public bool updateRole(Role role, string roleId)
{
if (String.IsNullOrEmpty(roleId))
{
throw new Exception("角色Id不能为空");
}
if (existsRole(role.Id) && !roleId.Equals(role.Id, StringComparison.OrdinalIgnoreCase))
{
throw new Exception("角色Id" + role.Id + "已经存在,不能将" + roleId + "修改成" + role.Id);
}
DatabaseAdmin dba = SecuritySettings.getDBA();
DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.UpdateRoleSql);
dba.addInParameter(cmd, "@Id", DbType.String, role.Id);
dba.addInParameter(cmd, "@DisplayName", DbType.String, role.DisplayName);
dba.addInParameter(cmd, "@Remark", DbType.String, role.Remark);
dba.addInParameter(cmd, "@oldId", DbType.String, roleId);
bool ret = dba.execNonQuery(cmd) != 0;
if (!ret)
{
throw new XUserException("角色修改失败,角色" + roleId + "不存在");
}
return(ret);
}
public static void deleteUserRole(string userId, string roleId)
{
DatabaseAdmin dba = SecuritySettings.getDBA();
DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.deleteUserRoleSQL);
dba.addInParameter(cmd, "@roleId", DbType.String, roleId);
dba.addInParameter(cmd, "@userId", DbType.String, userId);
dba.execNonQuery(cmd);
}
public bool updateUser(User user, string userId)
{
// if (!(Security.user.Id.Equals(user.Id) && Security.IsAdminRoleUser))
// throw new XUserException("无权操作");
if (existsUser(user.Id) && user.Id != userId)
{
throw new XUserException("用户" + user.Id + "已经存在,法将用户" + userId + "改为" + user.Id);
}
DatabaseAdmin dba = SecuritySettings.getDBA();
DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.UpdateUserSql);
dba.addInParameter(cmd, "@Id", DbType.String, user.Id);
dba.addInParameter(cmd, "@DisplayName", DbType.String, user.DisplayName);
dba.addInParameter(cmd, "@IsDisable", DbType.Boolean, user.IsDisable);
dba.addInParameter(cmd, "@IsActive", DbType.Boolean, user.IsActive);
dba.addInParameter(cmd, "@Email", DbType.AnsiString, user.Email);
dba.addInParameter(cmd, "@Mobile", DbType.AnsiString, user.Mobile);
dba.addInParameter(cmd, "@GroupId", DbType.AnsiString, user.GroupId);
dba.addInParameter(cmd, "@oldId", DbType.AnsiString, userId);
bool ret = dba.execNonQuery(cmd) != 0;
if (!ret)
{
throw new XUserException(userId + "用户未发现");
}
return(ret);
}
/// <summary>
/// 设置角色的对象权限
/// </summary>
/// <param name="roleId"></param>
/// <param name="objectId"></param>
/// <param name="permission"></param>
public static void setPermission(string roleId, string objectId, PermissionTypes permission)
{
PermissionTypes oldPerm = getRoleObjectPermission(roleId, objectId);
oldPerm = oldPerm | permission;
DatabaseAdmin dba = SecuritySettings.getDBA();
DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.SetRoleObjectPermissionSql);
dba.addInParameter(cmd, "@roleId", DbType.String, roleId);
dba.addInParameter(cmd, "@objectId", DbType.String, objectId);
dba.addInParameter(cmd, "@permission", DbType.Int32, oldPerm);
dba.execNonQuery(cmd);
//for(PermissionTypes
}
public void appendUserRole(string userId, string roleId)
{
DatabaseAdmin dba = SecuritySettings.getDBA();
DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.CheckUserRolesSQl);
dba.addInParameter(cmd, "@roleId", DbType.String, roleId);
dba.addInParameter(cmd, "@userId", DbType.String, userId);
object c = dba.executeScalar(cmd);
if ((int)c < 1)
{
cmd = dba.getSqlStringCommand(SecurityDataScripts.AppendUserRolesSQl);
dba.addInParameter(cmd, "@roleId", DbType.String, roleId);
dba.addInParameter(cmd, "@userId", DbType.String, userId);
}
dba.execNonQuery(cmd);
