/// <summary> /// 获取用户角色列表 /// </summary> /// <param name="userInfo">用户</param> /// <param name="userId">用户主键</param> /// <returns>主键数组</returns> public string[] GetAllUserRoleIds(UserInfo userInfo, string userId) { string[] returnValue = null; var parameter = ParameterUtil.CreateWithLog(userInfo, MethodBase.GetCurrentMethod()); ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider => { returnValue = new PiUserRoleManager(dbProvider, userInfo).GetAllRoleIds(userId); }); return(returnValue); }
/// <summary> /// 清除用户归属的角色 /// </summary> /// <param name="userInfo">用户</param> /// <param name="userId">用户主键</param> /// <returns>影响行数</returns> public int ClearUserRole(UserInfo userInfo, string userId) { int returnValue = 0; var parameter = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.UserService_ClearUserRole, "用户:" + userId); ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider => { returnValue = new PiUserRoleManager(dbProvider, userInfo).ClearUserRole(userId); }); return(returnValue); }
/// <summary> /// 获得角色中的用户主键 /// </summary> /// <param name="userInfo">用户</param> /// <param name="roleId">角色主键</param> /// <returns>用户主键</returns> public string[] GetRoleUserIds(UserInfo userInfo, string roleId) { string[] returnValue = null; var parameter = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.RoleService_GetRoleUserIds); ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider => { returnValue = new PiUserRoleManager(dbProvider, userInfo).GetUserIds(roleId); }); return(returnValue); }
/// <summary> /// 移除角色用户关联 /// </summary> /// <param name="userInfo">用户</param> /// <param name="roleId">角色主键</param> /// <returns>影响行数</returns> public int EliminateRoleUser(UserInfo userInfo, string roleId) { int returnValue = 0; var parameter = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.RoleService_EliminateRoleUser, "角色主键:" + roleId); ServiceUtil.ProcessRDIWriteDbWithTran(userInfo, parameter, dbProvider => { returnValue = new PiUserRoleManager(dbProvider, userInfo).EliminateRoleUser(roleId); }); return(returnValue); }
public int ClearRole(string userId) { var returnValue = 0; returnValue += this.SetProperty(PiUserTable.FieldId, userId, PiUserTable.FieldRoleId, null); var userRoleManager = new PiUserRoleManager(this.DBProvider, this.UserInfo, PiUserRoleTable.TableName); returnValue += userRoleManager.Delete(PiUserRoleTable.FieldUserId, userId); return(returnValue); }
/// <summary> /// 清除指定角色的所有权限 /// /// 1.清除角色的用户归属。 /// 2.清除角色的模块权限。 /// 3.清除角色的操作权限。 /// </summary> /// <param name="userInfo">用户</param> /// <param name="roleId">角色主键</param> /// <returns>影响的行数</returns> public int ClearRolePermissionByRoleId(UserInfo userInfo, string roleId) { var returnValue = 0; var parameter = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.PermissionService_ClearRolePermissionByRoleId, "角色主键:" + roleId); ServiceUtil.ProcessRDIWriteDbWithTran(userInfo, parameter, dbProvider => { returnValue += new PiUserRoleManager(dbProvider, userInfo).EliminateRoleUser(roleId); returnValue += new RolePermissionManager(dbProvider, userInfo).RevokeAll(roleId); returnValue += new RoleScopeManager(dbProvider, userInfo).RevokeAll(roleId); }); return(returnValue); }
/// <summary> /// 用户是否在某个角色里的判断 /// </summary> /// <param name="userInfo">用户</param> /// <param name="userId">用户主键</param> /// <param name="roleCode">角色编号</param> /// <returns>存在</returns> public bool UserInRole(UserInfo userInfo, string userId, string roleCode) { bool returnValue = false; var parameter = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.UserService_UserInRole); ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider => { var userRoleManager = new PiUserRoleManager(dbProvider, userInfo); returnValue = userRoleManager.UserInRole(userId, roleCode); }); return(returnValue); }
