def GetDTByDate(userInfo, beginDate, endDate, userId, moduleId):
"""
按时间获取列表
Args:
userInfo (UserInfo): 当前用户
beginDate (string): 开始时间
endDate (string): 结束时间
userId (string): 用户主键
moduleId (string): 模块主键
Returns:
"""
if userId:
dataTable = DbCommonLibaray.executeQuery(
None,
LogService.GetDTSql([userId], 'processid', moduleId, beginDate,
endDate))
else:
if userInfo.IsAdministrator:
dataTable = DbCommonLibaray.executeQuery(
None,
LogService.GetDTSql(None, 'processid', moduleId, beginDate,
endDate))
else:
userIds = PermissionScopeService.GetUserIds(
None, userInfo.Id, "Resource.ManagePermission")
dataTable = DbCommonLibaray.executeQuery(
None,
LogService.GetDTSql(userIds, 'processid', moduleId,
beginDate, endDate))
return dataTable
def GetResourceScopeIds(self, userId, targetCategory, permissionItemCode):
"""
获得用户的某个权限范围资源主键数组
Args:
userId (string): 用户主键
targetCategory (string): 资源分类
permissionItemCode (string): 权限编号
childrens
Returns:
returnValue(string[]): 主键列表
"""
permissionItemId = Pipermissionitem.objects.get(code=permissionItemCode).id
defaultRoleId = Piuser.objects.get(id = userId).roleid
q1 = Pipermissionscope.objects.filter(Q(resourcecategory='PIUSER') & Q(resourceid=userId) & Q(targetcategory=permissionItemId) & Q(enabled=1) & Q(deletemark=0)).values_list('targetid', flat=True)
if defaultRoleId:
q2 = Pipermissionscope.objects.filter(Q(resourcecategory='PIROLE') & Q(targetcategory=targetCategory) & Q(permissionid=permissionItemId) & Q(deletemark=0) & Q(enabled=1) & Q(resourceid__in=Piuserrole.objects.filter(Q(userid=userId) & Q(enabled=1) & Q(deletemark=0)).values_list('roleid', flat=True))).values_list('targetid', flat=True)
else:
q2 = Pipermissionscope.objects.filter(Q(resourcecategory='PIROLE') & Q(targetcategory=targetCategory) & Q(permissionid=permissionItemId) & Q(deletemark=0) & Q(enabled=1) & (Q(resourceid__in=Piuserrole.objects.filter(Q(userid=userId) & Q(enabled=1) & Q(deletemark=0)).values_list('roleid', flat=True)) | Q(resourceid=defaultRoleId))).values_list('targetid', flat=True)
resourceIds = q1.union(q2)
if SystemInfo.EnableOrganizePermission:
userEntity = Piuser.objects.get(id=userId)
q3 = Pipermissionscope.objects.filter(Q(resourcecategory='PIORGANIZE') & (Q(resourceid=userEntity.companyid) | Q(resourceid=userEntity.departmentid) | Q(resourceid=userEntity.workgroupid)) & Q(targetcategory=targetCategory) & Q(permissionid=permissionItemId) & Q(enabled=1) & Q(deletemark=0)).values_list('targetid', flat=True)
resourceIds.union(q3)
if targetCategory == 'PIORGANIZE':
resourceIds, permissionScope = PermissionScopeService.TransformPermissionScope(self, userId, resourceIds)
return resourceIds
def GetOrganizeDTByPermissionScope(self, userInfo, userId, permissionItemCode):
"""
按某个权限范围获取特定用户可访问的组织机构列表
Args:
userId (string): 用户主键
permissionItemCode (string): 操作权限编号
Returns:
returnValue(Pipermissionitem): 数据表
"""
if not permissionItemCode:
dataTable = Piorganize.objects.all(Q(deletemark=0))
return dataTable
else:
if userId:
dataTable = PermissionScopeService.GetOrganizeDT(self, userId, permissionItemCode)
else:
dataTable = PermissionScopeService.GetOrganizeDT(self, userInfo.Id, permissionItemCode)
return dataTable
