Exemplo n.º 1
0
        /// <summary>
        ///
        /// </summary>
        /// <param name="applicationId"></param>
        /// <param name="roleCode"></param>
        /// <returns></returns>
        public PermissionCollection GetRolePermissions(int applicationId, int roleID)
        {
            try
            {
                PermissionCollection collection = new PermissionCollection();

                // create sql param
                SqlParameter prmApplicationID = new SqlParameter("@ApplicationID", SqlDbType.Int, 4);
                prmApplicationID.Direction = ParameterDirection.Input;
                prmApplicationID.Value     = applicationId;

                SqlParameter prmRoleID = new SqlParameter("@RoleID", SqlDbType.Int, 4);
                prmRoleID.Direction = ParameterDirection.Input;
                prmRoleID.Value     = roleID;

                using (IDataReader dr = Database.ExecuteReader("UspGetRolePermissions", CommandType.StoredProcedure, prmApplicationID, prmRoleID))
                {
                    while (dr.Read())
                    {
                        Permission permission = Populate(dr);
                        collection.Add(permission);
                    }
                }

                return(collection);
            }
            catch (Exception ex)
            {
                throw ex;
            }
        }
Exemplo n.º 2
0
        /// <summary>
        ///
        /// </summary>
        /// <param name="iResourceID"></param>
        /// <param name="strUserName"></param>
        /// <param name="strRoleCode"></param>
        /// <returns></returns>
        public PermissionCollection GetPermissionOnResourceByUserRole(int iResourceID, string strUserName, string strRoleCode, bool bIsAllowed)
        {
            try
            {
                PermissionCollection collection = new PermissionCollection();

                // create sql param
                SqlParameter prmResourceID = new SqlParameter("@ResourceID", SqlDbType.Int, 4);
                prmResourceID.Direction = ParameterDirection.Input;
                prmResourceID.Value     = iResourceID;

                SqlParameter prmUserName = new SqlParameter("@UserName", SqlDbType.VarChar, 50);
                prmUserName.Direction = ParameterDirection.Input;
                prmUserName.Value     = strUserName;
                if (string.IsNullOrEmpty(strUserName))
                {
                    prmUserName.Value = DBNull.Value;
                }


                SqlParameter prmRoleCode = new SqlParameter("@RoleCode", SqlDbType.VarChar, 50);
                prmRoleCode.Direction = ParameterDirection.Input;
                prmRoleCode.Value     = strRoleCode;

                SqlParameter prmIsAllowed = new SqlParameter("@IsAllowed", SqlDbType.Bit);
                prmIsAllowed.Direction = ParameterDirection.Input;
                prmIsAllowed.Value     = bIsAllowed;

                if (string.IsNullOrEmpty(strRoleCode))
                {
                    prmRoleCode.Value = DBNull.Value;
                }

                using (IDataReader dr = Database.ExecuteReader("UspGetPermissionOnResourceByUserRole", CommandType.StoredProcedure
                                                               , prmResourceID, prmUserName, prmRoleCode, prmIsAllowed))
                {
                    while (dr.Read())
                    {
                        Permission permission = Populate(dr);
                        collection.Add(permission);
                    }
                }
                return(collection);
            }
            catch (Exception ex)
            {
                throw ex;
            }
        }
Exemplo n.º 3
0
        internal static PermissionCollection GetCollection(DataTable dataItems)
        {
            PermissionCollection listCollection = new PermissionCollection();
            Permission           current        = null;

            if (dataItems != null)
            {
                for (int i = 0; i < dataItems.Rows.Count; i++)
                {
                    current = new Permission(dataItems.Rows[i]);
                    listCollection.Add(current);
                }
            }
            else
            {
                throw new Exception("You cannot create a Permission collection from a null data table.");
            }

            return(listCollection);
        }
Exemplo n.º 4
0
        internal PermissionCollection InitPermissions(String[] PermissionIndex)
        {
            PermissionCollection permissionCollection = new PermissionCollection();

            if (PermissionIndex == null || PermissionIndex.Length == 0)
            {
                return(permissionCollection);
            }

            StringBuilder Sql_Permissions = new StringBuilder();

