/// <summary> /// 授予用户操作权限 /// </summary> /// <param name="sysId"></param> /// <param name="userId"></param> /// <param name="selectedRightIds">当前选择授予的权限列表</param> public void AddUserRights(int sysId, int userId, List <int> selectedRightIds) { if (sysId <= 0) { throw new NotRightException(); } //权限判断 User user = loginService.HaveAdminRightForUserGrant(sysId, userId, true); //不能直接给渠道方面的用户分配操作权限,只能给他们分配角色 if (user.AccountType == UserTypeOptions.Channel || user.AccountType == UserTypeOptions.ChannelPartner) { throw new NotRightException(); } List <int> rangeRightIds = loginService.LoginUser.AccountType == UserTypeOptions.ProductAdmin ? DARightsHelper.GetUserRights(sysId, loginService.LoginUser.ID, loginService.LoginUser.AccountType).Select(a => a.RightID).ToList() : null; DARightsHelper.AddUserRights(sysId, userId, selectedRightIds, rangeRightIds); //记录登录日志 string rights = string.Empty; selectedRightIds.ForEach((i) => { rights += i.ToString() + ","; }); rights = rights.TrimEnd(','); loginService.AddLog( "AddUserRights", string.Format("添加用户权限(UserID={0},SysID={1},Rights={2})", userId, sysId, rights)); }
/// <summary> /// 获取用户权限(仅用于权限分配) /// </summary> /// <param name="sysId"></param> /// <param name="userId"></param> /// <returns></returns> public List <RightItem> GetUserRights(int sysId, int userId) { //权限判断 User user = loginService.HaveAdminRightForUserGrant(sysId, userId, true); return(DARightsHelper.GetUserRights(sysId, userId, user.AccountType)); }
/// <summary> /// 设置用户的权限 /// </summary> /// <param name="user"></param> /// <param name="sysId"></param> private void SetUserRights(UserContext user, int sysId) { UserTypeOptions userType = user.LoginUser.AccountType; bool isSuperAdmin = userType == UserTypeOptions.SuperAdmin; bool isWhiteUser = user.LoginUser.IsWhiteUser; if (user.AvailableRights == null) { List <Right> availableRights = DABasicInfoHelper.GetRights(sysId, -1, CacheTimeOption.Short); List <int> rights = DARightsHelper.GetUserRights(sysId, user.LoginUser.ID, user.LoginUser.AccountType).Select(a => a.RightID).ToList(); user.AvailableRights = availableRights.Where(a => (isSuperAdmin || internalRequest || !a.OnlyInternal || isWhiteUser) && rights.Contains(a.ID)).ToList(); } //只有report才有这些权限 if (sysId == DACommonHelper.REPORT_SYS_ID) { if (user.AvailableSofts == null) { //从Report平台获得的产品权限 List <Soft> availableSofts = GetAvailableSofts(); List <int> rights = DARightsHelper.GetUserSoftRights(user.LoginUser.ID).Select(a => a.RightID).ToList(); user.AvailableSofts = availableSofts.Where(a => a.Status == StatusOptions.Valid && (isSuperAdmin || internalRequest || !a.OnlyInternal || isWhiteUser) && rights.Contains(a.ID)).ToList(); } if (user.AvailableProjectSources == null) { List <ProjectSource> availableProjectSources = GetAvailableProjectSources(); List <int> rights = DARightsHelper.GetUserProjectSourceRights(user.LoginUser.ID).Select(a => a.RightID).ToList(); user.AvailableProjectSources = availableProjectSources.Where(a => (isSuperAdmin || internalRequest || !a.OnlyInternal || isWhiteUser) && rights.Contains(a.ProjectSourceID)).ToList(); } if (internalRequest && user.AvailableResIds == null) { user.AvailableResIds = DARightsHelper.GetUserResRights(user.LoginUser.ID).Select(a => a.RightID).ToList(); } } else { if (user.AvailableSofts == null) { user.AvailableSofts = new List <Soft>(); } if (user.AvailableProjectSources == null) { user.AvailableProjectSources = new List <ProjectSource>(); } if (internalRequest && user.AvailableResIds == null) { user.AvailableResIds = new List <int>(); } } if (user.AdminSystems == null) { List <SystemInfo> systems = DABasicInfoHelper.GetSystems(CacheTimeOption.Short); List <int> sysIds = DARightsHelper.GetAdminSystemIds(user.LoginUser.ID); user.AdminSystems = systems.Where(a => sysIds.Contains(a.ID)).ToList(); } }
/// <summary> /// 获取权限信息列表 /// </summary> /// <param name="sysId"></param> /// <returns></returns> public List <Right> GetRights(int sysId) { //权限判断 loginService.HaveAdminRight(sysId); List <Right> rights = DABasicInfoHelper.GetRights(sysId, -1); if (loginService.LoginUser.AccountType == UserTypeOptions.ProductAdmin) { List <RightItem> rangeRights = DARightsHelper.GetUserRights(sysId, loginService.LoginUser.ID, loginService.LoginUser.AccountType); var availableRights = from r in rights join rr in rangeRights on r.ID equals rr.RightID select r; return(availableRights.ToList()); } return(rights); }
