/// <summary> /// 判断用户是否有有相应的权限 /// </summary> /// <param name="systemCode">系统编号</param> /// <param name="userId">用户主键</param> /// <param name="permissionCode">权限编号</param> /// <returns>有权限</returns> public bool CheckPermission(string systemCode, string userId, string permissionCode) { if (String.IsNullOrEmpty(systemCode)) { return(false); } if (String.IsNullOrEmpty(userId)) { return(false); } string permissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode); // 没有找到相应的权限 if (String.IsNullOrEmpty(permissionId)) { return(false); } this.CurrentTableName = systemCode + "Permission"; List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >(); parameters.Add(new KeyValuePair <string, object>(BasePermissionEntity.FieldResourceCategory, BaseUserEntity.TableName)); parameters.Add(new KeyValuePair <string, object>(BasePermissionEntity.FieldResourceId, userId)); parameters.Add(new KeyValuePair <string, object>(BasePermissionEntity.FieldEnabled, 1)); parameters.Add(new KeyValuePair <string, object>(BasePermissionEntity.FieldDeletionStateCode, 0)); //宋彪注:permisssionId先没加上 parameters.Add(new KeyValuePair <string, object>(BasePermissionEntity.FieldPermissionId, permissionId)); return(this.Exists(parameters)); }
/// <summary> /// 用户的所有可授权范围(有授权权限的权限列表) /// </summary> /// <param name="userInfo">用户</param> /// <param name="userId">用户主键</param> /// <param name="permissionCode">权限域编号</param> /// <returns>数据表</returns> public DataTable GetPermissionDTByPermission(BaseUserInfo userInfo, string userId, string permissionCode) { var dt = new DataTable(BaseModuleEntity.TableName); var parameter = ServiceInfo.Create(userInfo, MethodBase.GetCurrentMethod()); ServiceUtil.ProcessUserCenterReadDb(userInfo, parameter, (dbHelper) => { string permissionId = BaseModuleManager.GetIdByCodeByCache(userInfo.SystemCode, permissionCode); // 数据库里没有设置可授权的权限项,系统自动增加一个权限配置项 if (String.IsNullOrEmpty(permissionId) && permissionCode.Equals("Resource.ManagePermission")) { BaseModuleEntity permissionEntity = new BaseModuleEntity(); permissionEntity.Code = "Resource.ManagePermission"; permissionEntity.FullName = "资源管理范围权限(系统默认)"; permissionEntity.IsScope = 1; permissionEntity.Enabled = 1; permissionEntity.AllowDelete = 0; permissionEntity.AllowDelete = 0; new BaseModuleManager(userInfo).AddObject(permissionEntity); } dt = new BaseModuleManager().GetDataTableByUser(userInfo.SystemCode, userId, permissionCode); dt.TableName = BaseModuleEntity.TableName; }); return(dt); }
/// <summary> /// 获得有某个权限的所有用户主键 /// </summary> /// <param name="systemCode">系统编号</param> /// <param name="permissionCode">操作权限编号</param> /// <returns>用户主键数组</returns> public string[] GetUserIds(string systemCode, string permissionCode) { // 若不存在就需要自动能增加一个操作权限项 string permissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode); return(GetUserIdsByPermissionId(systemCode, permissionId)); }
public BasePermissionScopeEntity GetConstraintEntity(string resourceCategory, string resourceId, string tableName, string permissionCode = "Resource.AccessPermission") { BasePermissionScopeEntity entity = null; string permissionId = string.Empty; permissionId = BaseModuleManager.GetIdByCodeByCache(this.UserInfo.SystemCode, permissionCode); List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >(); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceCategory, resourceCategory)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceId, resourceId)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetCategory, "Table")); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetId, tableName)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionId, permissionId)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldDeletionStateCode, 0)); // 1:先获取是否有这样的主键,若有进行更新操作。 BasePermissionScopeManager manager = new BasePermissionScopeManager(this.DbHelper, this.UserInfo); var dt = manager.GetDataTable(parameters); if (dt.Rows.Count > 0) { entity = BaseEntity.Create <BasePermissionScopeEntity>(dt); } return(entity); }
/// <summary> /// 获得有某个权限的所有用户主键 /// </summary> /// <param name="organizeId">组织机构主键</param> /// <param name="permissionCode">操作权限编号</param> /// <param name="permissionItemName">操作权限名称</param> /// <returns>用户主键数组</returns> public string[] GetUserIds(string systemCode, string organizeId, string permissionCode, string permissionName = null) { string permissionId = string.Empty; // 若不存在就需要自动能增加一个操作权限项 permissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode); return(GetUserIdsByPermissionId(organizeId, permissionId)); }
public string SetUserOrganizeScope(string systemCode, string userId, PermissionOrganizeScope permissionScope, string permissionCode = "Resource.AccessPermission", bool containChild = false) { string result = string.Empty; string permissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode); if (!string.IsNullOrEmpty(permissionId)) { string tableName = BaseOrganizeScopeEntity.TableName; if (!string.IsNullOrEmpty(systemCode)) { tableName = systemCode + "OrganizeScope"; } BaseOrganizeScopeManager organizeScopeManager = new BaseOrganizeScopeManager(this.DbHelper, this.UserInfo, tableName); List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >(); parameters.Add(new KeyValuePair <string, object>(BaseOrganizeScopeEntity.FieldResourceCategory, BaseUserEntity.TableName)); parameters.Add(new KeyValuePair <string, object>(BaseOrganizeScopeEntity.FieldResourceId, userId)); parameters.Add(new KeyValuePair <string, object>(BaseOrganizeScopeEntity.FieldPermissionId, permissionId)); result = organizeScopeManager.GetId(parameters); BaseOrganizeScopeEntity organizeScopeEntity = null; if (string.IsNullOrEmpty(result)) { organizeScopeEntity = new BaseOrganizeScopeEntity(); } else { organizeScopeEntity = organizeScopeManager.GetObject(result); } organizeScopeEntity.AllData = (permissionScope == PermissionOrganizeScope.AllData ? 