public void Permit(int userId, ACLROLETYPE roleType, int resourceId, ACLOPERATION operation) { // user have to have write privilege on resource CACLEntity acl = new CACLEntity(); acl.Acl_Resource = resourceId; acl.Acl_Operation = (int)ACLOPERATION.WRITE; if (!CheckPrivilege(acl)) { throw new Exception("没有写权限"); } List <CACLEntity> userAcls = new List <CACLEntity>(); if (roleType == ACLROLETYPE.USERROLE) { CUserEntity user = new CUserEntity(ConnString).Load(userId); userAcls = user.GetUserACLs(); } else if (roleType == ACLROLETYPE.GROUPROLE) { CGroupEntity group = new CGroupEntity(ConnString).Load(userId); userAcls = group.GetGroupACLs(); } // check if this acl conflicts with others CResourceEntity resource = new CResourceEntity(ConnString).Load(resourceId); foreach (CACLEntity userAcl in userAcls) { if (resource.IsChild(userAcl.Acl_Resource) && userAcl.Acl_Operation == (int)operation) { throw new Exception("与其他权限冲突"); } } // create acl CACLEntity acl1 = new CACLEntity(ConnString); acl1.Acl_Resource = resourceId; acl1.Acl_Role = userId; acl1.Acl_RType = (int)roleType; acl1.Acl_Operation = (int)operation; acl1.Acl_Creator = this.Usr_Id; acl1.Acl_CreateTime = DateTime.Now; acl1.Insert(); // remove all child privileges foreach (CACLEntity ua in userAcls) { resource = new CResourceEntity(ConnString).Load(ua.Acl_Resource); if (resource.IsChild(resourceId) && ua.Acl_Operation == (int)operation) { ua.Delete(); } } }
public void Deny(int userId, ACLROLETYPE roleType, int resourceId, ACLOPERATION operation) { // user have to have write privilege on resource CACLEntity acl = new CACLEntity(); acl.Acl_Resource = resourceId; acl.Acl_Operation = (int)ACLOPERATION.WRITE; if (!CheckPrivilege(acl)) { throw new Exception("没有写权限"); } String filter = "this.Acl_Resource=" + resourceId + " and this.Acl_Operation=" + (int)operation; filter += " and this.Acl_Role=" + userId + " and this.Acl_RType=" + (int)roleType; new CACLEntity(ConnString).Delete(filter); }