using IStation.Untity;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace IStation.Service
{
///
/// 用户权限
///
public partial class UserAuthority
{
#region 私有方法
//获取菜单权限项列表
private List GetMenuAuthItemList(long userId)
{
var vmList = new List();
//角色授权
var roleList = new Role().GetRelationByUserID(userId);
if (roleList == null || roleList.Count < 1)
return vmList;
var roleAuthList = new RoleMenuMapping().GetByRoleIds(roleList.Select(x => x.ID).ToList());
if (roleAuthList != null && roleAuthList.Count > 0)
{
foreach (var roleAuth in roleAuthList)
{
var vm = vmList.Find(x =>x.MenuID==roleAuth.MenuID);
if (vm == null)
{
vm = new Model.MenuAuthItem();
vm.MenuID = roleAuth.MenuID;
vm.AuthLevel = roleAuth.AuthLevel;
vmList.Add(vm);
}
else
{
if (roleAuth.AuthLevel < vm.AuthLevel)
{
vm.AuthLevel = roleAuth.AuthLevel;
}
}
}
}
return vmList;
}
//获取菜单权限项列表
private List GetMenuAuthItemList(long userId, Role roleService, RoleMenuMapping roleAuthService)
{
var vmList = new List();
//角色授权
var roleList = roleService.GetRelationByUserID(userId);
var roleAuthList = roleAuthService.GetByRoleIds(roleList.Select(x => x.ID).ToList());
if (roleAuthList != null && roleAuthList.Count > 0)
{
foreach (var roleAuth in roleAuthList)
{
var vm = vmList.Find(x => x.MenuID == roleAuth.MenuID );
if (vm == null)
{
vm = new Model.MenuAuthItem();
vm.MenuID = roleAuth.MenuID;
vm.AuthLevel = roleAuth.AuthLevel;
vmList.Add(vm);
}
else
{
if (roleAuth.AuthLevel < vm.AuthLevel)
{
vm.AuthLevel = roleAuth.AuthLevel;
}
}
}
}
return vmList;
}
//通过 Soft 获取可下发的菜单权限树项列表
private List GetAuthorizeMenuAuthTreeItemListBySoft(string SoftType, string SoftTag)
{
//加载菜单列表
var menuList = new Menu().GetBySoft(SoftType, SoftTag);
if (menuList == null || menuList.Count < 1)
return default;
//遍历菜单生成
var vmList = new List();
foreach (var menu in menuList)
{
var vmMenu = new Model.AuthorizeMenuAuthTreeItem(menu);
vmMenu.Id = GuidCreater.CreateN();
vmMenu.ParentId = string.Empty;
vmList.Add(vmMenu);
}
//维护树形结构
foreach (var menu in menuList)
{
if (menu.ParentIds != null && menu.ParentIds.Count > 0)
{
var vmMenu = vmList.Find(x => x.MenuID == menu.ID);
var vmParentMenu = vmList.Find(x => x.MenuID == menu.ParentIds.Last());
vmMenu.ParentId = vmParentMenu.Id;
}
}
return vmList;
}
//通过 Soft 获取菜单权限树项列表
private List GetMenuAuthTreeItemListBySoft(string SoftType, string SoftTag)
{
//加载菜单列表
var menuList = new Menu().GetBySoft(SoftType, SoftTag);
if (menuList == null || menuList.Count < 1)
return default;
//遍历菜单生成
var vmList = new List();
foreach (var menu in menuList)
{
var vmMenu = new Model.MenuAuthTreeItem(menu);
vmMenu.Id = GuidCreater.CreateN();
vmMenu.ParentId = string.Empty;
vmList.Add(vmMenu);
}
//维护树形结构
foreach (var menu in menuList)
{
if (menu.ParentIds != null && menu.ParentIds.Count > 0)
{
var vmMenu = vmList.Find(x => x.MenuID == menu.ID);
var vmParentMenu = vmList.Find(x => x.MenuID == menu.ParentIds.Last());
vmMenu.ParentId = vmParentMenu.Id;