1 : 0); organizeScopeEntity.Province = (permissionScope == PermissionOrganizeScope.Province ? 1 : 0); organizeScopeEntity.City = (permissionScope == PermissionOrganizeScope.City ? 1 : 0); organizeScopeEntity.District = (permissionScope == PermissionOrganizeScope.District ? 1 : 0); organizeScopeEntity.UserCompany = (permissionScope == PermissionOrganizeScope.UserCompany ? 1 : 0); organizeScopeEntity.UserSubCompany = (permissionScope == PermissionOrganizeScope.UserSubCompany ? 1 : 0); organizeScopeEntity.UserDepartment = (permissionScope == PermissionOrganizeScope.UserDepartment ? 1 : 0); organizeScopeEntity.UserSubDepartment = (permissionScope == PermissionOrganizeScope.UserSubDepartment ? 1 : 0); organizeScopeEntity.UserWorkgroup = (permissionScope == PermissionOrganizeScope.UserWorkgroup ? 1 : 0); organizeScopeEntity.OnlyOwnData = (permissionScope == PermissionOrganizeScope.OnlyOwnData ? 1 : 0); organizeScopeEntity.ByDetails = (permissionScope == PermissionOrganizeScope.ByDetails ? 1 : 0); organizeScopeEntity.NotAllowed = (permissionScope == PermissionOrganizeScope.NotAllowed ? 1 : 0); organizeScopeEntity.Enabled = 1; organizeScopeEntity.DeletionStateCode = 0; organizeScopeEntity.ContainChild = containChild ? 1 : 0; organizeScopeEntity.PermissionId = int.Parse(permissionId); organizeScopeEntity.ResourceCategory = BaseUserEntity.TableName; organizeScopeEntity.ResourceId = userId; if (string.IsNullOrEmpty(result)) { result = organizeScopeManager.Add(organizeScopeEntity); } else { organizeScopeManager.Update(organizeScopeEntity); } } return(result); }
/// <summary> /// 直接看用户本身是否有这个权限(不管角色是否有权限) /// </summary> /// <param name="systemCode">系统</param> /// <param name="userId">用户主键</param> /// <param name="permissionCode">权限主键</param> /// <returns>是否有权限</returns> public bool CheckPermissionByUser(string systemCode, string userId, string permissionCode) { string permissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode); // 没有找到相应的权限 if (String.IsNullOrEmpty(permissionId)) { return(false); } return(CheckResourcePermission(systemCode, BaseUserEntity.TableName, userId, permissionId)); }
/// <summary> /// 获取用户的件约束表达式 /// </summary> /// <param name="userInfo">用户</param> /// <param name="tableName">表名</param> /// <returns>主键</returns> public string GetUserConstraint(string tableName, string permissionCode = "Resource.AccessPermission") { string result = string.Empty; // 这里是获取用户的条件表达式 // 1: 首先用户在哪些角色里是有效的? // 2: 这些角色都有哪些哪些条件约束? // 3: 组合约束条件? // 4:用户本身的约束条件? string permissionId = string.Empty; permissionId = BaseModuleManager.GetIdByCodeByCache(this.UserInfo.SystemCode, permissionCode); BaseUserManager manager = new BaseUserManager(this.DbHelper, this.UserInfo); string[] roleIds = manager.GetRoleIds(UserInfo.Id); if (roleIds == null || roleIds.Length == 0) { return(result); } BasePermissionScopeManager scopeManager = new BasePermissionScopeManager(this.DbHelper, this.UserInfo); List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >(); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceCategory, BaseRoleEntity.TableName)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceId, roleIds)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetCategory, "Table")); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetId, tableName)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionId, permissionId)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldEnabled, 1)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldDeletionStateCode, 0)); DataTable dtPermissionScope = scopeManager.GetDataTable(parameters); string permissionConstraint = string.Empty; foreach (DataRow dr in dtPermissionScope.Rows) { permissionConstraint = dr[BasePermissionScopeEntity.FieldPermissionConstraint].ToString(); permissionConstraint = permissionConstraint.Trim(); if (!string.IsNullOrEmpty(permissionConstraint)) { result += " AND " + permissionConstraint; } } if (!string.IsNullOrEmpty(result)) { result = result.Substring(5); // 解析替换约束表达式标准函数 result = ConstraintUtil.PrepareParameter(this.UserInfo, result); } return(result); }
// // 撤销授权范围的实现部分 // #region private int RevokeRole(BasePermissionScopeManager manager, string userId, string revokeRoleId, string permissionCode) 为了提高授权的运行速度 /// <summary> /// 为了提高授权的运行速度 /// </summary> /// <param name="manager">权限域读写器</param> /// <param name="userId">用户主键</param> /// <param name="revokeRoleId">权限主键</param> /// <param name="permissionCode">权限编号</param> /// <returns>主键</returns> private int RevokeRole(BasePermissionScopeManager manager, string systemCode, string userId, string revokeRoleId, string permissionCode) { string permissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode); string roleTableName = UserInfo.SystemCode + "Role"; List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >(); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceCategory, BaseUserEntity.TableName)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceId, userId)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetCategory, roleTableName)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetId, revokeRoleId)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionId, permissionId)); return(manager.Delete(parameters)); }
