protected void Page_Load(object sender, EventArgs e) { PageBar1.PageSize = NowPageCount();// UIBiz.CommonInfo.PageCount; PageBar2.PageSize = NowPageCount(); //UIBiz.CommonInfo.PageCount; isChangePageSize = this.Search_ReSetPageSize1.isChangePageSize; string showCata = Request.QueryString["showCata"] == null ? "" : Request.QueryString["showCata"]; this.catalogID = Request.QueryString["CatalogID"] == null ? "00000000-0000-0000-0000-000000000000" : Request.QueryString["CatalogID"].ToString(); //分类检索 if (showCata == "1") { List<ObjectRule> rules = new List<ObjectRule>(1); ISecurityObject securityObj = new SecurityObject(new Guid(this.catalogID), SecurityObjectType.Items); ObjectRule or = new ObjectRule(securityObj, new User(CurrentUser.UserId), OperatorMethod.Deny); rules.Add(or); ObjectRule.CheckRules(rules); // if (!Catalog.GetCataRight(CurrentUser.UserId, new Guid(this.catalogID))) if (rules[0].IsValidate) { ShowMessage("您没有权限浏览此分类!"); Response.Redirect(FormsAuthentication.DefaultUrl, true); } // this.cataNav.Visible = true; this.BindCataNav(); } //关键字或高级搜索 else { this.keyword = Request.QueryString["keyword"] == null ? "" : Request.QueryString["keyword"].ToString(); this.keyword = Server.UrlDecode(this.keyword); this.beginDate = Request.QueryString["BeginDate"].ToString();//上传时间起始日期 this.endDate = Request.QueryString["EndDate"].ToString();//上传时间结束日期 // this.cataNav.Visible = false; ; } if (isChangePageSize == "1") { this.Search_ReSetPageSize1.isChangePageSize = string.Empty; _curpage = 0; } if (!Page.IsPostBack || isChangePageSize == "1") { BindData(PageBar1.PageSize, _curpage); } }
/// <summary> /// ÉèÖÃRule /// </summary> /// <param name="rules"></param> public static bool SetRules(List<ObjectRule> rules, SecurityObject secObj, System.Collections.ArrayList opers) { QJVRMS.Common.SerializeObjectFactory sof = new QJVRMS.Common.SerializeObjectFactory(); string rulesStr = sof.SerializeToBase64(rules); string secObjStr = sof.SerializeToBase64(secObj); string opersStr = sof.SerializeToBase64(opers); return SetRules(rulesStr, secObjStr, opersStr); //string sqlRuleFormat = "insert into AccessControlLIst (ObjectId,ObjectType,OperatorId,OperatorMethod)" // + " values ('{0}',{1},'{2}',{3});"; //StringBuilder sqlBuilder = new StringBuilder(); //sqlBuilder.Append("Begin Tran Begin try {0}"); //string sqlRuleDelFormat = "Delete from AccessControlLIst Where ObjectId='{0}' and OperatorId='{1}';"; //StringBuilder sqlDelBuilder = new StringBuilder(); //if (rules.Count != 0) //{ // foreach (IRule rule in rules) // { // string sqlTemp = string.Empty; // string objId = rule.SecurityObject.ObjectId.ToString(); // string objType = ((int)rule.SecurityObject.ObjectType).ToString(); // string operId = rule.Operator.OperatorId.ToString(); // string method = ((int)rule.Method).ToString(); // sqlTemp = string.Format(sqlRuleFormat, objId, objType, operId, method); // sqlBuilder.Append(sqlTemp); // sqlTemp = string.Format(sqlRuleDelFormat, objId, operId); // sqlDelBuilder.Append(sqlTemp); // } //} //else //{ // foreach (IOperator oper in opers) // { // sqlDelBuilder.Append(string.Format(sqlRuleDelFormat, secObj.ObjectId.ToString(), oper.OperatorId.ToString())); // } //} //sqlBuilder.Append(" Commit End Try Begin Catch IF @@TRANCOUNT > 0 Rollback