/// <summary> /// 是否有相应的权限 /// </summary> /// <param name="userId">用户主键</param> /// <param name="permissionItemCode">权限编号</param> /// <param name="permissionItemName">权限名称</param> /// <returns>是否有权限</returns> public bool CheckPermissionByUser(string userId, string permissionItemCode, string permissionItemName = null) { // 若不存在就需要自动能增加一个操作权限项 string tableName = BasePermissionItemEntity.TableName; if (!string.IsNullOrEmpty(BaseSystemInfo.SystemCode)) { tableName = BaseSystemInfo.SystemCode + "PermissionItem"; } BasePermissionItemManager permissionItemManager = new BasePermissionItemManager(DbHelper, UserInfo, tableName); string permissionItemId = permissionItemManager.GetIdByAdd(permissionItemCode, permissionItemName); BasePermissionItemEntity permissionItemEntity = permissionItemManager.GetEntity(permissionItemId); // 先判断用户类别 if (UserInfo.IsAdministrator) { return true; } // 没有找到相应的权限 if (String.IsNullOrEmpty(permissionItemId)) { return false; } // 这里需要判断,是系统权限? bool returnValue = false; BaseUserManager userManager = new BaseUserManager(this.DbHelper, this.UserInfo); if (!string.IsNullOrEmpty(permissionItemEntity.CategoryCode) && permissionItemEntity.CategoryCode.Equals("System")) { // 用户管理员 returnValue = userManager.IsInRoleByCode(userId, "UserAdmin"); if (returnValue) { return returnValue; } } // 这里需要判断,是业务权限? if (!string.IsNullOrEmpty(permissionItemEntity.CategoryCode) && permissionItemEntity.CategoryCode.Equals("Application")) { returnValue = userManager.IsInRoleByCode(userId, "Admin"); if (returnValue) { return returnValue; } } // 判断用户权限 if (this.CheckUserPermission(userId, permissionItemId)) { return true; } // 判断用户角色权限 if (this.CheckUserRolePermission(userId, permissionItemId)) { return true; } // 判断用户组织机构权限,这里有开关是为了提高性能用的, // 下面的函数接着还可以提高性能,可以进行一次判断就可以了,其实不用执行4次判断,浪费I/O,浪费性能。 if (BaseSystemInfo.UseOrganizePermission) { if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.WorkgroupId)) { return true; } else if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.DepartmentId)) { return true; } else if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.SubCompanyId)) { return true; } else if (this.CheckUserOrganizePermission(userId, permissionItemId, this.UserInfo.CompanyId)) { return true; } } return false; }
/// <summary> /// 获得用户授权范围 /// </summary> /// <param name="staffId">员工主键</param> /// <returns>数据表</returns> public DataTable GetDataTableByUser(string userId, string permissionItemCode) { DataTable returnValue = new DataTable(this.CurrentTableName); List<KeyValuePair<string, object>> parameters = new List<KeyValuePair<string, object>>(); // 这里需要判断,是系统权限? bool isRole = false; BaseUserManager userManager = new BaseUserManager(this.DbHelper, this.UserInfo); // 用户管理员 isRole = userManager.IsInRoleByCode(userId, "UserAdmin"); if (isRole) { parameters.Add(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldCategoryCode, "System")); parameters.Add(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldEnabled, 1)); parameters.Add(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldDeletionStateCode, 0)); returnValue = this.GetDataTable(parameters, BasePermissionItemEntity.FieldSortCode); returnValue.TableName = this.CurrentTableName; return returnValue; } // 这里需要判断,是业务权限? isRole = userManager.IsInRoleByCode(userId, "Admin"); if (isRole) { parameters = new List<KeyValuePair<string, object>>(); parameters.Add(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldCategoryCode, "Application")); parameters.Add(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldEnabled, 1)); parameters.Add(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldDeletionStateCode, 0)); returnValue = this.GetDataTable(parameters, BasePermissionItemEntity.FieldSortCode); returnValue.TableName = this.CurrentTableName; return returnValue; } BasePermissionScopeManager permissionScopeManager = new BasePermissionScopeManager(DbHelper, UserInfo); string[] permissionItemIds = permissionScopeManager.GetTreeResourceScopeIds(userId, BasePermissionItemEntity.TableName, permissionItemCode, true); // 有效的,未被删除的 parameters = new List<KeyValuePair<string, object>>(); parameters.Add(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldId, permissionItemIds)); parameters.Add(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldEnabled, 1)); parameters.Add(new KeyValuePair<string, object>(BasePermissionItemEntity.FieldDeletionStateCode, 0)); returnValue = this.GetDataTable(parameters, BasePermissionItemEntity.FieldSortCode); returnValue.TableName = this.CurrentTableName; return returnValue; }
