private static void SetSnPerm(SnPermission perm, PermissionValue permissionValue)
{
switch (permissionValue)
{
case PermissionValue.NonDefined:
if (perm.Allow && perm.AllowFrom == null)
perm.Allow = false;
if (perm.Deny && perm.DenyFrom == null)
perm.Deny = false;
break;
case PermissionValue.Allow:
if (!perm.Allow)
perm.Allow = true;
if (perm.Deny)
perm.Deny = false;
break;
case PermissionValue.Deny:
if (!perm.Deny)
perm.Deny = true;
if (perm.Allow)
perm.Allow = false;
break;
default:
throw new NotImplementedException();
}
}
private PermissionValue[] GetPermissionValues(int allowBits, int denyBits)
{
var result = new PermissionValue[PermissionType.NumberOfPermissionTypes];
for (int i = 0; i < PermissionType.NumberOfPermissionTypes; i++)
{
var allow = (allowBits & 1) == 1;
var deny = (denyBits & 1) == 1;
allowBits = allowBits >> 1;
denyBits = denyBits >> 1;
if (deny)
{
result[i] = PermissionValue.Deny;
}
else if (allow)
{
result[i] = PermissionValue.Allow;
}
else
{
result[i] = PermissionValue.NonDefined;
}
}
return(result);
}
public PermissionDescriptor(string contentPath, IUser user, PermissionType permissionType, PermissionValue permissionValue)
{
AffectedPath = contentPath;
AffectedUser = user;
PType = permissionType;
NewValue = permissionValue;
}
private PermissionValue[] GetPermissionValues()
{
var result = new PermissionValue[ActiveSchema.PermissionTypes.Count];
var allow = AllowBits;
var deny = DenyBits;
for (int i = 0; i < result.Length; i++)
{
if ((deny & 1) == 1)
{
result[i] = PermissionValue.Deny;
}
else if ((allow & 1) == 1)
{
result[i] = PermissionValue.Allow;
}
else
{
result[i] = PermissionValue.NonDefined;
}
allow = allow >> 1;
deny = deny >> 1;
}
return(result);
}
/// <summary>
/// The add authority.
/// </summary>
/// <param name="functionId">
/// The function id.
/// </param>
/// <param name="roleId">
/// The role id.
/// </param>
/// <param name="toAddPermission">
/// The to add permission.
/// </param>
public void AddAuthority(Guid functionId, Guid roleId, PermissionValue toAddPermission)
{
this.GuardAuthorityAgum(functionId,roleId, toAddPermission);
var spec = Specification<FunctionInRole>.Eval(u => u.Role.ID == roleId && u.Function.ID == functionId);
var isexist = this.functionInRoleRepository.Exists(spec);
if (!isexist)
{
var role = this.roleRepository.GetByKey(roleId);
var function = this.functionRepository.GetByKey(functionId);
this.functionInRoleRepository.Add(new FunctionInRole()
{
ID = GuidHelper.GenerateGuid(),
Role = role,
Function = function,
PermissionValue = toAddPermission
});
}
else
{
var functionInRole = this.functionInRoleRepository.Find(spec);
// 或运算实现授权
functionInRole.PermissionValue |= toAddPermission;
this.functionInRoleRepository.Update(functionInRole);
}
// TODO:unitofwork模式
this.functionInRoleRepository.Context.Commit();
}
public static List <PermissionsOutput> Get(List <string> PermissionValueList)
{
Type thisClass = (typeof(Permission));
List <PermissionsOutput> resultList = new List <PermissionsOutput>();
foreach (string PermissionValue in PermissionValueList)
{
var a = PermissionValue.Split('.');
var classType = thisClass.GetNestedType(a[1]);
FieldInfo fieldLabel = classType.GetField("Label");
string ob = fieldLabel.GetValue(null).ToString();
string action = "";
if (a[2] == "View")
{
action = "Ver ";
}
else if (a[2] == "Edit")
{
action = "Editar ";
}
else if (a[2] == "Create")
{
action = "Crear ";
}
resultList.Add(new PermissionsOutput {
Label = action + ob, Value = PermissionValue
});
}
return(resultList);
}
internal SecurityEntry[] SetAcl(SnAccessControlList acl)
{
var result = new List <SecurityEntry>();
//var acl0 = GetAcl(nodeId, path, creatorId);
foreach (var entry in acl.Entries)
{
var values = new PermissionValue[ActiveSchema.PermissionTypes.Count];
foreach (var perm in entry.Permissions)
{
//var id = ActiveSchema.PermissionTypes[perm.Name].Id;
//var allow = perm.AllowFrom == null ? perm.Allow : false;
//var deny = perm.DenyFrom == null ? perm.Deny : false;
//var value = deny ? PermissionValue.Deny : (allow ? PermissionValue.Allow : PermissionValue.NonDefined);
//values[id - 1] = value;
var id = ActiveSchema.PermissionTypes[perm.Name].Id;
var value = perm.Deny ? PermissionValue.Deny : (perm.Allow ? PermissionValue.Allow : PermissionValue.NonDefined);
values[id - 1] = value;
}
result.Add(new SecurityEntry(acl.NodeId, entry.Identity.NodeId, entry.Propagates, values));
}
return(result.ToArray());
}
public PermissionDescriptor(string contentPath, IUser user, PermissionType permissionType, PermissionValue permissionValue)
{
