using System; using System.Data; using System.Collections.Generic; using System.Text; using DSWeb.MvcShipping.Models.MsUserAuthority; using Microsoft.Practices.EnterpriseLibrary.Data; using DSWeb.Areas.CommMng.Models; using HcUtility.Comm; using DSWeb.MvcShipping.Models.ModuTreeRef; using DSWeb.Areas.CommMng.DAL; namespace DSWeb.MvcShipping.DAL.MsUerAuthority { public class MsUerAuthorityDAL { #region Inquery DataList static public List GetUserAuthorityList(string userid, string sort = null) { var strSql = new StringBuilder(); strSql.Append("SELECT * FROM ( "); strSql.Append("SELECT GID,USERID,VISIBLERANGE,OPERATERANGE,AUTHORITYID,DESCRIPTION,NAME,ISNULL((case VISIBLERANGE when 0 then '全部' when 1 then '本公司' "); strSql.Append("when 2 then '本部门' when 3 then '本人' when 4 then '无' when 5 then '选择公司' "); strSql.Append("when 6 then '选择人员' end),'') VISIBLERANGEREF,ISNULL((case OPERATERANGE when 0 then '全部' when 1 then '本公司' "); strSql.Append("when 2 then '本部门' when 3 then '本人' when 4 then '无' when 5 then '选择公司' "); strSql.Append("when 6 then '选择人员' end),'') OPERATERANGEREF,VSSQL "); strSql.Append(" from VW_User_Authority "); strSql.Append(" where USERID='" + userid + "'"); strSql.Append(" UNION SELECT '' GID,'" + userid + "' USERID, 4 VISIBLERANGE,4 OPERATERANGE,GID AUTHORITYID,DESCRIPTION,NAME, "); strSql.Append(" '无' VISIBLERANGEREF,'无' OPERATERANGEREF,'' VSSQL "); strSql.Append(" from user_authority_info "); strSql.Append(" where GID NOT IN (SELECT AUTHORITYID FROM user_authority_range WHERE USERID='" + userid + "')"); strSql.Append(" ) AS DL "); var sortstring = DatasetSort.Getsortstring(sort); if (!string.IsNullOrEmpty(sortstring) && sortstring.Trim()!="") { strSql.Append(" order by " + sortstring); } else { strSql.Append(" order by DESCRIPTION"); } return SetData(strSql); } private static List SetData(StringBuilder strSql) { var headList = new List(); Database db = DatabaseFactory.CreateDatabase(); using (IDataReader reader = db.ExecuteReader(CommandType.Text, strSql.ToString())) { while (reader.Read()) { UserAuthority data = new UserAuthority(); #region Set DB data to Object data.GID = Convert.ToString(reader["GID"]); data.USERID = Convert.ToString(reader["USERID"]); data.VISIBLERANGE = Convert.ToString(reader["VISIBLERANGE"]); data.OPERATERANGE = Convert.ToString(reader["OPERATERANGE"]); data.VISIBLERANGEREF = Convert.ToString(reader["VISIBLERANGEREF"]); data.OPERATERANGEREF = Convert.ToString(reader["OPERATERANGEREF"]); data.AUTHORITYID = Convert.ToString(reader["AUTHORITYID"]); data.DESCRIPTION = Convert.ToString(reader["DESCRIPTION"]); data.NAME = Convert.ToString(reader["NAME"]); data.VSSQL = Convert.ToString(reader["VSSQL"]); #endregion headList.Add(data); } reader.Close(); } return headList; } #endregion static public List GetUserTreeRefList(string PARENTID, bool exp = false,string condition="") { var strSql = new StringBuilder(); strSql.Append("SELECT "); strSql.Append(" GID,NAME,DESCRIPTION,PARENTID,TYPE"); strSql.Append(" from VW_user_company_tree "); strSql.Append(" where parentid='" + PARENTID + "'"); if (!string.IsNullOrEmpty(condition)) { strSql.Append(" and " + condition); } strSql.Append(" order by TYPE,DESCRIPTION "); return SetUserTreeRefData(strSql, exp); } private static List