//======================================================================================
public bool Can(User my, TA2 action, int targetUserID, int lastEditUserID, out NoPermissionType reason)
{
bool result;
//目标从未修改,或者目标被修改过,且是本人修改的
if (targetUserID == lastEditUserID || lastEditUserID == my.UserID)
{
result = Can(my, action, targetUserID, out reason);
}
//目标被修改过,且不是本人修改的
else
{
NoPermissionType tempReason;
result = Can(my, action, lastEditUserID, out tempReason);
if (result == false)
{
if (tempReason == NoPermissionType.NoPermission)
{
reason = NoPermissionType.NoPermission;
}
else
{
reason = NoPermissionType.NoPermissionForLastEditor;
}
}
else
{
reason = NoPermissionType.NoPermission;
}
}
return(result);
}
public bool Can(int operatorUserID, TA2 action, int targetUserID, out NoPermissionType reason)
{
User user = UserBO.Instance.GetUser(operatorUserID, GetUserOption.WithGuest);
if (user == null)
{
reason = NoPermissionType.NoPermission;
return(false);
}
return(Can(user, action, targetUserID, out reason));
}
/// <summary>
/// 验证操作者是否具有编辑某条数据的权限
/// </summary>
/// <param name="operatorID">操作者ID</param>
/// <param name="dataOwnerID">数据所有者ID</param>
/// <param name="lastEditorID">数据最后编辑者ID</param>
/// <returns>操作者具有编辑权限则返回true否则返回false</returns>
protected bool CheckEditPermission(int editorID, int dataOwnerID)
{
if (editorID == dataOwnerID)
{
return(true); //2009-07-09 喳喳鸟又说不判断最后编辑者了 Permission.Can(editorID, UseAction);
}
else
{
NoPermissionType reason = NoPermissionType.NoPermission;
return(ManagePermission.Can(editorID, ManageAction, dataOwnerID, out reason));
}
}
/// <summary>
/// 验证操作者是否具有编辑某条数据的权限
/// </summary>
/// <param name="operatorID">操作者ID</param>
/// <param name="dataOwnerID">数据所有者ID</param>
/// <param name="lastEditorID">数据最后编辑者ID</param>
/// <returns>操作者具有编辑权限则返回true否则返回false</returns>
protected bool CheckEditPermission(int editorID, int dataOwnerID, int lastEditorID)
{
if (editorID == dataOwnerID) //2009-07-09 喳喳鸟又说不判断最后编辑者了 && editorID == lastEditorID)
{
return(true); //2009-07-09 喳喳鸟又说不判断最后编辑者了 Permission.Can(editorID, UseAction);
}
else
{
/* 2009-0714 据喳喳鸟要求在没有专门给管理员编辑内容的页面前,不要提供让管理员编辑别人数据的功能*/
/*什么乱七八糟的,不懂。 注释的代码被我恢复了 wen*/
NoPermissionType reason = NoPermissionType.NoPermission;
return(ManagePermission.Can(editorID, ManageAction, dataOwnerID, lastEditorID, out reason));
}
}
public bool Can(User my, TA2 action, Role targetRole, out NoPermissionType reason)
{
reason = NoPermissionType.NoPermission;
//如果是创始人,直接返回true
if (my.IsOwner)
{
return(true);
}
//管理类权限而我不是管理员
if (IsManagement && my.IsManager == false)
{
return(false);
}
int actionIndex = GetActionValue(action);
#region 检查权限的逻辑
Permission <TA1, TA2> permission;
PermissionLimit limit;
switch (Permissions.GetPermissionTargetType(actionIndex))
{
case PermissionTargetType.Content:
limit = AllSettings.Current.PermissionSettings.ContentPermissionLimit;
break;
case PermissionTargetType.User:
limit = AllSettings.Current.PermissionSettings.UserPermissionLimit;
break;
default:
throw new NotSupportedException("Action with target must defined 'PermissionSetWithTargetType'");
}
Role operatorMaxRole = Role.Everyone;
if (limit.LimitType != PermissionLimitType.Unlimited)
{
if (limit.LimitType != PermissionLimitType.ExcludeCustomRoles)
{
operatorMaxRole = my.MaxRole;
}
}
bool allow = false;
bool beforeCheck;
foreach (UserRole userRole in my.Roles)
{
//不是管理员
if (IsManagement && userRole.Role.IsManager == false)
{
continue;
}
permission = Permissions.AlwaysGetPermission(userRole.RoleID);
beforeCheck = BeforePermissionCheck(my, userRole.RoleID, action);
if (CanSetDeny && beforeCheck && permission.IsDenyTA2(actionIndex))
{
reason = NoPermissionType.NoPermission;
return(false);
}
if (beforeCheck == false)
{
continue;
}
if (allow == false)
{
if (permission.IsAllowTA2(actionIndex))
{
//有这个权限,开始判断对具体的这个用户组是否真的有权限
if (limit.LimitType == PermissionLimitType.Unlimited)
{
allow = true;
}
else if (limit.LimitType == PermissionLimitType.RoleLevelLowerMe)
{
if (operatorMaxRole > targetRole)
{
allow = true;
}
}
else if (limit.LimitType == PermissionLimitType.RoleLevelLowerOrSameMe)
{
if (operatorMaxRole >= targetRole)
{
allow = true;
}
}
else if (limit.LimitType == PermissionLimitType.ExcludeCustomRoles)
{
List <Guid> excludeRoleIds;
if (limit.ExcludeRoles.TryGetValue(userRole.RoleID, out excludeRoleIds))
{
if (excludeRoleIds != null)
{
//不能管理目标用户
if (excludeRoleIds.Contains(targetRole.RoleID))
{
reason = NoPermissionType.NoPermissionForTargetUser;
continue;
}
}
}
allow = true;
}
else
{
throw new NotSupportedException();
}
//已经是有权限了,但对这个用户组没权限,那么可以立即返回false
if (allow == false)
{
reason = NoPermissionType.NoPermissionForTargetUser;
return(false);
}
//有权限,且对这个用户组也有权限,且本类型的权限没有“禁止”的情况,那么可以立即返回true
else if (this.CanSetDeny == false)
{
return(true);
}
}
}
}
#endregion
if (allow)
{
reason = NoPermissionType.NoPermission;
}
return(allow);
}
