织机构列表, 这里需要一个按用户过滤得功能 if ((!UserInfo.IsAdministrator) && (BaseSystemInfo.UsePermissionScope)) { // string permissionScopeItemCode = "Resource.ManagePermission"; BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(this.DbHelper, this.UserInfo); string permissionScopeItemId = permissionItemManager.GetId(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldCode, permissionScopeItemCode)); if (!string.IsNullOrEmpty(permissionScopeItemId)) { // 从小到大的顺序进行显示,防止错误发生 BaseUserScopeManager userPermissionScopeManager = new BaseUserScopeManager(this.DbHelper, this.UserInfo); string[] organizeIds = userPermissionScopeManager.GetOrganizeIds(this.UserInfo.Id, permissionScopeItemId); // 没有任何数据权限 if (StringUtil.Exists(organizeIds, ((int)PermissionScope.None).ToString())) { sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldId + " = NULL ) "; } // 按详细设定的数据 if (StringUtil.Exists(organizeIds, ((int)PermissionScope.Detail).ToString())) { BasePermissionScopeManager permissionScopeManager = new BasePermissionScopeManager(DbHelper, UserInfo); string[] userIds = permissionScopeManager.GetUserIds(UserInfo.Id, permissionScopeItemCode); sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldId + " IN (" + BaseBusinessLogic.ObjectsToList(userIds) + ")) "; } // 自己的数据,仅本人 if (StringUtil.Exists(organizeIds, ((int)PermissionScope.User).ToString())) { sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldId + " = " + this.UserInfo.Id + ") "; } // 用户所在工作组数据 if (StringUtil.Exists(organizeIds, ((int)PermissionScope.UserWorkgroup).ToString())) { sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldWorkgroupId + " = " + this.UserInfo.WorkgroupId + ") "; } // 用户所在部门数据 if (StringUtil.Exists(organizeIds, ((int)PermissionScope.UserDepartment).ToString())) { sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldDepartmentId + " = " + this.UserInfo.DepartmentId + ") "; } // 用户所在分支机构数据 if (StringUtil.Exists(organizeIds, ((int)PermissionScope.UserSubCompany).ToString())) { sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldSubCompanyId + " = " + this.UserInfo.SubCompanyId + ") "; } // 用户所在公司数据 if (StringUtil.Exists(organizeIds, ((int)PermissionScope.UserCompany).ToString())) { sqlQuery += " AND (" + BaseUserEntity.TableName + "." + BaseUserEntity.FieldCompanyId + " = " + this.UserInfo.CompanyId + ") "; } // 全部数据,这里就不用设置过滤条件了 if (StringUtil.Exists(organizeIds, ((int)PermissionScope.All).ToString())) { } } } sqlQuery += " ORDER BY " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldSortCode; return DbHelper.Fill(sqlQuery); }
/// <summary> /// 获取资源权限范围主键数组 /// </summary> /// <param name="userInfo">用户</param> /// <param name="resourceCategory">资源分类</param> /// <param name="resourceId">资源主键</param> /// <param name="targetCategory">目标类别</param> /// <param name="permissionItemCode">权限编号</param> /// <returns>主键数组</returns> public string[] GetPermissionScopeTargetIds(BaseUserInfo userInfo, string resourceCategory, string resourceId, string targetCategory, string permissionItemCode) { // 写入调试信息 #if (DEBUG) int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod()); #endif // 加强安全验证防止未授权匿名调用 #if (!DEBUG) LogOnService.UserIsLogOn(userInfo); #endif string[] returnValue = null; using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType)) { try { dbHelper.Open(UserCenterDbConnection); string tableName = BasePermissionItemEntity.TableName; if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode)) { tableName = BaseSystemInfo.SystemCode + "PermissionItem"; } BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(dbHelper, userInfo, tableName); string permissionItemId = permissionItemManager.GetId(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldCode, permissionItemCode)); List<KeyValuePair<string, object>> parameters = new