//
// 授予授权范围的实现部分
//
#region private string GrantUser(PiPermissionScopeManager permissionScopeManager, string userId, string permissionItemCode, string grantUserId) 为了提高授权的运行速度
/// <summary>
/// 为了提高授权的运行速度
/// </summary>
/// <param name="permissionScopeManager">权限域读写器</param>
/// <param name="userId">员工主键</param>
/// <param name="permissionItemCode">权限项代码</param>
/// <param name="grantUserId">权限主键</param>
/// <returns>主键</returns>
private string GrantUser(PiPermissionScopeManager permissionScopeManager, string userId, string permissionItemCode, string grantUserId)
{
var returnValue = string.Empty;
var names = new string[5];
var values = new string[5];
names[0] = PiPermissionScopeTable.FieldResourceCategory;
values[0] = PiUserTable.TableName;
names[1] = PiPermissionScopeTable.FieldResourceId;
values[1] = userId;
names[2] = PiPermissionScopeTable.FieldTargetCategory;
values[2] = PiUserTable.TableName;
names[3] = PiPermissionScopeTable.FieldTargetId;
values[3] = grantUserId;
names[4] = PiPermissionScopeTable.FieldPermissionId;
values[4] = this.GetIdByCode(permissionItemCode);
if (!this.Exists(names, values))
{
var resourcePermissionScopeEntity = new PiPermissionScopeEntity
{
PermissionId = this.GetIdByCode(permissionItemCode),
ResourceCategory = PiUserTable.TableName,
ResourceId = userId,
TargetCategory = PiUserTable.TableName,
TargetId = grantUserId,
Enabled = 1,
DeleteMark = 0
};
return(permissionScopeManager.Add(resourcePermissionScopeEntity));
}
return(returnValue);
}
/// <summary>
/// 设置约束条件
/// </summary>
/// <param name="resourceCategory">资源类别</param>
/// <param name="resourceId">资源主键</param>
/// <param name="tableName">表名</param>
/// <param name="constraint">约束</param>
/// <param name="enabled">有效</param>
/// <param name="permissionCode">操作权限项</param>
/// <returns>主键</returns>
public string SetConstraint(string resourceCategory, string resourceId, string tableName, string permissionCode, string constraint, bool enabled = true)
{
string returnValue = string.Empty;
string permissionId = string.Empty;
PiPermissionItemManager permissionItemManager = new PiPermissionItemManager(this.UserInfo);
permissionId = permissionItemManager.GetIdByAdd(permissionCode);
PiPermissionScopeManager manager = new PiPermissionScopeManager(this.DBProvider, this.UserInfo);
string[] names =
{
PiPermissionScopeTable.FieldResourceCategory
, PiPermissionScopeTable.FieldResourceId
, PiPermissionScopeTable.FieldTargetCategory
, PiPermissionScopeTable.FieldTargetId
, PiPermissionScopeTable.FieldPermissionId
, PiPermissionScopeTable.FieldDeleteMark
};
Object[] values =
{
resourceCategory
, resourceId
, "Table"
, tableName
, permissionId
, 0
};
// 1:先获取是否有这样的主键,若有进行更新操作。
// 2:若没有进行添加操作。
returnValue = manager.GetId(names, values);
if (!string.IsNullOrEmpty(returnValue))
{
string[] targetFields = { PiPermissionScopeTable.FieldPermissionConstraint, PiPermissionScopeTable.FieldEnabled };
Object[] targetValues = { constraint, enabled ? 1 : 0 };
manager.SetProperty(PiPermissionScopeTable.FieldId, returnValue, targetFields, targetValues);
}
else
{
PiPermissionScopeEntity entity = new PiPermissionScopeEntity
{
ResourceCategory = resourceCategory,
ResourceId = resourceId,
TargetCategory = "Table",
TargetId = tableName,
PermissionConstraint = constraint,
PermissionId = permissionId,
DeleteMark = 0,
Enabled = enabled ? 1 : 0
};
returnValue = manager.Add(entity);
}
return(returnValue);
}
/// <summary>
/// 获取约束条件
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="resourceCategory">资源类别</param>
/// <param name="resourceId">资源主键</param>
/// <param name="tableName">表名</param>
/// <returns>约束条件</returns>
