/// <summary> /// 查询临时用户费用 /// </summary> public Response GetTempUserInfo(string iccode, bool isPlate) { Log log = LogFactory.GetLogger("CWTariff.GetTempUserInfo"); Response resp = new Response(); CWICCard cwiccd = new CWICCard(); CWLocation cwlctn = new CWLocation(); try { Location loc = null; TempUserInfo info = new TempUserInfo(); #region 暂不用 //if (!isPlate) //{ // #region // ICCard iccd = cwiccd.Find(ic=>ic.UserCode==iccode); // if (iccd == null) // { // resp.Message = "不是本系统卡!"; // return resp; // } // if (iccd.CustID != 0) // { // Customer cust = cwiccd.FindCust(iccd.CustID); // if (cust != null) // { // if (cust.Type != EnmICCardType.Temp) // { // resp.Message = "该用户不是临时用户!"; // return resp; // } // } // } // loc = cwlctn.FindLocation(lc=>lc.ICCode==iccode); // if (loc == null) // { // resp.Message = "当前卡号没有存车!"; // return resp; // } // #endregion //} //else //{ // #region // loc = cwlctn.FindLocation(l=>l.PlateNum==iccode); // if (loc == null) // { // resp.Message = "当前输入车牌没有存车!"; // return resp; // } // string proof = loc.ICCode; // Customer cust = null; // #region // if (Convert.ToInt32(proof) >= 10000) //是指纹激活的 // { // int sno = Convert.ToInt32(proof); // FingerPrint print = new CWFingerPrint().Find(p => p.SN_Number == sno); // if (print == null) // { // //上位控制系统故障 // resp.Message = "找不到注册指纹,系统异常!"; // return resp; // } // cust = new CWICCard().FindCust(print.CustID); // if (cust == null) // { // //上位控制系统故障 // resp.Message = "指纹没有绑定用户,系统异常!"; // return resp; // } // } // else // { // ICCard iccd = new CWICCard().Find(ic => ic.UserCode == proof); // if (iccd == null) // { // //上位控制系统故障 // resp.Message = "上位控制系统异常,找不到卡号!"; // return resp; // } // if (iccd.CustID != 0) // { // cust = new CWICCard().FindCust(iccd.CustID); // } // } // #endregion // if (cust != null) // { // if (cust.Type != EnmICCardType.Temp) // { // resp.Message = "该用户不是临时用户!"; // return resp; // } // } // #endregion //} #endregion if (isPlate) { //是车牌 loc = cwlctn.FindLocation(l => l.PlateNum == iccode); } else { loc = cwlctn.FindLocation(l => l.ICCode == iccode); } if (loc == null) { resp.Message = "当前车牌没有存车!Proof - " + iccode; return(resp); } int sno = Convert.ToInt32(loc.ICCode); SaveCertificate scert = new CWSaveProof().Find(s => s.SNO == sno); if (scert != null) { Customer cust = new CWICCard().FindCust(scert.CustID); if (cust != null) { if (cust.Type != EnmICCardType.Temp) { resp.Message = "该用户不是临时用户!"; return(resp); } } } CWTask cwtask = new CWTask(); ImplementTask itask = cwtask.FindITask(tk => tk.ICCardCode == loc.ICCode && tk.IsComplete == 0); if (itask != null) { resp.Message = "正在作业,无法查询!"; return(resp); } WorkTask queue = cwtask.FindQueue(q => q.ICCardCode == loc.ICCode); if (queue != null) { resp.Message = "已经加入取车队列,无法查询!"; return(resp); } info.CCode = iccode; info.InDate = loc.InDate.ToString(); info.OutDate = DateTime.Now.ToString(); TimeSpan span = DateTime.Now - loc.InDate; info.SpanTime = (span.Days > 0 ? span.Days + "天" : " ") + (span.Hours > 0 ? span.Hours + "小时" : " ") + (span.Minutes >= 0 ? span.Minutes + "分" : " ") + (span.Seconds >= 0 ? span.Seconds + "秒" : " "); float fee = 0; resp = this.CalculateTempFee(loc.InDate, DateTime.Now, out fee); if (resp.Code == 0) { return(resp); } info.NeedFee = fee.ToString(); info.Warehouse = loc.Warehouse; int hallID = new CWDevice().AllocateHall(loc, false); info.HallID = hallID; resp.Code = 1; resp.Message = "查询成功"; resp.Data = info; } catch (Exception ex) { log.Error(ex.ToString()); } return(resp); }
/// <summary> /// A user with this claim is allowed to impersonate another user that has more permissions. /// </summary> private void CheckImpersonatedUserPermissions(string impersonatedUser) { var impersonatedPrincipalId = _principals.Value .Query(p => p.Name == impersonatedUser) .Select(p => p.ID).SingleOrDefault(); // This function must be called after the user is authenticated and authorized (see CheckCurrentUserClaim), // otherwise the provided error information would be a security issue. if (impersonatedPrincipalId == default(Guid)) { throw new UserException("User '{0}' is not registered.", new[] { impersonatedUser }, null, null); } var allowImpersonationPermissions = _authorizationManager.Value.GetAuthorizations(new[] { AllowImpersonationsClaim }).Single(); if (!allowImpersonationPermissions) { throw new UserException( $"User '{GetActualUserName()}' doesn't have permission to impersonate other users. Claim '{AllowImpersonationsClaim.FullName}' is required."); } var allowIncreasePermissions = _authorizationManager.Value.GetAuthorizations(new[] { IncreasePermissionsClaim }).Single(); if (allowIncreasePermissions) { return; } // The impersonatedUser must have subset of permissions of the impersonating user. // It is not allowed to impersonate a user with more permissions then the impersonating user. var allClaims = _claims.Value.Query().Where(c => c.Active.Value) .Select(c => new { c.ClaimResource, c.ClaimRight }).ToList() .Select(c => new Claim(c.ClaimResource, c.ClaimRight)).ToList(); var impersonatedUserInfo = new TempUserInfo { UserName = impersonatedUser }; var impersonatedUserClaims = _authorizationProvider.Value.GetAuthorizations(impersonatedUserInfo, allClaims) .Zip(allClaims, (hasClaim, claim) => new { hasClaim, claim }) .Where(c => c.hasClaim).Select(c => c.claim).ToList(); var actualUserInfo = new TempUserInfo() { UserName = GetActualUserName() }; var surplusImpersonatedClaims = _authorizationProvider.Value.GetAuthorizations(actualUserInfo, impersonatedUserClaims) .Zip(impersonatedUserClaims, (hasClaim, claim) => new { hasClaim, claim }) .Where(c => !c.hasClaim).Select(c => c.claim).ToList(); if (!surplusImpersonatedClaims.Any()) { return; } _logger.Info( "User '{0}' is not allowed to impersonate '{1}' because the impersonated user has {2} more security claims (for example '{3}'). Increase the user's permissions or add '{4}' security claim.", GetActualUserName(), impersonatedUser, surplusImpersonatedClaims.Count, surplusImpersonatedClaims.First().FullName, IncreasePermissionsClaim.FullName); throw new UserException("You are not allowed to impersonate user '{0}'.", new[] { impersonatedUser }, "See server log for more information.", null); }
public void ValidateImpersonationPermissions(string impersonatedUserName) { if (!_userInfo.IsUserRecognized) { throw new UserException("You are not authorized for impersonation. Please log in first."); } var impersonateClaim = new Claim("Common.Impersonate", "Execute"); var allowImpersonate = _authorizationManager.Value.GetAuthorizations(new[] { impersonateClaim }).Single(); if (!allowImpersonate) { throw new UserException( "You are not authorized for action '{0}' on resource '{1}', user '{2}'.", new[] { impersonateClaim.Right, impersonateClaim.Resource, ReportUserNameOrAnonymous(_userInfo) }, null, null); } Guid impersonatedPrincipalId = _principals.Value .Query(p => p.Name == impersonatedUserName) .Select(p => p.ID).SingleOrDefault(); // This function must be called after the user is authenticated and authorized (see CheckCurrentUserClaim), // otherwise the provided error information would be a security issue. if (impersonatedPrincipalId == default(Guid)) { throw new UserException("User '{0}' is not registered.", new object[] { impersonatedUserName }, null, null); } var increasePermissionsClaim = new Claim("Common.Impersonate", "IncreasePermissions"); var allowIncreasePermissions = _authorizationManager.Value.GetAuthorizations(new[] { increasePermissionsClaim }).Single(); if (!allowIncreasePermissions) { // The impersonatedUser must have subset of permissions of the impersonating user. // It is not allowed to impersonate a user with more permissions then the impersonating user. var allClaims = _claims.Value.Query().Where(c => c.Active.Value) .Select(c => new { c.ClaimResource, c.ClaimRight }).ToList() .Select(c => new Claim(c.ClaimResource, c.ClaimRight)).ToList(); var impersonatedUserInfo = new TempUserInfo { UserName = impersonatedUserName, Workstation = _userInfo.Workstation }; var impersonatedUserClaims = _authorizationProvider.Value.GetAuthorizations(impersonatedUserInfo, allClaims) .Zip(allClaims, (hasClaim, claim) => new { hasClaim, claim }) .Where(c => c.hasClaim).Select(c => c.claim).ToList(); var surplusImpersonatedClaims = _authorizationProvider.Value.GetAuthorizations(_userInfo, impersonatedUserClaims) .Zip(impersonatedUserClaims, (hasClaim, claim) => new { hasClaim, claim }) .Where(c => !c.hasClaim).Select(c => c.claim).ToList(); if (surplusImpersonatedClaims.Any()) { _logger.Info( "User '{0}' is not allowed to impersonate '{1}' because the impersonated user has {2} more security claims (for example '{3}'). Increase the user's permissions or add '{4}' security claim.", _userInfo.UserName, impersonatedUserName, surplusImpersonatedClaims.Count, surplusImpersonatedClaims.First().FullName, increasePermissionsClaim.FullName); throw new UserException("You are not allowed to impersonate user '{0}'.", new[] { impersonatedUserName }, $"See server log for more information. ({DateTime.Now:s})", null); } } }