/// <summary>
/// 解析被授权对象的表达式
/// </summary>
/// <param name="strExpression">被授权对象的表达式</param>
/// <param name="objType">输出参数,被授权对象的类型</param>
/// <param name="objID">输出参数,被授权对象ID</param>
/// <param name="objParentID">输出参数,被授权对象的父对象的ID</param>
/// <param name="userAccessLevel">输出参数,被授权对象中限定的人员级别</param>
public static void getObjInfo(string strExpression, out string objType, out string objID, out string objParentID, out string userAccessLevel)
{
ParseExpression pe = new ParseExpression();
pe.UserFunctions = new DoExpParsing();
getObjInfo(strExpression, out objType, out objID, out objParentID, out userAccessLevel, pe);
}
//得到表达式中对人员所属的限定信息
private static string GetBelongTo(string strExp)
{
ParseExpression pe = new ParseExpression();
pe.OutputIdentifiers = true;
pe.UserFunctions = (IExpParsing) new DoExpParsing();
pe.ChangeExpression(strExp);
ParseIdentifier pi = GetIdentifiers(pe.Identifiers, "belongto");
if (pi == null)
{
return("");
}
string strValue = String.Empty;
//得到类别
pi = pi.SubIdentifier.NextIdentifier;
strValue = pi.Identifier.ToUpper();
//得到objId
pi = pi.NextIdentifier.NextIdentifier;
strValue += "," + pi.Identifier;
//得到parentId
pi = pi.NextIdentifier.NextIdentifier;
strValue += "," + pi.Identifier;
return(strValue.Replace("\"", ""));
}
//获得表达式中定义的人员级别限定信息
private static string GetUserRank(string strExp)
{
ParseExpression pe = new ParseExpression();
pe.OutputIdentifiers = true;
pe.UserFunctions = (IExpParsing) new DoExpParsing();
pe.ChangeExpression(strExp);
ParseIdentifier pi = GetIdentifiers(pe.Identifiers, "UserRank");
if (pi == null)
{
return("");
}
string strValue = String.Empty;
//得到限定的级别
pi = pi.SubIdentifier.NextIdentifier;
strValue = pi.Identifier;
//得到操作符
pi = pi.NextIdentifier.NextIdentifier;
strValue = pi.Identifier + "," + strValue;
return(strValue.Replace("\"", ""));
}
//级别
private static bool UserRank(string strRank, string op)
{
ParseExpression pe = new ParseExpression();
pe.UserFunctions = (IExpParsing) new DoExpParsing();
pe.ChangeExpression("curuserrank" + op + strRank);
object oValue = pe.Value();
return((bool)oValue);
}
/// <summary>
/// 解析被授权对象的表达式
/// </summary>
/// <param name="strExpression">被授权对象的表达式</param>
/// <param name="objType">输出参数,被授权对象的类型</param>
/// <param name="objID">输出参数,被授权对象ID</param>
/// <param name="objParentID">输出参数,被授权对象的父对象的ID</param>
/// <param name="userAccessLevel">输出参数,被授权对象中限定的人员级别</param>
public static void getObjInfo(string strExpression, out string objType, out string objID, out string objParentID, out string userAccessLevel)
{
ParseExpression pe = new ParseExpression();
pe.UserFunctions = new DoExpParsing();
getObjInfo(strExpression, out objType, out objID, out objParentID, out userAccessLevel, pe);
}
/// <summary>
/// 解析被授权对象的表达式
/// </summary>
/// <param name="strExpression">被授权对象的表达式</param>
/// <param name="objType">输出参数,被授权对象的类型</param>
/// <param name="objID">输出参数,被授权对象ID</param>
