/// <summary>
/// 按某个权限范围获取特定用户可访问的操作权限列表(有授权权限的权限列表)
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="userId">用户主键</param>
/// <param name="permissionItemCode">权限域编号</param>
/// <returns>数据表</returns>
public DataTable GetPermissionItemDTByPermissionScope(UserInfo userInfo, string userId, string permissionItemCode)
{
var dataTable = new DataTable(PiPermissionItemTable.TableName);
var parameter = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.PermissionService_GetPermissionItemDTByPermissionScope);
ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider =>
{
var permissionItemManager = new PiPermissionItemManager(dbProvider, userInfo);
var permissionItemId = permissionItemManager.GetId(PiPermissionItemTable.FieldCode, permissionItemCode);
// 数据库里没有设置可授权的权限项,系统自动增加一个权限配置项
if (String.IsNullOrEmpty(permissionItemId) && permissionItemCode.Equals("Resource.ManagePermission"))
{
var permissionItemEntity = new PiPermissionItemEntity
{
Code = "Resource.ManagePermission",
FullName = "资源管理范围权限(系统默认)",
IsScope = 1,
Enabled = 1,
AllowDelete = 0
};
permissionItemManager.AddEntity(permissionItemEntity);
}
dataTable = permissionItemManager.GetDTByUser(userId, permissionItemCode);
dataTable.TableName = PiPermissionItemTable.TableName;
});
return(dataTable);
}
/// <summary>
/// 获取数据权限目标主键
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="resourceCategory">资源类别</param>
/// <param name="targetId">目标资源主键</param>
/// <param name="targetResourceCategory">目标资源类别</param>
/// <param name="permissionItemCode">操作权限编号</param>
/// <returns>资源主键数组</returns>
public string[] GetPermissionScopeResourceIds(UserInfo userInfo, string resourceCategory, string targetId, string targetResourceCategory, string permissionItemCode)
{
string[] returnValue = null;
var parameter = ParameterUtil.CreateWithLog(userInfo, MethodBase.GetCurrentMethod());
ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider =>
{
var permissionItemManager = new PiPermissionItemManager(dbProvider, userInfo);
var permissionItemId = permissionItemManager.GetId(PiPermissionItemTable.FieldCode, permissionItemCode);
var names = new string[6];
var values = new object[6];
names[0] = PiPermissionScopeTable.FieldResourceCategory;
values[0] = resourceCategory;
names[1] = PiPermissionScopeTable.FieldTargetId;
values[1] = targetId;
names[2] = PiPermissionScopeTable.FieldPermissionId;
values[2] = permissionItemId;
names[3] = PiPermissionScopeTable.FieldTargetCategory;
values[3] = targetResourceCategory;
names[4] = PiPermissionScopeTable.FieldDeleteMark;
values[4] = 0;
names[5] = PiPermissionScopeTable.FieldEnabled;
values[5] = 1;
returnValue = DbCommonLibary.GetIds(dbProvider, PiPermissionScopeTable.TableName, names, values, PiPermissionScopeTable.FieldResourceId);
});
return(returnValue);
}
/// <summary>
/// 获取授权范围
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="userId">用户主键</param>
/// <returns>数据表</returns>
public DataTable GetLicensedDT(UserInfo userInfo, string userId)
{
var dataTable = new DataTable(PiPermissionItemTable.TableName);
var parameter = ParameterUtil.CreateWithOutMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName);
ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider =>
{
var permissionAdminManager = new PiPermissionItemManager(dbProvider, userInfo);
var permissionItemId = permissionAdminManager.GetId(PiPermissionItemTable.FieldDeleteMark, 0, PiPermissionItemTable.FieldCode, "Resource.ManagePermission");
dataTable = permissionAdminManager.GetDTByUser(userId, permissionItemId);
