public void CreatePermissionForEveryOne(Entity entity, Operation operation)
{
Permission permission = new Permission()
{
Entity = entity,
Operation = operation,
Level = 0
};
_permissionRepository.SaveOrUpdate(permission);
}
public void CreatePermissionForParty(Party party,Entity entity,Operation operation)
{
Permission permission = new Permission()
{
Party = party,
Entity = entity,
Operation = operation,
Level = 0
};
_permissionRepository.SaveOrUpdate(permission);
}
public void CreatePermissionForOrganization(Organization organization, Entity entity, Operation operation)
{
Permission permission = new Permission()
{
Organization = organization,
Entity = entity,
Operation = operation,
Level = 0
};
_permissionRepository.SaveOrUpdate(permission);
}
public Permission Create(Permission permission)
{
var builder = _permissionBuilderServiceFactory.Create();
var forPermissionBuilder = ((permission.Allow) ? builder.Allow(permission.Operation) : builder.Deny(permission.Operation));
if (permission.User != null)
{
return forPermissionBuilder.For(permission.User).OnEverything().DefaultLevel().Save();
}
else if (permission.UsersGroup != null)
{
return forPermissionBuilder.For(permission.UsersGroup).OnEverything().DefaultLevel().Save();
}
return null;
}
private object GetPermissionViewModel(Permission p)
{
if (p == null)
{
return null;
}
if (p.User != null)
{
return new { StringId = p.Id, Id = p.Id, Description = ((User)p.User).Name, Type = "user" };
}
if (p.UsersGroup != null)
{
return new { StringId = p.Id, Id = p.Id, Description = p.UsersGroup.Name, Type = "group" };
}
return null;
}
public void TestAddPermission()
{
using (UnitOfWork unitwork = new UnitOfWork(store, dbContextFactory))
{
IRepository<Party,Guid> prtRepository = new Repository<Party,Guid>(store);
IRepository<Organization,Guid> orgRepository = new Repository<Organization,Guid>(store);
IRepository<Permission,Guid> perRepository = new Repository<Permission,Guid>(store);
IRepository<Operation,Guid> oerRepository = new Repository<Operation,Guid>(store);
IRepository<Entity,Guid> entRepository = new Repository<Entity,Guid>(store);
//所有員工都可以看見Personal Information,且完全操作其功能
Permission per1 = new Permission()
{
Entity = entRepository.Query(q => q.Name == "Personal Information").First(),
Operation = oerRepository.Query(q => q.Comment == "Full Control").First(),
Level = 0
};
//人資部門可以看見Admin,Employees
Permission per2 = new Permission()
{
Organization = orgRepository.Query(q => q.Name == "人資部").First(),
Entity = entRepository.Query(q => q.Name == "Admin").First(),
Operation = oerRepository.Query(q => q.Comment == "View").First(),
Level = 0
};
Permission per3 = new Permission()
{
Organization = orgRepository.Query(q => q.Name == "人資部").First(),
Entity = entRepository.Query(q => q.Name == "Employees").First(),
Operation = oerRepository.Query(q => q.Comment == "View").First(),
Level = 0
};
//企畫課員可以全權管理Admin下的技能設定,職稱設定,假期設定
Permission per4 = new Permission()
{
Party = prtRepository.Query(q => q.Name == "企畫課成員").First(),
Entity = entRepository.Query(q => q.Name == "Admin").First(),
Operation = oerRepository.Query(q => q.Comment == "Full Control").First(),
Level = 0
};
//企畫課長(副課長)可以全權管理Organization
Permission per5 = new Permission()
{
Party = prtRepository.Query(q => q.Name == "企畫課副主管").First(),
Entity = entRepository.Query(q => q.Name == "Organization").First(),
Operation = oerRepository.Query(q => q.Comment == "Full Control").First(),
Level = 0
};
//管理課對Admin下的所有功能只有View
Permission per6 = new Permission()
{
Organization = orgRepository.Query(q => q.Name == "管理課").First(),
Entity = entRepository.Query(q => q.Name == "Admin").First(),
Operation = oerRepository.Query(q => q.Comment == "View").First(),
Level = 0
};
//管理課對Admin下的所有功能只有View,下次要做檢查重複
//Permission per7 = new Permission()
//{
// Organization = orgRepository.Query(q => q.Name == "管理課").First(),
// Entity = entRepository.Query(q => q.Name == "Admin").First(),
// Operation = oerRepository.Query(q => q.Comment == "View").First(),
// Level = 0
//};
//管理課可以全權管理Employees下的基本資料,技能指定,組織設定
Permission per8 = new Permission()
{
Organization = orgRepository.Query(q => q.Name == "管理課").First(),
Entity = entRepository.Query(q => q.Name == "Employees").First(),
Operation = oerRepository.Query(q => q.Comment == "Full Control").First(),
Level = 0
};
//管理課長(副課長)可以查詢員工請假報表
Permission per9 = new Permission()
{
Party = prtRepository.Query(q => q.Name == "管理課副主管").First(),
Entity = entRepository.Query(q => q.Name == "員工請假報表").First(),
Operation = oerRepository.Query(q => q.Comment == "Full Control").First(),
Level = 0
};
//所以理論上管理課長對Report有View的權限
Permission per10 = new Permission()
{
Party = prtRepository.Query(q => q.Name == "管理課副主管").First(),
Entity = entRepository.Query(q => q.Name == "Reports").First(),
Operation = oerRepository.Query(q => q.Comment == "View").First(),
Level = 0
};
//企畫課對Employees下的所有功能只有View
Permission per11 = new Permission()
{
Organization = orgRepository.Query(q => q.Name == "企畫課").First(),
Entity = entRepository.Query(q => q.Name == "Employees").First(),
Operation = oerRepository.Query(q => q.Comment == "View").First(),
Level = 0
};
perRepository.SaveOrUpdate(per1);
perRepository.SaveOrUpdate(per2);
perRepository.SaveOrUpdate(per3);
perRepository.SaveOrUpdate(per4);
perRepository.SaveOrUpdate(per5);
perRepository.SaveOrUpdate(per6);
perRepository.SaveOrUpdate(per8);
perRepository.SaveOrUpdate(per9);
perRepository.SaveOrUpdate(per10);
perRepository.SaveOrUpdate(per11);
unitwork.SaveChanges();
}
}
public void Delete(Permission p)
{
_northwindWithSecurity.GetCurrentSession().Delete(p);
}
