def GetDTByDate(userInfo, beginDate, endDate, userId, moduleId): """ 按时间获取列表 Args: userInfo (UserInfo): 当前用户 beginDate (string): 开始时间 endDate (string): 结束时间 userId (string): 用户主键 moduleId (string): 模块主键 Returns: """ if userId: dataTable = DbCommonLibaray.executeQuery( None, LogService.GetDTSql([userId], 'processid', moduleId, beginDate, endDate)) else: if userInfo.IsAdministrator: dataTable = DbCommonLibaray.executeQuery( None, LogService.GetDTSql(None, 'processid', moduleId, beginDate, endDate)) else: userIds = PermissionScopeService.GetUserIds( None, userInfo.Id, "Resource.ManagePermission") dataTable = DbCommonLibaray.executeQuery( None, LogService.GetDTSql(userIds, 'processid', moduleId, beginDate, endDate)) return dataTable
def GetResourceScopeIds(self, userId, targetCategory, permissionItemCode): """ 获得用户的某个权限范围资源主键数组 Args: userId (string): 用户主键 targetCategory (string): 资源分类 permissionItemCode (string): 权限编号 childrens Returns: returnValue(string[]): 主键列表 """ permissionItemId = Pipermissionitem.objects.get(code=permissionItemCode).id defaultRoleId = Piuser.objects.get(id = userId).roleid q1 = Pipermissionscope.objects.filter(Q(resourcecategory='PIUSER') & Q(resourceid=userId) & Q(targetcategory=permissionItemId) & Q(enabled=1) & Q(deletemark=0)).values_list('targetid', flat=True) if defaultRoleId: q2 = Pipermissionscope.objects.filter(Q(resourcecategory='PIROLE') & Q(targetcategory=targetCategory) & Q(permissionid=permissionItemId) & Q(deletemark=0) & Q(enabled=1) & Q(resourceid__in=Piuserrole.objects.filter(Q(userid=userId) & Q(enabled=1) & Q(deletemark=0)).values_list('roleid', flat=True))).values_list('targetid', flat=True) else: q2 = Pipermissionscope.objects.filter(Q(resourcecategory='PIROLE') & Q(targetcategory=targetCategory) & Q(permissionid=permissionItemId) & Q(deletemark=0) & Q(enabled=1) & (Q(resourceid__in=Piuserrole.objects.filter(Q(userid=userId) & Q(enabled=1) & Q(deletemark=0)).values_list('roleid', flat=True)) | Q(resourceid=defaultRoleId))).values_list('targetid', flat=True) resourceIds = q1.union(q2) if SystemInfo.EnableOrganizePermission: userEntity = Piuser.objects.get(id=userId) q3 = Pipermissionscope.objects.filter(Q(resourcecategory='PIORGANIZE') & (Q(resourceid=userEntity.companyid) | Q(resourceid=userEntity.departmentid) | Q(resourceid=userEntity.workgroupid)) & Q(targetcategory=targetCategory) & Q(permissionid=permissionItemId) & Q(enabled=1) & Q(deletemark=0)).values_list('targetid', flat=True) resourceIds.union(q3) if targetCategory == 'PIORGANIZE': resourceIds, permissionScope = PermissionScopeService.TransformPermissionScope(self, userId, resourceIds) return resourceIds
def GetOrganizeDTByPermissionScope(self, userInfo, userId, permissionItemCode): """ 按某个权限范围获取特定用户可访问的组织机构列表 Args: userId (string): 用户主键 permissionItemCode (string): 操作权限编号 Returns: returnValue(Pipermissionitem): 数据表 """ if not permissionItemCode: dataTable = Piorganize.objects.all(Q(deletemark=0)) return dataTable else: if userId: dataTable = PermissionScopeService.GetOrganizeDT(self, userId, permissionItemCode) else: dataTable = PermissionScopeService.GetOrganizeDT(self, userInfo.Id, permissionItemCode) return dataTable
def GetColumns(userInfo, tableCode, permissionCode = "Column.Access"): """ 获取用户的列权限 Args: tableCode (string): 表名称 permissionCode (string): 操作权限 Returns: returnValue (): 数据表 """ if permissionCode == "Column.Deney" or permissionCode == "Column.Edit": #按数据权限来过滤数据 returnValue = PermissionScopeService.GetResourceScopeIds(None, userInfo.Id, tableCode, permissionCode) elif permissionCode == "Column.Access": #1: 用户有权限的列名 returnValue = PermissionScopeService.GetResourceScopeIds(None, userInfo.Id, tableCode, permissionCode) #2: 先获取公开的列名 publicIds = Citablecolumns.objects.filter(Q(tablecode=tableCode) & Q(ispublic=1)).values_list('columncode', flat=True) returnValue = returnValue.union(publicIds) return returnValue