/// <summary> /// 用户授予权限 /// </summary> /// <param name="systemCode">系统编号</param> /// <param name="userId">用户主键</param> /// <param name="permissionCode">权限编号</param> /// <returns>影响行数</returns> public int RevokeByPermissionCode(string systemCode, string userId, string permissionCode) { int result = 0; string permissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode); if (!String.IsNullOrEmpty(permissionId)) { result = this.Revoke(systemCode, userId, permissionId); } return(result); }
/// <summary> /// 用户授予权限 /// </summary> /// <param name="systemCode">系统编号</param> /// <param name="userId">用户主键</param> /// <param name="permissionCode">权限编号</param> public string GrantByPermissionCode(string systemCode, string userId, string permissionCode) { string result = string.Empty; string permissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode); if (!String.IsNullOrEmpty(permissionId)) { result = this.Grant(systemCode, userId, permissionId); } return(result); }
// // 授予授权范围的实现部分 // #region private string GrantPermission(BasePermissionScopeManager manager, string id, string userId, string grantPermissionId) 为了提高授权的运行速度 /// <summary> /// 为了提高授权的运行速度 /// </summary> /// <param name="manager">权限域读写器</param> /// <param name="userId">用户主键</param> /// <param name="grantPermissionId">权限主键</param> /// <param name="permissionCode">权限编号</param> /// <returns>主键</returns> private string GrantPermission(BasePermissionScopeManager permissionScopeManager, string systemCode, string userId, string grantPermissionId, string permissionCode) { string result = string.Empty; BasePermissionScopeEntity resourcePermissionScopeEntity = new BasePermissionScopeEntity(); resourcePermissionScopeEntity.PermissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode); resourcePermissionScopeEntity.ResourceCategory = BaseUserEntity.TableName; resourcePermissionScopeEntity.ResourceId = userId; resourcePermissionScopeEntity.TargetCategory = BaseModuleEntity.TableName; resourcePermissionScopeEntity.TargetId = grantPermissionId; resourcePermissionScopeEntity.Enabled = 1; resourcePermissionScopeEntity.DeletionStateCode = 0; return(permissionScopeManager.Add(resourcePermissionScopeEntity)); }
public static bool CheckPermissionByRoleByCache(string systemCode, string roleId, string permissionCode) { string permissionId = string.Empty; permissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode); // 没有找到相应的权限 if (String.IsNullOrEmpty(permissionId)) { return(false); } string[] permissionIds = BaseRolePermissionManager.GetPermissionIdsByCache(systemCode, new string[] { roleId }); return(Array.IndexOf(permissionIds, permissionId) >= 0); }
/// <summary> /// 获取委托列表 /// </summary> /// <param name="permissionCode">操作权限编号</param> /// <param name="userId">用户主键</param> /// <returns>数据表</returns> public DataTable GetAuthorizeDT(string systemCode, string permissionCode, string userId = null) { if (userId == null) { userId = this.UserInfo.Id; } // 获取别人委托我的列表 string permissionId = string.Empty; permissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode); string tableName = systemCode + "PermissionScope"; BasePermissionScopeManager permissionScopeManager = new BasePermissionScopeManager(this.UserInfo, tableName); string[] names = new string[] { BasePermissionScopeEntity.FieldDeletionStateCode , BasePermissionScopeEntity.FieldEnabled , BasePermissionScopeEntity.FieldResourceCategory , BasePermissionScopeEntity.FieldPermissionId , BasePermissionScopeEntity.FieldTargetCategory , BasePermissionScopeEntity.FieldTargetId }; Object[] values = new Object[] { 0, 1, BaseUserEntity.TableName, permissionId, BaseUserEntity.TableName, userId }; // 排除过期的,此方法有性能问题,已经放到后台的Sql中处理。 comment by zgl on 2011-10-27 //var result = manager.GetDataTable(names, values); //for (int i = 0; i < result.Rows.Count; i++) //{ // if (!string.IsNullOrEmpty(result.Rows[i][BasePermissionScopeEntity.FieldEndDate].ToString())) // { // // 过期的不显示 // if (DateTime.Parse(result.Rows[i][BasePermissionScopeEntity.FieldEndDate].ToString()).Date < DateTime.Now.Date) // { // result.Rows.RemoveAt(i); // // result 行数会减少 // i--; // } // } //} //排除过期的,已经放到后台的Sql中处理。 var dt = permissionScopeManager.GetAuthoriedList(BaseUserEntity.TableName, permissionId, BaseUserEntity.TableName, userId); string[] userIds = BaseBusinessLogic.FieldToArray(dt, BasePermissionScopeEntity.FieldResourceId).Distinct <string>().Where(t => !string.IsNullOrEmpty(t)).ToArray(); BaseUserManager userManager = new BaseUserManager(this.UserInfo); return(userManager.GetDataTable(userIds)); }
