AddEntityControlCondition(ExtendedIdentityDbContext db, YuShang.ERP.Entities.Privileges.EntityControlType entityControlType, IQueryable <OrderContract> tempDbQuery, string userName, IList <string> roles) { //int level = PrivilegeLevelByEntityControlType.GetDefaultPrivilegeLevelByEntityControlType(entityControlType); int selfLevel = PrivilegeManager.GetSelfPrivilegeLevelByEntityControlType( entityControlType, userName, roles, db); tempDbQuery = tempDbQuery.Where(m => ((m.OrderSysUserKey == userName && m.EntityPrivLevRequired <= selfLevel) || m.EntityPrivLevRequired < selfLevel)); //简单的规则就是:一般的用户只能看到小于自己数据权限级别的数据; //或者自己录入的数据但是权限小于等于自己的 return(tempDbQuery); }
//public PrivilegeManager(Microsoft.Owin.IOwinContext owinContext) //{ // this._owinContext = owinContext; //} //private ApplicationSignInManager _signInManager; //private Microsoft.Owin.IOwinContext _owinContext; //internal ApplicationSignInManager SignInManager //{ // get // { // return _signInManager; // // ?? _owinContext.Get<ApplicationSignInManager>(); // //.Get<ApplicationSignInManager>(); // } // set { _signInManager = value; } //} public bool IsHighLevelPrivilege(IOwinContext owinContext, string userName, YuShang.ERP.Entities.Privileges.EntityControlType type, out IList <string> roles) {//FIXED: 判断数据权限 bool result = false; IList <string> userRoles = null; IList <string> highLevelRoleNames = this.GetHighLevelRoleNameByConfig(type); if (owinContext != null) { var ttmp = owinContext.GetUserManager <ApplicationUserManager>(); if (ttmp != null) { m_userManager = ttmp; } } // m_userManager = owinContext.GetUserManager<ApplicationUserManager>(); var taskUserName = m_userManager.FindByNameAsync(userName); taskUserName.Wait(); var user = taskUserName.Result; if (user != null) { var task = m_userManager.GetRolesAsync(user.Id); task.Wait(); if (task.Result != null) { userRoles = task.Result; if (userRoles.Intersect(highLevelRoleNames).Count() > 0) {//当用户角色与高级别角色之间交集大于0个,则说明是高权限角色 roles = userRoles; return(true); } } //m_userManager.GetRolesAsync().Result.Intersect(highLevelRoleNames).Count() > 0; //int userid = user.Id; //foreach (var hi in highLevelRoleNames) //{ // var ttask = m_userManager.IsInRoleAsync(userid, hi); // ttask.Wait(); // if (ttask.Result) // { // result = true; // break; // } //} //Parallel.ForEach(highLevelRoleNames, (s => //{ // var tempTask = m_userManager.IsInRoleAsync(userid, s); // tempTask.Wait(); // if (tempTask.Result) // { // result = true; // } //})); //var task = m_userManager.GetRolesAsync(userid); //task.Wait(); //if (task.Result != null) // userRoles = task.Result; } roles = userRoles; return(result); }