/// <summary> /// 用户是否在指定的角色里 /// </summary> /// <param name="userInfo">用户</param> /// <param name="UserId">用户主键</param> /// <param name="roleName">角色名称</param> /// <returns>在角色里</returns> public bool IsInRole(BaseUserInfo userInfo, string userId, string roleName) { // 写入调试信息 #if (DEBUG) int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod()); #endif // 加强安全验证防止未授权匿名调用 #if (!DEBUG) LogOnService.UserIsLogOn(userInfo); #endif bool returnValue = false; using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType)) { try { dbHelper.Open(UserCenterDbConnection); // 先获得角色主键 BaseRoleManager roleManager = new BaseRoleManager(dbHelper, userInfo); string roleCode = roleManager.GetProperty(new KeyValuePair<string, object>(BaseRoleEntity.FieldRealName, roleName), BaseRoleEntity.FieldCode); // 判断用户的默认角色 if (!string.IsNullOrEmpty(roleCode)) { BaseUserManager userManager = new BaseUserManager(dbHelper, userInfo); returnValue = userManager.IsInRoleByCode(userId, roleCode); } BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, AppMessage.PermissionService_IsInRole, MethodBase.GetCurrentMethod()); } catch (Exception ex) { BaseExceptionManager.LogException(dbHelper, userInfo, ex); throw ex; } finally { dbHelper.Close(); } } // 写入调试信息 #if (DEBUG) BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart); #endif return returnValue; }
/// <summary> /// 按某个权限获取员工 数据表 /// </summary> /// <param name="userId">管理用户主键</param> /// <param name="permissionItemCode">权限编号</param> /// <returns>数据表</returns> public DataTable GetUserDT(string userId, string permissionItemCode) { //string[] names = null; //object[] values = null; DataTable returnValue = new DataTable(BaseRoleEntity.TableName); // 这里需要判断,是系统权限? bool isRole = false; BaseUserManager userManager = new BaseUserManager(this.DbHelper, this.UserInfo); // 用户管理员,这里需要判断,是业务权限? isRole = userManager.IsInRoleByCode(userId, "UserAdmin") || userManager.IsInRoleByCode(userId, "Admin"); if (isRole) { BaseUserManager manager = new BaseUserManager(this.DbHelper, this.UserInfo); List<KeyValuePair<string, object>> parameters = new List<KeyValuePair<string, object>>(); parameters.Add(new KeyValuePair<string, object>(BaseUserEntity.FieldIsVisible, 1)); parameters.Add(new KeyValuePair<string, object>(BaseUserEntity.FieldEnabled, 1)); parameters.Add(new KeyValuePair<string, object>(BaseUserEntity.FieldDeletionStateCode, 0)); returnValue = manager.GetDataTable(parameters, BaseModuleEntity.FieldSortCode); returnValue.TableName = this.CurrentTableName; return returnValue; } string sqlQuery = string.Empty; sqlQuery = " SELECT * FROM " + BaseUserEntity.TableName; sqlQuery += " WHERE " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldDeletionStateCode + " = 0 " + " AND " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldIsVisible + " = 1 " + " AND " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldEnabled + " = 1 " + " AND " + BaseUserEntity.TableName + "." + BaseUserEntity.FieldId + " IN (" + this.GetUserIdsSql(userId, permissionItemCode) + " ) " + " ORDER BY " + BaseUserEntity.FieldSortCode; return DbHelper.Fill(sqlQuery); }
/// <summary> /// 用户是否在某个角色里的判断 /// </summary> /// <param name="userInfo">用户</param> /// <param name="userId">用户主键</param> /// <param name="roleCode">角色编号</param> /// <returns>存在</returns> public bool UserIsInRole(BaseUserInfo userInfo, string userId, string roleCode) { // 写入调试信息 #if (DEBUG) int milliStart = BaseBusinessLogic.StartDebug(userInfo, MethodBase.GetCurrentMethod()); #endif // 加强安全验证防止未授权匿名调用 #if (!DEBUG) LogOnService.UserIsLogOn(userInfo); #endif bool returnValue = false; using (IDbHelper dbHelper = DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType)) { try { dbHelper.Open(UserCenterDbConnection); BaseUserManager userManager = new BaseUserManager(dbHelper, userInfo); returnValue = userManager.IsInRoleByCode(userId, roleCode); BaseLogManager.Instance.Add(dbHelper, userInfo, this.serviceName, AppMessage.UserService_UserInRole, MethodBase.GetCurrentMethod()); } catch (Exception ex) { BaseExceptionManager.LogException(dbHelper, userInfo, ex); throw ex; } finally { dbHelper.Close(); } } // 写入调试信息 #if (DEBUG) BaseBusinessLogic.EndDebug(MethodBase.GetCurrentMethod(), milliStart); #endif return returnValue; }