/// <summary>
/// 判断用户是否有有相应的权限
/// </summary>
/// <param name="systemCode">系统编号</param>
/// <param name="userId">用户主键</param>
/// <param name="permissionCode">权限编号</param>
/// <returns>有权限</returns>
public bool CheckPermission(string systemCode, string userId, string permissionCode)
{
if (String.IsNullOrEmpty(systemCode))
{
return(false);
}
if (String.IsNullOrEmpty(userId))
{
return(false);
}
string permissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode);
// 没有找到相应的权限
if (String.IsNullOrEmpty(permissionId))
{
return(false);
}
this.CurrentTableName = systemCode + "Permission";
List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >();
parameters.Add(new KeyValuePair <string, object>(BasePermissionEntity.FieldResourceCategory, BaseUserEntity.TableName));
parameters.Add(new KeyValuePair <string, object>(BasePermissionEntity.FieldResourceId, userId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionEntity.FieldEnabled, 1));
parameters.Add(new KeyValuePair <string, object>(BasePermissionEntity.FieldDeletionStateCode, 0));
//宋彪注:permisssionId先没加上
parameters.Add(new KeyValuePair <string, object>(BasePermissionEntity.FieldPermissionId, permissionId));
return(this.Exists(parameters));
}
/// <summary>
/// 用户的所有可授权范围(有授权权限的权限列表)
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="userId">用户主键</param>
/// <param name="permissionCode">权限域编号</param>
/// <returns>数据表</returns>
public DataTable GetPermissionDTByPermission(BaseUserInfo userInfo, string userId, string permissionCode)
{
var dt = new DataTable(BaseModuleEntity.TableName);
var parameter = ServiceInfo.Create(userInfo, MethodBase.GetCurrentMethod());
ServiceUtil.ProcessUserCenterReadDb(userInfo, parameter, (dbHelper) =>
{
string permissionId = BaseModuleManager.GetIdByCodeByCache(userInfo.SystemCode, permissionCode);
// 数据库里没有设置可授权的权限项,系统自动增加一个权限配置项
if (String.IsNullOrEmpty(permissionId) && permissionCode.Equals("Resource.ManagePermission"))
{
BaseModuleEntity permissionEntity = new BaseModuleEntity();
permissionEntity.Code = "Resource.ManagePermission";
permissionEntity.FullName = "资源管理范围权限(系统默认)";
permissionEntity.IsScope = 1;
permissionEntity.Enabled = 1;
permissionEntity.AllowDelete = 0;
permissionEntity.AllowDelete = 0;
new BaseModuleManager(userInfo).AddObject(permissionEntity);
}
dt = new BaseModuleManager().GetDataTableByUser(userInfo.SystemCode, userId, permissionCode);
dt.TableName = BaseModuleEntity.TableName;
});
return(dt);
}
/// <summary>
/// 获得有某个权限的所有用户主键
/// </summary>
/// <param name="systemCode">系统编号</param>
/// <param name="permissionCode">操作权限编号</param>
/// <returns>用户主键数组</returns>
public string[] GetUserIds(string systemCode, string permissionCode)
{
// 若不存在就需要自动能增加一个操作权限项
string permissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode);
return(GetUserIdsByPermissionId(systemCode, permissionId));
}
public BasePermissionScopeEntity GetConstraintEntity(string resourceCategory, string resourceId, string tableName, string permissionCode = "Resource.AccessPermission")
{
BasePermissionScopeEntity entity = null;
string permissionId = string.Empty;
permissionId = BaseModuleManager.GetIdByCodeByCache(this.UserInfo.SystemCode, permissionCode);
List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >();
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceCategory, resourceCategory));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceId, resourceId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetCategory, "Table"));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetId, tableName));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionId, permissionId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldDeletionStateCode, 0));
// 1:先获取是否有这样的主键,若有进行更新操作。
BasePermissionScopeManager manager = new BasePermissionScopeManager(this.DbHelper, this.UserInfo);
var dt = manager.GetDataTable(parameters);
if (dt.Rows.Count > 0)
{
entity = BaseEntity.Create <BasePermissionScopeEntity>(dt);
}
return(entity);
}
/// <summary>
/// 获得有某个权限的所有用户主键
/// </summary>
/// <param name="organizeId">组织机构主键</param>
/// <param name="permissionCode">操作权限编号</param>
/// <param name="permissionItemName">操作权限名称</param>
/// <returns>用户主键数组</returns>
public string[] GetUserIds(string systemCode, string organizeId, string permissionCode, string permissionName = null)
{
string permissionId = string.Empty;
// 若不存在就需要自动能增加一个操作权限项
permissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode);
return(GetUserIdsByPermissionId(organizeId, permissionId));
}
public string SetUserOrganizeScope(string systemCode, string userId, PermissionOrganizeScope permissionScope, string permissionCode = "Resource.AccessPermission", bool containChild = false)
{
string result = string.Empty;
string permissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode);
if (!string.IsNullOrEmpty(permissionId))
{
string tableName = BaseOrganizeScopeEntity.TableName;
if (!string.IsNullOrEmpty(systemCode))
{
tableName = systemCode + "OrganizeScope";
}
BaseOrganizeScopeManager organizeScopeManager = new BaseOrganizeScopeManager(this.DbHelper, this.UserInfo, tableName);
List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >();
parameters.Add(new KeyValuePair <string, object>(BaseOrganizeScopeEntity.FieldResourceCategory, BaseUserEntity.TableName));
parameters.Add(new KeyValuePair <string, object>(BaseOrganizeScopeEntity.FieldResourceId, userId));
parameters.Add(new KeyValuePair <string, object>(BaseOrganizeScopeEntity.FieldPermissionId, permissionId));