AffectedPath = contentPath;
AffectedUser = user;
PType = permissionType;
NewValue = permissionValue;
}
public void SetPermission(ISecurityMember securityMember, bool isInheritable, PermissionType permissionType, PermissionValue permissionValue)
{
if (securityMember == null)
throw new ArgumentNullException("securityMember");
if (permissionType == null)
throw new ArgumentNullException("permissionType");
Assert(PermissionType.SetPermissions);
var entry = PermissionEvaluator.Instance.GetExplicitEntry(this._node.Path, securityMember.Id);
var allowBits = 0;
var denyBits = 0;
if (entry != null)
{
allowBits = entry.AllowBits;
denyBits = entry.DenyBits;
}
SetBits(ref allowBits, ref denyBits, permissionType, permissionValue);
var memberId = securityMember.Id;
var permSet = new PermissionSet(memberId, isInheritable, allowBits, denyBits);
entry = permSet.ToEntry(this.NodeId);
DataProvider.Current.SetPermission(entry);
Reset();
}
private void SetPermissionValues(PermissionValue[] values)
{
int allow = 0;
int deny = 0;
//foreach (var value in values)
//{
// allow = allow << 1;
// deny = deny << 1;
// if (value == PermissionValue.Allow)
// allow++;
// else if (value == PermissionValue.Deny)
// deny++;
//}
for (int i = values.Length - 1; i >= 0; i--)
{
allow = allow << 1;
deny = deny << 1;
if (values[i] == PermissionValue.Allow)
allow++;
else if (values[i] == PermissionValue.Deny)
deny++;
}
AllowBits = allow;
DenyBits = deny;
}
/* ----------------------------------------------------------------- */
///
/// Set
///
/// <summary>
/// Sets all of the methods to the same permission.
/// </summary>
///
/* ----------------------------------------------------------------- */
private static void Set(this Encryption src, PermissionValue value)
{
src.Permission.Accessibility = value;
src.Permission.CopyContents = value;
src.Permission.InputForm = value;
src.Permission.ModifyAnnotations = value;
src.Permission.ModifyContents = value;
src.Permission.Print = value;
}
public void SetPermission(IUser user, PermissionType permissionType, PermissionValue permissionValue)
{
var node = Node.LoadNode(Path);
if (node != null)
{
node.Security.SetPermission(user, true, permissionType, permissionValue);
}
}
public void SetPermission(IUser user, PermissionType permissionType, PermissionValue permissionValue)
{
var node = Node.LoadNode(Path);
if (node != null)
{
SecurityHandler.CreateAclEditor().SetPermission(node.Id, user.Id, false, permissionType, permissionValue).Apply();
}
}
internal AclEditor SetPermission(int principalId, bool propagates, PermissionType permissionType, PermissionValue permissionValue)
{
var entry = GetEntry(principalId, propagates);
var perm = GetSnPerm(entry, permissionType);
int allowBits;
int denyBits;
entry.GetPermissionBits(out allowBits, out denyBits);
SecurityHandler.SetBits(ref allowBits, ref denyBits, permissionType, permissionValue);
entry.SetPermissionsBits(allowBits, denyBits);
return this;
}
public static bool SetPermission(string Category, string PermissionName, string PermissionType)
{
PermissionValue value = PermissionValue.None;
IControl permissionCell = DL_PermissionsPage.GetPermissionValue(Category, PermissionName, PermissionType, out value);
if (permissionCell != null && !Control_PropertyUtilities.IsControlNull(permissionCell))
{
return(Control_ActionUtilities.Click(permissionCell, String.Empty));
}
return(false);
}
static IControl GetCell(IControl row, String permissionType, out PermissionValue permissionValue)//,out bool found)
{
permissionValue = PermissionValue.None;
//found = false;
IControl c = null;
IControl cell = null;
ReadOnlyCollection <IControl> cells = SyncUtilities.FindElements_Parent(row.WebElement, By.TagName("td"));
if (permissionType.Equals("Allow", StringComparison.InvariantCultureIgnoreCase))
{
cell = cells[2];
}
else if (permissionType.Equals("Deny", StringComparison.InvariantCultureIgnoreCase))
{
cell = cells[3];
}
else if (permissionType.Equals("Hide", StringComparison.InvariantCultureIgnoreCase))
{
cell = cells[4];
}
else if (permissionType.Equals("View", StringComparison.InvariantCultureIgnoreCase))
{
cell = cells[5];
}
else if (permissionType.Equals("Edit", StringComparison.InvariantCultureIgnoreCase))
{
cell = cells[6];
}
if (cell != null)
{
c = SyncUtilities.FindElement_Parent(cell.WebElement, By.TagName("input"));
if (c.WebElement != null)
{
//found = true;
String propValue = c.WebElement.GetAttribute("checked");
if (String.IsNullOrEmpty(propValue))
{
permissionValue = PermissionValue.False;
}
else if (propValue.Equals("true", StringComparison.InvariantCultureIgnoreCase))
