大家都知道,微软企业库中的Security Application Block是把权限规则写在配置文件中的(app.config,web.config),并没有提供存在数据库的实现形式。我去年就向企业库项目组的人建议在SAB中加入这一实现形式,遗憾的是,直到现在的3.1版本,还是没有实现这一功能。
还好GotDotNet上有人提供了这一功能的扩展:Database Rules Provider ,不过这个扩展没有权限操作的功能(添加,删除,修改权限。。。),不方便大家的日常使用,所以我就对其作了一些修改,加入了权限操作功能。现在放出来与大家共享:)
项目下载:Database Authorization Provider.rar
DbRulesManager.cs:
1
using System;
2
using System.Data;
3
using System.Data.Common;
4
using System.Data.SqlClient;
5
using System.Configuration;
6
using System.Collections.Generic;
7
using System.Security.Principal;
8
using System.Web.Security;
9![](https://www.cnblogs.com/Images/OutliningIndicators/None.gif)
10
using Microsoft.Practices.ObjectBuilder;
11
using Microsoft.Practices.EnterpriseLibrary.Security;
12
//using Microsoft.Practices.EnterpriseLibrary.Security.Authorization;
13
using Microsoft.Practices.EnterpriseLibrary.Security.Configuration;
14
using Microsoft.Practices.EnterpriseLibrary.Data;
15
using Microsoft.Practices.EnterpriseLibrary.Configuration;
16
using System.Configuration.Provider;
17![](https://www.cnblogs.com/Images/OutliningIndicators/None.gif)
18
namespace Kreeg.EnterpriseLibrary.Security.Database.Authorization
19![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
![](https://www.cnblogs.com/Images/OutliningIndicators/ContractedBlock.gif)
{
20![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
/**//// <summary>
21
/// Class for retrieving rules from the database
22
/// </summary>
23
public class DbRulesManager
24![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
25![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
26
private Microsoft.Practices.EnterpriseLibrary.Data.Database dbRules = null;
27![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
/**//// <summary>
28
/// Creates a Database Rules Manager instance
29
/// </summary>
30
/// <param name="databaseService">The Database Instance to use to query the data(要查询数据的数据库实例)</param>
31
/// <param name="config">The configuration context</param>
32
public DbRulesManager(string databaseService)
33![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
34
//DatabaseProviderFactory factory = new DatabaseProviderFactory(config);
35
dbRules = DatabaseFactory.CreateDatabase(databaseService);
36
}
37![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
38![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
39![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
/**//// <summary>
40
/// Retrieves a rule from the database
41
/// </summary>
42
/// <param name="Name">The name of the rule</param>
43
/// <returns>An AuthorizationRuleData object</returns>
44
public AuthorizationRuleData GetRule(string name)
45![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
46
47
AuthorizationRuleData rule = null;
48![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
49
DbCommand cmd = dbRules.GetStoredProcCommand("dbo.GetRuleByName");
50
dbRules.AddInParameter(cmd, "Name", DbType.String, name);
51
52
using(IDataReader reader = dbRules.ExecuteReader(cmd))
53![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
54
if(reader.Read())
55![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
56
rule = GetRuleFromReader(reader);
57
}
58
}
59![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
60
return rule;
61
}
62![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
63
private AuthorizationRuleData GetRuleFromReader(IDataReader reader)
64![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
65
AuthorizationRuleData rule = new AuthorizationRuleData();
66
rule.Name = reader.GetString(reader.GetOrdinal("Name"));
67
rule.Expression = reader.GetString(reader.GetOrdinal("Expression"));
68![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
69
return rule;
70
}
71![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
72
73![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
/**////// <summary>
74
///// Retrieves all rules in the database as a DataSet
75
///// </summary>
76
///// <returns>A DataSet containing all of the rules</returns>
77
//public DataSet GetAllRules()
78
//{
79
// DbCommand cmd = dbRules.GetStoredProcCommand("dbo.GetAllRules");
80![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
81
// using(DataSet ds = dbRules.ExecuteDataSet(cmd))
82
// {
83
// return ds;
84
// }
85
//}
86![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
87![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
88![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
/**//// <summary>
89
/// Retrieves all rules in the database as a Collection
90
/// </summary>
91
/// <returns>An AuthorizationRuleDataCollection containing all of the rules</returns>
92
public List<AuthorizationRuleData> GetAllRulesAsCollection()
93![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
94
List<AuthorizationRuleData> rules = new List<AuthorizationRuleData>();
95![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
96
DbCommand cmd = dbRules.GetStoredProcCommand("dbo.GetAllRules");
97
98
using(IDataReader reader = dbRules.ExecuteReader(cmd))
99![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
100
while(reader.Read())
101![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
102
AuthorizationRuleData rule = GetRuleFromReader(reader);
103
rules.Add(rule);
104
}
105
}
106
return rules;
107
}
108![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
109![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
/**//// <summary>
110
/// Inserts a rule into the database
111
/// </summary>
112
/// <param name="name">The name of the rule</param>
113
