Exemplo n.º 1
0
        /// <summary>
        /// 权限添加
        /// </summary>
        private void Add(HttpContext Context)
        {
            Hashtable PurviewTable = new Hashtable();
            int       Id           = 0;
            string    Type         = "";
            int       TypeId       = 0;
            string    TypeIdPath   = "";
            string    Sql          = "";
            int       Index        = 0;

            if (Base.Common.IsNumeric(Context.Request.Form["Id"]) == true)
            {
                Id = Context.Request.Form["Id"].TypeInt();
            }
            else
            {
                return;
            }

            Type = Context.Request.Form["Type"].TypeString();

            if (Base.Common.StringCheck(Type, @"^(department|role|user)$") == false)
            {
                return;
            }

            if (Context.Request.Form.GetValues("TypeId").Length == 0)
            {
                return;
            }

            if (AppCommon.PurviewCheck(Id, true, "creator", ref Conn) == false)
            {
                Context.Response.Write("no-permission");
                return;
            }

            for (Index = 0; Index < Context.Request.Form.GetValues("TypeId").Length; Index++)
            {
                if (Base.Common.IsNumeric(Context.Request.Form.GetValues("TypeId")[Index]) == true)
                {
                    TypeId = Context.Request.Form.GetValues("TypeId")[Index].TypeInt();
                }
                else
                {
                    continue;
                }

                if (Type == "department")
                {
                    TypeIdPath = AppCommon.DepartmentIdPath(TypeId, ref Conn);
                }

                switch (Type)
                {
                case "department":
                    Sql = "Select DBS_FileId, DBS_DepartmentId, DBS_RoleId, DBS_UserId From DBS_File_Purview Where DBS_FileId = " + Id + " And DBS_DepartmentId = '" + TypeIdPath + "'";
                    break;

                case "role":
                    Sql = "Select DBS_FileId, DBS_DepartmentId, DBS_RoleId, DBS_UserId From DBS_File_Purview Where DBS_FileId = " + Id + " And DBS_RoleId = " + TypeId;
                    break;

                case "user":
                    Sql = "Select DBS_FileId, DBS_DepartmentId, DBS_RoleId, DBS_UserId From DBS_File_Purview Where DBS_FileId = " + Id + " And DBS_UserId = " + TypeId;
                    break;
                }

                Base.Data.SqlDataToTable(Sql, ref Conn, ref PurviewTable);

                if (PurviewTable["Exist"].TypeBool() == true)
                {
                    continue;
                }

                PurviewTable.Clear();

                Base.Data.SqlQuery("Insert Into DBS_File_Purview(DBS_FileId, DBS_DepartmentId, DBS_RoleId, DBS_UserId, DBS_Purview) Values(" + Id + ", '" + (Type == "department" ? TypeIdPath : "null") + "', " + (Type == "role" ? TypeId : 0) + ", " + (Type == "user" ? TypeId : 0) + ", 'viewer')", ref Conn);
            }

            Context.Response.Write("complete");
        }
Exemplo n.º 2
0
        /// <summary>
        /// 读取用户数据列表返回json格式字符串
        /// </summary>
        private void ListDataToJson(HttpContext Context)
        {
            int    DepartmentId = 0;
            int    RoleId       = 0;
            string Status       = "";
            string Keyword      = "";
            int    Page         = 0;
            string Query        = "";
            string Json         = "";

            if (Base.Common.IsNumeric(Context.Request.QueryString["DepartmentId"]) == true)
            {
                DepartmentId = Context.Request.QueryString["DepartmentId"].TypeInt();
            }

            if (Base.Common.IsNumeric(Context.Request.QueryString["RoleId"]) == true)
            {
                RoleId = Context.Request.QueryString["RoleId"].TypeInt();
            }

            Status = Context.Request.QueryString["Status"].TypeString();

            if (Base.Common.StringCheck(Status, @"^(job-on|job-off)$") == false)
            {
                Status = "";
            }
            else
            {
                Status = Status == "job-on" ? "1" : "0";
            }

