2016-10-22 16:58:31 +08:00
using Longbow.Caching ;
using Longbow.Caching.Configuration ;
2016-10-29 09:24:55 +08:00
using Longbow.Data ;
2016-10-22 16:58:31 +08:00
using Longbow.ExceptionManagement ;
2016-10-23 15:46:18 +08:00
using Longbow.Security ;
2016-11-04 16:06:40 +08:00
using Longbow.Security.Principal ;
2016-10-22 16:58:31 +08:00
using System ;
using System.Collections.Generic ;
using System.Data ;
using System.Data.Common ;
2016-10-28 20:18:12 +08:00
using System.Data.SqlClient ;
2016-10-22 16:58:31 +08:00
using System.Globalization ;
using System.Linq ;
namespace Bootstrap.DataAccess
{
/// <summary>
/// 用户表相关操作类
/// </summary>
public static class UserHelper
{
2016-11-05 12:11:16 +08:00
internal const string RetrieveUsersDataKey = "UserHelper-RetrieveUsers" ;
private const string RetrieveUsersByNameDataKey = "UserHelper-RetrieveUsersByName" ;
2016-11-04 16:06:40 +08:00
internal const string RetrieveUsersByRoleIDDataKey = "UserHelper-RetrieveUsersByRoleId" ;
internal const string RetrieveUsersByGroupIDDataKey = "UserHelper-RetrieveUsersByGroupId" ;
2016-10-22 16:58:31 +08:00
/// <summary>
/// 查询所有用户
/// </summary>
/// <param name="pIds"></param>
/// <returns></returns>
public static IEnumerable < User > RetrieveUsers ( string tId = null )
{
2016-11-06 16:01:14 +08:00
string sql = "select ID, UserName, DisplayName, RegisterTime, ApprovedTime from Users Where ApprovedTime is not null" ;
2016-11-04 16:06:40 +08:00
var ret = CacheManager . GetOrAdd ( RetrieveUsersDataKey , CacheSection . RetrieveIntervalByKey ( RetrieveUsersDataKey ) , key = >
2016-10-22 16:58:31 +08:00
{
List < User > Users = new List < User > ( ) ;
DbCommand cmd = DBAccessManager . SqlDBAccess . CreateCommand ( CommandType . Text , sql ) ;
try
{
using ( DbDataReader reader = DBAccessManager . SqlDBAccess . ExecuteReader ( cmd ) )
{
while ( reader . Read ( ) )
{
Users . Add ( new User ( )
{
ID = ( int ) reader [ 0 ] ,
2016-10-24 01:01:29 +08:00
UserName = ( string ) reader [ 1 ] ,
2016-11-06 16:01:14 +08:00
DisplayName = ( string ) reader [ 2 ] ,
RegisterTime = ( DateTime ) reader [ 3 ] ,
ApprovedTime = ( DateTime ) reader [ 4 ]
2016-10-22 16:58:31 +08:00
} ) ;
}
}
}
catch ( Exception ex ) { ExceptionManager . Publish ( ex ) ; }
return Users ;
2016-11-04 16:06:40 +08:00
} , CacheSection . RetrieveDescByKey ( RetrieveUsersDataKey ) ) ;
2016-10-22 16:58:31 +08:00
return string . IsNullOrEmpty ( tId ) ? ret : ret . Where ( t = > tId . Equals ( t . ID . ToString ( ) , StringComparison . OrdinalIgnoreCase ) ) ;
}
/// <summary>
2016-10-24 19:59:07 +08:00
/// 根据用户名查询用户
2016-10-23 15:46:18 +08:00
/// </summary>
/// <param name="userName"></param>
/// <returns></returns>
2016-10-24 01:01:29 +08:00
public static User RetrieveUsersByName ( string userName )
2016-10-23 15:46:18 +08:00
{
2016-11-04 16:06:40 +08:00
if ( LgbPrincipal . IsAdmin ( userName ) ) return new User ( ) { DisplayName = "网站管理员" , UserName = userName } ;
string key = string . Format ( "{0}-{1}" , RetrieveUsersByNameDataKey , userName ) ;
return CacheManager . GetOrAdd ( key , CacheSection . RetrieveIntervalByKey ( RetrieveUsersByNameDataKey ) , k = >