/// <param name="objParentID">输出参数,被授权对象的父对象的ID</param>
/// <param name="userAccessLevel">输出参数,被授权对象中限定的人员级别</param>
/// <param name="pe">表达式解析类</param>
public static void getObjInfo(string strExpression, out string objType, out string objID, out string objParentID, out string userAccessLevel, ParseExpression pe)
{
objType = string.Empty;
objID = string.Empty;
objParentID = string.Empty;
userAccessLevel = string.Empty;
string strTemp;
string[] strList;
strTemp = string.Format("GetBelongTo({0})", DoExpParsing.AddDoubleQuotationMark(strExpression));
pe.ChangeExpression(strTemp);
strList = pe.Value().ToString().Split(new char[] { ',', ';' });
if (strList.Length > 0 && strList[0] != string.Empty)
objType = strList[0];
if (strList.Length > 1)
objID = strList[1];
if (strList.Length > 2)
objParentID = strList[2];
if (objType != "USERS")
{
strTemp = string.Format("GetUserRank({0})", DoExpParsing.AddDoubleQuotationMark(strExpression));
pe.ChangeExpression(strTemp);
strList = pe.Value().ToString().Split(new char[] { ',', ';' });
if (strList.Length > 1)
{
userAccessLevel = strList[1];
}
}
}
//级别
private static bool UserRank(string strRank, string op)
{
ParseExpression pe = new ParseExpression();
pe.UserFunctions = (IExpParsing)new DoExpParsing();
pe.ChangeExpression("curuserrank" + op + strRank);
object oValue = pe.Value();
return (bool)oValue;
}
//得到表达式中对人员所属的限定信息
private static string GetBelongTo(string strExp)
{
ParseExpression pe = new ParseExpression();
pe.OutputIdentifiers = true;
pe.UserFunctions = (IExpParsing)new DoExpParsing();
pe.ChangeExpression(strExp);
ParseIdentifier pi = GetIdentifiers(pe.Identifiers, "belongto");
if (pi == null)
return "";
string strValue = String.Empty;
//得到类别
pi = pi.SubIdentifier.NextIdentifier;
strValue = pi.Identifier.ToUpper();
//得到objId
pi = pi.NextIdentifier.NextIdentifier;
strValue += "," + pi.Identifier;
//得到parentId
pi = pi.NextIdentifier.NextIdentifier;
strValue += "," + pi.Identifier;
return strValue.Replace("\"", "");
}
//获得表达式中定义的人员级别限定信息
private static string GetUserRank(string strExp)
{
ParseExpression pe = new ParseExpression();
pe.OutputIdentifiers = true;
pe.UserFunctions = (IExpParsing)new DoExpParsing();
pe.ChangeExpression(strExp);
ParseIdentifier pi = GetIdentifiers(pe.Identifiers, "UserRank");
if (pi == null)
return "";
string strValue = String.Empty;
//得到限定的级别
pi = pi.SubIdentifier.NextIdentifier;
strValue = pi.Identifier;
//得到操作符
pi = pi.NextIdentifier.NextIdentifier;
strValue = pi.Identifier + "," + strValue;
return strValue.Replace("\"", "");
}
private static object DoUserFunction(string strFuncName, ParamObject[] arrParams, ParseExpression parseObj)
{
object oValue = null;
switch (strFuncName.ToLower())
{
case "organizations":
case "users":
case "groups":
oValue = strFuncName.ToUpper();
break;
//人员级别判定
case "userrank":
ExceptionHelper.TrueThrow <ApplicationException>(arrParams.Length != 2, "函数" + strFuncName + "参数个数有误!");