            //增加查询条件  Scdel=0  2013-10-17
            Sql_Permissions.Append("select * from sys_auth_Permissions where Scdel=0 and ID in ");
            Sql_Permissions.Append(string.Concat("('", string.Join("','", PermissionIndex), "')"));
            Sql_Permissions.Append(" order by ClsInfo");

            StringBuilder Sql_FieldPermission = new StringBuilder();

            Sql_FieldPermission.Append("select * from sys_auth_FieldPermission where FieldsID in (");
            //增加查询条件  Scdel=0  2013-10-17
            Sql_FieldPermission.Append("select ID from sys_auth_Permissions where Scdel=0 and ID in ");
            Sql_FieldPermission.Append(string.Concat("('", string.Join("','", PermissionIndex), "')"));
            Sql_FieldPermission.Append(" And ClsInfo='Fields'");
            Sql_FieldPermission.Append(") order by Indentity");

            StringBuilder Sql_RecordPermission = new StringBuilder();

            Sql_RecordPermission.Append("Select * from sys_auth_RecordPermission where RecordsID in (");
            //增加查询条件  Scdel=0  2013-10-17
            Sql_RecordPermission.Append("select ID from sys_auth_Permissions where Scdel=0 and ID in ");
            Sql_RecordPermission.Append(string.Concat("('", string.Join("','", PermissionIndex), "')"));
            Sql_RecordPermission.Append(" And ClsInfo='Records'");
            Sql_RecordPermission.Append(") order by Indentity");

            StringBuilder Sql_FunctionPermission = new StringBuilder();

            Sql_FunctionPermission.Append("Select * from sys_auth_FunctionPermission where FunctionsID in (");
            //增加查询条件  Scdel=0  2013-10-17
            Sql_FunctionPermission.Append("select ID from sys_auth_Permissions where Scdel=0 and ID in ");
            Sql_FunctionPermission.Append(string.Concat("('", string.Join("','", PermissionIndex), "')"));
            Sql_FunctionPermission.Append(" And ClsInfo='Functions'");
            Sql_FunctionPermission.Append(") order by Indentity");

            StringBuilder Sql_DataPermission = new StringBuilder();

            Sql_DataPermission.Append("Select * from sys_auth_DataPermission where TableID in (");
            //增加查询条件  Scdel=0  2013-10-17
            Sql_DataPermission.Append("select ID from sys_auth_Permissions where Scdel=0 and ID in ");
            Sql_DataPermission.Append(string.Concat("('", string.Join("','", PermissionIndex), "')"));
            Sql_DataPermission.Append(" And ClsInfo='Datas'");
            Sql_DataPermission.Append(") order by TableID");

            List <String> Sql_Commands = new List <string>();

            Sql_Commands.Add(Sql_Permissions.ToString());
            Sql_Commands.Add(Sql_FieldPermission.ToString());
            Sql_Commands.Add(Sql_RecordPermission.ToString());
            Sql_Commands.Add(Sql_FunctionPermission.ToString());
            Sql_Commands.Add(Sql_DataPermission.ToString());

            DataSet dataset = GetDataSet(Sql_Commands.ToArray());

            if (dataset != null)
            {
                DataTable PermissionDataTable         = dataset.Tables["sys_auth_Permissions"];
                DataTable FieldPermissionDataTable    = dataset.Tables["sys_auth_FieldPermission"];
                DataTable RecordPermissionDataTable   = dataset.Tables["sys_auth_RecordPermission"];
                DataTable FunctionPermissionDataTable = dataset.Tables["sys_auth_FunctionPermission"];
                DataTable DataPermissionDataTable     = dataset.Tables["sys_auth_DataPermission"];

                foreach (DataRow Row in PermissionDataTable.Rows)
                {
                    String Index       = Row["ID"].ToString();
                    String Cls         = Row["ClsInfo"].ToString();
                    String ModelIndex  = Row["ModuleID"].ToString();
                    String Description = Row["Description"].ToString();

