private void AuthorityCheck(PermissionObjectType objectType, string guid, string treeNodeName, string userName = null) { var projectSeries = new ProjectSeries(); if (objectType == PermissionObjectType.Task) { var task = m_dbAdapter.Task.GetTask(guid); var project = m_dbAdapter.Project.GetProjectById(task.ProjectId); projectSeries = m_dbAdapter.ProjectSeries.GetById(project.ProjectSeriesId.Value); CheckIsAdmin(projectSeries, userName); } if (objectType == PermissionObjectType.TaskGroup) { var taskGroup = m_dbAdapter.TaskGroup.GetByGuid(guid); var project = m_dbAdapter.Project.GetProjectById(taskGroup.ProjectId); projectSeries = m_dbAdapter.ProjectSeries.GetById(project.ProjectSeriesId.Value); CheckIsAdmin(projectSeries, userName); } if (objectType == PermissionObjectType.Project) { var project = m_dbAdapter.Project.GetProjectByGuid(guid); projectSeries = m_dbAdapter.ProjectSeries.GetById(project.ProjectSeriesId.Value); CheckIsAdmin(projectSeries, userName); } if (objectType == PermissionObjectType.ProjectSeries) { projectSeries = m_dbAdapter.ProjectSeries.GetByGuid(guid); CheckIsAdmin(projectSeries, userName); } CommUtils.Assert(projectSeries.CreateUserName.Equals(CurrentUserName, StringComparison.CurrentCultureIgnoreCase) || projectSeries.PersonInCharge.Equals(CurrentUserName, StringComparison.CurrentCultureIgnoreCase), "当前用户[" + CurrentUserName + "]没有修改[" + treeNodeName + "]的权限"); }
public List <string> GetObjectUids(string userName, PermissionObjectType objectType, PermissionType type) { var records = m_db.Fetch <ABSMgrConn.TablePermission>( "SELECT * FROM " + m_defaultTableName + " where user_name = @0 and permission_object_type_id = @1 and permission_type = @2", userName, (int)objectType, (int)type); return(records.ConvertAll(x => x.permission_object_unique_identifier)); }
public List <Permission> GetByObjectUid(string objectUid, PermissionObjectType objectType, PermissionType type) { var records = m_db.Fetch <ABSMgrConn.TablePermission>( "SELECT * FROM " + m_defaultTableName + " where permission_object_unique_identifier = @0 and permission_object_type_id = @1 and permission_type = @2", objectUid, (int)objectType, (int)type); return(records.ToList().ConvertAll(x => new Permission(x))); }
//移除用户对uid的全部权限 private void RemovePermissionByObjType(PermissionObjectType permissionObjectType, List <string> uids, List <string> userNames) { var permissions = m_dbAdapter.Permission.GetAllPermission(userNames, uids); foreach (var permission in permissions) { CommUtils.AssertEquals(permission.ObjectType, permissionObjectType, "检测到权限类型错误:uid={0};objType={1}", permission.ObjectUniqueIdentifier, permission.ObjectType); } m_dbAdapter.Permission.DeletePermission(permissions); }
public Permission NewPermission(string userName, string objectUid, PermissionObjectType objectType, PermissionType type) { var permission = new Permission() { UserName = userName, ObjectUniqueIdentifier = objectUid, Type = type, ObjectType = objectType }; return(NewPermission(permission)); }
private void SetPermissionByObjType(PermissionObjectType permissionObjectType, string uid, List <TeamMember> teamMembers, List <TeamAdmin> teamAdmins, List <string> adminUserNames) { Func <Dictionary <string, List <Permission> >, string, List <Permission> > getPermission = (dict, userName) => dict.Keys.Contains(userName, StringComparer.OrdinalIgnoreCase) ? dict[userName.ToLower()] : new List <Permission>(); var userNames = teamMembers.Select(x => x.UserName).ToList(); var userPermissions = m_dbAdapter.Permission.GetAllPermission(userNames, uid); foreach (var teamMember in teamMembers) { //为项目成员操作ProjectSeries设置只读权限 //操作其他内容(如TaskGroup、Task)设置TeamMember拥有的权限 if (permissionObjectType == PermissionObjectType.ProjectSeries) { SetPermission(teamMember.UserName, uid, permissionObjectType, getPermission(userPermissions, teamMember.UserName), true, false, false); } else { SetPermission(teamMember, uid, permissionObjectType, getPermission(userPermissions, teamMember.UserName)); } } var teamAdminUserNames = teamAdmins.Select(x => x.UserName).ToList(); var teamAdminUserPermissions = m_dbAdapter.Permission.GetAllPermission(teamAdminUserNames, uid); foreach (var teamAdmin in teamAdmins) { //设置项目管理员权限 SetPermission(teamAdmin.UserName, uid, permissionObjectType, getPermission(teamAdminUserPermissions, teamAdmin.UserName), true, true, true); } var adminPermissions = m_dbAdapter.Permission.GetAllPermission(adminUserNames, uid); foreach (var adminUserName in adminUserNames) { SetPermission(adminUserName, uid, permissionObjectType, getPermission(adminPermissions, adminUserName), true, true, true); } }
