// list acls I share to other public List <CACLEntity> ListMyAcls() { String filter = "this.Acl_Creator=" + Usr_Id.ToString(); List <CACLEntity> userAcls = new CACLEntity(ConnString).GetObjectList(filter); return(userAcls); }
/// <summary> /// 批准归档申请——赵英武 /// </summary> /// <param name="apply"></param> /// <param name="archiveResource"></param> public void PermitApply(int apply, int archiveResource) { CACLEntity acl = new CACLEntity(); acl.Acl_Operation = (int)ACLOPERATION.AUDITAPPLY; acl.Acl_Resource = this.Usr_Organize; if (!CheckPrivilege(acl)) { throw new Exception("没有管理归档申请的权限!"); } CApplyEntity aRes = new CApplyEntity().Load(apply); if (aRes.App_Audited == (int)AUDITE.AUDITED || aRes.App_Audited == (int)AUDITE.UNAUDITED) { throw new Exception("该资源已审核!"); } try { this.CopyResource(aRes.App_ResId, archiveResource); aRes.Permit(); } catch (Exception ex) { throw (ex); } }
public void DeleteACLs() { String filter = "this.Acl_Resource=" + Res_Id; CACLEntity en = new CACLEntity(ConnString); en.Delete(filter); }
public COrganizeEntity CreateOrganize(String organizeName) { try { // Check privilege CACLEntity acl = new CACLEntity(); acl.Acl_Resource = 0; acl.Acl_Operation = (int)ACLOPERATION.CREATEORGANIZE; if (!CheckPrivilege(acl)) { throw new Exception("当前用户无创建组织权限"); } // create resource for this organize CResourceEntity res = new CResourceEntity(ConnString); res.Res_Name = organizeName; res.Res_Parent = 0; res.Res_Type = (int)RESOURCETYPE.ORGANIZERESOURCE; res.Res_Id = res.Insert(); // create default storage folder named as organize resource id String organizePath = Path.Combine(MidLayerSettings.AppPath, res.Res_Id.ToString() + organizeName); Directory.CreateDirectory(organizePath); // create resource for default folder of organize CResourceEntity folderRes = new CResourceEntity(ConnString); folderRes.Res_Name = res.Res_Id.ToString() + organizeName; folderRes.Res_Parent = 0; folderRes.Res_Type = (int)RESOURCETYPE.FOLDERRESOURCE; folderRes.Res_Id = folderRes.Insert(); // Create organize entity COrganizeEntity organize = new COrganizeEntity(ConnString); organize.Org_Name = organizeName; //organize = res.Res_Id; organize.Org_Resource = res.Res_Id; organize.Insert(); // create archive folder for organzie String archivePath = Path.Combine(organizePath, "Archive"); Directory.CreateDirectory(archivePath); // create resource for archive folder CResourceEntity archiveRes = new CResourceEntity(ConnString); archiveRes.Res_Name = "Archive"; archiveRes.Res_Parent = folderRes.Res_Id; archiveRes.Res_Type = (int)RESOURCETYPE.FOLDERRESOURCE; archiveRes.Res_Id = archiveRes.Insert(); organize.Org_ArchiveRes = archiveRes.Res_Id; organize.Update(); return(organize); } catch (Exception ex) { throw (ex); } }
public List <CACLEntity> ListMyAcls(int sharedResource) { String filter = "this.Acl_Creator=" + Usr_Id.ToString(); filter += " and this.Acl_Resource=" + sharedResource.ToString(); List <CACLEntity> userAcls = new CACLEntity(ConnString).GetObjectList(filter); return(userAcls); }
public List <CACLEntity> GetUserACLs() { String filter = "this.Acl_Role=" + Usr_Id.ToString(); filter += " and this.Acl_RType=" + ((int)ACLROLETYPE.USERROLE).ToString(); List <CACLEntity> userAcls = new CACLEntity(ConnString).GetObjectList(filter); return(userAcls); }