/// <param name="expression">The expression defining the rule</param>
114
public void InsertRule(string name, string expression,string description)
115![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
116
DbCommand cmd = dbRules.GetStoredProcCommand("dbo.InsertRule");
117
dbRules.AddInParameter(cmd, "Name", DbType.String, name);
118
dbRules.AddInParameter(cmd, "Expression", DbType.String, expression);
119
dbRules.AddInParameter(cmd, "Description",DbType.String, description);
120![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
121
dbRules.ExecuteNonQuery(cmd);
122
}
123![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
124![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
/**//// <summary>
125
/// Saves the rule to the database
126
/// </summary>
127
/// <param name="ruleId">The Rule Id</param>
128
/// <param name="name">The name of the rule</param>
129
/// <param name="expression">The expression</param>
130
public void UpdateRuleById(int ruleId, string name, string expression)
131![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
132
DbCommand cmd = dbRules.GetStoredProcCommand("dbo.UpdateRuleById");
133
dbRules.AddInParameter(cmd, "id", DbType.Int32, ruleId);
134
dbRules.AddInParameter(cmd, "Name", DbType.String, name);
135
dbRules.AddInParameter(cmd, "Expression", DbType.String, expression);
136
//dbRules.AddInParameter(cmd, "Description", DbType.String, description);
137![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
138
dbRules.ExecuteNonQuery(cmd);
139
}
140![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
141![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
/**//// <summary>
142
/// Removes a rule from the database
143
/// </summary>
144
/// <param name="ruleId">The ruleid to remove</param>
145
public void DeleteRuleById(int ruleId)
146![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
147
DbCommand cmd = dbRules.GetStoredProcCommand("dbo.DeleteRuleById");
148
dbRules.AddInParameter(cmd, "id", DbType.Int32, ruleId);
149![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
150
dbRules.ExecuteNonQuery(cmd);
151
}
152![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
153![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
154![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
/**//***************** Follow Function Created by levinknight 2006.06.07 *****************/
155![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
156![](https://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
GetAllRules#region GetAllRules
157
public string[] GetAllRules()
158![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
159
string rules = string.Empty;
160
DbCommand cmd = dbRules.GetStoredProcCommand("dbo.GetAllRules");
161![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
162
using (DataSet ds = dbRules.ExecuteDataSet(cmd))
163![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
164
foreach (DataRow rule in ds.Tables[0].Rows)
165![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
166
rules += (string)rule["Name"] + ",";
167
}
168![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
169
if (rules.Length >0)
170![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
171
rules = rules.Substring(0,rules.Length -1);
172
return rules.Split(',');
173
}
174![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
175
return new string[0];
176
}
177
}
178
#endregion
179![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
180![](https://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
GetRulesForUser by IPrincipal#region GetRulesForUser by IPrincipal
181
public string[] GetRulesForUser(IPrincipal principal)
182![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
183
if (principal == null)
184![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
185
throw new ArgumentException("Principal cannot be null.");
186
}
187![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
188
return GetEffectiveRules(principal);
189
}
190
#endregion
191![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
192![](https://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
GetRulesForuser by Username#region GetRulesForuser by Username
193
public string[] GetRulesForUser(string username)
194![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
195
string[] roles = Roles.GetRolesForUser(username);
196
IPrincipal principal = new GenericPrincipal(new GenericIdentity(username),roles);
197![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
198
return GetEffectiveRules(principal);
199
}
200
#endregion
201![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
202![](https://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
GetRulesForRole by Role'Name#region GetRulesForRole by Role'Name
203
public string[] GetRulesForRole(string rolename)
204![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
205![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
string[] roles = new string[1]
{rolename};
206
IPrincipal principal = new GenericPrincipal(new GenericIdentity(""), roles);
207![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
208
return GetEffectiveRules(principal);
209
}
210
#endregion
211![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
212![](https://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
GetEffectiveRules Service for GetRulesFor User or Role#region GetEffectiveRules Service for GetRulesFor User or Role
213
private string[] GetEffectiveRules(System.Security.Principal.IPrincipal principal)
214![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