            Keyword = Base.Common.InputFilter(Context.Request.QueryString["Keyword"].TypeString());

            if (Base.Common.IsNumeric(Context.Request.QueryString["Page"]) == true)
            {
                Page = Context.Request.QueryString["Page"].TypeInt();
                Page = Page < 1 ? 1 : Page;
            }
            else
            {
                Page = 1;
            }

            if (DepartmentId > 0)
            {
                Query += "DBS_DepartmentId Like '" + AppCommon.DepartmentIdPath(DepartmentId, ref Conn) + "%' And ";
            }

            if (RoleId > 0)
            {
                Query += "DBS_RoleId = " + RoleId + " And ";
            }

            if (string.IsNullOrEmpty(Status) == false)
            {
                Query += "DBS_Status = " + Status + " And ";
            }

            if (string.IsNullOrEmpty(Keyword) == false)
            {
                Query += "Exists (";

                // 用户账号查询
                Query += "Select A.DBS_Id From DBS_User As A Where " +
                         "A.DBS_Id = DBS_User.DBS_Id And " +
                         "A.DBS_Username = '******' Union All ";

                // 电子邮箱查询
                Query += "Select B.DBS_Id From DBS_User As B Where " +
                         "B.DBS_Id = DBS_User.DBS_Id And " +
                         "B.DBS_Email = '" + Keyword + "' Union All ";

                // 手机号码查询
                Query += "Select C.DBS_Id From DBS_User As C Where " +
                         "C.DBS_Id = DBS_User.DBS_Id And " +
                         "C.DBS_Phone = '" + Keyword + "'";

                Query += ") And ";
            }

            Query += "DBS_Recycle = 0";

            Json = Base.Data.SqlPageToJson("DBS_User", "DBS_Id, DBS_DepartmentId, DBS_RoleId, DBS_Username, DBS_Position, DBS_Email, DBS_Phone, DBS_Status, DBS_Recycle", "DBS_Username Asc, DBS_Id Desc", Query, 50, Page, ref Conn);

            Context.Response.Write(Json);
        }
Exemplo n.º 3
0
        /// <summary>
        /// 用户归类
        /// </summary>
        private void Classify(HttpContext Context)
        {
            Hashtable UserTable        = new Hashtable();
            int       Id               = 0;
            int       ClassifyId       = 0;
            string    ClassifyType     = "";
            string    DepartmentIdPath = "";
            int       Index            = 0;

            if (Context.Request.Form.GetValues("Id").Length == 0)
            {
                return;
            }

            if (Base.Common.IsNumeric(Context.Request.Form["ClassifyId"]) == true)
            {
                ClassifyId = Context.Request.Form["ClassifyId"].TypeInt();
            }
            else
            {
                return;
            }

            ClassifyType = Context.Request.Form["ClassifyType"].TypeString();

            if (Base.Common.StringCheck(ClassifyType, @"^(department|role)$") == false)
            {
                return;
            }

            if (ClassifyType == "department")
            {
                DepartmentIdPath = AppCommon.DepartmentIdPath(ClassifyId, ref Conn);
            }

            for (Index = 0; Index < Context.Request.Form.GetValues("Id").Length; Index++)
            {
                if (Base.Common.IsNumeric(Context.Request.Form.GetValues("Id")[Index]) == true)
                {
                    Id = Context.Request.Form.GetValues("Id")[Index].TypeInt();
                }
                else
                {
                    continue;
                }

                Base.Data.SqlDataToTable("Select DBS_Id From DBS_User Where DBS_Id = " + Id, ref Conn, ref UserTable);

                if (UserTable["Exist"].TypeBool() == false)
                {
                    continue;
                }

                UserTable.Clear();

                if (ClassifyType == "department")
                {
                    Base.Data.SqlQuery("Update DBS_User Set DBS_DepartmentId = '" + DepartmentIdPath + "' Where DBS_Id = " + Id, ref Conn);
                }
                else if (ClassifyType == "role")
                {
                    Base.Data.SqlQuery("Update DBS_User Set DBS_RoleId = " + ClassifyId + " Where DBS_Id = " + Id, ref Conn);
                }
            }