private void AddParentPermission(string uid, string username, PermissionObjectType objectTypePermission) { if (objectTypePermission == PermissionObjectType.Task) { var task = m_dbAdapter.Task.GetTask(uid); var taskGroup = m_dbAdapter.TaskGroup.GetById(task.TaskGroupId.Value); var project = m_dbAdapter.Project.GetProjectById(taskGroup.ProjectId); var projectSeries = m_dbAdapter.ProjectSeries.GetById(project.ProjectSeriesId.Value); m_dbAdapter.Permission.NewPermission(username, taskGroup.Guid, PermissionObjectType.TaskGroup, PermissionType.Read); m_dbAdapter.Project.NewEditProductLog(EditProductType.EditPermission, project.ProjectId, "用户[" + username + ")],ObjectType[" + PermissionObjectType.TaskGroup.ToString() + "]中添加[Read]权限", ""); m_dbAdapter.Permission.NewPermission(username, project.ProjectGuid, PermissionObjectType.Project, PermissionType.Read); m_dbAdapter.Project.NewEditProductLog(EditProductType.EditPermission, project.ProjectId, "用户[" + username + ")],ObjectType[" + PermissionObjectType.Project.ToString() + "]中添加[Read]权限", ""); m_dbAdapter.Permission.NewPermission(username, projectSeries.Guid, PermissionObjectType.ProjectSeries, PermissionType.Read); m_dbAdapter.Project.NewEditProductLog(EditProductType.EditPermission, project.ProjectId, "用户[" + username + ")],ObjectType[" + PermissionObjectType.ProjectSeries.ToString() + "]中添加[Read]权限", ""); } if (objectTypePermission == PermissionObjectType.TaskGroup) { var taskGroup = m_dbAdapter.TaskGroup.GetByGuid(uid); var project = m_dbAdapter.Project.GetProjectById(taskGroup.ProjectId); var projectSeries = m_dbAdapter.ProjectSeries.GetById(project.ProjectSeriesId.Value); m_dbAdapter.Permission.NewPermission(username, project.ProjectGuid, PermissionObjectType.Project, PermissionType.Read); m_dbAdapter.Project.NewEditProductLog(EditProductType.EditPermission, project.ProjectId, "用户[" + username + ")],ObjectType[" + PermissionObjectType.Project.ToString() + "]中添加[Read]权限", ""); m_dbAdapter.Permission.NewPermission(username, projectSeries.Guid, PermissionObjectType.ProjectSeries, PermissionType.Read); m_dbAdapter.Project.NewEditProductLog(EditProductType.EditPermission, project.ProjectId, "用户[" + username + ")],ObjectType[" + objectTypePermission.ToString() + "]中添加[Read]权限", ""); } }
public PermissionObjectType PermissionObjectTypeGet(int id) { PermissionObjectType retVal = null; using (IDbConnection conn = DbHelper.GetDBConnection()) { try { var para = new DynamicParameters(); para.Add("@p_Id", id, dbType: DbType.Int32); retVal = conn.Query <PermissionObjectType>("dbo.PermissionObjectType_Get", para, commandType: CommandType.StoredProcedure).FirstOrDefault(); } catch (Exception ex) { Log.Error(ex); throw; } } return(retVal); }
public bool PermissionObjectTypeSave(PermissionObjectType obj) { bool retVal = true; string procName = (obj.Id == 0 ? "dbo.PermissionObjectType_New" : "dbo.PermissionObjectType_Edit"); using (IDbConnection conn = DbHelper.GetDBConnection()) { try { var para = new DynamicParameters(); para.Add("@p_FdpPermissionObjectType", obj.FdpPermissionObjectType, dbType: DbType.String, size: 50); para.Add("@p_Description", obj.Description, dbType: DbType.String, size: -1); if (obj.Id == 0) { para.Add("@p_Id", dbType: DbType.Int32, direction: ParameterDirection.Output); } else { para.Add("@p_Id", obj.Id, dbType: DbType.Int32); } conn.Execute(procName, para, commandType: CommandType.StoredProcedure); if (obj.Id == 0) { obj.Id = para.Get <int>("@p_Id"); } } catch (Exception ex) { Log.Error(ex); throw; } } return(retVal); }