{
permissionValue = PermissionValue.True;
}
}
else
{
permissionValue = PermissionValue.None;
}
}
return(c);
}
/// <summary>
/// 添加功能项对应的权限值
/// </summary>
/// <param name="chkbox">单击的checkbox</param>
private void PermissionGridSetPermissionByCheckBox(CheckBox chkbox)
{
T_SYS_PERMISSION TablePermission = new T_SYS_PERMISSION();
TablePermission = chkbox.Tag as T_SYS_PERMISSION;
PermissionValue PermValue = new PermissionValue();
PermValue.Permission = TablePermission.PERMISSIONID;
if (chkbox.IsChecked == true)
{
foreach (var ent in SelectingCustomerpermission)
{
//ent.PermissionValue aa = new ObservableCollection<PermissionValue>();
var ents = from a in ListPermValue
where a.Permission == PermValue.Permission
select a;
if (ent.PermissionValue == null)
{
ListPermValue.Add(PermValue);
}
else
{
if (!(ents.Count() > 0))
{
ListPermValue.Add(PermValue);
}
}
if (ListPermValue.Count() > 0)
{
ent.PermissionValue = ListPermValue;
}
ListCustomerpermission.Add(ent);
}
SelectingCustomerpermission.Clear();//将上一次选中的功能项清空
}
else //没选中 则删除 相对应的 权限
{
foreach (var ent in ListCustomerpermission)
{
PermValue.Permission = TablePermission.PERMISSIONID;
var EntPermValue = from entPerm in ent.PermissionValue
where entPerm.Permission == TablePermission.PERMISSIONID
select entPerm;
if (EntPermValue.Count() > 0)
{
ent.PermissionValue.Remove(PermValue);
}
}
}
}
private PermissionValue[] GetPermissionValues()
{
var result = new PermissionValue[ActiveSchema.PermissionTypes.Count];
var allow = AllowBits;
var deny = DenyBits;
for (int i = 0; i < result.Length; i++)
{
if ((deny & 1) == 1)
result[i] = PermissionValue.Deny;
else if ((allow & 1) == 1)
result[i] = PermissionValue.Allow;
else
result[i] = PermissionValue.NonDefined;
allow = allow >> 1;
deny = deny >> 1;
}
return result;
}
private static void SetSnPerm(SnPermission perm, PermissionValue permissionValue)
{
switch (permissionValue)
{
case PermissionValue.NonDefined:
if (perm.Allow && perm.AllowFrom == null)
{
perm.Allow = false;
}
if (perm.Deny && perm.DenyFrom == null)
{
perm.Deny = false;
}
break;
case PermissionValue.Allow:
if (!perm.Allow)
{
perm.Allow = true;
}
if (perm.Deny)
{
perm.Deny = false;
}
break;
case PermissionValue.Deny:
if (!perm.Deny)
{
perm.Deny = true;
}
if (perm.Allow)
{
perm.Allow = false;
}
break;
default:
throw new NotImplementedException();
}
}
static bool ArePermissionsValid(String category, GroupPermissionData data)
{
PermissionValue value = PermissionValue.None;
DL_PermissionsPage.GetPermissionValue(category, data.PermissionName, "Allow", out value);
if (!AreValuesEqual(category, data.PermissionName, data.Allow, value))
{
Console.WriteLine("Permission mismatched for " + category + "__" + data.PermissionName + "__Allow");
return(false);
}
DL_PermissionsPage.GetPermissionValue(category, data.PermissionName, "Deny", out value);
if (!AreValuesEqual(category, data.PermissionName, data.Deny, value))
{
Console.WriteLine("Permission mismatched for " + category + "__" + data.PermissionName + "__Deny");
return(false);
}
DL_PermissionsPage.GetPermissionValue(category, data.PermissionName, "Hide", out value);
if (!AreValuesEqual(category, data.PermissionName, data.Hide, value))
{
Console.WriteLine("Permission mismatched for " + category + "__" + data.PermissionName + "__Hide");
return(false);
}
DL_PermissionsPage.GetPermissionValue(category, data.PermissionName, "View", out value);
if (!AreValuesEqual(category, data.PermissionName, data.View, value))
{
Console.WriteLine("Permission mismatched for " + category + "__" + data.PermissionName + "__View");
return(false);
}
DL_PermissionsPage.GetPermissionValue(category, data.PermissionName, "Edit", out value);
if (!AreValuesEqual(category, data.PermissionName, data.Edit, value))
{
Console.WriteLine("Permission mismatched for " + category + "__" + data.PermissionName + "__Edit");
return(false);
}
return(true);
}
public PermissionValue[] GetPermissionValues()
{
var values = new PermissionValue[PermissionTypeBase.PermissionCount];
for (var i = 0; i < PermissionTypeBase.PermissionCount; i++)
{
var mask = 1ul << i;
if ((DenyBits & mask) != 0)
{
values[i] = PermissionValue.Denied; // '-';
}
else if ((AllowBits & mask) == mask)
{
values[i] = PermissionValue.Allowed; // '+';
}
else
{
values[i] = PermissionValue.Undefined; // '_';
}
}
return(values);
}
static bool SetPermissions(List <GroupPermissionsData> dataList, out bool arePermissionsChanged)
{
arePermissionsChanged = false;
try
{
String currentCategory = String.Empty;
foreach (GroupPermissionsData data in dataList)
{