}
public bool deleteUser(string userId)
{
DatabaseAdmin dba = SecuritySettings.getDBA();
DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.DeleteUserSQL);
dba.addInParameter(cmd, "@user_id", DbType.String, userId);
return(dba.execNonQuery(cmd) != 0);
}
public static PermissionTypes getRoleObjectPermission(string roleId, string objectId)
{
DatabaseAdmin dba = SecuritySettings.getDBA();
DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.RoleObjectPermissionSql);
dba.addInParameter(cmd, "@roleId", DbType.String, roleId);
dba.addInParameter(cmd, "@objectId", DbType.String, objectId);
object ret = dba.executeScalar(cmd);
if (ret != null && ret is int)
{
return((PermissionTypes)ret);
}
else
{
return(PermissionTypes.None);
}
}
public bool existsUser(string userId)
{
DatabaseAdmin dba = SecuritySettings.getDBA();
DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.CheckUserExistsSQL);
dba.addInParameter(cmd, "@user_id", DbType.String, userId);
object o = dba.executeScalar(cmd);
return(o != null);
}
/// <summary>
/// 用权限类型设置角色的对象权限
/// </summary>
/// <param name="roleId">角色ID</param>
/// <param name="objectId">对象ID</param>
/// <param name="type">权限类型字符串:None/Read/Write/Execute/DoAll</param>
/// <param name="enable"></param>
public static void setPermission(string roleId, string objectId, string type, bool enable)
{
PermissionTypes permission = (PermissionTypes)Enum.Parse(typeof(PermissionTypes), type);
PermissionTypes oldPerm = getRoleObjectPermission(roleId, objectId);
oldPerm = oldPerm | permission;
if (!enable)
{
oldPerm = oldPerm ^ permission;
}
DatabaseAdmin dba = SecuritySettings.getDBA();
DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.SetRoleObjectPermissionSql);
dba.addInParameter(cmd, "@roleId", DbType.String, roleId);
dba.addInParameter(cmd, "@objectId", DbType.String, objectId);
dba.addInParameter(cmd, "@permission", DbType.Int32, oldPerm);
dba.execNonQuery(cmd);
}
public bool addRole(Role role)
{
if (existsRole(role.Id))
{
throw new XUserException("角色" + role.Id + "已经存在");
}
DatabaseAdmin dba = SecuritySettings.getDBA();
DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.InsertRoleSql);
dba.addInParameter(cmd, "@Id", DbType.String, role.Id);
dba.addInParameter(cmd, "@DisplayName", DbType.String, role.DisplayName);
dba.addInParameter(cmd, "@Remark", DbType.String, role.Remark);
bool ret = dba.execNonQuery(cmd) != 0;
if (!ret)
{
throw new XUserException("角色添加失败");
}
return(ret);
}
public bool appendRoles(UserRoleIds userRoleIds)
{
string userId = userRoleIds.UserId;
DatabaseAdmin dba = SecuritySettings.getDBA();
for (int i = 0; i < userRoleIds.RoleIds.Count; i++)
{
DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.CheckUserRolesSQl);
string roleId = userRoleIds.RoleIds[i];
dba.addInParameter(cmd, "@roleId", DbType.String, roleId);
dba.addInParameter(cmd, "@userId", DbType.String, userId);
object c = dba.executeScalar(cmd);
if ((int)c < 1)
{
cmd = dba.getSqlStringCommand(SecurityDataScripts.AppendUserRolesSQl);
dba.addInParameter(cmd, "@roleId", DbType.String, roleId);
dba.addInParameter(cmd, "@userId", DbType.String, userId);
}
dba.execNonQuery(cmd);
}
return(true);
}
public bool addUser(User user)
{
if (String.IsNullOrEmpty(user.Id) || !(UserInfoExpress.isEmail(user.Id) ||
UserInfoExpress.isMobile(user.Id)))
{
throw new XUserException("新用户注册,必须填写手机号或电子邮件!");
}
if (existsUser(user.Id))
{
throw new XUserException("新用户注册,用户" + user.Id + "已经被别人使用!");
}