public void Permit(int userId, ACLROLETYPE roleType, int resourceId, ACLOPERATION operation) { // user have to have write privilege on resource CACLEntity acl = new CACLEntity(); acl.Acl_Resource = resourceId; acl.Acl_Operation = (int)ACLOPERATION.WRITE; if (!CheckPrivilege(acl)) { throw new Exception("没有写权限"); } List <CACLEntity> userAcls = new List <CACLEntity>(); if (roleType == ACLROLETYPE.USERROLE) { CUserEntity user = new CUserEntity(ConnString).Load(userId); userAcls = user.GetUserACLs(); } else if (roleType == ACLROLETYPE.GROUPROLE) { CGroupEntity group = new CGroupEntity(ConnString).Load(userId); userAcls = group.GetGroupACLs(); } // check if this acl conflicts with others CResourceEntity resource = new CResourceEntity(ConnString).Load(resourceId); foreach (CACLEntity userAcl in userAcls) { if (resource.IsChild(userAcl.Acl_Resource) && userAcl.Acl_Operation == (int)operation) { throw new Exception("与其他权限冲突"); } } // create acl CACLEntity acl1 = new CACLEntity(ConnString); acl1.Acl_Resource = resourceId; acl1.Acl_Role = userId; acl1.Acl_RType = (int)roleType; acl1.Acl_Operation = (int)operation; acl1.Acl_Creator = this.Usr_Id; acl1.Acl_CreateTime = DateTime.Now; acl1.Insert(); // remove all child privileges foreach (CACLEntity ua in userAcls) { resource = new CResourceEntity(ConnString).Load(ua.Acl_Resource); if (resource.IsChild(resourceId) && ua.Acl_Operation == (int)operation) { ua.Delete(); } } }
public List <CACLEntity> GetGroupACLs() { String filter = "this.Acl_Role=" + Grp_Id.ToString(); filter += " and this.Acl_RType=" + ((int)ACLROLETYPE.GROUPROLE).ToString(); List <CACLEntity> acls = new CACLEntity(ConnString).GetObjectList(filter); return(acls); }
// newUser.Usr_Organize neend be set public CUserEntity CreateAdminlUser(CUserEntity newUser) { try { // Check privilege CACLEntity acl = new CACLEntity(); acl.Acl_Operation = (int)ACLOPERATION.CRETAEORGANIZEADMIN; acl.Acl_Resource = Usr_Organize; if (!CheckPrivilege(acl)) { throw new Exception("当前用户无创建管理员用户权限"); } // create admin newUser.Usr_Type = (int)USERTYPE.ORGANIZEADMIN; CUserEntity user = CreateUser(newUser); // add acls to admin, organize acl, root dir acl COrganizeEntity organize = new COrganizeEntity(ConnString); organize = organize.Load(user.Usr_Organize); /* * CACLEntity acl1 = new CACLEntity(ConnString); * acl1.Acl_CreateTime = DateTime.Now; * acl1.Acl_Creator = Usr_Id; * acl1.Acl_Operation = 0; * acl1.Acl_Resource = organize.Org_Id; * acl1.Acl_Role = user.Usr_Id; * acl1.Acl_RType = (int)ACLROLETYPE.USERROLE; * acl1.Acl_Id = acl1.Insert(); */ CACLEntity acl2 = new CACLEntity(ConnString); acl2.Acl_CreateTime = DateTime.Now; acl2.Acl_Creator = Usr_Id; acl2.Acl_Operation = (int)ACLOPERATION.WRITE; acl2.Acl_Resource = organize.Org_Resource; acl2.Acl_Role = user.Usr_Id; acl2.Acl_RType = (int)ACLROLETYPE.USERROLE; acl2.Acl_Id = acl2.Insert(); CACLEntity acl3 = new CACLEntity(ConnString); acl3.Acl_CreateTime = DateTime.Now; acl3.Acl_Creator = Usr_Id; acl3.Acl_Operation = (int)ACLOPERATION.READ; acl3.Acl_Resource = organize.Org_Resource; acl3.Acl_Role = user.Usr_Id; acl3.Acl_RType = (int)ACLROLETYPE.USERROLE; acl3.Acl_Id = acl3.Insert(); return(user); } catch (Exception e) { throw e; } }
public void ModifyGroup(CGroupEntity group) { // Check privilege CACLEntity acl = new CACLEntity(); acl.Acl_Operation = (int)ACLOPERATION.CREATENORMALUSER; acl.Acl_Resource = Usr_Organize; if (!CheckPrivilege(acl)) { throw new Exception("当前用户无修改用户组权限"); } group.ConnString = ConnString; group.Update(); }