/// <summary> /// 授予角色操作权限 /// </summary> /// <param name="roleId"></param> /// <param name="rightIds"></param> public void AddRoleRights(int roleId, List <int> rightIds) { //权限判断 Role role = loginService.HaveAdminRightForRole(roleId); List <int> rangeRightIds = loginService.LoginUser.AccountType == UserTypeOptions.ProductAdmin ? DARightsHelper.GetUserRights(role.SystemID, loginService.LoginUser.ID, loginService.LoginUser.AccountType).Select(a => a.RightID).ToList() : null; DARightsHelper.AddRoleRights(roleId, rightIds, rangeRightIds); //记录登录日志 string rights = string.Empty; rightIds.ForEach((i) => { rights += i.ToString() + ","; }); rights = rights.TrimEnd(','); loginService.AddLog( "AddRoleRights", string.Format("添加角色权限(RoleID={0},Rights={1})", roleId, rights)); }
/// <summary> /// 获取指定用户在指定系统所有拥有的权限信息(专门用于第三方系统调用) /// </summary> /// <param name="sysId"></param> /// <param name="account"></param> /// <param name="sign"></param> /// <returns></returns> public string GetUserRightsJson(int sysId, string account, string sign) { try { //验证请求参数 if (sysId <= 0 || string.IsNullOrEmpty(account) || string.IsNullOrEmpty(sign)) { return("{\"State\":1,\"Message\":\"请求参数无效。\"}"); } //限定配置过的IP才能请求 string clientIp = DACommonHelper.GetClientIP(); //if (clientIp != "127.0.0.1" // && !clientIp.StartsWith("10.") // && !clientIp.StartsWith("192.168.") // && !Regex.IsMatch(clientIp, @"^172\.(1([6-9]{1})|2([0-9]{1})|3([0-1]{1}))(\.[0-9]+){2}$") // && !GetUserRightsJson_ClientIP.Contains(clientIp)) //{ // return "{\"State\":2,\"Message\":\"当前请求IP无效。\"}"; //} //指定的系统必须存在 SystemInfo system = DABasicInfoHelper.GetSystem(sysId, CacheTimeOption.Short); if (system == null) { return("{\"State\":101,\"Message\":\"当前系统不存在。\"}"); } if (system.Status == StatusOptions.Invalid) { return("{\"State\":102,\"Message\":\"当前系统已被禁用。\"}"); } //请求有做MD5校验 string md5 = CryptoHelper.MD5_Encrypt(string.Format("{0}{1}{2}", sysId, system.Md5Key, account)); if (md5.ToLower() != sign.ToLower()) { return("{\"State\":3,\"Message\":\"无效的请求。\"}"); } //验证用户有效性 User user = DABasicInfoHelper.GetUser(account); if (user == null) { return("{\"State\":103,\"Message\":\"用户不存在。\"}"); } if (user.Status == StatusOptions.Invalid) { return("{\"State\":104,\"Message\":\"用户已被禁用。\"}"); } if (user.AccountType != UserTypeOptions.SuperAdmin && (DateTime.Now > user.EndTime || DateTime.Now < user.BeginTime)) { return("{\"State\":105,\"Message\":\"用户权限已过期。\"}"); } List <UserSystem> userSystems = DARightsHelper.GetUserSystems(user.ID); UserSystem userSystem = userSystems.FirstOrDefault(a => a.SystemID == sysId); if (userSystem == null) { return("{\"State\":106,\"Message\":\"用户没有当前系统的访问权限。\"}"); } //提取用户权限 List <Right> allRights = DABasicInfoHelper.GetRights(sysId, -1, CacheTimeOption.Short); List <RightItem> myRights = DARightsHelper.GetUserRights(sysId, user.ID, user.AccountType); var rights = from a in allRights join b in myRights on a.ID equals b.RightID where a.Status == StatusOptions.Valid select a; if (rights.Count() == 0) { return("{\"State\":107,\"Message\":\"用户没有当前系统的操作权限。\"}"); } //生成正常返回JSON StringBuilder result = new StringBuilder("{\"State\":0,\"Message\":\"OK\","); result.AppendFormat("\"System\":{{\"ID\":{0},\"Name\":\"{1}\",\"Url\":\"{2}\"}},", system.ID, system.Name, system.Url); result.AppendFormat("\"User\":{{\"ID\":{0},\"Account\":\"{1}\",\"TrueName\":\"{2}\",\"UserType\":{3},\"Email\":\"{4}\",\"Department\":\"{5}\",\"LastLoginTime\":\"{6}\"}}," , user.ID, user.Account, user.TrueName, userSystem.Admin ? (int)user.AccountType : 0, user.Email, user.Department, userSystem.LastLoginTime.ToString("yyyy-MM-dd HH:mm:ss")); result.Append("\"Rights\":["); foreach (var right in rights) { result.AppendFormat("{{\"ID\":{0},\"PID\":{1},\"Name\":\"{2}\",\"Level\":{3},\"Type\":{4},\"SortIndex\":{5},\"URL\":\"{6}\"}}," , right.ID, right.ParentID, right.Name, right.RightLevel, (int)right.RightType, right.SortIndex, right.PageUrl); } //更新最后一次访问时间 DABasicInfoHelper.UpdateSystemLastLoginTime(sysId, user.ID); //记录日志 DABasicInfoHelper.AddAdminLog( new AdminLog { Account = user.Account, TrueName = user.TrueName, AccountType = user.AccountType, AddTime = DateTime.Now, IP = clientIp, PageUrl = "GetUserRightsJson", SystemID = sysId, Memo = string.Format("{0}系统获取用户{1}权限", system.Name, user.Account) }); return(result.ToString(0, result.Length - 1) + "]}"); } catch (Exception ex) { LogHelper.WriteException("GetUserRightsJson异常", ex); return("{\"State\":4,\"Message\":\"系统异常。\"}"); } }