def SetConstraint(resourceCategory, resourceId, tableName, permissionCode, constraint, enabled=True): returnValue = PermissionScopeService.GetIdByAdd( resourceCategory, resourceId, tableName, permissionCode, constraint, enabled) return returnValue
def GetOrganizeIdsByPermissionScope(self, userId, permissionItemCode): """ 按某个权限范围获取特定用户可访问的组织机构主键数组 Args: userId (string): 用户主键 permissionItemCode (string): 操作权限编号 Returns: returnValue(Pipermissionitem): 数据表 """ returnValue = PermissionScopeService.GetOrganizeIds(self, userId, permissionItemCode) return returnValue
def GetPermissionScopeByUserId(self, userId, permissionItemCode): """ 获得指定用户的数据权限范围 Args: userId (string): 用户 moduleCode (string): 模块编码 Returns: returnValue(True or False): """ returnValue = PermissionScopeService.GetUserPermissionScope( self, userId, permissionItemCode) return returnValue
def GetDT(userInfo): """ 获取列表 Args: Returns: returnValue (CiItems): """ if userInfo.IsAdministrator: dataTable = Ciitems.objects.filter(Q(deletemark=0)).order_by('sortcode') else: ids = PermissionScopeService.GetResourceScopeIds(None, userInfo.Id, 'ciitems', "Resource.ManagePermission") dataTable = Ciitems.objects.filter(Q(deletemark=0) & Q(id__in=ids)).order_by('sortcode') return dataTable
def GetIDsByUser(self, userId): """ 获取用户有权限访问的模块主键 Args: userId (string): 用户主键 Returns: returnValue (string[]): 主键列表 """ #公开的模块谁都可以访问 openModuleIds = Pimodule.objects.filter(Q(ispublic=1) & Q(enabled=1) & Q(deletemark=0)).values_list('id', flat=True) #非公开的模块 if userId: #模块访问,连同用户本身的,还有角色的,全部获取出来 permissionItemCode = 'Resource.AccessPermission' otherModuleIds = PermissionScopeService.GetResourceScopeIds(self, userId, 'PIMODULE', permissionItemCode) #returnValue = openModuleIds.union(otherModuleIds) returnValue = chain(openModuleIds, otherModuleIds) return returnValue
def GetDTByModule(userInfo, processId, beginDate, endDate): """ 按模块获取日志 Args: processId (string): 服务名称 beginDate (datetime): 开始时间 endDate (datetime): 结束时间 Returns: """ if userInfo.IsAdministrator: dataTable = DbCommonLibaray.executeQuery( None, LogService.GetDTSql(None, 'processid', processId, beginDate, endDate)) else: userIds = PermissionScopeService.GetUserIds( None, userInfo.Id, "Resource.ManagePermission") dataTable = DbCommonLibaray.executeQuery( None, LogService.GetDTSql(userIds, 'processid', processId, beginDate, endDate)) return dataTable
def GetDTByPermission(self, userId, permissionItemScopeCode): #这里需要判断,是系统权限? isRole = False isRole = ModulePermission.UserInRole(self, userId, "UserAdmin") #用户管理员 if isRole: returnValue = Pimodule.objects.filter( Q(category='System') & Q(deletemark=0) & Q(enabled=1)).order_by('sortcode') return returnValue isRole = ModulePermission.UserInRole(self, userId, "Admin") if isRole: returnValue = Pimodule.objects.filter( Q(category='Application') & Q(deletemark=0) & Q(enabled=1)).order_by('sortcode') return returnValue moduleIds = PermissionScopeService.GetTreeResourceScopeIds( self, userId, 'PIMODULE', permissionItemScopeCode, True) returnValue = Pimodule.objects.filter( Q(id__in=moduleIds) & Q(deletemark=0) & Q(enabled=1)) return returnValue