public void ModifyUser(CUserEntity user) { // Check privilege CACLEntity acl = new CACLEntity(); acl.Acl_Operation = (int)ACLOPERATION.CREATENORMALUSER; acl.Acl_Resource = Usr_Organize; if (!CheckPrivilege(acl)) { throw new Exception("当前用户无修改用户权限"); } user.ConnString = ConnString; user.Update(); }
// List all Descendants of root that current user can read public List <CResourceEntity> ListDescendants(int root) { CACLEntity acl1 = new CACLEntity(ConnString); acl1.Acl_Resource = root; acl1.Acl_Operation = (int)ACLOPERATION.READ; CResourceEntity parent = new CResourceEntity(ConnString).Load(root); if (CheckPrivilege(acl1)) { return(parent.ListChildResources()); } List <CResourceEntity> resources = new List <CResourceEntity>(); List <CACLEntity> acls = GetAllACLs(); foreach (CACLEntity acl in acls) { if (acl.Acl_Operation != (int)ACLOPERATION.READ && acl.Acl_Operation != (int)ACLOPERATION.WRITE) { continue; } CResourceEntity res = new CResourceEntity(ConnString).Load(acl.Acl_Resource); if (res.Res_Type != (int)RESOURCETYPE.FILERESOURCE && res.Res_Type != (int)RESOURCETYPE.FOLDERRESOURCE) { continue; } bool existed = false; foreach (CResourceEntity r in resources) { if (r.Res_Id == res.Res_Id) { existed = true; break; } } if (!existed && res.IsChild(parent.Res_Id)) { resources.Add(res); } } return(resources); }
public void DeleteGroup(int groupId) { // Check privilege CACLEntity acl = new CACLEntity(); acl.Acl_Operation = (int)ACLOPERATION.CREATENORMALUSER; acl.Acl_Resource = Usr_Organize; if (!CheckPrivilege(acl)) { throw new Exception("当前用户无修改用户组权限"); } CGroupEntity group = new CGroupEntity(ConnString).Load(groupId); group.Delete(); }
public void DeleteUser(int userId) { // Check privilege CACLEntity acl = new CACLEntity(); acl.Acl_Operation = (int)ACLOPERATION.CREATENORMALUSER; acl.Acl_Resource = Usr_Organize; if (!CheckPrivilege(acl)) { throw new Exception("当前用户无删除用户权限"); } CUserEntity user = new CUserEntity(ConnString).Load(userId); user.Delete(); }
public void RemoveUserFromGroup(int groupId, int userId) { // Check privilege CACLEntity acl = new CACLEntity(); acl.Acl_Operation = (int)ACLOPERATION.CREATENORMALUSER; acl.Acl_Resource = Usr_Organize; if (!CheckPrivilege(acl)) { throw new Exception("当前用户无修改用户组权限"); } String filter = "this.Urg_Group=" + groupId + " and this.Urg_User=" + userId; new CUserGroupEntity(ConnString).Delete(filter); }
public void Deny(int userId, ACLROLETYPE roleType, int resourceId, ACLOPERATION operation) { // user have to have write privilege on resource CACLEntity acl = new CACLEntity(); acl.Acl_Resource = resourceId; acl.Acl_Operation = (int)ACLOPERATION.WRITE; if (!CheckPrivilege(acl)) { throw new Exception("没有写权限"); } String filter = "this.Acl_Resource=" + resourceId + " and this.Acl_Operation=" + (int)operation; filter += " and this.Acl_Role=" + userId + " and this.Acl_RType=" + (int)roleType; new CACLEntity(ConnString).Delete(filter); }
public void CutResource(int srcResId, int dstResId) { // copy resource CACLEntity acl = new CACLEntity(ConnString); acl.Acl_Resource = srcResId; acl.Acl_Operation = (int)ACLOPERATION.WRITE; if (!CheckPrivilege(acl)) { throw new Exception("没有写权限!"); } acl.Acl_Resource = dstResId; acl.Acl_Operation = (int)ACLOPERATION.WRITE; if (!CheckPrivilege(acl)) { throw new Exception("没有写权限!"); } CResourceEntity srcRes = new CResourceEntity(ConnString).Load(srcResId); CResourceEntity dstRes = new CResourceEntity(ConnString).Load(dstResId); String srcPath = srcRes.MakeFullPath(); if (dstRes.Res_Type != (int)RESOURCETYPE.FOLDERRESOURCE) { throw new Exception("粘贴的目标必须是目录!"); } srcRes.MoveTo(dstRes); // cut folder/file String dstPath = dstRes.MakeFullPath(); dstPath = Path.Combine(dstPath, srcRes.Res_Name); if (Directory.Exists(dstPath) || File.Exists(dstPath)) { throw new Exception(dstPath + "与现有文件名冲突!"); } if (srcRes.Res_Type == (int)RESOURCETYPE.FILERESOURCE) { File.Move(srcPath, dstPath); } else { Directory.Move(srcPath, dstPath); } }