DECLARE @ErrMsg nvarchar(4000), @ErrSeverity int" // + " SELECT @ErrMsg = ERROR_MESSAGE()," // + " @ErrSeverity = ERROR_SEVERITY()" // + " RAISERROR(@ErrMsg, @ErrSeverity, 1)" // + " End Catch"); //string finalSql = sqlBuilder.ToString(); //finalSql = string.Format(finalSql, sqlDelBuilder.ToString()); //try //{ // SqlHelper.ExecuteNonQuery(SqlHelper.SqlCon_QJVRMS, CommandType.Text, finalSql); // return true; //} //catch(Exception ex) //{ // LogWriter.WriteExceptionLog(ex); // return false; //} }
/// <summary> /// ÉèÖÃRule /// </summary> /// <param name="rules"></param> public static bool SetRules(List <ObjectRule> rules, SecurityObject secObj, System.Collections.ArrayList opers) { QJVRMS.Common.SerializeObjectFactory sof = new QJVRMS.Common.SerializeObjectFactory(); string rulesStr = sof.SerializeToBase64(rules); string secObjStr = sof.SerializeToBase64(secObj); string opersStr = sof.SerializeToBase64(opers); return(SetRules(rulesStr, secObjStr, opersStr)); //string sqlRuleFormat = "insert into AccessControlLIst (ObjectId,ObjectType,OperatorId,OperatorMethod)" // + " values ('{0}',{1},'{2}',{3});"; //StringBuilder sqlBuilder = new StringBuilder(); //sqlBuilder.Append("Begin Tran Begin try {0}"); //string sqlRuleDelFormat = "Delete from AccessControlLIst Where ObjectId='{0}' and OperatorId='{1}';"; //StringBuilder sqlDelBuilder = new StringBuilder(); //if (rules.Count != 0) //{ // foreach (IRule rule in rules) // { // string sqlTemp = string.Empty; // string objId = rule.SecurityObject.ObjectId.ToString(); // string objType = ((int)rule.SecurityObject.ObjectType).ToString(); // string operId = rule.Operator.OperatorId.ToString(); // string method = ((int)rule.Method).ToString(); // sqlTemp = string.Format(sqlRuleFormat, objId, objType, operId, method); // sqlBuilder.Append(sqlTemp); // sqlTemp = string.Format(sqlRuleDelFormat, objId, operId); // sqlDelBuilder.Append(sqlTemp); // } //} //else //{ // foreach (IOperator oper in opers) // { // sqlDelBuilder.Append(string.Format(sqlRuleDelFormat, secObj.ObjectId.ToString(), oper.OperatorId.ToString())); // } //} //sqlBuilder.Append(" Commit End Try Begin Catch IF @@TRANCOUNT > 0 Rollback DECLARE @ErrMsg nvarchar(4000), @ErrSeverity int" // + " SELECT @ErrMsg = ERROR_MESSAGE()," // + " @ErrSeverity = ERROR_SEVERITY()" // + " RAISERROR(@ErrMsg, @ErrSeverity, 1)" // + " End Catch"); //string finalSql = sqlBuilder.ToString(); //finalSql = string.Format(finalSql, sqlDelBuilder.ToString()); //try //{ // SqlHelper.ExecuteNonQuery(SqlHelper.SqlCon_QJVRMS, CommandType.Text, finalSql); // return true; //} //catch(Exception ex) //{ // LogWriter.WriteExceptionLog(ex); // return false; //} }
protected void btnSetUserFun_Click(object sender, EventArgs e) { List<ObjectRule> rules = new List<ObjectRule>(100); User user = null; SecurityObject secObj = null; Guid objId = new Guid(this.hiCurrentCataId.Value); secObj = new SecurityObject(objId, SecurityObjectType.Items); ArrayList opers = new ArrayList(100); foreach (GridViewRow row in userList.Rows) { Guid userId = new Guid(userList.DataKeys[row.RowIndex].Value.ToString()); user = new User(userId); opers.Add(user); ObjectRule newRule; CheckBox chk = row.FindControl("funUpChk") as CheckBox; newRule = new ObjectRule(secObj, user, OperatorMethod.Write); rules.Add(newRule); if (chk.Checked) { newRule.IsValidate = true; } else { newRule.IsValidate = false; } CheckBox echk = row.FindControl("funEditChk") as CheckBox; newRule = new ObjectRule(secObj, user, OperatorMethod.Modify); rules.Add(newRule); if (echk.Checked) { newRule.IsValidate = true; } else { newRule.IsValidate = false; } CheckBox dchk = row.FindControl("funReadChk") as CheckBox; newRule = new ObjectRule(secObj, user, OperatorMethod.Deny); rules.Add(newRule); if (dchk.Checked) { newRule.IsValidate = true; } else { newRule.IsValidate = false; } CheckBox downChk = row.FindControl("funDownChk") as CheckBox; newRule = new ObjectRule(secObj, user, OperatorMethod.Download); rules.Add(newRule); newRule.IsValidate = downChk.Checked; //针对当前类的子类设置权限(子类应自动继承父类权限) DataTable childCatalog = Catalog.GetCatalogTableByParentId(objId); foreach (DataRow cata in childCatalog.Rows) { SecurityObject cSecObj = new SecurityObject(new Guid(cata["catalogId"].ToString()), SecurityObjectType.Items); ObjectRule cOrUp = new ObjectRule(cSecObj, user, OperatorMethod.Write); cOrUp.IsValidate = chk.Checked; rules.Add(cOrUp); ObjectRule cOrEdit = new ObjectRule(cSecObj, user, OperatorMethod.Modify); cOrEdit.IsValidate = echk.Checked; rules.Add(cOrEdit); ObjectRule cOrDeny = new ObjectRule(cSecObj, user, OperatorMethod.Deny); cOrDeny.IsValidate = dchk.Checked; rules.Add(cOrDeny); ObjectRule cOrDown = new ObjectRule(cSecObj, user, OperatorMethod.Download); cOrDown.IsValidate = downChk.Checked; rules.Add(cOrDown); } } if (ObjectRule.SetRules(rules, secObj, opers)) { ShowMessage("用户权限设置成功"); } else { ShowMessage("用户权限设置失败"); } }
/// <summary> /// 判断某个用户对某个资源是否具有某个操作权限 /// </summary> /// <param name="userId"></param> /// <param name="resourceId"></param> /// <returns></returns> public bool IsUserResource(Guid userId, Guid resourceId,int method) { bool _b = false; DataSet ds = this.GetResourceCatalogByItemId(resourceId.ToString()); int icount = ds.Tables[0].Rows.Count; List<ObjectRule> rules = new List<ObjectRule>(icount); foreach (DataRow dr in ds.Tables[0].Rows) { ISecurityObject securityObj = new SecurityObject(new Guid(dr["CatalogId"].ToString()), SecurityObjectType.Items); ObjectRule or = new ObjectRule(securityObj, new User(userId), (OperatorMethod)method); rules.Add(or); } ObjectRule.CheckRules(rules); foreach (ObjectRule obj in rules) { _b = _b || obj.IsValidate; } return _b; }
protected void btnSearchUser_Click(object sender, EventArgs e) { QJVRMS.Business.Group userGroup = new QJVRMS.Business.Group(CurrentGroupId); DataTable dt = userGroup.SelectUsers(this.txtloginName.Text.Trim(), this.txtUserName.Text.Trim()); Hashtable userRules = new Hashtable(); Dictionary<int, string> methodDict = WebUI.UIBiz.CommonInfo.GetMethodDict(); foreach (DataRow row in dt.Rows) { ISecurityObject securityObj = new SecurityObject(new Guid(this.hiCurrentCataId.Value), SecurityObjectType.Items); List<ObjectRule> rules = new List<ObjectRule>(); User user = new User(new Guid(row["userId"].ToString())); foreach (KeyValuePair<int, string> methodEntry in methodDict) { OperatorMethod method = (OperatorMethod)((int)methodEntry.Key); ObjectRule rule = new ObjectRule(securityObj, user, method); rules.Add(rule); } userRules.Add(user, rules); ObjectRule.CheckRules(rules); } foreach (KeyValuePair<int, string> methodEntry in methodDict) { string mIndex = methodEntry.Key.ToString(); dt.Columns.Add(mIndex, typeof(bool)); } foreach (DictionaryEntry entry in userRules) { User user = entry.Key as User; List<ObjectRule> rules = entry.Value as List<ObjectRule>; DataRow[] users = dt.Select("userId='" + user.UserId.ToString() + "'"); foreach (IRule rule in rules) { string methodKey = ((int)rule.Method).ToString(); users[0][methodKey] = rule.IsValidate; } } this.userList.DataSource = dt; this.userList.DataBind(); }
//设定权限 protected void btnSetRoleFun_Click(object sender, EventArgs e) { List<ObjectRule> rules = new List<ObjectRule>(100); Role role = null; SecurityObject secObj = null; Guid objId = new Guid(this.hiCurrentCataId.Value); secObj = new SecurityObject(objId, SecurityObjectType.Items); ArrayList opers = new ArrayList(100); foreach (GridViewRow row in roleGroupList.Rows) { Guid roleId = new Guid(roleGroupList.DataKeys[row.RowIndex].Value.ToString()); role = new Role(); role.RoleId = roleId; opers.Add(role); ObjectRule newRule; CheckBox chkRead = row.FindControl("funReadChk") as CheckBox; newRule = new ObjectRule(secObj, role, OperatorMethod.Deny); rules.Add(newRule); newRule.IsValidate = chkRead.Checked; CheckBox chkWrite = row.FindControl("funUpChk") as CheckBox; newRule = new ObjectRule(secObj, role, OperatorMethod.Write); rules.Add(newRule); newRule.IsValidate = chkWrite.Checked; CheckBox chkEdit = row.FindControl("funEditChk") as CheckBox; newRule = new ObjectRule(secObj, role, OperatorMethod.Modify); rules.Add(newRule); newRule.IsValidate = chkEdit.Checked; CheckBox chkDownload = row.FindControl("funDownChk") as CheckBox; newRule = new ObjectRule(secObj, role, OperatorMethod.Download); rules.Add(newRule); newRule.IsValidate = chkDownload.Checked; //针对当前类的子类设置权限(子类应自动继承父类权限) DataTable childCatalog = Catalog.GetCatalogTableByParentId(objId); foreach (DataRow cata in childCatalog.Rows) { SecurityObject cSecObj = new SecurityObject(new Guid(cata["catalogId"].ToString()), SecurityObjectType.Items); ObjectRule cOrRead = new ObjectRule(cSecObj, role, OperatorMethod.Deny); cOrRead.IsValidate = chkRead.Checked; ObjectRule cOrWrite = new ObjectRule(cSecObj, role, OperatorMethod.Write); cOrWrite.IsValidate = chkWrite.Checked; ObjectRule cOrEdit = new ObjectRule(cSecObj, role, OperatorMethod.Modify); cOrEdit.IsValidate = chkEdit.Checked; ObjectRule cOrDown = new ObjectRule(cSecObj, role, OperatorMethod.Download); cOrDown.IsValidate = chkDownload.Checked; rules.Add(cOrRead); rules.Add(cOrWrite); rules.Add(cOrEdit); rules.Add(cOrDown); } } if (ObjectRule.SetRules(rules, secObj, opers)) { ShowMessage("角色权限设置成功"); } else { ShowMessage("角色权限设置失败"); } }
/// <summary> /// 绑定用户组定义功能 /// </summary> void BindRoleControlList() { Dictionary<int, string> methodDict = WebUI.UIBiz.CommonInfo.GetMethodDict(); //注意修改 当为superadmin时 RoleCollection roles = Role.GetRoleCollection(CurrentGroupId); Hashtable roleRules = new Hashtable(); foreach (Role role in roles) { ISecurityObject securityObj = new SecurityObject(new Guid(this.hiCurrentCataId.Value), SecurityObjectType.Items); List<ObjectRule> rules = new List<ObjectRule>(); foreach (KeyValuePair<int, string> methodEntry in methodDict) { OperatorMethod