if (arrParams.Length == 2)
{
//string
oValue = UserRank(AddDoubleQuotationMark(arrParams[0].Value.ToString()), arrParams[1].Value.ToString());
}
break;
//当前人员Guid
case "curuserid":
oValue = "001416f3-f108-454e-9033-62b5a300e347";
break;
//当前人员级别
case "curuserrank":
oValue = "NAVVY_U";
break;
//本关区
case "curcustomsscope":
//oValue = ObjectID(arrParams[0].Value.ToString());
break;
//本部门
case "curdepartscope":
//oValue = CurObjetBelongTo(arrParams[0].Value.ToString());
break;
//自定机构服务范围
case "userdefinescope":
//oValue = CurRankLevel();
break;
//人员级别名称
case "userrankname":
oValue = UserRankName(arrParams[0].Value.ToString());
break;
//得到表达式中对人员级别的限定信息
case "getuserrank":
oValue = GetUserRank(arrParams[0].Value.ToString());
break;
//属于某对象
case "belongto":
oValue = true;
break;
//得到表达式中对人员所属的限定信息
case "getbelongto":
oValue = GetBelongTo(arrParams[0].Value.ToString());
break;
default:
ExceptionHelper.TrueThrow <ApplicationException>(true, "不存在函数:" + strFuncName);
break;
}
return(oValue);
}
/// <summary>
/// 判断是可修改的合法机构服务范围
/// </summary>
/// <param name="trans"></param>
/// <param name="scopeNode">要修改的服务范围-被授权对象关系的XML结点</param>
/// <param name="userScopes">当前人员的机构范围</param>
/// <param name="pe">表达式解析对象</param>
/// <param name="scopeName">当前服务范围名称(输出参数)</param>
/// <returns></returns>
private bool isValidScope(XmlNode scopeNode, ArrayList userScopes, ParseExpression pe, out string scopeName)
{
using (DbContext context = DbContext.GetContext(AppResource.ConnAlias))
{
//查当前机构服务范围的信息
scopeName = string.Empty;
string scopeID = scopeNode.SelectSingleNode(".//SCOPE_ID").InnerText;
string expID = scopeNode.SelectSingleNode(".//EXP_ID").InnerText;
//查询被授权对象的相关信息
string strExp = string.Empty;//被授权对象表达式
string strSql = string.Format("SELECT * FROM EXPRESSIONS WHERE ID = {0}",
TSqlBuilder.Instance.CheckQuotationMark(expID, true));
DataTable expDT = InnerCommon.ExecuteDataset(strSql).Tables[0];
if (expDT.Rows.Count > 0)
{
strExp = expDT.Rows[0]["EXPRESSION"].ToString();
}
string objType;
string objID;
string objParentID;
string userAccessLevel;
DoExpParsing.getObjInfo(strExp, out objType, out objID, out objParentID, out userAccessLevel, pe);
//查询机构服务范围的全路径
strSql = string.Format("SELECT * FROM SCOPES WHERE ID = {0}",
TSqlBuilder.Instance.CheckQuotationMark(scopeID, true));
DataTable scopeDT = InnerCommon.ExecuteDataset(strSql).Tables[0];
string scopeExp = string.Empty;
ArrayList scopePaths = new ArrayList();
if (scopeDT.Rows.Count > 0)
{
//如果是数据服务范围,不做判断
if (scopeDT.Rows[0]["CLASSIFY"].ToString() == "n")
return true;
scopePaths.Add(scopeDT.Rows[0]["DESCRIPTION"].ToString());
scopeExp = scopeDT.Rows[0]["EXPRESSION"].ToString();
scopeName = scopeDT.Rows[0]["NAME"].ToString();
#region 根据当前的被授权对象,得到本关区或本部门的全路径
if (scopeExp == "curDepartScope(curUserId)" || scopeExp == "curCustomsScope(curUserId)")
{
DataTable dt = null;