result = organizeScopeManager.GetId(parameters);
BaseOrganizeScopeEntity organizeScopeEntity = null;
if (string.IsNullOrEmpty(result))
{
organizeScopeEntity = new BaseOrganizeScopeEntity();
}
else
{
organizeScopeEntity = organizeScopeManager.GetObject(result);
}
organizeScopeEntity.AllData = (permissionScope == PermissionOrganizeScope.AllData ? 1 : 0);
organizeScopeEntity.Province = (permissionScope == PermissionOrganizeScope.Province ? 1 : 0);
organizeScopeEntity.City = (permissionScope == PermissionOrganizeScope.City ? 1 : 0);
organizeScopeEntity.District = (permissionScope == PermissionOrganizeScope.District ? 1 : 0);
organizeScopeEntity.UserCompany = (permissionScope == PermissionOrganizeScope.UserCompany ? 1 : 0);
organizeScopeEntity.UserSubCompany = (permissionScope == PermissionOrganizeScope.UserSubCompany ? 1 : 0);
organizeScopeEntity.UserDepartment = (permissionScope == PermissionOrganizeScope.UserDepartment ? 1 : 0);
organizeScopeEntity.UserSubDepartment = (permissionScope == PermissionOrganizeScope.UserSubDepartment ? 1 : 0);
organizeScopeEntity.UserWorkgroup = (permissionScope == PermissionOrganizeScope.UserWorkgroup ? 1 : 0);
organizeScopeEntity.OnlyOwnData = (permissionScope == PermissionOrganizeScope.OnlyOwnData ? 1 : 0);
organizeScopeEntity.ByDetails = (permissionScope == PermissionOrganizeScope.ByDetails ? 1 : 0);
organizeScopeEntity.NotAllowed = (permissionScope == PermissionOrganizeScope.NotAllowed ? 1 : 0);
organizeScopeEntity.Enabled = 1;
organizeScopeEntity.DeletionStateCode = 0;
organizeScopeEntity.ContainChild = containChild ? 1 : 0;
organizeScopeEntity.PermissionId = int.Parse(permissionId);
organizeScopeEntity.ResourceCategory = BaseUserEntity.TableName;
organizeScopeEntity.ResourceId = userId;
if (string.IsNullOrEmpty(result))
{
result = organizeScopeManager.Add(organizeScopeEntity);
}
else
{
organizeScopeManager.Update(organizeScopeEntity);
}
}
return(result);
}
/// <summary>
/// 直接看用户本身是否有这个权限(不管角色是否有权限)
/// </summary>
/// <param name="systemCode">系统</param>
/// <param name="userId">用户主键</param>
/// <param name="permissionCode">权限主键</param>
/// <returns>是否有权限</returns>
public bool CheckPermissionByUser(string systemCode, string userId, string permissionCode)
{
string permissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode);
// 没有找到相应的权限
if (String.IsNullOrEmpty(permissionId))
{
return(false);
}
return(CheckResourcePermission(systemCode, BaseUserEntity.TableName, userId, permissionId));
}
/// <summary>
/// 获取用户的件约束表达式
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="tableName">表名</param>
/// <returns>主键</returns>
public string GetUserConstraint(string tableName, string permissionCode = "Resource.AccessPermission")
{
string result = string.Empty;
// 这里是获取用户的条件表达式
// 1: 首先用户在哪些角色里是有效的?
// 2: 这些角色都有哪些哪些条件约束?
// 3: 组合约束条件?
// 4:用户本身的约束条件?
string permissionId = string.Empty;
permissionId = BaseModuleManager.GetIdByCodeByCache(this.UserInfo.SystemCode, permissionCode);
BaseUserManager manager = new BaseUserManager(this.DbHelper, this.UserInfo);
string[] roleIds = manager.GetRoleIds(UserInfo.Id);
if (roleIds == null || roleIds.Length == 0)
{
return(result);
}
BasePermissionScopeManager scopeManager = new BasePermissionScopeManager(this.DbHelper, this.UserInfo);
List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >();
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceCategory, BaseRoleEntity.TableName));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceId, roleIds));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetCategory, "Table"));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetId, tableName));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionId, permissionId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldEnabled, 1));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldDeletionStateCode, 0));
DataTable dtPermissionScope = scopeManager.GetDataTable(parameters);
string permissionConstraint = string.Empty;
foreach (DataRow dr in dtPermissionScope.Rows)
{
permissionConstraint = dr[BasePermissionScopeEntity.FieldPermissionConstraint].ToString();
permissionConstraint = permissionConstraint.Trim();
if (!string.IsNullOrEmpty(permissionConstraint))
{
result += " AND " + permissionConstraint;
}
}
if (!string.IsNullOrEmpty(result))
{
result = result.Substring(5);
// 解析替换约束表达式标准函数
result = ConstraintUtil.PrepareParameter(this.UserInfo, result);
}
return(result);
}
//
// 撤销授权范围的实现部分
//
#region private int RevokeRole(BasePermissionScopeManager manager, string userId, string revokeRoleId, string permissionCode) 为了提高授权的运行速度
/// <summary>
/// 为了提高授权的运行速度
/// </summary>
/// <param name="manager">权限域读写器</param>
/// <param name="userId">用户主键</param>
/// <param name="revokeRoleId">权限主键</param>
/// <param name="permissionCode">权限编号</param>
/// <returns>主键</returns>
private int RevokeRole(BasePermissionScopeManager manager, string systemCode, string userId, string revokeRoleId, string permissionCode)
{
string permissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode);
string roleTableName = UserInfo.SystemCode + "Role";
List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >();
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceCategory, BaseUserEntity.TableName));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceId, userId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetCategory, roleTableName));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetId, revokeRoleId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionId, permissionId));
