/// <summary> /// 按某个权限范围获取特定用户可访问的操作权限列表(有授权权限的权限列表) /// </summary> /// <param name="userInfo">用户</param> /// <param name="userId">用户主键</param> /// <param name="permissionItemCode">权限域编号</param> /// <returns>数据表</returns> public DataTable GetPermissionItemDTByPermissionScope(UserInfo userInfo, string userId, string permissionItemCode) { var dataTable = new DataTable(PiPermissionItemTable.TableName); var parameter = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.PermissionService_GetPermissionItemDTByPermissionScope); ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider => { var permissionItemManager = new PiPermissionItemManager(dbProvider, userInfo); var permissionItemId = permissionItemManager.GetId(PiPermissionItemTable.FieldCode, permissionItemCode); // 数据库里没有设置可授权的权限项,系统自动增加一个权限配置项 if (String.IsNullOrEmpty(permissionItemId) && permissionItemCode.Equals("Resource.ManagePermission")) { var permissionItemEntity = new PiPermissionItemEntity { Code = "Resource.ManagePermission", FullName = "资源管理范围权限(系统默认)", IsScope = 1, Enabled = 1, AllowDelete = 0 }; permissionItemManager.AddEntity(permissionItemEntity); } dataTable = permissionItemManager.GetDTByUser(userId, permissionItemCode); dataTable.TableName = PiPermissionItemTable.TableName; }); return(dataTable); }
/// <summary> /// 获取数据权限目标主键 /// </summary> /// <param name="userInfo">用户</param> /// <param name="resourceCategory">资源类别</param> /// <param name="targetId">目标资源主键</param> /// <param name="targetResourceCategory">目标资源类别</param> /// <param name="permissionItemCode">操作权限编号</param> /// <returns>资源主键数组</returns> public string[] GetPermissionScopeResourceIds(UserInfo userInfo, string resourceCategory, string targetId, string targetResourceCategory, string permissionItemCode) { string[] returnValue = null; var parameter = ParameterUtil.CreateWithLog(userInfo, MethodBase.GetCurrentMethod()); ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider => { var permissionItemManager = new PiPermissionItemManager(dbProvider, userInfo); var permissionItemId = permissionItemManager.GetId(PiPermissionItemTable.FieldCode, permissionItemCode); var names = new string[6]; var values = new object[6]; names[0] = PiPermissionScopeTable.FieldResourceCategory; values[0] = resourceCategory; names[1] = PiPermissionScopeTable.FieldTargetId; values[1] = targetId; names[2] = PiPermissionScopeTable.FieldPermissionId; values[2] = permissionItemId; names[3] = PiPermissionScopeTable.FieldTargetCategory; values[3] = targetResourceCategory; names[4] = PiPermissionScopeTable.FieldDeleteMark; values[4] = 0; names[5] = PiPermissionScopeTable.FieldEnabled; values[5] = 1; returnValue = DbCommonLibary.GetIds(dbProvider, PiPermissionScopeTable.TableName, names, values, PiPermissionScopeTable.FieldResourceId); }); return(returnValue); }
/// <summary> /// 获取授权范围 /// </summary> /// <param name="userInfo">用户</param> /// <param name="userId">用户主键</param> /// <returns>数据表</returns> public DataTable GetLicensedDT(UserInfo userInfo, string userId) { var dataTable = new DataTable(PiPermissionItemTable.TableName); var parameter = ParameterUtil.CreateWithOutMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName); ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider => { var permissionAdminManager = new PiPermissionItemManager(dbProvider, userInfo); var permissionItemId = permissionAdminManager.GetId(PiPermissionItemTable.FieldDeleteMark, 0, PiPermissionItemTable.FieldCode, "Resource.ManagePermission"); dataTable = permissionAdminManager.GetDTByUser(userId, permissionItemId); dataTable.TableName = PiPermissionItemTable.TableName; }); return(dataTable); }
