// private string loginPageUrl;
public Security(string sessionId)
{
userContext.SessionId = sessionId;
SecuritySettings.CreateDefaultDb();
}
public bool _CheckObjectPermission(string objectType, string objectId, PermissionTypes permissionType)
{
//nocheck this folder /xj-service/
if (userContext.Id.Equals(BuiltinUsers.admin, StringComparison.OrdinalIgnoreCase))
{
return(true);
}
if (objectId.StartsWith("/xj-service/", StringComparison.OrdinalIgnoreCase))
{
return(true);
}
if (isAdminObject(objectType))
{
return(IsAdminRoleUser);
}
if (isAdminObject(objectId))
{
return(IsAdminRoleUser);
}
if (IsAdminRoleUser)
{
return(true);
}
Database db = SecuritySettings.GetDb();
DbConnection conn = db.CreateConnection();
try
{
// if (conn.State != ConnectionState.Open)
conn.Open();
DbCommand cmd = conn.CreateCommand();
cmd.CommandType = CommandType.Text;
if (objectType.Equals("ListData", StringComparison.OrdinalIgnoreCase))
{
if (objectId.EndsWith(".html", StringComparison.OrdinalIgnoreCase))
{
objectId = objectId.Remove(objectId.LastIndexOf(".html", StringComparison.OrdinalIgnoreCase));
}
if (objectId.EndsWith(".htm", StringComparison.OrdinalIgnoreCase))
{
objectId = objectId.Remove(objectId.LastIndexOf(".htm", StringComparison.OrdinalIgnoreCase));
}
objectId = objectId.TrimStart('/');
}
cmd.CommandText = @"select [object_id] from xsys_role_permissions where [object_id]='" + objectId + "' and [object_type]='" + objectType + "'";
DbDataReader reader = cmd.ExecuteReader();
try
{
if (!reader.HasRows)
{
return(true);
}
}
finally
{
reader.Close();
}
// cmd = conn.CreateCommand();
cmd.CommandText = @"select [permission] from xsys_role_permissions where [object_id]='" + objectId + "' and [object_type]='" + objectType + "'" +
" and role_id in (select role_id from xsys_user_roles where [user_id]='" + userContext.Id + "') ";
reader = cmd.ExecuteReader();
try
{
if (!reader.HasRows)
{
return(false);
}
while (reader.Read())
{
PermissionTypes p = (PermissionTypes)reader.GetInt32(0);
if ((permissionType & p) != 0)
{
return(true);
}
}
}
catch (Exception e)
{
throw new Exception("安全检查时,安全系统配置错误" + e.Message);
}
finally
{
reader.Close();
}
return(false);
}
catch (Exception e)
{
throw new Exception("安全检查时,安全系统配置错误" + e.Message);
}
finally
{
conn.Close();
}
}