| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263 |
- using Lottomat.Application.Code;
- using Lottomat.Application.Entity.AuthorizeManage;
- using Lottomat.Application.Entity.AuthorizeManage.ViewModel;
- using Lottomat.Application.Entity.BaseManage;
- using Lottomat.Application.IService.AuthorizeManage;
- using Lottomat.Data;
- using Lottomat.Data.Repository;
- using System;
- using System.Collections.Generic;
- using System.Data.Common;
- using System.Linq;
- using System.Text;
- using System.Threading.Tasks;
- namespace Lottomat.Application.Service.AuthorizeManage
- {
- /// <summary>
- /// 版 本
- /// Copyright (c) 2016-2017
- /// 创建人:赵轶
- /// 日 期:2015.12.5 22:35
- /// 描 述:授权认证
- /// </summary>
- public class AuthorizeService : RepositoryFactory, IAuthorizeService
- {
- /// <summary>
- /// 获取授权功能
- /// </summary>
- /// <param name="userId">用户Id</param>
- /// <returns></returns>
- public IEnumerable<ModuleEntity> GetModuleList(string userId)
- {
- StringBuilder strSql = new StringBuilder();
- strSql.Append(@"SELECT *
- FROM Base_Module
- WHERE ModuleId IN (
- SELECT ItemId
- FROM Base_Authorize
- WHERE ItemType = 1
- AND ( ObjectId IN (
- SELECT ObjectId
- FROM Base_UserRelation
- WHERE UserId = @UserId ) )
- OR ObjectId = @UserId )
- AND EnabledMark = 1 AND DeleteMark = 0 Order By SortCode");
- DbParameter[] parameter =
- {
- DbParameters.CreateDbParameter("@UserId",userId)
- };
- return this.BaseRepository().FindList<ModuleEntity>(strSql.ToString(), parameter);
- }
- /// <summary>
- /// 获取授权功能按钮
- /// </summary>
- /// <param name="userId">用户Id</param>
- /// <returns></returns>
- public IEnumerable<ModuleButtonEntity> GetModuleButtonList(string userId)
- {
- StringBuilder strSql = new StringBuilder();
- strSql.Append(@"SELECT *
- FROM Base_ModuleButton
- WHERE ModuleButtonId IN (
- SELECT ItemId
- FROM Base_Authorize
- WHERE ItemType = 2
- AND ( ObjectId IN (
- SELECT ObjectId
- FROM Base_UserRelation
- WHERE UserId = @UserId ) )
- OR ObjectId = @UserId ) Order By SortCode");
- DbParameter[] parameter =
- {
- DbParameters.CreateDbParameter("@UserId",userId)
- };
- return this.BaseRepository().FindList<ModuleButtonEntity>(strSql.ToString(), parameter);
- }
- /// <summary>
- /// 获取授权功能视图
- /// </summary>
- /// <param name="userId">用户Id</param>
- /// <returns></returns>
- public IEnumerable<ModuleColumnEntity> GetModuleColumnList(string userId)
- {
- StringBuilder strSql = new StringBuilder();
- strSql.Append(@"SELECT *
- FROM Base_ModuleColumn
- WHERE ModuleColumnId IN (
- SELECT ItemId
- FROM Base_Authorize
- WHERE ItemType = 3
- AND ( ObjectId IN (
- SELECT ObjectId
- FROM Base_UserRelation
- WHERE UserId = @UserId ) )
- OR ObjectId = @UserId ) Order By SortCode");
- DbParameter[] parameter =
- {
- DbParameters.CreateDbParameter("@UserId",userId)
- };
- return this.BaseRepository().FindList<ModuleColumnEntity>(strSql.ToString(), parameter);
- }
- /// <summary>
- /// 获取授权功能Url、操作Url
- /// </summary>
- /// <param name="userId">用户Id</param>
- /// <returns></returns>
- public IEnumerable<AuthorizeUrlModel> GetUrlList(string userId)
- {
- StringBuilder strSql = new StringBuilder();
- strSql.Append(@"SELECT ModuleId AS AuthorizeId ,
- ModuleId ,
- UrlAddress ,
- FullName
- FROM Base_Module
- WHERE ModuleId IN (
- SELECT ItemId
- FROM Base_Authorize
- WHERE ItemType = 1
- AND ( ObjectId IN (
- SELECT ObjectId
- FROM Base_UserRelation
- WHERE UserId = @UserId ) )
- OR ObjectId = @UserId )
