// list all resources shared to me
public List <CResourceEntity> ListShareResources()
{
List <CResourceEntity> resources = new List <CResourceEntity>();
COrganizeEntity organize = new COrganizeEntity(ConnString).Load(this.Usr_Organize);
CResourceEntity archiveRes = organize.GetArchiveFolder();
if (Usr_Type == (int)USERTYPE.SYSTEMADMIN || Usr_Type == (int)USERTYPE.ORGANIZEADMIN)
{
return(resources);
}
List <CACLEntity> acls = GetAllACLs();
foreach (CACLEntity acl in acls)
{
if (acl.Acl_Operation != (int)ACLOPERATION.READ && acl.Acl_Operation != (int)ACLOPERATION.WRITE)
{
continue;
}
if (acl.Acl_Resource == organize.Org_Resource)
{
continue;
}
CResourceEntity res = new CResourceEntity(ConnString).Load(acl.Acl_Resource);
if (res.Res_Type != (int)RESOURCETYPE.FILERESOURCE && res.Res_Type != (int)RESOURCETYPE.FOLDERRESOURCE)
{
continue;
}
bool existed = false;
foreach (CResourceEntity r in resources)
{
if (r.Res_Id == res.Res_Id)
{
existed = true;
break;
}
}
if (!existed && !res.IsChild(archiveRes.Res_Id) && !res.IsChild(Usr_Resource))
{
resources.Add(res);
}
}
return(resources);
}
public void Permit(int userId, ACLROLETYPE roleType, int resourceId, ACLOPERATION operation)
{
// user have to have write privilege on resource
CACLEntity acl = new CACLEntity();
acl.Acl_Resource = resourceId;
acl.Acl_Operation = (int)ACLOPERATION.WRITE;
if (!CheckPrivilege(acl))
{
throw new Exception("没有写权限");
}
List <CACLEntity> userAcls = new List <CACLEntity>();
if (roleType == ACLROLETYPE.USERROLE)
{
CUserEntity user = new CUserEntity(ConnString).Load(userId);
userAcls = user.GetUserACLs();
}
else if (roleType == ACLROLETYPE.GROUPROLE)
{
CGroupEntity group = new CGroupEntity(ConnString).Load(userId);
userAcls = group.GetGroupACLs();
}
// check if this acl conflicts with others
CResourceEntity resource = new CResourceEntity(ConnString).Load(resourceId);
foreach (CACLEntity userAcl in userAcls)
{
if (resource.IsChild(userAcl.Acl_Resource) && userAcl.Acl_Operation == (int)operation)
{
throw new Exception("与其他权限冲突");
}
}
// create acl
CACLEntity acl1 = new CACLEntity(ConnString);
acl1.Acl_Resource = resourceId;
acl1.Acl_Role = userId;
acl1.Acl_RType = (int)roleType;
acl1.Acl_Operation = (int)operation;
acl1.Acl_Creator = this.Usr_Id;
acl1.Acl_CreateTime = DateTime.Now;
acl1.Insert();
// remove all child privileges
foreach (CACLEntity ua in userAcls)
{
resource = new CResourceEntity(ConnString).Load(ua.Acl_Resource);
if (resource.IsChild(resourceId) && ua.Acl_Operation == (int)operation)
{
ua.Delete();
}
}
}
// List all Descendants of root that current user can read
public List <CResourceEntity> ListDescendants(int root)
{
CACLEntity acl1 = new CACLEntity(ConnString);
acl1.Acl_Resource = root;
acl1.Acl_Operation = (int)ACLOPERATION.READ;
CResourceEntity parent = new CResourceEntity(ConnString).Load(root);
if (CheckPrivilege(acl1))
{
return(parent.ListChildResources());
}
List <CResourceEntity> resources = new List <CResourceEntity>();
List <CACLEntity> acls = GetAllACLs();
foreach (CACLEntity acl in acls)
{
if (acl.Acl_Operation != (int)ACLOPERATION.READ && acl.Acl_Operation != (int)ACLOPERATION.WRITE)
{
continue;
}
CResourceEntity res = new CResourceEntity(ConnString).Load(acl.Acl_Resource);
if (res.Res_Type != (int)RESOURCETYPE.FILERESOURCE && res.Res_Type != (int)RESOURCETYPE.FOLDERRESOURCE)
{
continue;
}
bool existed = false;
foreach (CResourceEntity r in resources)
{
if (r.Res_Id == res.Res_Id)
{
existed = true;
break;
}
}
if (!existed && res.IsChild(parent.Res_Id))
{
resources.Add(res);
}
}
return(resources);
}