//本部门
if (scopeExp == "curDepartScope(curUserId)")
{
dt = OGUReader.GetObjectParentOrgs(objType, objID, SearchObjectColumn.SEARCH_GUID, true, false, string.Empty, string.Empty).Tables[0];
}
//本关区
else if (scopeExp == "curCustomsScope(curUserId)")
{
dt = OGUReader.GetObjectDepOrgs(objType, objID, SearchObjectColumn.SEARCH_GUID, 2, string.Empty).Tables[0];
}
scopePaths.Clear();
for (int j = 0; j < dt.Rows.Count; j++)
{
string strs = dt.Rows[j]["ALL_PATH_NAME"].ToString();
if (strs.Length > 0)
scopePaths.Add(strs);
}
}
#endregion
}
#region 判断合法性
for (int i = 0; i < scopePaths.Count; i++)
{
for (int j = 0; j < userScopes.Count; j++)
{
if (scopePaths[i].ToString().IndexOf(userScopes[j].ToString()) >= 0)
return true;
}
}
#endregion
#region 如果是总管理员则通过
DataTable detailDT = OGUReader.GetObjectsDetail(objID).Tables[0];
if (detailDT.Rows.Count > 0 && detailDT.Rows[0]["OBJECTCLASS"].ToString() == "USERS")
{
return SecurityCheck.IsAdminUser(detailDT.Rows[0]["LOGON_NAME"].ToString(), UserValueType.LogonName);
}
#endregion
return false;
}
}
/// <summary>
/// 解析被授权对象的表达式
/// </summary>
/// <param name="strExpression">被授权对象的表达式</param>
/// <param name="objType">输出参数,被授权对象的类型</param>
/// <param name="objID">输出参数,被授权对象ID</param>
/// <param name="objParentID">输出参数,被授权对象的父对象的ID</param>
/// <param name="userAccessLevel">输出参数,被授权对象中限定的人员级别</param>
/// <param name="pe">表达式解析类</param>
public static void getObjInfo(string strExpression, out string objType, out string objID, out string objParentID, out string userAccessLevel, ParseExpression pe)
{
objType = string.Empty;
objID = string.Empty;
objParentID = string.Empty;
userAccessLevel = string.Empty;
string strTemp;
string[] strList;
strTemp = string.Format("GetBelongTo({0})", DoExpParsing.AddDoubleQuotationMark(strExpression));
pe.ChangeExpression(strTemp);
strList = pe.Value().ToString().Split(new char[] { ',', ';' });
if (strList.Length > 0 && strList[0] != string.Empty)
{
objType = strList[0];
}
if (strList.Length > 1)
{
objID = strList[1];
}
if (strList.Length > 2)
{
objParentID = strList[2];
}
if (objType != "USERS")
{
strTemp = string.Format("GetUserRank({0})", DoExpParsing.AddDoubleQuotationMark(strExpression));
pe.ChangeExpression(strTemp);
strList = pe.Value().ToString().Split(new char[] { ',', ';' });
if (strList.Length > 1)
{
userAccessLevel = strList[1];
}
}
}
/// <summary>
/// 插入被授权对象
/// </summary>
/// <Insert app_code_name="ASDF" use_scope="y" role_classify="y">
/// <EXPRESSIONS ALL_PATH_NAME=\"中国海关\01海关总署\00署领导\杨国勋" OBJ_ID="5e3aa542-29c3-40b5-b4cc-617045223c22">
/// <SET>
/// <EXPRESSION>BelongTo(USERS, "5e3aa542-29c3-40b5-b4cc-617045223c22", "65eb8160-f0fa-4f1c-8984-2649788fe1d0")</EXPRESSION>
/// <ROLE_ID>ec16e6b8-5a94-4b9c-963c-08ace45dffd7</ROLE_ID>
/// <NAME>杨国勋</NAME>
/// <INHERITED>n</INHERITED>
/// <CLASSIFY>0</CLASSIFY>
/// </SET>
/// </EXPRESSIONS>
/// <EXPRESSIONS>
/// <SET>
/// ...