            DataToJson(Context);

            Context.Response.Write("complete");
        }
Exemplo n.º 4
0
        /// <summary>
        /// 用户添加
        /// </summary>
        private void Add(HttpContext Context)
        {
            Hashtable UserTable        = new Hashtable();
            int       Id               = 0;
            int       DepartmentId     = 0;
            string    DepartmentIdPath = "";
            int       RoleId           = 0;
            string    Username         = "";
            string    Password         = "";
            string    Code             = "";
            string    Position         = "";
            string    Email            = "";
            string    Phone            = "";
            string    Tel              = "";
            string    Admin            = "";
            string    Send             = "";
            string    Sql              = "";

            if (Base.Common.IsNumeric(Context.Request.Form["DepartmentId"]) == true)
            {
                DepartmentId = Context.Request.Form["DepartmentId"].TypeInt();
            }
            else
            {
                return;
            }

            if (Base.Common.IsNumeric(Context.Request.Form["RoleId"]) == true)
            {
                RoleId = Context.Request.Form["RoleId"].TypeInt();
            }
            else
            {
                return;
            }

            Username = Context.Request.Form["Username"].TypeString();

            if (Base.Common.StringCheck(Username, @"^[^\s\`\~\!\@\#\$\%\^\&\*\(\)\-_\=\+\[\]\{\}\;\:\'\""\\\|\,\.\<\>\/\?]{2,16}$") == false)
            {
                return;
            }

            Password = Context.Request.Form["Password"].TypeString();

            if (Base.Common.StringCheck(Password, @"^[\S]{6,16}$") == false)
            {
                return;
            }

            Password = Base.Common.StringCrypto(Password, "MD5");

            Code = Context.Request.Form["Code"].TypeString();

            if (string.IsNullOrEmpty(Code) == false)
            {
                if (Base.Common.StringCheck(Code, @"^[\w\-]{2,16}$") == false)
                {
                    return;
                }
            }

            Position = Base.Common.InputFilter(Context.Request.Form["Position"].TypeString());

            if (string.IsNullOrEmpty(Position) == false)
            {
                if (Base.Common.StringCheck(Position, @"^[\s\S]{2,32}$") == false)
                {
                    return;
                }
            }

            Email = Context.Request.Form["Email"].TypeString();

            if (string.IsNullOrEmpty(Email) == false)
            {
                if (Base.Common.StringCheck(Email, @"^[\w\-]+\@[\w\-]+\.[\w]{2,4}(\.[\w]{2,4})?$") == false)
                {
                    return;
                }
            }

            Phone = Context.Request.Form["Phone"].TypeString();

            if (string.IsNullOrEmpty(Phone) == false)
            {
                if (Base.Common.StringCheck(Phone, @"^\+?([\d]{2,4}\-?)?[\d]{6,11}$") == false)
                {
                    return;
                }
            }

            Tel = Context.Request.Form["Tel"].TypeString();

            if (string.IsNullOrEmpty(Tel) == false)
            {
                if (Base.Common.StringCheck(Tel, @"^\+?([\d]{2,4}\-?){0,2}[\d]{6,8}(\-?[\d]{2,8})?$") == false)
                {
                    return;
                }
            }

            Admin = Context.Request.Form["Admin"].TypeString();

            if (Base.Common.StringCheck(Admin, @"^(true|false)$") == false)
            {
                return;
            }
            else
            {
                Admin = Admin == "true" ? "1" : "0";
            }

            Send = Context.Request.Form["Send"].TypeString();

            if (Base.Common.StringCheck(Send, @"^(true|false)$") == false)
            {
                return;
            }

            Base.Data.SqlDataToTable("Select DBS_Username From DBS_User Where DBS_Username = '******'", ref Conn, ref UserTable);

            if (UserTable["Exist"].TypeBool() == true)
            {
                Context.Response.Write("username-existed");
                return;
            }