public void AddUser2Group(int groupId, int userId) { // Check privilege CACLEntity acl = new CACLEntity(); acl.Acl_Operation = (int)ACLOPERATION.CREATENORMALUSER; acl.Acl_Resource = Usr_Organize; if (!CheckPrivilege(acl)) { throw new Exception("当前用户无修改用户组权限"); } CUserGroupEntity userGroup = new CUserGroupEntity(ConnString); userGroup.Urg_Group = groupId; userGroup.Urg_User = userId; userGroup.Insert(); }
// List all children that current user can read public List <CResourceEntity> ListResources(int parentId) { CACLEntity acl = new CACLEntity(ConnString); acl.Acl_Resource = parentId; acl.Acl_Operation = (int)ACLOPERATION.READ; List <CResourceEntity> files = new List <CResourceEntity>(); if (!CheckPrivilege(acl)) { return(files); } CResourceEntity parent = new CResourceEntity(ConnString).Load(parentId); return(parent.ListChildResources()); }
/// <summary> /// 用户订阅文档——赵英武 /// </summary> /// <param name="resId"></param> public void BookRead(int resId) { CACLEntity acl = new CACLEntity(); acl.Acl_Resource = resId; acl.Acl_Operation = (int)ACLOPERATION.READ; if (!CheckPrivilege(acl)) { throw new Exception("没有阅读权限!"); } CMailEntity book = new CMailEntity(); book.M_Organize = this.Usr_Organize; book.M_Resource = resId; book.M_UsrId = this.Usr_Id; book.M_UsrMail = this._Usr_Email; book.Insert(); }
public void DeleteResource(int resourceId) { CACLEntity acl = new CACLEntity(ConnString); acl.Acl_Resource = resourceId; acl.Acl_Operation = (int)ACLOPERATION.WRITE; if (!CheckPrivilege(acl)) { throw new Exception("没有写权限"); } CResourceEntity res = new CResourceEntity(ConnString).Load(resourceId); res.Remove(); CMailEntity mailRes = new CMailEntity(); mailRes.Remove("this.M_Resource ='" + resourceId + "'"); }
public CUserEntity CreateNormalUser(CUserEntity newUser) { try { // Check privilege CACLEntity acl = new CACLEntity(); acl.Acl_Operation = (int)ACLOPERATION.CREATENORMALUSER; acl.Acl_Resource = Usr_Organize; if (!CheckPrivilege(acl)) { throw new Exception("当前用户无创建新用户权限"); } // create user newUser.Usr_Type = (int)USERTYPE.NORMALUSER; CUserEntity user = CreateUser(newUser); // add acl to user CACLEntity acl2 = new CACLEntity(ConnString); acl2.Acl_CreateTime = DateTime.Now; acl2.Acl_Creator = Usr_Id; acl2.Acl_Operation = (int)ACLOPERATION.WRITE; acl2.Acl_Resource = user.Usr_Resource; acl2.Acl_Role = user.Usr_Id; acl2.Acl_RType = (int)ACLROLETYPE.USERROLE; acl2.Acl_Id = acl2.Insert(); CACLEntity acl1 = new CACLEntity(ConnString); acl1.Acl_CreateTime = DateTime.Now; acl1.Acl_Creator = Usr_Id; acl1.Acl_Operation = (int)ACLOPERATION.READ; acl1.Acl_Resource = user.Usr_Resource; acl1.Acl_Role = user.Usr_Id; acl1.Acl_RType = (int)ACLROLETYPE.USERROLE; acl1.Acl_Id = acl1.Insert(); return(user); } catch (Exception e) { throw e; } }
