/// <summary>
/// 根据登录名与查看权限获取筛选
/// </summary>
/// <param name="loginName">登录名</param>
/// <param name="authority">查看权限</param>
/// <returns></returns>
public static string AuthWhere(string loginName, string authority)
{
StringBuilder where = new StringBuilder();
tblUser_Sys user = CurrentHelper.GetUserByLoginName(loginName);
if (authority == "查看本人")
{
where.Append(" and (Seller= '" + user.UserName + "')");
}
else if (authority == "查看下级")
{
List <string> SellerXia = ListUnderling(user.UserName);
string CdtSeller = " (";
CdtSeller += String.Join("", SellerXia.Select(p => "'" + p + "',").ToList());
CdtSeller += "'" + user.UserName + "')";
where.Append(" and (Seller in " + CdtSeller + ")");
}
else if (authority == "查看本部门")
{
string Sql = " select UserName from tblUser_Sys where dept_New in (select dept_New from tblUser_Sys where loginName='" + loginName + "')";
DataTable DT = DBContext.DataDecision.GetDataTable(Sql);
for (int i = 0; i < DT.Rows.Count; i++)
{
string UserName = Convert.ToString(DT.Rows[i]["UserName"]);
where.Append(" and (Seller= '" + UserName + "')");
}
}
return(where.ToString());
}
public static List <string> ListUnderling(string loginName)
{
List <string> list = new List <string>();
try
{
tblUser_Sys user = CurrentHelper.GetUserByLoginName(loginName);
if (user != null && !String.IsNullOrWhiteSpace(user.UserName))
{
SqlParameter[] paras = new SqlParameter[] {
new SqlParameter("@leader", user.UserName)
};
DataTable dt = DBContext.DataDecision.GetTableByExecProc("pd_GetUnderling", paras);
list = dt.AsEnumerable().Select(p => p.Field <string>("sell")).ToList();
}
}
catch (Exception ex)
{
LogManager.Error("GetUnderling", ex);
}
return(list);
}
