def GrantOrganizeModuleScope(self, organizeId, permissionItemCode,
grantModuleId):
"""
授予组织机构某个权限域的模块授权范围
Args:
organizeId (string): 组织机构主键
permissionItemCode (string): 操作权限编号
grantModuleId (string[]): 授予模块主键
Returns:
returnValue(int): 影响行数
"""
returnValue = 0
resourcePermissionScopeEntity = Pipermissionscope()
resourcePermissionScopeEntity.id = Pipermissionitem.objects.get(
code=permissionItemCode).id
resourcePermissionScopeEntity.resourcecategory = 'PIORGANIZE'
resourcePermissionScopeEntity.resourceid = organizeId
resourcePermissionScopeEntity.targetcategory = 'PIMODULE'
resourcePermissionScopeEntity.targetid = grantModuleId
resourcePermissionScopeEntity.enabled = 1
resourcePermissionScopeEntity.deletemark = 0
resourcePermissionScopeEntity.save()
returnValue = 1
return returnValue
def GrantOrganize(userInfo, roleId, permissionItemCode, grantOrganizeId):
"""
为了提高授权的运行速度
Args:
roleId (string): 角色主键
permissionItemCode (string): 权限代码
grantOrganizeId (string): 权限主键
Returns:
returnValue(string): 主键
"""
returnValue = ''
try:
Pipermissionscope.objects.get(Q(resourcecategory='PIROLE') & Q(resourceid=roleId) & Q(targetcategory='PIORGANIZE') & Q(targetid = grantOrganizeId) & Q(permissionid=Pipermissionitem.objects.get(code=permissionItemCode).id))
return returnValue
except Pipermissionscope.DoesNotExist as e:
resourcePermissionScopeEntity = Pipermissionscope()
resourcePermissionScopeEntity.id = uuid.uuid4()
resourcePermissionScopeEntity.permissionid = Pipermissionitem.objects.get(code=permissionItemCode).id
resourcePermissionScopeEntity.resourcecategory = 'PIROLE'
resourcePermissionScopeEntity.resourceid = roleId
resourcePermissionScopeEntity.targetcategory = 'PIORGANIZE'
resourcePermissionScopeEntity.targetid = grantOrganizeId
resourcePermissionScopeEntity.enabled = 1
resourcePermissionScopeEntity.deletemark = 0
resourcePermissionScopeEntity.createon = datetime.datetime.now()
resourcePermissionScopeEntity.createby = userInfo.RealName
resourcePermissionScopeEntity.createuserid = userInfo.Id
resourcePermissionScopeEntity.modifiedon = resourcePermissionScopeEntity.createon
resourcePermissionScopeEntity.modifiedby = userInfo.RealName
resourcePermissionScopeEntity.modifieduserid = userInfo.Id
resourcePermissionScopeEntity.save()
returnValue = resourcePermissionScopeEntity.id
if not grantOrganizeId == PermissionScope.PermissionScopeDic.get('No'):
Pipermissionscope.objects.filter(Q(resourcecategory='PIROLE') & Q(resourceid=roleId) & Q(targetcategory='PIORGANIZE') & Q(
targetid=PermissionScope.PermissionScopeDic.get('No')) & Q(
permissionid=Pipermissionitem.objects.get(code=permissionItemCode).id)).delete()
else:
Pipermissionscope.objects.filter(Q(resourcecategory='PIROLE') & Q(resourceid=roleId) & Q(targetcategory='PIORGANIZE') & Q(
permissionid=Pipermissionitem.objects.get(code=permissionItemCode).id) & ~Q(targetid = PermissionScope.PermissionScopeDic.get('No'))).delete()
return returnValue
def GrantModule(userInfo, roleId, permissionItemCode, grantModuleId):
"""
为了提高授权的运行速度
Args:
roleId (string): 角色主键
permissionItemCode (string): 权限代码
grantModuleId (string): 模块权限主键
Returns:
returnValue(string): 主键
"""
resourcePermissionScopeEntity = Pipermissionscope()
resourcePermissionScopeEntity.id = uuid.uuid4()
resourcePermissionScopeEntity.permissionid = Pipermissionitem.objects.get(code=permissionItemCode).id
resourcePermissionScopeEntity.resourceid = roleId