2016-10-23 15:46:18 +08:00
{
2016-10-24 01:01:29 +08:00
User user = null ;
2016-11-06 16:01:14 +08:00
string sql = "select ID, UserName, [Password], PassSalt, DisplayName, RegisterTime, ApprovedTime from Users where ApprovedTime is not null and UserName = @UserName" ;
2016-10-24 01:01:29 +08:00
DbCommand cmd = DBAccessManager . SqlDBAccess . CreateCommand ( CommandType . Text , sql ) ;
try
2016-10-23 15:46:18 +08:00
{
2016-10-24 01:01:29 +08:00
cmd . Parameters . Add ( DBAccessManager . SqlDBAccess . CreateParameter ( "@UserName" , userName , ParameterDirection . Input ) ) ;
using ( DbDataReader reader = DBAccessManager . SqlDBAccess . ExecuteReader ( cmd ) )
2016-10-23 15:46:18 +08:00
{
2016-10-24 01:01:29 +08:00
if ( reader . Read ( ) )
2016-10-23 15:46:18 +08:00
{
2016-10-24 01:01:29 +08:00
user = new User ( )
{
ID = ( int ) reader [ 0 ] ,
UserName = ( string ) reader [ 1 ] ,
Password = ( string ) reader [ 2 ] ,
PassSalt = ( string ) reader [ 3 ] ,
2016-11-06 16:01:14 +08:00
DisplayName = ( string ) reader [ 4 ] ,
RegisterTime = ( DateTime ) reader [ 5 ] ,
ApprovedTime = ( DateTime ) reader [ 6 ]
2016-10-24 01:01:29 +08:00
} ;
}
2016-10-23 15:46:18 +08:00
}
}
2016-10-24 01:01:29 +08:00
catch ( Exception ex ) { ExceptionManager . Publish ( ex ) ; }
return user ;
2016-11-04 16:06:40 +08:00
} , CacheSection . RetrieveDescByKey ( RetrieveUsersByNameDataKey ) ) ;
2016-10-23 15:46:18 +08:00
}
/// <summary>
2016-10-22 16:58:31 +08:00
/// 删除用户
/// </summary>
/// <param name="ids"></param>
2016-10-22 20:55:07 +08:00
public static bool DeleteUser ( string ids )
2016-10-22 16:58:31 +08:00
{
2016-10-22 20:55:07 +08:00
bool ret = false ;
if ( string . IsNullOrEmpty ( ids ) | | ids . Contains ( "'" ) ) return ret ;
2016-11-07 12:27:04 +08:00
try
2016-10-22 16:58:31 +08:00
{
2016-11-07 12:27:04 +08:00
using ( DbCommand cmd = DBAccessManager . SqlDBAccess . CreateCommand ( CommandType . StoredProcedure , "Proc_DeleteUsers" ) )
2016-10-22 20:55:07 +08:00
{
2016-11-07 12:27:04 +08:00
cmd . Parameters . Add ( DBAccessManager . SqlDBAccess . CreateParameter ( "@ids" , ids , ParameterDirection . Input ) ) ;
DBAccessManager . SqlDBAccess . ExecuteNonQuery ( cmd ) ;
2016-10-22 20:55:07 +08:00
}
2016-11-07 12:27:04 +08:00
CacheCleanUtility . ClearCache ( userIds : ids ) ;
ret = true ;
}
catch ( Exception ex )
{
ExceptionManager . Publish ( ex ) ;
2016-10-22 20:55:07 +08:00
}
return ret ;
2016-10-22 16:58:31 +08:00
}
/// <summary>
/// 保存新建/更新的用户信息
/// </summary>
/// <param name="p"></param>
/// <returns></returns>
public static bool SaveUser ( User p )
{
if ( p = = null ) throw new ArgumentNullException ( "p" ) ;
bool ret = false ;
if ( p . UserName . Length > 50 ) p . UserName . Substring ( 0 , 50 ) ;
2016-10-23 15:46:18 +08:00
p . PassSalt = LgbCryptography . GenerateSalt ( ) ;
p . Password = LgbCryptography . ComputeHash ( p . Password , p . PassSalt ) ;
2016-10-24 19:59:07 +08:00
if ( p . DisplayName . Length > 50 ) p . DisplayName . Substring ( 0 , 50 ) ;
2016-10-22 16:58:31 +08:00
string sql = p . ID = = 0 ?
