/// <summary>
/// 查询临时用户费用
/// </summary>
public Response GetTempUserInfo(string iccode, bool isPlate)
{
Log log = LogFactory.GetLogger("CWTariff.GetTempUserInfo");
Response resp = new Response();
CWICCard cwiccd = new CWICCard();
CWLocation cwlctn = new CWLocation();
try
{
Location loc = null;
TempUserInfo info = new TempUserInfo();
#region 暂不用
//if (!isPlate)
//{
// #region
// ICCard iccd = cwiccd.Find(ic=>ic.UserCode==iccode);
// if (iccd == null)
// {
// resp.Message = "不是本系统卡!";
// return resp;
// }
// if (iccd.CustID != 0)
// {
// Customer cust = cwiccd.FindCust(iccd.CustID);
// if (cust != null)
// {
// if (cust.Type != EnmICCardType.Temp)
// {
// resp.Message = "该用户不是临时用户!";
// return resp;
// }
// }
// }
// loc = cwlctn.FindLocation(lc=>lc.ICCode==iccode);
// if (loc == null)
// {
// resp.Message = "当前卡号没有存车!";
// return resp;
// }
// #endregion
//}
//else
//{
// #region
// loc = cwlctn.FindLocation(l=>l.PlateNum==iccode);
// if (loc == null)
// {
// resp.Message = "当前输入车牌没有存车!";
// return resp;
// }
// string proof = loc.ICCode;
// Customer cust = null;
// #region
// if (Convert.ToInt32(proof) >= 10000) //是指纹激活的
// {
// int sno = Convert.ToInt32(proof);
// FingerPrint print = new CWFingerPrint().Find(p => p.SN_Number == sno);
// if (print == null)
// {
// //上位控制系统故障
// resp.Message = "找不到注册指纹,系统异常!";
// return resp;
// }
// cust = new CWICCard().FindCust(print.CustID);
// if (cust == null)
// {
// //上位控制系统故障
// resp.Message = "指纹没有绑定用户,系统异常!";
// return resp;
// }
// }
// else
// {
// ICCard iccd = new CWICCard().Find(ic => ic.UserCode == proof);
// if (iccd == null)
// {
// //上位控制系统故障
// resp.Message = "上位控制系统异常,找不到卡号!";
// return resp;
// }
// if (iccd.CustID != 0)
// {
// cust = new CWICCard().FindCust(iccd.CustID);
// }
// }
// #endregion
// if (cust != null)
// {
// if (cust.Type != EnmICCardType.Temp)
// {
// resp.Message = "该用户不是临时用户!";
// return resp;
// }
// }
// #endregion
//}
#endregion
if (isPlate)
{
//是车牌
loc = cwlctn.FindLocation(l => l.PlateNum == iccode);
}
else
{
loc = cwlctn.FindLocation(l => l.ICCode == iccode);
}
if (loc == null)
{
resp.Message = "当前车牌没有存车!Proof - " + iccode;
return(resp);
}
int sno = Convert.ToInt32(loc.ICCode);
SaveCertificate scert = new CWSaveProof().Find(s => s.SNO == sno);
if (scert != null)
{
Customer cust = new CWICCard().FindCust(scert.CustID);
if (cust != null)
{
if (cust.Type != EnmICCardType.Temp)
{
resp.Message = "该用户不是临时用户!";
return(resp);
}
}
}
CWTask cwtask = new CWTask();
ImplementTask itask = cwtask.FindITask(tk => tk.ICCardCode == loc.ICCode && tk.IsComplete == 0);
if (itask != null)
{
resp.Message = "正在作业,无法查询!";
return(resp);
}
WorkTask queue = cwtask.FindQueue(q => q.ICCardCode == loc.ICCode);
if (queue != null)
{
resp.Message = "已经加入取车队列,无法查询!";
return(resp);
}
info.CCode = iccode;
info.InDate = loc.InDate.ToString();
info.OutDate = DateTime.Now.ToString();
TimeSpan span = DateTime.Now - loc.InDate;
info.SpanTime = (span.Days > 0 ? span.Days + "天" : " ") + (span.Hours > 0 ? span.Hours + "小时" : " ") +
(span.Minutes >= 0 ? span.Minutes + "分" : " ") + (span.Seconds >= 0 ? span.Seconds + "秒" : " ");
float fee = 0;
resp = this.CalculateTempFee(loc.InDate, DateTime.Now, out fee);
if (resp.Code == 0)
{
return(resp);
}
info.NeedFee = fee.ToString();
info.Warehouse = loc.Warehouse;
int hallID = new CWDevice().AllocateHall(loc, false);
info.HallID = hallID;
resp.Code = 1;
resp.Message = "查询成功";
resp.Data = info;
}
catch (Exception ex)
{
log.Error(ex.ToString());
}
return(resp);
}
/// <summary>
/// A user with this claim is allowed to impersonate another user that has more permissions.