resourcePermissionScopeEntity.resourcecategory = 'PIROLE'
resourcePermissionScopeEntity.targetcategory = 'PIMODULE'
resourcePermissionScopeEntity.targetid = grantModuleId
resourcePermissionScopeEntity.enabled = 1
resourcePermissionScopeEntity.deletemark = 0
resourcePermissionScopeEntity.createon = datetime.datetime.now()
resourcePermissionScopeEntity.createby = userInfo.RealName
resourcePermissionScopeEntity.createuserid = userInfo.Id
resourcePermissionScopeEntity.modifiedon = resourcePermissionScopeEntity.createon
resourcePermissionScopeEntity.modifiedby = userInfo.RealName
resourcePermissionScopeEntity.modifieduserid = userInfo.Id
resourcePermissionScopeEntity.save()
return resourcePermissionScopeEntity.id
def GrantPermissionScopeTarget(self, resourceCategory, resourceId,
targetCategory, grantTargetId,
permissionItemId):
"""
授予资源的权限范围
Args:
resourceCategory (string): 资源分类
resourceId (string): 资源主键
targetCategory (string): 目标类别
grantTargetId (string): 目标主键数组
permissionItemId (string): 权限主键
Returns:
returnValue(int): 影响的行数
"""
returnValue = 0
for id in grantTargetId:
resourcePermissionScope = Pipermissionscope()
resourcePermissionScope.id = uuid.uuid4()
resourcePermissionScope.resourcecategory = resourceCategory
resourcePermissionScope.resourceid = resourceId
resourcePermissionScope.targetcategory = targetCategory
resourcePermissionScope.permissionid = permissionItemId
resourcePermissionScope.targetid = id
resourcePermissionScope.enabled = 1
resourcePermissionScope.deletemark = 0
try:
Pipermissionscope.objects.get(
Q(resourceid=resourceId)
& Q(resourcecategory=resourceCategory)
& Q(targetcategory=targetCategory) & Q(targetid=id)
& Q(permissionid=permissionItemId) & Q(enabled=1)
& Q(deletemark=0))
except Pipermissionscope.DoesNotExist as e:
resourcePermissionScope.save()
returnValue = returnValue + 1
return returnValue
def GrantPermissionItem(userInfo, userId, permissionItemCode, grantPermissionId):
"""
为了提高授权的运行速度
Args:
userId (string): 员工主键
permissionItemCode (string): 权限代码
grantPermissionId (string): 权限主键
Returns:
returnValue(string): 主键
"""
returnValue = ''
resourcePermissionScopeEntity = Pipermissionscope()
resourcePermissionScopeEntity.id = uuid.uuid4()
resourcePermissionScopeEntity.permissionid = Pipermissionitem.objects.get(code=permissionItemCode).id
resourcePermissionScopeEntity.resourcecategory = 'PIUSER'
resourcePermissionScopeEntity.resourceid = userId
resourcePermissionScopeEntity.targetcategory = 'PIPERMISSIONITEM'
resourcePermissionScopeEntity.targetid = grantPermissionId
resourcePermissionScopeEntity.enabled = 1
resourcePermissionScopeEntity.deletemark = 0
resourcePermissionScopeEntity.createon = datetime.datetime.now()
resourcePermissionScopeEntity.createby = userInfo.RealName
resourcePermissionScopeEntity.createuserid = userInfo.Id
resourcePermissionScopeEntity.modifiedon = resourcePermissionScopeEntity.createon
resourcePermissionScopeEntity.modifiedby = userInfo.RealName
resourcePermissionScopeEntity.modifieduserid = userInfo.Id
resourcePermissionScopeEntity.save()
returnValue = resourcePermissionScopeEntity.id
return returnValue
def GrantRole(self, userId, permissionItemCode, grantRoleId):
"""
为了提高授权的运行速度
Args:
userId (string): 员工主键
permissionItemCode (string): 权限代码
grantRoleId (string): 权限主键
Returns:
returnValue(string): 主键
"""
returnValue = None
try:
returnValue = ''
resourcePermissionScopeEntity = Pipermissionscope()
