def AddRoleUser(request):
try:
roleId = request.POST['roleId']
except:
userId = None
try:
targetIds = request.POST['targetIds']
except:
targetIds = None
returnValue = 0
response = HttpResponse()
for id in str(targetIds).split(','):
UserRoleService.AddUserToRole(CommonUtils.Current(response, request),
id, roleId)
returnValue = returnValue + 1
if returnValue > 0:
response.content = json.dumps({
'Success': True,
'Data': '1',
'Message': '添加成功!'
})
return response
else:
response.content = json.dumps({
'Success': False,
'Data': '0',
'Message': '添加失败!'
})
return response
def RemoveRoleUser(request):
try:
roleId = request.POST['roleId']
except:
roleId = None
try:
targetIds = request.POST['targetIds']
except:
targetIds = None
response = HttpResponse()
for id in str(targetIds).split(','):
returnValue = UserRoleService.RemoveUserFromRole(None, id, roleId)
if returnValue > 0:
successFlag = 1
response.content = json.dumps({
'Success': True,
'Data': '1',
'Message': '操作成功!'
})
return response
else:
response.content = json.dumps({
'Success': False,
'Data': '0',
'Message': '操作失败!'
})
return response
def RemoveRoleByUserId(request):
try:
userId = request.POST['userId']
except:
userId = None
try:
removeRoleIds = request.POST['targetIds']
except:
removeRoleIds = None
if removeRoleIds and len(removeRoleIds) > 0 and userId:
returnValue = UserRoleService.RemoveUserFromRole(None, userId, removeRoleIds)
if returnValue > 0:
response = HttpResponse()
response.content = json.dumps({'Success': True, 'Data': '1', 'Message': FrameworkMessage.MSG3010})
return response
else:
response = HttpResponse()
response.content = json.dumps({'Success': True, 'Data': '0', 'Message': FrameworkMessage.MSG3020})
return response
else:
response = HttpResponse()
response.content = json.dumps({'Success': False, 'Data': '0', 'Message': FrameworkMessage.MSG3020})
return response
def GetUserConstraint(userInfo, tableName, permissionCode = "Resource.AccessPermission"):
"""
获取约束条件(所有的约束)
Args:
tableName (string): 表名
permissionCode (string): 权限代码
Returns:
returnValue (): 数据表
"""
returnValue = ''
permissionId = ''
permissionId = PermissionItemService.GetIdByAdd(permissionCode)
roleIds = UserRoleService.GetAllRoleIds(None, userInfo.Id)
if not roleIds or len(roleIds) == 0:
return returnValue
dtPermissionScope = Pipermissionscope.objects.filter(Q(resourcecategory='pirole') & Q(resourceid__in=roleIds) & Q(targetcategory='Table') & Q(targetid=tableName) & Q(permissionid=permissionId) & Q(enabled=1) & Q(deletemark=0))
permissionConstraint = ''
for dataRow in dtPermissionScope:
permissionConstraint = dataRow.permissionconstraint
permissionConstraint = str(permissionConstraint).strip()
if permissionConstraint:
returnValue = returnValue + " AND " + permissionConstraint
#得到当前用户的约束条件
userConstraint = TableColumnsService.GetConstraint('piuser', userInfo.Id, tableName)
if not userConstraint:
userConstraint = ''
else:
returnValue = returnValue + " AND " + userConstraint
if returnValue:
returnValue = str(returnValue)[5:]
returnValue = ConstrainUtil.PrepareParameter(userInfo, returnValue)
return returnValue
def IsAdministrator(entity):
"""
当前用户是否超级管理员
Args:
userInfo (UserInfo): 用户
Returns:
returnValue(True or False): 当前用户是否为超级管理员,true:是,false:否
"""
returnValue = False
userEntity = Piuser.objects.get(id=entity.id)
if userEntity.id == 'Administrator':
return True
if userEntity.code and userEntity.code == 'Administrator':
return True
if userEntity.username and userEntity.username == 'Administrator':
return True
#TODO:if (this.UserInfo == null) return false;
#用户的默认角色是超级管理员
roleEntity = None
if userEntity.roleid:
roleIds = UserRoleService.GetRoleIds(userEntity.id)
for tmpid in roleIds:
if tmpid == DefaultRole.Administrators:
return True
roleEntity = Pirole.objects.get(id=tmpid)
if roleEntity.code and roleEntity.code == DefaultRole.Administrators:
return True
return False
def AddUserToRole(request):
try:
userId = request.POST['userId']
except:
userId = None
try:
targetIds = request.POST['targetIds']
except:
targetIds = None
response = HttpResponse()
returnValue = UserRoleService.AddUserToRole(
CommonUtils.Current(response, request), userId, targetIds)
if returnValue:
response.content = json.dumps({
'Success': True,
'Data': '1',
'Message': '添加成功!'
