def GetOrganizeIdsByPermissionScope(self, userId, permissionItemCode):
"""
按某个权限范围获取特定用户可访问的组织机构主键数组
Args:
userId (string): 用户主键
permissionItemCode (string): 操作权限编号
Returns:
returnValue(Pipermissionitem): 数据表
"""
returnValue = PermissionScopeService.GetOrganizeIds(self, userId, permissionItemCode)
return returnValue
def GetSearchConditional(self, userInfo, permissionScopeCode, search,
roleIds, enabled, auditStates, departmentId):
LogService.WriteLog(userInfo, __class__.__name__,
FrameworkMessage.UserService,
sys._getframe().f_code.co_name,
FrameworkMessage.UserService_GetSearchConditional,
'')
search = StringHelper.GetSearchString(self, search)
whereConditional = 'piuser.deletemark=0 and piuser.isvisible=1 '
if not enabled == None:
if enabled == True:
whereConditional = whereConditional + " and ( piuser.enabled = 1 )"
else:
whereConditional = whereConditional + " and ( piuser.enabled = 0 )"
if search:
whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'username' + " LIKE '" + search + "'" \
+ " OR " + 'piuser' + "." + 'code' + " LIKE '" + search + "'" \
+ " OR " + 'piuser' + "." + 'realname' + " LIKE '" + search + "'" \
+ " OR " + 'piuser' + "." + 'quickquery' + " LIKE '" + search + "'" \
+ " OR " + 'piuser' + "." + 'departmentname' + " LIKE '" + search + "'" \
+ " OR " + 'piuser' + "." + 'description' + " LIKE '" + search + "')"
if departmentId:
organizeIds = OrganizeService.GetChildrensById(self, departmentId)
if organizeIds and len(organizeIds) > 0:
whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'companyid' + " IN (" + StringHelper.ArrayToList(self, organizeIds,"'") + ")" \
+ " OR " + 'piuser' + "." + 'companyid' + " IN (" + StringHelper.ArrayToList(self, organizeIds, "'") + ")" \
+ " OR " + 'piuser' + "." + 'departmentid' + " IN (" + StringHelper.ArrayToList(self, organizeIds, "'") + ")" \
+ " OR " + 'piuser' + "." + 'subdepartmentid' + " IN (" + StringHelper.ArrayToList(self, organizeIds, "'") + ")" \
+ " OR " + 'piuser' + "." + 'workgroupid' + " IN (" + StringHelper.ArrayToList(self, organizeIds, "'") + "))"
whereConditional = whereConditional + " OR " + 'piuser' + "." + 'id' + " IN (" \
+ " SELECT " + 'userid' \
+ " FROM " + 'piuserorganize' \
+ " WHERE (" + 'piuserorganize' + "." + 'deletemark' + " = 0 ) " \
+ " AND (" \
+ 'piuserorganize' + "." + 'companyid' + " = '" + departmentId + "' OR " \
+ 'piuserorganize' + "." + 'subcompanyid' + " = '" + departmentId + "' OR " \
+ 'piuserorganize' + "." + 'departmentid' + " = '" + departmentId + "' OR " \
+ 'piuserorganize' + "." + 'subdepartmentid' + " = '" + departmentId + "' OR " \
+ 'piuserorganize' + "." + 'workgroupid' + " = '" + departmentId + "')) "
if auditStates:
whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'auditstatus' + " = '" + auditStates + "')"
if roleIds and len(roleIds) > 0:
roles = StringHelper.ArrayToList(self, roleIds, "'")
whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'id' + " IN (" + "SELECT " + 'userid' + " FROM " + 'piuserrole' + " WHERE " + 'roleid' + " IN (" + roles + ")" + "))"
if (not userInfo.IsAdministrator
) and SystemInfo.EnableUserAuthorizationScope:
permissionScopeItemId = PermissionItemService.GetId(
self, permissionScopeCode)
if permissionScopeItemId:
#从小到大的顺序进行显示,防止错误发生
organizeIds = PermissionScopeService.GetOrganizeIds(
self, userInfo.Id, permissionScopeCode)
#没有任何数据权限
if PermissionScope.PermissionScopeDic.get('No') in organizeIds:
whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'id' + " = NULL ) "
#按详细设定的数据
if PermissionScope.PermissionScopeDic.get(
'Detail') in organizeIds:
userIds = PermissionScopeService.GetUserIds(
self, userInfo.Id, permissionScopeCode)
whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'id' + " IN (" + StringHelper.ObjectsToList(
userIds) + ")) "
#自己的数据,仅本人
if PermissionScope.PermissionScopeDic.get(
'User') in organizeIds:
whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'id' + " = '" + userInfo.Id + "') "
#用户所在工作组数据
if PermissionScope.PermissionScopeDic.get(
'UserWorkgroup') in organizeIds:
whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'workgroupid' + " = '" + userInfo.WorkgroupId + "') "
#用户所在部门数据
if PermissionScope.PermissionScopeDic.get(
'UserDepartment') in organizeIds:
whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'departmentid' + " = '" + userInfo.DepartmentId + "') "
#用户所在公司数据
if PermissionScope.PermissionScopeDic.get(
'UserCompany') in organizeIds:
whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'companyid' + " = '" + userInfo.CompanyId + "') "
#全部数据,这里就不用设置过滤条件了
if PermissionScope.PermissionScopeDic.get(
'All') in organizeIds:
pass
return whereConditional