// Map Key string ->ParentCode ("root" is First Level) Value -> Code and Permission
public static Dictionary<string, List<FuncPermissionStatus>> GetAccessPermissions(Guid userId, Language language)
{
Dictionary<string, List<FuncPermissionStatus>> permissions = new Dictionary<string, List<FuncPermissionStatus>>();
string sql = "SELECT DISTINCT pt.Id,pt2.Code AS Parent,pt.Code,rp.[Status],pt.[Level] FROM dbo.RolePermission rp INNER JOIN dbo.UserInRole uir ON uir.RoleId = rp.RoleId INNER JOIN dbo.PermissionTarget pt ON pt.Id=rp.TargetId LEFT JOIN dbo.PermissionTarget pt2 ON pt2.Id = pt.ParentId WHERE pt.TargetType = 1 AND uir.UserId = @userId";
DataAccess.GetInstance().ExecuteReader(sql, CommandType.Text, delegate(SqlDataReader reader)
{
while (reader.Read())
{
FuncPermissionStatus func = new FuncPermissionStatus { Code = reader["Code"].ToString(), HasPermission = (bool)reader["Status"] };
if (int.Parse(reader["Level"].ToString()) == 1)
{
if (!permissions.ContainsKey("root"))
{
permissions.Add("root",new List<FuncPermissionStatus>());
}
permissions["root"].Add(func);
}
else
{
if(!permissions.ContainsKey(reader["Parent"].ToString()))
{
permissions.Add(reader["Parent"].ToString(),new List<FuncPermissionStatus>());
}
permissions[reader["Parent"].ToString()].Add(func);
//permissions.Add(reader["Parent"].ToString(), );
}
}
}, new SqlParameter("@userId", userId));
return permissions;
}
public static bool EditUser(UserData user, string password, out Dictionary<string, List<FuncPermissionStatus>> permissions)
{
permissions = new Dictionary<string, List<FuncPermissionStatus>>();
string roles = string.Empty;
bool isSuccess = false;
foreach (RoleData role in user.Roles)
{
roles += (role.RoleId + ",");
}
using (SqlConnection sqlConnection = DataAccess.GetInstance().GetSqlConnection())
{
using (SqlTransaction transaction = sqlConnection.BeginTransaction())
{
using (SqlCommand command = sqlConnection.CreateCommand())
{
command.CommandText = "[dbo].[Users_Update]";
command.Transaction = transaction;
command.CommandType = System.Data.CommandType.StoredProcedure;
command.Parameters.Add(new SqlParameter("@userId", user.UserId));
if (!string.IsNullOrEmpty(user.UserName))
{
command.Parameters.Add(new SqlParameter("@userName", user.UserName));
}
if (!string.IsNullOrEmpty(password))
{
string encryptPassword = UserDataAccess.GetMd5EncryptPassword(password);
command.Parameters.Add(new SqlParameter("@password", encryptPassword));
}
if (user.Roles.Count != 0)
{
command.Parameters.Add(new SqlParameter("@roles", roles));
}
command.Parameters.Add(new SqlParameter("@RETURN_VALUE", SqlDbType.Int) { Direction = ParameterDirection.ReturnValue });
using (SqlDataReader reader = command.ExecuteReader())
{
if (!string.IsNullOrEmpty(roles))
{
while (reader.Read())
{
FuncPermissionStatus func = new FuncPermissionStatus { Code = reader["Code"].ToString(), HasPermission = (bool)reader["Status"] };
if (int.Parse(reader["Level"].ToString()) == 1)
{
if (!permissions.ContainsKey("root"))
{
permissions.Add("root", new List<FuncPermissionStatus>());
}
permissions["root"].Add(func);
}
else
{
if (!permissions.ContainsKey(reader["Parent"].ToString()))
{
permissions.Add(reader["Parent"].ToString(), new List<FuncPermissionStatus>());
}
permissions[reader["Parent"].ToString()].Add(func);
//permissions.Add(reader["Parent"].ToString(), );
}
}
}
}
int returnValue = (int)command.Parameters["@RETURN_VALUE"].Value;
isSuccess = (returnValue == 0);
if (isSuccess)
{
transaction.Commit();
}
}
}
}
return isSuccess;
}