/// <summary> /// 用户从角色中移除 /// </summary> /// <param name="userInfo">用户</param> /// <param name="userId">用户主键</param> /// <param name="removeRoleIds">移除角色</param> /// <returns></returns> public int RemoveUserFromRole(UserInfo userInfo, string userId, string[] removeRoleIds) { int returnValue = 0; var parameter = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.UserService_RemoveUserFromRole); ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider => { if (removeRoleIds != null) { returnValue += new PiUserRoleManager(dbProvider, userInfo).RemoveFormRole(userId, removeRoleIds); } }); return(returnValue); }
/// <summary> /// 用户添加到角色 /// </summary> /// <param name="userInfo">用户</param> /// <param name="userId">用户主键</param> /// <param name="addRoleIds">加入角色</param> /// <returns>影响的行数</returns> public int AddUserToRole(UserInfo userInfo, string userId, string[] addRoleIds) { int returnValue = 0; var parameter = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.UserService_AddUserToRole, "用户主键:" + userId + ",加入角色:" + BusinessLogic.ArrayToList(addRoleIds)); ServiceUtil.ProcessRDIWriteDbWithTran(userInfo, parameter, dbProvider => { var userRoleManager = new PiUserRoleManager(dbProvider, userInfo); if (addRoleIds != null) { returnValue += userRoleManager.AddToRole(userId, addRoleIds); } }); return(returnValue); }
/// <summary> /// 用户添加到角色 /// </summary> /// <param name="userInfo">用户</param> /// <param name="roleId">角色主键</param> /// <param name="addUserIds">用户主键数组</param> /// <returns>影响行数</returns> public int AddUserToRole(UserInfo userInfo, string roleId, string[] addUserIds) { var returnValue = 0; var parameter = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.RoleService_AddUserToRole); ServiceUtil.ProcessRDIWriteDbWithTran(userInfo, parameter, dbProvider => { if (addUserIds != null) { returnValue += new PiUserRoleManager(dbProvider, userInfo).AddToRole(addUserIds, roleId); } }); return(returnValue); }
/// <summary> /// 清除指定用户的所有权限 /// /// 1.清除用户的角色归属。 /// 2.清除用户的模块权限。 /// 3.清除用户的操作权限。 /// </summary> /// <param name="userId">用户主键</param> /// <returns>大于0回收成功</returns> public int ClearUserPermissionByUserId(string userId) { int returnValue = 0; PiUserRoleManager userRoleManager = new PiUserRoleManager(DBProvider, UserInfo); returnValue += userRoleManager.EliminateRoleUser(userId); var userPermissionManager = new UserPermissionManager(DBProvider, UserInfo); returnValue += userPermissionManager.RevokeAll(userId); var userPermissionScopeManager = new UserScopeManager(DBProvider, UserInfo); returnValue += userPermissionScopeManager.RevokeAll(userId); return(returnValue); }
// // 加入到角色 // #region public string AddToRole(string userId, string roleId) 为了提高授权的运行速度 /// <summary> /// 为了提高授权的运行速度 /// </summary> /// <param name="userId">用户主键</param> /// <param name="roleId">角色主键</param> /// <returns>主键</returns> public string AddToRole(string userId, string roleId) { var returnValue = string.Empty; var userRoleEntity = new PiUserRoleEntity { UserId = userId, RoleId = roleId, Enabled = 1, DeleteMark = 0 }; var tableName = PiUserRoleTable.TableName; var userRoleManager = new PiUserRoleManager(this.DBProvider, this.UserInfo, tableName); return(userRoleManager.Add(userRoleEntity)); }