/// <summary> /// 用户角色关系是否有模块权限 /// 2015-12-15 吉日嘎拉 优化参数化 /// </summary> /// <param name="systemCode">系统编号</param> /// <param name="roleId">角色主键</param> /// <param name="permissionCode">权限编号</param> /// <returns>有角色权限</returns> public bool CheckPermissionByRole(string systemCode, string roleId, string permissionCode) { // 判断当前判断的权限是否存在,否则很容易出现前台设置了权限,后台没此项权限 // 需要自动的能把前台判断过的权限,都记录到后台来 string permissionId = string.Empty; #if (DEBUG) if (String.IsNullOrEmpty(permissionId)) { BaseModuleEntity permissionEntity = new BaseModuleEntity(); permissionEntity.Code = permissionCode; permissionEntity.FullName = permissionCode; permissionEntity.IsScope = 0; permissionEntity.IsPublic = 0; permissionEntity.IsMenu = 0; permissionEntity.IsVisible = 1; permissionEntity.AllowDelete = 1; permissionEntity.AllowEdit = 1; permissionEntity.DeletionStateCode = 0; permissionEntity.Enabled = 1; // 这里是防止主键重复? // permissionEntity.ID = BaseBusinessLogic.NewGuid(); BaseModuleManager moduleManager = new Business.BaseModuleManager(); moduleManager.AddObject(permissionEntity); } else { // 更新最后一次访问日期,设置为当前服务器日期 SQLBuilder sqlBuilder = new SQLBuilder(DbHelper); sqlBuilder.BeginUpdate(this.CurrentTableName); sqlBuilder.SetDBNow(BaseModuleEntity.FieldLastCall); sqlBuilder.SetWhere(BaseModuleEntity.FieldId, permissionId); sqlBuilder.EndUpdate(); } #endif permissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode); // 没有找到相应的权限 if (String.IsNullOrEmpty(permissionId)) { return(false); } string resourceCategory = systemCode + "Role"; return(CheckResourcePermission(systemCode, resourceCategory, roleId, permissionId)); }
public string GetPermissionIdByCode(string permissionCode) { string systemCode = "Base"; if (UserInfo != null && !string.IsNullOrEmpty(UserInfo.SystemCode)) { systemCode = UserInfo.SystemCode; } /* * string tableName = systemCode + "Module"; * BaseModuleManager moduleManager = new BaseModuleManager(DbHelper, UserInfo, tableName); * // 这里应该是若不存在就自动加一个操作权限 * return moduleManager.GetIdByAdd(permissionCode); */ return(BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode)); }
/// <summary> /// 设置约束条件 /// </summary> /// <param name="userInfo">用户</param> /// <param name="resourceCategory">资源类别</param> /// <param name="resourceId">资源主键</param> /// <param name="tableName">表名</param> /// <param name="constraint">约束</param> /// <param name="enabled">有效</param> /// <param name="permissionCode">操作权限项</param> /// <returns>主键</returns> public string SetConstraint(string resourceCategory, string resourceId, string tableName, string permissionCode, string constraint, bool enabled = true) { string result = string.Empty; string permissionId = string.Empty; permissionId = BaseModuleManager.GetIdByCodeByCache(this.UserInfo.SystemCode, permissionCode); List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >(); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceCategory, resourceCategory)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceId, resourceId)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetCategory, "Table")); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetId, tableName)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionId, permissionId)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldDeletionStateCode, 0)); BasePermissionScopeManager manager = new BasePermissionScopeManager(this.DbHelper, this.UserInfo); // 1:先获取是否有这样的主键,若有进行更新操作。 // 2:若没有进行添加操作。 result = manager.GetId(parameters); if (!string.IsNullOrEmpty(result)) { parameters = new List <KeyValuePair <string, object> >(); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionConstraint, constraint)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldEnabled, enabled ? 1 : 0)); manager.SetProperty(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldId, result), parameters); } else { BasePermissionScopeEntity entity = new BasePermissionScopeEntity(); entity.ResourceCategory = resourceCategory; entity.ResourceId = resourceId; entity.TargetCategory = "Table"; entity.TargetId = tableName; entity.PermissionConstraint = constraint; entity.PermissionId = permissionId; entity.DeletionStateCode = 0; entity.Enabled = enabled ? 1: 0; result = manager.Add(entity); } return(result); }
/// <summary> /// 撤销角色权限 /// </summary> /// <param name="userInfo">用户</param> /// <param name="roleName">角色名</param> /// <param name="permissionCode">权限编号</param> /// <returns>主键</returns> public int RevokeRolePermission(BaseUserInfo userInfo, string roleName, string permissionCode) { int result = 0; var parameter = ServiceInfo.Create(userInfo, MethodBase.GetCurrentMethod()); ServiceUtil.ProcessUserCenterWriteDb(userInfo, parameter, (dbHelper) => { string roleId = BaseRoleManager.GetIdByNameByCache(userInfo.SystemCode, roleName); string permissionId = BaseModuleManager.GetIdByCodeByCache(userInfo.SystemCode, permissionCode); if (!String.IsNullOrEmpty(roleId) && !String.IsNullOrEmpty(permissionId)) { var rolePermissionManager = new BaseRolePermissionManager(dbHelper, userInfo); result = rolePermissionManager.Revoke(userInfo.SystemCode, roleId, permissionId); } }); return(result); }
/// <summary> /// 获取用户权限树 /// </summary> /// <param name="userInfo">用户</param> /// <param name="userId">用户主键</param> /// <param name="permissionName">权限名称</param> /// <param name="permissionCode">权限编号</param> /// <returns>用户主键</returns> public string[] GetPermissionTreeUserIds(string systemCode, string userId, string permissionCode, string permissionName = null) { string[] result = null; string tableName = string.Empty; string permissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode); if (!string.IsNullOrEmpty(permissionId)) { tableName = " (SELECT ResourceId, TargetId FROM " + UserInfo.SystemCode + "PermissionScope WHERE Enabled = 1 AND DeletionStateCode = 0 AND ResourceCategory = '" + BaseUserEntity.TableName + "' AND TargetCategory = '" + BaseUserEntity.TableName + "' AND PermissionId = " + permissionId + ") T "; // tableName = UserInfo.SystemCode + "UserUserScope"; string fieldParentId = "ResourceId"; //"ManagerUserId"; string fieldId = "TargetId"; // "UserId"; string order = null; bool idOnly = true; DataTable dt = DbLogic.GetChildrens(this.DbHelper, tableName, fieldId, userId, fieldParentId, order, idOnly); result = BaseBusinessLogic.FieldToArray(dt, "TargetId"); } return(result); }