if (ExpandCategory(currentCategory, data.Category))
{
currentCategory = data.Category;
}
PermissionValue value = PermissionValue.None;
IControl permissionCell = DL_PermissionsPage.GetPermissionValue(data.Category, data.Permission, data.PermissionType, out value);
if (permissionCell != null && !Control_PropertyUtilities.IsControlNull(permissionCell))
{
bool found = false;
String propValue = Control_PropertyUtilities.GetAttributeValue(permissionCell, "checked", out found);
if (!found)
{
bool isClicked = Control_ActionUtilities.Click(permissionCell, String.Empty);
arePermissionsChanged = true;
}
}
else
{
return(false);
}
}
return(true);
}
catch (Exception e)
{
new DebugLogGenerator().WriteException(MethodBase.GetCurrentMethod().DeclaringType.Name, MethodBase.GetCurrentMethod().Name, e);
}
return(false);
}
internal static void SetBits(ref uint allowBits, ref uint denyBits)
{
var perms = ActiveSchema.PermissionTypes.ToArray();
var values = new PermissionValue[perms.Length];
foreach (var perm in perms)
{
values[perm.Index - 1] = GetValue(allowBits, denyBits, perm);
}
foreach (var perm in perms)
{
if (values[perm.Index - 1] == PermissionValue.Allow)
{
SetBits(ref allowBits, ref denyBits, perm, PermissionValue.Allow);
}
}
foreach (var perm in perms)
{
if (values[perm.Index - 1] == PermissionValue.Deny)
{
SetBits(ref allowBits, ref denyBits, perm, PermissionValue.Deny);
}
}
}
public void SetPermission(IOrganizationalUnit orgUnit, bool isInheritable, PermissionType permissionType, PermissionValue permissionValue)
{
if (orgUnit == null)
throw new ArgumentNullException("orgUnit");
SetPermission(orgUnit as ISecurityMember, isInheritable, permissionType, permissionValue);
}
public void ImportPermissions(XmlNode permissionsNode, string metadataPath)
{
Assert(PermissionType.SetPermissions);
var permissionTypes = ActiveSchema.PermissionTypes;
//-- parsing and executing 'Break'
var breakNode = permissionsNode.SelectSingleNode("Break");
if (breakNode != null)
{
if (_node.IsInherited)
BreakInheritanceWithoutReset();
}
else
{
if (!_node.IsInherited)
RemoveBreakInheritanceWithoutReset();
}
//-- parsing and executing 'Clear'
var clearNode = permissionsNode.SelectSingleNode("Clear");
if (clearNode != null)
RemoveExplicitEntriesWithoutReset();
var identityElementIndex = 0;
foreach (XmlElement identityElement in permissionsNode.SelectNodes("Identity"))
{
identityElementIndex++;
//-- checking identity path
var path = identityElement.GetAttribute("path");
if (String.IsNullOrEmpty(path))
throw ImportPermissionExceptionHelper(String.Concat("Missing or empty path attribute of the Identity element ", identityElementIndex, "."), metadataPath, null);
var pathCheck =RepositoryPath.IsValidPath(path);
if (pathCheck != RepositoryPath.PathResult.Correct)
throw ImportPermissionExceptionHelper(String.Concat("Invalid path of the Identity element ", identityElementIndex, ": ", path, " (", pathCheck, ")."), metadataPath, null);
//-- getting identity node
var identityNode = Node.LoadNode(path);
if(identityNode==null)
throw ImportPermissionExceptionHelper(String.Concat("Identity ", identityElementIndex, " was not found: ", path, "."), metadataPath, null);
//-- initializing value array
var values = new PermissionValue[permissionTypes.Count];
foreach (var permType in permissionTypes)
values[permType.Id - 1] = PermissionValue.NonDefined;
//-- parsing value array
foreach (XmlElement permissionElement in identityElement.SelectNodes("*"))
{
var permName = permissionElement.LocalName;
var permType = permissionTypes.Where(p => String.Compare(p.Name, permName, true) == 0).FirstOrDefault();
if(permType==null)
throw ImportPermissionExceptionHelper(String.Concat("Permission type was not found in Identity ", identityElementIndex, "."), metadataPath, null);
var permValue = PermissionValue.NonDefined;
switch (permissionElement.InnerText.ToLower())
{
case "allow": permValue = PermissionValue.Allow; break;
case "deny": permValue = PermissionValue.Deny; break;
default:
throw ImportPermissionExceptionHelper(String.Concat("Invalid permission value in Identity ", identityElementIndex, ": ", permissionElement.InnerText, ". Allowed values: Allow, Deny"), metadataPath, null);
}
values[permType.Id - 1] = permValue;
}
//-- setting permissions
SetPermissionsWithoutReset(identityNode.Id, true, values);
}
Reset();
}
/// <summary>
/// The verify permission.
/// </summary>
/// <param name="toVerification">
/// The to verification.
/// </param>
/// <param name="functionInRole">
/// The function in role.
/// </param>
/// <returns>
/// The <see cref="bool"/>.