/// <summary> /// 获得用户授权范围 /// </summary> /// <param name="userId">员工主键</param> /// <param name="permissionItemScopeCode"></param> /// <returns>数据表</returns> public DataTable GetDTByPermission(string userId, string permissionItemScopeCode) { DataTable returnValue = new DataTable(this.CurrentTableName); string[] names = null; object[] values = null; // 这里需要判断,是系统权限? bool isRole = false; PiUserRoleManager userRoleManager = new PiUserRoleManager(this.DBProvider, this.UserInfo); // 用户管理员 isRole = userRoleManager.UserInRole(userId, "UserAdmin"); if (isRole) { names = new string[] { PiModuleTable.FieldCategory, PiModuleTable.FieldDeleteMark, PiModuleTable.FieldEnabled }; values = new object[] { "System", 0, 1 }; returnValue = this.GetDT(names, values, PiModuleTable.FieldSortCode); returnValue.TableName = this.CurrentTableName; return(returnValue); } // 这里需要判断,是业务权限? isRole = userRoleManager.UserInRole(userId, "Admin"); if (isRole) { names = new string[] { PiModuleTable.FieldCategory, PiModuleTable.FieldDeleteMark, PiModuleTable.FieldEnabled }; values = new object[] { "Application", 0, 1 }; returnValue = this.GetDT(names, values, PiModuleTable.FieldSortCode); returnValue.TableName = this.CurrentTableName; return(returnValue); } PiPermissionScopeManager permissionScopeManager = new PiPermissionScopeManager(DBProvider, UserInfo); string[] moduleIds = permissionScopeManager.GetTreeResourceScopeIds(userId, PiModuleTable.TableName, permissionItemScopeCode, true); //不加载子节点 //string[] moduleIds = permissionScopeManager.GetTreeResourceScopeIds(userId, PiModuleTable.TableName, permissionItemScopeCode, false); //// 有效的,未被删除的 names = new string[] { PiModuleTable.FieldId, PiModuleTable.FieldDeleteMark, PiModuleTable.FieldEnabled }; values = new object[] { moduleIds, 0, 1 }; returnValue = this.GetDT(names, values, PiModuleTable.FieldSortCode); returnValue.TableName = this.CurrentTableName; return(returnValue); }
////////////////////////////////////////////////////////////////////////////////////////////////////// /// 用户权限判断相关(需要实现对外调用) ////////////////////////////////////////////////////////////////////////////////////////////////////// #region public bool IsInRole(UserInfo userInfo, string userId, string roleName) 指定用户是否在指定的角色里 /// <summary> /// 指定用户是否在指定的角色里 /// </summary> /// <param name="userInfo">用户</param> /// <param name="userId">用户主键</param> /// <param name="roleName">角色名称</param> /// <returns>指定用户是否在指定角色里,true:是,false:否</returns> public bool IsInRole(UserInfo userInfo, string userId, string roleName) { var returnValue = false; var parameter = ParameterUtil.CreateWithMessage(userInfo, MethodBase.GetCurrentMethod(), this.serviceName, RDIFrameworkMessage.PermissionService_IsInRole); ServiceUtil.ProcessRDIReadDb(userInfo, parameter, dbProvider => { // 先获得角色主键 string roleCode = new PiRoleManager(dbProvider, userInfo).GetProperty(PiRoleTable.FieldRealName, roleName, PiRoleTable.FieldCode); // 判断用户的默认角色 if (!string.IsNullOrEmpty(roleCode)) { returnValue = new PiUserRoleManager(dbProvider, userInfo).UserInRole(userId, roleCode); } }); return(returnValue); }
// // ResourcePermission 权限判断 // #region public bool CheckPermissionByUser(string userId, string permissionItemCode, string permissionItemName = null) 是否有相应的权限 /// <summary> /// 是否有相应的权限 /// </summary> /// <param name="userId">用户主键</param> /// <param name="permissionItemCode">权限编号</param> /// <param name="permissionItemName">权限名称</param> /// <returns>是否有权限</returns> public bool CheckPermissionByUser(string userId, string permissionItemCode, string permissionItemName = null) { // 若不存在就需要自动能增加一个操作权限项 var permissionItemManager = new PiPermissionItemManager(DBProvider, UserInfo, PiPermissionItemTable.TableName); var permissionItemId = permissionItemManager.GetIdByAdd(permissionItemCode, permissionItemName); var permissionItemEntity = permissionItemManager.GetEntity(permissionItemId); // 先判断用户类别 if (UserInfo.IsAdministrator) { return(true); } // 没有找到相应的权限 if (String.IsNullOrEmpty(permissionItemId)) { return(false); } // 这里需要判断,是系统权限? var returnValue = false; var userManager = new PiUserManager(this.DBProvider, this.UserInfo); var userRoleManager = new PiUserRoleManager(this.DBProvider, this.UserInfo); if (!string.IsNullOrEmpty(permissionItemEntity.CategoryCode) && permissionItemEntity.CategoryCode.Equals("System")) { // 用户管理员拥有所有的系统权限,不需要授予。 