public PiPermissionScopeEntity GetConstraintEntity(UserInfo userInfo, string resourceCategory, string resourceId, string tableName, string permissionCode = "Resource.AccessPermission")
{
PiPermissionScopeEntity returnValue = null;
var parameter = ParameterUtil.CreateWithLog(userInfo, MethodBase.GetCurrentMethod());
ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider =>
{
returnValue = new TableColumnsManager(dbProvider, userInfo).GetConstraintEntity(resourceCategory, resourceId, tableName, permissionCode);
});
return(returnValue);
}
/// <summary>
/// 获取约束条件
/// </summary>
/// <param name="resourceCategory">资源类别</param>
/// <param name="resourceId">资源主键</param>
/// <param name="tableName">表名</param>
/// <returns>约束条件</returns>
public string GetConstraint(string resourceCategory, string resourceId, string tableName, string permissionCode = "Resource.AccessPermission")
{
string returnValue = string.Empty;
PiPermissionScopeEntity entity = GetConstraintEntity(resourceCategory, resourceId, tableName, permissionCode);
if (entity != null && entity.Enabled == 1)
{
returnValue = entity.PermissionConstraint;
}
return(returnValue);
}
//
// 授予授权范围的实现部分
//
#region private string GrantPermissionItem(PiPermissionScopeManager permissionScopeManager, string id, string userId, string grantPermissionId) 为了提高授权的运行速度
/// <summary>
/// 为了提高授权的运行速度
/// </summary>
/// <param name="permissionScopeManager">权限域读写器</param>
/// <param name="userId">员工主键</param>
/// <param name="permissionItemCode">权限代码</param>
/// <param name="grantPermissionId">权限主键</param>
/// <returns>主键</returns>
private string GrantPermissionItem(PiPermissionScopeManager permissionScopeManager, string userId, string permissionItemCode, string grantPermissionId)
{
string returnValue = string.Empty;
PiPermissionScopeEntity resourcePermissionScopeEntity = new PiPermissionScopeEntity
{
PermissionId = this.GetIdByCode(permissionItemCode),
ResourceCategory = PiUserTable.TableName,
ResourceId = userId,
TargetCategory = PiPermissionItemTable.TableName,
TargetId = grantPermissionId,
Enabled = 1,
DeleteMark = 0
};
return(permissionScopeManager.Add(resourcePermissionScopeEntity));
}
//
// 授予授权范围的实现部分
//
#region private string GrantModule(PiPermissionScopeManager permissionScopeManager, string userId, string permissionItemCode, string grantModuleId) 为了提高授权的运行速度
/// <summary>
/// 为了提高授权的运行速度
/// </summary>
/// <param name="permissionScopeManager">权限域读写器</param>
/// <param name="userId">员工主键</param>
/// <param name="permissionItemCode">权限代码</param>
/// <param name="grantModuleId">权限主键</param>
/// <returns>主键</returns>
private string GrantModule(PiPermissionScopeManager permissionScopeManager, string userId, string permissionItemCode, string grantModuleId)
{
string returnValue = string.Empty;
PiPermissionScopeEntity resourcePermissionScopeEntity = new PiPermissionScopeEntity();
string permissionId = this.GetIdByCode(permissionItemCode);
if (string.IsNullOrEmpty(permissionId))
{
return(string.Empty);
}
resourcePermissionScopeEntity.PermissionId = permissionId;
resourcePermissionScopeEntity.ResourceCategory = PiUserTable.TableName;
resourcePermissionScopeEntity.ResourceId = userId;
resourcePermissionScopeEntity.TargetCategory = PiModuleTable.TableName;
resourcePermissionScopeEntity.TargetId = grantModuleId;
resourcePermissionScopeEntity.Enabled = 1;
resourcePermissionScopeEntity.DeleteMark = 0;
return(permissionScopeManager.Add(resourcePermissionScopeEntity));
}
public PiPermissionScopeEntity GetConstraintEntity(string resourceCategory, string resourceId, string tableName, string permissionCode = "Resource.AccessPermission")
{
PiPermissionScopeEntity entity = null;