method = (OperatorMethod)((int)methodEntry.Key); ObjectRule rule = new ObjectRule(securityObj, role, method); rules.Add(rule); } roleRules.Add(role, rules); ObjectRule.CheckRules(rules); } DataTable roleMethod = new DataTable(); DataColumn dc = new DataColumn("roleName"); roleMethod.Columns.Add(dc); dc = new DataColumn("roleId"); roleMethod.Columns.Add(dc); foreach (KeyValuePair<int, string> methodEntry in methodDict) { string mIndex = methodEntry.Key.ToString(); roleMethod.Columns.Add(mIndex, typeof(bool)); } //foreach (KeyValuePair<int, string> methodEntry in methodDict) //{ // TemplateField field = new TemplateField(); // // CheckBoxField field = new CheckBoxField(); // WebUI.UIBiz.GridViewTempla template = new WebUI.UIBiz.GridViewTempla(ListItemType.Item, string.Empty); // field.HeaderText = methodEntry.Value.ToString(); // // field.DataField = methodEntry.Key.ToString(); // // field.ReadOnly = false; // field.ItemTemplate = template; // roleGroupList.Columns.Add(field); // DataColumn methodDc = new DataColumn(methodEntry.Key.ToString()); // roleMethod.Columns.Add(methodDc); //} foreach (DictionaryEntry entry in roleRules) { Role role = entry.Key as Role; List<ObjectRule> rules = entry.Value as List<ObjectRule>; DataRow dr = roleMethod.NewRow(); dr["roleName"] = role.RoleName; dr["roleId"] = role.RoleId.ToString(); foreach (IRule rule in rules) { string methodKey = ((int)rule.Method).ToString(); dr[methodKey] = rule.IsValidate; } roleMethod.Rows.Add(dr); } DataView dv = roleMethod.DefaultView; dv.Sort = "RoleName"; roleGroupList.DataSource = dv; roleGroupList.DataBind(); // TemplateColumn roleColumn = new TemplateColumn(); }
public static bool ModifyRole(string roleName, string description, Guid roleId, SecurityObject[] secObj, OperatorMethod method) { // string formatcreateSql = string.Empty; // formatcreateSql = @"insert into accessControlList (ObjectId,ObjectType,OperatorId,OperatorMethod) // values ('{0}',{1},'{2}',{3})"; // string createSql = string.Empty; // string sql = string.Empty; // sql = "Begin Tran Begin try "; // sql += "update Roles set RoleName='{0}',Description='{1}' where roleId='{2}'"; // sql = string.Format(sql, roleName, description, roleId.ToString()); // sql += " delete from accessControlList where OperatorId='{0}' "; // sql = string.Format(sql, roleId.ToString()); // foreach (ISecurityObject secobj in secObj) // { // string secObjId = secobj.ObjectId.ToString(); // int oType = (int)secobj.ObjectType; // int methodIndex = (int)method; // createSql = string.Format(formatcreateSql, secObjId, oType.ToString(), roleId.ToString(), methodIndex.ToString()); // sql += createSql; // } // sql += " Commit End try "; // sql += "Begin Catch IF @@TRANCOUNT > 0 Rollback" // + " DECLARE @ErrMsg nvarchar(4000), @ErrSeverity int" // + " SELECT @ErrMsg = ERROR_MESSAGE()," // + " @ErrSeverity = ERROR_SEVERITY()" // + "RAISERROR(@ErrMsg, @ErrSeverity, 1)" // + " End Catch"; // try // { // SqlHelper.ExecuteNonQuery(SqlHelper.SqlCon_QJVRMS, CommandType.Text, sql); // return true; // } // catch (Exception e) // { // // QJVRMS.Common.LogWriter.WriteExceptionLog(e, true); // return false; // } QJVRMS.Common.SerializeObjectFactory sof = new QJVRMS.Common.SerializeObjectFactory(); string objStr = sof.SerializeToBase64(secObj); QJVRMS.Business.RoleWS.RoleService rs = new QJVRMS.Business.RoleWS.RoleService(); return rs.ModifyRole(roleName, description, roleId, objStr, (int)method); }