}
}
return vmList;
}
//通过 Soft 获取可下发的菜单权限树列表(2022-6-28 lxj修正)
private List GetAuthorizeMenuAuthTreeListBySoft(string SoftType, string SoftTag)
{
//加载菜单列表
var menuList = new Menu().GetBySoft(SoftType, SoftTag);
if (menuList == null || menuList.Count < 1)
return default;
//遍历菜单生成
var vmMenuList = new List();
foreach (var menu in menuList)
{
var vmMenu = new Model.AuthorizeMenuAuthTree(menu);
vmMenuList.Add(vmMenu);
}
var vmList = new List();
foreach (var menu in menuList)
{
var vmMenu = vmMenuList.Find(x => x.MenuID == menu.ID);
if (menu.ParentIds.Count > 0)
{
var vmParentMenu = vmMenuList.Find(x => x.MenuID == menu.ParentIds.Last());
if(vmParentMenu!=null)
vmParentMenu.Children.Add(vmMenu);
}
else
{
vmList.Add(vmMenu);
}
}
return vmList;
}
//通过 Soft 获取权限树列表(2022-6-28 lxj修正)
private List GetMenuAuthTreeListBySoft(string SoftType, string SoftTag)
{
//加载菜单列表
var menuList = new Menu().GetBySoft(SoftType, SoftTag);
if (menuList == null || menuList.Count < 1)
return default;
//遍历菜单生成
var vmMenuList = new List();
foreach (var menu in menuList)
{
var vmMenu = new Model.MenuAuthTree(menu);
vmMenuList.Add(vmMenu);
}
//构建树形结构
var vmList = new List();
foreach (var menu in menuList)
{
var vmMenu= vmMenuList.Find(x => x.MenuID == menu.ID);
if (menu.ParentIds.Count > 0)
{
var vmParentMenu = vmMenuList.Find(x=>x.MenuID==menu.ParentIds.Last());
if (vmParentMenu != null)
{
vmParentMenu.Children.Add(vmMenu);
}
}
else
{
vmList.Add(vmMenu);
}
}
return vmList;
}
#endregion
#region 可下发的权限
///
/// 通过 UserID 获取可下发的权限树项列表(2022-6-28 lxj修正)
///
public List GetAuthorizeMenuAuthTreeItemList(long UserID, string SoftType, string SoftTag)
{
//获取用户
var user = new User().GetByID(UserID);
if (user == null)
{
return default;
}
//超级管理员通道
if (user.IsAdmin)
{
return GetAuthorizeMenuAuthTreeItemListBySoft(SoftType, SoftTag);
}
//获取权限项集合
var authItems = GetMenuAuthItemList(UserID);
if (authItems == null || authItems.Count < 1)
{
return default;
}
//加载菜单列表
var menuList = new Menu().GetBySoft(SoftType, SoftTag);
if (menuList == null || menuList.Count < 1)
{
return default;
}
//遍历菜单生成
var vmMenuList = new List();
foreach (var menu in menuList)
{
var menuAuth = authItems.Find(x => x.AuthLevel == Model.eAuthLevel.All && x.MenuID == menu.ID);
if (menuAuth != null)
{
var vm_menu = new Model.AuthorizeMenuAuthTreeItem(menu);
vm_menu.Id = GuidCreater.CreateN();
vm_menu.ParentId = string.Empty;
vmMenuList.Add(vm_menu);
}
}
//维护树形结构并检查可下发的可靠性
var menuAuthIds = vmMenuList.Select(x => x.MenuID).ToList();
var menuAuthList = menuList.Where(x => menuAuthIds.Contains(x.ID)).OrderBy(x =>x.ParentIds.Count).ThenBy(x => x.SortCode).ToList();
foreach (var menuAuth in menuAuthList)
{
var vmMenu = vmMenuList.Find(x => x.MenuID == menuAuth.ID);
if (menuAuth.ParentIds.Count > 0)
{
var menuAuthParent = menuAuthList.Find(x => x.ID == menuAuth.ParentIds.Last());
if (menuAuthParent == null)
{
vmMenuList.Remove(vmMenu);
}
else