2016-11-06 16:01:14 +08:00
"Insert Into Users (UserName, Password, PassSalt, DisplayName, RegisterTime, ApprovedTime) Values (@UserName, @Password, @PassSalt, @DisplayName, GetDate(), @ApprovedTime)" :
2016-10-24 01:01:29 +08:00
"Update Users set UserName = @UserName, Password = @Password, PassSalt = @PassSalt, DisplayName = @DisplayName where ID = @ID" ;
2016-10-22 16:58:31 +08:00
try
{
using ( DbCommand cmd = DBAccessManager . SqlDBAccess . CreateCommand ( CommandType . Text , sql ) )
{
cmd . Parameters . Add ( DBAccessManager . SqlDBAccess . CreateParameter ( "@ID" , p . ID , ParameterDirection . Input ) ) ;
cmd . Parameters . Add ( DBAccessManager . SqlDBAccess . CreateParameter ( "@UserName" , p . UserName , ParameterDirection . Input ) ) ;
cmd . Parameters . Add ( DBAccessManager . SqlDBAccess . CreateParameter ( "@Password" , p . Password , ParameterDirection . Input ) ) ;
2016-10-23 15:46:18 +08:00
cmd . Parameters . Add ( DBAccessManager . SqlDBAccess . CreateParameter ( "@PassSalt" , p . PassSalt , ParameterDirection . Input ) ) ;
2016-10-24 01:01:29 +08:00
cmd . Parameters . Add ( DBAccessManager . SqlDBAccess . CreateParameter ( "@DisplayName" , p . DisplayName , ParameterDirection . Input ) ) ;
2016-11-06 16:01:14 +08:00
cmd . Parameters . Add ( DBAccessManager . SqlDBAccess . CreateParameter ( "@ApprovedTime" , DBAccess . ToDBValue ( p . ApprovedTime ) , ParameterDirection . Input ) ) ;
2016-10-22 16:58:31 +08:00
DBAccessManager . SqlDBAccess . ExecuteNonQuery ( cmd ) ;
}
2016-11-05 12:11:16 +08:00
CacheCleanUtility . ClearCache ( userIds : p . ID = = 0 ? "" : p . ID . ToString ( ) ) ;
2016-10-22 16:58:31 +08:00
ret = true ;
}
catch ( DbException ex )
{
ExceptionManager . Publish ( ex ) ;
}
return ret ;
}
2016-10-23 15:46:18 +08:00
/// <summary>
/// 验证用户登陆账号与密码正确
/// </summary>
/// <param name="userName"></param>
/// <param name="password"></param>
/// <returns></returns>
public static bool Authenticate ( string userName , string password )
{
var user = RetrieveUsersByName ( userName ) ;
return user ! = null & & user . Password = = LgbCryptography . ComputeHash ( password , user . PassSalt ) ;
}
2016-10-28 20:18:12 +08:00
/// <summary>
/// 通过roleId获取所有用户
/// </summary>
/// <param name="roleId"></param>
/// <returns></returns>
public static IEnumerable < User > RetrieveUsersByRoleId ( int roleId )
{
2016-11-04 16:06:40 +08:00
string key = string . Format ( "{0}-{1}" , RetrieveUsersByRoleIDDataKey , roleId ) ;
return CacheManager . GetOrAdd ( key , CacheSection . RetrieveIntervalByKey ( RetrieveUsersByNameDataKey ) , k = >
2016-10-28 20:18:12 +08:00
{
List < User > Users = new List < User > ( ) ;
2016-11-06 16:01:14 +08:00
string sql = "select u.ID, u.UserName, u.DisplayName, case ur.UserID when u.ID then 'checked' else '' end [status] from Users u left join UserRole ur on u.ID = ur.UserID and RoleID = @RoleID where u.ApprovedTime is not null" ;
2016-10-28 20:18:12 +08:00
DbCommand cmd = DBAccessManager . SqlDBAccess . CreateCommand ( CommandType . Text , sql ) ;
cmd . Parameters . Add ( DBAccessManager . SqlDBAccess . CreateParameter ( "@RoleID" , roleId , ParameterDirection . Input ) ) ;
try
{
using ( DbDataReader reader = DBAccessManager . SqlDBAccess . ExecuteReader ( cmd ) )
{
while ( reader . Read ( ) )
{
Users . Add ( new User ( )