def GetSearchConditional(self, userInfo, permissionScopeCode, search, roleIds, enabled, auditStates, departmentId): LogService.WriteLog(userInfo, __class__.__name__, FrameworkMessage.UserService, sys._getframe().f_code.co_name, FrameworkMessage.UserService_GetSearchConditional, '') search = StringHelper.GetSearchString(self, search) whereConditional = 'piuser.deletemark=0 and piuser.isvisible=1 ' if not enabled == None: if enabled == True: whereConditional = whereConditional + " and ( piuser.enabled = 1 )" else: whereConditional = whereConditional + " and ( piuser.enabled = 0 )" if search: whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'username' + " LIKE '" + search + "'" \ + " OR " + 'piuser' + "." + 'code' + " LIKE '" + search + "'" \ + " OR " + 'piuser' + "." + 'realname' + " LIKE '" + search + "'" \ + " OR " + 'piuser' + "." + 'quickquery' + " LIKE '" + search + "'" \ + " OR " + 'piuser' + "." + 'departmentname' + " LIKE '" + search + "'" \ + " OR " + 'piuser' + "." + 'description' + " LIKE '" + search + "')" if departmentId: organizeIds = OrganizeService.GetChildrensById(self, departmentId) if organizeIds and len(organizeIds) > 0: whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'companyid' + " IN (" + StringHelper.ArrayToList(self, organizeIds,"'") + ")" \ + " OR " + 'piuser' + "." + 'companyid' + " IN (" + StringHelper.ArrayToList(self, organizeIds, "'") + ")" \ + " OR " + 'piuser' + "." + 'departmentid' + " IN (" + StringHelper.ArrayToList(self, organizeIds, "'") + ")" \ + " OR " + 'piuser' + "." + 'subdepartmentid' + " IN (" + StringHelper.ArrayToList(self, organizeIds, "'") + ")" \ + " OR " + 'piuser' + "." + 'workgroupid' + " IN (" + StringHelper.ArrayToList(self, organizeIds, "'") + "))" whereConditional = whereConditional + " OR " + 'piuser' + "." + 'id' + " IN (" \ + " SELECT " + 'userid' \ + " FROM " + 'piuserorganize' \ + " WHERE (" + 'piuserorganize' + "." + 'deletemark' + " = 0 ) " \ + " AND (" \ + 'piuserorganize' + "." + 'companyid' + " = '" + departmentId + "' OR " \ + 'piuserorganize' + "." + 'subcompanyid' + " = '" + departmentId + "' OR " \ + 'piuserorganize' + "." + 'departmentid' + " = '" + departmentId + "' OR " \ + 'piuserorganize' + "." + 'subdepartmentid' + " = '" + departmentId + "' OR " \ + 'piuserorganize' + "." + 'workgroupid' + " = '" + departmentId + "')) " if auditStates: whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'auditstatus' + " = '" + auditStates + "')" if roleIds and len(roleIds) > 0: roles = StringHelper.ArrayToList(self, roleIds, "'") whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'id' + " IN (" + "SELECT " + 'userid' + " FROM " + 'piuserrole' + " WHERE " + 'roleid' + " IN (" + roles + ")" + "))" if (not userInfo.IsAdministrator ) and SystemInfo.EnableUserAuthorizationScope: permissionScopeItemId = PermissionItemService.GetId( self, permissionScopeCode) if permissionScopeItemId: #从小到大的顺序进行显示,防止错误发生 organizeIds = PermissionScopeService.GetOrganizeIds( self, userInfo.Id, permissionScopeCode) #没有任何数据权限 if PermissionScope.PermissionScopeDic.get('No') in organizeIds: whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'id' + " = NULL ) " #按详细设定的数据 if PermissionScope.PermissionScopeDic.get( 'Detail') in organizeIds: userIds = PermissionScopeService.GetUserIds( self, userInfo.Id, permissionScopeCode) whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'id' + " IN (" + StringHelper.ObjectsToList( userIds) + ")) " #自己的数据,仅本人 if PermissionScope.PermissionScopeDic.get( 'User') in organizeIds: whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'id' + " = '" + userInfo.Id + "') " #用户所在工作组数据 if PermissionScope.PermissionScopeDic.get( 'UserWorkgroup') in organizeIds: whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'workgroupid' + " = '" + userInfo.WorkgroupId + "') " #用户所在部门数据 if PermissionScope.PermissionScopeDic.get( 'UserDepartment') in organizeIds: whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'departmentid' + " = '" + userInfo.DepartmentId + "') " #用户所在公司数据 if PermissionScope.PermissionScopeDic.get( 'UserCompany') in organizeIds: whereConditional = whereConditional + " AND (" + 'piuser' + "." + 'companyid' + " = '" + userInfo.CompanyId + "') " #全部数据,这里就不用设置过滤条件了 if PermissionScope.PermissionScopeDic.get( 'All') in organizeIds: pass return whereConditional