/// </returns>
public bool VerifyPermission(PermissionValue toVerification,
PermissionValue functionInRole)
{
return (toVerification & functionInRole) != 0;
}
internal static void SetBits(ref int allowBits, ref int denyBits, PermissionType permissionType, PermissionValue permissionValue)
{
var actionBit = 0x1 << (permissionType.Id - 1);
switch (permissionValue)
{
case PermissionValue.Deny:
if (actionBit == SEEBIT)
denyBits |= SAVEGROUPBITS + OPENMINORBIT + OPENBIT + SEEBIT + MANAGELISTSANDWORKSPACESBIT;
else if (actionBit == OPENBIT)
denyBits |= SAVEGROUPBITS + OPENMINORBIT + OPENBIT + MANAGELISTSANDWORKSPACESBIT;
else if (actionBit == OPENMINORBIT)
denyBits |= SAVEGROUPBITS + OPENMINORBIT + MANAGELISTSANDWORKSPACESBIT;
else if (actionBit == SEEPERMISSIONSBIT)
denyBits |= SETPERMISSIONSBIT;
else if (actionBit == SAVEBIT)
denyBits |= MANAGELISTSANDWORKSPACESBIT;
else if (actionBit == ADDNEWBIT)
denyBits |= MANAGELISTSANDWORKSPACESBIT;
else if (actionBit == DELETEBIT)
denyBits |= MANAGELISTSANDWORKSPACESBIT;
denyBits |= actionBit;
allowBits &= ~denyBits;
break;
case PermissionValue.NonDefined:
var abits = 0;
var dbits = 0;
if (actionBit == SEEBIT)
{
abits |= SAVEGROUPBITS + OPENMINORBIT + OPENBIT + SEEBIT;
dbits |= ~(SEEBIT);
}
else if (actionBit == OPENBIT)
{
abits |= SAVEGROUPBITS + OPENMINORBIT + OPENBIT;
dbits |= ~(SEEBIT | OPENBIT);
}
else if (actionBit == OPENMINORBIT)
{
abits |= SAVEGROUPBITS + OPENMINORBIT;
dbits |= ~(SEEBIT | OPENBIT | OPENMINORBIT);
}
else if ((actionBit & SAVEGROUPBITS) != 0)
{
abits |= actionBit;
dbits |= ~(actionBit | OPENMINORBIT | OPENBIT | SEEBIT);
}
else if (actionBit == SEEPERMISSIONSBIT)
{
abits |= SETPERMISSIONSBIT + SEEPERMISSIONSBIT;
dbits |= ~SEEPERMISSIONSBIT;
}
else if (actionBit == SETPERMISSIONSBIT)
{
abits |= SETPERMISSIONSBIT;
dbits |= ~(SETPERMISSIONSBIT | SEEPERMISSIONSBIT);
}
else if (actionBit == RUNAPPLICATIONBIT)
{
abits |= RUNAPPLICATIONBIT;
dbits |= ~(RUNAPPLICATIONBIT);
}
else if (actionBit == MANAGELISTSANDWORKSPACESBIT)
{
abits |= MANAGELISTSANDWORKSPACESBIT;
dbits |= ~(MANAGELISTSANDWORKSPACESBIT);
}
else
{
dbits = ~0;
}
allowBits &= ~abits;
denyBits &= dbits;
break;
case PermissionValue.Allow:
if ((actionBit & SAVEGROUPBITS) > 0)
allowBits |= actionBit + SEEBIT + OPENBIT + OPENMINORBIT;
else if (actionBit == OPENMINORBIT)
allowBits |= actionBit + SEEBIT + OPENBIT;
else if (actionBit == OPENBIT)
allowBits |= actionBit + SEEBIT;
else if (actionBit == SETPERMISSIONSBIT)
allowBits |= SEEPERMISSIONSBIT;
else if (actionBit == MANAGELISTSANDWORKSPACESBIT)
allowBits |= actionBit + SEEBIT + OPENBIT + OPENMINORBIT + SAVEBIT + ADDNEWBIT + DELETEBIT;
allowBits |= actionBit;
denyBits &= ~allowBits;
break;
default:
throw new NotSupportedException("Unknown PermissionValue: " + permissionValue);
}
}
protected internal override void SetPermission(int principalId, int nodeId, PermissionType permissionType, bool isInheritable, PermissionValue permissionValue)
{
WriteLog(MethodInfo.GetCurrentMethod(), principalId, nodeId, permissionType, isInheritable, permissionValue);
base.SetPermission(principalId, nodeId, permissionType, isInheritable, permissionValue);
}
//======================================================================================================== Administration methods
public void SetPermission(IUser user, bool isInheritable, PermissionType permissionType, PermissionValue permissionValue)
{
if (user == null)
throw new ArgumentNullException("user");
SetPermission(user as ISecurityMember, isInheritable, permissionType, permissionValue);
}
/// <summary>
/// 根据选定的功能项,从内存中移除已勾销的权限项,以便提交
/// </summary>
/// <param name="entTemp"></param>
/// <param name="PerObj"></param>
private void RemoveCustomPermissionByPerm(T_SYS_ENTITYMENU entMenu, PermissionValue PerObj)
{
if (this.DataContext == null)
{
return;
}
ClearOrganizationDataGrid();
List<CustomerPermission> ListCustomerpermission = this.DataContext as List<CustomerPermission>;
var q = from c in ListCustomerpermission
where c.EntityMenuId == entMenu.ENTITYMENUID
select c;
CustomerPermission entTemp = q.FirstOrDefault();
if (entTemp.PermissionValue == null)
{
return;
}
if (entTemp.PermissionValue.Count() == 0)
{
return;
}
var ents = from ent in entTemp.PermissionValue
where ent.Permission == PerObj.Permission
select ent;
if (ents.Count() > 0)
{
ents.ToList().ForEach(item => {
entTemp.PermissionValue.Remove(item);
});
}
//entTemp.PermissionValue.Remove(PerObj);
//entTemp.PermissionValue.Remove(ents.FirstOrDefault());
this.DataContext = ListCustomerpermission;
}
public void SetPermission(IGroup group, bool isInheritable, PermissionType permissionType, PermissionValue permissionValue)
{
if (group == null)
throw new ArgumentNullException("group");
SetPermission(group as ISecurityMember, isInheritable, permissionType, permissionValue);
}
