示例#1
0
        //----------------------------------------------------------------------
        public static IList GetTopicAdminCmds( User user, ForumBoard board, MvcContext ctx )
        {
            IList results = new ArrayList();

            // 1、获取用户的角色
            SecurityTool tool = ForumSecurityService.GetSecurityTool( board, ctx );
            IList actions = tool.GetActionsByRole( user.Role );
            addAdminActionsToResults( actions, results );

            // 2、获取用户的等级
            if (user.RankId > 0) {
                actions = tool.GetActionsByRole( user.Rank );
                addAdminActionsToResults( actions, results );
            }

            // 3、owner的角色
            if (ctx.owner.obj.GetType() != typeof( Site )) {
                IRole roleInOwner = ctx.owner.obj.GetUserRole( user );
                actions = tool.GetActionsByRole( roleInOwner );
                addAdminActionsToResults( actions, results );
            }

            // 3、版主
            ModeratorService moderatorService = new ModeratorService();
            if (moderatorService.IsModerator( board, user )) {

                IList moderatorActions = tool.GetActionsByRole( ForumRole.Moderator );
                addAdminActionsToResults( moderatorActions, results );
            }

            return results;
        }
示例#2
0
        private static Boolean hasAction( ISecurity objSecurity, MvcContext ctx ) {

            // 未提供权限配置的页面通过
            if (objSecurity == null) return true;

            SecurityTool securityTool = ForumSecurityService.GetSecurityTool( objSecurity, ctx );// objSecurity.SecurityTool;


            // 不需要权限管理的页面通过
            if (securityTool.IsForbiddenAction( ctx.route.getControllerAndActionPath() ) == false) return true;

            // 空页面——通过
            String currentPath = ctx.url.Path;
            if (strUtil.IsNullOrEmpty( currentPath )) return true;

            // 编辑权限例外:用户可以编辑自己的帖子

            // 只要系统角色,或论坛角色之一具有权限,则用户具有权限(当用户具有多重身份之时)

            // 1、获取用户的角色

            //系统角色
            SiteRole role = ((User)ctx.viewer.obj).Role;
            IList actions = securityTool.GetActionsByRole( role );
            if (hasAction_private( actions, ctx )) return true;

            // 2、获取用户在特定owner中的角色
            if (ctx.owner.obj.GetType() != typeof( Site )) {
                IRole roleInOwner = ctx.owner.obj.GetUserRole( ctx.viewer.obj );
                IList ownerRoleActions = securityTool.GetActionsByRole( roleInOwner );
                if (hasAction_private( ownerRoleActions, ctx )) return true;
            }

            // 3、获取用户的等级
            SiteRank rank = ((User)ctx.viewer.obj).Rank;
            if (rank.Id > 0) {
                actions = securityTool.GetActionsByRole( rank );
                if (hasAction_private( actions, ctx )) return true;
            }

            // 4、是否在论坛担任角色

            if (objSecurity is ForumBoard) {

                ModeratorService moderatorService = new ModeratorService();

                if (moderatorService.IsModerator( objSecurity as ForumBoard, (User)ctx.viewer.obj )) {
                    IList moderatorActions = securityTool.GetActionsByRole( ForumRole.Moderator );
                    if (hasAction_private( moderatorActions, ctx )) return true;
                }

            }

            return false;
        }