{
var vmParentMenu = vmMenuList.Find(x => x.MenuID == menuAuthParent.ID);
vmMenu.ParentId = vmParentMenu.Id;
}
}
}
return vmMenuList;
}
///
/// 通过 UserID 获取可下发的权限树列表
///
public List GetAuthorizeMenuAuthTreeList(long UserID, string SoftType, string SoftTag)
{
//获取用户
var user = new User().GetByID(UserID);
if (user == null)
{
return default;
}
//超级管理员通道
if (user.IsAdmin)
{
return GetAuthorizeMenuAuthTreeListBySoft(SoftType, SoftTag);
}
//获取权限项集合
var authItems = GetMenuAuthItemList(UserID);
if (authItems == null || authItems.Count < 1)
{
return default;
}
//获取所有菜单
var menuList = new Menu().GetBySoft(SoftType, SoftTag);
if (menuList == null || menuList.Count < 1)
{
return default;
}
//遍历生成
var vmMenuList = new List();
foreach (var menu in menuList)
{
var authMenu = authItems.Find(x => x.AuthLevel == Model.eAuthLevel.All && x.MenuID == menu.ID);
if (authMenu != null)
{
var vm_menu = new Model.AuthorizeMenuAuthTree(menu);
vmMenuList.Add(vm_menu);
}
}
//建立菜单树形结构并检查权限等级
var vmList = new List();
var menuAuthIds = vmMenuList.Select(x => x.MenuID).ToList();
var menuAuthList = menuList.Where(x => menuAuthIds.Contains(x.ID)).OrderBy(x =>x.ParentIds.Count).ThenBy(x => x.SortCode).ToList();
foreach (var menuAuth in menuAuthList)
{
var vmMenu = vmMenuList.Find(x => x.MenuID == menuAuth.ID);
if (menuAuth.ParentIds.Count > 0)
{
var vmParentMenu = vmMenuList.Find(x => x.MenuID == menuAuth.ParentIds.Last());
if (vmParentMenu != null)
{
vmParentMenu.Children.Add(vmMenu);
}
}
else
{
vmList.Add(vmMenu);
}
}
return vmList;
}
#endregion
#region 权限树项
///
/// 通过 UserID 获取权限树项列表(2022-6-28 lxj修正)
///
public List GetMenuAuthTreeItemList(long UserID, string SoftType, string SoftTag)
{
//获取用户
var user = new User().GetByID(UserID);
if (user == null)
{
return default;
}
//超级管理员通道
if (user.IsAdmin)
{
return GetMenuAuthTreeItemListBySoft(SoftType, SoftTag);
}
//获取权限项集合
var authItems = GetMenuAuthItemList(UserID);
if (authItems == null || authItems.Count < 1)
{
return default;
}
//加载菜单列表
var menuList = new Menu().GetBySoft(SoftType, SoftTag);
if (menuList == null || menuList.Count < 1)
{
return default;
}
//遍历生成
var vmList = new List();
foreach (var menu in menuList)
{
var menuAuth = authItems.Find(x => x.MenuID == menu.ID);
if (menuAuth != null)
{
var vmMenu = new Model.MenuAuthTreeItem(menu);
vmMenu.Id = GuidCreater.CreateN();
vmMenu.ParentId = string.Empty;
vmMenu.AuthLevel = menuAuth.AuthLevel;
vmList.Add(vmMenu);
}
}
//维护菜单树形结构并检查权限等级
var menuAuthIds = vmList.Select(x => x.MenuID).ToList();
var menuAuthList = menuList.Where(x => menuAuthIds.Contains(x.ID)).OrderBy(x =>x.ParentIds.Count).ThenBy(x => x.SortCode).ToList();
foreach (var menuAuth in menuAuthList)
{
var vmMenu = vmList.Find(x => x.MenuID == menuAuth.ID);
if (menuAuth.ParentIds.Count > 0)
{
var menuAuthParent = menuAuthList.Find(x => x.ID == menuAuth.ParentIds.Last());
if (menuAuthParent == null)//有上级菜单,但未检索到上级菜单,则移除自身及自身下的功能点
{
vmList.Remove(vmMenu);