215
string rules = "";
216
List<AuthorizationRuleData> ruleCollection = GetAllRulesAsCollection();
217![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
218
try
219![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
220
foreach (AuthorizationRuleData rule in ruleCollection)
221![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
222
if ( IsInRule(principal,rule.Expression) )
223![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
224
rules += rule.Name + ",";
225
}
226
}
227
}
228
catch (SyntaxException)
229![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
230
throw new ProviderException("返回有效权限时发生了错误,权限表达式非法");
231
}
232![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
233
if (rules.Length > 0)
234![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
235
//删除最末尾的逗号
236
rules = rules.Substring(0,rules.Length - 1);
237
return rules.Split(',');
238
}
239![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
240
return new string[0];
241
}
242
#endregion
243![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
244![](https://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
AddUserToRule#region AddUserToRule
245![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
246
public void AddUserToRule(string ruleName,string username)
247![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
248
if (ruleName.Length == 0 || username.Length == 0)
249![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
250
throw new ProviderException("权限名和用户名都不能为空");
251
}
252
253
string[] roles = Roles.GetRolesForUser(username);
254
IPrincipal principal = new GenericPrincipal(new GenericIdentity(username), roles);
255![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
256
AuthorizationRuleData rule = GetRule(ruleName);
257![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
258
if (rule == null)
259![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
260
throw new ProviderException(string.Format("权限: '{0}'不在数据库中",ruleName));
261
}
262![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
263
264
if ( IsInRule(principal,rule.Expression) )
265![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
266
throw new ProviderException(string.Format("用户: '{0}'已经拥有权限: '{1}'",username,ruleName));
267
}
268![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
269
string ruleExpression = string.Empty;
270
string tempExpression = string.Empty;
271![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
272
if (rule.Expression.Contains(string.Format(" AND (NOT I:{0})", username)))
273![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
274
tempExpression = ruleExpression = rule.Expression.Replace(string.Format(" AND (NOT I:{0})", username), "");
275
if (IsInRule(principal, tempExpression))
276![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
277
ruleExpression = rule.Expression.Replace(string.Format(" AND (NOT I:{0})", username), "");
278
}
279
else
280![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
281
ruleExpression = rule.Expression.Replace(string.Format(" AND (NOT I:{0})", username),
282
string.Format(" OR (I:{0})", username)
283
);
284
}
285
}
286
else if (rule.Expression.Contains(string.Format("(NOT I:{0})", username)))
287![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
288
ruleExpression = rule.Expression.Replace(string.Format("(NOT I:{0})", username),
289
string.Format("(I:{0})", username)
290
);
291
}
292
else
293![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
294
ruleExpression = rule.Expression + string.Format(" OR (I:{0})", username);
295
}
296![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
297
try
298![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
299
new Parser().Parse(ruleExpression);
300
}
301
catch (SyntaxException)
302![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
303
throw;
304
}
305![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
306
UpdateRuleByName(rule.Name,ruleExpression);
307
}
308
309
#endregion
310![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
311![](https://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
RemoveUserFromRule#region RemoveUserFromRule
312
public void RemoveUserFromRule(string ruleName, string username)
313![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
314
if (ruleName.Length == 0 || username.Length == 0)
315![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
316
throw new ProviderException("权限名和用户名都不能为空");
317
}
318
319
string[] roles = Roles.GetRolesForUser(username);
320
IPrincipal principal = new GenericPrincipal(new GenericIdentity(username), roles);
321![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
322
Parser parser = new Parser();
323
AuthorizationRuleData rule = GetRule(ruleName);
324![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
325
if ( !parser.Parse(rule.Expression).Evaluate(principal) )
326![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
327
throw new ProviderException(string.Format("用户: '{0}'已经没有权限: '{1}'", username,ruleName));
328
}
329![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
330
string ruleExpression;
331
332
//此用户已经拥有了此权限
333
if (rule.Expression.Contains(string.Format(" OR (I:{0})", username)))
334![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
335
ruleExpression = rule.Expression.Replace(string.Format(" OR (I:{0})", username), "");
336
}
337
//后面有表达式 OR![](https://www.cnblogs.com/Images/dot.gif)
338
else if (rule.Expression.Contains(string.Format("(I:{0}) OR ", username)))
339![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