                    PermissionType Type = Type = (PermissionType)Enum.Parse(typeof(PermissionType), Cls);
                    if (Type == PermissionType.Records)
                    {
                        RecordsPermission recordsPermission = new RecordsPermission();
                        recordsPermission.ModuleID = ModelIndex;
                        recordsPermission.Index    = Index;
                        recordsPermission.Caption  = Description;
                        permissionCollection.Add(recordsPermission);

                        DataRow[] RecordRows = RecordPermissionDataTable.Select("RecordsID='" + Index + "'");
                        foreach (DataRow RecordRow in RecordRows)
                        {
                            RecordListElement recordListElement = new RecordListElement();
                            recordListElement.Caption = RecordRow["Description"].ToString();
                            recordListElement.Index   = RecordRow["Indentity"].ToString();
                            recordListElement.Code    = RecordRow["RecordCode"].ToString();
                            recordsPermission.RecordPermissionList.Add(recordListElement);
                        }
                    }
                    else if (Type == PermissionType.Fields)
                    {
                        FieldsPermission fieldsPermission = new FieldsPermission();
                        fieldsPermission.ModuleID   = ModelIndex;
                        fieldsPermission.Index      = Index;
                        fieldsPermission.Caption    = Description;
                        fieldsPermission.FieldsName = Description;
                        permissionCollection.Add(fieldsPermission);

                        DataRow[] FieldRows = FieldPermissionDataTable.Select("FieldsID='" + Index + "'");
                        foreach (DataRow FieldRow in FieldRows)
                        {
                            FieldPermission fieldPermission = new FieldPermission();
                            fieldPermission.Index     = FieldRow["Indentity"].ToString();
                            fieldPermission.FieldName = FieldRow["Description"].ToString();
                            fieldPermission.Editable  = Convert.ToBoolean(FieldRow["Editable"]);
                            fieldPermission.Viewable  = Convert.ToBoolean(FieldRow["Viewable"]);
                            fieldsPermission.Fields.Add(fieldPermission);
                        }
                    }
                    else if (Type == PermissionType.Functions)
                    {
                        FunctionsPermission functionsPermission = new FunctionsPermission();
                        functionsPermission.ModuleID = ModelIndex;
                        functionsPermission.Index    = Index;
                        functionsPermission.Caption  = Description;
                        permissionCollection.Add(functionsPermission);

                        DataRow[] FunctionRows = FunctionPermissionDataTable.Select("FunctionsID='" + Index + "'");
                        foreach (DataRow FunctionRow in FunctionRows)
                        {
                            FunctionPermission functionPermission = new FunctionPermission();
                            functionPermission.Caption = FunctionRow["Description"].ToString();
                            functionPermission.Index   = FunctionRow["Indentity"].ToString();
                            functionsPermission.Functions.Add(functionPermission);
                        }
                    }
                    else if (Type == PermissionType.Datas)
                    {
                        DatasPermission datasPermission = new DatasPermission();
                        datasPermission.ModuleID = ModelIndex;
                        datasPermission.Index    = Index;
                        datasPermission.Caption  = Description;
                        permissionCollection.Add(datasPermission);

                        DataRow[] DataRows = DataPermissionDataTable.Select("TableID='" + Index + "'");
                        foreach (DataRow DataRow in DataRows)
                        {
                            DataPermission dataPermission = new DataPermission();
                            dataPermission.Index     = DataRow["TableID"].ToString();
                            dataPermission.FieldName = DataRow["FieldName"].ToString();

                            String FieldValueList = DataRow["FieldValues"].ToString();
                            if (!string.IsNullOrEmpty(FieldValueList))
                            {
                                String[] Values = FieldValueList.Split(new Char[] { ';' }, StringSplitOptions.RemoveEmptyEntries);
                                dataPermission.Values.AddRange(Values);
                            }

