示例#1
0
 public PermissionInfo GetPermission(string name, int action = PermissionInfo.NO_ACTION, int type = Profile.FILE_TYPE)
 {
     if (type == Profile.ORG_TYPE)
     {
         OrgPermission orgp = new OrgPermission(name);
         orgp.RealAction = action;
         return orgp;
     }
     else
     {
         FilePermissionInfo fp = new FilePermissionInfo(name);
         fp.RealAction = action;
         return fp;
     }
 }
        private SharedPermissionCollection sharedPermissions; //共享的权限子集

        #endregion Fields

        #region Constructors

        public XcrmPermissionCollection(IXcrmPrincipal principal)
        {
            this.role = principal.Role ?? Role.EMPTY_ROLE;
            this.managedUserGroup = principal.ManagedUserGroup;
            string p = "/";
            if (principal.Org != null)
            {
                p = principal.Org.Path.EndsWith("/") ? principal.Org.Path : principal.Org.Path + "/";
            }
            this.selfPermission = new OrgPermission(principal.IsAdmin ? p + "**/*" : p + principal.Name + "/**/*");
            this.sharedPermissions = SharedPermissionCollection.GetSharedPermissionCollection(principal);
        }
示例#3
0
 /// <summary>
 /// 使用profile权限工厂构造权限
 /// </summary>
 /// <param name="path"></param>
 /// <param name="name"></param>
 /// <param name="action"></param>
 /// <param name="type"></param>
 public void AddPermission(string path, string name = "", int action = PermissionInfo.NO_ACTION, int type = 1)
 {
     if (type == 0)
     {
         //org权限
         OrgPermission orgp = new OrgPermission(path);
         orgp.RealAction = action;
         AddOrgPermission(orgp, name);
     }
     else
     {
         //其他资源权限
         PermissionInfo fp = Factorys.ProfilePermissionFactory.GetPermission(path, action, type);
         AddResourcePermission(fp, name);
     }
 }
示例#4
0
 /// <summary>
 /// 添加一条机构权限
 /// </summary>
 /// <param name="pathh"></param>
 /// <param name="name"></param>
 /// <param name="action"></param>
 public void AddOrgPermission(string path, string name = "", string action = "crwxd")
 {
     OrgPermission orgp = new OrgPermission(path, action);
     AddOrgPermission(orgp);
 }
示例#5
0
 /// <summary>
 /// 添加机构类型的权限
 /// </summary>
 /// <param name="p"></param>
 public void AddOrgPermission(OrgPermission p, string name = "")
 {
     if (string.IsNullOrWhiteSpace(name))
         name = p.Name;
     if (perDic.ContainsKey(name))
         perDic.Remove(name);
     perDic.Add(name, p);
     orgPermissions.Add(p);
 }
示例#6
0
 /// <summary>
 /// 保存新增的权限信息
 /// </summary>
 /// <param name="profile"></param>
 /// <param name="success"></param>
 /// <returns></returns>
 private ChangeProfileCmd SaveAdded(Profile profile, out bool success)
 {
     success = true;
     try
     {
         if (this.HasArg(ChangeProfileCmd.ARGS_RES_ADDED))
         {
             IList<PermissionArg> pargs = this.Args.ResAdded is PermissionArg[]
                                          ? ((PermissionArg[])this.Args.ResAdded).ToList()
                                          : this.Args.ResAdded as IList<PermissionArg>;
             FilePermissionInfo[] ps = new FilePermissionInfo[pargs.Count];
             for (int i = 0; i < pargs.Count; i++)
             {
                 ps[i] = new FilePermissionInfo(pargs[i].Path);
                 ps[i].RealAction |= pargs[i].Action;
             }
             Factorys.DaoFactory.GetDAO<IAccessDao>().AddPermission(profile.Id, ps);
             for (int i = 0; i < ps.Length; i++)
             {
                 profile.AddResourcePermission(ps[i], pargs[i].Name);
             }
         }
     }
     catch (Exception e)
     {
         Logger.Error("新增资源权限时发生错误!", e);
         success = false;
     }
     try
     {
         if (this.HasArg(ChangeProfileCmd.ARGS_ORG_ADDED))
         {
             IList<PermissionArg> pargs = this.Args.OrgAdded is PermissionArg[]
                                          ? ((PermissionArg[])this.Args.OrgAdded).ToList()
                                          : this.Args.OrgAdded as IList<PermissionArg>;
             OrgPermission[] ps = new OrgPermission[pargs.Count];
             for (int i = 0; i < pargs.Count; i++)
             {
                 ps[i] = new OrgPermission(pargs[i].Path);
                 ps[i].RealAction |= pargs[i].Action;
             }
             Factorys.DaoFactory.GetDAO<IAccessDao>().AddPermission(profile.Id, ps);
             for (int i = 0; i < ps.Length; i++)
             {
                 profile.AddOrgPermission(ps[i], pargs[i].Name);
             }
         }
     }
     catch (Exception e)
     {
         Logger.Error("新增机构权限时发生错误!", e);
         success = false;
     }
     return this;
 }
        /// <summary>
        /// 可管理的用户组按照如下方式进行权限判定:
        /// 1、自己私有权限列表中如果包含指定权限,则包含
        /// 2、遍历可管理的机构,构造机构权限集,如果机构权限集包含指定权限,则包含
        /// 3、遍历可管理的角色,如果角色包含指定权限,则包含
        /// 4、遍历可管理的身份账户的角色,如果包含指定权限则包含
        /// 5、遍历可管理的身份账户,构造FilePermission帐号权限集,如果包含指定权限,则包含
        /// </summary>
        /// <param name="item"></param>
        /// <returns></returns>
        public override bool Contains(PermissionInfo item)
        {
            if (base.Contains(item))
                return true;
            PermissionInfoCollection pc = BuildOrgPermissionCollection();

            //如果org机构权限包含权限
            if (pc.Contains(item))
                return true;

            //如果角色包含指定权限
            foreach (Role role in managedRoles.Values)
            {
                if (role.Contains(item))
                    return true;
            }

            //1、如果可管理的其他帐号的角色包含指定权限。2、可管理的身份账户包含指定权限
            foreach (IXcrmPrincipal principal in managedPrincipals.Values)
            {
                if (principal.Role.Contains(item))
                    return true;
                //如果指定身份是管理员,则指定身份可以管理整个机构下的所有,否则只能管理属于自己的资源
                string p = principal.Org.Path.EndsWith("/") ? principal.Org.Path  : principal.Org.Path + "/";
                OrgPermission op = new OrgPermission(principal.IsAdmin ? p + "**/*" :  p + principal.Name + "/**/*");
                if (op.Contains(item))
                    return true;
            }
            return false;
        }