/// </SET>
/// </EXPRESSIONS>
/// </Insert>
protected void InsertExp(XmlDocument xmlDocInsert)
{
using (TransactionScope scope = TransactionScopeFactory.Create())
{
using (DbContext context = DbContext.GetContext(AppResource.ConnAlias))
{
string appCodeName = xmlDocInsert.DocumentElement.GetAttribute("app_code_name");
string roleClassify = xmlDocInsert.DocumentElement.GetAttribute("role_classify");
string strPreRoleID = string.Empty;
#region 判断权限
bool hasPermi = false;
if (roleClassify == "y")//自授权角色
hasPermi = SecurityCheck.DoesUserHasPermissions(LogOnUserInfo.UserLogOnName, appCodeName, "SELF_MAINTAIN_FUNC");
else if (roleClassify == "n")//应用授权角色
hasPermi = SecurityCheck.DoesUserHasPermissions(LogOnUserInfo.UserLogOnName, appCodeName, "ADD_OBJECT_FUNC");
bool defaultPermi = false;//默认权限
if (false == hasPermi)
{
bool adminUser = SecurityCheck.IsAdminUser(LogOnUserInfo.UserLogOnName);
if (adminUser)
{
//总管理员,在通用授权管理系统中,增加被授权对象,总有权限
if (appCodeName == AppResource.AppCodeName)
hasPermi = true;
else//在其它系统中,只能加自己
{
XmlNodeList expNodes = xmlDocInsert.SelectNodes(".//EXPRESSION");
for (int i = 0; i < expNodes.Count; i++)
if (expNodes.Item(i).InnerText.IndexOf(LogOnUserInfo.UserGuid) >= 0)
{
defaultPermi = true;
break;
}
}
}
}
ExceptionHelper.TrueThrow<ApplicationException>(false == hasPermi && !defaultPermi, "没有相应的权限!");
#endregion
ParseExpression pe = new ParseExpression();
pe.UserFunctions = (IExpParsing)(new DoExpParsing());
//可同时插入多个被授权对象
DataTable appTempDT = null;
string strAppID = string.Empty;
string strRoleCodeName = string.Empty;
for (int i = 0; i < xmlDocInsert.FirstChild.ChildNodes.Count; i++)
{
XmlNode nodeSet = xmlDocInsert.FirstChild.ChildNodes[i].SelectSingleNode(".//SET");
string strExp = nodeSet.SelectSingleNode(".//EXPRESSION").InnerText;
string strClassify = nodeSet.SelectSingleNode(".//CLASSIFY").InnerText;
//在默认权限下,只能加自己
if (false == hasPermi && defaultPermi)
if (strExp.IndexOf(LogOnUserInfo.UserGuid) < 0)
continue;
#region 构建Sql
//get description
string strDescription = xmlDocInsert.FirstChild.ChildNodes[i].Attributes["ALL_PATH_NAME"].Value;
//增加description结点
XmlHelper.AppendNode(nodeSet, "DESCRIPTION", strDescription);
//增加modify_time结点
string strModifyTime = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss.fff");
XmlHelper.AppendNode(nodeSet, "MODIFY_TIME", strModifyTime);
//去掉role_id结点
XmlNode roleIDNode = nodeSet.SelectSingleNode(".//ROLE_ID");
string strRoleID = roleIDNode.InnerText;
nodeSet.RemoveChild(roleIDNode);
//去掉inherited结点
XmlNode inheritedNode = nodeSet.SelectSingleNode(".//INHERITED");
string strInherited = inheritedNode.InnerText;
nodeSet.RemoveChild(inheritedNode);
//得到所有的已存在的被授权对象的GUID
string strSql = string.Empty;
//0.如果表达式已存在,则跳过
strSql = string.Format("SELECT COUNT(*) FROM EXPRESSIONS WHERE ROLE_ID = {0} AND CLASSIFY = {1} AND EXPRESSION = {2}",
TSqlBuilder.Instance.CheckQuotationMark(strRoleID, true),
TSqlBuilder.Instance.CheckQuotationMark(strClassify, true),
TSqlBuilder.Instance.CheckQuotationMark(strExp, true));
#endregion
int iCount = (int)InnerCommon.ExecuteScalar(strSql);