string permissionId = string.Empty;
PiPermissionItemManager permissionItemManager = new PiPermissionItemManager(this.UserInfo);
permissionId = permissionItemManager.GetIdByAdd(permissionCode);
PiPermissionScopeManager manager = new PiPermissionScopeManager(this.DBProvider, this.UserInfo);
string[] names =
{
PiPermissionScopeTable.FieldResourceCategory
, PiPermissionScopeTable.FieldResourceId
, PiPermissionScopeTable.FieldTargetCategory
, PiPermissionScopeTable.FieldTargetId
, PiPermissionScopeTable.FieldPermissionId
, PiPermissionScopeTable.FieldDeleteMark
};
Object[] values =
{
resourceCategory
, resourceId
, "Table"
, tableName
, permissionId
, 0
};
// 1:先获取是否有这样的主键,若有进行更新操作。
DataTable dt = manager.GetDT(names, values);
if (dt.Rows.Count > 0)
{
entity = BaseEntity.Create <PiPermissionScopeEntity>(dt);
}
return(entity);
}
//
// 授予授权范围的实现部分
//
#region private string GrantOrganize(PiPermissionScopeManager permissionScopeManager, string roleId, string permissionItemCode, string grantOrganizeId) 为了提高授权的运行速度
/// <summary>
/// 为了提高授权的运行速度
/// </summary>
/// <param name="permissionScopeManager">权限域读写器</param>
/// <param name="permissionItemCode">权限代码</param>
/// <param name="roleId">员工主键</param>
/// <param name="grantOrganizeId">权限主键</param>
/// <returns>主键</returns>
private string GrantOrganize(PiPermissionScopeManager permissionScopeManager, string roleId, string permissionItemCode, string grantOrganizeId)
{
string returnValue = string.Empty;
string[] names = new string[5];
string[] values = new string[5];
names[0] = PiPermissionScopeTable.FieldResourceCategory;
values[0] = PiRoleTable.TableName;
names[1] = PiPermissionScopeTable.FieldResourceId;
values[1] = roleId;
names[2] = PiPermissionScopeTable.FieldTargetCategory;
values[2] = PiOrganizeTable.TableName;
names[3] = PiPermissionScopeTable.FieldTargetId;
values[3] = grantOrganizeId;
names[4] = PiPermissionScopeTable.FieldPermissionId;
values[4] = this.GetIdByCode(permissionItemCode);
// Nick Deng 优化数据权限设置,没有权限和其他任意一种权限互斥
// 即当没有权限时,该角色对应该数据权限的其他权限都应删除
// 当该角色拥有对应该数据权限的其他权限时,删除该角色的没有权限的权限
PiPermissionScopeEntity resourcePermissionScopeEntity = new PiPermissionScopeEntity();
DataTable dt = new DataTable();
if (!this.Exists(names, values))
{
resourcePermissionScopeEntity.PermissionId = this.GetIdByCode(permissionItemCode);
resourcePermissionScopeEntity.ResourceCategory = PiRoleTable.TableName;
resourcePermissionScopeEntity.ResourceId = roleId;
resourcePermissionScopeEntity.TargetCategory = PiOrganizeTable.TableName;
resourcePermissionScopeEntity.TargetId = grantOrganizeId;
resourcePermissionScopeEntity.Enabled = 1;
resourcePermissionScopeEntity.DeleteMark = 0;
returnValue = permissionScopeManager.Add(resourcePermissionScopeEntity);
if (grantOrganizeId != ((int)PermissionScope.None).ToString())
{
values[3] = ((int)PermissionScope.None).ToString();
if (this.Exists(names, values))
{
dt = permissionScopeManager.GetDT(names, values);
if (dt != null && dt.Rows.Count > 0)
{
permissionScopeManager.DeleteEntity(dt.Rows[0]["Id"].ToString());
}
}
}
else
{
string[] namesForDel = new string[4];
string[] valuesForDel = new string[4];
namesForDel[0] = names[0];
valuesForDel[0] = values[0];
namesForDel[1] = names[1];
valuesForDel[1] = values[1];
namesForDel[2] = names[2];
valuesForDel[2] = values[2];
namesForDel[3] = names[4];
valuesForDel[3] = values[4];
dt = permissionScopeManager.GetDT(namesForDel, valuesForDel);
for (int i = 0; i < dt.Rows.Count; i++)
{
if (dt.Rows[i]["TARGETID"].ToString() != ((int)PermissionScope.None).ToString())
{
permissionScopeManager.DeleteEntity(dt.Rows[0]["ID"].ToString());
}
}
}
}
return(returnValue);
}