/// <summary> /// 删除用户组 /// /// I:删除用户组用户 /// II:删除受控对象 /// </summary> /// <param name="roleId"></param> /// <returns></returns> //public static bool Deleteuserda(Guid userId) //{ // string sql = "Begin Tran Begin try " // + " Delete from Users_inRoles where UserId=@userId" // + " Delete from Users where UserId=@userId" // + " Commit End Try" // + " Begin Catch IF @@TRANCOUNT > 0 Rollback " // + " DECLARE @ErrMsg nvarchar(4000), @ErrSeverity int " // + " SELECT @ErrMsg = ERROR_MESSAGE()," // + " @ErrSeverity = ERROR_SEVERITY() " // + " RAISERROR(@ErrMsg, @ErrSeverity, 1)" // + " End Catch"; // SqlParameter[] Parameters = new SqlParameter[1]; // Parameters[0] = new SqlParameter("@userId", SqlDbType.UniqueIdentifier); // Parameters[0].Value = userId; // try // { // SqlHelper.ExecuteNonQuery(SqlHelper.SqlCon_QJVRMS, CommandType.Text, sql, Parameters); // return true; // } // catch (Exception ex) // { // // QJVRMS.Common.LogWriter.WriteExceptionLog(ex, true); // return false; // } //} public static IRole NewRole(Guid groupId, string roleName, string description, SecurityObject[] secObj, OperatorMethod method) { //SqlParameter[] Parameters = new SqlParameter[4]; //Parameters[0] = new SqlParameter("@RoleName", SqlDbType.NVarChar); //Parameters[1] = new SqlParameter("@description", SqlDbType.NVarChar); //Parameters[2] = new SqlParameter("@groupId", SqlDbType.UniqueIdentifier); //Parameters[3] = new SqlParameter("@roleId", SqlDbType.UniqueIdentifier); //Parameters[3].Direction = ParameterDirection.Output; //Parameters[0].Value = roleName; //Parameters[1].Value = description; //Parameters[2].Value = groupId; //SqlTransaction trans = null; Role role = null; // using (SqlConnection con = new SqlConnection(SqlHelper.Con_QJVRMS)) // { // con.Open(); // trans = con.BeginTransaction(); // try // { // SqlHelper.ExecuteNonQuery(trans, CommandType.StoredProcedure, "dbo.Role_CreateRole", Parameters); // Guid roleId = new Guid(Parameters[3].Value.ToString()); // string formatcreateSql = @"insert into accessControlList (ObjectId,ObjectType,OperatorId,OperatorMethod) // values ('{0}',{1},'{2}',{3})"; // string sql = string.Empty; // foreach (ISecurityObject secobj in secObj) // { // string secObjId = secobj.ObjectId.ToString(); // int oType = (int)secobj.ObjectType; // int methodIndex = (int)method; // sql += string.Format(formatcreateSql, secObjId, oType.ToString(), roleId.ToString(), methodIndex.ToString()); // } // if( sql != string.Empty ) // SqlHelper.ExecuteNonQuery(trans, CommandType.Text, sql); // role = new Role(roleId, groupId, roleName, description); // trans.Commit(); // } // catch (Exception e) // { // trans.Rollback(); // // QJVRMS.Common.LogWriter.WriteExceptionLog(e, true); // throw e; // } // } QJVRMS.Common.SerializeObjectFactory sof = new QJVRMS.Common.SerializeObjectFactory(); string objStr = sof.SerializeToBase64(secObj); QJVRMS.Business.RoleWS.RoleService rs = new QJVRMS.Business.RoleWS.RoleService(); Guid roleId = rs.NewRole(groupId, roleName, description, objStr, (int)method); role = new Role(roleId, groupId, roleName, description); return role; }