{
ID = ( int ) reader [ 0 ] ,
UserName = ( string ) reader [ 1 ] ,
DisplayName = ( string ) reader [ 2 ] ,
Checked = ( string ) reader [ 3 ]
} ) ;
}
}
}
catch ( Exception ex ) { ExceptionManager . Publish ( ex ) ; }
return Users ;
2016-11-04 16:06:40 +08:00
} , CacheSection . RetrieveDescByKey ( RetrieveUsersByRoleIDDataKey ) ) ;
2016-10-28 20:18:12 +08:00
}
/// <summary>
/// 通过角色ID保存当前授权用户( 插入)
/// </summary>
/// <param name="id">角色ID</param>
/// <param name="value">用户ID数组</param>
/// <returns></returns>
2016-10-29 09:24:55 +08:00
public static bool SaveUsersByRoleId ( int id , string userIds )
2016-10-28 20:18:12 +08:00
{
2016-10-29 09:24:55 +08:00
bool ret = false ;
2016-10-28 20:18:12 +08:00
DataTable dt = new DataTable ( ) ;
dt . Columns . Add ( "RoleID" , typeof ( int ) ) ;
dt . Columns . Add ( "UserID" , typeof ( int ) ) ;
2016-11-02 12:12:34 +08:00
if ( ! string . IsNullOrEmpty ( userIds ) ) userIds . Split ( ',' ) . ToList ( ) . ForEach ( userId = > dt . Rows . Add ( id , userId ) ) ;
2016-10-29 09:24:55 +08:00
using ( TransactionPackage transaction = DBAccessManager . SqlDBAccess . BeginTransaction ( ) )
2016-10-28 20:18:12 +08:00
{
2016-10-29 09:24:55 +08:00
try
2016-10-28 20:18:12 +08:00
{
2016-10-29 09:24:55 +08:00
//删除用户角色表该角色所有的用户
2016-10-31 15:55:31 +08:00
string sql = "delete from UserRole where RoleID=@RoleID" ;
2016-10-29 09:24:55 +08:00
using ( DbCommand cmd = DBAccessManager . SqlDBAccess . CreateCommand ( CommandType . Text , sql ) )
2016-10-28 20:18:12 +08:00
{
2016-10-29 09:24:55 +08:00
cmd . Parameters . Add ( DBAccessManager . SqlDBAccess . CreateParameter ( "@RoleID" , id , ParameterDirection . Input ) ) ;
DBAccessManager . SqlDBAccess . ExecuteNonQuery ( cmd , transaction ) ;
//批插入用户角色表
using ( SqlBulkCopy bulk = new SqlBulkCopy ( ( SqlConnection ) transaction . Transaction . Connection , SqlBulkCopyOptions . Default , ( SqlTransaction ) transaction . Transaction ) )
{
bulk . DestinationTableName = "UserRole" ;
bulk . ColumnMappings . Add ( "RoleID" , "RoleID" ) ;
bulk . ColumnMappings . Add ( "UserID" , "UserID" ) ;
bulk . WriteToServer ( dt ) ;
transaction . CommitTransaction ( ) ;
}
2016-10-28 20:18:12 +08:00
}
2016-11-05 12:11:16 +08:00
CacheCleanUtility . ClearCache ( userIds : userIds , roleIds : id . ToString ( ) ) ;
2016-11-01 16:53:17 +08:00
ret = true ;
2016-10-29 09:24:55 +08:00
}
2016-11-01 16:53:17 +08:00
catch ( Exception ex )
2016-10-29 09:24:55 +08:00
{
ExceptionManager . Publish ( ex ) ;
transaction . RollbackTransaction ( ) ;
2016-10-28 20:18:12 +08:00
}
}
2016-10-29 09:24:55 +08:00
return ret ;
2016-10-22 16:58:31 +08:00
}
2016-10-29 17:38:23 +08:00
/// <summary>
/// 通过groupId获取所有用户
/// </summary>
/// <param name="roleId"></param>
/// <returns></returns>
public static IEnumerable < User > RetrieveUsersByGroupId ( int groupId )
{
2016-11-04 16:06:40 +08:00
string key = string . Format ( "{0}-{1}" , RetrieveUsersByGroupIDDataKey , groupId ) ;
return CacheManager . GetOrAdd ( key , CacheSection . RetrieveIntervalByKey ( RetrieveUsersByGroupIDDataKey ) , k = >
2016-10-29 17:38:23 +08:00
{
List < User > Users = new List < User > ( ) ;
2016-11-06 16:01:14 +08:00
string sql = "select u.ID, u.UserName, u.DisplayName, case ur.UserID when u.ID then 'checked' else '' end [status] from Users u left join UserGroup ur on u.ID = ur.UserID and GroupID =@groupId where u.ApprovedTime is not null" ;
