public override string GetIdByCode(string permissionItemCode) { PiPermissionItemManager permissionItemManager = new PiPermissionItemManager(DBProvider); // 这里应该是若不存在就自动加一个操作权限 return(permissionItemManager.GetIdByAdd(permissionItemCode)); }
/// <summary> /// 设置约束条件 /// </summary> /// <param name="resourceCategory">资源类别</param> /// <param name="resourceId">资源主键</param> /// <param name="tableName">表名</param> /// <param name="constraint">约束</param> /// <param name="enabled">有效</param> /// <param name="permissionCode">操作权限项</param> /// <returns>主键</returns> public string SetConstraint(string resourceCategory, string resourceId, string tableName, string permissionCode, string constraint, bool enabled = true) { string returnValue = string.Empty; string permissionId = string.Empty; PiPermissionItemManager permissionItemManager = new PiPermissionItemManager(this.UserInfo); permissionId = permissionItemManager.GetIdByAdd(permissionCode); PiPermissionScopeManager manager = new PiPermissionScopeManager(this.DBProvider, this.UserInfo); string[] names = { PiPermissionScopeTable.FieldResourceCategory , PiPermissionScopeTable.FieldResourceId , PiPermissionScopeTable.FieldTargetCategory , PiPermissionScopeTable.FieldTargetId , PiPermissionScopeTable.FieldPermissionId , PiPermissionScopeTable.FieldDeleteMark }; Object[] values = { resourceCategory , resourceId , "Table" , tableName , permissionId , 0 }; // 1:先获取是否有这样的主键,若有进行更新操作。 // 2:若没有进行添加操作。 returnValue = manager.GetId(names, values); if (!string.IsNullOrEmpty(returnValue)) { string[] targetFields = { PiPermissionScopeTable.FieldPermissionConstraint, PiPermissionScopeTable.FieldEnabled }; Object[] targetValues = { constraint, enabled ? 1 : 0 }; manager.SetProperty(PiPermissionScopeTable.FieldId, returnValue, targetFields, targetValues); } else { PiPermissionScopeEntity entity = new PiPermissionScopeEntity { ResourceCategory = resourceCategory, ResourceId = resourceId, TargetCategory = "Table", TargetId = tableName, PermissionConstraint = constraint, PermissionId = permissionId, DeleteMark = 0, Enabled = enabled ? 1 : 0 }; returnValue = manager.Add(entity); } return(returnValue); }
public PiPermissionScopeEntity GetConstraintEntity(string resourceCategory, string resourceId, string tableName, string permissionCode = "Resource.AccessPermission") { PiPermissionScopeEntity entity = null; string permissionId = string.Empty; PiPermissionItemManager permissionItemManager = new PiPermissionItemManager(this.UserInfo); permissionId = permissionItemManager.GetIdByAdd(permissionCode); PiPermissionScopeManager manager = new PiPermissionScopeManager(this.DBProvider, this.UserInfo); string[] names = { PiPermissionScopeTable.FieldResourceCategory , PiPermissionScopeTable.FieldResourceId , PiPermissionScopeTable.FieldTargetCategory , PiPermissionScopeTable.FieldTargetId , PiPermissionScopeTable.FieldPermissionId , PiPermissionScopeTable.FieldDeleteMark }; Object[] values = { resourceCategory , resourceId , "Table" , tableName , permissionId , 0 }; // 1:先获取是否有这样的主键,若有进行更新操作。 DataTable dt = manager.GetDT(names, values); if (dt.Rows.Count > 0) { entity = BaseEntity.Create <PiPermissionScopeEntity>(dt); } return(entity); }
