public SCUpdateObjectAclExecutor(SCOperationType opType, SCAclContainer container)
: base(opType)
{
container.NullCheck("container");
this._Container = container;
}
public SCOrganizationRelativeExecutor(SCOperationType opType, SCOrganization parent, SCBase data)
: base(opType, data)
{
parent.NullCheck("organization");
data.ClearRelativeData();
parent.ClearRelativeData();
this._Parent = parent;
this._Relation = PrepareRelationObject(parent, data);
if (this.OperationType == SCOperationType.AddOrganization)
this._AclContainer = PrepareAclContainer(parent, data);
if (data is SCUser)
{
this._TargetParentRelations = data.CurrentParentRelations;
if (this.OperationType == SCOperationType.AddUser && this._TargetParentRelations.Count == 0)
{
SCUser user = (SCUser)data;
user.OwnerID = parent.ID;
user.OwnerName = parent.Properties.GetValue("Name", string.Empty);
}
}
}
public void AddAclPermissionsTest()
{
//准备组织数据
SCOrganization organization = SCObjectGenerator.PrepareOrganizationObject();
SCObjectOperations.Instance.AddOrganization(organization, SCOrganization.GetRoot());
//准备应用
SCApplication application = SCObjectGenerator.PrepareApplicationObject();
SCObjectOperations.Instance.AddApplication(application);
SCRole role1 = SCObjectGenerator.PrepareRoleObject();
//准备角色
SCObjectOperations.Instance.AddRole(role1, application);
//准备人员
SCUser user1 = SCObjectGenerator.PrepareUserObject("RU1", "User1", "RoleUser1");
SCObjectOperations.Instance.AddUser(user1, organization);
//将人员添加到角色
SCObjectOperations.Instance.AddMemberToRole(user1, role1);
SCRole role2 = SCObjectGenerator.PrepareRoleObject();
//准备角色
SCObjectOperations.Instance.AddRole(role2, application);
//准备人员
SCUser user2 = SCObjectGenerator.PrepareUserObject("RU1", "User1", "RoleUser1");
SCObjectOperations.Instance.AddUser(user2, organization);
//将人员添加到角色
SCObjectOperations.Instance.AddMemberToRole(user2, role2);
//准备Container
SCAclContainer container = new SCAclContainer(organization);
container.Members.Add("AddChildren", role1);
container.Members.Add("AddChildren", role2);
Console.WriteLine("Container ID: {0}", container.ContainerID);
SCObjectOperations.Instance.UpdateObjectAcl(container);
SCAclMemberCollection members = SCAclAdapter.Instance.LoadByContainerID(organization.ID, DateTime.MinValue);
Assert.IsTrue(members.ContainsKey("AddChildren", role1.ID));
Assert.AreEqual(SchemaObjectStatus.Normal, members["AddChildren", role1.ID].Status);
Assert.IsTrue(members.ContainsKey("AddChildren", role2.ID));
Assert.AreEqual(SchemaObjectStatus.Normal, members["AddChildren", role2.ID].Status);
}
private SCAclContainer PrepareAclContainer(AdminUnit parent, AdminUnit currentData)
{
SCAclContainer result = null;
if (currentData is ISCAclContainer)
{
result = new SCAclContainer(currentData);
if (parent != null)
{
AUCommon.DoDbAction(() =>
result.Members.CopyFrom(AUAclAdapter.Instance.LoadByContainerID(parent.ID, DateTime.MinValue)));
}
}
return result;
}
public AdminUnitExecutor(AUOperationType opType, AdminUnit parent, AdminUnit child)
: base(opType, child)
{
child.NullCheck("child");
child.ClearRelativeData();
if (parent != null)
parent.ClearRelativeData();
if (!(opType != AUOperationType.AddAdminUnit | opType != AUOperationType.RemoveAdminUnit))
throw new ApplicationException("此Executor不支持" + opType + "操作");
this.inputParent = parent;
if (this.OperationType == AUOperationType.AddAdminUnit)
this.aclContainer = PrepareAclContainer(parent, child);
}
/// <summary>
/// 更新一个容器下的Acl信息
/// </summary>
/// <param name="containerID"></param>
/// <param name="aclItems"></param>
public void Update(SCAclContainer container)
{
container.NullCheck("container");
container.FillMembersProperties();
ORMappingItemCollection mappings = this.GetMappingInfo();
WhereSqlClauseBuilder builder = new WhereSqlClauseBuilder();
builder.AppendItem("ContainerID", container.ContainerID);
string sql = this.GetUpdateSql(container.ContainerID, container.Members);
