def AddRoleUser(request): try: roleId = request.POST['roleId'] except: userId = None try: targetIds = request.POST['targetIds'] except: targetIds = None returnValue = 0 response = HttpResponse() for id in str(targetIds).split(','): UserRoleService.AddUserToRole(CommonUtils.Current(response, request), id, roleId) returnValue = returnValue + 1 if returnValue > 0: response.content = json.dumps({ 'Success': True, 'Data': '1', 'Message': '添加成功!' }) return response else: response.content = json.dumps({ 'Success': False, 'Data': '0', 'Message': '添加失败!' }) return response
def RemoveRoleUser(request): try: roleId = request.POST['roleId'] except: roleId = None try: targetIds = request.POST['targetIds'] except: targetIds = None response = HttpResponse() for id in str(targetIds).split(','): returnValue = UserRoleService.RemoveUserFromRole(None, id, roleId) if returnValue > 0: successFlag = 1 response.content = json.dumps({ 'Success': True, 'Data': '1', 'Message': '操作成功!' }) return response else: response.content = json.dumps({ 'Success': False, 'Data': '0', 'Message': '操作失败!' }) return response
def RemoveRoleByUserId(request): try: userId = request.POST['userId'] except: userId = None try: removeRoleIds = request.POST['targetIds'] except: removeRoleIds = None if removeRoleIds and len(removeRoleIds) > 0 and userId: returnValue = UserRoleService.RemoveUserFromRole(None, userId, removeRoleIds) if returnValue > 0: response = HttpResponse() response.content = json.dumps({'Success': True, 'Data': '1', 'Message': FrameworkMessage.MSG3010}) return response else: response = HttpResponse() response.content = json.dumps({'Success': True, 'Data': '0', 'Message': FrameworkMessage.MSG3020}) return response else: response = HttpResponse() response.content = json.dumps({'Success': False, 'Data': '0', 'Message': FrameworkMessage.MSG3020}) return response
def GetUserConstraint(userInfo, tableName, permissionCode = "Resource.AccessPermission"): """ 获取约束条件(所有的约束) Args: tableName (string): 表名 permissionCode (string): 权限代码 Returns: returnValue (): 数据表 """ returnValue = '' permissionId = '' permissionId = PermissionItemService.GetIdByAdd(permissionCode) roleIds = UserRoleService.GetAllRoleIds(None, userInfo.Id) if not roleIds or len(roleIds) == 0: return returnValue dtPermissionScope = Pipermissionscope.objects.filter(Q(resourcecategory='pirole') & Q(resourceid__in=roleIds) & Q(targetcategory='Table') & Q(targetid=tableName) & Q(permissionid=permissionId) & Q(enabled=1) & Q(deletemark=0)) permissionConstraint = '' for dataRow in dtPermissionScope: permissionConstraint = dataRow.permissionconstraint permissionConstraint = str(permissionConstraint).strip() if permissionConstraint: returnValue = returnValue + " AND " + permissionConstraint #得到当前用户的约束条件 userConstraint = TableColumnsService.GetConstraint('piuser', userInfo.Id, tableName) if not userConstraint: userConstraint = '' else: returnValue = returnValue + " AND " + userConstraint if returnValue: returnValue = str(returnValue)[5:] returnValue = ConstrainUtil.PrepareParameter(userInfo, returnValue) return returnValue
def IsAdministrator(entity): """ 当前用户是否超级管理员 Args: userInfo (UserInfo): 用户 Returns: returnValue(True or False): 当前用户是否为超级管理员,true:是,false:否 """ returnValue = False userEntity = Piuser.objects.get(id=entity.id) if userEntity.id == 'Administrator': return True if userEntity.code and userEntity.code == 'Administrator': return True if userEntity.username and userEntity.username == 'Administrator': return True #TODO:if (this.UserInfo == null) return false; #用户的默认角色是超级管理员 roleEntity = None if userEntity.roleid: roleIds = UserRoleService.GetRoleIds(userEntity.id) for tmpid in roleIds: if tmpid == DefaultRole.Administrators: return True roleEntity = Pirole.objects.get(id=tmpid) if roleEntity.code and roleEntity.code == DefaultRole.Administrators: return True return False