resourcePermissionScopeEntity.permissionid = Pipermissionitem.objects.get(code=permissionItemCode).id
resourcePermissionScopeEntity.id = uuid.uuid4()
resourcePermissionScopeEntity.resourcecategory = 'PIUSER'
resourcePermissionScopeEntity.resourceid = userId
resourcePermissionScopeEntity.targetcategory = 'PIROLE'
resourcePermissionScopeEntity.targetid = grantRoleId
resourcePermissionScopeEntity.enabled = 1
resourcePermissionScopeEntity.deletemark = 0
resourcePermissionScopeEntity.save()
returnValue = resourcePermissionScopeEntity.id
return returnValue
except:
return returnValue
def GrantUser(self, userId, permissionItemCode, grantUserId):
"""
为了提高授权的运行速度
Args:
userId (string): 员工主键
permissionItemCode (string): 权限代码
grantUserId (string): 权限主键
Returns:
returnValue(string): 主键
"""
returnValue = ''
try:
Pipermissionscope.objects.get(Q(resourcecategory='PIUSER') & Q(resourceid=userId) & Q(targetcategory='PIUSER') & Q(targetid=grantUserId) & Q(permissionid=Pipermissionitem.objects.get(code=permissionItemCode).id))
return returnValue
except Pipermissionscope.DoesNotExist as e:
resourcePermissionScopeEntity = Pipermissionscope()
resourcePermissionScopeEntity.id = uuid.uuid4()
resourcePermissionScopeEntity.permissionid = Pipermissionitem.objects.get(code=permissionItemCode).id
resourcePermissionScopeEntity.resourcecategory = 'PIUSER'
resourcePermissionScopeEntity.resourceid = userId
resourcePermissionScopeEntity.targetcategory = 'PIUSER'
resourcePermissionScopeEntity.targetid = grantUserId
resourcePermissionScopeEntity.enabled = 1
resourcePermissionScopeEntity.deletemark = 0
resourcePermissionScopeEntity.save()
returnValue = resourcePermissionScopeEntity.id
return returnValue
def GrantOrganize(self, userId, permissionItemCode, grantOrganizeId):
"""
为了提高授权的运行速度
Args:
userId (string): 员工主键
permissionItemCode (string): 权限代码
grantOrganizeId (string): 权限主键
Returns:
returnValue(string): 主键
"""
returnValue = ''
try:
Pipermissionscope.objects.get(Q(resourcecategory='PIUSER') & Q(resourceid=userId) & Q(targetcategory='PIORGANIZE') & Q(targetid=grantOrganizeId) & Q(permissionid=Pipermissionitem.objects.get(code=permissionItemCode).id))
except Pipermissionscope.DoesNotExist as e:
resourcePermissionScopeEntity = Pipermissionscope()
resourcePermissionScopeEntity.id = uuid.uuid4()
resourcePermissionScopeEntity.permissionid = Pipermissionitem.objects.get(code=permissionItemCode).id
resourcePermissionScopeEntity.resourcecategory = 'PIUSER'
resourcePermissionScopeEntity.resourceid = userId
resourcePermissionScopeEntity.targetcategory = 'PIORGANIZE'
resourcePermissionScopeEntity.targetid = grantOrganizeId
resourcePermissionScopeEntity.enabled = 1
resourcePermissionScopeEntity.deletemark = 0
resourcePermissionScopeEntity.save()
returnValue = resourcePermissionScopeEntity.id
if grantOrganizeId != PermissionScope.PermissionScopeDic.get('No'):
try:
dt = Pipermissionscope.objects.get(
Q(resourcecategory='PIUSER') & Q(resourceid=userId) & Q(targetcategory='PIORGANIZE') & Q(
targetid=PermissionScope.PermissionScopeDic.get('No')) & Q(
permissionid=Pipermissionitem.objects.get(code=permissionItemCode).id))
dt.delete()
except Pipermissionscope.DoesNotExist as e:
pass
else:
dt = Pipermissionscope.objects.filter(Q(resourcecategory='PIUSER') & Q(resourceid=userId) & Q(targetcategory='PIORGANIZE') &
Q(permissionid=Pipermissionitem.objects.get(code=permissionItemCode).id)).delete()
return returnValue