2016-10-29 17:38:23 +08:00
DbCommand cmd = DBAccessManager . SqlDBAccess . CreateCommand ( CommandType . Text , sql ) ;
cmd . Parameters . Add ( DBAccessManager . SqlDBAccess . CreateParameter ( "@GroupID" , groupId , ParameterDirection . Input ) ) ;
try
{
using ( DbDataReader reader = DBAccessManager . SqlDBAccess . ExecuteReader ( cmd ) )
{
while ( reader . Read ( ) )
{
Users . Add ( new User ( )
{
ID = ( int ) reader [ 0 ] ,
UserName = ( string ) reader [ 1 ] ,
DisplayName = ( string ) reader [ 2 ] ,
Checked = ( string ) reader [ 3 ]
} ) ;
}
}
}
catch ( Exception ex ) { ExceptionManager . Publish ( ex ) ; }
return Users ;
2016-11-04 16:06:40 +08:00
} , CacheSection . RetrieveDescByKey ( RetrieveUsersByRoleIDDataKey ) ) ;
2016-10-29 17:38:23 +08:00
}
/// <summary>
/// 通过部门ID保存当前授权用户( 插入)
/// </summary>
/// <param name="id">GroupID</param>
/// <param name="value">用户ID数组</param>
/// <returns></returns>
public static bool SaveUsersByGroupId ( int id , string userIds )
{
bool ret = false ;
DataTable dt = new DataTable ( ) ;
dt . Columns . Add ( "UserID" , typeof ( int ) ) ;
2016-11-01 16:53:17 +08:00
dt . Columns . Add ( "GroupID" , typeof ( int ) ) ;
2016-11-02 12:12:34 +08:00
if ( ! string . IsNullOrEmpty ( userIds ) ) userIds . Split ( ',' ) . ToList ( ) . ForEach ( userId = > dt . Rows . Add ( userId , id ) ) ;
2016-10-29 17:38:23 +08:00
using ( TransactionPackage transaction = DBAccessManager . SqlDBAccess . BeginTransaction ( ) )
{
try
{
//删除用户角色表该角色所有的用户
2016-11-06 16:01:14 +08:00
string sql = "delete from UserGroup where GroupID = @GroupID" ;
2016-10-29 17:38:23 +08:00
using ( DbCommand cmd = DBAccessManager . SqlDBAccess . CreateCommand ( CommandType . Text , sql ) )
{
2016-10-31 15:55:31 +08:00
cmd . Parameters . Add ( DBAccessManager . SqlDBAccess . CreateParameter ( "@GroupID" , id , ParameterDirection . Input ) ) ;
2016-10-29 17:38:23 +08:00
DBAccessManager . SqlDBAccess . ExecuteNonQuery ( cmd , transaction ) ;
//批插入用户角色表
using ( SqlBulkCopy bulk = new SqlBulkCopy ( ( SqlConnection ) transaction . Transaction . Connection , SqlBulkCopyOptions . Default , ( SqlTransaction ) transaction . Transaction ) )
{
bulk . DestinationTableName = "UserGroup" ;
bulk . ColumnMappings . Add ( "UserID" , "UserID" ) ;
bulk . ColumnMappings . Add ( "GroupID" , "GroupID" ) ;
bulk . WriteToServer ( dt ) ;
transaction . CommitTransaction ( ) ;
}
}
2016-11-05 12:11:16 +08:00
CacheCleanUtility . ClearCache ( userIds : userIds , groupIds : id . ToString ( ) ) ;
2016-10-29 17:38:23 +08:00
ret = true ;
}
catch ( Exception ex )
{
ExceptionManager . Publish ( ex ) ;
transaction . RollbackTransaction ( ) ;
}
}
return ret ;
}
2016-11-06 16:01:14 +08:00
/// <summary>
///
/// </summary>
/// <returns></returns>
public static bool RegisterUser ( string userName , string displayName , string password )
{
//TODO: 判断注册用户是否合理, 判断合法后插入数据库中返回真, 并通知管理员组有新用户注册, 需要批复。数据库Users表中增加一个字段标示用户是否被批复
if ( string . IsNullOrEmpty ( userName ) | | string . IsNullOrEmpty ( displayName ) | | string . IsNullOrEmpty ( password ) ) return false ;
return SaveUser ( new User ( ) { UserName = userName , DisplayName = displayName , Password = password } ) ;
}
2016-10-22 16:58:31 +08:00
}
2016-11-04 16:06:40 +08:00
}