                            datasPermission.Conditions.Add(dataPermission);
                        }
                    }
                }
            }

            return(permissionCollection);
        }
Exemplo n.º 5
0
        /// <summary>
        /// Returns the permissions for the given codesource object.
        /// The implementation of this method first calls super.getPermissions
        /// and then adds permissions based on the URL of the codesource.
        /// <para>
        /// If the protocol of this URL is "jar", then the permission granted
        /// is based on the permission that is required by the URL of the Jar
        /// file.
        /// </para>
        /// <para>
        /// If the protocol is "file" and there is an authority component, then
        /// permission to connect to and accept connections from that authority
        /// may be granted. If the protocol is "file"
        /// and the path specifies a file, then permission to read that
        /// file is granted. If protocol is "file" and the path is
        /// a directory, permission is granted to read all files
        /// and (recursively) all files and subdirectories contained in
        /// that directory.
        /// </para>
        /// <para>
        /// If the protocol is not "file", then permission
        /// to connect to and accept connections from the URL's host is granted.
        /// </para>
        /// </summary>
        /// <param name="codesource"> the codesource </param>
        /// <exception cref="NullPointerException"> if {@code codesource} is {@code null}. </exception>
        /// <returns> the permissions granted to the codesource </returns>
        protected internal override PermissionCollection GetPermissions(CodeSource codesource)
        {
            PermissionCollection perms = base.GetPermissions(codesource);

            URL url = codesource.Location;

            Permission    p;
            URLConnection urlConnection;

            try
            {
                urlConnection = url.OpenConnection();
                p             = urlConnection.Permission;
            }
            catch (IOException)
            {
                p             = null;
                urlConnection = null;
            }

            if (p is FilePermission)
            {
                // if the permission has a separator char on the end,
                // it means the codebase is a directory, and we need
                // to add an additional permission to read recursively
                String path = p.Name;
                if (path.EndsWith(File.Separator))
                {
                    path += "-";
                    p     = new FilePermission(path, SecurityConstants.FILE_READ_ACTION);
                }
            }
            else if ((p == null) && (url.Protocol.Equals("file")))
            {
                String path = url.File.Replace('/', System.IO.Path.DirectorySeparatorChar);
                path = ParseUtil.decode(path);
                if (path.EndsWith(File.Separator))
                {
                    path += "-";
                }
                p = new FilePermission(path, SecurityConstants.FILE_READ_ACTION);
            }
            else
            {
                /// <summary>
                /// Not loading from a 'file:' URL so we want to give the class
                /// permission to connect to and accept from the remote host
                /// after we've made sure the host is the correct one and is valid.
                /// </summary>
                URL locUrl = url;
                if (urlConnection is JarURLConnection)
                {
                    locUrl = ((JarURLConnection)urlConnection).JarFileURL;
                }
                String host = locUrl.Host;
                if (host != null && (host.Length() > 0))
                {
                    p = new SocketPermission(host, SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION);
                }
            }

            // make sure the person that created this class loader
            // would have this permission

            if (p != null)
            {
//JAVA TO C# CONVERTER WARNING: The original Java variable was marked 'final':
//ORIGINAL LINE: final SecurityManager sm = System.getSecurityManager();
                SecurityManager sm = System.SecurityManager;
                if (sm != null)
                {
//JAVA TO C# CONVERTER WARNING: The original Java variable was marked 'final':
//ORIGINAL LINE: final java.security.Permission fp = p;
                    Permission fp = p;
                    AccessController.doPrivileged(new PrivilegedActionAnonymousInnerClassHelper3(this, sm, fp), Acc);
                }
                perms.Add(p);
            }
            return(perms);
        }
Exemplo n.º 6
0
        public void GenerateReport()
        {
            StringBuilder SQL_DataSource = new StringBuilder();

            SQL_DataSource.Append("select a.nodecode as foldercode,b.description as foldername,c.nodecode as modulecode,d.description as modulename,d.id ");
            SQL_DataSource.Append("from sys_engs_ItemInfo as b,");
            SQL_DataSource.Append("(SELECT NodeCode,ralationid FROM sys_engs_Tree ");
            SQL_DataSource.Append("WHERE (SUBSTRING(NodeCode, 0, 13) IN");
            SQL_DataSource.Append("(SELECT NodeCode FROM sys_engs_Tree AS sys_engs_Tree_1 WHERE (NodeType = '@unit_施工单位'))) and nodetype = '@folder') as a,");
            SQL_DataSource.Append("(SELECT NodeCode,ralationid FROM sys_engs_Tree ");
            SQL_DataSource.Append("WHERE (SUBSTRING(NodeCode, 0, 13) IN (SELECT NodeCode FROM sys_engs_Tree AS sys_engs_Tree_1 WHERE (NodeType = '@unit_施工单位'))) and nodetype = '@module') as c,");
            //增加查询条件  Scdel=0  2013-10-17
            SQL_DataSource.Append("sys_biz_Module as d where b.Scdel=0 and b.id = a.ralationid and c.ralationid = d.id and c.nodecode like a.nodecode + '%' order by a.nodecode,c.nodecode");