using (TransactionScope scope = TransactionScopeFactory.Create())
{
DateTime dt = (DateTime)DbHelper.RunSqlReturnScalar(
sql, this.GetConnectionName());
SCActionContext.Current.TimePoint.IsMinValue(() => SCActionContext.Current.TimePoint = dt);
//foreach (SCAclItem aclItem in container.Members)
//{
// SCSnapshotBasicAdapter.Instance.UpdateCurrentSnapshot(mappings.TableName,
// mappings.TableName + "_Current",
// ORMapping.GetWhereSqlClauseBuilderByPrimaryKey(aclItem, mappings));
//}
scope.Complete();
}
}
/// <summary>
/// 更新对象的权限信息
/// </summary>
/// <param name="container">Acl的容器</param>
/// <returns>返回容器本身</returns>
public SCAclContainer UpdateObjectAcl(SCAclContainer container)
{
if (this._NeedCheckPermissions)
CheckUpdateAclPermissions(AUOperationType.UpdateObjectAcl, container.ContainerID);
AUUpdateObjectAclExecutor executor = new AUUpdateObjectAclExecutor(AUOperationType.UpdateObjectAcl, container);
SCAclContainer result = null;
ExecuteWithActions(AUOperationType.UpdateObjectAcl, () => SCActionContext.Current.DoActions(() => result = (SCAclContainer)executor.Execute()));
return result;
}
public void ClearAclMembersTest()
{
//准备组织数据
SCOrganization organization = SCObjectGenerator.PrepareOrganizationObject();
SCObjectOperations.Instance.AddOrganization(organization, SCOrganization.GetRoot());
//准备应用
SCApplication application = SCObjectGenerator.PrepareApplicationObject();
SCObjectOperations.Instance.AddApplication(application);
SCRole role1 = SCObjectGenerator.PrepareRoleObject();
//准备角色
SCObjectOperations.Instance.AddRole(role1, application);
//准备人员
SCUser user1 = SCObjectGenerator.PrepareUserObject("RU1", "User1", "RoleUser1");
SCObjectOperations.Instance.AddUser(user1, organization);
//将人员添加到角色
SCObjectOperations.Instance.AddMemberToRole(user1, role1);
SCRole role2 = SCObjectGenerator.PrepareRoleObject();
//准备角色
SCObjectOperations.Instance.AddRole(role2, application);
//准备人员
SCUser user2 = SCObjectGenerator.PrepareUserObject("RU1", "User1", "RoleUser1");
SCObjectOperations.Instance.AddUser(user2, organization);
//将人员添加到角色
SCObjectOperations.Instance.AddMemberToRole(user2, role2);
//准备Container
SCAclContainer container = new SCAclContainer(organization);
container.Members.Add("AddChildren", role1);
container.Members.Add("AddChildren", role2);
SCObjectOperations.Instance.UpdateObjectAcl(container);
Console.WriteLine("ContainerID: {0}", container.ContainerID);
//清空Members
container.Members.Clear();
SCAclMemberCollection originalMembers = SCAclAdapter.Instance.LoadByContainerID(organization.ID, DateTime.MinValue);
Assert.IsTrue(container.Members.MergeChangedItems(originalMembers));
SCObjectOperations.Instance.UpdateObjectAcl(container);
SCAclMemberCollection members = SCAclAdapter.Instance.LoadByContainerID(organization.ID, DateTime.MinValue);
Assert.IsFalse(members.ContainsKey("AddChildren", role1.ID));
Assert.IsFalse(members.ContainsKey("AddChildren", role2.ID));
}
/// <summary>
/// 更新一个容器下的Acl信息
/// </summary>
/// <param name="containerID"></param>
/// <param name="aclItems"></param>
public void Update(SCAclContainer container)
{
container.NullCheck("container");
container.FillMembersProperties();
WhereSqlClauseBuilder builder = new WhereSqlClauseBuilder();
builder.AppendItem("ContainerID", container.ContainerID);
string sql = this.GetUpdateSql(container.ContainerID, container.Members);
using (TransactionScope scope = TransactionScopeFactory.Create())
{
DateTime dt = (DateTime)DbHelper.RunSqlReturnScalar(sql, this.GetConnectionName());
SCActionContext.Current.TimePoint.IsMinValue(() => SCActionContext.Current.TimePoint = dt);
scope.Complete();
}
}
protected override object DoOperation(AUObjectOperationContext context)
{
int replacedCount = 0;
//取父级的权限定义
var aclMembers = Adapters.AUAclAdapter.Instance.LoadByContainerID(((SchemaObjectBase)(this._Parent)).ID, DateTime.MinValue);
InSqlClauseBuilder inBuilder = new InSqlClauseBuilder("ID");