def AddUserToRole(request): try: userId = request.POST['userId'] except: userId = None try: targetIds = request.POST['targetIds'] except: targetIds = None response = HttpResponse() returnValue = UserRoleService.AddUserToRole( CommonUtils.Current(response, request), userId, targetIds) if returnValue: response.content = json.dumps({ 'Success': True, 'Data': '1', 'Message': '添加成功!' }) return response else: response.content = json.dumps({ 'Success': False, 'Data': '0', 'Message': '添加失败!' }) return response
def GetUserDTByPermissionScope(self, userId, permissionItemCode): """ 按某个权限范围获取特定用户可访问的用户列表 Args: userId (string): 用户主键 permissionItemCode (string): 操作权限编号 Returns: returnValue(Piuser[]): 用户列表 """ isRole = False isRole = UserRoleService.UserInRole(self, userId, 'UserAdmin') | UserRoleService.UserInRole(self, userId, 'Admin') if(isRole): returnValue = Piuser.objects.filter(Q(isvisible=1) & Q(deletemark=0) & Q(enabled=1)) return returnValue userids = ScopPermission.GetUserIdsSql(self, userId, permissionItemCode) returnValue = Piuser.objects.filter(Q(isvisible=1) & Q(enabled=1) & Q(id__in=userids)).order_by('sortcode') return returnValue
def GetRoleUserIds(self, roleId): """ 获得角色中的用户主键 Args: roleId (string): 角色主键 Returns: returnValue (string[]): 用户主键列表 """ returnValue = UserRoleService.GetUserIds(self, roleId) return returnValue
def EliminateRoleUser(self, roleId): """ 移除角色用户关联 Args: id (string): 角色主键 Returns: returnValue (int): 移除影响行数 """ returnValue = 0 returnValue = UserRoleService.EliminateRoleUser(self, roleId) return returnValue
def AddUserToRole(userInfo, roleId, addUserIds): """ 用户添加到角色 Args: roleId (string): 角色主键 addUserIds (string): 用户主键列表 Returns: returnValue (int): 影响行数 """ returnValue = UserRoleService.AddToRolesU(userInfo, addUserIds, roleId) return returnValue
def RemoveUserFromRole(userInfo, userIds, roleId): """ 将用户从角色中移除 Args: userIds (string[]): 角色主键列表 roleId (string): 角色主键 Returns: returnValue (int): 影响行数 """ returnValue = UserRoleService.RemoveFromRoleU(userInfo, userIds, roleId) return returnValue
def GetRoleDT(self, userId, permissionItemCode): """ 按某个权限获取角色 数据表 Args: userId (string): 管理用户主键 permissionItemCode (string): 权限编号 Returns: returnValue(Pirole[]): 主键列表 """ returnValue = None #这里需要判断,是系统权限? isRole = False isRole = UserRoleService.UserInRole(self, userId, 'UserAdmin') | UserRoleService.UserInRole(self, userId, 'Admin') #用户管理员,这里需要判断,是业务权限? if(isRole): returnValue = Pirole.objects.filter(Q(deletemark=0) & Q(enabled=1)) return returnValue returnValue = Pirole.objects.filter(Q(id__in=ScopPermission.GetRoleIdsSql(self, userId, permissionItemCode))).order_by('sortcode') return returnValue
def IsInRole(self, userId, roleName): """ 指定用户是否在指定的角色里 Args: userId (string): 用户主键 roleName (string): 角色名称 Returns: returnValue(True or False): 指定用户是否在指定角色里,true:是,false:否 """ roleCode = Pirole.objects.get(realname=roleName).code returnValue = UserRoleService.UserInRole(self, userId, roleCode) return returnValue
def GetUserRoleIds(request): try: userId = request.POST['userId'] except: userId = None if userId: ids = UserRoleService.GetUserRoleIds(None, userId) returnValue = StringHelper.GetSpitString(ids, ',') response = HttpResponse() response.content = returnValue return response else: response = HttpResponse() response.content = '' return response
def ClearRolePermissionByRoleId(self, roleId): """ 清除指定角色的所有权限 1.清除角色的用户归属。 2.清除角色的模块权限。 3.清除角色的操作权限。 Args: roleId (string): 角色主键 Returns: returnValue(int): 影响的行数 """ returnValue = 0 returnValue = returnValue + UserRoleService.EliminateRoleUser(self, roleId) returnValue = returnValue + Pipermissionscope.objects.filter(Q(resourcecategory='PIROLE') & Q(resourceid=roleId)).delete() returnValue = returnValue + Pipermission.objects.filter(Q(resourcecategory='PIROLE') & Q(resourceid=roleId)).delete() return returnValue
