Exemplo n.º 1
0
        protected void BindUserEntityPermissions(QueryBase q, AccessRightValue access)
        {
            //get entity permissions
            var roles = _user?.Roles?.Select(r => r.RoleId);

            if (!roles.Any())
            {
                OnException(_loc["notspecified_userroles"]);
            }
            var entities = q is QueryExpression ? (q as QueryExpression).GetAllEntityNames() : new List <string>()
            {
                q.EntityName
            };
            var entIds = _entityFinder.FindByNames(entities.ToArray()).Select(n => n.EntityId);

            _user.RoleObjectAccessEntityPermission = _roleObjectAccessEntityPermissionService.GetPermissions(entIds, roles, access);
        }
        public List <RoleObjectAccessEntityPermission> GetPermissions(IEnumerable <Guid> entityIds, IEnumerable <Guid> roleIds, AccessRightValue access)
        {
            Sql s = Sql.Builder.Append(@"SELECT MAX([RoleObjectAccess].[AccessRightsMask]) AS AccessRightsMask,[EntityPermission].[EntityId] AS EntityId,[EntityPermission].[AccessRight] AS AccessRight
                       FROM RoleObjectAccess WITH(NOLOCK)
                       INNER JOIN EntityPermission AS EntityPermission WITH(NOLOCK) ON EntityPermission.[EntityPermissionId]=RoleObjectAccess.[ObjectId]
                       WHERE [EntityPermission].[EntityId] IN (@0)
                       AND [RoleObjectAccess].[RoleId] IN (@1)
                       AND [EntityPermission].[AccessRight] = @2
                       GROUP BY [EntityPermission].[EntityId],[EntityPermission].[AccessRight]", entityIds, roleIds, (int)access);

            return(_repository.ExecuteQuery(s.SQL, s.Arguments));
        }
        public RoleObjectAccessEntityPermission FindUserPermission(string entityName, string userAccountName, AccessRightValue access)
        {
            Sql s = Sql.Builder.Append(@"SELECT a.AccessRight,MAX(b.AccessRightsMask) AccessRightsMask FROM EntityPermission a
                INNER JOIN RoleObjectAccess b ON a.EntityPermissionId = b.ObjectId
                INNER JOIN Entity c ON a.EntityId = c.EntityId AND c.AuthorizationEnabled=1 AND c.Name=@0
                INNER JOIN SystemUserRoles d ON b.RoleId = d.RoleId
                INNER JOIN SystemUser e ON d.SystemUserId = e.SystemUserId AND e.LoginName=@1
                WHERE a.AccessRight=@2
                GROUP BY a.AccessRight", entityName, userAccountName, access);

            return(_repository.Find(s.SQL, s.Arguments));
        }
Exemplo n.º 4
0
        /// <summary>
        /// 校验实体权限
        /// </summary>
        /// <param name="entity"></param>
        /// <param name="access"></param>
        /// <param name="entityMetadata"></param>
        protected void VerifyEntityPermission(Entity entity, AccessRightValue access, Schema.Domain.Entity entityMetadata = null)
        {
            entityMetadata = entityMetadata ?? GetEntityMetaData(entity.Name);
            //authorization disabled or user is administrator group
            if (!entityMetadata.AuthorizationEnabled || _user.IsSuperAdmin)
            {
                return;
            }

            bool hasPermission = false;
            //operation permission
            var roleEntityPermission = _roleObjectAccessEntityPermissionService.FindUserPermission(entity.Name, _user.LoginName, access);
            //if (roleEntityPermission == null) return;
            //permission depth
            var depth = "none";

            if (roleEntityPermission != null)
            {
                var data = entity.UnWrapAttributeValue();
                if (entityMetadata.EntityMask == EntityMaskEnum.Organization)
                {
                    var b = data.GetGuidValue("organizationid");
                    hasPermission = (roleEntityPermission.AccessRightsMask != EntityPermissionDepth.None && this._user.OrganizationId.Equals(b));
                }
                else
                {
                    var ownerIdType = data.GetIntValue("owneridtype");
                    //full
                    if (roleEntityPermission.AccessRightsMask == EntityPermissionDepth.Organization)
                    {
                        hasPermission = true;
                    }
                    else if (ownerIdType == (int)OwnerTypes.SystemUser)
                    {
                        //basic
                        if (roleEntityPermission.AccessRightsMask == EntityPermissionDepth.Self)
                        {
                            hasPermission = data.GetGuidValue("ownerid").Equals(this._user.SystemUserId);
                        }
                        //local
                        else if (roleEntityPermission.AccessRightsMask == EntityPermissionDepth.BusinessUnit)
                        {
                            var b = data.GetGuidValue("owningbusinessunit");
                            hasPermission = _user.BusinessUnitId.Equals(b);
                        }
                        //deep
                        else if (roleEntityPermission.AccessRightsMask == EntityPermissionDepth.BusinessUnitAndChild)
                        {
                            var b = data.GetGuidValue("owningbusinessunit");
                            hasPermission = _businessUnitService.IsChild(this._user.BusinessUnitId, b);
                        }
                    }
                    else if (ownerIdType == (int)OwnerTypes.Team)
                    {
                        //basic
                        if (roleEntityPermission.AccessRightsMask == EntityPermissionDepth.Self)
                        {
                            hasPermission = data.GetGuidValue("ownerid").Equals(this._user.SystemUserId);
                        }
                        //local
                        else if (roleEntityPermission.AccessRightsMask == EntityPermissionDepth.BusinessUnit)
                        {
                            var b = data.GetGuidValue("owningbusinessunit");
                            hasPermission = _user.BusinessUnitId.Equals(b);
                        }
                        //deep
                        else if (roleEntityPermission.AccessRightsMask == EntityPermissionDepth.BusinessUnitAndChild)
                        {
                            var b = data.GetGuidValue("owningbusinessunit");
                            hasPermission = _businessUnitService.IsChild(this._user.BusinessUnitId, b);
                        }
                    }
                }
                depth = roleEntityPermission.AccessRightsMask.ToString();
            }
            //shared permission
            if (!hasPermission)
            {
                var objectId = entity.GetIdValue();
                var poa      = _principalObjectAccessService.Find(n => n.ObjectId == objectId && n.AccessRightsMask == access);
                hasPermission = poa != null;
            }
            if (!hasPermission)
            {
                var msg = Enum.GetName(typeof(AccessRightValue), access);
                msg = _loc["security_" + msg];
                OnException(string.Format(_loc["security_noentitypermission"] + " " + depth, entityMetadata.LocalizedName, msg));
            }
        }
 public List <RoleObjectAccessEntityPermission> GetPermissions(IEnumerable <Guid> entityIds, IEnumerable <Guid> roleIds, AccessRightValue access)
 {
     return(_roleObjectAccessEntityPermissionRepository.GetPermissions(entityIds, roleIds, access));
 }
 public RoleObjectAccessEntityPermission FindUserPermission(string entityName, string userAccountName, AccessRightValue access)
 {
     return(_roleObjectAccessEntityPermissionRepository.FindUserPermission(entityName, userAccountName, access));
 }