return(manager.Delete(parameters));
}
/// <summary>
/// 用户授予权限
/// </summary>
/// <param name="systemCode">系统编号</param>
/// <param name="userId">用户主键</param>
/// <param name="permissionCode">权限编号</param>
/// <returns>影响行数</returns>
public int RevokeByPermissionCode(string systemCode, string userId, string permissionCode)
{
int result = 0;
string permissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode);
if (!String.IsNullOrEmpty(permissionId))
{
result = this.Revoke(systemCode, userId, permissionId);
}
return(result);
}
/// <summary>
/// 用户授予权限
/// </summary>
/// <param name="systemCode">系统编号</param>
/// <param name="userId">用户主键</param>
/// <param name="permissionCode">权限编号</param>
public string GrantByPermissionCode(string systemCode, string userId, string permissionCode)
{
string result = string.Empty;
string permissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode);
if (!String.IsNullOrEmpty(permissionId))
{
result = this.Grant(systemCode, userId, permissionId);
}
return(result);
}
//
// 授予授权范围的实现部分
//
#region private string GrantPermission(BasePermissionScopeManager manager, string id, string userId, string grantPermissionId) 为了提高授权的运行速度
/// <summary>
/// 为了提高授权的运行速度
/// </summary>
/// <param name="manager">权限域读写器</param>
/// <param name="userId">用户主键</param>
/// <param name="grantPermissionId">权限主键</param>
/// <param name="permissionCode">权限编号</param>
/// <returns>主键</returns>
private string GrantPermission(BasePermissionScopeManager permissionScopeManager, string systemCode, string userId, string grantPermissionId, string permissionCode)
{
string result = string.Empty;
BasePermissionScopeEntity resourcePermissionScopeEntity = new BasePermissionScopeEntity();
resourcePermissionScopeEntity.PermissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode);
resourcePermissionScopeEntity.ResourceCategory = BaseUserEntity.TableName;
resourcePermissionScopeEntity.ResourceId = userId;
resourcePermissionScopeEntity.TargetCategory = BaseModuleEntity.TableName;
resourcePermissionScopeEntity.TargetId = grantPermissionId;
resourcePermissionScopeEntity.Enabled = 1;
resourcePermissionScopeEntity.DeletionStateCode = 0;
return(permissionScopeManager.Add(resourcePermissionScopeEntity));
}
public static bool CheckPermissionByRoleByCache(string systemCode, string roleId, string permissionCode)
{
string permissionId = string.Empty;
permissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode);
// 没有找到相应的权限
if (String.IsNullOrEmpty(permissionId))
{
return(false);
}
string[] permissionIds = BaseRolePermissionManager.GetPermissionIdsByCache(systemCode, new string[] { roleId });
return(Array.IndexOf(permissionIds, permissionId) >= 0);
}
/// <summary>
/// 获取委托列表
/// </summary>
/// <param name="permissionCode">操作权限编号</param>
/// <param name="userId">用户主键</param>
/// <returns>数据表</returns>
public DataTable GetAuthorizeDT(string systemCode, string permissionCode, string userId = null)
{
if (userId == null)
{
userId = this.UserInfo.Id;
}
// 获取别人委托我的列表
string permissionId = string.Empty;
permissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode);
string tableName = systemCode + "PermissionScope";
BasePermissionScopeManager permissionScopeManager = new BasePermissionScopeManager(this.UserInfo, tableName);
string[] names = new string[] {
BasePermissionScopeEntity.FieldDeletionStateCode
, BasePermissionScopeEntity.FieldEnabled
, BasePermissionScopeEntity.FieldResourceCategory
, BasePermissionScopeEntity.FieldPermissionId
, BasePermissionScopeEntity.FieldTargetCategory
, BasePermissionScopeEntity.FieldTargetId
};
Object[] values = new Object[] { 0, 1, BaseUserEntity.TableName, permissionId, BaseUserEntity.TableName, userId };
// 排除过期的,此方法有性能问题,已经放到后台的Sql中处理。 comment by zgl on 2011-10-27
//var result = manager.GetDataTable(names, values);
//for (int i = 0; i < result.Rows.Count; i++)
//{
// if (!string.IsNullOrEmpty(result.Rows[i][BasePermissionScopeEntity.FieldEndDate].ToString()))
// {
// // 过期的不显示
// if (DateTime.Parse(result.Rows[i][BasePermissionScopeEntity.FieldEndDate].ToString()).Date < DateTime.Now.Date)
// {
// result.Rows.RemoveAt(i);
// // result 行数会减少
// i--;
// }
// }
//}
//排除过期的,已经放到后台的Sql中处理。
var dt = permissionScopeManager.GetAuthoriedList(BaseUserEntity.TableName, permissionId, BaseUserEntity.TableName, userId);
string[] userIds = BaseBusinessLogic.FieldToArray(dt, BasePermissionScopeEntity.FieldResourceId).Distinct <string>().Where(t => !string.IsNullOrEmpty(t)).ToArray();
BaseUserManager userManager = new BaseUserManager(this.UserInfo);
return(userManager.GetDataTable(userIds));
}
/// <summary>
/// 用户角色关系是否有模块权限
/// 2015-12-15 吉日嘎拉 优化参数化
/// </summary>
/// <param name="systemCode">系统编号</param>
/// <param name="roleId">角色主键</param>
/// <param name="permissionCode">权限编号</param>
/// <returns>有角色权限</returns>
public bool CheckPermissionByRole(string systemCode, string roleId, string permissionCode)
{
// 判断当前判断的权限是否存在,否则很容易出现前台设置了权限,后台没此项权限
// 需要自动的能把前台判断过的权限,都记录到后台来
string permissionId = string.Empty;
#if (DEBUG)
if (String.IsNullOrEmpty(permissionId))
{
BaseModuleEntity permissionEntity = new BaseModuleEntity();
permissionEntity.Code = permissionCode;
permissionEntity.FullName = permissionCode;
permissionEntity.IsScope = 0;
permissionEntity.IsPublic = 0;
permissionEntity.IsMenu = 0;
permissionEntity.IsVisible = 1;
permissionEntity.AllowDelete = 1;
permissionEntity.AllowEdit = 1;
permissionEntity.DeletionStateCode = 0;
permissionEntity.Enabled = 1;
// 这里是防止主键重复?