}
else//有上级菜单的情况下,维护树形结构,并根据上级菜单的权限等级,更改自身的权限等级
{
var vmParentMenu = vmList.Find(x => x.MenuID == menuAuthParent.ID);
vmMenu.ParentId = vmParentMenu.Id;
if (vmParentMenu.AuthLevel == Model.eAuthLevel.ReadOnly)
{
vmMenu.AuthLevel = Model.eAuthLevel.ReadOnly;
}
}
}
}
return vmList;
}
///
/// 通过 UserID 获取权限拥有树项列表(2022-6-28 lxj修正)
///
public List GetMenuAuthHaveTreeItemList(long UserID, string SoftType, string SoftTag)
{
//获取用户
var user = new User().GetByID(UserID);
if (user == null)
{
return default;
}
//加载菜单列表
var menuList = new Menu().GetBySoft(SoftType, SoftTag);
if (menuList == null || menuList.Count < 1)
{
return default;
}
//遍历菜单生成
var vmList = new List();
foreach (var menu in menuList)
{
var vmMenu = new Model.MenuAuthHaveTreeItem(menu);
vmMenu.Id = GuidCreater.CreateN();
vmMenu.ParentId = string.Empty;
vmMenu.AuthLevel = Model.eAuthLevel.ReadOnly;
vmMenu.Have = false;
vmList.Add(vmMenu);
}
//维护树形结构
foreach (var menu in menuList)
{
if (menu.ParentIds.Count > 0)
{
var vmMenu = vmList.Find(x => x.MenuID == menu.ID);
var vmParentMenu = vmList.Find(x => x.MenuID == menu.ParentIds.Last());
vmMenu.ParentId = vmParentMenu.Id;
}
}
//超级管理员通道
if (user.IsAdmin)
{
vmList.ForEach(x =>
{
x.Have = true;
x.AuthLevel = Model.eAuthLevel.All;
});
return vmList;
}
//权限匹配
var authItems = GetMenuAuthItemList(UserID);
if (authItems != null && authItems.Count > 0)
{
vmList.ForEach(x =>
{
var haveItem = authItems.Find(t => t.MenuID==x.MenuID);
if (haveItem != null)
{
x.Have = true;
x.AuthLevel = haveItem.AuthLevel;
}
});
}
foreach (var menu in menuList)
{
var vmMenu = vmList.Find(x => x.MenuID == menu.ID);
if (menu.ParentIds.Count > 0)
{
var vmParentMenu = vmList.Find(x => x.MenuID == menu.ParentIds.Last());
if (!vmParentMenu.Have)
{
vmMenu.Have = false;
}
if (vmParentMenu.AuthLevel == Model.eAuthLevel.ReadOnly)
{
vmMenu.AuthLevel = Model.eAuthLevel.ReadOnly;
}
}
}
return vmList;
}
#endregion
#region 权限树
///
/// 通过 UserID 获取权限树列表(2022-6-28 lxj修正)
///
public List GetMenuAuthTreeList(long UserID, string SoftType, string SoftTag)
{
//获取用户
var user = new User().GetByID(UserID);
if (user == null)
{
return default;
}
//超级管理员通道
if (user.IsAdmin)
{
return GetMenuAuthTreeListBySoft(SoftType, SoftTag);
}
//获取权限项集合
var authItems = GetMenuAuthItemList(UserID);
if (authItems == null || authItems.Count < 1)
{
return default;
}
//加载菜单列表
var menuList = new Menu().GetBySoft(SoftType, SoftTag);
if (menuList == null || menuList.Count < 1)
{
return default;
}
//遍历菜单生成
var vmMenuList = new List();
foreach (var menu in menuList)
{
var authMenu = authItems.Find(x => x.MenuID == menu.ID);
if (authMenu != null)
{
var vmMenu = new Model.MenuAuthTree(menu);
vmMenuList.Add(vmMenu);
}
}
//建立菜单树形结构并检查权限等级
var vmList = new List();
var menuAuthIds = vmMenuList.Select(x => x.MenuID).ToList();
var menuAuthList = menuList.Where(x => menuAuthIds.Contains(x.ID)).OrderBy(x =>x.ParentIds.Count).ThenBy(x => x.SortCode).ToList();