user.Password = Crypto.Encrypt(user.Password);
if (UserInfoExpress.isEmail(user.Id) && string.IsNullOrEmpty(user.Email))
{
user.Email = user.Id;
}
if (UserInfoExpress.isMobile(user.Id) && string.IsNullOrEmpty(user.Mobile))
{
user.Mobile = user.Id;
}
DatabaseAdmin dba = SecuritySettings.getDBA();
DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.InsertUserSql);
dba.addInParameter(cmd, "@Id", DbType.String, user.Id);
dba.addInParameter(cmd, "@DisplayName", DbType.String, user.DisplayName);
dba.addInParameter(cmd, "@Password", DbType.String, user.Password);
dba.addInParameter(cmd, "@create_date", DbType.DateTime, DateTime.Now);
dba.addInParameter(cmd, "@IsDisable", DbType.Boolean, user.IsDisable);
dba.addInParameter(cmd, "@IsActive", DbType.Boolean, user.IsActive);
dba.addInParameter(cmd, "@Email", DbType.AnsiString, user.Email);
dba.addInParameter(cmd, "@Mobile", DbType.AnsiString, user.Mobile);
dba.addInParameter(cmd, "@GroupId", DbType.AnsiString, user.GroupId);
bool ret = dba.execNonQuery(cmd) != 0;
if (!ret)
{
throw new XUserException("用户添加失败");
}
return(ret);
}
public Dictionary <string, PermissionObject> getRolePermissionDict(string roleId, string objType)
{
DatabaseAdmin dba = SecuritySettings.getDBA();
DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.GetPermissionObjectsSql);
dba.addInParameter(cmd, "@roleId", DbType.String, roleId);
dba.addInParameter(cmd, "@objType", DbType.String, objType);
DataTable tb = dba.executeTable(cmd);
Dictionary <string, PermissionObject> ret = new Dictionary <string, PermissionObject>();
foreach (DataRow r in tb.Rows)
{
int p = 0;
PermissionObject permObj = new PermissionObject();
permObj.ObjectId = r["object_id"].ToString();
permObj.ObjectType = r["object_type"].ToString();
int.TryParse(r["permission"].ToString(), out p);
permObj.Permission = (PermissionTypes)p;
ret.Add(permObj.ObjectId, permObj);
}
return(ret);
}
public bool repassword(string password1, string password2)
{
if (!Security.IsLogin)
{
throw new XUserException("请先登录");
}
if (password1.Equals(password2))
{
throw new XUserException("两次输入的密码不一致");
}
DatabaseAdmin dba = SecuritySettings.getDBA();
DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.InsertUserSql);
dba.addInParameter(cmd, "@Id", DbType.String, Security.user.Id);
return(dba.execNonQuery(cmd) != 0);
}
private List <ListDataRow> getSubTableRows(Dictionary <string, string> pks, SubTableSchema subSchema)
{
DatabaseAdmin dba = DatabaseAdmin.getInstance();
DataSource subDs = new DataSource(subSchema.Name);
DataSourceSchema dss = subDs.getSchema();
if (dss.SelectCommand.CommandType != CommandType.TableDirect)
{
throw new XException(string.Format(Lang.SubTableSelCommandTypeOnlyIsTable, subSchema.Name));
}
StringBuilder sb = new StringBuilder("select * from ");
sb.Append(dss.SelectCommand.CommandText);
sb.Append(" ");
sb.Append(" where ");
Hashtable ps = new Hashtable();
for (int i = 0; i < subSchema.Fks.Count; i++)
{
string fk = subSchema.Fks[i];
string pk = _schema.PrimaryKeys[i];
sb.Append(fk);
sb.Append("=@");
sb.Append(pk);
sb.Append(" and ");
ps.Add("@" + pk, pks[pk].ToString());
}
sb.Remove(sb.Length - 5, 5);
DbCommand cmd = dba.getSqlStringCommand(sb.ToString());
foreach (string key in ps.Keys)
{
dba.addInParameter(cmd, key, DbType.String, ps[key]);
}
DataTable tb = dba.executeTable(cmd);
List <ListDataRow> rows = new List <ListDataRow>();
foreach (DataRow row in tb.Rows)
{
rows.Add(DataSourceComm.readRow(tb, dss, row));