            DataTable DataSource = GetDataTable(SQL_DataSource.ToString());

            DataTable DataResule = new DataTable();

            DataColumn Column = new DataColumn("CompanyName");

            Column.DataType = typeof(String);
            DataResule.Columns.Add(Column);

            Column          = new DataColumn("CompanyCode");
            Column.DataType = typeof(String);
            DataResule.Columns.Add(Column);

            Column          = new DataColumn("ModelCode");
            Column.DataType = typeof(String);
            DataResule.Columns.Add(Column);

            Column          = new DataColumn("FolderName");
            Column.DataType = typeof(String);
            DataResule.Columns.Add(Column);

            Column          = new DataColumn("ModuleName");
            Column.DataType = typeof(String);
            DataResule.Columns.Add(Column);

            Column          = new DataColumn("PXRate");
            Column.DataType = System.Type.GetType("System.Decimal");
            DataResule.Columns.Add(Column);

            Column          = new DataColumn("YZRate");
            Column.DataType = System.Type.GetType("System.Decimal");
            DataResule.Columns.Add(Column);

            Column          = new DataColumn("SelectTable");
            Column.DataType = typeof(String);
            DataResule.Columns.Add(Column);

            foreach (DataRow Row in DataSource.Rows)
            {
                String TableName = "biz_norm_extent_" + Row["id"].ToString();

                StringBuilder SQL_Company = new StringBuilder();
                SQL_Company.Append("select a.Description,b.NodeCode from sys_engs_CompanyInfo as a,sys_engs_Tree as b");
                //增加查询条件  Scdel=0     2013-10-17
                SQL_Company.Append("where a.Scdel=0 and");
                SQL_Company.Append("b.NodeCode ='");
                SQL_Company.Append(Row["foldercode"].ToString().Substring(0, 12));
                SQL_Company.Append("' and a.id = b.ralationid");

                DataTable CompanyInfo = GetDataTable(SQL_Company.ToString());

                DataRow newRow = DataResule.NewRow();
                newRow["CompanyName"] = CompanyInfo.Rows[0]["Description"].ToString();
                newRow["CompanyCode"] = CompanyInfo.Rows[0]["NodeCode"].ToString();
                newRow["FolderName"]  = Row["FolderName"].ToString();
                newRow["ModuleName"]  = Row["ModuleName"].ToString();
                newRow["SelectTable"] = TableName;
                newRow["ModelCode"]   = Row["modulecode"].ToString();


                DataResule.Rows.Add(newRow);
            }

            StringBuilder Sql_Select = new StringBuilder();

            Sql_Select.Append("select code from sys_auth_Organization where type = '");
            Sql_Select.Append("监理单位");
            Sql_Select.Append("'");

            DataTable Organization = GetDataTable(Sql_Select.ToString());

            if (Organization != null && Organization.Rows.Count > 0)
            {
                PermissionCollection Permissions = new PermissionCollection();
                foreach (DataRow Row in Organization.Rows)
                {
                    int PXCount;
                    int JZCount;
                    int AllCount;
                    Sql_Select = new StringBuilder();
                    //增加查询条件  Scdel=0  2013-10-17
                    Sql_Select.Append("select * from sys_auth_Users where Scdel=0 and code like '");
                    Sql_Select.Append(Row["code"].ToString());
                    Sql_Select.Append("%'");

                    DataTable Users = GetDataTable(Sql_Select.ToString());
                    if (Users != null && Users.Rows.Count > 0)
                    {
                        foreach (DataRow UserRow in Users.Rows)
                        {
                            RoleCollection Roles = RoleManager.InitRoleInformation(UserRow["ID"].ToString());
                            foreach (Role role in Roles)
                            {
                                PermissionCollection _Permissions = PermissionManager.InitPermissions(role.Index);
                                foreach (Permission Permission in _Permissions)
                                {
                                    if (!Permissions.Contains(Permission))
                                    {
                                        Permissions.Add(Permission);
                                    }
                                }
                            }
                        }
                    }

