Exemplo n.º 1
0
        /// <summary>
        /// 清除指定用户所有权限范围
        /// </summary>
        /// <param name="userInfo">用户</param>
        /// <param name="userId">用户主键</param>
        /// <returns>受影响的行数</returns>
        public int ClearUserPermissionScope(UserInfo userInfo, string userId, string permissionItemCode)
        {
            var returnValue = 0;
            var parameter   = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.PermissionService_ClearUserPermissionScope);

            ServiceUtil.ProcessRDIWriteDbWithTran(userInfo, parameter, dbProvider =>
            {
                var manager = new UserScopeManager(dbProvider, userInfo);
                returnValue = manager.ClearUserPermissionScope(userId, permissionItemCode);
            });
            return(returnValue);
        }
Exemplo n.º 2
0
        /// <summary>
        /// 获取指定用户在某个权限域下所有操作(功能)权限主键数组
        /// </summary>
        /// <param name="userInfo">用户</param>
        /// <param name="userId">用户主键</param>
        /// <param name="permissionItemCode">操作权限编号</param>
        /// <returns>操作权限主键数组</returns>
        public string[] GetScopePermissionItemIdsByUserId(UserInfo userInfo, string userId, string permissionItemCode)
        {
            string[] returnValue = null;
            var      parameter   = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.PermissionService_GetScopePermissionItemIdsByUserId);

            ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider =>
            {
                var userPermissionScope = new UserScopeManager(dbProvider, userInfo);
                returnValue             = userPermissionScope.GetPermissionItemIds(userId, permissionItemCode);
            });
            return(returnValue);
        }
Exemplo n.º 3
0
        /// <summary>
        /// 清除指定用户的所有权限
        ///
        /// 1.清除用户的角色归属。
        /// 2.清除用户的模块权限。
        /// 3.清除用户的操作权限。
        /// </summary>
        /// <param name="userId">用户主键</param>
        /// <returns>大于0回收成功</returns>
        public int ClearUserPermissionByUserId(string userId)
        {
            int returnValue = 0;
            PiUserRoleManager userRoleManager = new PiUserRoleManager(DBProvider, UserInfo);

            returnValue += userRoleManager.EliminateRoleUser(userId);

            var userPermissionManager = new UserPermissionManager(DBProvider, UserInfo);

            returnValue += userPermissionManager.RevokeAll(userId);

            var userPermissionScopeManager = new UserScopeManager(DBProvider, UserInfo);

            returnValue += userPermissionScopeManager.RevokeAll(userId);
            return(returnValue);
        }
Exemplo n.º 4
0
        /// <summary>
        /// 撤消指定用户某个权限域的模块授权范围
        /// </summary>
        /// <param name="userInfo">用户</param>
        /// <param name="userId">用户主键</param>
        /// <param name="permissionScopeItemCode">操作权限编号</param>
        /// <param name="revokeModuleIds">撤消模块主键数组</param>
        /// <returns>影响的行数</returns>
        public int RevokeUserModuleScope(UserInfo userInfo, string userId, string permissionScopeItemCode, string[] revokeModuleIds)
        {
            var returnValue = 0;
            var parameter   = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.PermissionService_RevokeUserModuleScope);

            ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider =>
            {
                var userPermissionScopeManager = new UserScopeManager(dbProvider, userInfo);

                if (revokeModuleIds != null && revokeModuleIds.Length > 0)
                {
                    returnValue = userPermissionScopeManager.RevokeModules(userId, permissionScopeItemCode, revokeModuleIds);
                }
            });
            return(returnValue);
        }
Exemplo n.º 5
0
        /// <summary>
        /// 授予用户某个权限域的操作权限授权范围
        /// </summary>
        /// <param name="userInfo">用户</param>
        /// <param name="userId">用户主键</param>
        /// <param name="permissionItemCode">操作权限编号</param>
        /// <param name="grantPermissionItemIds">授予的操作权限主键数组</param>
        /// <returns>影响的行数</returns>
        public int GrantUserPermissionItemScope(UserInfo userInfo, string userId, string permissionItemCode, string[] grantPermissionItemIds)
        {
            var returnValue = 0;
            var parameter   = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.PermissionService_GrantUserPermissionItemScope);

            ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider =>
            {
                var userPermissionScope = new UserScopeManager(dbProvider, userInfo);

                if (grantPermissionItemIds != null && grantPermissionItemIds.Length > 0)
                {
                    returnValue += userPermissionScope.GrantPermissionItemes(userId, permissionItemCode, grantPermissionItemIds);
                }
            });
            return(returnValue);
        }
Exemplo n.º 6
0
        /// <summary>
        /// 授予用户某个权限域的模块授权范围
        /// </summary>
        /// <param name="userInfo">用户</param>
        /// <param name="userId">用户主键</param>
        /// <param name="permissionScopeItemCode">操作权限编号</param>
        /// <param name="grantModuleId">授予模块主键</param>
        /// <returns>影响的行数</returns>
        public string GrantUserModuleScope(UserInfo userInfo, string userId, string permissionScopeItemCode, string grantModuleId)
        {
            string returnValue = string.Empty;
            var    parameter   = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.PermissionService_GrantUserModuleScope, "用户主键:" + userId + ",模块主键:" + grantModuleId);

            ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider =>
            {
                var userPermissionScopeManager = new UserScopeManager(dbProvider, userInfo);

                if (grantModuleId != null)
                {
                    returnValue = userPermissionScopeManager.GrantModule(userId, permissionScopeItemCode, grantModuleId);
                }
            });

            return(returnValue);
        }
Exemplo n.º 7
0
        private string GetSearchConditional(string permissionScopeCode, string search, string[] roleIds, bool?enabled, string auditStates, string departmentId)
        {
            search = StringHelper.GetSearchString(search);
            string whereConditional = PiUserTable.TableName + "." + PiUserTable.FieldDeleteMark + " = 0 "
                                      + " AND " + PiUserTable.TableName + "." + PiUserTable.FieldIsVisible + " = 1 ";

            if (enabled != null)
            {
                whereConditional += " AND (" + PiUserTable.TableName + "." + PiUserTable.FieldEnabled + " = " + ((bool)enabled ? 1 : 0) + ")";
            }
            if (!String.IsNullOrEmpty(search))
            {
                whereConditional += " AND (" + PiUserTable.TableName + "." + PiUserTable.FieldUserName + " LIKE '" + search + "'"
                                    + " OR " + PiUserTable.TableName + "." + PiUserTable.FieldCode + " LIKE '" + search + "'"
                                    + " OR " + PiUserTable.TableName + "." + PiUserTable.FieldRealName + " LIKE '" + search + "'"
                                    + " OR " + PiUserTable.TableName + "." + PiUserTable.FieldQuickQuery + " LIKE '" + search + "'"
                                    + " OR " + PiUserTable.TableName + "." + PiUserTable.FieldDepartmentName + " LIKE '" + search + "'"
                                    + " OR " + PiUserTable.TableName + "." + PiUserTable.FieldDescription + " LIKE '" + search + "')";
            }
            if (!string.IsNullOrEmpty(departmentId))
            {
                var      organizeManager = new PiOrganizeManager(this.DBProvider, this.UserInfo);
                string[] organizeIds     = organizeManager.GetChildrensId(PiOrganizeTable.FieldId, departmentId, PiOrganizeTable.FieldParentId);
                if (organizeIds != null && organizeIds.Length > 0)
                {
                    whereConditional += " AND (" + PiUserTable.TableName + "." + PiUserTable.FieldCompanyId + " IN (" + StringHelper.ArrayToList(organizeIds, "'") + ")"
                                        + " OR " + PiUserTable.TableName + "." + PiUserTable.FieldSubCompanyId + " IN (" + StringHelper.ArrayToList(organizeIds, "'") + ")"
                                        + " OR " + PiUserTable.TableName + "." + PiUserTable.FieldDepartmentId + " IN (" + StringHelper.ArrayToList(organizeIds, "'") + ")"
                                        + " OR " + PiUserTable.TableName + "." + PiUserTable.FieldSubDepartmentId + " IN (" + StringHelper.ArrayToList(organizeIds, "'") + ")"
                                        + " OR " + PiUserTable.TableName + "." + PiUserTable.FieldWorkgroupId + " IN (" + StringHelper.ArrayToList(organizeIds, "'") + "))";