/// </summary>
private void CheckImpersonatedUserPermissions(string impersonatedUser)
{
var impersonatedPrincipalId = _principals.Value
.Query(p => p.Name == impersonatedUser)
.Select(p => p.ID).SingleOrDefault();
// This function must be called after the user is authenticated and authorized (see CheckCurrentUserClaim),
// otherwise the provided error information would be a security issue.
if (impersonatedPrincipalId == default(Guid))
{
throw new UserException("User '{0}' is not registered.", new[] { impersonatedUser }, null, null);
}
var allowImpersonationPermissions = _authorizationManager.Value.GetAuthorizations(new[] { AllowImpersonationsClaim }).Single();
if (!allowImpersonationPermissions)
{
throw new UserException(
$"User '{GetActualUserName()}' doesn't have permission to impersonate other users. Claim '{AllowImpersonationsClaim.FullName}' is required.");
}
var allowIncreasePermissions = _authorizationManager.Value.GetAuthorizations(new[] { IncreasePermissionsClaim }).Single();
if (allowIncreasePermissions)
{
return;
}
// The impersonatedUser must have subset of permissions of the impersonating user.
// It is not allowed to impersonate a user with more permissions then the impersonating user.
var allClaims = _claims.Value.Query().Where(c => c.Active.Value)
.Select(c => new { c.ClaimResource, c.ClaimRight }).ToList()
.Select(c => new Claim(c.ClaimResource, c.ClaimRight)).ToList();
var impersonatedUserInfo = new TempUserInfo {
UserName = impersonatedUser
};
var impersonatedUserClaims = _authorizationProvider.Value.GetAuthorizations(impersonatedUserInfo, allClaims)
.Zip(allClaims, (hasClaim, claim) => new { hasClaim, claim })
.Where(c => c.hasClaim).Select(c => c.claim).ToList();
var actualUserInfo = new TempUserInfo()
{
UserName = GetActualUserName()
};
var surplusImpersonatedClaims = _authorizationProvider.Value.GetAuthorizations(actualUserInfo, impersonatedUserClaims)
.Zip(impersonatedUserClaims, (hasClaim, claim) => new { hasClaim, claim })
.Where(c => !c.hasClaim).Select(c => c.claim).ToList();
if (!surplusImpersonatedClaims.Any())
{
return;
}
_logger.Info(
"User '{0}' is not allowed to impersonate '{1}' because the impersonated user has {2} more security claims (for example '{3}'). Increase the user's permissions or add '{4}' security claim.",
GetActualUserName(),
impersonatedUser,
surplusImpersonatedClaims.Count,
surplusImpersonatedClaims.First().FullName,
IncreasePermissionsClaim.FullName);
throw new UserException("You are not allowed to impersonate user '{0}'.",
new[] { impersonatedUser }, "See server log for more information.", null);
}
public void ValidateImpersonationPermissions(string impersonatedUserName)
{
if (!_userInfo.IsUserRecognized)
{
throw new UserException("You are not authorized for impersonation. Please log in first.");
}
var impersonateClaim = new Claim("Common.Impersonate", "Execute");
var allowImpersonate = _authorizationManager.Value.GetAuthorizations(new[] { impersonateClaim }).Single();
if (!allowImpersonate)
{
throw new UserException(
"You are not authorized for action '{0}' on resource '{1}', user '{2}'.",
new[] { impersonateClaim.Right, impersonateClaim.Resource, ReportUserNameOrAnonymous(_userInfo) },
null,
null);
}
Guid impersonatedPrincipalId = _principals.Value
.Query(p => p.Name == impersonatedUserName)
.Select(p => p.ID).SingleOrDefault();
// This function must be called after the user is authenticated and authorized (see CheckCurrentUserClaim),
// otherwise the provided error information would be a security issue.
if (impersonatedPrincipalId == default(Guid))
{
throw new UserException("User '{0}' is not registered.",
new object[] { impersonatedUserName }, null, null);
}
var increasePermissionsClaim = new Claim("Common.Impersonate", "IncreasePermissions");
var allowIncreasePermissions = _authorizationManager.Value.GetAuthorizations(new[] { increasePermissionsClaim }).Single();
if (!allowIncreasePermissions)
{
// The impersonatedUser must have subset of permissions of the impersonating user.
// It is not allowed to impersonate a user with more permissions then the impersonating user.
var allClaims = _claims.Value.Query().Where(c => c.Active.Value)
.Select(c => new { c.ClaimResource, c.ClaimRight }).ToList()
.Select(c => new Claim(c.ClaimResource, c.ClaimRight)).ToList();
var impersonatedUserInfo = new TempUserInfo {
UserName = impersonatedUserName, Workstation = _userInfo.Workstation
};
var impersonatedUserClaims = _authorizationProvider.Value.GetAuthorizations(impersonatedUserInfo, allClaims)
.Zip(allClaims, (hasClaim, claim) => new { hasClaim, claim })
.Where(c => c.hasClaim).Select(c => c.claim).ToList();
var surplusImpersonatedClaims = _authorizationProvider.Value.GetAuthorizations(_userInfo, impersonatedUserClaims)
.Zip(impersonatedUserClaims, (hasClaim, claim) => new { hasClaim, claim })
.Where(c => !c.hasClaim).Select(c => c.claim).ToList();
if (surplusImpersonatedClaims.Any())
{
_logger.Info(
"User '{0}' is not allowed to impersonate '{1}' because the impersonated user has {2} more security claims (for example '{3}'). Increase the user's permissions or add '{4}' security claim.",
_userInfo.UserName,
impersonatedUserName,
surplusImpersonatedClaims.Count,
surplusImpersonatedClaims.First().FullName,
increasePermissionsClaim.FullName);
throw new UserException("You are not allowed to impersonate user '{0}'.",
new[] { impersonatedUserName }, $"See server log for more information. ({DateTime.Now:s})", null);
}
}
}