340
ruleExpression = rule.Expression.Replace(string.Format("(I:{0}) OR ", username), "");
341![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
342
}
343
//后面有表达式 AND![](https://www.cnblogs.com/Images/dot.gif)
344
else if (rule.Expression.Contains(string.Format("(I:{0}) AND ", username)))
345![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
346
ruleExpression = rule.Expression.Replace(string.Format("(I:{0}) AND ", username), "");
347
}
348
//只有此用户拥有此权限
349
else if (rule.Expression.Contains(string.Format("(I:{0})", username)))
350![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
351
//ruleExpression = rule.Expression.Replace(string.Format("(I:{0})", username), "");
352
throw new ProviderException("权限必须属于至少一个角色或用户!!!");
353
}
354
//只是此用户所属的角色拥有此权限
355
else
356![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
357
ruleExpression = rule.Expression + string.Format(" AND (NOT I:{0})", username);
358
}
359![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
360
UpdateRuleByName(ruleName,ruleExpression);
361
}
362
#endregion
363![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
364![](https://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
AddRoleToRule#region AddRoleToRule
365
public void AddRoleToRule(string ruleName,string roleName)
366![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
367
if (ruleName.Length == 0 || roleName.Length ==0)
368![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
369
throw new ProviderException("权限名和角色名都不能为空");
370
}
371
372![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
string[] roles = new string[1]
{roleName};
373
IPrincipal principal = new GenericPrincipal( new GenericIdentity(""),roles );
374![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
375
Parser parser = new Parser();
376
AuthorizationRuleData rule = GetRule(ruleName);
377
BooleanExpression parsedExpression;
378![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
379
if (rule == null)
380![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
381
throw new ProviderException(string.Format("权限: '{0}'不在数据库中", ruleName));
382
}
383![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
384
parsedExpression = parser.Parse(rule.Expression);
385
if (parsedExpression.Evaluate(principal))
386![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
387
throw new ProviderException(string.Format("角色: '{0}'已经拥有权限: '{1}'", roleName, ruleName));
388
}
389![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
390
string ruleExpression = string.Empty;
391![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
392
if (rule.Expression.Contains(string.Format(" AND (NOT R:{0})", roleName)))
393![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
394
ruleExpression = rule.Expression.Replace(string.Format(" AND (NOT R:{0})", roleName),
395
string.Format(" OR (R:{0})", roleName)
396
);
397
}
398
else
399![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
400
ruleExpression = rule.Expression + string.Format(" OR (R:{0})", roleName);
401
}
402![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
403
ruleExpression = rule.Expression + string.Format(" OR (R:{0})", roleName);
404![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
405
try
406![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
407
parser.Parse(ruleExpression);
408
}
409
catch (SyntaxException)//权限表达式非法
410![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
411
throw new ApplicationException("权限表达式非法");
412
}
413![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
414
UpdateRuleByName(rule.Name, ruleExpression);
415![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
416
}
417
#endregion
418![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
419![](https://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
RemoveRoleFromRule#region RemoveRoleFromRule
420
public void RemoveRoleFromRule(string ruleName,string roleName)
421![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
422
string[] roles;
423![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
roles = new string[1]
{ roleName };
424![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
425
if (ruleName.Length == 0 || roleName.Length == 0)
426![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
427
throw new ProviderException("权限名和角色名都不能为空");
428
}
429
430
IPrincipal principal;
431
principal= new GenericPrincipal(new GenericIdentity(""), roles);
432![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
433
Parser parser = new Parser();
434
AuthorizationRuleData rule = GetRule(ruleName);
435![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
436
if (!parser.Parse(rule.Expression).Evaluate(principal))
437![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
438
throw new ProviderException(string.Format("角色: '{0}'已经没有权限: '{1}'", roleName, ruleName));
439
}
440![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
441
string ruleExpression = string.Empty;
442
int i = 0;
443![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
444
//计算有几个角色拥有此权限
445
foreach (string role in Roles.GetAllRoles())
446![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
447
roles[0] = role;
448
principal = new GenericPrincipal(new GenericIdentity(""),roles);
449![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
450
if (parser.Parse(rule.Expression).Evaluate(principal))
451![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
452
i++;
453
}
454
}
455![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
456
if (i < 2)
457![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