dataTable.TableName = PiPermissionItemTable.TableName;
});
return(dataTable);
}
/// <summary>
/// 授予指定角色指定的操作权限
/// </summary>
/// <param name="userInfo">用户</param>
/// <param name="roleName">角色名</param>
/// <param name="permissionItemCode">权限编号</param>
/// <returns>主键</returns>
public string GrantRolePermission(UserInfo userInfo, string roleName, string permissionItemCode)
{
string returnValue = string.Empty;
var parameter = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, string.Empty);
ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider =>
{
var roleManager = new PiRoleManager(dbProvider, userInfo);
var roleId = roleManager.GetId(PiRoleTable.FieldRealName, roleName);
var permissionItemManager = new PiPermissionItemManager(dbProvider, userInfo);
var permissionItemId = permissionItemManager.GetId(PiPermissionItemTable.FieldCode, permissionItemCode);
if (!String.IsNullOrEmpty(roleId) && !String.IsNullOrEmpty(permissionItemId))
{
var rolePermissionManager = new RolePermissionManager(dbProvider, userInfo);
returnValue = rolePermissionManager.Grant(roleId, permissionItemId);
}
});
return(returnValue);
}
private string GetSearchConditional(string permissionScopeCode, string search, string[] roleIds, bool?enabled, string auditStates, string departmentId)
{
search = StringHelper.GetSearchString(search);
string whereConditional = PiUserTable.TableName + "." + PiUserTable.FieldDeleteMark + " = 0 "
+ " AND " + PiUserTable.TableName + "." + PiUserTable.FieldIsVisible + " = 1 ";
if (enabled != null)
{
whereConditional += " AND (" + PiUserTable.TableName + "." + PiUserTable.FieldEnabled + " = " + ((bool)enabled ? 1 : 0) + ")";
}
if (!String.IsNullOrEmpty(search))
{
whereConditional += " AND (" + PiUserTable.TableName + "." + PiUserTable.FieldUserName + " LIKE '" + search + "'"
+ " OR " + PiUserTable.TableName + "." + PiUserTable.FieldCode + " LIKE '" + search + "'"
+ " OR " + PiUserTable.TableName + "." + PiUserTable.FieldRealName + " LIKE '" + search + "'"
+ " OR " + PiUserTable.TableName + "." + PiUserTable.FieldQuickQuery + " LIKE '" + search + "'"
+ " OR " + PiUserTable.TableName + "." + PiUserTable.FieldDepartmentName + " LIKE '" + search + "'"
+ " OR " + PiUserTable.TableName + "." + PiUserTable.FieldDescription + " LIKE '" + search + "')";
}
if (!string.IsNullOrEmpty(departmentId))
{
var organizeManager = new PiOrganizeManager(this.DBProvider, this.UserInfo);
string[] organizeIds = organizeManager.GetChildrensId(PiOrganizeTable.FieldId, departmentId, PiOrganizeTable.FieldParentId);
if (organizeIds != null && organizeIds.Length > 0)
{
whereConditional += " AND (" + PiUserTable.TableName + "." + PiUserTable.FieldCompanyId + " IN (" + StringHelper.ArrayToList(organizeIds, "'") + ")"
+ " OR " + PiUserTable.TableName + "." + PiUserTable.FieldSubCompanyId + " IN (" + StringHelper.ArrayToList(organizeIds, "'") + ")"
+ " OR " + PiUserTable.TableName + "." + PiUserTable.FieldDepartmentId + " IN (" + StringHelper.ArrayToList(organizeIds, "'") + ")"
+ " OR " + PiUserTable.TableName + "." + PiUserTable.FieldSubDepartmentId + " IN (" + StringHelper.ArrayToList(organizeIds, "'") + ")"
+ " OR " + PiUserTable.TableName + "." + PiUserTable.FieldWorkgroupId + " IN (" + StringHelper.ArrayToList(organizeIds, "'") + "))";
// 从兼职表读取用户
whereConditional += " OR " + PiUserTable.TableName + "." + PiUserTable.FieldId + " IN ("
+ " SELECT " + PiUserOrganizeTable.FieldUserId
+ " FROM " + PiUserOrganizeTable.TableName