// permissionEntity.ID = BaseBusinessLogic.NewGuid();
BaseModuleManager moduleManager = new Business.BaseModuleManager();
moduleManager.AddObject(permissionEntity);
}
else
{
// 更新最后一次访问日期,设置为当前服务器日期
SQLBuilder sqlBuilder = new SQLBuilder(DbHelper);
sqlBuilder.BeginUpdate(this.CurrentTableName);
sqlBuilder.SetDBNow(BaseModuleEntity.FieldLastCall);
sqlBuilder.SetWhere(BaseModuleEntity.FieldId, permissionId);
sqlBuilder.EndUpdate();
}
#endif
permissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode);
// 没有找到相应的权限
if (String.IsNullOrEmpty(permissionId))
{
return(false);
}
string resourceCategory = systemCode + "Role";
return(CheckResourcePermission(systemCode, resourceCategory, roleId, permissionId));
}
public string GetPermissionIdByCode(string permissionCode)
{
string systemCode = "Base";
if (UserInfo != null && !string.IsNullOrEmpty(UserInfo.SystemCode))
{
systemCode = UserInfo.SystemCode;
}
/*
* string tableName = systemCode + "Module";
* BaseModuleManager moduleManager = new BaseModuleManager(DbHelper, UserInfo, tableName);
* // 这里应该是若不存在就自动加一个操作权限
* return moduleManager.GetIdByAdd(permissionCode);
*/
return(BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode));
}
/// <summary>
/// 设置约束条件
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="resourceCategory">资源类别</param>
/// <param name="resourceId">资源主键</param>
/// <param name="tableName">表名</param>
/// <param name="constraint">约束</param>
/// <param name="enabled">有效</param>
/// <param name="permissionCode">操作权限项</param>
/// <returns>主键</returns>
public string SetConstraint(string resourceCategory, string resourceId, string tableName, string permissionCode, string constraint, bool enabled = true)
{
string result = string.Empty;
string permissionId = string.Empty;
permissionId = BaseModuleManager.GetIdByCodeByCache(this.UserInfo.SystemCode, permissionCode);
List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >();
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceCategory, resourceCategory));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceId, resourceId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetCategory, "Table"));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetId, tableName));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionId, permissionId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldDeletionStateCode, 0));
BasePermissionScopeManager manager = new BasePermissionScopeManager(this.DbHelper, this.UserInfo);
// 1:先获取是否有这样的主键,若有进行更新操作。
// 2:若没有进行添加操作。
result = manager.GetId(parameters);
if (!string.IsNullOrEmpty(result))
{
parameters = new List <KeyValuePair <string, object> >();
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionConstraint, constraint));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldEnabled, enabled ? 1 : 0));
manager.SetProperty(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldId, result), parameters);
}
else
{
BasePermissionScopeEntity entity = new BasePermissionScopeEntity();
entity.ResourceCategory = resourceCategory;
entity.ResourceId = resourceId;
entity.TargetCategory = "Table";
entity.TargetId = tableName;
entity.PermissionConstraint = constraint;
entity.PermissionId = permissionId;
entity.DeletionStateCode = 0;
entity.Enabled = enabled ? 1: 0;
result = manager.Add(entity);
}
return(result);
}
/// <summary>
/// 撤销角色权限
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="roleName">角色名</param>
/// <param name="permissionCode">权限编号</param>
/// <returns>主键</returns>
public int RevokeRolePermission(BaseUserInfo userInfo, string roleName, string permissionCode)
{
int result = 0;
var parameter = ServiceInfo.Create(userInfo, MethodBase.GetCurrentMethod());
ServiceUtil.ProcessUserCenterWriteDb(userInfo, parameter, (dbHelper) =>
{
string roleId = BaseRoleManager.GetIdByNameByCache(userInfo.SystemCode, roleName);
string permissionId = BaseModuleManager.GetIdByCodeByCache(userInfo.SystemCode, permissionCode);
if (!String.IsNullOrEmpty(roleId) && !String.IsNullOrEmpty(permissionId))
{
var rolePermissionManager = new BaseRolePermissionManager(dbHelper, userInfo);
result = rolePermissionManager.Revoke(userInfo.SystemCode, roleId, permissionId);
}
});
return(result);
}
/// <summary>
/// 获取用户权限树
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="userId">用户主键</param>
/// <param name="permissionName">权限名称</param>
/// <param name="permissionCode">权限编号</param>
/// <returns>用户主键</returns>
public string[] GetPermissionTreeUserIds(string systemCode, string userId, string permissionCode, string permissionName = null)
{
string[] result = null;
string tableName = string.Empty;
string permissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode);
if (!string.IsNullOrEmpty(permissionId))
{
tableName = " (SELECT ResourceId, TargetId FROM " + UserInfo.SystemCode + "PermissionScope WHERE Enabled = 1 AND DeletionStateCode = 0 AND ResourceCategory = '" + BaseUserEntity.TableName + "' AND TargetCategory = '" + BaseUserEntity.TableName + "' AND PermissionId = " + permissionId + ") T ";
// tableName = UserInfo.SystemCode + "UserUserScope";
string fieldParentId = "ResourceId"; //"ManagerUserId";
string fieldId = "TargetId"; // "UserId";
string order = null;
bool idOnly = true;