458
throw new ProviderException("每个权限至少要属于一个角色!");
459
}
460
461
462
//此角色已经拥有了此权限
463
if (rule.Expression.Contains(string.Format(" OR (R:{0})", roleName)))
464![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
465
ruleExpression = rule.Expression.Replace(string.Format(" OR (R:{0})", roleName), "");
466
}
467
//后面有表达式 OR![](https://www.cnblogs.com/Images/dot.gif)
468
else if (rule.Expression.Contains(string.Format("(R:{0}) OR ", roleName)))
469![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
470
ruleExpression = rule.Expression.Replace(string.Format("(R:{0}) OR ", roleName), "");
471![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
472
}
473
//后面有表达式 AND![](https://www.cnblogs.com/Images/dot.gif)
474
else if (rule.Expression.Contains(string.Format("(R:{0}) AND ", roleName)))
475![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
476
ruleExpression = rule.Expression.Replace(string.Format("(R:{0}) AND ", roleName), "");
477
}
478
//只有此角色拥有此权限
479
//else if (rule.Expression.Contains(string.Format("(R:{0})", roleName)))
480
//{
481
// //ruleExpression = rule.Expression.Replace(string.Format("(I:{0})", username), "");
482
// throw new ProviderException("权限必须属于至少一个角色或用户!!!");
483
//}
484![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
/**/////只是此角色拥有此权限
485
//else
486
//{
487
// ruleExpression = rule.Expression + string.Format(" AND (NOT I:{0})", roleName);
488
//}
489![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
490
UpdateRuleByName(ruleName, ruleExpression);
491
}
492
#endregion
493![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
494![](https://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
UpdateRuleByName#region UpdateRuleByName
495
private void UpdateRuleByName(string ruleName,string ruleExpression)
496![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
497
DbCommand cmd = dbRules.GetStoredProcCommand("dbo.UpdateRuleByName");
498
dbRules.AddInParameter(cmd, "Name", DbType.String, ruleName);
499
dbRules.AddInParameter(cmd, "Expression", DbType.String, ruleExpression);
500![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
501
dbRules.ExecuteNonQuery(cmd);
502
}
503
#endregion
504![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
505![](https://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
DeleteRuleByName#region DeleteRuleByName
506
public void DeleteRuleByName(string ruleName)
507![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
508
if (ruleName.Length == 0)
509![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
510
throw new ProviderException("要删除的权限名不能为空");
511
}
512
513
DbCommand cmd = dbRules.GetStoredProcCommand("dbo.DeleteRuleByName");
514
dbRules.AddInParameter(cmd, "Name", DbType.String, ruleName);
515![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
516
dbRules.ExecuteNonQuery(cmd);
517
}
518
#endregion
519![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
520![](https://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
CreateRule#region CreateRule
521
public void CreateRule(string ruleName,string description,string[] roles)
522![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
523
string ruleExpression;
524
string roleRules = string.Empty;
525
//string userRules = string.Empty;
526
527
if (ruleName == null)
528![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
529
throw new ArgumentException("权限名不能为空");
530
}
531![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
532
if (roles.Length == 0)
533![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
534
throw new ProviderException("创建权限时必须指明权限的所属角色");
535
}
536![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
537
if (roles.Length > 0)
538![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
539
foreach (string role in roles)
540![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
541
roleRules += string.Format("(R:{0}) OR ",role);
542
}
543
544
if (roles.Rank > 0)
545![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
546
roleRules = roleRules.Substring(0, roleRules.Length - 4);
547
}
548
}
549![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
550
ruleExpression = roleRules;
551![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
552
try
553![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
554
new Parser().Parse(ruleExpression);
555
}
556
catch (SyntaxErrorException)
557![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
558
throw;
559
}
560
561
InsertRule(ruleName,ruleExpression,description);
562
}
563
#endregion
564![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
565![](https://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
IsInRule#region IsInRule
566
private bool IsInRule(IPrincipal principal,string ruleExpression)
567![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
568
Parser parser = new Parser();
569
BooleanExpression parsedExpression;
570![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
571
try
572![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
573
parsedExpression = parser.Parse(ruleExpression);
574
}
575
catch (SyntaxException)
576![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
577
throw;
578
}
579![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
580
if (parsedExpression.Evaluate(principal))
581![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
582
return true;
583
}
584![](https://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
585
return false;
586
}
587
#endregion
588
}
589
}
590![](https://www.cnblogs.com/Images/OutliningIndicators/None.gif)