public void SetPermission(string userName, string uid, PermissionObjectType objectType, List <Permission> curPermissions, bool read, bool write, bool execute) { Action <bool, PermissionType> resetPermission = (permissionType, dbPermissionType) => { var permission = curPermissions.SingleOrDefault(x => x.Type == dbPermissionType && x.UserName.Equals(userName, StringComparison.CurrentCultureIgnoreCase) && x.ObjectUniqueIdentifier == uid); if (permissionType && permission == null) { m_dbAdapter.Permission.NewPermission(userName, uid, objectType, dbPermissionType); } if (!permissionType && permission != null) { m_dbAdapter.Permission.DeletePermission(permission); } }; resetPermission(read, PermissionType.Read); resetPermission(write, PermissionType.Write); resetPermission(execute, PermissionType.Execute); }
protected void CheckPermission(string checkUserName, PermissionObjectType objectType, string objectUniqueId, PermissionType permissionType) { CommUtils.AssertHasPermission(CurrentUserName, checkUserName, objectType, objectUniqueId, permissionType); }
protected void CheckPermission(PermissionObjectType objectType, string objectUniqueId, PermissionType permissionType) { CheckPermission(CurrentUserName, objectType, objectUniqueId, permissionType); }
public void SetPermission(ProjectSeries projectSeries, Project project, string uid, PermissionObjectType objectType) { var adminUsernames = new List <string> { projectSeries.CreateUserName, projectSeries.PersonInCharge }; adminUsernames = adminUsernames.Distinct(StringComparer.OrdinalIgnoreCase).ToList(); var projectId = project.ProjectId; var teamMembers = m_dbAdapter.TeamMember.GetByProjectId(projectId); var teamAdmins = m_dbAdapter.TeamAdmin.GetByProjectId(projectId); //给[负责人和创建者]添加所有权限。 foreach (var adminUsername in adminUsernames) { SetPermission(adminUsername, uid, objectType, new List <Permission>(), true, true, true); } //给[项目管理员]添加所有权限。 foreach (var teamAdmin in teamAdmins) { SetPermission(teamAdmin.UserName, uid, objectType, new List <Permission>(), true, true, true); } //给[项目成员]添加其拥有的权限权限。 foreach (var teamMember in teamMembers) { SetPermission(teamMember.UserName, uid, objectType, new List <Permission>(), teamMember.Read, teamMember.Write, teamMember.Execute); } }
//根据teamMember中的权限设置,重置该用户的所有权限 private void SetPermission(TeamMember teamMember, string uid, PermissionObjectType objectType, List <Permission> curPermissions) { SetPermission(teamMember.UserName, uid, objectType, curPermissions, teamMember.Read, teamMember.Write, teamMember.Execute); }
public static void AssertHasPermission(string loginUserName, string checkUserName, PermissionObjectType objectType, string objectUid, PermissionType permissionType) { var userInfo = new UserInfo(loginUserName); var permissionManager = new DBAdapter().Permission; var hasPermission = permissionManager.HasPermission(checkUserName, objectUid, permissionType); if (!hasPermission) { var objectName = string.Empty; var objectTypeName = string.Empty; switch (objectType) { case PermissionObjectType.ProjectSeries: objectTypeName = "产品"; objectName = new DBAdapter().ProjectSeries.GetByGuid(objectUid).Name; break; case PermissionObjectType.Project: objectTypeName = "产品"; objectName = new DBAdapter().Project.GetProjectByGuid(objectUid).Name; break; case PermissionObjectType.TaskGroup: objectTypeName = "工作组"; objectName = new DBAdapter().TaskGroup.GetByGuid(objectUid).Name; break; case PermissionObjectType.Task: objectTypeName = "工作"; objectName = new DBAdapter().Task.GetTask(objectUid).Description; break; default: objectTypeName = "未知"; objectName = "未知"; break; } var action = string.Empty; switch (permissionType) { case PermissionType.Read: action = "读取"; break; case PermissionType.Write: action = "修改"; break; case PermissionType.Execute: action = "操作"; break; default: action = "未知"; break; } //var loader = new UserProfileLoader(loginUserName); //var checkUserDisplayName = loader.GetDisplayRealNameAndUserName(checkUserName); Assert(hasPermission, "用户{0}没有{1}[{2}]的[{3}]权限", checkUserName, objectTypeName, objectName, action); } }