/// <summary>
/// 判断权限
/// 用于判断查询,修改,删除,打印权限
/// </summary>
/// <param name="so">权限操作类型</param>
/// <param name="formid">窗体ID</param>
/// <param name="lano">制单人</param>
/// <returns></returns>
public bool CheckAuth(SecurityOperation so, int formid, string suserid)
{
bool bResult = false;
//如果是超级用户则直接返回True
if (IsAdmin)
{
bResult = true;
}
else if (suserid == "")
{
bResult = true;
}
else
{
foreach (Hashtable ht in GetFormSecurity(formid))
{
////增加权限,只要设置的不为None,其他的都具有
//if (so == SecurityOperation.Add)
//{
// if ((SecurityOperationValue)GetFormSecurity(formid)[so] != SecurityOperationValue.None)
// {
// bResult = true;
// }
//}
//else
//{
switch ((SecurityOperationValue)ht[so])
{
case SecurityOperationValue.None:
{
bResult = false;
break;
}
case SecurityOperationValue.Self:
{
bResult = CurrentUserID.ToLower() == suserid.ToLower();
if (bResult)
{
return(bResult);
}
break;
}
case SecurityOperationValue.Underling:
{
bResult = GetUserUnderlingStr.ToLower().Contains(suserid.ToLower());
if (bResult)
{
return(bResult);
}
break;
}
case SecurityOperationValue.SelfAndUnderling:
{
bResult = GetUserSelfAndUnderlingStr.ToLower().Contains(suserid.ToLower());
if (bResult)
{
return(bResult);
}
break;
}
case SecurityOperationValue.Department:
{
bResult = GetUserDeptStr.ToLower().Contains(suserid.ToLower());
if (bResult)
{
return(bResult);
}
break;
}
case SecurityOperationValue.All:
{
bResult = true;
if (bResult)
{
return(bResult);
}
break;
}
default:
{
bResult = false;
break;
}
}
}
}
return(bResult);
}
/// <summary>
/// 获取窗体查询权限SQL
/// </summary>
/// <param name="st">数据显示类型</param>
/// <param name="formid"></param>
/// <returns></returns>
public string GetAuthSQL(ShowType st, int formid)
{
string sResult = "(";
//管理员(超级用户)则查看全部数据
if (IsAdmin)
{
if (st == ShowType.FormShow)
{
sResult += " iFlag IN (0,1,2,3)) ";
}
else
{
sResult += " 1=1) ";
}
}
else
{
foreach (Hashtable ht in GetFormSecurity(formid))
{
string sLastAuthSQL = "";
switch ((SecurityOperationValue)ht[SecurityOperation.View])
{
case SecurityOperationValue.None:
{
if (sLastAuthSQL != " (1=2) OR")
{
sResult += " (1=2) OR";
sLastAuthSQL = " (1=2) OR";
}
break;
}
case SecurityOperationValue.Self:
{
if (st == ShowType.FormShow)
{
if (sLastAuthSQL != " (iFlag IN (0,1,2,3) AND sUserID='" + CurrentUserID + "') OR")
{
sResult += " (iFlag IN (0,1,2,3) AND sUserID='" + CurrentUserID + "') OR";
sLastAuthSQL = " (iFlag IN (0,1,2,3) AND sUserID='" + CurrentUserID + "') OR";
}
break;
}
else
{
if (sLastAuthSQL != " (sUserID='" + CurrentUserID + "') OR")
{
sResult += " (sUserID='" + CurrentUserID + "') OR";
sLastAuthSQL = " (sUserID='" + CurrentUserID + "') OR";
}
break;
}
}
case SecurityOperationValue.Underling:
{
if (st == ShowType.FormShow)
{
if (sLastAuthSQL != " (iFlag IN (0,1,2,3) AND sUserID IN('" + GetUserUnderlingStr.Replace(",", "','") + "')) OR")
{
sResult += " (iFlag IN (0,1,2,3) AND sUserID IN('" + GetUserUnderlingStr.Replace(",", "','") + "')) OR";
sLastAuthSQL = " (iFlag IN (0,1,2,3) AND sUserID IN('" + GetUserUnderlingStr.Replace(",", "','") + "')) OR";
}
break;
}
else
{
if (sLastAuthSQL != " (sUserID IN('" + GetUserUnderlingStr.Replace(",", "','") + "')) OR")
{
sResult += " (sUserID IN('" + GetUserUnderlingStr.Replace(",", "','") + "')) OR";
sLastAuthSQL = " (sUserID IN('" + GetUserUnderlingStr.Replace(",", "','") + "')) OR";
}
break;
}
}
case SecurityOperationValue.SelfAndUnderling:
{
if (st == ShowType.FormShow)
{
if (sLastAuthSQL != " (iFlag IN (0,1,2,3) AND sUserID IN('" + GetUserSelfAndUnderlingStr.Replace(",", "','") + "')) OR")
{
sResult += " (iFlag IN (0,1,2,3) AND sUserID IN('" + GetUserSelfAndUnderlingStr.Replace(",", "','") + "')) OR";
sLastAuthSQL = " (iFlag IN (0,1,2,3) AND sUserID IN('" + GetUserSelfAndUnderlingStr.Replace(",", "','") + "')) OR";
}
break;
}
else
{
if (sLastAuthSQL != " (sUserID IN('" + GetUserSelfAndUnderlingStr.Replace(",", "','") + "')) OR")
{
sResult += " (sUserID IN('" + GetUserSelfAndUnderlingStr.Replace(",", "','") + "')) OR";
sLastAuthSQL = " (sUserID IN('" + GetUserSelfAndUnderlingStr.Replace(",", "','") + "')) OR";
}
break;
}
}
case SecurityOperationValue.Department:
{
if (st == ShowType.FormShow)
{
if (sLastAuthSQL != " (iFlag IN (0,1,2,3) AND sUserID IN('" + GetUserDeptStr.Replace(",", "','") + "')) OR")
{
sResult += " (iFlag IN (0,1,2,3) AND sUserID IN('" + GetUserDeptStr.Replace(",", "','") + "')) OR";
sLastAuthSQL = " (iFlag IN (0,1,2,3) AND sUserID IN('" + GetUserDeptStr.Replace(",", "','") + "')) OR";
}
break;
}
else
{
if (sLastAuthSQL != " (sUserID IN('" + GetUserDeptStr.Replace(",", "','") + "')) OR")
{
sResult += " (sUserID IN('" + GetUserDeptStr.Replace(",", "','") + "')) OR";
sLastAuthSQL = " (sUserID IN('" + GetUserDeptStr.Replace(",", "','") + "')) OR";
}
break;
}
}
case SecurityOperationValue.All:
{
if (st == ShowType.FormShow)
{
if (sLastAuthSQL != " (iFlag IN (0,1,2,3)) OR")
{
sResult += " (iFlag IN (0,1,2,3)) OR";
sLastAuthSQL = " (iFlag IN (0,1,2,3)) OR";
}
break;
}
else
{
if (sLastAuthSQL != " (1=1) OR")
{
sResult += " (1=1) OR";
sLastAuthSQL = " (1=1) OR";
}
break;
}
}
default:
{
if (sLastAuthSQL != " (1=2) OR")
{
sResult += " (1=2) OR";
sLastAuthSQL = " (1=2) OR";
}
break;
}
}
}
if (sResult.EndsWith("OR"))
{
sResult = sResult.Substring(0, sResult.Length - 3) + ")";
}
}
return(sResult);
}