foreach (var menuAuth in menuAuthList)
{
var vmMenu = vmMenuList.Find(x => x.MenuID == menuAuth.ID);
if (menuAuth.ParentIds != null && menuAuth.ParentIds.Count > 0)
{
var vmParentMenu = vmMenuList.Find(x => x.MenuID == menuAuth.ParentIds.Last());
if (vmParentMenu != null)
{
vmParentMenu.Children.Add(vmMenu);
if (vmParentMenu.AuthLevel == Model.eAuthLevel.ReadOnly)
{
vmMenu.AuthLevel = Model.eAuthLevel.ReadOnly;
}
}
}
else
{
vmList.Add(vmMenu);
}
}
return vmList;
}
///
/// 通过 UserID 获取权限拥有树列表(2022-6-28 lxj修正)
///
public List GetMenuAuthHaveTreeList(long UserID, string SoftType, string SoftTag)
{
//获取用户
var user = new User().GetByID(UserID);
if (user == null)
return default;
//加载菜单列表
var menuList = new Menu().GetBySoft(SoftType, SoftTag);
if (menuList == null || menuList.Count < 1)
return default;
//遍历菜单
var vmMenuList = new List();
foreach (var menu in menuList)
{
var vmMenu = new Model.MenuAuthHaveTree(menu);
vmMenu.AuthLevel =Model.eAuthLevel.ReadOnly;
vmMenu.Have = false;
vmMenu.Children = new List();
vmMenuList.Add(vmMenu);
}
var vmList = new List();
//超级管理员通道
if (user.IsAdmin)
{
vmMenuList.ForEach(x =>
{
x.AuthLevel = Model.eAuthLevel.All;
x.Have = true;
});
foreach (var menu in menuList)
{
var vmMenu = vmMenuList.Find(x => x.MenuID == menu.ID);
if ( menu.ParentIds.Count > 0)
{
var vmParentMenu = vmMenuList.Find(x => x.MenuID == menu.ParentIds.Last());
vmParentMenu.Children.Add(vmMenu);
}
else
{
vmList.Add(vmMenu);
}
}
return vmList;
}
//获取权限项集合
var authItems = GetMenuAuthItemList(UserID);
if (authItems != null && authItems.Count > 0)
{
vmMenuList.ForEach(x =>
{
var menuHaveItem = authItems.Find(t => t.MenuID==x.MenuID);
if (menuHaveItem != null)
{
x.Have = true;
x.AuthLevel = menuHaveItem.AuthLevel;
}
});
}
//建立菜单树形结构并检查权限等级
foreach (var menu in menuList)
{
var vmMenu = vmMenuList.Find(x => x.MenuID == menu.ID);
if (menu.ParentIds.Count > 0)
{
var vmParentMenu = vmMenuList.Find(x => x.MenuID == menu.ParentIds.Last());
vmParentMenu.Children.Add(vmMenu);
if (!vmParentMenu.Have)
{
vmMenu.Have = false;
}
if (vmParentMenu.AuthLevel == Model.eAuthLevel.ReadOnly)
{
vmMenu.AuthLevel = Model.eAuthLevel.ReadOnly;
}
}
else
{
vmList.Add(vmMenu);
}
}
return vmList;
}
#endregion
#region 下发权限
///
/// 下发角色权限
///
public Model.eAuthorizeStatus Authorize(long userId, IEnumerable authItems)
{
#region 验证数据
if (authItems == null || authItems.Count() < 1)
{
return Model.eAuthorizeStatus.Error;
}
var roleAuthItems = authItems.ToList();
var roleAuthItems_none = roleAuthItems.Where(x => !x.Selected).ToList();
var roleAuthItems_selected = roleAuthItems.Where(x => x.Selected).ToList();
#endregion
#region 验证用户
var service_user = new User();
var currentUser = service_user.GetByID(userId);
if (currentUser == null)
{
return Model.eAuthorizeStatus.UserIsNotExist;
}
if (currentUser.UseStatus == Model.eUseStatus.Disable)
{
return Model.eAuthorizeStatus.UserIsStopped;
}
if (!service_user.VerifyCreateUseStatus(userId))