/// <summary> /// 授予指定角色指定的操作权限 /// </summary> /// <param name="userInfo">用户</param> /// <param name="roleName">角色名</param> /// <param name="permissionItemCode">权限编号</param> /// <returns>主键</returns> public string GrantRolePermission(UserInfo userInfo, string roleName, string permissionItemCode) { string returnValue = string.Empty; var parameter = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, string.Empty); ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider => { var roleManager = new PiRoleManager(dbProvider, userInfo); var roleId = roleManager.GetId(PiRoleTable.FieldRealName, roleName); var permissionItemManager = new PiPermissionItemManager(dbProvider, userInfo); var permissionItemId = permissionItemManager.GetId(PiPermissionItemTable.FieldCode, permissionItemCode); if (!String.IsNullOrEmpty(roleId) && !String.IsNullOrEmpty(permissionItemId)) { var rolePermissionManager = new RolePermissionManager(dbProvider, userInfo); returnValue = rolePermissionManager.Grant(roleId, permissionItemId); } }); return(returnValue); }
private string GetSearchConditional(string permissionScopeCode, string search, string[] roleIds, bool?enabled, string auditStates, string departmentId) { search = StringHelper.GetSearchString(search); string whereConditional = PiUserTable.TableName + "." + PiUserTable.FieldDeleteMark + " = 0 " + " AND " + PiUserTable.TableName + "." + PiUserTable.FieldIsVisible + " = 1 "; if (enabled != null) { whereConditional += " AND (" + PiUserTable.TableName + "." + PiUserTable.FieldEnabled + " = " + ((bool)enabled ? 1 : 0) + ")"; } if (!String.IsNullOrEmpty(search)) { whereConditional += " AND (" + PiUserTable.TableName + "." + PiUserTable.FieldUserName + " LIKE '" + search + "'" + " OR " + PiUserTable.TableName + "." + PiUserTable.FieldCode + " LIKE '" + search + "'" + " OR " + PiUserTable.TableName + "." + PiUserTable.FieldRealName + " LIKE '" + search + "'" + " OR " + PiUserTable.TableName + "." + PiUserTable.FieldQuickQuery + " LIKE '" + search + "'" + " OR " + PiUserTable.TableName + "." + PiUserTable.FieldDepartmentName + " LIKE '" + search + "'" + " OR " + PiUserTable.TableName + "." + PiUserTable.FieldDescription + " LIKE '" + search + "')"; } if (!string.IsNullOrEmpty(departmentId)) { var organizeManager = new PiOrganizeManager(this.DBProvider, this.UserInfo); string[] organizeIds = organizeManager.GetChildrensId(PiOrganizeTable.FieldId, departmentId, PiOrganizeTable.FieldParentId); if (organizeIds != null && organizeIds.Length > 0) { whereConditional += " AND (" + PiUserTable.TableName + "." + PiUserTable.FieldCompanyId + " IN (" + StringHelper.ArrayToList(organizeIds, "'") + ")" + " OR " + PiUserTable.TableName + "." + PiUserTable.FieldSubCompanyId + " IN (" + StringHelper.ArrayToList(organizeIds, "'") + ")" + " OR " + PiUserTable.TableName + "." + PiUserTable.FieldDepartmentId + " IN (" + StringHelper.ArrayToList(organizeIds, "'") + ")" + " OR " + PiUserTable.TableName + "." + PiUserTable.FieldSubDepartmentId + " IN (" + StringHelper.ArrayToList(organizeIds, "'") + ")" + " OR " + PiUserTable.TableName + "." + PiUserTable.FieldWorkgroupId + " IN (" + StringHelper.ArrayToList(organizeIds, "'") + "))"; // 从兼职表读取用户 whereConditional += " OR " + PiUserTable.TableName + "." + PiUserTable.FieldId + " IN (" + " SELECT " + PiUserOrganizeTable.FieldUserId + " FROM " + PiUserOrganizeTable.TableName + " WHERE (" + PiUserOrganizeTable.TableName + "." + PiUserOrganizeTable.FieldDeleteMark + " = 0 ) " + " AND (" + PiUserOrganizeTable.TableName + "." + PiUserOrganizeTable.FieldCompanyId + " = '" + departmentId + "' OR " + PiUserOrganizeTable.TableName + "." + PiUserOrganizeTable.FieldSubCompanyId + " = '" + departmentId + "' OR " + PiUserOrganizeTable.TableName + "." + PiUserOrganizeTable.FieldDepartmentId + " = '" + departmentId + "' OR " + PiUserOrganizeTable.TableName + "." + PiUserOrganizeTable.FieldSubDepartmentId + " = '" + departmentId + "' OR " + PiUserOrganizeTable.TableName + "." + PiUserOrganizeTable.FieldWorkgroupId + " = '" + departmentId + "')) "; } } if (!String.IsNullOrEmpty(auditStates)) { whereConditional += " AND (" + PiUserTable.TableName + "." + PiUserTable.FieldAuditStatus + " = '" + auditStates + "')"; } if ((roleIds != null) && (roleIds.Length > 0)) { string roles = StringHelper.ArrayToList(roleIds, "'"); whereConditional += " AND (" + PiUserTable.TableName + "." + PiUserTable.FieldId + " IN (" + "SELECT " + PiUserRoleTable.FieldUserId + " FROM " + PiUserRoleTable.TableName + " WHERE " + PiUserRoleTable.FieldRoleId + " IN (" + roles + ")" + "))"; } // 是否过滤用户, 获得组织机构列表 if ((!UserInfo.IsAdministrator) && (SystemInfo.EnableUserAuthorizationScope)) { // string permissionScopeCode = "Resource.ManagePermission"; var permissionItemManager = new PiPermissionItemManager(this.DBProvider, this.UserInfo); string permissionScopeItemId = permissionItemManager.GetId(new KeyValuePair <string, object>(PiPermissionItemTable.FieldCode, permissionScopeCode)); if (!string.IsNullOrEmpty(permissionScopeItemId)) { // 从小到大的顺序进行显示,防止错误发生 var userPermissionScopeManager = new UserScopeManager(this.DBProvider, this.UserInfo); string[] organizeIds = userPermissionScopeManager.GetOrganizeIds(this.UserInfo.Id, permissionScopeCode); // 没有任何数据权限 if (StringHelper.Exists(organizeIds, ((int)PermissionScope.None).ToString())) { whereConditional += " AND (" + PiUserTable.TableName + "." + PiUserTable.FieldId + " = NULL ) "; } // 按详细设定的数据 if (StringHelper.Exists(organizeIds, ((int)PermissionScope.Detail).ToString())) { var permissionScopeManager = new PiPermissionScopeManager(DBProvider, UserInfo); string[] userIds = permissionScopeManager.GetUserIds(UserInfo.Id, permissionScopeCode); whereConditional += " AND (" + PiUserTable.TableName + "." + PiUserTable.FieldId + " IN (" + BusinessLogic.ObjectsToList(userIds) + ")) "; } // 自己的数据,仅本人 if (StringHelper.Exists(organizeIds, ((int)PermissionScope.User).ToString())) { whereConditional += " AND (" + PiUserTable.TableName + "." + PiUserTable.FieldId + " = '" + this.UserInfo.Id + "') "; } // 用户所在工作组数据 if (StringHelper.Exists(organizeIds, ((int)PermissionScope.UserWorkgroup).ToString())) { whereConditional += " AND (" + PiUserTable.TableName + "." + PiUserTable.FieldWorkgroupId + " = '" + this.UserInfo.WorkgroupId + "') "; } // 用户所在部门数据 if (StringHelper.Exists(organizeIds, ((int)PermissionScope.UserDepartment).ToString())) { whereConditional += " AND (" + PiUserTable.TableName + "." + PiUserTable.FieldDepartmentId + " = '" + this.UserInfo.DepartmentId + "') "; } // 用户所在公司数据 if (StringHelper.Exists(organizeIds, ((int)PermissionScope.UserCompany).ToString())) { whereConditional += " AND (" + PiUserTable.TableName + "." + PiUserTable.FieldCompanyId + " = '" + this.UserInfo.CompanyId + "') "; } // 全部数据,这里就不用设置过滤条件了 if (StringHelper.Exists(organizeIds, ((int)PermissionScope.All).ToString())) { } } } return(whereConditional); }