def GetColumns(userInfo, tableCode, permissionCode = "Column.Access"):
"""
获取用户的列权限
Args:
tableCode (string): 表名称
permissionCode (string): 操作权限
Returns:
returnValue (): 数据表
"""
if permissionCode == "Column.Deney" or permissionCode == "Column.Edit":
#按数据权限来过滤数据
returnValue = PermissionScopeService.GetResourceScopeIds(None, userInfo.Id, tableCode, permissionCode)
elif permissionCode == "Column.Access":
#1: 用户有权限的列名
returnValue = PermissionScopeService.GetResourceScopeIds(None, userInfo.Id, tableCode, permissionCode)
#2: 先获取公开的列名
publicIds = Citablecolumns.objects.filter(Q(tablecode=tableCode) & Q(ispublic=1)).values_list('columncode', flat=True)
returnValue = returnValue.union(publicIds)
return returnValue
def SetConstraint(resourceCategory,
resourceId,
tableName,
permissionCode,
constraint,
enabled=True):
returnValue = PermissionScopeService.GetIdByAdd(
resourceCategory, resourceId, tableName, permissionCode,
constraint, enabled)
return returnValue
def GetOrganizeIdsByPermissionScope(self, userId, permissionItemCode):
"""
按某个权限范围获取特定用户可访问的组织机构主键数组
Args:
userId (string): 用户主键
permissionItemCode (string): 操作权限编号
Returns:
returnValue(Pipermissionitem): 数据表
"""
returnValue = PermissionScopeService.GetOrganizeIds(self, userId, permissionItemCode)
return returnValue
def GetPermissionScopeByUserId(self, userId, permissionItemCode):
"""
获得指定用户的数据权限范围
Args:
userId (string): 用户
moduleCode (string): 模块编码
Returns:
returnValue(True or False):
"""
returnValue = PermissionScopeService.GetUserPermissionScope(
self, userId, permissionItemCode)
return returnValue
def GetDT(userInfo):
"""
获取列表
Args:
Returns:
returnValue (CiItems):
"""
if userInfo.IsAdministrator:
dataTable = Ciitems.objects.filter(Q(deletemark=0)).order_by('sortcode')
else:
ids = PermissionScopeService.GetResourceScopeIds(None, userInfo.Id, 'ciitems', "Resource.ManagePermission")
dataTable = Ciitems.objects.filter(Q(deletemark=0) & Q(id__in=ids)).order_by('sortcode')
return dataTable
def GetIDsByUser(self, userId):
"""
获取用户有权限访问的模块主键
Args:
userId (string): 用户主键
Returns:
returnValue (string[]): 主键列表
"""
#公开的模块谁都可以访问
openModuleIds = Pimodule.objects.filter(Q(ispublic=1) & Q(enabled=1) & Q(deletemark=0)).values_list('id', flat=True)
#非公开的模块
if userId:
#模块访问,连同用户本身的,还有角色的,全部获取出来
permissionItemCode = 'Resource.AccessPermission'
otherModuleIds = PermissionScopeService.GetResourceScopeIds(self, userId, 'PIMODULE', permissionItemCode)
#returnValue = openModuleIds.union(otherModuleIds)
returnValue = chain(openModuleIds, otherModuleIds)
return returnValue
def GetDTByModule(userInfo, processId, beginDate, endDate):
"""
按模块获取日志
Args:
processId (string): 服务名称
beginDate (datetime): 开始时间
endDate (datetime): 结束时间
Returns:
"""
if userInfo.IsAdministrator:
dataTable = DbCommonLibaray.executeQuery(
None,
LogService.GetDTSql(None, 'processid', processId, beginDate,
endDate))
else:
userIds = PermissionScopeService.GetUserIds(
None, userInfo.Id, "Resource.ManagePermission")
dataTable = DbCommonLibaray.executeQuery(
None,
LogService.GetDTSql(userIds, 'processid', processId, beginDate,
endDate))
return dataTable
def GetDTByPermission(self, userId, permissionItemScopeCode):
#这里需要判断,是系统权限?