SetUserTreeRefData(StringBuilder strSql,bool exp=false) { var headList = new List(); Database db = DatabaseFactory.CreateDatabase(); using (IDataReader reader = db.ExecuteReader(CommandType.Text, strSql.ToString())) { while (reader.Read()) { UserTreeRefModel data = new UserTreeRefModel(); #region Set DB data to Object data.id = Convert.ToString(reader["GID"]); data.NAME = Convert.ToString(reader["NAME"]); data.DESCRIPTION = Convert.ToString(reader["DESCRIPTION"]); data.PARENTID = Convert.ToString(reader["PARENTID"]); data.TYPE = Convert.ToString(reader["TYPE"]); if (data.TYPE == "2") { data.leaf = true; data.expanded = true; } else { data.leaf = false; data.expanded = exp; }; #endregion headList.Add(data); } reader.Close(); } return headList; } public static DBResult SaveDetail(List bodyList, string userid) { var result = new DBResult(); Database db = DatabaseFactory.CreateDatabase(); using (var conn = db.CreateConnection()) { conn.Open(); var tran = conn.BeginTransaction(); try { var cmdUpdate = db.GetSqlStringCommand( @"update user_authority_range set VISIBLERANGE=@VISIBLERANGE,OPERATERANGE=@OPERATERANGE,MODIFIEDUSER=@MODIFIEDUSER,MODIFIEDTIME=@MODIFIEDTIME,VSSQL=@VSSQL where GID=@GID "); var cmdInsert = db.GetSqlStringCommand( @"insert into user_authority_range (GID,USERID,AUTHORITYID,VISIBLERANGE,OPERATERANGE,CREATEUSER,CREATETIME,VSSQL) values (@GID,@USERID,@AUTHORITYID,@VISIBLERANGE,@OPERATERANGE,@CREATEUSER,@CREATETIME,@VSSQL) "); if (bodyList != null) { foreach (var enumValue in bodyList) { if (enumValue.GID == "") { cmdInsert.Parameters.Clear(); db.AddInParameter(cmdInsert, "@GID", DbType.String, Guid.NewGuid().ToString()); db.AddInParameter(cmdInsert, "@USERID", DbType.String, enumValue.USERID); db.AddInParameter(cmdInsert, "@AUTHORITYID", DbType.String, enumValue.AUTHORITYID); db.AddInParameter(cmdInsert, "@VISIBLERANGE", DbType.String, enumValue.VISIBLERANGE); db.AddInParameter(cmdInsert, "@OPERATERANGE", DbType.String, enumValue.OPERATERANGE); db.AddInParameter(cmdInsert, "@CREATEUSER", DbType.String, userid); db.AddInParameter(cmdInsert, "@CREATETIME", DbType.String, DateTime.Now.ToString("yyyy-MM-dd")); db.AddInParameter(cmdInsert, "@VSSQL", DbType.String, enumValue.VSSQL); db.ExecuteNonQuery(cmdInsert, tran); } else { cmdUpdate.Parameters.Clear(); db.AddInParameter(cmdUpdate, "@GID", DbType.String, enumValue.GID); db.AddInParameter(cmdUpdate, "@VISIBLERANGE", DbType.String, enumValue.VISIBLERANGE); db.AddInParameter(cmdUpdate, "@OPERATERANGE", DbType.String, enumValue.OPERATERANGE); db.AddInParameter(cmdUpdate, "@MODIFIEDUSER", DbType.String, userid); db.AddInParameter(cmdUpdate, "@MODIFIEDTIME", DbType.String, DateTime.Now.ToString("yyyy-MM-dd")); db.AddInParameter(cmdUpdate, "@VSSQL", DbType.String, enumValue.VSSQL); db.ExecuteNonQuery(cmdUpdate, tran); } } } tran.Commit(); } catch (Exception) { tran.Rollback(); result.Success = false; result.Message = "保存出现错误,请重试或联系系统管理员"; return result; } } result.Success = true; result.Message = "保存成功" + result.Message; return result; } #region 公司范围 static public List GetUserAuthorityCompanyList(string userid,string AUTHORITYID, string sort = null) { var strSql = new StringBuilder(); strSql.Append("SELECT * FROM ( "); strSql.Append("SELECT