List<KeyValuePair<string, object>>(); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldResourceCategory, resourceCategory)); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldResourceId, resourceId)); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldTargetCategory, targetCategory)); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldPermissionItemId, permissionItemId)); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldEnabled, 1)); parameters.Add(new KeyValuePair<string, object>(BasePermissionScopeEntity.FieldDeletionStateCode, 0)); tableName = BasePermissionScopeEntity.TableName; if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode)) { tableName = BaseSystemInfo.SystemCode + "PermissionScope"; } returnValue = DbLogic.GetProperties(dbHelper, tableName, parameters, 0, BasePermissionScopeEntity.FieldTargetId); BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, AppMessage.PermissionService_GetPermissionScopeTargetIds, MethodBase.GetCurrentMethod()); } catch (Exception ex) { BaseExceptionManager.LogException(dbHelper, userInfo, ex); throw ex; } finally { dbHelper.Close(); } } // 写入调试信息 #if (DEBUG) BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart); #endif return returnValue; }
/// <summary> /// 按某个权限获取组织机构 Sql /// </summary> /// <param name="managerUserId">管理用户主键</param> /// <param name="permissionItemCode">权限编号</param> /// <returns>Sql</returns> public string GetOrganizeIdsSql(string managerUserId, string permissionItemCode) { BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper); string permissionItemId = permissionItemManager.GetIdByCode(permissionItemCode); string sqlQuery = string.Empty; sqlQuery = " SELECT " + BasePermissionScopeEntity.FieldTargetId + " FROM " + BasePermissionScopeEntity.TableName // 有效的,并且不为空的组织机构主键 + " WHERE (" + BasePermissionScopeEntity.FieldTargetCategory + " = '" + BaseOrganizeEntity.TableName + "') " + " AND ( " + BasePermissionScopeEntity.TableName + "." + BasePermissionScopeEntity.FieldDeletionStateCode + " = 0) " + " AND ( " + BasePermissionScopeEntity.TableName + "." + BasePermissionScopeEntity.FieldEnabled + " = 1) " + " AND ( " + BasePermissionScopeEntity.TableName + "." + BasePermissionScopeEntity.FieldTargetId + " IS NOT NULL) " // 自己直接由相应权限的组织机构 + " AND ((" + BasePermissionScopeEntity.FieldResourceCategory + " = '" + BaseUserEntity.TableName + "' " + " AND " + BasePermissionScopeEntity.FieldResourceId + " = '" + managerUserId + "')" + " OR (" + BasePermissionScopeEntity.FieldResourceCategory + " = '" + BaseRoleEntity.TableName + "' " + " AND " + BasePermissionScopeEntity.FieldResourceId + " IN ( " // 获得属于那些角色有相应权限的组织机构 + " SELECT " + BaseUserRoleEntity.FieldRoleId + " FROM " + BaseUserRoleEntity.TableName + " WHERE " + BaseUserRoleEntity.FieldUserId + " = '" + managerUserId + "'" + " AND " + BaseUserRoleEntity.FieldDeletionStateCode + " = 0 " + " AND " + BaseUserRoleEntity.FieldEnabled + " = 1" // 修正不会读取用户默认角色权限域范围BUG + " Union SELECT " + BaseUserEntity.FieldRoleId + " FROM " + BaseUserEntity.TableName + " WHERE " + BaseUserEntity.FieldId + " = '" + managerUserId + "'" + " AND " + BaseUserEntity.FieldDeletionStateCode + " = 0 " + " AND " + BaseUserEntity.FieldEnabled + " = 1" + "))) " // 并且是指定的本权限 + " AND (" + BasePermissionScopeEntity.FieldPermissionItemId + " = '" + permissionItemId + "') "; return sqlQuery; }
/// <summary> /// 是否有相应的权限 /// </summary> /// <param name="userId">用户主键</param> /// <param name="permissionItemCode">权限编号</param> /// <param name="permissionItemName">权限名称</param> /// <returns>是否有权限</returns> public bool CheckPermissionByUser(string userId, string permissionItemCode, string permissionItemName = null) { // 若不存在就需要自动能增加一个操作权限项 string tableName = BasePermissionItemEntity.TableName; if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode)) { tableName = BaseSystemInfo.SystemCode + "PermissionItem"; } BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper, UserInfo, tableName); string permissionItemId = permissionItemManager.GetIdByAdd(permissionItemCode, permissionItemName); BasePermissionItemEntity permissionItemEntity = permissionItemManager.GetEntity(permissionItemId); // 先判断用户类别 if (UserInfo.IsAdministrator) { return true; } // 没有找到相应的权限 if (String.IsNullOrEmpty(permissionItemId)) { return false; } // 这里需要判断,是系统权限? bool returnValue = false; BaseUserManager userManager = new BaseUserManager(this.DbHelper, this.UserInfo); if (!string.IsNullOrEmpty(permissionItemEntity.CategoryCode) && permissionItemEntity.CategoryCode.Equals("System")) { // 用户管理员 returnValue = userManager.IsInRoleByCode(userId, "UserAdmin"); if (returnValue) { return returnValue; } } // 这里需要判断,是业务权限? if (!string.IsNullOrEmpty(permissionItemEntity.CategoryCode) && permissionItemEntity.CategoryCode.Equals("Application")) { returnValue = userManager.IsInRoleByCode(userId, "Admin"); if (returnValue) { return returnValue; } } // 判断用户权限 if (this.CheckUserPermission(userId, permissionItemId)) { return true; } // 判断用户角色权限 if (this.CheckUserRolePermission(userId, permissionItemId)) { return true; } // 判断用户组织机构权限,这里有开关是为了提高性能用的, // 下面的函数接着还可以提高性能,可以进行一次判断就可以了,其实不用执行4次判断,浪费I/O,浪费性能。 if (BaseSystemInfo.UseOrganizePermission) { if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.WorkgroupId)) { return true; } else if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.DepartmentId)) { return true; } else if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.SubCompanyId)) { return true; } else if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.CompanyId)) { return true; } } return false; }
/// <summary> /// 获得用户的某个权限范围资源主键数组 /// </summary> /// <param name="userId">用户</param> /// <param name="targetCategory">资源分类</param> /// <param name="permissionItemCode">权限编号</param> /// <returns>主键数组</returns> public string[] GetResourceScopeIds(string userId, string targetCategory, string permissionItemCode) { string tableName = BasePermissionItemEntity.TableName; if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode)) { tableName = BaseSystemInfo.SystemCode + "PermissionItem"; } BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper, UserInfo, tableName); string permissionItemId = permissionItemManager.GetId(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldCode, permissionItemCode)); BaseUserManager userManager = new BaseUserManager(DbHelper, UserInfo); string defaultRoleId = userManager.GetProperty(userId, BaseUserEntity.FieldRoleId); tableName = BaseUserRoleEntity.TableName; if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode)) { tableName = BaseSystemInfo.SystemCode + "UserRole"; } this.CurrentTableName = "BasePermissionScope"; if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode)) { this.CurrentTableName = BaseSystemInfo.SystemCode + "PermissionScope"; } string sqlQuery = string.Empty; sqlQuery = // 用户的权限 " SELECT TargetId " + " FROM " + this.CurrentTableName + " WHERE (" + this.CurrentTableName + ".ResourceCategory = '" + BaseUserEntity.TableName + "') " + " AND (ResourceId = '" + userId + "') " + " AND (TargetCategory = '" + targetCategory + "') " + " AND (PermissionId = '" + permissionItemId + "') " + " AND (Enabled = 1) " + " AND (DeletionStateCode = 0)" + " UNION " // 用户归属的角色的权限 + " SELECT TargetId " + " FROM " + this.CurrentTableName + " WHERE (ResourceCategory = '" + BaseRoleEntity.TableName + "') " + " AND (TargetCategory = '" + targetCategory + "') " + " AND (PermissionId = '" + permissionItemId + "') " + " AND (DeletionStateCode = 0)" + " AND (Enabled = 1) " + " AND ((ResourceId IN ( " + " SELECT RoleId " + " FROM " + tableName + " WHERE (UserId = '" + userId + "') " + " AND (Enabled = 1) " + " AND (DeletionStateCode = 0) ) "; if (!string.IsNullOrEmpty(defaultRoleId)) { // 用户的默认角色 sqlQuery += " OR (ResourceId = '" + defaultRoleId + "')"; } sqlQuery += " ) " + " ) "; DataTable dataTable = DbHelper.Fill(sqlQuery); string[] resourceIds = BaseBusinessLogic.FieldToArray(dataTable, BasePermissionScopeEntity.FieldTargetId); // 按部门获取权限 if (BaseSystemInfo.UseOrganizePermission) { sqlQuery = string.Empty; BaseUserEntity userEntity = new BaseUserManager(this.DbHelper).GetEntity(userId); sqlQuery = " SELECT TargetId " + " FROM " + this.CurrentTableName + " WHERE (" + this.CurrentTableName + ".ResourceCategory = '" + BaseOrganizeEntity.TableName + "') " + " AND (ResourceId = '" + userEntity.CompanyId + "' OR " + " ResourceId = '" + userEntity.DepartmentId + "' OR " + " ResourceId = '" + userEntity.SubCompanyId + "' OR" + " ResourceId = '" + userEntity.WorkgroupId + "') " + " AND (TargetCategory = '" + targetCategory + "') " + " AND (PermissionId = '" + permissionItemId + "') " + " AND (Enabled = 1) " + " AND (DeletionStateCode = 0)"; dataTable = DbHelper.Fill(sqlQuery); string[] resourceIdsByOrganize = BaseBusinessLogic.FieldToArray(dataTable, BasePermissionScopeEntity.FieldTargetId); resourceIds = StringUtil.Concat(resourceIds, resourceIdsByOrganize); } if (targetCategory.Equals(BaseOrganizeEntity.TableName)) { TransformPermissionScope(userId, ref resourceIds, userManager); } return resourceIds; }
/// <summary> /// 判断用户是否有有相应的权限 /// </summary> /// <param name="userId">用户主键</param> /// <param name="permissionItemCode">权限编号</param> /// <returns>有权限</returns> public bool CheckPermission(string userId, string permissionItemCode) { BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper); string permissionItemId = permissionItemManager.GetIdByCode(permissionItemCode); // 没有找到相应的权限 if (String.IsNullOrEmpty(permissionItemId)) { return false; } List<KeyValuePair<string, object>> parameters = new List<KeyValuePair<string, object>>(); parameters.Add(new KeyValuePair<string, object>(BasePermissionEntity.FieldResourceCategory, BaseUserEntity.TableName)); parameters.Add(new KeyValuePair<string, object>(BasePermissionEntity.FieldResourceId, userId)); parameters.Add(new KeyValuePair<string, object>(BasePermissionEntity.FieldEnabled, "1")); return DbLogic.Exists(DbHelper, this.CurrentTableName, parameters); }
/// <summary> /// 按某个权限获取角色 Sql /// </summary> /// <param name="managerUserId">管理用户主键</param> /// <param name="permissionItemCode">权限编号</param> /// <returns>Sql</returns> public string GetRoleIdsSql(string managerUserId, string permissionItemCode) { BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper); string permissionItemId = permissionItemManager.GetIdByCode(permissionItemCode); string sqlQuery = string.Empty; // 被管理的角色 sqlQuery += " SELECT BasePermissionScope.TargetId AS " + BaseBusinessLogic.FieldId + " FROM BasePermissionScope " + " WHERE (BasePermissionScope.TargetId IS NOT NULL " + " AND BasePermissionScope.TargetCategory = '" + BaseRoleEntity.TableName + "' " + " AND ((BasePermissionScope.ResourceCategory = '" + BaseUserEntity.TableName + "' " + " AND BasePermissionScope.ResourceId = '" + managerUserId + "')" // 以及 他所在的角色在管理的角色 + " OR (BasePermissionScope.ResourceCategory = '" + BaseRoleEntity.TableName + "'" + " AND BasePermissionScope.ResourceId IN ( " + " SELECT RoleId " + " FROM " + BaseUserRoleEntity.TableName + " WHERE (" + BaseUserRoleEntity.FieldUserId + " = '" + managerUserId + "' " + " AND " + BaseUserRoleEntity.FieldEnabled + " = 1))))" // 并且是指定的本权限 + " AND " + BasePermissionScopeEntity.FieldPermissionItemId + " = '" + permissionItemId + "')"; // 被管理部门的列表 string[] organizeIds = this.GetOrganizeIds(managerUserId, permissionItemCode); if (organizeIds.Length > 0) { string organizes = BaseBusinessLogic.ObjectsToList(organizeIds); if (!String.IsNullOrEmpty(organizes)) { // 被管理的组织机构包含的角色 sqlQuery += " UNION " + " SELECT " + BaseRoleEntity.TableName + "." + BaseRoleEntity.FieldId + " AS " + BaseBusinessLogic.FieldId + " FROM " + BaseRoleEntity.TableName + " WHERE " + BaseRoleEntity.TableName + "." + BaseRoleEntity.FieldEnabled + " = 1 " + " AND " + BaseRoleEntity.TableName + "." + BaseRoleEntity.FieldDeletionStateCode + " = 0 " + " AND " + BaseRoleEntity.TableName + "." + BaseRoleEntity.FieldOrganizeId + " IN (" + organizes + ") "; } } return sqlQuery; }