public AclEditor SetPermission(ISecurityMember securityMember, bool propagates, PermissionType permissionType, PermissionValue permissionValue)
{
return SetPermission(securityMember.Id, propagates, permissionType, permissionValue);
}
/// <summary>
/// 根据角色ID获取自定义权限数据
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
void clientPerm_GetCutomterPermissionObjCompleted(object sender, GetCutomterPermissionObjCompletedEventArgs e)
{
RefreshUI(RefreshedTypes.HideProgressBar);
if (e.Error == null)
{
List<CustomerPermission> ListCustomerpermission = e.Result.ToList();
if (ListCustomerpermission == null)
{
ListCustomerpermission = new List<CustomerPermission>();
FormType = FormTypes.New;
return;
}
if (ListCustomerpermission.Count() == 0)
{
FormType = FormTypes.New;
return;
}
if (ListCustomerpermission.Count() > 0)
FormType = FormTypes.Edit;
this.DataContext = ListCustomerpermission;
foreach (CustomerPermission ent in ListCustomerpermission)
{
CustomerPermission tmp = new CustomerPermission();
tmp.EntityMenuId = ent.EntityMenuId;
ObservableCollection<PermissionValue> lstvalue = new ObservableCollection<PermissionValue>();
//ObjectCollection<PermissionValue> lstValue = new ObjectCollection<PermissionValue>();
ent.PermissionValue.ForEach(item => {
PermissionValue oldVaue = new PermissionValue();
oldVaue.Permission = item.Permission;
if (item.OrgObjects != null)
{
if (item.OrgObjects.Count() > 0)
{
ObservableCollection<OrgObject> lstorgs = new ObservableCollection<OrgObject>();
item.OrgObjects.ForEach(itemorg => {
OrgObject org = new OrgObject();
org.OrgID = itemorg.OrgID;
org.OrgType = itemorg.OrgType;
lstorgs.Add(org);
});
//添加组织架构
oldVaue.OrgObjects = lstorgs;
}
}
lstvalue.Add(oldVaue);
});
//lstvalue = ent.PermissionValue;
//添加权限
tmp.PermissionValue = lstvalue;
tmpOldPermissionList.Add(tmp);
}
//tmpOldPermissionList = ListCustomerpermission;//原来的数据
ObservableCollection<string> strMenuIDs = new ObservableCollection<string>();
ListCustomerpermission.ForEach(item =>
{
strMenuIDs.Add(item.EntityMenuId);
});
clientPerm.GetEntityMenuByMenuIDsAsync(strMenuIDs, "");
}
else
{
Utility.ShowCustomMessage(MessageTypes.Error, Utility.GetResourceStr("ERROR"), e.Error.ToString());
}
}
static bool AreValuesEqual(String category, String permissionName, String value1, PermissionValue value2)
{
switch (value2)
{
case PermissionValue.True:
if (value1.Equals("true", StringComparison.InvariantCultureIgnoreCase))
{
return(true);
}
break;
case PermissionValue.False:
if (value1.Equals("false", StringComparison.InvariantCultureIgnoreCase))
{
return(true);
}
break;
case PermissionValue.None:
if (value1.Equals("NA", StringComparison.InvariantCultureIgnoreCase))
{
return(true);
}
break;
}
return(false);
}
private static PermissionValue[] GetAllPermissions(IUser user, string path, int creatorId, int lastModifierId)
{
var userId = user.Id;
if (userId != AccessProvider.Current.GetCurrentUser().Id)
Assert(path, creatorId, lastModifierId, null, PermissionType.SeePermissions);
if (userId == -1)
{
var result = new PermissionValue[PermissionType.NumberOfPermissionTypes];
for (int i = 0; i < PermissionType.NumberOfPermissionTypes; i++)
result[i] = PermissionValue.Allow;
return result;
}
var isCreator = userId == creatorId;
var isLastModifier = userId == lastModifierId;
return PermissionEvaluator.Instance.GetAllPermissions(path.ToLower(), user, isCreator, isLastModifier);
}
public void SetPermissions(int principalId, bool isInheritable, PermissionValue[] permissionValues)
{
Assert(PermissionType.SetPermissions);
SetPermissionsWithoutReset(principalId, isInheritable, permissionValues);
Reset();
}
public static IControl GetPermissionValue(String category, String permissionName, String permissionType, out PermissionValue permissionValue)
{
permissionValue = PermissionValue.None;
IControl c = null;
if (!String.IsNullOrEmpty(category) && !String.IsNullOrEmpty(permissionName) && !String.IsNullOrEmpty(permissionType))
{
category = category.Replace(" ", String.Empty);
String id = "Permissions_" + category;
permissionName = permissionName.Replace(" ", String.Empty);
permissionName = permissionName.Replace("/", String.Empty);
permissionType = permissionType.Replace(" ", String.Empty);
ReadOnlyCollection <IControl> rows = SyncUtilities.FindElements(By.Id(id));
foreach (IControl row in rows)
{
IControl cell = SyncUtilities.FindElement_Parent(row.WebElement, By.Id(permissionName));
if (cell.WebElement != null)
{
return(GetCell(row, permissionType, out permissionValue));
}
}
}
return(c);
}
internal static void SetBits(ref uint allowBits, ref uint denyBits, PermissionType permissionType, PermissionValue permissionValue)
{
var permCount = ActiveSchema.PermissionTypes.Count;
var y = permissionType.Index - 1;
var thisbit = 1u << y;
var allowedBefore = (allowBits & thisbit) != 0;
var deniedBefore = (denyBits & thisbit) != 0;
switch (permissionValue)
{
case PermissionValue.Allow:
for (var x = 0; x < permCount; x++)
{
if (PermissionDependencyTable[y][x] == 1)
{
allowBits |= 1u << x;
denyBits &= ~(1u << x);
}
}
break;
case PermissionValue.Deny:
for (var x = 0; x < permCount; x++)
{
if (PermissionDependencyTable[x][y] == 1)
{
allowBits &= ~(1u << x);
denyBits |= 1u << x;
}
}
break;
case PermissionValue.NonDefined:
if (allowedBefore)
{
for (var x = 0; x < permCount; x++)
{
if (PermissionDependencyTable[x][y] == 1)
{
allowBits &= ~(1u << x);
}
}
}
else if (deniedBefore)
{
for (var x = 0; x < permCount; x++)
{
if (PermissionDependencyTable[y][x] == 1)
{
denyBits &= ~(1u << x);
}
}
}
break;
default:
throw new NotSupportedException("Unknown PermissionValue: " + permissionValue);
}
}
internal AclEditor SetPermission(int principalId, bool propagates, PermissionType permissionType, PermissionValue permissionValue)
{
var entry = GetEntry(principalId, propagates);
var perm = GetSnPerm(entry, permissionType);
uint allowBits;
uint denyBits;
entry.GetPermissionBits(out allowBits, out denyBits);
PermissionBits.SetBits(ref allowBits, ref denyBits, permissionType, permissionValue);
entry.SetPermissionsBits(allowBits, denyBits);
return(this);
}
/// <summary>
/// The guard authority agum.
/// </summary>
/// <param name="functionId">
/// The function id.
/// </param>
/// <param name="roleId">
/// The role id.
/// </param>
/// <param name="permissionValue">
/// The permission value.
/// </param>
/// <exception cref="Exception">
/// </exception>
private void GuardAuthorityAgum(Guid functionId,
Guid roleId, PermissionValue permissionValue)
{
var functionIsExist = this.functionRepository.Exists(Specification<Function>.Eval(f => f.ID == functionId));
var roleIsExist = this.roleRepository.Exists(Specification<Role>.Eval(u => u.ID == roleId));
if (!functionIsExist || !roleIsExist)
{
throw new Exception("功能或角色不存在,请检查参数信息");
}
var function = this.functionRepository.GetByKey(functionId);
if (!this.VerifyPermission(permissionValue, function.PermissionValue))
{
throw new Exception("该模块功能不具有需要添加的权限,禁止添加");
}
}
public AclEditor SetPermission(ISecurityMember securityMember, bool propagates, PermissionType permissionType, PermissionValue permissionValue)
{
return(SetPermission(securityMember.Id, propagates, permissionType, permissionValue));
}
/* ----------------------------------------------------------------- */ /// /// IsAllowed /// /// <summary> /// Determines whether the specified operation is allowed. /// </summary> /// /// <param name="src">PermissionMethod object.</param> /// /// <returns>true for allowed.</returns> /// /* ----------------------------------------------------------------- */ public static bool IsAllowed(this PermissionValue src) => src == PermissionValue.Allow;
protected internal override void SetPermission(int principalId, int nodeId, PermissionType permissionType, bool isInheritable, PermissionValue permissionValue)
{
SqlProcedure cmd = null;
try
{
cmd = new SqlProcedure { CommandText = "proc_Security_SetPermission" };
cmd.Parameters.Add("@PrincipalId", SqlDbType.Int).Value = principalId;
cmd.Parameters.Add("@NodeId", SqlDbType.Int).Value = nodeId;
cmd.Parameters.Add("@PermissionTypeId", SqlDbType.Int).Value = permissionType.Id;
cmd.Parameters.Add("@IsInheritable", SqlDbType.TinyInt).Value = isInheritable ? (byte)1 : (byte)0;
cmd.Parameters.Add("@PermissionValue", SqlDbType.TinyInt).Value = (byte)permissionValue;
cmd.ExecuteNonQuery();
}
finally
{
cmd.Dispose();
}
}
protected internal abstract void SetPermission(int principalId, int nodeId, PermissionType permissionType, bool isInheritable, PermissionValue permissionValue);
/// <summary>
/// The delete authority.
/// </summary>
/// <param name="functionId">
/// The function id.
/// </param>
/// <param name="roleId">
/// The role id.
/// </param>
/// <param name="toRemovePermission">
/// The to remove permission.
/// </param>
/// <exception cref="Exception">
/// </exception>
public void DeleteAuthority(Guid functionId,Guid roleId, PermissionValue toRemovePermission)
{
var spec = Specification<FunctionInRole>.Eval(u => u.Role.ID == roleId
&& u.Function.ID == functionId);
var isexist = this.functionInRoleRepository.Exists(spec);
if (!isexist)
{
throw new Exception("尚未赋予权限");
}
var functionInRole = this.functionInRoleRepository.Find(spec);
// 求补和与运算实现权限移除:value= value&(~toremove)
functionInRole.PermissionValue &= ~toRemovePermission;
this.functionInRoleRepository.Update(functionInRole);
// TODO:应当使用unitofwork模式
// 领域服务是否依赖仓储?
this.functionInRoleRepository.Context.Commit();
}
internal SecurityEntry(int definedOnNodeId, int principalId, bool isInheritable, PermissionValue[] permissionValues)
: base(principalId, isInheritable, permissionValues)
{
DefinedOnNodeId = definedOnNodeId;
//_principalId = principalId;
//_isInheritable = isInheritable;
//_permissionValues = permissionValues;
}
/// <summary>
/// The verify permission.