// // ResourcePermission 权限判断 // #region public bool CheckPermissionByUser(string userId, string permissionItemCode, string permissionItemName = null) 是否有相应的权限 /// <summary> /// 是否有相应的权限 /// </summary> /// <param name="userId">用户主键</param> /// <param name="permissionItemCode">权限编号</param> /// <param name="permissionItemName">权限名称</param> /// <returns>是否有权限</returns> public bool CheckPermissionByUser(string userId, string permissionItemCode, string permissionItemName = null) { // 若不存在就需要自动能增加一个操作权限项 var permissionItemManager = new PiPermissionItemManager(DBProvider, UserInfo, PiPermissionItemTable.TableName); var permissionItemId = permissionItemManager.GetIdByAdd(permissionItemCode, permissionItemName); var permissionItemEntity = permissionItemManager.GetEntity(permissionItemId); // 先判断用户类别 if (UserInfo.IsAdministrator) { return(true); } // 没有找到相应的权限 if (String.IsNullOrEmpty(permissionItemId)) { return(false); } // 这里需要判断,是系统权限? var returnValue = false; var userManager = new PiUserManager(this.DBProvider, this.UserInfo); var userRoleManager = new PiUserRoleManager(this.DBProvider, this.UserInfo); if (!string.IsNullOrEmpty(permissionItemEntity.CategoryCode) && permissionItemEntity.CategoryCode.Equals("System")) { // 用户管理员拥有所有的系统权限,不需要授予。 returnValue = userRoleManager.UserInRole(userId, "UserAdmin"); if (returnValue) { return(returnValue); } } // 这里需要判断,是业务(应用)权限? if (!string.IsNullOrEmpty(permissionItemEntity.CategoryCode) && permissionItemEntity.CategoryCode.Equals("Application")) { //业务管理员拥有所有的业务(应用)权限,不需要授予。 returnValue = userRoleManager.UserInRole(userId, "Admin"); if (returnValue) { return(returnValue); } } // 判断用户权限 if (this.CheckUserPermission(userId, permissionItemId)) { return(true); } // 判断用户角色权限 if (this.CheckUserRolePermission(userId, permissionItemId)) { return(true); } // 判断用户组织机构权限,这里有开关是为了提高性能用的, // 下面的函数接着还可以提高性能,可以进行一次判断就可以了,其实不用执行4次判断,浪费I/O,浪费性能。 if (SystemInfo.EnableOrganizePermission) { //得到用户所有所在的部门(以公司、分支机构、部门、子部门、工作组),包括兼职部门 var organizeIds = userManager.GetAllOrganizeIds(userId); if (this.CheckUserOrganizePermission(userId, permissionItemId, organizeIds)) { return(true); } } return(false); }
/// <summary> /// 获取用户的条件约束表达式 /// </summary> /// <param name="tableName">表名</param> /// <param name="permissionCode">权限代码</param> /// <returns>主键</returns> public string GetUserConstraint(string tableName, string permissionCode = "Resource.AccessPermission") { string returnValue = string.Empty; // 这里是获取用户的条件表达式 // 1: 首先用户在哪些角色里是有效的? // 2: 这些角色都有哪些哪些条件约束? // 3: 组合约束条件? // 4:用户本身的约束条件? string permissionId = string.Empty; PiPermissionItemManager permissionItemManager = new PiPermissionItemManager(this.UserInfo); permissionId = permissionItemManager.GetIdByAdd(permissionCode); PiUserRoleManager manager = new PiUserRoleManager(this.DBProvider, this.UserInfo); string[] roleIds = manager.GetAllRoleIds(UserInfo.Id); if (roleIds == null || roleIds.Length == 0) { return(returnValue); } PiPermissionScopeManager scopeManager = new PiPermissionScopeManager(this.DBProvider, this.UserInfo); string[] names = { PiPermissionScopeTable.FieldResourceCategory , PiPermissionScopeTable.FieldResourceId , PiPermissionScopeTable.FieldTargetCategory , PiPermissionScopeTable.FieldTargetId , PiPermissionScopeTable.FieldPermissionId , PiPermissionScopeTable.FieldEnabled , PiPermissionScopeTable.FieldDeleteMark }; Object[] values = { PiRoleTable.TableName , roleIds , "Table" , tableName , permissionId , 1 , 0 }; DataTable dtPermissionScope = scopeManager.GetDT(names, values); string permissionConstraint = string.Empty; foreach (DataRow dataRow in dtPermissionScope.Rows) { permissionConstraint = dataRow[PiPermissionScopeTable.FieldPermissionConstraint].ToString(); permissionConstraint = permissionConstraint.Trim(); if (!string.IsNullOrEmpty(permissionConstraint)) { returnValue += " AND " + permissionConstraint; } } //得到当前用户的约束条件 string userConstraint = this.GetConstraint(PiUserTable.TableName, this.UserInfo.Id, tableName) ?? ""; if (!string.IsNullOrEmpty(userConstraint)) { returnValue += " AND " + userConstraint; } if (!string.IsNullOrEmpty(returnValue)) { returnValue = returnValue.Substring(5); // 解析替换约束表达式标准函数 returnValue = ConstraintUtil.PrepareParameter(this.UserInfo, returnValue); } return(returnValue); }
/// <summary> /// 获取约束条件(所有的约束) /// </summary> /// <param name="resourceCategory">资源类别</param> /// <param name="resourceId">资源主键</param> /// <param name="permissionCode">权限代码</param> /// <returns>数据表</returns> public DataTable GetConstraintDT(string resourceCategory, string resourceId, string permissionCode = "Resource.AccessPermission") { DataTable dataTable = new DataTable(CiTableColumnsTable.TableName); /* * -- 这里是都有哪些表? * SELECT ItemValue, ItemName * FROM PiTablePermissionScope * WHERE (DeleteMark = 0) * AND (Enabled = 1) * ORDER BY PiTablePermissionScope.SortCode */ /* * -- 这里是都有有哪些表达式 * SELECT Id, TargetId, PermissionConstraint -- 对什么表有什么表达式? * FROM PiPermissionScope * WHERE (ResourceId = 10000000) * AND (ResourceCategory = 'PiRole') -- 什么角色? * AND (TargetId = 'PiUser') * AND (TargetCategory = 'Table') * AND (PermissionId = 10000001) -- 有什么权限?(资源访问权限) * AND (DeleteMark = 0) * AND (Enabled = 1) */ string permissionId = string.Empty; PiPermissionItemManager permissionItemManager = new PiPermissionItemManager(this.UserInfo); permissionId = permissionItemManager.GetIdByAdd(permissionCode); string sqlQuery = @" SELECT PIPERMISSIONSCOPE.ID , PITABLEPERMISSIONSCOPE.ITEMVALUE TABLECODE , PITABLEPERMISSIONSCOPE.ITEMNAME TABLENAME , PIPERMISSIONSCOPE.PERMISSIONCONSTRAINT , PITABLEPERMISSIONSCOPE.SORTCODE FROM ( SELECT ITEMVALUE , ITEMNAME , SORTCODE FROM PITABLEPERMISSIONSCOPE WHERE (DELETEMARK = 0) AND (ENABLED = 1) ) PITABLEPERMISSIONSCOPE LEFT OUTER JOIN (SELECT ID , TARGETID , PERMISSIONCONSTRAINT FROM PIPERMISSIONSCOPE WHERE (RESOURCECATEGORY = '" + resourceCategory + @"') AND (RESOURCEID = '" + resourceId + @"') AND (TARGETCATEGORY = 'Table') AND (PERMISSIONID = '" + permissionId + @"') AND (DELETEMARK = 0) AND (ENABLED = 1) ) PIPERMISSIONSCOPE ON PITABLEPERMISSIONSCOPE.ITEMVALUE = PIPERMISSIONSCOPE.TARGETID ORDER BY PITABLEPERMISSIONSCOPE.SORTCODE "; dataTable = this.Fill(sqlQuery); dataTable.TableName = CiTableColumnsTable.TableName; return(dataTable); }