def GetDTByRole(request): try: roleId = request.GET['roleId'] except: roleId = '' jsons = "[]" if roleId: roleDT = UserRoleService.GetDTByRole(None, roleId) userTmp = '' for user in roleDT: userTmp = userTmp + ', ' + user.toJSON() userTmp = userTmp.strip(',') returnValue = '[' + userTmp + ']' response = HttpResponse() response.content = returnValue return response else: response = HttpResponse() response.content = jsons return response
def GetUserPageDTByDepartment(self, userInfo, permissionScopeCode, searchValue, enabled, auditStates, roleIds, showRole, userAllInformation, pageIndex=0, pageSize=100, sort=None, departmentId=None): #TODO:还需要完善此方法 if not departmentId: departmentId = '' myrecordCount = 0 myrecordCount, dt = UserSerivce.SearchByPage( self, userInfo, permissionScopeCode, searchValue, roleIds, enabled, auditStates, departmentId, pageIndex, pageSize) if showRole: #这里是获取角色列表 dataTableRole = RoleService.GetDT(None) #友善的显示属于多个角色的功能 roleName = '' for user in dt: roleName = '' roleIds = UserRoleService.GetRoleIds(user['ID']) if roleIds: for i in roleIds: roleName = roleName + dataTableRole.filter( id=i)[0].realname + ", " if roleName: roleName = roleName.strip(", ") user['ROLENAME'] = roleName return myrecordCount, dt
def GetRoleListByUserId(request): try: userId = request.GET['userId'] except: userId = None response = HttpResponse() if userId: roleIds = UserRoleService.GetUserRoleIds(None, userId) jsons = '[]' if roleIds and len(roleIds) > 0: roleDT = RoleService.GetDTByIds(CommonUtils.Current(response, request), roleIds) returnValue = '[' for role in roleDT: returnValue = returnValue + role.toJSON() + "," returnValue = returnValue.strip(",") returnValue = returnValue + "]" response.content = returnValue return response else: response.content = jsons return response
def CheckPermissionByUser(self, userId, permissionItemCode, permissionItemName=None): """ 是否有相应的权限 Args: userId (string): 用户主键 permissionItemCode (string): 权限编号 permissionItemName (string): 权限名称 Returns: returnValue(True or False): 是否有权限 """ #若不存在就需要自动能增加一个操作权限项 permissionItemEntity = None try: permissionItemEntity = Pipermissionitem.objects.get( Q(code=permissionItemCode)) except Pipermissionitem.DoesNotExist as e: if not permissionItemName: permissionItemName = permissionItemCode permissionItemEntity = Pipermissionitem() permissionItemEntity.id = uuid.uuid4() permissionItemEntity.code = permissionItemCode permissionItemEntity.fullname = permissionItemName permissionItemEntity.categorycode = "Application" permissionItemEntity.parentid = None permissionItemEntity.moduleid = None permissionItemEntity.isscope = 0 permissionItemEntity.ispublic = 0 permissionItemEntity.allowdelete = 1 permissionItemEntity.allowedit = 1 permissionItemEntity.enabled = 1 permissionItemEntity.deletemark = 0 permissionItemEntity.createon = datetime.datetime.now() permissionItemEntity.modifiedon = permissionItemEntity.createon permissionItemEntity.save() # 没有找到相应的权限 return False #先判断用户类别 user = Piuser.objects.get(id=userId) if PermissionService.IsAdministrator(user): return True returnValue = False #用户管理员拥有所有的系统权限,不需要授予 if UserRoleService.UserInRole(self, user.id, 'UserAdmin'): return True #业务管理员拥有所有的业务(应用)权限,不需要授予 if permissionItemEntity.categorycode and permissionItemEntity.categorycode == 'Application': if UserRoleService.UserInRole(self, user.id, 'Admin'): return True #判断用户权限 if PermissionService.CheckUserPermission(self, userId, permissionItemEntity.id): return True #判断用户角色权限 if PermissionService.CheckUserRolePermission(self, userId, permissionItemEntity.id): return True #判断用户组织机构权限,这里有开关是为了提高性能用的, #下面的函数接着还可以提高性能,可以进行一次判断就可以了,其实不用执行4次判断,浪费I/O,浪费性能。 if SystemInfo.EnableOrganizePermission: organizeIds = UserOrganizeService.GetAllOrganizeIds(self, userId) if PermissionService.CheckUserOrganizePermission( self, userId, permissionItemEntity.id, organizeIds): return True return False