GID,USERID,VISIBLERANGE,OPERATERANGE,AUTHORITYID,COMPANYID, "); strSql.Append("(SELECT NAME FROM company WHERE GID=user_authority_range_company.COMPANYID) COMPANY"); strSql.Append(" from user_authority_range_company "); strSql.Append(" where USERID='" + userid + "' AND AUTHORITYID='" + AUTHORITYID + "' "); strSql.Append(" UNION SELECT '' GID,'" + userid + "' USERID, 0 VISIBLERANGE,0 OPERATERANGE,'" + AUTHORITYID + "' AUTHORITYID,GID COMPANYID, "); strSql.Append(" NAME COMPANY "); strSql.Append(" from company "); strSql.Append(" where GID NOT IN (SELECT COMPANYID FROM user_authority_range_company WHERE USERID='" + userid + "' AND AUTHORITYID='" + AUTHORITYID + "')"); strSql.Append(" ) AS DL "); var sortstring = DatasetSort.Getsortstring(sort); if (!string.IsNullOrEmpty(sortstring) && sortstring.Trim() != "") { strSql.Append(" order by " + sortstring); } else { strSql.Append(" order by COMPANY"); } return SetCompanyData(strSql); } private static List SetCompanyData(StringBuilder strSql) { var headList = new List(); Database db = DatabaseFactory.CreateDatabase(); using (IDataReader reader = db.ExecuteReader(CommandType.Text, strSql.ToString())) { while (reader.Read()) { UserAuthorityCompany data = new UserAuthorityCompany(); #region Set DB data to Object data.GID = Convert.ToString(reader["GID"]); data.USERID = Convert.ToString(reader["USERID"]); if (Convert.ToString(reader["VISIBLERANGE"])=="1") data.VISIBLERANGE =true; else data.VISIBLERANGE = false; if (Convert.ToString(reader["OPERATERANGE"]) == "1") data.OPERATERANGE =true; else data.OPERATERANGE =false; data.COMPANYID = Convert.ToString(reader["COMPANYID"]); data.COMPANY = Convert.ToString(reader["COMPANY"]); data.AUTHORITYID = Convert.ToString(reader["AUTHORITYID"]); #endregion headList.Add(data); } reader.Close(); } return headList; } public static DBResult SaveAuthorityCompanyDetail(List bodyList, string userid,string rtype) { var result = new DBResult(); Database db = DatabaseFactory.CreateDatabase(); using (var conn = db.CreateConnection()) { conn.Open(); var tran = conn.BeginTransaction(); try { var cmdUpdate = db.GetSqlStringCommand( @"update user_authority_range_company set VISIBLERANGE=@VISIBLERANGE,MODIFIEDUSER=@MODIFIEDUSER,MODIFIEDTIME=@MODIFIEDTIME where GID=@GID "); var cmdUpdateop = db.GetSqlStringCommand( @"update user_authority_range_company set OPERATERANGE=@OPERATERANGE,MODIFIEDUSER=@MODIFIEDUSER,MODIFIEDTIME=@MODIFIEDTIME where GID=@GID "); var cmdInsert = db.GetSqlStringCommand( @"insert into user_authority_range_company (GID,USERID,AUTHORITYID,COMPANYID,VISIBLERANGE,OPERATERANGE,CREATEUSER,CREATETIME) values (@GID,@USERID,@AUTHORITYID,@COMPANYID,@VISIBLERANGE,@OPERATERANGE,@CREATEUSER,@CREATETIME) "); if (bodyList != null) { foreach (var enumValue in bodyList) { if (enumValue.GID == "") { cmdInsert.Parameters.Clear(); db.AddInParameter(cmdInsert, "@GID", DbType.String, Guid.NewGuid().ToString()); db.AddInParameter(cmdInsert, "@USERID", DbType.String, enumValue.USERID); db.AddInParameter(cmdInsert, "@AUTHORITYID", DbType.String, enumValue.AUTHORITYID); db.AddInParameter(cmdInsert, "@COMPANYID", DbType.String, enumValue.COMPANYID); if (enumValue.VISIBLERANGE) db.AddInParameter(cmdInsert, "@VISIBLERANGE", DbType.String,"1"); else