})
return response
else:
response.content = json.dumps({
'Success': False,
'Data': '0',
'Message': '添加失败!'
})
return response
def GetUserDTByPermissionScope(self, userId, permissionItemCode):
"""
按某个权限范围获取特定用户可访问的用户列表
Args:
userId (string): 用户主键
permissionItemCode (string): 操作权限编号
Returns:
returnValue(Piuser[]): 用户列表
"""
isRole = False
isRole = UserRoleService.UserInRole(self, userId, 'UserAdmin') | UserRoleService.UserInRole(self, userId, 'Admin')
if(isRole):
returnValue = Piuser.objects.filter(Q(isvisible=1) & Q(deletemark=0) & Q(enabled=1))
return returnValue
userids = ScopPermission.GetUserIdsSql(self, userId, permissionItemCode)
returnValue = Piuser.objects.filter(Q(isvisible=1) & Q(enabled=1) & Q(id__in=userids)).order_by('sortcode')
return returnValue
def GetRoleUserIds(self, roleId):
"""
获得角色中的用户主键
Args:
roleId (string): 角色主键
Returns:
returnValue (string[]): 用户主键列表
"""
returnValue = UserRoleService.GetUserIds(self, roleId)
return returnValue
def EliminateRoleUser(self, roleId):
"""
移除角色用户关联
Args:
id (string): 角色主键
Returns:
returnValue (int): 移除影响行数
"""
returnValue = 0
returnValue = UserRoleService.EliminateRoleUser(self, roleId)
return returnValue
def AddUserToRole(userInfo, roleId, addUserIds):
"""
用户添加到角色
Args:
roleId (string): 角色主键
addUserIds (string): 用户主键列表
Returns:
returnValue (int): 影响行数
"""
returnValue = UserRoleService.AddToRolesU(userInfo, addUserIds, roleId)
return returnValue
def RemoveUserFromRole(userInfo, userIds, roleId):
"""
将用户从角色中移除
Args:
userIds (string[]): 角色主键列表
roleId (string): 角色主键
Returns:
returnValue (int): 影响行数
"""
returnValue = UserRoleService.RemoveFromRoleU(userInfo, userIds,
roleId)
return returnValue
def GetRoleDT(self, userId, permissionItemCode):
"""
按某个权限获取角色 数据表
Args:
userId (string): 管理用户主键
permissionItemCode (string): 权限编号
Returns:
returnValue(Pirole[]): 主键列表
"""
returnValue = None
#这里需要判断,是系统权限?
isRole = False
isRole = UserRoleService.UserInRole(self, userId, 'UserAdmin') | UserRoleService.UserInRole(self, userId,
'Admin')
#用户管理员,这里需要判断,是业务权限?
if(isRole):
returnValue = Pirole.objects.filter(Q(deletemark=0) & Q(enabled=1))
return returnValue
returnValue = Pirole.objects.filter(Q(id__in=ScopPermission.GetRoleIdsSql(self, userId, permissionItemCode))).order_by('sortcode')
return returnValue
def IsInRole(self, userId, roleName):
"""
指定用户是否在指定的角色里
Args:
userId (string): 用户主键
roleName (string): 角色名称
Returns:
returnValue(True or False): 指定用户是否在指定角色里,true:是,false:否
"""
roleCode = Pirole.objects.get(realname=roleName).code
returnValue = UserRoleService.UserInRole(self, userId, roleCode)
return returnValue
def GetUserRoleIds(request):
try:
userId = request.POST['userId']
except:
userId = None
if userId:
ids = UserRoleService.GetUserRoleIds(None, userId)
returnValue = StringHelper.GetSpitString(ids, ',')
response = HttpResponse()
response.content = returnValue
return response
else:
response = HttpResponse()
response.content = ''
return response
def ClearRolePermissionByRoleId(self, roleId):
"""
清除指定角色的所有权限
1.清除角色的用户归属。
2.清除角色的模块权限。
3.清除角色的操作权限。
Args:
roleId (string): 角色主键
Returns:
returnValue(int): 影响的行数
"""
returnValue = 0
returnValue = returnValue + UserRoleService.EliminateRoleUser(self, roleId)
returnValue = returnValue + Pipermissionscope.objects.filter(Q(resourcecategory='PIROLE') & Q(resourceid=roleId)).delete()
returnValue = returnValue + Pipermission.objects.filter(Q(resourcecategory='PIROLE') & Q(resourceid=roleId)).delete()
return returnValue
def GetDTByRole(request):
try:
roleId = request.GET['roleId']
except:
roleId = ''
jsons = "[]"
if roleId:
roleDT = UserRoleService.GetDTByRole(None, roleId)
userTmp = ''
for user in roleDT:
userTmp = userTmp + ', ' + user.toJSON()