{
return Model.eAuthorizeStatus.ParentUserIsStopped;
}
#endregion
#region 验证角色
var service_role = new Role();
var roleIds_input = roleAuthItems.Select(x => x.RoleID).Distinct().ToList();
var roles_input = service_role.GetByIds(roleIds_input);
if (roles_input == null || roles_input.Count < 1)
{
return Model.eAuthorizeStatus.Error;
}
var createUserIds_input = roles_input.Select(x => x.CreateUserID).Distinct().ToList();
if (createUserIds_input.Count != 1)
{
return Model.eAuthorizeStatus.Error;
}
if (createUserIds_input[0] != userId)
{
return Model.eAuthorizeStatus.Error;
}
#endregion
#region 验证权限变动
//当前用户创建的角色拥有的权限
var roleAuth_current_list = new List();
//当前用户创建的角色
var role_current_list = service_role.GetByCreateUserID(userId);
if (role_current_list == null || role_current_list.Count < 1)
{
return Model.eAuthorizeStatus.Error;
}
//当前用户创建的角色已经拥有的权限
var service_role_auth = new RoleMenuMapping();
var role_auth_current_list = service_role_auth.GetByRoleIds(role_current_list.Select(x => x.ID).ToList());
//当前用户创建的角色不拥有权限
if (role_auth_current_list == null || role_auth_current_list.Count < 1)
{
if (roleAuthItems_selected.Count < 1)
{
return Model.eAuthorizeStatus.Success;
}
roleAuth_current_list.AddRange(roleAuthItems_selected.Select(x => new Model.RoleMenuPure(x)));
}
//当前用户创建的角色拥有部分权限
else
{
//存在取消角色权限
if (roleAuthItems_none.Count > 0)
{
//取消的角色权限都不在已有权限中
if (!roleAuthItems_none.Exists(x => role_auth_current_list.Exists(t => t.RoleID == x.RoleID && t.MenuID == x.MenuID )))
{
if (roleAuthItems_selected.Count < 1)
{
return Model.eAuthorizeStatus.Success;
}
else
{
//新增的权限都在已有的权限中
if (!roleAuthItems_selected.Exists(x => !role_auth_current_list.Exists(t => t.RoleID == x.RoleID && t.MenuID == x.MenuID && t.AuthLevel == x.AuthLevel)))
{
return Model.eAuthorizeStatus.Success;
}
}
}
}
//不存在取消角色权限
else
{
//新增的权限都在已有的角色权限中
if (!roleAuthItems_selected.Exists(x => !role_auth_current_list.Exists(t => t.RoleID == x.RoleID && t.MenuID == x.MenuID && t.AuthLevel == x.AuthLevel)))
{
return Model.eAuthorizeStatus.Success;
}
}
//初始化当前用户创建的角色所拥有的权限
roleAuth_current_list.AddRange(role_auth_current_list.Select(x => new Model.RoleMenuPure(x.RoleID, x.MenuID, x.AuthLevel)));
if (roleAuthItems_none.Count > 0)
{
roleAuth_current_list.RemoveAll(x => roleAuthItems_none.Exists(t => t.RoleID == x.RoleID && t.MenuID == x.MenuID ));
}
if (roleAuthItems_selected.Count > 0)
{
foreach (var roleAuthItem_selected in roleAuthItems_selected)
{
var roleAuth_current = roleAuth_current_list.Find(x => x.RoleID == roleAuthItem_selected.RoleID && x.MenuID == roleAuthItem_selected.MenuID );
if (roleAuth_current == null)
{
roleAuth_current = new Model.RoleMenuPure(roleAuthItem_selected);
roleAuth_current_list.Add(roleAuth_current);
}
else
{
if (roleAuth_current.AuthLevel > roleAuthItem_selected.AuthLevel)
{
roleAuth_current.AuthLevel = roleAuthItem_selected.AuthLevel;
}
}
}
}
}
#endregion
#region 验证自身权限