                    IAuthPolicy AuthPolicy = AuthManager.GetTreeAuth(TreeID, Permissions);
                    DataTable   SelectData = new DataTable();
                    SelectData = DataResule.Clone();

                    StringBuilder Sql_JLSelect = new StringBuilder();
                    Sql_JLSelect.Append("select NodeCode from sys_engs_Tree where nodetype ='@unit_监理单位'");

                    DataTable JLData = GetDataTable(Sql_Select.ToString());

                    foreach (DataRow JLRow in JLData.Rows)
                    {
                        if (AuthPolicy.HasAuth(JLRow["NodeCode"].ToString()))
                        {
                            foreach (DataRow SelectRow in DataResule.Rows)
                            {
                                if (AuthPolicy.HasAuth(SelectRow["NodeCode"].ToString()))
                                {
                                    StringBuilder SQL_PXCount = new StringBuilder();
                                    SQL_PXCount.Append("select count(id) from ");
                                    SQL_PXCount.Append(SelectRow["SelectTable"].ToString());
                                    SQL_PXCount.Append("where trytype = '");
                                    SQL_PXCount.Append("平行 and scpt ='");
                                    SQL_PXCount.Append(JLRow["NodeCode"].ToString());
                                    SQL_PXCount.Append("' and scct in (select id from ");
                                    SQL_PXCount.Append(SelectRow["SelectTable"].ToString());
                                    SQL_PXCount.Append(" where scpt ='");
                                    SQL_PXCount.Append(SelectRow["modulecode"].ToString());
                                    SQL_PXCount.Append("')");

                                    PXCount = Convert.ToInt32(ExcuteScalar(SQL_PXCount.ToString()));

                                    StringBuilder SQL_JZCount = new StringBuilder();
                                    SQL_JZCount.Append("select count(id) from ");
                                    SQL_JZCount.Append(SelectRow["SelectTable"].ToString());
                                    SQL_JZCount.Append("where trytype = '");
                                    SQL_JZCount.Append("见证 and scpt ='");
                                    SQL_JZCount.Append(JLRow["NodeCode"].ToString());
                                    SQL_JZCount.Append("' and scct in (select id from ");
                                    SQL_JZCount.Append(SelectRow["SelectTable"].ToString());
                                    SQL_JZCount.Append(" where scpt ='");
                                    SQL_JZCount.Append(SelectRow["modulecode"].ToString());
                                    SQL_JZCount.Append("')");

                                    JZCount = Convert.ToInt32(ExcuteScalar(SQL_JZCount.ToString()));

                                    StringBuilder SQL_ALLCount = new StringBuilder();
                                    SQL_ALLCount.Append("select count(id) from ");
                                    SQL_ALLCount.Append(SelectRow["SelectTable"].ToString());
                                    SQL_ALLCount.Append("where scpt ='");
                                    SQL_ALLCount.Append(SelectRow["modulecode"].ToString());
                                    SQL_ALLCount.Append("'");

                                    AllCount = Convert.ToInt32(ExcuteScalar(SQL_ALLCount.ToString()));

                                    SelectRow["PXRate"] = PXCount / AllCount;
                                    SelectRow["YZRate"] = JZCount / AllCount;

                                    SelectData.ImportRow(SelectRow);
                                }
                            }

                            DrawSupervisionReport(SelectData, Row["Description"].ToString());
                        }
                    }
                }
            }
        }
Exemplo n.º 7
0
        /// <summary>
        /// 获得角色的权限点
        /// </summary>
        /// <param name="role"></param>
        /// <returns></returns>
        public PermissionCollection GetPermissions(int role)
        {
            var permissions = new PermissionCollection();

            DbProvider.D<RoleAccess>().Where(x => x.RoleId == role).ToList().ForEach(access => permissions.Add(new Permission { ModuleKey = access.Module, NodeKey = access.Node }));

            return permissions;
        }