// // ResourcePermission 权限判断 // #region public bool CheckPermissionByUser(string userId, string permissionItemCode, string permissionItemName = null) 是否有相应的权限 /// <summary> /// 是否有相应的权限 /// </summary> /// <param name="userId">用户主键</param> /// <param name="permissionItemCode">权限编号</param> /// <param name="permissionItemName">权限名称</param> /// <returns>是否有权限</returns> public bool CheckPermissionByUser(string userId, string permissionItemCode, string permissionItemName = null) { // 若不存在就需要自动能增加一个操作权限项 string tableName = BasePermissionItemEntity.TableName; if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode)) { tableName = BaseSystemInfo.SystemCode + "PermissionItem"; } BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper, UserInfo, tableName); string permissionItemId = permissionItemManager.GetIdByAdd(permissionItemCode, permissionItemName); BasePermissionItemEntity permissionItemEntity = permissionItemManager.GetEntity(permissionItemId); // 先判断用户类别 if (UserInfo.IsAdministrator) { return(true); } // 没有找到相应的权限 if (String.IsNullOrEmpty(permissionItemId)) { return(false); } // 这里需要判断,是系统权限? bool returnValue = false; BaseUserManager userManager = new BaseUserManager(this.DbHelper, this.UserInfo); if (!string.IsNullOrEmpty(permissionItemEntity.CategoryCode) && permissionItemEntity.CategoryCode.Equals("System")) { // 用户管理员 returnValue = userManager.IsInRoleByCode(userId, "UserAdmin"); if (returnValue) { return(returnValue); } } // 这里需要判断,是业务权限? if (!string.IsNullOrEmpty(permissionItemEntity.CategoryCode) && permissionItemEntity.CategoryCode.Equals("Application")) { returnValue = userManager.IsInRoleByCode(userId, "Admin"); if (returnValue) { return(returnValue); } } // 判断用户权限 if (this.CheckUserPermission(userId, permissionItemId)) { return(true); } // 判断用户角色权限 if (this.CheckUserRolePermission(userId, permissionItemId)) { return(true); } // 判断用户组织机构权限,这里有开关是为了提高性能用的, // 下面的函数接着还可以提高性能,可以进行一次判断就可以了,其实不用执行4次判断,浪费I/O,浪费性能。 if (BaseSystemInfo.UseOrganizePermission) { if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.WorkgroupId)) { return(true); } else if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.DepartmentId)) { return(true); } else if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.SubCompanyId)) { return(true); } else if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.CompanyId)) { return(true); } } return(false); }
/// <summary> /// 授予用户模块的权限范围 /// </summary> /// <param name="userInfo">用户</param> /// <param name="userId">用户主键</param> /// <param name="grantModuleIds">授予模块主键数组</param> /// <returns>影响的行数</returns> public int GrantUserModuleScopes(BaseUserInfo userInfo, string userId, string permissionScopeItemCode, string[] grantModuleIds) { // 写入调试信息 #if (DEBUG) int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod()); #endif // 加强安全验证防止未授权匿名调用 #if (!DEBUG) LogOnService.UserIsLogOn(userInfo); #endif int returnValue = 0; using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType)) { try { dbHelper.Open(UserCenterDbConnection); string tableName = BasePermissionScopeEntity.TableName; if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode)) { tableName = BaseSystemInfo.SystemCode + "PermissionScope"; } BaseUserScopeManager userPermissionScopeManager = new BaseUserScopeManager(dbHelper, userInfo, tableName); // 小心异常,检查一下参数的有效性 if (grantModuleIds != null) { BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(dbHelper, userInfo); returnValue += userPermissionScopeManager.GrantModules(userId, permissionScopeItemCode, grantModuleIds); } BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, AppMessage.PermissionService_GrantUserModuleScopes, MethodBase.GetCurrentMethod()); } catch (Exception ex) { BaseExceptionManager.LogException(dbHelper, userInfo, ex); throw ex; } finally { dbHelper.Close(); } } // 写入调试信息 #if (DEBUG) BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart); #endif return returnValue; }