public void Permit(int userId, ACLROLETYPE roleType, int resourceId, ACLOPERATION operation) { // user have to have write privilege on resource CACLEntity acl = new CACLEntity(); acl.Acl_Resource = resourceId; acl.Acl_Operation = (int)ACLOPERATION.WRITE; if (!CheckPrivilege(acl)) { throw new Exception("没有写权限"); } List <CACLEntity> userAcls = new List <CACLEntity>(); if (roleType == ACLROLETYPE.USERROLE) { CUserEntity user = new CUserEntity(ConnString).Load(userId); userAcls = user.GetUserACLs(); } else if (roleType == ACLROLETYPE.GROUPROLE) { CGroupEntity group = new CGroupEntity(ConnString).Load(userId); userAcls = group.GetGroupACLs(); } // check if this acl conflicts with others CResourceEntity resource = new CResourceEntity(ConnString).Load(resourceId); foreach (CACLEntity userAcl in userAcls) { if (resource.IsChild(userAcl.Acl_Resource) && userAcl.Acl_Operation == (int)operation) { throw new Exception("与其他权限冲突"); } } // create acl CACLEntity acl1 = new CACLEntity(ConnString); acl1.Acl_Resource = resourceId; acl1.Acl_Role = userId; acl1.Acl_RType = (int)roleType; acl1.Acl_Operation = (int)operation; acl1.Acl_Creator = this.Usr_Id; acl1.Acl_CreateTime = DateTime.Now; acl1.Insert(); // remove all child privileges foreach (CACLEntity ua in userAcls) { resource = new CResourceEntity(ConnString).Load(ua.Acl_Resource); if (resource.IsChild(resourceId) && ua.Acl_Operation == (int)operation) { ua.Delete(); } } }
private void writeBox_Click(object sender, EventArgs e) { if (shareList.SelectedItems.Count == 1) { ListViewItem item = shareList.SelectedItems[0]; int id = 0; ACLROLETYPE roleType = ACLROLETYPE.USERROLE; if (item.Tag is CUserEntity) { CUserEntity user = (CUserEntity)(item.Tag); id = user.Usr_Id; roleType = ACLROLETYPE.USERROLE; } else if (item.Tag is CGroupEntity) { CGroupEntity group = (CGroupEntity)(item.Tag); id = group.Grp_Id; roleType = ACLROLETYPE.GROUPROLE; } else { throw new Exception("错误的数据类型: "); } try { if (writeBox.Checked) { _currentUser.Permit(id, roleType, _resourceId, ACLOPERATION.WRITE); } else { _currentUser.Deny(id, roleType, _resourceId, ACLOPERATION.WRITE); } if (!readBox.Checked && !writeBox.Checked) { FillUserLists(); } } catch (Exception ex) { MessageBox.Show("共享数据已发生变化:" + ex.Message, "文档管理系统", MessageBoxButtons.OK, MessageBoxIcon.Error); } } }
public void Deny(int userId, ACLROLETYPE roleType, int resourceId, ACLOPERATION operation) { // user have to have write privilege on resource CACLEntity acl = new CACLEntity(); acl.Acl_Resource = resourceId; acl.Acl_Operation = (int)ACLOPERATION.WRITE; if (!CheckPrivilege(acl)) { throw new Exception("没有写权限"); } String filter = "this.Acl_Resource=" + resourceId + " and this.Acl_Operation=" + (int)operation; filter += " and this.Acl_Role=" + userId + " and this.Acl_RType=" + (int)roleType; new CACLEntity(ConnString).Delete(filter); }