DataTable dt = DbLogic.GetChildrens(this.DbHelper, tableName, fieldId, userId, fieldParentId, order, idOnly);
result = BaseBusinessLogic.FieldToArray(dt, "TargetId");
}
return(result);
}
////
////
//// 授权范围管理部分
////
////
#region public string[] GetUserIds(string systemCode, string userId, string permissionCode) 获取员工的权限主键数组
/// <summary>
/// 获取员工的权限主键数组
/// </summary>
/// <param name="systemCode">系统编号</param>
/// <param name="userId">用户主键</param>
/// <param name="permissionCode">权限编号</param>
/// <returns>主键数组</returns>
public string[] GetUserIds(string systemCode, string userId, string permissionCode)
{
string[] result = null;
string permissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode);
if (!string.IsNullOrEmpty(permissionId))
{
List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >();
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceCategory, BaseUserEntity.TableName));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceId, userId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetCategory, BaseUserEntity.TableName));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionId, permissionId));
// 20130605 JiRiGaLa 这个运行效率更高一些
result = this.GetProperties(parameters, BasePermissionScopeEntity.FieldTargetId);
// var result = this.GetDataTable(parameters);
// result = BaseBusinessLogic.FieldToArray(result, BasePermissionScopeEntity.FieldTargetId).Distinct<string>().Where(t => !string.IsNullOrEmpty(t)).ToArray();
}
return(result);
}
//
// 授予授权范围的实现部分
//
#region private string GrantRole(BasePermissionScopeManager manager, string id, string userId, string grantRoleId) 为了提高授权的运行速度
/// <summary>
/// 为了提高授权的运行速度
/// </summary>
/// <param name="manager">权限范围管理器</param>
/// <param name="systemCode">系统编号</param>
/// <param name="userId">用户主键</param>
/// <param name="grantRoleId">权限主键</param>
/// <param name="permissionCode">权限编号</param>
/// <returns>主键</returns>
private string GrantRole(BasePermissionScopeManager manager, string systemCode, string userId, string grantRoleId, string permissionCode)
{
string result = string.Empty;
string permissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode);
if (!string.IsNullOrEmpty(permissionId))
{
string roleTableName = systemCode + "Role";
BasePermissionScopeEntity entity = new BasePermissionScopeEntity();
entity.PermissionId = permissionId;
entity.ResourceCategory = BaseUserEntity.TableName;
entity.ResourceId = userId;
entity.TargetCategory = roleTableName;
entity.TargetId = grantRoleId;
entity.Enabled = 1;
entity.DeletionStateCode = 0;
result = manager.Add(entity);
}
return(result);
}
/// <summary>
///
/// </summary>
/// <param name="result"></param>
/// <param name="resourceCategory"></param>
/// <param name="targetId"></param>
/// <param name="targetResourceCategory"></param>
/// <param name="permissionCode"></param>
/// <returns></returns>
public string[] GetPermissionScopeResourceIds(BaseUserInfo userInfo, string resourceCategory, string targetId, string targetResourceCategory, string permissionCode)
{
string[] result = null;
var parameter = ServiceInfo.Create(userInfo, MethodBase.GetCurrentMethod());
ServiceUtil.ProcessUserCenterReadDb(userInfo, parameter, (dbHelper) =>
{
string permissionId = BaseModuleManager.GetIdByCodeByCache(userInfo.SystemCode, permissionCode);
List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >();
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetId, targetId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceCategory, resourceCategory));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionId, permissionId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetCategory, targetResourceCategory));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldEnabled, 1));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldDeletionStateCode, 0));
string tableName = userInfo.SystemCode + "PermissionScope";
result = DbLogic.GetProperties(dbHelper, tableName, parameters, 0, BasePermissionScopeEntity.FieldResourceId);
});
return(result);
}
/// <summary>
/// 为了提高授权的运行速度
/// </summary>
/// <param name="manager">权限域读写器</param>
/// <param name="userId">用户主键</param>
/// <param name="grantOrganizeId">权组织机构限主键</param>
/// <param name="permissionCode">权限编号</param>
/// <returns>主键</returns>
private string GrantOrganize(BasePermissionScopeManager manager, string systemCode, string userId, string grantOrganizeId, string permissionCode = "Resource.AccessPermission", bool containChild = false)
{
string result = string.Empty;
string permissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode);
if (!string.IsNullOrEmpty(permissionId))
{
List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >();
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceCategory, BaseUserEntity.TableName));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceId, userId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetCategory, BaseOrganizeEntity.TableName));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetId, grantOrganizeId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionId, permissionId));
// Nick Deng 优化数据权限设置,没有权限和其他任意一种权限互斥
// 即当没有权限时,该用户对应该数据权限的其他权限都应删除
// 当该用户拥有对应该数据权限的其他权限时,删除该用户的没有权限的权限
result = manager.GetId(parameters);
if (!string.IsNullOrEmpty(result))
{