}
return(rows);
}
/// <summary>
/// 获取过滤表单的输入组件定义
/// </summary>
/// <returns></returns>
private DataSet updateSourceTableRow(ListDataRow row)
{
DatabaseAdmin dba = DatabaseAdmin.getInstance(_schema.ConnectionName);
// Database db = dba.Database;
DbCommand cmd = null;
cmd = dba.getSqlStringCommand(" update " + _schema.TableName);
StringBuilder sb = new StringBuilder();
StringBuilder sbWhere = new StringBuilder();
sb.Append(" update [");
sb.Append(_schema.TableName);
sb.Append("] set ");
bool first = true;
foreach (string field in row.Keys)
{
string paramName = "@" + field.Replace(' ', '_');
FieldSchema fldSchema = null;
if (field.StartsWith(XSqlBuilder.OLD_VERSION_PIX))
{
string keyField = field.Replace(XSqlBuilder.OLD_VERSION_PIX, "");
fldSchema = _schema.Fields.GetItem(keyField);
sbWhere.Append(" and [");
sbWhere.Append(keyField);
sbWhere.Append("]=");
sbWhere.Append(paramName);
}
else
{
fldSchema = _schema.Fields.GetItem(field);
if (readOnlyFields.Contains(field))
{
continue;
}
if (first)
{
first = false;
}
else
{
sb.Append(",");
}
sb.Append("[");
sb.Append(field);
sb.Append("]");
sb.Append("=");
sb.Append(paramName);
}
dba.addInParameter(cmd, paramName, fldSchema.DataType, string.IsNullOrEmpty(row[field]) ? null : row[field]);
}
sbWhere.Remove(0, 5);
if (sbWhere.Length < 2)
{
throw new XException(Lang.UpdateNoKey);
}
sb.Append(" where ");
sb.Append(sbWhere.ToString());
cmd.CommandText = sb.ToString();
return(dba.executeDateSet(cmd));
}
private DbCommand getSelectCommand(int pageSize, int pageNo, string fields, Dictionary <string, string> queryParams, string where, string orderBy, string groupBy)
{
string connectionName = _schema.ConnectionName;
string selectSql;
// tableNames = new List<string>();
DbCommand cmd = null;
switch (_schema.SelectCommand.CommandType)
{
case CommandType.TableDirect:
if (pageNo > 1 || pageSize > 1)
{
cmd = getPagingSpCommand(_schema.SelectCommand.CommandText, pageSize, pageNo, fields, where, orderBy, groupBy);
}
if (cmd == null)
{
selectSql = XSqlBuilder.BuildTableSql(_schema.SelectCommand.CommandText, pageSize, pageNo, fields, where, orderBy, groupBy);
cmd = dbAdmin.getSqlStringCommand(selectSql);
}
else
{
_schema.IsPagingByParams = true;
}
break;
case CommandType.Text:
selectSql = _schema.SelectCommand.CommandText;
SqlParse xSql = new SqlParse(selectSql);
cmd = dbAdmin.getSqlStringCommand(selectSql);
// paramNames = xSql.GetParamNames();
break;
case CommandType.StoredProcedure:
selectSql = _schema.SelectCommand.CommandText;
cmd = dbAdmin.GetStoredProcCommandWithSourceColumns(selectSql, fields.Split(','));
break;
}
if (_schema.SelectCommand != null && _schema.SelectCommand.QueryParams != null)
{
foreach (ParameterSchema ps in _schema.SelectCommand.QueryParams)
{
if (string.IsNullOrEmpty(ps.Id))
{
continue;
}
string name = ps.Id;
object value = ps.DefaultValue;
if (queryParams != null && queryParams.ContainsKey(name))
{
value = queryParams[name];
}
//if (name.Equals(DataSourceConst.PagingPageNo, StringComparison.OrdinalIgnoreCase))
// value = pageNo;
//if (name.Equals(DataSourceConst.PagingPageSize, StringComparison.OrdinalIgnoreCase))
// value = pageSize;
if (cmd.Parameters.Contains(name))
{
dbAdmin.Database.SetParameterValue(cmd, name, value);
}
else if (ps.Direction == ParameterDirection.Input)
{
dbAdmin.addInParameter(cmd, name, ps.DataType, value);
}
else
{
dbAdmin.AddOutParameter(cmd, name, ps.DataType, ps.DataSize);
}
}
}
return(cmd);
}