// return new resource id public CResourceEntity CreateFile(int parentId, String fileName, out String filePath) { CACLEntity acl = new CACLEntity(); acl.Acl_Resource = parentId; acl.Acl_Operation = (int)ACLOPERATION.WRITE; if (!CheckPrivilege(acl)) { throw new Exception("没有写权限"); } // create folder CResourceEntity parent = new CResourceEntity(MidLayerSettings.ConnectionString).Load(parentId); if (parent == null) { throw new Exception("无法找到资源. ID=" + parentId); } String path = parent.MakeFullPath(); if (!Directory.Exists(path)) { throw new Exception("目录不存在: " + path); } path = Path.Combine(path, fileName); if (Directory.Exists(path) || File.Exists(path)) { throw new Exception("名称冲突: " + path); } filePath = path; // create resource CResourceEntity res = new CResourceEntity(ConnString); res.Res_Name = fileName; res.Res_Type = (int)RESOURCETYPE.FILERESOURCE; parent.CreateChildResource(res); return(res); }
/// <summary> /// 不批准归档申请——赵英武 /// </summary> /// <param name="apply"></param> public void CancelApply(int apply) { CACLEntity acl = new CACLEntity(); acl.Acl_Operation = (int)ACLOPERATION.AUDITAPPLY; acl.Acl_Resource = this.Usr_Organize; if (!CheckPrivilege(acl)) { throw new Exception("没有管理归档申请的权限!"); } CApplyEntity aRes = new CApplyEntity().Load(apply); if (aRes.App_Audited == (int)AUDITE.UNAUDITED || aRes.App_Audited == (int)AUDITE.AUDITED) { throw new Exception("该资源已审核!"); } aRes.Cancel(); }
/// <summary> /// 更新文件——赵英武 /// </summary> /// <param name="resId"></param> /// <param name="fileName"></param> /// <param name="filePath"></param> /// <returns></returns> public CResourceEntity UpdateFile(int resId, String fileName, out String filePath) { CACLEntity acl = new CACLEntity(); acl.Acl_Resource = resId; acl.Acl_Operation = (int)ACLOPERATION.WRITE; if (!CheckPrivilege(acl)) { throw new Exception("没有写权限"); } CResourceEntity res = new CResourceEntity().Load(resId); string path = res.MakeFullPath(); if (!System.IO.File.Exists(path)) { throw new Exception("要更新的文件不存在!"); } filePath = path; res.Res_Name = fileName; res.Update(); return(res); }
public bool CheckPrivilege(CACLEntity acl) { // system admin has all privileges if (Usr_Type == (int)USERTYPE.SYSTEMADMIN) { return(true); } // if resourceid of acl is 0, it's a system management // and no users have the privilege except system admin if (acl.Acl_Resource == 0) { return(false); } // if resourceid is the organize id of current user, // the user must be system admin if (acl.Acl_Resource == this.Usr_Organize) { if (this.Usr_Type == (int)USERTYPE.ORGANIZEADMIN) { return(true); } else { return(false); } } // get all groups containing current user String filter = "this.Urg_User="******"this.Acl_Operation=" + acl.Acl_Operation.ToString(); filter += " and this.Acl_Resource=" + resId.ToString(); filter += " and this.Acl_Role=" + Usr_Id.ToString(); filter += " and this.Acl_RType=" + ((int)ACLROLETYPE.USERROLE).ToString(); List <CACLEntity> acls = acl.GetObjectList(filter); if (acls.Count > 0) { return(true); } // check if user's groups have right on this resource foreach (CUserGroupEntity ug in userGroups) { filter = "this.Acl_Operation=" + acl.Acl_Operation.ToString(); filter += " and this.Acl_Resource=" + resId.ToString(); filter += " and this.Acl_Role=" + ug.Urg_Group.ToString(); filter += " and this.Acl_RType=" + ((int)ACLROLETYPE.GROUPROLE).ToString(); acls = acl.GetObjectList(filter); if (acls.Count > 0) { return(true); } } // get parent id of this resource CResourceEntity resource = new CResourceEntity(ConnString).Load(resId); if (resource == null) { break; } else { resId = resource.Res_Parent; } } return(false); }