returnValue = userRoleManager.UserInRole(userId, "UserAdmin"); if (returnValue) { return(returnValue); } } // 这里需要判断,是业务(应用)权限? if (!string.IsNullOrEmpty(permissionItemEntity.CategoryCode) && permissionItemEntity.CategoryCode.Equals("Application")) { //业务管理员拥有所有的业务(应用)权限,不需要授予。 returnValue = userRoleManager.UserInRole(userId, "Admin"); if (returnValue) { return(returnValue); } } // 判断用户权限 if (this.CheckUserPermission(userId, permissionItemId)) { return(true); } // 判断用户角色权限 if (this.CheckUserRolePermission(userId, permissionItemId)) { return(true); } // 判断用户组织机构权限,这里有开关是为了提高性能用的, // 下面的函数接着还可以提高性能,可以进行一次判断就可以了,其实不用执行4次判断,浪费I/O,浪费性能。 if (SystemInfo.EnableOrganizePermission) { //得到用户所有所在的部门(以公司、分支机构、部门、子部门、工作组),包括兼职部门 var organizeIds = userManager.GetAllOrganizeIds(userId); if (this.CheckUserOrganizePermission(userId, permissionItemId, organizeIds)) { return(true); } } return(false); }
// // 从角色中删除员工 // #region public int RemoveFormRole(string userId, string roleId) 撤销角色权限 /// <summary> /// 从角色中删除员工 /// </summary> /// <param name="userId">员工主键</param> /// <param name="roleId">角色主键</param> /// <returns>影响行数</returns> public int RemoveFormRole(string userId, string roleId) { var userRoleManager = new PiUserRoleManager(this.DBProvider, this.UserInfo, PiUserRoleTable.TableName); return(userRoleManager.Delete(PiUserRoleTable.FieldUserId, userId, PiUserRoleTable.FieldRoleId, roleId)); }
/// <summary> /// 获取用户的条件约束表达式 /// </summary> /// <param name="tableName">表名</param> /// <param name="permissionCode">权限代码</param> /// <returns>主键</returns> public string GetUserConstraint(string tableName, string permissionCode = "Resource.AccessPermission") { string returnValue = string.Empty; // 这里是获取用户的条件表达式 // 1: 首先用户在哪些角色里是有效的? // 2: 这些角色都有哪些哪些条件约束? // 3: 组合约束条件? // 4:用户本身的约束条件? string permissionId = string.Empty; PiPermissionItemManager permissionItemManager = new PiPermissionItemManager(this.UserInfo); permissionId = permissionItemManager.GetIdByAdd(permissionCode); PiUserRoleManager manager = new PiUserRoleManager(this.DBProvider, this.UserInfo); string[] roleIds = manager.GetAllRoleIds(UserInfo.Id); if (roleIds == null || roleIds.Length == 0) { return(returnValue); } PiPermissionScopeManager scopeManager = new PiPermissionScopeManager(this.DBProvider, this.UserInfo); string[] names = { PiPermissionScopeTable.FieldResourceCategory , PiPermissionScopeTable.FieldResourceId , PiPermissionScopeTable.FieldTargetCategory , PiPermissionScopeTable.FieldTargetId , PiPermissionScopeTable.FieldPermissionId , PiPermissionScopeTable.FieldEnabled , PiPermissionScopeTable.FieldDeleteMark }; Object[] values = { PiRoleTable.TableName , roleIds , "Table" , tableName , permissionId , 1 , 0 }; DataTable dtPermissionScope = scopeManager.GetDT(names, values); string permissionConstraint = string.Empty; foreach (DataRow dataRow in dtPermissionScope.Rows) { permissionConstraint = dataRow[PiPermissionScopeTable.FieldPermissionConstraint].ToString(); permissionConstraint = permissionConstraint.Trim(); if (!string.IsNullOrEmpty(permissionConstraint)) { returnValue += " AND " + permissionConstraint; } } //得到当前用户的约束条件 string userConstraint = this.GetConstraint(PiUserTable.TableName, this.UserInfo.Id, tableName) ?? ""; if (!string.IsNullOrEmpty(userConstraint)) { returnValue += " AND " + userConstraint; } if (!string.IsNullOrEmpty(returnValue)) { returnValue = returnValue.Substring(5); // 解析替换约束表达式标准函数 returnValue = ConstraintUtil.PrepareParameter(this.UserInfo, returnValue); } return(returnValue); }