isRole = False
isRole = ModulePermission.UserInRole(self, userId, "UserAdmin")
#用户管理员
if isRole:
returnValue = Pimodule.objects.filter(
Q(category='System') & Q(deletemark=0)
& Q(enabled=1)).order_by('sortcode')
return returnValue
isRole = ModulePermission.UserInRole(self, userId, "Admin")
if isRole:
returnValue = Pimodule.objects.filter(
Q(category='Application') & Q(deletemark=0)
& Q(enabled=1)).order_by('sortcode')
return returnValue
moduleIds = PermissionScopeService.GetTreeResourceScopeIds(
self, userId, 'PIMODULE', permissionItemScopeCode, True)
returnValue = Pimodule.objects.filter(
Q(id__in=moduleIds) & Q(deletemark=0) & Q(enabled=1))
return returnValue
def GetSearchConditional(self, userInfo, permissionScopeCode, search,
roleIds, enabled, auditStates, departmentId):
LogService.WriteLog(userInfo, __class__.__name__,
FrameworkMessage.UserService,
sys._getframe().f_code.co_name,
FrameworkMessage.UserService_GetSearchConditional,
'')
search = StringHelper.GetSearchString(self, search)
whereConditional = 'piuser.deletemark=0 and piuser.isvisible=1 '
if not enabled == None:
if enabled == True:
whereConditional = whereConditional + " and ( piuser.enabled = 1 )"
else:
whereConditional = whereConditional + " and ( piuser.enabled = 0 )"
if search:
whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'username' + " LIKE '" + search + "'" \
+ " OR " + 'piuser' + "." + 'code' + " LIKE '" + search + "'" \
+ " OR " + 'piuser' + "." + 'realname' + " LIKE '" + search + "'" \
+ " OR " + 'piuser' + "." + 'quickquery' + " LIKE '" + search + "'" \
+ " OR " + 'piuser' + "." + 'departmentname' + " LIKE '" + search + "'" \
+ " OR " + 'piuser' + "." + 'description' + " LIKE '" + search + "')"
if departmentId:
organizeIds = OrganizeService.GetChildrensById(self, departmentId)
if organizeIds and len(organizeIds) > 0:
whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'companyid' + " IN (" + StringHelper.ArrayToList(self, organizeIds,"'") + ")" \
+ " OR " + 'piuser' + "." + 'companyid' + " IN (" + StringHelper.ArrayToList(self, organizeIds, "'") + ")" \
+ " OR " + 'piuser' + "." + 'departmentid' + " IN (" + StringHelper.ArrayToList(self, organizeIds, "'") + ")" \
+ " OR " + 'piuser' + "." + 'subdepartmentid' + " IN (" + StringHelper.ArrayToList(self, organizeIds, "'") + ")" \
+ " OR " + 'piuser' + "." + 'workgroupid' + " IN (" + StringHelper.ArrayToList(self, organizeIds, "'") + "))"
whereConditional = whereConditional + " OR " + 'piuser' + "." + 'id' + " IN (" \
+ " SELECT " + 'userid' \
+ " FROM " + 'piuserorganize' \
+ " WHERE (" + 'piuserorganize' + "." + 'deletemark' + " = 0 ) " \
+ " AND (" \
+ 'piuserorganize' + "." + 'companyid' + " = '" + departmentId + "' OR " \
+ 'piuserorganize' + "." + 'subcompanyid' + " = '" + departmentId + "' OR " \
+ 'piuserorganize' + "." + 'departmentid' + " = '" + departmentId + "' OR " \
+ 'piuserorganize' + "." + 'subdepartmentid' + " = '" + departmentId + "' OR " \
+ 'piuserorganize' + "." + 'workgroupid' + " = '" + departmentId + "')) "
if auditStates:
whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'auditstatus' + " = '" + auditStates + "')"
if roleIds and len(roleIds) > 0:
roles = StringHelper.ArrayToList(self, roleIds, "'")
whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'id' + " IN (" + "SELECT " + 'userid' + " FROM " + 'piuserrole' + " WHERE " + 'roleid' + " IN (" + roles + ")" + "))"
if (not userInfo.IsAdministrator
) and SystemInfo.EnableUserAuthorizationScope:
permissionScopeItemId = PermissionItemService.GetId(
self, permissionScopeCode)
if permissionScopeItemId:
#从小到大的顺序进行显示,防止错误发生
organizeIds = PermissionScopeService.GetOrganizeIds(
self, userInfo.Id, permissionScopeCode)
#没有任何数据权限
if PermissionScope.PermissionScopeDic.get('No') in organizeIds:
whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'id' + " = NULL ) "
#按详细设定的数据
if PermissionScope.PermissionScopeDic.get(
'Detail') in organizeIds:
userIds = PermissionScopeService.GetUserIds(
self, userInfo.Id, permissionScopeCode)
whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'id' + " IN (" + StringHelper.ObjectsToList(
userIds) + ")) "
#自己的数据,仅本人
if PermissionScope.PermissionScopeDic.get(
'User') in organizeIds:
whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'id' + " = '" + userInfo.Id + "') "
#用户所在工作组数据
if PermissionScope.PermissionScopeDic.get(
'UserWorkgroup') in organizeIds:
whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'workgroupid' + " = '" + userInfo.WorkgroupId + "') "
#用户所在部门数据
if PermissionScope.PermissionScopeDic.get(
'UserDepartment') in organizeIds:
whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'departmentid' + " = '" + userInfo.DepartmentId + "') "
#用户所在公司数据
if PermissionScope.PermissionScopeDic.get(
'UserCompany') in organizeIds:
whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'companyid' + " = '" + userInfo.CompanyId + "') "
#全部数据,这里就不用设置过滤条件了
if PermissionScope.PermissionScopeDic.get(
'All') in organizeIds:
pass
return whereConditional