db.AddInParameter(cmdInsert, "@VISIBLERANGE", DbType.String,"0"); if (enumValue.OPERATERANGE) db.AddInParameter(cmdInsert, "@OPERATERANGE", DbType.String,"1"); else db.AddInParameter(cmdInsert, "@OPERATERANGE", DbType.String,"0"); db.AddInParameter(cmdInsert, "@CREATEUSER", DbType.String, userid); db.AddInParameter(cmdInsert, "@CREATETIME", DbType.String, DateTime.Now.ToString("yyyy-MM-dd")); db.ExecuteNonQuery(cmdInsert, tran); } else { if (rtype == "OP") { cmdUpdateop.Parameters.Clear(); db.AddInParameter(cmdUpdateop, "@GID", DbType.String, enumValue.GID); if (enumValue.OPERATERANGE) db.AddInParameter(cmdUpdateop, "@OPERATERANGE", DbType.String, "1"); else db.AddInParameter(cmdUpdateop, "@OPERATERANGE", DbType.String, "0"); db.AddInParameter(cmdUpdateop, "@MODIFIEDUSER", DbType.String, userid); db.AddInParameter(cmdUpdateop, "@MODIFIEDTIME", DbType.String, DateTime.Now.ToString("yyyy-MM-dd")); db.ExecuteNonQuery(cmdUpdateop, tran); } else { cmdUpdate.Parameters.Clear(); db.AddInParameter(cmdUpdate, "@GID", DbType.String, enumValue.GID); if (enumValue.VISIBLERANGE) db.AddInParameter(cmdUpdate, "@VISIBLERANGE", DbType.String, "1"); else db.AddInParameter(cmdUpdate, "@VISIBLERANGE", DbType.String, "0"); db.AddInParameter(cmdUpdate, "@MODIFIEDUSER", DbType.String, userid); db.AddInParameter(cmdUpdate, "@MODIFIEDTIME", DbType.String, DateTime.Now.ToString("yyyy-MM-dd")); db.ExecuteNonQuery(cmdUpdate, tran); } } } } tran.Commit(); } catch (Exception) { tran.Rollback(); result.Success = false; result.Message = "保存出现错误,请重试或联系系统管理员"; return result; } } result.Success = true; result.Message = "保存成功" + result.Message; return result; } #endregion #region 人员范围 static public List GetUserAuthorityOpList(string userid, string AUTHORITYID, string sort = null) { var strSql = new StringBuilder(); strSql.Append("SELECT * FROM ( "); strSql.Append("SELECT GID,USERID,VISIBLERANGE,OPERATERANGE,AUTHORITYID,OPID, "); strSql.Append("(SELECT SHOWNAME+'('+companyname+')' FROM [VW_user] WHERE userid=user_authority_range_op.OPID) OPNAME,"); strSql.Append("(SELECT companyname FROM [VW_user] WHERE userid=user_authority_range_op.OPID) COMPANYNAME,"); strSql.Append("(SELECT DEPTNAME FROM [VW_user] WHERE userid=user_authority_range_op.OPID) DEPTNAME"); strSql.Append(" from user_authority_range_op "); strSql.Append(" where USERID='" + userid + "' AND AUTHORITYID='" + AUTHORITYID + "' "); strSql.Append(" UNION SELECT '' GID,'" + userid + "' USERID, 0 VISIBLERANGE,0 OPERATERANGE,'" + AUTHORITYID + "' AUTHORITYID,userid OPID, "); strSql.Append(" SHOWNAME+'('+companyname+')' OPNAME,COMPANYNAME,DEPTNAME "); strSql.Append(" from VW_user "); strSql.Append(" where userid NOT IN (SELECT OPID FROM user_authority_range_op WHERE USERID='" + userid + "' AND AUTHORITYID='" + AUTHORITYID + "')"); strSql.Append(" ) AS DL "); var sortstring = DatasetSort.Getsortstring(sort); if (!string.IsNullOrEmpty(sortstring) && sortstring.Trim() != "") { strSql.Append(" order by " + sortstring); } else { strSql.Append(" order by COMPANYNAME,DEPTNAME,OPNAME"); } return SetOpData(strSql); } #region 组成树形的选择人员数据结构 static public List GetUserAuthorityVISIBLE_Tree(string PARENTID, string userid, string AUTHORITYID) { var strSql = new StringBuilder(); strSql.Append(" select *,id