if (iCount != 0)
continue;
//1.本应用增加
InsertExpOfApplication(nodeSet, strRoleID, strInherited);
//2.子应增加
//自授权的被授权对象不继承
if (roleClassify == "n")
{
#region 自授权的被授权对象不继承
if (strRoleID != strPreRoleID || appTempDT == null)
{
//get app_id, code_name of role
strSql = "SELECT APP_ID, CODE_NAME FROM ROLES WHERE ID = {0}";
strSql = string.Format(strSql, TSqlBuilder.Instance.CheckQuotationMark(strRoleID, true));
DataTable DT = InnerCommon.ExecuteDataset(strSql).Tables[0];
strAppID = DT.Rows[0]["APP_ID"].ToString();
strRoleCodeName = DT.Rows[0]["CODE_NAME"].ToString();
//根据inherited_state确定继承链
Database database = DatabaseFactory.Create(context);
DbCommand command = database.CreateStoredProcedureCommand("GET_INHERITED_APPLICATIONS");
database.AddInParameter(command, "APP_ID", DbType.String, strAppID);
database.AddInParameter(command, "INHERITED_STATE", DbType.Int32, (int)(InheritedState.ROLES | InheritedState.OBJECT));
appTempDT = database.ExecuteDataSet(command).Tables[0];
}
strPreRoleID = strRoleID;
for (int j = 0; j < appTempDT.Rows.Count; j++)
{
string subAppID = appTempDT.Rows[j]["ID"].ToString();
//get subRoleID
strSql = "SELECT ID FROM ROLES WHERE APP_ID = {0} AND CODE_NAME = {1} AND INHERITED = 'y'";
strSql = string.Format(strSql, TSqlBuilder.Instance.CheckQuotationMark(subAppID, true),
TSqlBuilder.Instance.CheckQuotationMark(strRoleCodeName, true));
object obj = InnerCommon.ExecuteScalar(strSql);
if (obj != null)
InsertExpOfApplication(nodeSet, obj.ToString(), "y");
}
#endregion
}
}
}
scope.Complete();
}
//写日志
UserDataWrite.InsertUserLog(AppResource.AppCodeName, LogOpType.ADD_OBJECT_FUNC.ToString(),
"给角色增加被授权对象", xmlDocInsert.OuterXml);
}
/// <summary>
/// 校验用户自定义表达式
/// </summary>
/// <param name="strFuncName">函数名称</param>
/// <param name="arrParams">函数中使用的参数组</param>
/// <param name="parseObj">表达解析式</param>
/// <returns>用户自定义表达式的解析结果</returns>
public object CheckUserFunction(string strFuncName, ParamObject[] arrParams, ParseExpression parseObj)
{
return DoUserFunction(strFuncName, arrParams, parseObj);
}
/// <summary>
/// 校验用户自定义表达式
/// </summary>
/// <param name="strFuncName">函数名称</param>
/// <param name="arrParams">函数中使用的参数组</param>
/// <param name="parseObj">表达解析式</param>
/// <returns>用户自定义表达式的解析结果</returns>
public object CheckUserFunction(string strFuncName, ParamObject[] arrParams, ParseExpression parseObj)
{
return(DoUserFunction(strFuncName, arrParams, parseObj));
}
private static object DoUserFunction(string strFuncName, ParamObject[] arrParams, ParseExpression parseObj)
{
object oValue = null;
switch (strFuncName.ToLower())
{
case "organizations":
case "users":
case "groups":
oValue = strFuncName.ToUpper();
break;
//人员级别判定
case "userrank":
ExceptionHelper.TrueThrow<ApplicationException>(arrParams.Length != 2, "函数" + strFuncName + "参数个数有误!");
if (arrParams.Length == 2)
{
//string
oValue = UserRank(AddDoubleQuotationMark(arrParams[0].Value.ToString()), arrParams[1].Value.ToString());
}
break;
//当前人员Guid
case "curuserid":
oValue = "001416f3-f108-454e-9033-62b5a300e347";
break;
//当前人员级别
