/// <summary>
/// 移动管理单元
/// </summary>
/// <param name="unit">将被移动的管理单元</param>
/// <param name="newParent">一个表示目标单元的<see cref="AdminUnit"/> ,或者为null,表示作为顶级管理单元</param>
public void MoveAdminUnit(AdminUnit unit, AdminUnit newParent)
{
unit.NullCheck("unit");
var parent = GetUnitParent(unit, false);
if (parent is AUSchema)
{
CheckAUSchemaPermission((AUSchema)parent);
}
else
{
CheckUnitPermission(AUOperationType.AddAdminUnit, "DeleteSubUnit", (AdminUnit)parent);
}
if (newParent != null)
{
CheckUnitPermission(AUOperationType.AddAdminUnit, "AddSubUnit", newParent);
}
else
{
CheckAUSchemaPermission(unit.GetUnitSchema());
}
MoveAUExecutor executor = new MoveAUExecutor(AUOperationType.MoveAdminUnit, unit, newParent)
{
NeedStatusCheck = this.NeedValidationAndStatusCheck
};
ExecuteWithActions(AUOperationType.MoveAdminUnit, () => SCActionContext.Current.DoActions(() =>
{
executor.Execute();
}));
}
private void CheckUnitPermission(AUOperationType opType, string permissionName, AdminUnit unit)
{
unit.NullCheck("unit");
if (unit.Status != SchemaObjectStatus.Normal)
{
throw new AUStatusCheckException(unit, opType);
}
if (this._NeedCheckPermissions)
{
if (unit == null || unit.Status != SchemaObjectStatus.Normal)
{
throw new ArgumentException(string.Format("不存在参数 unit 指定的管理单元", "unit"));
}
if (DeluxePrincipal.Current.HasPermissions(permissionName, new string[] { unit.ID }) == false)
{
//如果没有权限,检查是否超级管理员或者拥有架构权限
if (AUPermissionHelper.IsSupervisor(DeluxePrincipal.Current) == false)
{
var schema = unit.GetUnitSchema();
if (string.IsNullOrEmpty(schema.MasterRole) || DeluxePrincipal.Current.IsInRole(schema.MasterRole) == false)
{
throw CreateAclException(opType, unit.Schema, permissionName);
}
}
}
}
}
public AURoleMemberExecutor(AUOperationType opType, AUSchemaRole role, AdminUnit unit, SCUser[] users)
: base(opType)
{
role.NullCheck("role");
users.NullCheck("users");
unit.NullCheck("unit");
this.schemaRole = role;
this.users = users;
this.unit = unit;
}
public AURoleMemberExecutor(AUOperationType opType, AUSchemaRole role, AdminUnit unit, SCUser[] users)
: base(opType)
{
role.NullCheck("role");
users.NullCheck("users");
unit.NullCheck("unit");
this.schemaRole = role;
this.users = users;
this.unit = unit;
}
public AdminUnitExecutor(AUOperationType opType, AdminUnit parent, AdminUnit child)
: base(opType, child)
{
child.NullCheck("child");
child.ClearRelativeData();
if (parent != null)
parent.ClearRelativeData();
if (!(opType != AUOperationType.AddAdminUnit | opType != AUOperationType.RemoveAdminUnit))
throw new ApplicationException("此Executor不支持" + opType + "操作");
this.inputParent = parent;
if (this.OperationType == AUOperationType.AddAdminUnit)
this.aclContainer = PrepareAclContainer(parent, child);
}
public AdminUnitExecutor(AUOperationType opType, AdminUnit parent, AdminUnit child)
: base(opType, child)
{
child.NullCheck("child");
child.ClearRelativeData();
if (parent != null)
{
parent.ClearRelativeData();
}
if (!(opType != AUOperationType.AddAdminUnit | opType != AUOperationType.RemoveAdminUnit))
{
throw new ApplicationException("此Executor不支持" + opType + "操作");
}
this.inputParent = parent;
if (this.OperationType == AUOperationType.AddAdminUnit)
{
this.aclContainer = PrepareAclContainer(parent, child);
}
}
/// <summary>
/// 移动管理单元
/// </summary>
/// <param name="unit">将被移动的管理单元</param>
/// <param name="newParent">一个表示目标单元的<see cref="AdminUnit"/> ,或者为null,表示作为顶级管理单元</param>
public void MoveAdminUnit(AdminUnit unit, AdminUnit newParent)
{
unit.NullCheck("unit");
var parent = GetUnitParent(unit, false);
if (parent is AUSchema)
CheckAUSchemaPermission((AUSchema)parent);
else
CheckUnitPermission(AUOperationType.AddAdminUnit, "DeleteSubUnit", (AdminUnit)parent);
if (newParent != null)
CheckUnitPermission(AUOperationType.AddAdminUnit, "AddSubUnit", newParent);
else
CheckAUSchemaPermission(unit.GetUnitSchema());
MoveAUExecutor executor = new MoveAUExecutor(AUOperationType.MoveAdminUnit, unit, newParent)
{
NeedStatusCheck = this.NeedValidationAndStatusCheck
};
ExecuteWithActions(AUOperationType.MoveAdminUnit, () => SCActionContext.Current.DoActions(() =>
{
executor.Execute();
}));
}
private void CheckUnitPermission(AUOperationType opType, string permissionName, AdminUnit unit)
{
unit.NullCheck("unit");
if (unit.Status != SchemaObjectStatus.Normal)
throw new AUStatusCheckException(unit, opType);
if (this._NeedCheckPermissions)
{
if (unit == null || unit.Status != SchemaObjectStatus.Normal)
throw new ArgumentException(string.Format("不存在参数 unit 指定的管理单元", "unit"));
if (DeluxePrincipal.Current.HasPermissions(permissionName, new string[] { unit.ID }) == false)
{
//如果没有权限,检查是否超级管理员或者拥有架构权限
if (AUPermissionHelper.IsSupervisor(DeluxePrincipal.Current) == false)
{
var schema = unit.GetUnitSchema();
if (string.IsNullOrEmpty(schema.MasterRole) || DeluxePrincipal.Current.IsInRole(schema.MasterRole) == false)
throw CreateAclException(opType, unit.Schema, permissionName);
}
}
}
}