public void Permit(int userId, ACLROLETYPE roleType, int resourceId, ACLOPERATION operation)
{
// user have to have write privilege on resource
CACLEntity acl = new CACLEntity();
acl.Acl_Resource = resourceId;
acl.Acl_Operation = (int)ACLOPERATION.WRITE;
if (!CheckPrivilege(acl))
{
throw new Exception("没有写权限");
}
List <CACLEntity> userAcls = new List <CACLEntity>();
if (roleType == ACLROLETYPE.USERROLE)
{
CUserEntity user = new CUserEntity(ConnString).Load(userId);
userAcls = user.GetUserACLs();
}
else if (roleType == ACLROLETYPE.GROUPROLE)
{
CGroupEntity group = new CGroupEntity(ConnString).Load(userId);
userAcls = group.GetGroupACLs();
}
// check if this acl conflicts with others
CResourceEntity resource = new CResourceEntity(ConnString).Load(resourceId);
foreach (CACLEntity userAcl in userAcls)
{
if (resource.IsChild(userAcl.Acl_Resource) && userAcl.Acl_Operation == (int)operation)
{
throw new Exception("与其他权限冲突");
}
}
// create acl
CACLEntity acl1 = new CACLEntity(ConnString);
acl1.Acl_Resource = resourceId;
acl1.Acl_Role = userId;
acl1.Acl_RType = (int)roleType;
acl1.Acl_Operation = (int)operation;
acl1.Acl_Creator = this.Usr_Id;
acl1.Acl_CreateTime = DateTime.Now;
acl1.Insert();
// remove all child privileges
foreach (CACLEntity ua in userAcls)
{
resource = new CResourceEntity(ConnString).Load(ua.Acl_Resource);
if (resource.IsChild(resourceId) && ua.Acl_Operation == (int)operation)
{
ua.Delete();
}
}
}
// newUser.Usr_Organize neend be set
public CUserEntity CreateAdminlUser(CUserEntity newUser)
{
try
{
// Check privilege
CACLEntity acl = new CACLEntity();
acl.Acl_Operation = (int)ACLOPERATION.CRETAEORGANIZEADMIN;
acl.Acl_Resource = Usr_Organize;
if (!CheckPrivilege(acl))
{
throw new Exception("当前用户无创建管理员用户权限");
}
// create admin
newUser.Usr_Type = (int)USERTYPE.ORGANIZEADMIN;
CUserEntity user = CreateUser(newUser);
// add acls to admin, organize acl, root dir acl
COrganizeEntity organize = new COrganizeEntity(ConnString);
organize = organize.Load(user.Usr_Organize);
/*
* CACLEntity acl1 = new CACLEntity(ConnString);
* acl1.Acl_CreateTime = DateTime.Now;
* acl1.Acl_Creator = Usr_Id;
* acl1.Acl_Operation = 0;
* acl1.Acl_Resource = organize.Org_Id;
* acl1.Acl_Role = user.Usr_Id;
* acl1.Acl_RType = (int)ACLROLETYPE.USERROLE;
* acl1.Acl_Id = acl1.Insert();
*/
CACLEntity acl2 = new CACLEntity(ConnString);
acl2.Acl_CreateTime = DateTime.Now;
acl2.Acl_Creator = Usr_Id;
acl2.Acl_Operation = (int)ACLOPERATION.WRITE;
acl2.Acl_Resource = organize.Org_Resource;
acl2.Acl_Role = user.Usr_Id;
acl2.Acl_RType = (int)ACLROLETYPE.USERROLE;
acl2.Acl_Id = acl2.Insert();
CACLEntity acl3 = new CACLEntity(ConnString);
acl3.Acl_CreateTime = DateTime.Now;
acl3.Acl_Creator = Usr_Id;
acl3.Acl_Operation = (int)ACLOPERATION.READ;
acl3.Acl_Resource = organize.Org_Resource;
acl3.Acl_Role = user.Usr_Id;
acl3.Acl_RType = (int)ACLROLETYPE.USERROLE;
acl3.Acl_Id = acl3.Insert();
return(user);
}
catch (Exception e)
{
throw e;
}
}
public CUserEntity CreateNormalUser(CUserEntity newUser)
{
try
{
// Check privilege
CACLEntity acl = new CACLEntity();
acl.Acl_Operation = (int)ACLOPERATION.CREATENORMALUSER;
acl.Acl_Resource = Usr_Organize;
if (!CheckPrivilege(acl))
{
throw new Exception("当前用户无创建新用户权限");
}
// create user
newUser.Usr_Type = (int)USERTYPE.NORMALUSER;
CUserEntity user = CreateUser(newUser);
// add acl to user
CACLEntity acl2 = new CACLEntity(ConnString);
acl2.Acl_CreateTime = DateTime.Now;
acl2.Acl_Creator = Usr_Id;
acl2.Acl_Operation = (int)ACLOPERATION.WRITE;
acl2.Acl_Resource = user.Usr_Resource;
acl2.Acl_Role = user.Usr_Id;
acl2.Acl_RType = (int)ACLROLETYPE.USERROLE;
acl2.Acl_Id = acl2.Insert();
CACLEntity acl1 = new CACLEntity(ConnString);
acl1.Acl_CreateTime = DateTime.Now;
acl1.Acl_Creator = Usr_Id;
acl1.Acl_Operation = (int)ACLOPERATION.READ;
acl1.Acl_Resource = user.Usr_Resource;
acl1.Acl_Role = user.Usr_Id;
acl1.Acl_RType = (int)ACLROLETYPE.USERROLE;
acl1.Acl_Id = acl1.Insert();
return(user);
}
catch (Exception e)
{
throw e;
}
}