- AND EnabledMark = 1
- AND DeleteMark = 0
- AND IsMenu = 1
- AND UrlAddress IS NOT NULL
- UNION
- SELECT ModuleButtonId AS AuthorizeId ,
- ModuleId ,
- ActionAddress AS UrlAddress ,
- FullName
- FROM Base_ModuleButton
- WHERE ModuleButtonId IN (
- SELECT ItemId
- FROM Base_Authorize
- WHERE ItemType = 2
- AND ( ObjectId IN (
- SELECT ObjectId
- FROM Base_UserRelation
- WHERE UserId = @UserId ) )
- OR ObjectId = @UserId )
- AND ActionAddress IS NOT NULL");
- DbParameter[] parameter =
- {
- DbParameters.CreateDbParameter("@UserId",userId)
- };
- return this.BaseRepository().FindList<AuthorizeUrlModel>(strSql.ToString(), parameter);
- }
- /// <summary>
- /// 获取关联用户关系
- /// </summary>
- /// <param name="userId">用户Id</param>
- /// <returns></returns>
- public IEnumerable<UserRelationEntity> GetUserRelationList(string userId)
- {
- return this.BaseRepository().IQueryable<UserRelationEntity>(t => t.UserId == userId);
- }
- /// <summary>
- /// 获得权限范围用户ID
- /// </summary>
- /// <param name="operators">当前登陆用户信息</param>
- /// <param name="isWrite">可写入</param>
- /// <returns></returns>
- public string GetDataAuthorUserId(Operator operators, bool isWrite = false)
- {
- string userIdList = GetDataAuthor(operators, isWrite);
- if (userIdList == "")
- {
- return "";
- }
- IRepository db = new RepositoryFactory().BaseRepository();
- string userId = operators.UserId;
- List<UserEntity> userList = db.FindList<UserEntity>(userIdList).ToList();
- StringBuilder userSb = new StringBuilder("");
- if (userList != null)
- {
- foreach (var item in userList)
- {
- userSb.Append(item.UserId);
- userSb.Append(",");
- }
- }
- return userSb.ToString();
- }
- /// <summary>
- /// 获得可读数据权限范围SQL
- /// </summary>
- /// <param name="operators">当前登陆用户信息</param>
- /// <param name="isWrite">可写入</param>
- /// <returns></returns>
- public string GetDataAuthor(Operator operators, bool isWrite = false)
- {
- //如果是系统管理员直接给所有数据权限
- if (operators.IsSystem)
- {
- return "";
- }
- IRepository db = new RepositoryFactory().BaseRepository();
- string userId = operators.UserId;
- StringBuilder whereSb = new StringBuilder(" SELECT UserId from Base_User where 1=1 ");
- string strAuthorData = "";
- if (isWrite)
- {
- strAuthorData = @" SELECT *
- FROM Base_AuthorizeData
- WHERE IsRead=0 AND
- ObjectId IN (
- SELECT ObjectId
- FROM Base_UserRelation
- WHERE UserId =@UserId)";
- }
- else
- {
- strAuthorData = @" SELECT *
- FROM Base_AuthorizeData
- WHERE
- ObjectId IN (
- SELECT ObjectId
- FROM Base_UserRelation
- WHERE UserId =@UserId)";
- }
- DbParameter[] parameter =
- {
- DbParameters.CreateDbParameter("@UserId",userId),
- };
- whereSb.Append(string.Format("AND( UserId ='{0}'", userId));
- IEnumerable<AuthorizeDataEntity> listAuthorizeData = db.FindList<AuthorizeDataEntity>(strAuthorData, parameter);
- foreach (AuthorizeDataEntity item in listAuthorizeData)
- {
- switch (item.AuthorizeType)
- {
- //0代表最大权限
- case 0://
- return "";
- //本人及下属
- case -2://
- whereSb.Append(" OR ManagerId ='{0}'");
- break;
- case -3:
- whereSb.Append(@" OR DepartmentId = ( SELECT DepartmentId
- FROM Base_User
- WHERE UserId ='{0}'
- )");
- break;
- case -4:
- whereSb.Append(@" OR OrganizeId = ( SELECT OrganizeId
- FROM Base_User
- WHERE UserId ='{0}'
- )");
- break;
- case -5:
- whereSb.Append(string.Format(@" OR DepartmentId='{1}' OR OrganizeId='{1}'", userId, item.ResourceId));
- break;
- }
- }
- whereSb.Append(")");
- return whereSb.ToString();
- }
- }
- }
|
