public PermissionInfo GetPermission(string name, int action = PermissionInfo.NO_ACTION, int type = Profile.FILE_TYPE)
{
if (type == Profile.ORG_TYPE)
{
OrgPermission orgp = new OrgPermission(name);
orgp.RealAction = action;
return orgp;
}
else
{
FilePermissionInfo fp = new FilePermissionInfo(name);
fp.RealAction = action;
return fp;
}
}
private SharedPermissionCollection sharedPermissions; //共享的权限子集
#endregion Fields
#region Constructors
public XcrmPermissionCollection(IXcrmPrincipal principal)
{
this.role = principal.Role ?? Role.EMPTY_ROLE;
this.managedUserGroup = principal.ManagedUserGroup;
string p = "/";
if (principal.Org != null)
{
p = principal.Org.Path.EndsWith("/") ? principal.Org.Path : principal.Org.Path + "/";
}
this.selfPermission = new OrgPermission(principal.IsAdmin ? p + "**/*" : p + principal.Name + "/**/*");
this.sharedPermissions = SharedPermissionCollection.GetSharedPermissionCollection(principal);
}
/// <summary>
/// 使用profile权限工厂构造权限
/// </summary>
/// <param name="path"></param>
/// <param name="name"></param>
/// <param name="action"></param>
/// <param name="type"></param>
public void AddPermission(string path, string name = "", int action = PermissionInfo.NO_ACTION, int type = 1)
{
if (type == 0)
{
//org权限
OrgPermission orgp = new OrgPermission(path);
orgp.RealAction = action;
AddOrgPermission(orgp, name);
}
else
{
//其他资源权限
PermissionInfo fp = Factorys.ProfilePermissionFactory.GetPermission(path, action, type);
AddResourcePermission(fp, name);
}
}
/// <summary>
/// 添加一条机构权限
/// </summary>
/// <param name="pathh"></param>
/// <param name="name"></param>
/// <param name="action"></param>
public void AddOrgPermission(string path, string name = "", string action = "crwxd")
{
OrgPermission orgp = new OrgPermission(path, action);
AddOrgPermission(orgp);
}
/// <summary>
/// 添加机构类型的权限
/// </summary>
/// <param name="p"></param>
public void AddOrgPermission(OrgPermission p, string name = "")
{
if (string.IsNullOrWhiteSpace(name))
name = p.Name;
if (perDic.ContainsKey(name))
perDic.Remove(name);
perDic.Add(name, p);
orgPermissions.Add(p);
}
/// <summary>
/// 保存新增的权限信息
/// </summary>
/// <param name="profile"></param>
/// <param name="success"></param>
/// <returns></returns>
private ChangeProfileCmd SaveAdded(Profile profile, out bool success)
{
success = true;
try
{
if (this.HasArg(ChangeProfileCmd.ARGS_RES_ADDED))
{
IList<PermissionArg> pargs = this.Args.ResAdded is PermissionArg[]
? ((PermissionArg[])this.Args.ResAdded).ToList()
: this.Args.ResAdded as IList<PermissionArg>;
FilePermissionInfo[] ps = new FilePermissionInfo[pargs.Count];
for (int i = 0; i < pargs.Count; i++)
{
ps[i] = new FilePermissionInfo(pargs[i].Path);
ps[i].RealAction |= pargs[i].Action;
}
Factorys.DaoFactory.GetDAO<IAccessDao>().AddPermission(profile.Id, ps);
for (int i = 0; i < ps.Length; i++)
{
profile.AddResourcePermission(ps[i], pargs[i].Name);
}
}
}
catch (Exception e)
{
Logger.Error("新增资源权限时发生错误!", e);
success = false;
}
try
{
if (this.HasArg(ChangeProfileCmd.ARGS_ORG_ADDED))
{
IList<PermissionArg> pargs = this.Args.OrgAdded is PermissionArg[]
? ((PermissionArg[])this.Args.OrgAdded).ToList()
: this.Args.OrgAdded as IList<PermissionArg>;
OrgPermission[] ps = new OrgPermission[pargs.Count];
for (int i = 0; i < pargs.Count; i++)
{
ps[i] = new OrgPermission(pargs[i].Path);
ps[i].RealAction |= pargs[i].Action;
}
Factorys.DaoFactory.GetDAO<IAccessDao>().AddPermission(profile.Id, ps);
for (int i = 0; i < ps.Length; i++)
{
profile.AddOrgPermission(ps[i], pargs[i].Name);
}
}
}
catch (Exception e)
{
Logger.Error("新增机构权限时发生错误!", e);
success = false;
}
return this;
}
/// <summary>
/// 可管理的用户组按照如下方式进行权限判定:
/// 1、自己私有权限列表中如果包含指定权限,则包含
/// 2、遍历可管理的机构,构造机构权限集,如果机构权限集包含指定权限,则包含
/// 3、遍历可管理的角色,如果角色包含指定权限,则包含
/// 4、遍历可管理的身份账户的角色,如果包含指定权限则包含
/// 5、遍历可管理的身份账户,构造FilePermission帐号权限集,如果包含指定权限,则包含
/// </summary>
/// <param name="item"></param>
/// <returns></returns>
public override bool Contains(PermissionInfo item)
{
if (base.Contains(item))
return true;
PermissionInfoCollection pc = BuildOrgPermissionCollection();
//如果org机构权限包含权限
if (pc.Contains(item))
return true;
//如果角色包含指定权限
foreach (Role role in managedRoles.Values)
{
if (role.Contains(item))
return true;
}
//1、如果可管理的其他帐号的角色包含指定权限。2、可管理的身份账户包含指定权限
foreach (IXcrmPrincipal principal in managedPrincipals.Values)
{
if (principal.Role.Contains(item))
return true;
//如果指定身份是管理员,则指定身份可以管理整个机构下的所有,否则只能管理属于自己的资源
string p = principal.Org.Path.EndsWith("/") ? principal.Org.Path : principal.Org.Path + "/";
OrgPermission op = new OrgPermission(principal.IsAdmin ? p + "**/*" : p + principal.Name + "/**/*");
if (op.Contains(item))
return true;
}
return false;
}