manager.SetProperty(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldId, result), new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldContainChild, containChild ? 1 : 0));
}
else
{
BasePermissionScopeEntity entity = new BasePermissionScopeEntity();
entity.PermissionId = permissionId;
entity.ResourceCategory = BaseUserEntity.TableName;
entity.ResourceId = userId;
entity.TargetCategory = BaseOrganizeEntity.TableName;
entity.TargetId = grantOrganizeId;
entity.ContainChild = containChild ? 1 : 0;
entity.Enabled = 1;
entity.DeletionStateCode = 0;
result = manager.Add(entity);
}
}
return(result);
}
////
////
//// 授权范围管理部分
////
////
#region public string[] GetPermissionIds(string userId, string permissionCode) 获取员工的权限主键数组
/// <summary>
/// 获取员工的权限主键数组
/// </summary>
/// <param name="userId">员工主键</param>
/// <param name="permissionCode">权限编号</param>
/// <returns>主键数组</returns>
public string[] GetPermissionIds(string systemCode, string userId, string permissionCode)
{
string[] result = null;
List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >();
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceCategory, BaseUserEntity.TableName));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceId, userId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetCategory, BaseModuleEntity.TableName));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionId, BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode)));
var dt = this.GetDataTable(parameters);
result = BaseBusinessLogic.FieldToArray(dt, BasePermissionScopeEntity.FieldTargetId).Distinct <string>().Where(t => !string.IsNullOrEmpty(t)).ToArray();
return(result);
}
private string GetSearchConditional(string permissionCode, string where, bool?enabled, string auditStates, string companyId = null, string departmentId = null)
{
string whereClause = BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldDeletionStateCode + " = 0 ";
if (enabled.HasValue)
{
if (enabled == true)
{
whereClause += " AND " + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldEnabled + " = 1 ";
}
else
{
whereClause += " AND " + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldEnabled + " = 0 ";
}
}
if (!String.IsNullOrEmpty(where))
{
// 传递过来的表达式,还是搜索值?
if (where.IndexOf("AND") < 0 && where.IndexOf("=") < 0)
{
where = StringUtil.GetSearchString(where);
whereClause += " AND ("
+ BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldUserName + " LIKE '" + where + "'"
// + " OR " + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldSimpleSpelling + " LIKE '" + where + "'"
+ " OR " + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldCode + " LIKE '" + where + "'"
+ " OR " + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldRealName + " LIKE '" + where + "'"
+ " OR " + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldQuickQuery + " LIKE '" + where + "'"
+ " OR " + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldCompanyName + " LIKE '" + where + "'"
+ " OR " + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldDepartmentName + " LIKE '" + where + "'"
// + " OR " + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldDescription + " LIKE '" + search + "'"
+ ")";
}
else
{
whereClause += " AND (" + where + ")";
}
}
if (!string.IsNullOrEmpty(departmentId))
{
/*
* BaseOrganizeManager organizeManager = new BaseOrganizeManager(this.DbHelper, this.UserInfo);
* string[] ids = organizeManager.GetChildrensId(BaseOrganizeEntity.FieldId, departmentId, BaseOrganizeEntity.FieldParentId);
* if (ids != null && ids.Length > 0)
* {
* whereClause += " AND (" + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldCompanyId + " IN (" + StringUtil.ArrayToList(ids) + ")"
+ " OR " + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldDepartmentId + " IN (" + StringUtil.ArrayToList(ids) + ")"
+ " OR " + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldWorkgroupId + " IN (" + StringUtil.ArrayToList(ids) + "))";
+ }
*/
whereClause += " AND (" + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldDepartmentId + " = " + departmentId + ")";
}
if (!string.IsNullOrEmpty(companyId))
{
whereClause += " AND (" + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldCompanyId + " = " + companyId + ")";
}
if (enabled != null)
{
whereClause += " AND (" + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldEnabled + " = " + ((bool)enabled ? 1 : 0) + ")";
}
// 是否过滤用户, 获得组织机构列表, 这里需要一个按用户过滤得功能
if (!string.IsNullOrEmpty(permissionCode) && (!UserInfo.IsAdministrator) && (BaseSystemInfo.UsePermissionScope))
{
// string permissionCode = "Resource.ManagePermission";
string permissionId = BaseModuleManager.GetIdByCodeByCache(UserInfo.SystemCode, permissionCode);
if (!string.IsNullOrEmpty(permissionId))
{
// 从小到大的顺序进行显示,防止错误发生
BaseUserScopeManager userPermissionScopeManager = new BaseUserScopeManager(this.DbHelper, this.UserInfo);
string[] organizeIds = userPermissionScopeManager.GetOrganizeIds(UserInfo.SystemCode, UserInfo.Id, permissionId);
// 没有任何数据权限
if (StringUtil.Exists(organizeIds, ((int)PermissionOrganizeScope.NotAllowed).ToString()))
{
whereClause += " AND (" + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldId + " = NULL ) ";
}
// 按详细设定的数据
if (StringUtil.Exists(organizeIds, ((int)PermissionOrganizeScope.ByDetails).ToString()))
{