                    // 从兼职表读取用户
                    whereConditional += " OR " + PiUserTable.TableName + "." + PiUserTable.FieldId + " IN ("
                                        + " SELECT " + PiUserOrganizeTable.FieldUserId
                                        + "   FROM " + PiUserOrganizeTable.TableName
                                        + "  WHERE (" + PiUserOrganizeTable.TableName + "." + PiUserOrganizeTable.FieldDeleteMark + " = 0 ) "
                                        + "       AND ("
                                        + PiUserOrganizeTable.TableName + "." + PiUserOrganizeTable.FieldCompanyId + " = '" + departmentId + "' OR "
                                        + PiUserOrganizeTable.TableName + "." + PiUserOrganizeTable.FieldSubCompanyId + " = '" + departmentId + "' OR "
                                        + PiUserOrganizeTable.TableName + "." + PiUserOrganizeTable.FieldDepartmentId + " = '" + departmentId + "' OR "
                                        + PiUserOrganizeTable.TableName + "." + PiUserOrganizeTable.FieldSubDepartmentId + " = '" + departmentId + "' OR "
                                        + PiUserOrganizeTable.TableName + "." + PiUserOrganizeTable.FieldWorkgroupId + " = '" + departmentId + "')) ";
                }
            }
            if (!String.IsNullOrEmpty(auditStates))
            {
                whereConditional += " AND (" + PiUserTable.TableName + "." + PiUserTable.FieldAuditStatus + " = '" + auditStates + "')";
            }

            if ((roleIds != null) && (roleIds.Length > 0))
            {
                string roles = StringHelper.ArrayToList(roleIds, "'");
                whereConditional += " AND (" + PiUserTable.TableName + "." + PiUserTable.FieldId + " IN (" + "SELECT " + PiUserRoleTable.FieldUserId + " FROM " + PiUserRoleTable.TableName + " WHERE " + PiUserRoleTable.FieldRoleId + " IN (" + roles + ")" + "))";
            }

            // 是否过滤用户, 获得组织机构列表
            if ((!UserInfo.IsAdministrator) && (SystemInfo.EnableUserAuthorizationScope))
            {
                // string permissionScopeCode = "Resource.ManagePermission";
                var    permissionItemManager = new PiPermissionItemManager(this.DBProvider, this.UserInfo);
                string permissionScopeItemId = permissionItemManager.GetId(new KeyValuePair <string, object>(PiPermissionItemTable.FieldCode, permissionScopeCode));
                if (!string.IsNullOrEmpty(permissionScopeItemId))
                {
                    // 从小到大的顺序进行显示,防止错误发生
                    var      userPermissionScopeManager = new UserScopeManager(this.DBProvider, this.UserInfo);
                    string[] organizeIds = userPermissionScopeManager.GetOrganizeIds(this.UserInfo.Id, permissionScopeCode);

                    // 没有任何数据权限
                    if (StringHelper.Exists(organizeIds, ((int)PermissionScope.None).ToString()))
                    {
                        whereConditional += " AND (" + PiUserTable.TableName + "." + PiUserTable.FieldId + " = NULL ) ";
                    }
                    // 按详细设定的数据
                    if (StringHelper.Exists(organizeIds, ((int)PermissionScope.Detail).ToString()))
                    {
                        var      permissionScopeManager = new PiPermissionScopeManager(DBProvider, UserInfo);
                        string[] userIds = permissionScopeManager.GetUserIds(UserInfo.Id, permissionScopeCode);
                        whereConditional += " AND (" + PiUserTable.TableName + "." + PiUserTable.FieldId + " IN (" + BusinessLogic.ObjectsToList(userIds) + ")) ";
                    }
                    // 自己的数据,仅本人
                    if (StringHelper.Exists(organizeIds, ((int)PermissionScope.User).ToString()))
                    {
                        whereConditional += " AND (" + PiUserTable.TableName + "." + PiUserTable.FieldId + " = '" + this.UserInfo.Id + "') ";
                    }
                    // 用户所在工作组数据
                    if (StringHelper.Exists(organizeIds, ((int)PermissionScope.UserWorkgroup).ToString()))
                    {
                        whereConditional += " AND (" + PiUserTable.TableName + "." + PiUserTable.FieldWorkgroupId + " = '" + this.UserInfo.WorkgroupId + "') ";
                    }
                    // 用户所在部门数据
                    if (StringHelper.Exists(organizeIds, ((int)PermissionScope.UserDepartment).ToString()))
                    {
                        whereConditional += " AND (" + PiUserTable.TableName + "." + PiUserTable.FieldDepartmentId + " = '" + this.UserInfo.DepartmentId + "') ";
                    }
                    // 用户所在公司数据
                    if (StringHelper.Exists(organizeIds, ((int)PermissionScope.UserCompany).ToString()))
                    {
                        whereConditional += " AND (" + PiUserTable.TableName + "." + PiUserTable.FieldCompanyId + " = '" + this.UserInfo.CompanyId + "') ";
                    }
                    // 全部数据,这里就不用设置过滤条件了
                    if (StringHelper.Exists(organizeIds, ((int)PermissionScope.All).ToString()))
                    {
                    }
                }
            }
            return(whereConditional);
        }