/// </summary>
/// <param name="functionId">
/// The function id.
/// </param>
/// <param name="roleId">
/// The role id.
/// </param>
/// <param name="toVerification">
/// The to verification.
/// </param>
/// <returns>
/// The <see cref="bool"/>.
/// </returns>
public bool VerifyPermission(Guid functionId,
Guid roleId,PermissionValue toVerification)
{
var spec = Specification<FunctionInRole>.Eval(u => u.Role.ID == roleId && u.Function.ID == functionId);
var isexist = this.functionInRoleRepository.Exists(spec);
// 不存在则表示未授权
if (!isexist)
{
return false;
}
var functionInRole = this.functionInRoleRepository.Find(spec);
return this.VerifyPermission(toVerification,functionInRole.PermissionValue);
}
/// <summary>
/// 权限验证
/// </summary>
/// <param name="toVerification">需要验证的权限</param>
/// <param name="functionInRole">已经存在的权限</param>
/// <returns></returns>
public static bool VerifyPermission(int toVerification, PermissionValue functionInRole)
{
return(((PermissionValue)toVerification & functionInRole) != 0);
}
public PermissionAttribute(PermissionValue permissionValue)
{
Permissions = new[] { permissionValue };
Requirement = PermissionRequirement.RequireAll;
}
/// <summary>
/// 根据选定的功能项,添加权限项到内存中,以便提交
/// </summary>
/// <param name="entTemp"></param>
/// <param name="ListPermValue"></param>
private void AddCustomPermissionByPerm(T_SYS_ENTITYMENU entMenu, PermissionValue entPermVal)
{
if (this.DataContext == null)
{
return;
}
List<CustomerPermission> ListCustomerpermission = this.DataContext as List<CustomerPermission>;
var q = from c in ListCustomerpermission
where c.EntityMenuId == entMenu.ENTITYMENUID
select c;
CustomerPermission entTemp = q.FirstOrDefault();
ObservableCollection<PermissionValue> ListPermValue = new ObservableCollection<PermissionValue>();
if (entTemp.PermissionValue == null)
{
ListPermValue.Add(entPermVal);
}
else
{
if (entTemp.PermissionValue.Count() == 0)
{
ListPermValue.Add(entPermVal);
}
else
{
ListPermValue = entTemp.PermissionValue;
var c = from p in ListPermValue
where p.Permission == entPermVal.Permission
select p;
//if (q.Count() == 0)
if (c.Count() == 0)
{
ListPermValue.Add(entPermVal);
}
}
}
entTemp.PermissionValue = ListPermValue;
this.DataContext = ListCustomerpermission;
ClearOrganizationDataGrid(); //清空组织架构的选择项
}
/* ----------------------------------------------------------------- */ /// /// IsDenid /// /// <summary> /// Determines whether the specified operation is denied. /// </summary> /// /// <param name="src">PermissionMethod object.</param> /// /// <returns>true for denied.</returns> /// /* ----------------------------------------------------------------- */ public static bool IsDenid(this PermissionValue src) => src == PermissionValue.Deny;
public PermissionSettingAttribute(PermissionValue value)
{
this.permissionValue = value;
}
public PermissionSet(int principalId, bool propagates, PermissionValue[] values) : base(values)
{
PrincipalId = principalId;
Propagates = propagates;
}
public static bool HasPermission(long permissions, PermissionValue value)
{
return((permissions & (long)value) == (long)value);
}
public PermissionBits(PermissionValue[] values)
{
SetPermissionValues(values);
}
/// <summary>
/// Initializes a new instance of the <see cref="SystemModelAttribute"/> class.
/// </summary>
/// <param name="name">
/// 模块名称.
/// </param>
/// <param name="permissionValue">
/// 模块权限值.
/// </param>
/// <param name="groupName">
/// 分组名称.
/// </param>
public SystemModelAttribute(string name, PermissionValue permissionValue = PermissionValue.All, string groupName = null)
{
this.name = name;
this.groupName = groupName;
this.permissionValue = permissionValue;
}
private void SetUnCheckedPermission(CheckBox chBox)
{
if (DaGrMenu.SelectedItems.Count == 0)
{
return;
}
T_SYS_PERMISSION entPerm = chBox.Tag as T_SYS_PERMISSION;
PermissionValue PerObj = new PermissionValue();
PerObj.Permission = entPerm.PERMISSIONID;
T_SYS_ENTITYMENU entTemp = DaGrMenu.SelectedItems[0] as T_SYS_ENTITYMENU;
RemoveCustomPermissionByPerm(entTemp, PerObj);
}
private void SetPermissionsWithoutReset(int principalId, bool isInheritable, PermissionValue[] permissionValues)
{
var permSet = new PermissionSet(principalId, isInheritable, permissionValues);
var allowBits = permSet.AllowBits;
var denyBits = permSet.DenyBits;
SetBits(ref allowBits, ref denyBits);
permSet = new PermissionSet(principalId, isInheritable, allowBits, denyBits);
var entry = permSet.ToEntry(NodeId);
DataProvider.Current.SetPermission(entry);
}