//// //// //// 授权范围管理部分 //// //// #region public string[] GetUserIds(string systemCode, string userId, string permissionCode) 获取员工的权限主键数组 /// <summary> /// 获取员工的权限主键数组 /// </summary> /// <param name="systemCode">系统编号</param> /// <param name="userId">用户主键</param> /// <param name="permissionCode">权限编号</param> /// <returns>主键数组</returns> public string[] GetUserIds(string systemCode, string userId, string permissionCode) { string[] result = null; string permissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode); if (!string.IsNullOrEmpty(permissionId)) { List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >(); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceCategory, BaseUserEntity.TableName)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceId, userId)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetCategory, BaseUserEntity.TableName)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionId, permissionId)); // 20130605 JiRiGaLa 这个运行效率更高一些 result = this.GetProperties(parameters, BasePermissionScopeEntity.FieldTargetId); // var result = this.GetDataTable(parameters); // result = BaseBusinessLogic.FieldToArray(result, BasePermissionScopeEntity.FieldTargetId).Distinct<string>().Where(t => !string.IsNullOrEmpty(t)).ToArray(); } return(result); }
// // 授予授权范围的实现部分 // #region private string GrantRole(BasePermissionScopeManager manager, string id, string userId, string grantRoleId) 为了提高授权的运行速度 /// <summary> /// 为了提高授权的运行速度 /// </summary> /// <param name="manager">权限范围管理器</param> /// <param name="systemCode">系统编号</param> /// <param name="userId">用户主键</param> /// <param name="grantRoleId">权限主键</param> /// <param name="permissionCode">权限编号</param> /// <returns>主键</returns> private string GrantRole(BasePermissionScopeManager manager, string systemCode, string userId, string grantRoleId, string permissionCode) { string result = string.Empty; string permissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode); if (!string.IsNullOrEmpty(permissionId)) { string roleTableName = systemCode + "Role"; BasePermissionScopeEntity entity = new BasePermissionScopeEntity(); entity.PermissionId = permissionId; entity.ResourceCategory = BaseUserEntity.TableName; entity.ResourceId = userId; entity.TargetCategory = roleTableName; entity.TargetId = grantRoleId; entity.Enabled = 1; entity.DeletionStateCode = 0; result = manager.Add(entity); } return(result); }
/// <summary> /// /// </summary> /// <param name="result"></param> /// <param name="resourceCategory"></param> /// <param name="targetId"></param> /// <param name="targetResourceCategory"></param> /// <param name="permissionCode"></param> /// <returns></returns> public string[] GetPermissionScopeResourceIds(BaseUserInfo userInfo, string resourceCategory, string targetId, string targetResourceCategory, string permissionCode) { string[] result = null; var parameter = ServiceInfo.Create(userInfo, MethodBase.GetCurrentMethod()); ServiceUtil.ProcessUserCenterReadDb(userInfo, parameter, (dbHelper) => { string permissionId = BaseModuleManager.GetIdByCodeByCache(userInfo.SystemCode, permissionCode); List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >(); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetId, targetId)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceCategory, resourceCategory)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionId, permissionId)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetCategory, targetResourceCategory)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldEnabled, 1)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldDeletionStateCode, 0)); string tableName = userInfo.SystemCode + "PermissionScope"; result = DbLogic.GetProperties(dbHelper, tableName, parameters, 0, BasePermissionScopeEntity.FieldResourceId); }); return(result); }
/// <summary> /// 为了提高授权的运行速度 /// </summary> /// <param name="manager">权限域读写器</param> /// <param name="userId">用户主键</param> /// <param name="grantOrganizeId">权组织机构限主键</param> /// <param name="permissionCode">权限编号</param> /// <returns>主键</returns> private string GrantOrganize(BasePermissionScopeManager manager, string systemCode, string userId, string grantOrganizeId, string permissionCode = "Resource.AccessPermission", bool containChild = false) { string result = string.Empty; string permissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode); if (!string.IsNullOrEmpty(permissionId)) { List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >(); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceCategory, BaseUserEntity.TableName)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceId, userId)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetCategory, BaseOrganizeEntity.TableName)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetId, grantOrganizeId)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionId, permissionId)); // Nick Deng 优化数据权限设置,没有权限和其他任意一种权限互斥 // 即当没有权限时,该用户对应该数据权限的其他权限都应删除 // 当该用户拥有对应该数据权限的其他权限时,删除该用户的没有权限的权限 result = manager.GetId(parameters); if (!string.IsNullOrEmpty(result)) { manager.SetProperty(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldId, result), new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldContainChild, containChild ? 1 : 0)); } else { BasePermissionScopeEntity entity = new BasePermissionScopeEntity(); entity.PermissionId = permissionId; entity.ResourceCategory = BaseUserEntity.TableName; entity.ResourceId = userId; entity.TargetCategory = BaseOrganizeEntity.TableName; entity.TargetId = grantOrganizeId; entity.ContainChild = containChild ? 1 : 0; entity.Enabled = 1; entity.DeletionStateCode = 0; result = manager.Add(entity); } } return(result); }