+ " WHERE (" + PiUserOrganizeTable.TableName + "." + PiUserOrganizeTable.FieldDeleteMark + " = 0 ) "
+ " AND ("
+ PiUserOrganizeTable.TableName + "." + PiUserOrganizeTable.FieldCompanyId + " = '" + departmentId + "' OR "
+ PiUserOrganizeTable.TableName + "." + PiUserOrganizeTable.FieldSubCompanyId + " = '" + departmentId + "' OR "
+ PiUserOrganizeTable.TableName + "." + PiUserOrganizeTable.FieldDepartmentId + " = '" + departmentId + "' OR "
+ PiUserOrganizeTable.TableName + "." + PiUserOrganizeTable.FieldSubDepartmentId + " = '" + departmentId + "' OR "
+ PiUserOrganizeTable.TableName + "." + PiUserOrganizeTable.FieldWorkgroupId + " = '" + departmentId + "')) ";
}
}
if (!String.IsNullOrEmpty(auditStates))
{
whereConditional += " AND (" + PiUserTable.TableName + "." + PiUserTable.FieldAuditStatus + " = '" + auditStates + "')";
}
if ((roleIds != null) && (roleIds.Length > 0))
{
string roles = StringHelper.ArrayToList(roleIds, "'");
whereConditional += " AND (" + PiUserTable.TableName + "." + PiUserTable.FieldId + " IN (" + "SELECT " + PiUserRoleTable.FieldUserId + " FROM " + PiUserRoleTable.TableName + " WHERE " + PiUserRoleTable.FieldRoleId + " IN (" + roles + ")" + "))";
}
// 是否过滤用户, 获得组织机构列表
if ((!UserInfo.IsAdministrator) && (SystemInfo.EnableUserAuthorizationScope))
{
// string permissionScopeCode = "Resource.ManagePermission";
var permissionItemManager = new PiPermissionItemManager(this.DBProvider, this.UserInfo);
string permissionScopeItemId = permissionItemManager.GetId(new KeyValuePair <string, object>(PiPermissionItemTable.FieldCode, permissionScopeCode));
if (!string.IsNullOrEmpty(permissionScopeItemId))
{
// 从小到大的顺序进行显示,防止错误发生
var userPermissionScopeManager = new UserScopeManager(this.DBProvider, this.UserInfo);
string[] organizeIds = userPermissionScopeManager.GetOrganizeIds(this.UserInfo.Id, permissionScopeCode);
// 没有任何数据权限
if (StringHelper.Exists(organizeIds, ((int)PermissionScope.None).ToString()))
{
whereConditional += " AND (" + PiUserTable.TableName + "." + PiUserTable.FieldId + " = NULL ) ";
}
// 按详细设定的数据
if (StringHelper.Exists(organizeIds, ((int)PermissionScope.Detail).ToString()))
{
var permissionScopeManager = new PiPermissionScopeManager(DBProvider, UserInfo);
string[] userIds = permissionScopeManager.GetUserIds(UserInfo.Id, permissionScopeCode);
whereConditional += " AND (" + PiUserTable.TableName + "." + PiUserTable.FieldId + " IN (" + BusinessLogic.ObjectsToList(userIds) + ")) ";
}
// 自己的数据,仅本人
if (StringHelper.Exists(organizeIds, ((int)PermissionScope.User).ToString()))
{
whereConditional += " AND (" + PiUserTable.TableName + "." + PiUserTable.FieldId + " = '" + this.UserInfo.Id + "') ";
}
// 用户所在工作组数据
if (StringHelper.Exists(organizeIds, ((int)PermissionScope.UserWorkgroup).ToString()))
{
whereConditional += " AND (" + PiUserTable.TableName + "." + PiUserTable.FieldWorkgroupId + " = '" + this.UserInfo.WorkgroupId + "') ";
}
// 用户所在部门数据
if (StringHelper.Exists(organizeIds, ((int)PermissionScope.UserDepartment).ToString()))
{
whereConditional += " AND (" + PiUserTable.TableName + "." + PiUserTable.FieldDepartmentId + " = '" + this.UserInfo.DepartmentId + "') ";
}
// 用户所在公司数据
if (StringHelper.Exists(organizeIds, ((int)PermissionScope.UserCompany).ToString()))
{
whereConditional += " AND (" + PiUserTable.TableName + "." + PiUserTable.FieldCompanyId + " = '" + this.UserInfo.CompanyId + "') ";
}
// 全部数据,这里就不用设置过滤条件了
if (StringHelper.Exists(organizeIds, ((int)PermissionScope.All).ToString()))
{
}
}
}
return(whereConditional);
}
