示例#1
0
        internal bool PermissionAllow(string permissionNo, string permissionAll, bool throwOnFailed)
        {
            var allowed = PermissionClientService.Authorize(permissionNo, includeStack: false);

            if (!allowed)             //不是自己拥有的权限,需要进一步判断是否可以操作
            {
                allowed = PermissionClientService.Authorize(permissionAll, includeStack: false, throwOnFailed: throwOnFailed);
            }
            return(allowed);
        }
示例#2
0
 internal bool RoleAllow(string permissionAll, string roleNo)
 {
     if (!PermissionClientService.Authorize(permissionAll, includeStack: false))             //没有对所有角色操作的权限,则需要限制为当前用户可管理的角色
     //判断是否是当前用户可管理的角色
     {
         var roles = PermissionClientService.GetUserPermissions("Admin.PermissionUserManageRole");
         return(roles.Any(x => x.PermissionValue.StringEquals(roleNo)));
     }
     return(true);
 }
示例#3
0
        public ActionResult Index()
        {
            //...
            if (PermissionClientService.Authorize("GetUsers"))
            {
            }

            var permissions = PermissionClientService.GetUserPermissions("Company.UserCompany");

            if (permissions != null && permissions.Length > 0)
            {
                var campanyId = permissions[0].PermissionValue;
            }
            return(View());
        }
示例#4
0
        public ActionResult RelationCreate(PermissionRelation model)
        {
            var allowed    = true;
            var permission = PermissionClientService.GetUserPermissions(model.PermissionNo).FirstOrDefault();

            if (permission == null || !permission.Grantable)              //当前用户没有此权限或不可转授,需要进一步判断
            {
                allowed = PermissionClientService.Authorize("Admin.PermissionRelationCreateAll", includeStack: false);
            }
            if (allowed)
            {
                //判断用户是否可对用户授权或对角色授权
                allowed = PermissionClientService.Authorize(model.TargetObject == 1 ? "Admin.PermissionRelationCreateForUser" : "Admin.PermissionRelationCreateForRole", includeStack: false);
            }

            this.ViewBag.Result = allowed ? this.PermissionServer.AddPermissionRelation(model) : AOPResult.Failed("Access Denied");
            return(this.RelationCreateInternal(model));
        }
示例#5
0
        public ActionResult UserRoleDelete(int id)
        {
            IAOPResult result = null;

            if (!PermissionClientService.Authorize("Admin.PermissionUserRoleDeleteAll", includeStack: false))              //没有对所有角色操作的权限,则需要限制为当前用户拥有的角色
            {
                var userRoles = this.PermissionServer.GetUserGroupRoles();
                var roleNo    = userRoles.Where(x => x.ID == id).Select(x => x.TargetValue).SingleOrDefault();
                //判断是否是当前用户可管理的角色
                var roles  = PermissionClientService.GetUserPermissions("Admin.PermissionUserManageRole");
                var exists = roles.Any(x => x.PermissionValue.StringEquals(roleNo));
                if (!exists)
                {
                    result = AOPResult.Failed("Access Denied");
                }
            }
            if (result == null)
            {
                result = this.PermissionServer.DeleteUserRole(id);
            }
            return(this.Json(new { result.ResultNo, result.ResultDescription }));
        }