//// //// //// 授权范围管理部分 //// //// #region public string[] GetPermissionIds(string userId, string permissionCode) 获取员工的权限主键数组 /// <summary> /// 获取员工的权限主键数组 /// </summary> /// <param name="userId">员工主键</param> /// <param name="permissionCode">权限编号</param> /// <returns>主键数组</returns> public string[] GetPermissionIds(string systemCode, string userId, string permissionCode) { string[] result = null; List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >(); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceCategory, BaseUserEntity.TableName)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceId, userId)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetCategory, BaseModuleEntity.TableName)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionId, BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode))); var dt = this.GetDataTable(parameters); result = BaseBusinessLogic.FieldToArray(dt, BasePermissionScopeEntity.FieldTargetId).Distinct <string>().Where(t => !string.IsNullOrEmpty(t)).ToArray(); return(result); }
private string GetSearchConditional(string permissionCode, string where, bool?enabled, string auditStates, string companyId = null, string departmentId = null) { string whereClause = BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldDeletionStateCode + " = 0 "; if (enabled.HasValue) { if (enabled == true) { whereClause += " AND " + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldEnabled + " = 1 "; } else { whereClause += " AND " + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldEnabled + " = 0 "; } } if (!String.IsNullOrEmpty(where)) { // 传递过来的表达式,还是搜索值? if (where.IndexOf("AND") < 0 && where.IndexOf("=") < 0) { where = StringUtil.GetSearchString(where); whereClause += " AND (" + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldUserName + " LIKE '" + where + "'" // + " OR " + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldSimpleSpelling + " LIKE '" + where + "'" + " OR " + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldCode + " LIKE '" + where + "'" + " OR " + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldRealName + " LIKE '" + where + "'" + " OR " + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldQuickQuery + " LIKE '" + where + "'" + " OR " + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldCompanyName + " LIKE '" + where + "'" + " OR " + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldDepartmentName + " LIKE '" + where + "'" // + " OR " + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldDescription + " LIKE '" + search + "'" + ")"; } else { whereClause += " AND (" + where + ")"; } } if (!string.IsNullOrEmpty(departmentId)) { /* * BaseOrganizeManager organizeManager = new BaseOrganizeManager(this.DbHelper, this.UserInfo); * string[] ids = organizeManager.GetChildrensId(BaseOrganizeEntity.FieldId, departmentId, BaseOrganizeEntity.FieldParentId); * if (ids != null && ids.Length > 0) * { * whereClause += " AND (" + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldCompanyId + " IN (" + StringUtil.ArrayToList(ids) + ")" + " OR " + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldDepartmentId + " IN (" + StringUtil.ArrayToList(ids) + ")" + " OR " + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldWorkgroupId + " IN (" + StringUtil.ArrayToList(ids) + "))"; + } */ whereClause += " AND (" + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldDepartmentId + " = " + departmentId + ")"; } if (!string.IsNullOrEmpty(companyId)) { whereClause += " AND (" + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldCompanyId + " = " + companyId + ")"; } if (enabled != null) { whereClause += " AND (" + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldEnabled + " = " + ((bool)enabled ? 1 : 0) + ")"; } // 是否过滤用户, 获得组织机构列表, 这里需要一个按用户过滤得功能 if (!string.IsNullOrEmpty(permissionCode) && (!UserInfo.IsAdministrator) && (BaseSystemInfo.UsePermissionScope)) { // string permissionCode = "Resource.ManagePermission"; string permissionId = BaseModuleManager.GetIdByCodeByCache(UserInfo.SystemCode, permissionCode); if (!string.IsNullOrEmpty(permissionId)) { // 从小到大的顺序进行显示,防止错误发生 BaseUserScopeManager userPermissionScopeManager = new BaseUserScopeManager(this.DbHelper, this.UserInfo); string[] organizeIds = userPermissionScopeManager.GetOrganizeIds(UserInfo.SystemCode, UserInfo.Id, permissionId); // 没有任何数据权限 if (StringUtil.Exists(organizeIds, ((int)PermissionOrganizeScope.NotAllowed).ToString())) { whereClause += " AND (" + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldId + " = NULL ) "; } // 按详细设定的数据 if (StringUtil.Exists(organizeIds, ((int)PermissionOrganizeScope.ByDetails).ToString())) { BasePermissionScopeManager permissionScopeManager = new BasePermissionScopeManager(DbHelper, UserInfo); string[] userIds = permissionScopeManager.GetUserIds(UserInfo.SystemCode, UserInfo.Id, permissionCode); whereClause += " AND (" + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldId + " IN (" + string.Join(",", userIds) + ")) "; } // 自己的数据,仅本人 if (StringUtil.Exists(organizeIds, ((int)PermissionOrganizeScope.OnlyOwnData).ToString())) { whereClause += " AND (" + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldId + " = " + this.UserInfo.Id + ") "; } // 用户所在工作组数据 if (StringUtil.Exists(organizeIds, ((int)PermissionOrganizeScope.UserWorkgroup).ToString())) { // whereClause += " AND (" + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldWorkgroupId + " = " + this.UserInfo.WorkgroupId + ") "; } // 用户所在部门数据 if (StringUtil.Exists(organizeIds, ((int)PermissionOrganizeScope.UserDepartment).ToString())) { whereClause += " AND (" + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldDepartmentId + " = " + this.UserInfo.DepartmentId + ") "; } // 用户所在分支机构数据 if (StringUtil.Exists(organizeIds, ((int)PermissionOrganizeScope.UserSubCompany).ToString())) { // whereClause += " AND (" + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldSubCompanyId + " = " + this.UserInfo.SubCompanyId + ") "; } // 用户所在公司数据 if (StringUtil.Exists(organizeIds, ((int)PermissionOrganizeScope.UserCompany).ToString())) { whereClause += " AND (" + BaseStaffEntity.TableName + "." + BaseStaffEntity.FieldCompanyId + " = " + this.UserInfo.CompanyId + ") "; } // 全部数据,这里就不用设置过滤条件了 if (StringUtil.Exists(organizeIds, ((int)PermissionOrganizeScope.AllData).ToString())) { } } } return(whereClause); }
// // 授予授权范围的实现部分 // #region private string GrantUser(BasePermissionScopeManager manager, string userId, string grantUserId, string permissionCode) 为了提高授权的运行速度 /// <summary> /// 为了提高授权的运行速度 /// </summary> /// <param name="manager">权限域读写器</param> /// <param name="userId">用户主键</param> /// <param name="grantUserId">权限主键</param> /// <param name="permissionCode">权限编号</param> /// <returns>主键</returns> private string GrantUser(BasePermissionScopeManager permissionScopeManager, string systemCode, string userId, string grantUserId, string permissionCode) { string result = string.Empty; List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >(); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceCategory, BaseUserEntity.TableName)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceId, userId)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetCategory, BaseUserEntity.TableName)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetId, grantUserId)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionId, BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode))); if (!this.Exists(parameters)) { BasePermissionScopeEntity resourcePermissionScopeEntity = new BasePermissionScopeEntity(); resourcePermissionScopeEntity.PermissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode); resourcePermissionScopeEntity.ResourceCategory = BaseUserEntity.TableName; resourcePermissionScopeEntity.ResourceId = userId; resourcePermissionScopeEntity.TargetCategory = BaseUserEntity.TableName; resourcePermissionScopeEntity.TargetId = grantUserId; resourcePermissionScopeEntity.Enabled = 1; resourcePermissionScopeEntity.DeletionStateCode = 0; return(permissionScopeManager.Add(resourcePermissionScopeEntity)); } return(result); }
/* * public List<BaseOrganizeScopeEntity> GetUserOrganizeScopes(string userId, string permissionCode = "Resource.AccessPermission") * { * List<BaseOrganizeScopeEntity> result = null; * string result = this.GetPermissionIdByCode(permissionCode); * if (!string.IsNullOrEmpty(result)) * { * BaseOrganizeScopeManager organizeScopeManager = new BaseOrganizeScopeManager(this.DbHelper, this.UserInfo); * List<KeyValuePair<string, object>> parameters = new List<KeyValuePair<string, object>>(); * parameters.Add(new KeyValuePair<string, object>(BaseOrganizeScopeEntity.FieldResourceCategory, BaseUserEntity.TableName)); * parameters.Add(new KeyValuePair<string, object>(BaseOrganizeScopeEntity.FieldResourceId, userId)); * parameters.Add(new KeyValuePair<string, object>(BaseOrganizeScopeEntity.FieldPermissionId, result)); * result = organizeScopeManager.GetList<BaseOrganizeScopeEntity>(parameters); * } * return result; * } */ public PermissionOrganizeScope GetUserOrganizeScope(string systemCode, string userId, out bool containChild, string permissionCode = "Resource.AccessPermission") { containChild = false; PermissionOrganizeScope permissionScope = PermissionOrganizeScope.UserCompany; BaseOrganizeScopeEntity organizeScopeEntity = null; string permissionId = BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode); if (!string.IsNullOrEmpty(permissionId)) { string tableName = BaseOrganizeScopeEntity.TableName; if (!string.IsNullOrEmpty(systemCode)) { tableName = systemCode + "OrganizeScope"; } BaseOrganizeScopeManager organizeScopeManager = new BaseOrganizeScopeManager(this.DbHelper, this.UserInfo, tableName); List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >(); parameters.Add(new KeyValuePair <string, object>(BaseOrganizeScopeEntity.FieldResourceCategory, BaseUserEntity.TableName)); parameters.Add(new KeyValuePair <string, object>(BaseOrganizeScopeEntity.FieldResourceId, userId)); parameters.Add(new KeyValuePair <string, object>(BaseOrganizeScopeEntity.FieldPermissionId, permissionId)); DataTable dt = organizeScopeManager.GetDataTable(parameters); if (dt != null && dt.Rows.Count > 0) { organizeScopeEntity = BaseOrganizeScopeEntity.Create <BaseOrganizeScopeEntity>(dt); } } if (organizeScopeEntity != null) { if (organizeScopeEntity.ContainChild == 1) { containChild = true; } if (organizeScopeEntity.AllData == 1) { permissionScope = PermissionOrganizeScope.AllData; } if (organizeScopeEntity.Province == 1) { permissionScope = PermissionOrganizeScope.Province; } if (organizeScopeEntity.City == 1) { permissionScope = PermissionOrganizeScope.City; } if (organizeScopeEntity.District == 1) { permissionScope = PermissionOrganizeScope.District; } if (organizeScopeEntity.ByDetails == 1) { permissionScope = PermissionOrganizeScope.ByDetails; } if (organizeScopeEntity.NotAllowed == 1) { permissionScope = PermissionOrganizeScope.NotAllowed; } if (organizeScopeEntity.OnlyOwnData == 1) { permissionScope = PermissionOrganizeScope.OnlyOwnData; } if (organizeScopeEntity.UserCompany == 1) { permissionScope = PermissionOrganizeScope.UserCompany; } if (organizeScopeEntity.UserSubCompany == 1) { permissionScope = PermissionOrganizeScope.UserSubCompany; } if (organizeScopeEntity.UserDepartment == 1) { permissionScope = PermissionOrganizeScope.UserDepartment; } if (organizeScopeEntity.UserSubDepartment == 1) { permissionScope = PermissionOrganizeScope.UserSubDepartment; } if (organizeScopeEntity.UserWorkgroup == 1) { permissionScope = PermissionOrganizeScope.UserWorkgroup; } } return(permissionScope); }
/// <summary> /// 为了提高授权的运行速度 /// </summary> /// <param name="manager">权限域读写器</param> /// <param name="userId">用户主键</param> /// <param name="revokeOrganizeId">权限主键</param> /// <param name="permissionCode">权限编号</param> /// <returns>主键</returns> private int RevokeOrganize(BasePermissionScopeManager manager, string systemCode, string userId, string revokeOrganizeId, string permissionCode) { List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >(); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceCategory, BaseUserEntity.TableName)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceId, userId)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetCategory, BaseOrganizeEntity.TableName)); if (!string.IsNullOrEmpty(revokeOrganizeId)) { parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldTargetId, revokeOrganizeId)); } parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionId, BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode))); return(manager.Delete(parameters)); }
public int ClearUserPermissionScope(string systemCode, string userId, string permissionCode) { List <KeyValuePair <string, object> > parameters = new List <KeyValuePair <string, object> >(); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceCategory, BaseUserEntity.TableName)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldResourceId, userId)); parameters.Add(new KeyValuePair <string, object>(BasePermissionScopeEntity.FieldPermissionId, BaseModuleManager.GetIdByCodeByCache(systemCode, permissionCode))); BasePermissionScopeManager permissionScopeManager = new BasePermissionScopeManager(DbHelper, UserInfo); return(permissionScopeManager.Delete(parameters)); }
/// <summary> /// 获取约束条件(所有的约束) /// </summary> /// <param name="userInfo">用户</param> /// <param name="resourceCategory">资源类别</param> /// <param name="resourceId">资源主键</param> /// <returns>数据表</returns> public DataTable GetConstraintDT(string resourceCategory, string resourceId, string permissionCode = "Resource.AccessPermission") { var dt = new DataTable(BaseTableColumnsEntity.TableName); /* * -- 这里是都有哪些表? * SELECT ItemValue, ItemName * FROM ItemsTablePermissionScope * WHERE (DeletionStateCode = 0) * AND (Enabled = 1) * ORDER BY ItemsTablePermissionScope.SortCode */ /* * -- 这里是都有有哪些表达式 * SELECT Id, TargetId, PermissionConstraint -- 对什么表有什么表达式? * FROM BasePermissionScope * WHERE (ResourceId = 10000000) * AND (ResourceCategory = 'BaseRole') -- 什么角色? * AND (TargetId = 'BaseUser') * AND (TargetCategory = 'Table') * AND (PermissionId = 10000001) -- 有什么权限?(资源访问权限) * AND (DeletionStateCode = 0) * AND (Enabled = 1) */ string permissionId = string.Empty; permissionId = BaseModuleManager.GetIdByCodeByCache(this.UserInfo.SystemCode, permissionCode); string sqlQuery = @"SELECT BasePermissionScope.Id , ItemsTablePermissionScope.ItemValue AS TableCode , ItemsTablePermissionScope.ItemName AS TableName , BasePermissionScope.PermissionConstraint , ItemsTablePermissionScope.SortCode FROM ( SELECT ItemValue , ItemName , SortCode FROM ItemsTablePermissionScope WHERE (DeletionStateCode = 0) AND (Enabled = 1) ) AS ItemsTablePermissionScope LEFT OUTER JOIN (SELECT Id , TargetId , PermissionConstraint FROM BasePermissionScope WHERE (ResourceCategory = '" + resourceCategory + @"') AND (ResourceId = " + resourceId + @") AND (TargetCategory = 'Table') AND (PermissionId = " + permissionId.ToString() + @") AND (DeletionStateCode = 0) AND (Enabled = 1) ) AS BasePermissionScope ON ItemsTablePermissionScope.ItemValue = BasePermissionScope.TargetId ORDER BY ItemsTablePermissionScope.SortCode "; dt = this.Fill(sqlQuery); dt.TableName = BaseTableColumnsEntity.TableName; return(dt); }