BasePermissionScopeManager permissionScopeManager = new BasePermissionScopeManager(DbHelper, UserInfo);
string[] userIds = permissionScopeManager.GetUserIds(UserInfo.SystemCode, UserInfo.Id, permissionCode);
whereClause += " AND (" + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldId + " IN (" + string.Join(",", userIds) + ")) ";
}
// 自己的数据,仅本人
if (StringUtil.Exists(organizeIds, ((int)PermissionOrganizeScope.OnlyOwnData).ToString()))
{
whereClause += " AND (" + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldId + " = " + this.UserInfo.Id + ") ";
}
// 用户所在工作组数据
if (StringUtil.Exists(organizeIds, ((int)PermissionOrganizeScope.UserWorkgroup).ToString()))
{
// whereClause += " AND (" + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldWorkgroupId + " = " + this.UserInfo.WorkgroupId + ") ";
}
// 用户所在部门数据
if (StringUtil.Exists(organizeIds, ((int)PermissionOrganizeScope.UserDepartment).ToString()))
{
whereClause += " AND (" + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldDepartmentId + " = " + this.UserInfo.DepartmentId + ") ";
}
// 用户所在分支机构数据
if (StringUtil.Exists(organizeIds, ((int)PermissionOrganizeScope.UserSubCompany).ToString()))
{
// whereClause += " AND (" + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldSubCompanyId + " = " + this.UserInfo.SubCompanyId + ") ";
}
// 用户所在公司数据
if (StringUtil.Exists(organizeIds, ((int)PermissionOrganizeScope.UserCompany).ToString()))
{
whereClause += " AND (" + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldCompanyId + " = " + this.UserInfo.CompanyId + ") ";
}
// 全部数据,这里就不用设置过滤条件了
if (StringUtil.Exists(organizeIds, ((int)PermissionOrganizeScope.AllData).ToString()))
{
}
}
}
return(whereClause);
}
//
// 授予授权范围的实现部分
//
#region private string GrantUser(BasePermissionScopeManager manager, string userId, string grantUserId, string permissionCode) 为了提高授权的运行速度
/// <summary>
/// 为了提高授权的运行速度
/// </summary>
/// <param name="manager">权限域读写器</param>
/// <param name="userId">用户主键</param>
/// <param name="grantUserId">权限主键</param>
/// <param name="permissionCode">权限编号</param>
/// <returns>主键</returns>
private string GrantUser(BasePermissionScopeManager permissionScopeManager, string systemCode, string userId, string grantUserId, string permissionCode)
{
string result = string.Empty;
List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >();
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceCategory, BaseUserEntity.TableName));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceId, userId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetCategory, BaseUserEntity.TableName));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetId, grantUserId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionId, BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode)));
if (!this.Exists(parameters))
{
BasePermissionScopeEntity resourcePermissionScopeEntity = new BasePermissionScopeEntity();
resourcePermissionScopeEntity.PermissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode);
resourcePermissionScopeEntity.ResourceCategory = BaseUserEntity.TableName;
resourcePermissionScopeEntity.ResourceId = userId;
resourcePermissionScopeEntity.TargetCategory = BaseUserEntity.TableName;
resourcePermissionScopeEntity.TargetId = grantUserId;
resourcePermissionScopeEntity.Enabled = 1;
resourcePermissionScopeEntity.DeletionStateCode = 0;
return(permissionScopeManager.Add(resourcePermissionScopeEntity));
}
return(result);
}
/*
* public List<BaseOrganizeScopeEntity> GetUserOrganizeScopes(string userId, string permissionCode = "Resource.AccessPermission")
* {
* List<BaseOrganizeScopeEntity> result = null;
* string result = this.GetPermissionIdByCode(permissionCode);
* if (!string.IsNullOrEmpty(result))
* {
* BaseOrganizeScopeManager organizeScopeManager = new BaseOrganizeScopeManager(this.DbHelper, this.UserInfo);
* List<KeyValuePair<string, object>> parameters = new List<KeyValuePair<string, object>>();
* parameters.Add(new KeyValuePair<string, object>(BaseOrganizeScopeEntity.FieldResourceCategory, BaseUserEntity.TableName));
* parameters.Add(new KeyValuePair<string, object>(BaseOrganizeScopeEntity.FieldResourceId, userId));
* parameters.Add(new KeyValuePair<string, object>(BaseOrganizeScopeEntity.FieldPermissionId, result));
* result = organizeScopeManager.GetList<BaseOrganizeScopeEntity>(parameters);
* }
* return result;
* }
*/
public PermissionOrganizeScope GetUserOrganizeScope(string systemCode, string userId, out bool containChild, string permissionCode = "Resource.AccessPermission")
{
containChild = false;
PermissionOrganizeScope permissionScope = PermissionOrganizeScope.UserCompany;
BaseOrganizeScopeEntity organizeScopeEntity = null;
string permissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode);
if (!string.IsNullOrEmpty(permissionId))
{
string tableName = BaseOrganizeScopeEntity.TableName;
if (!string.IsNullOrEmpty(systemCode))
{
tableName = systemCode + "OrganizeScope";
}
BaseOrganizeScopeManager organizeScopeManager = new BaseOrganizeScopeManager(this.DbHelper, this.UserInfo, tableName);
List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >();
parameters.Add(new KeyValuePair <string, object>(BaseOrganizeScopeEntity.FieldResourceCategory, BaseUserEntity.TableName));