            UserTable.Clear();

            if (string.IsNullOrEmpty(Email) == false)
            {
                Base.Data.SqlDataToTable("Select DBS_Email From DBS_User Where DBS_Email = '" + Email + "'", ref Conn, ref UserTable);

                if (UserTable["Exist"].TypeBool() == true)
                {
                    Context.Response.Write("email-existed");
                    return;
                }

                UserTable.Clear();
            }

            if (string.IsNullOrEmpty(Phone) == false)
            {
                Base.Data.SqlDataToTable("Select DBS_Phone From DBS_User Where DBS_Phone = '" + Phone + "'", ref Conn, ref UserTable);

                if (UserTable["Exist"].TypeBool() == true)
                {
                    Context.Response.Write("phone-existed");
                    return;
                }

                UserTable.Clear();
            }

            if (DepartmentId == 0)
            {
                DepartmentIdPath = "/0/";
            }
            else
            {
                DepartmentIdPath = AppCommon.DepartmentIdPath(DepartmentId, ref Conn);
            }

            Sql  = "Insert Into DBS_User(DBS_DepartmentId, DBS_RoleId, DBS_Username, DBS_Password, DBS_Code, DBS_Position, DBS_Email, DBS_Phone, DBS_Tel, DBS_Admin, DBS_Status, DBS_Recycle, DBS_Time, DBS_LoginIP, DBS_LoginTime) ";
            Sql += "Values('" + DepartmentIdPath + "', " + RoleId + ", '" + Username + "', '" + Password + "', '" + Code + "', '" + Position + "', '" + Email + "', '" + Phone + "', '" + Tel + "', " + Admin + ", 1, 0, '" + DateTime.Now.ToString() + "', '0.0.0.0', '1970/1/1 00:00:00')";

            Id = Base.Data.SqlInsert(Sql, ref Conn);

            if (Id == 0)
            {
                return;
            }

            if (string.IsNullOrEmpty(Email) == false && Send == "true")
            {
                Password = Context.Request.Form["Password"].TypeString();

                CreateMail(Username, Password, Email, Context);
            }

            DataToJson(Context);

            Context.Response.Write("complete");
        }
Exemplo n.º 5
0
        /// <summary>
        /// 用户修改
        /// </summary>
        private void Modify(HttpContext Context)
        {
            Hashtable UserTable        = new Hashtable();
            int       Id               = 0;
            int       DepartmentId     = 0;
            string    DepartmentIdPath = "";
            int       RoleId           = 0;
            string    Password         = "";
            string    Code             = "";
            string    Position         = "";
            string    Email            = "";
            string    Phone            = "";
            string    Tel              = "";
            string    Admin            = "";
            string    Status           = "";
            string    Leave            = "";
            string    Sql              = "";

            if (Base.Common.IsNumeric(Context.Request.Form["Id"]) == true)
            {
                Id = Context.Request.Form["Id"].TypeInt();
            }
            else
            {
                return;
            }

            if (Base.Common.IsNumeric(Context.Request.Form["DepartmentId"]) == true)
            {
                DepartmentId = Context.Request.Form["DepartmentId"].TypeInt();
            }
            else
            {
                return;
            }

            if (Base.Common.IsNumeric(Context.Request.Form["RoleId"]) == true)
            {
                RoleId = Context.Request.Form["RoleId"].TypeInt();
            }
            else
            {
                return;
            }

            Password = Context.Request.Form["Password"].TypeString();

            if (Base.Common.StringCheck(Password, @"^[\S]{6,16}$") == true)
            {
                Password = Base.Common.StringCrypto(Password, "MD5");
            }

            Code = Context.Request.Form["Code"].TypeString();

            if (string.IsNullOrEmpty(Code) == false)
            {
                if (Base.Common.StringCheck(Code, @"^[\w\-]{2,16}$") == false)
                {
                    return;
                }
            }

            Position = Base.Common.InputFilter(Context.Request.Form["Position"].TypeString());

            if (string.IsNullOrEmpty(Position) == false)
            {
                if (Base.Common.StringCheck(Position, @"^[\s\S]{2,32}$") == false)
                {
                    return;
                }
            }