if (!currentUser.IsAdmin)
{
var selfAuthItems = GetMenuAuthItemList(userId);
if (selfAuthItems == null || selfAuthItems.Count < 1)
{
if (roleAuthItems.Exists(x => x.Selected))
{
return Model.eAuthorizeStatus.MissingPremission;
}
}
var selfAllAuthItems = selfAuthItems.Where(x => x.AuthLevel == Model.eAuthLevel.All).ToList();
if (selfAllAuthItems.Count < 1)
{
if (roleAuthItems.Exists(x => x.Selected))
{
return Model.eAuthorizeStatus.MissingPremission;
}
}
if (roleAuthItems.Exists(x => (x.Selected) && (!selfAllAuthItems.Exists(t => t.MenuID == x.MenuID))))
{
return Model.eAuthorizeStatus.MissingPremission;
}
}
#endregion
#region 权限回收
var roleAuth_expire_list = GetInvalidRoleAuth(userId, roleAuth_current_list, service_user, service_role, service_role_auth);
if (roleAuth_expire_list != null && roleAuth_expire_list.Count > 0)
{
roleAuthItems.AddRange(roleAuth_expire_list.Select(x => new Model.RoleMenuSelected(x,false) ));
}
#endregion
#region 权限下发
var bol = service_role_auth.Set(roleAuthItems);
if (!bol)
{
return Model.eAuthorizeStatus.Error;
}
#endregion
return Model.eAuthorizeStatus.Success;
}
//获取失效角色权限
private List GetInvalidRoleAuth
(
long currentUserId,//当前用户标识
List currentRoleAuthList,//当前用户创建的角色所拥有的权限
User service_user,//用户服务
Role service_role,//角色服务
RoleMenuMapping service_role_auth//角色授权服务
)
{
//初始化
if (currentRoleAuthList == null)
currentRoleAuthList = new List();
var roleAuth_expire_list = new List();
//获取创建的用户列表
var user_list = service_user.GetByCreateUserID(currentUserId);
if (user_list == null || user_list.Count < 1)
{
return roleAuth_expire_list;
}
//遍历创建的用户列表
foreach (var user in user_list)
{
var role_create_list = service_role.GetByCreateUserID(user.ID);
if (role_create_list != null && role_create_list.Count > 0)
{
var role_auth_create_list = service_role_auth.GetByRoleIds(role_create_list.Select(x => x.ID).ToList());
if (role_auth_create_list != null && role_auth_create_list.Count > 0)
{
//获取角色权限列表
var roleAuth_list = new List();
var role_relation_list = service_role.GetRelationByUserID(user.ID);
if (role_relation_list != null && role_relation_list.Count > 0)
{
var roleId_relation_list = role_relation_list.Select(x => x.ID).Distinct().ToList();
roleAuth_list = currentRoleAuthList.Where(x => roleId_relation_list.Contains(x.RoleID)).ToList();
}
//创建角色拥有的角色权限
var roleAuth_create_list = new List();
foreach (var role_auth_create in role_auth_create_list)
{
var roleAuth = new Model.RoleMenuPure() {
RoleID=role_auth_create.RoleID,
MenuID=role_auth_create.MenuID,
AuthLevel=role_auth_create.AuthLevel
};
if (!roleAuth_list.Exists(x => x.AuthLevel == Model.eAuthLevel.All && x.MenuID == roleAuth.MenuID))
{
roleAuth_expire_list.Add(roleAuth);
continue;
}
roleAuth_create_list.Add(roleAuth);
}
roleAuth_expire_list.AddRange(GetInvalidRoleAuth(user.ID, roleAuth_create_list, service_user, service_role, service_role_auth));
}
}
}
return roleAuth_expire_list;
}
#endregion
}
}