userTmp = userTmp.strip(',')
returnValue = '[' + userTmp + ']'
response = HttpResponse()
response.content = returnValue
return response
else:
response = HttpResponse()
response.content = jsons
return response
def GetUserPageDTByDepartment(self,
userInfo,
permissionScopeCode,
searchValue,
enabled,
auditStates,
roleIds,
showRole,
userAllInformation,
pageIndex=0,
pageSize=100,
sort=None,
departmentId=None):
#TODO:还需要完善此方法
if not departmentId:
departmentId = ''
myrecordCount = 0
myrecordCount, dt = UserSerivce.SearchByPage(
self, userInfo, permissionScopeCode, searchValue, roleIds, enabled,
auditStates, departmentId, pageIndex, pageSize)
if showRole:
#这里是获取角色列表
dataTableRole = RoleService.GetDT(None)
#友善的显示属于多个角色的功能
roleName = ''
for user in dt:
roleName = ''
roleIds = UserRoleService.GetRoleIds(user['ID'])
if roleIds:
for i in roleIds:
roleName = roleName + dataTableRole.filter(
id=i)[0].realname + ", "
if roleName:
roleName = roleName.strip(", ")
user['ROLENAME'] = roleName
return myrecordCount, dt
def GetRoleListByUserId(request):
try:
userId = request.GET['userId']
except:
userId = None
response = HttpResponse()
if userId:
roleIds = UserRoleService.GetUserRoleIds(None, userId)
jsons = '[]'
if roleIds and len(roleIds) > 0:
roleDT = RoleService.GetDTByIds(CommonUtils.Current(response, request), roleIds)
returnValue = '['
for role in roleDT:
returnValue = returnValue + role.toJSON() + ","
returnValue = returnValue.strip(",")
returnValue = returnValue + "]"
response.content = returnValue
return response
else:
response.content = jsons
return response
def CheckPermissionByUser(self,
userId,
permissionItemCode,
permissionItemName=None):
"""
是否有相应的权限
Args:
userId (string): 用户主键
permissionItemCode (string): 权限编号
permissionItemName (string): 权限名称
Returns:
returnValue(True or False): 是否有权限
"""
#若不存在就需要自动能增加一个操作权限项
permissionItemEntity = None
try:
permissionItemEntity = Pipermissionitem.objects.get(
Q(code=permissionItemCode))
except Pipermissionitem.DoesNotExist as e:
if not permissionItemName:
permissionItemName = permissionItemCode
permissionItemEntity = Pipermissionitem()
permissionItemEntity.id = uuid.uuid4()
permissionItemEntity.code = permissionItemCode
permissionItemEntity.fullname = permissionItemName
permissionItemEntity.categorycode = "Application"
permissionItemEntity.parentid = None
permissionItemEntity.moduleid = None
permissionItemEntity.isscope = 0
permissionItemEntity.ispublic = 0
permissionItemEntity.allowdelete = 1
permissionItemEntity.allowedit = 1
permissionItemEntity.enabled = 1
permissionItemEntity.deletemark = 0
permissionItemEntity.createon = datetime.datetime.now()
permissionItemEntity.modifiedon = permissionItemEntity.createon
permissionItemEntity.save()
# 没有找到相应的权限
return False
#先判断用户类别
user = Piuser.objects.get(id=userId)
if PermissionService.IsAdministrator(user):
return True
returnValue = False
#用户管理员拥有所有的系统权限,不需要授予
if UserRoleService.UserInRole(self, user.id, 'UserAdmin'):
return True
#业务管理员拥有所有的业务(应用)权限,不需要授予
if permissionItemEntity.categorycode and permissionItemEntity.categorycode == 'Application':
if UserRoleService.UserInRole(self, user.id, 'Admin'):
return True
#判断用户权限
if PermissionService.CheckUserPermission(self, userId,
permissionItemEntity.id):
return True
#判断用户角色权限
if PermissionService.CheckUserRolePermission(self, userId,
permissionItemEntity.id):
return True
#判断用户组织机构权限,这里有开关是为了提高性能用的,
#下面的函数接着还可以提高性能,可以进行一次判断就可以了,其实不用执行4次判断,浪费I/O,浪费性能。
if SystemInfo.EnableOrganizePermission:
organizeIds = UserOrganizeService.GetAllOrganizeIds(self, userId)
if PermissionService.CheckUserOrganizePermission(
self, userId, permissionItemEntity.id, organizeIds):
return True
return False