            Email = Context.Request.Form["Email"].TypeString();

            if (string.IsNullOrEmpty(Email) == false)
            {
                if (Base.Common.StringCheck(Email, @"^[\w\-]+\@[\w\-]+\.[\w]{2,4}(\.[\w]{2,4})?$") == false)
                {
                    return;
                }
            }

            Phone = Context.Request.Form["Phone"].TypeString();

            if (string.IsNullOrEmpty(Phone) == false)
            {
                if (Base.Common.StringCheck(Phone, @"^\+?([\d]{2,4}\-?)?[\d]{6,11}$") == false)
                {
                    return;
                }
            }

            Tel = Context.Request.Form["Tel"].TypeString();

            if (string.IsNullOrEmpty(Tel) == false)
            {
                if (Base.Common.StringCheck(Tel, @"^\+?([\d]{2,4}\-?){0,2}[\d]{6,8}(\-?[\d]{2,8})?$") == false)
                {
                    return;
                }
            }

            Admin = Context.Request.Form["Admin"].TypeString();

            if (Base.Common.StringCheck(Admin, @"^(true|false)$") == false)
            {
                return;
            }
            else
            {
                Admin = Admin == "true" ? "1" : "0";
            }

            Leave = Context.Request.Form["Leave"].TypeString();

            if (Base.Common.StringCheck(Leave, @"^(true|false)$") == false)
            {
                return;
            }
            else
            {
                Status = Leave == "true" ? "0" : "1";
            }

            Base.Data.SqlDataToTable("Select DBS_Id From DBS_User Where DBS_Id = " + Id, ref Conn, ref UserTable);

            if (UserTable["Exist"].TypeBool() == false)
            {
                return;
            }

            UserTable.Clear();

            if (string.IsNullOrEmpty(Email) == false)
            {
                Base.Data.SqlDataToTable("Select DBS_Id, DBS_Email From DBS_User Where DBS_Email = '" + Email + "'", ref Conn, ref UserTable);

                if (UserTable["Exist"].TypeBool() == true)
                {
                    if (UserTable["DBS_Id"].TypeInt() != Id)
                    {
                        Context.Response.Write("email-existed");
                        return;
                    }
                }

                UserTable.Clear();
            }

            if (string.IsNullOrEmpty(Phone) == false)
            {
                Base.Data.SqlDataToTable("Select DBS_Id, DBS_Phone From DBS_User Where DBS_Phone = '" + Phone + "'", ref Conn, ref UserTable);

                if (UserTable["Exist"].TypeBool() == true)
                {
                    if (UserTable["DBS_Id"].TypeInt() != Id)
                    {
                        Context.Response.Write("phone-existed");
                        return;
                    }
                }

                UserTable.Clear();
            }

            if (DepartmentId == 0)
            {
                DepartmentIdPath = "/0/";
            }
            else
            {
                DepartmentIdPath = AppCommon.DepartmentIdPath(DepartmentId, ref Conn);
            }

            if (string.IsNullOrEmpty(Password) == true)
            {
                Sql = "Update DBS_User Set DBS_DepartmentId = '" + DepartmentIdPath + "', DBS_RoleId = " + RoleId + ", DBS_Code = '" + Code + "', DBS_Position = '" + Position + "', DBS_Email = '" + Email + "', DBS_Phone = '" + Phone + "', DBS_Tel = '" + Tel + "', DBS_Admin = " + Admin + ", DBS_Status = " + Status + " Where DBS_Id = " + Id;
            }
            else
            {
                Sql = "Update DBS_User Set DBS_DepartmentId = '" + DepartmentIdPath + "', DBS_RoleId = " + RoleId + ", DBS_Password = '******', DBS_Code = '" + Code + "', DBS_Position = '" + Position + "', DBS_Email = '" + Email + "', DBS_Phone = '" + Phone + "', DBS_Tel = '" + Tel + "', DBS_Admin = " + Admin + ", DBS_Status = " + Status + " Where DBS_Id = " + Id;
            }

            Base.Data.SqlQuery(Sql, ref Conn);

            DataToJson(Context);

            Context.Response.Write("complete");
        }