inBuilder.AppendItem((from acl in aclMembers select acl.MemberID).ToArray());
WhereSqlClauseBuilder where = new WhereSqlClauseBuilder();
where.AppendItem("Status", (int)SchemaObjectStatus.Normal);
if (inBuilder.IsEmpty)
where.AppendItem("1", "2");
if (this._Candidates.Count > 0)
{
ProcessProgress.Current.MaxStep = this._Candidates.Count;
ProcessProgress.Current.CurrentStep = 0;
ProcessProgress.Current.Output.WriteLine("正在替换子对象ACL");
foreach (SchemaObjectBase candidate in this._Candidates)
{
string objName = candidate.Properties.GetValue("Name", string.Empty);
try
{
Debug.Assert(this._Parent != null, "容器对象为null");
var oldItems = AUAclAdapter.Instance.LoadByContainerID(candidate.ID, DateTime.MinValue);
var container = new SCAclContainer(candidate);
foreach (var item in aclMembers)
if (item.Status == SchemaObjectStatus.Normal)
container.Members.Add(new SCAclItem()
{
ContainerPermission = item.ContainerPermission,
MemberID = item.MemberID,
MemberSchemaType = item.MemberSchemaType
});
if (oldItems != null)
{
container.Members.MergeChangedItems(oldItems);
}
Facade.DefaultInstance.UpdateObjectAcl(container);
AUCommon.DoDbAction(() =>
{
if (SCDataOperationLockContext.Current.Lock != null && (replacedCount) % 5 == 0)
SCDataOperationLockContext.Current.ExtendLock();
});
replacedCount++;
ProcessProgress.Current.StatusText = string.Format("已替换\"{0}\"的Acl", objName);
ProcessProgress.Current.Increment();
ProcessProgress.Current.Response();
}
catch (System.Exception ex)
{
throw new ApplicationException(string.Format("替换对象{0}({1})的Acl出错: {2}", objName, candidate.ID, ex.Message));
}
}
}
else
{
ProcessProgress.Current.Output.WriteLine("当前对象没有子对象ACL");
ProcessProgress.Current.CurrentStep = ProcessProgress.Current.MaxStep = 1;
}
ProcessProgress.Current.StatusText = string.Format("总共替换了{0:#,##0}个对象的Acl", replacedCount);
ProcessProgress.Current.Response();
return this._Parent;
}
private static void InnerDoSave(SCAclMemberCollection aclMembers, SchemaObjectBase obj, bool inheritRights)
{
HashSet<string> roleIds = new HashSet<string>();
aclMembers.ForEach(m => roleIds.Add(m.MemberID));
var roles = PCService.Instance.LoadRoleByIds(roleIds.ToArray());
var pmDefs = GetPermissionDefinitions(obj.SchemaType);
var container = new SCAclContainer(obj);
foreach (var acl in aclMembers)
{
Debug.Assert(acl.ContainerID == obj.ID, "ACL的容器ID必须与对象的ID一致");
container.Members.Add(acl.ContainerPermission, roles.Find(m => m.ID == acl.MemberID));
}
//if (obj is SCOrganization)
//{
// if (obj.Properties.GetValue("AllowAclInheritance", false) != inheritRights)
// {
// obj.Properties.SetValue("AllowAclInheritance", inheritRights);
// // TODO:换更合适的方式
// PC.Executors.SCObjectOperations.Instance.UpdateOrganization((SCOrganization)obj);
// }
//}
SCAclMemberCollection originalMembers = PC.Adapters.SCAclAdapter.Instance.LoadByContainerID(obj.ID, DateTime.MinValue);
if (container.Members.MergeChangedItems(originalMembers))
AU.Operations.Facade.InstanceWithPermissions.UpdateObjectAcl(container);
}
private SCAclContainer PrepareAclContainer(SCOrganization parent, SCBase currentData)
{
SCAclContainer result = null;
if (currentData is ISCAclContainer)
{
result = new SCAclContainer(currentData);
result.Members.CopyFrom(SCAclAdapter.Instance.LoadByContainerID(parent.ID, DateTime.MinValue));
}
return result;
}
public void UpdateObjectAcl(string ownerID, ClientAclItem[] clientAcls)
{
var owner = AUCommon.DoDbProcess(() => SchemaObjectAdapter.Instance.Load(ownerID));
if (owner == null || owner.Status != SchemaObjectStatus.Normal)
throw new InvalidOperationException("指定对象不存在或已删除");
SCAclContainer container = new SCAclContainer(owner);
foreach (ClientAclItem item in clientAcls)
{
if (item.Status == ClientSchemaObjectStatus.Normal)
container.Members.Add(item.ToSCAcl());
}
container.Members.MergeChangedItems(AUAclAdapter.Instance.LoadByContainerID(ownerID, DateTime.MinValue));
this.Facade.UpdateObjectAcl(container);
}