case "curuserrank":
oValue = "NAVVY_U";
break;
//本关区
case "curcustomsscope":
//oValue = ObjectID(arrParams[0].Value.ToString());
break;
//本部门
case "curdepartscope":
//oValue = CurObjetBelongTo(arrParams[0].Value.ToString());
break;
//自定机构服务范围
case "userdefinescope":
//oValue = CurRankLevel();
break;
//人员级别名称
case "userrankname":
oValue = UserRankName(arrParams[0].Value.ToString());
break;
//得到表达式中对人员级别的限定信息
case "getuserrank":
oValue = GetUserRank(arrParams[0].Value.ToString());
break;
//属于某对象
case "belongto":
oValue = true;
break;
//得到表达式中对人员所属的限定信息
case "getbelongto":
oValue = GetBelongTo(arrParams[0].Value.ToString());
break;
default:
ExceptionHelper.TrueThrow<ApplicationException>(true, "不存在函数:" + strFuncName);
break;
}
return oValue;
}
/// <summary>
/// 维护表达式-服务范围对应关系
/// </summary>
/// <param name="xmlDocDelete"></param>
/// <returns></returns>
/// <remarks>
///
/// </remarks>
/// <example>
/// xmlDocModify文档格式
/// <code>
/// <ETS app_code_name="NEW" use_scope="y">
/// <Delete>
/// <EXP_TO_SCOPES>
/// <WHERE>
/// <EXP_ID operator="=">acdba130-bcbf-45c3-993a-a7bf8761abb8</EXP_ID>
/// <SCOPE_ID operator="=">14ecc3c0-c30d-4329-96db-47edf47bfabc</SCOPE_ID>
/// </WHERE>
/// </EXP_TO_SCOPES>
/// </Delete>
/// <Insert>
/// <EXP_TO_SCOPES>
/// <SET>
/// <EXP_ID>acdba130-bcbf-45c3-993a-a7bf8761abb8</EXP_ID>
/// <SCOPE_ID>aecaa7d7-a1a6-4dfe-8626-05db003c714f</SCOPE_ID>
/// </SET>
/// </EXP_TO_SCOPES>
/// </Insert>
/// </ETS>
///
/// </code>
/// </example>
protected XmlDocument ModifyExpToScope(XmlDocument xmlDocModify)
{
using (TransactionScope scope = TransactionScopeFactory.Create())
{
string appCodeName = xmlDocModify.DocumentElement.GetAttribute("app_code_name");
ExceptionHelper.FalseThrow<ApplicationException>(
SecurityCheck.DoesUserHasPermissions(LogOnUserInfo.UserLogOnName, appCodeName, "MODIFY_SCOPE_FUNC"),
"没有相应权限!");
ParseExpression pe = new ParseExpression();
pe.UserFunctions = (IExpParsing)new DoExpParsing();
//得到当前用户的服务范围
ArrayList userScopeList = GetUserScopes(appCodeName, "MODIFY_SCOPE_FUNC", FunctionOrRole.Fuunction);
XmlDocument curNodeDoc = new XmlDocument();
StringBuilder sqlBuilder = new StringBuilder(128);
foreach (XmlNode curNode in xmlDocModify.FirstChild.ChildNodes)
{
string scopeName;
bool bValid = isValidScope(curNode, userScopeList, pe, out scopeName);
ExceptionHelper.TrueThrow<ApplicationException>(false == bValid,
string.Format("范围({0})不在当前人员的机构服务范围内, 不可修改对应关系!", scopeName));
curNodeDoc.LoadXml(curNode.OuterXml);
if (curNode.Name == "Delete")
{
sqlBuilder.Append(InnerCommon.GetDeleteSqlStr(curNodeDoc, this.GetXSDDocument("EXP_TO_SCOPES")) + ";" + Environment.NewLine);
}
else if (curNode.Name == "Insert")
{
sqlBuilder.Append(InnerCommon.GetInsertSqlStr(curNodeDoc, this.GetXSDDocument("EXP_TO_SCOPES")) + ";" + Environment.NewLine);
}
}
if (sqlBuilder.Length > 0)
InnerCommon.ExecuteNonQuery(sqlBuilder.ToString());
scope.Complete();
}
//写日志
UserDataWrite.InsertUserLog(AppResource.AppCodeName, LogOpType.MODIFY_SCOPE_FUNC.ToString(),
"修改服务范围-被授权对象之间的关系", xmlDocModify.OuterXml);
return xmlDocModify;
}