parameters.Add(new KeyValuePair <string, object>(BaseOrganizeScopeEntity.FieldResourceId, userId));
parameters.Add(new KeyValuePair <string, object>(BaseOrganizeScopeEntity.FieldPermissionId, permissionId));
DataTable dt = organizeScopeManager.GetDataTable(parameters);
if (dt != null && dt.Rows.Count > 0)
{
organizeScopeEntity = BaseOrganizeScopeEntity.Create <BaseOrganizeScopeEntity>(dt);
}
}
if (organizeScopeEntity != null)
{
if (organizeScopeEntity.ContainChild == 1)
{
containChild = true;
}
if (organizeScopeEntity.AllData == 1)
{
permissionScope = PermissionOrganizeScope.AllData;
}
if (organizeScopeEntity.Province == 1)
{
permissionScope = PermissionOrganizeScope.Province;
}
if (organizeScopeEntity.City == 1)
{
permissionScope = PermissionOrganizeScope.City;
}
if (organizeScopeEntity.District == 1)
{
permissionScope = PermissionOrganizeScope.District;
}
if (organizeScopeEntity.ByDetails == 1)
{
permissionScope = PermissionOrganizeScope.ByDetails;
}
if (organizeScopeEntity.NotAllowed == 1)
{
permissionScope = PermissionOrganizeScope.NotAllowed;
}
if (organizeScopeEntity.OnlyOwnData == 1)
{
permissionScope = PermissionOrganizeScope.OnlyOwnData;
}
if (organizeScopeEntity.UserCompany == 1)
{
permissionScope = PermissionOrganizeScope.UserCompany;
}
if (organizeScopeEntity.UserSubCompany == 1)
{
permissionScope = PermissionOrganizeScope.UserSubCompany;
}
if (organizeScopeEntity.UserDepartment == 1)
{
permissionScope = PermissionOrganizeScope.UserDepartment;
}
if (organizeScopeEntity.UserSubDepartment == 1)
{
permissionScope = PermissionOrganizeScope.UserSubDepartment;
}
if (organizeScopeEntity.UserWorkgroup == 1)
{
permissionScope = PermissionOrganizeScope.UserWorkgroup;
}
}
return(permissionScope);
}
/// <summary>
/// 为了提高授权的运行速度
/// </summary>
/// <param name="manager">权限域读写器</param>
/// <param name="userId">用户主键</param>
/// <param name="revokeOrganizeId">权限主键</param>
/// <param name="permissionCode">权限编号</param>
/// <returns>主键</returns>
private int RevokeOrganize(BasePermissionScopeManager manager, string systemCode, string userId, string revokeOrganizeId, string permissionCode)
{
List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >();
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceCategory, BaseUserEntity.TableName));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceId, userId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetCategory, BaseOrganizeEntity.TableName));
if (!string.IsNullOrEmpty(revokeOrganizeId))
{
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetId, revokeOrganizeId));
}
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionId, BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode)));
return(manager.Delete(parameters));
}
public int ClearUserPermissionScope(string systemCode, string userId, string permissionCode)
{
List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >();
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceCategory, BaseUserEntity.TableName));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceId, userId));
parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionId, BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode)));
BasePermissionScopeManager permissionScopeManager = new BasePermissionScopeManager(DbHelper, UserInfo);
return(permissionScopeManager.Delete(parameters));
}
/// <summary>
/// 获取约束条件(所有的约束)
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="resourceCategory">资源类别</param>
/// <param name="resourceId">资源主键</param>
/// <returns>数据表</returns>
public DataTable GetConstraintDT(string resourceCategory, string resourceId, string permissionCode = "Resource.AccessPermission")
{
var dt = new DataTable(BaseTableColumnsEntity.TableName);
/*
* -- 这里是都有哪些表?
* SELECT ItemValue, ItemName
* FROM ItemsTablePermissionScope
* WHERE (DeletionStateCode = 0)
* AND (Enabled = 1)
* ORDER BY ItemsTablePermissionScope.SortCode
*/
/*
* -- 这里是都有有哪些表达式
* SELECT Id, TargetId, PermissionConstraint -- 对什么表有什么表达式?
* FROM BasePermissionScope
* WHERE (ResourceId = 10000000)
* AND (ResourceCategory = 'BaseRole') -- 什么角色?
* AND (TargetId = 'BaseUser')
* AND (TargetCategory = 'Table')
* AND (PermissionId = 10000001) -- 有什么权限?(资源访问权限)
* AND (DeletionStateCode = 0)
* AND (Enabled = 1)
*/
string permissionId = string.Empty;
permissionId = BaseModuleManager.GetIdByCodeByCache(this.UserInfo.SystemCode, permissionCode);
string sqlQuery = @"SELECT BasePermissionScope.Id
, ItemsTablePermissionScope.ItemValue AS TableCode
, ItemsTablePermissionScope.ItemName AS TableName
, BasePermissionScope.PermissionConstraint
, ItemsTablePermissionScope.SortCode
FROM (
SELECT ItemValue
, ItemName
, SortCode
FROM ItemsTablePermissionScope
WHERE (DeletionStateCode = 0)
AND (Enabled = 1)
) AS ItemsTablePermissionScope LEFT OUTER JOIN
(SELECT Id
, TargetId
, PermissionConstraint
FROM BasePermissionScope
WHERE (ResourceCategory = '" + resourceCategory + @"')
AND (ResourceId = " + resourceId + @")
AND (TargetCategory = 'Table')
AND (PermissionId = " + permissionId.ToString() + @")
AND (DeletionStateCode = 0)
AND (Enabled = 1)
) AS BasePermissionScope
ON ItemsTablePermissionScope.ItemValue = BasePermissionScope.TargetId
ORDER BY ItemsTablePermissionScope.SortCode ";
dt = this.Fill(sqlQuery);
dt.TableName = BaseTableColumnsEntity.TableName;
return(dt);
}