OPID,0 OPERATERANGE ,'' DEPTNAME,'" + AUTHORITYID + "' AUTHORITYID,VISIBLERANGE checked from "); strSql.Append(" ( "); strSql.Append(" select u.userid id,SHOWNAME OPNAME, deptgid PARENTID, 1 isleaf, isnull(r.VISIBLERANGE, 0)VISIBLERANGE,r.GID,'"+ userid + "' USERID "); strSql.Append(" from vw_user u "); strSql.Append(" left join user_authority_range_op r on AUTHORITYID = '" + AUTHORITYID + "' and r.OPID = u.userid "); strSql.Append(" and r.userid = '" + userid + "' "); strSql.Append(" union all "); strSql.Append(" select distinct vu.companyid id, vu.companyname OPNAME, '0' parentid, 0 isleaf, (case when exists(select 1 from user_authority_range_op op where AUTHORITYID = '" + AUTHORITYID + "' and userid = '" + userid + "' and op.VISIBLERANGE=1 and exists(select(1) from vw_user v2 where v2.COMPANYID = vu.companyid and op.OPID = v2.USERID )) then 1 else 0 end) VISIBLERANGE,'' GID,'' USERID "); strSql.Append(" from vw_user vu "); strSql.Append(" union all "); strSql.Append(" select distinct vu.deptgid id, vu.DEPTNAME OPNAME, vu.companyid parentid, 0 isleaf, (case when exists(select 1 from user_authority_range_op op where AUTHORITYID = '" + AUTHORITYID + "' and userid = '" + userid + "' and op.VISIBLERANGE=1 and exists(select(1) from vw_user v2 where v2.deptgid = vu.deptgid and op.OPID = v2.USERID)) then 1 else 0 end) VISIBLERANGE,'' GID,'' USERID "); strSql.Append(" from vw_user vu "); strSql.Append(" )t where PARENTID = '" + PARENTID + "' "); return SetOpData(strSql); } static public List GetUserAuthorityOPERATE_Tree(string PARENTID,string userid, string AUTHORITYID) { var strSql = new StringBuilder(); strSql.Append(" select *,id OPID,0 VISIBLERANGE,'' DEPTNAME,'"+ AUTHORITYID + "' AUTHORITYID,OPERATERANGE checked from "); strSql.Append(" ( "); strSql.Append(" select u.userid id,SHOWNAME OPNAME, deptgid PARENTID, 1 isleaf, isnull(r.OPERATERANGE, 0)OPERATERANGE,r.GID,'" + userid + "' USERID "); strSql.Append(" from vw_user u "); strSql.Append(" left join user_authority_range_op r on AUTHORITYID = '"+ AUTHORITYID + "' and r.OPID = u.userid "); strSql.Append(" and r.userid = '"+ userid + "' "); strSql.Append(" union all "); strSql.Append(" select distinct vu.companyid id, vu.companyname OPNAME, '0' parentid, 0 isleaf, (case when exists(select 1 from user_authority_range_op op where AUTHORITYID = '" + AUTHORITYID + "' and userid = '" + userid + "' and op.OPERATERANGE=1 and exists(select(1) from vw_user v2 where v2.COMPANYID = vu.companyid and op.OPID = v2.USERID )) then 1 else 0 end) OPERATERANGE,'' GID,'' USERID "); strSql.Append(" from vw_user vu "); strSql.Append(" union all "); strSql.Append(" select distinct vu.deptgid id, vu.DEPTNAME OPNAME, vu.companyid parentid, 0 isleaf, (case when exists(select 1 from user_authority_range_op op where AUTHORITYID = '" + AUTHORITYID + "' and userid = '" + userid + "' and op.OPERATERANGE=1 and exists(select(1) from vw_user v2 where v2.deptgid = vu.deptgid and op.OPID = v2.USERID)) then 1 else 0 end) OPERATERANGE,'' GID,'' USERID "); strSql.Append(" from vw_user vu "); strSql.Append(" )t where PARENTID = '"+ PARENTID + "' "); return SetOpData(strSql); } static public List GetUserAuthority_All(string USERID, string AUTHORITYID) { var strSql = new StringBuilder(); strSql.Append(" select *,id OPID,'' DEPTNAME,'" + AUTHORITYID + "' AUTHORITYID from "); strSql.Append(" ( "); strSql.Append(" select u.userid id,SHOWNAME OPNAME, deptgid PARENTID, 1 isleaf, isnull(r.OPERATERANGE, 0)OPERATERANGE, isnull(r.VISIBLERANGE, 0)VISIBLERANGE,r.GID,'" + USERID + "' USERID "); strSql.Append(" from vw_user u "); strSql.Append(" left join user_authority_range_op r on AUTHORITYID = '" + AUTHORITYID + "' and r.OPID = u.userid "); strSql.Append(" and r.userid = '" + USERID + "' "); strSql.Append(" )t "); return SetOpData(strSql); } #endregion private static List SetOpData(StringBuilder strSql) { var headList = new List(); Database db = DatabaseFactory.CreateDatabase(); using (IDataReader reader = db.ExecuteReader(CommandType.Text, strSql.ToString())) { while (reader.Read()) { UserAuthorityOp data = new UserAuthorityOp(); #region Set DB data to Object data.GID = Convert.ToString(reader["GID"]); data.USERID = Convert.ToString(reader["USERID"]); if (Convert.ToString(reader["VISIBLERANGE"]) == "1") data.VISIBLERANGE = true; else data.VISIBLERANGE = false; if (Convert.ToString(reader["OPERATERANGE"]) == "1") data.OPERATERANGE = true; else data.OPERATERANGE = false; data.OPID = Convert.ToString(reader["OPID"]); data.OPNAME = Convert.ToString(reader["OPNAME"]); data.DEPTNAME = Convert.ToString(reader["DEPTNAME"]); data.AUTHORITYID = Convert.ToString(reader["AUTHORITYID"]); if (BasicDataRefDAL.ReadFieldExist(reader, "id")) data.id = Convert.ToString(reader["id"]); if (BasicDataRefDAL.ReadFieldExist(reader, "PARENTID")) data.PARENTID = Convert.ToString(reader["PARENTID"]); if (BasicDataRefDAL.ReadFieldExist(reader, "isleaf")) { if(Convert.ToString(reader["isleaf"])=="1") data.leaf = true; if (Convert.ToString(reader["isleaf"]) == "0") data.leaf = false; } if (BasicDataRefDAL.ReadFieldExist(reader, "checked")) { if (Convert.ToString(reader["checked"]) == "1") data.@checked = true; if (Convert.ToString(reader["checked"]) == "0") data.@checked = false; } #endregion headList.Add(data); } reader.Close(); } //遍历headList 寻找其中的 return headList; } public static DBResult SaveAuthorityOpDetail(List bodyList, string userid, string rtype) { var result = new DBResult(); Database db = DatabaseFactory.CreateDatabase(); using (var conn = db.CreateConnection()) { conn.Open(); var tran = conn.BeginTransaction(); try { var cmdUpdate = db.GetSqlStringCommand( @"update user_authority_range_op set VISIBLERANGE=@VISIBLERANGE,MODIFIEDUSER=@MODIFIEDUSER,MODIFIEDTIME=@MODIFIEDTIME where GID=@GID "); var cmdUpdateop = db.GetSqlStringCommand( @"update user_authority_range_op set OPERATERANGE=@OPERATERANGE,MODIFIEDUSER=@MODIFIEDUSER,MODIFIEDTIME=@MODIFIEDTIME where GID=@GID "); var cmdInsert = db.GetSqlStringCommand( @"insert into user_authority_range_op (GID,USERID,AUTHORITYID,OPID,VISIBLERANGE,OPERATERANGE,CREATEUSER,CREATETIME) values (@GID,@USERID,@AUTHORITYID,@OPID,@VISIBLERANGE,@OPERATERANGE,@CREATEUSER,@CREATETIME) "); if (bodyList != null) { foreach (var enumValue in bodyList) { if (enumValue.GID == "") { cmdInsert.Parameters.Clear(); db.AddInParameter(cmdInsert, "@GID", DbType.String, Guid.NewGuid().ToString()); db.AddInParameter(cmdInsert, "@USERID", DbType.String, enumValue.USERID); db.AddInParameter(cmdInsert, "@AUTHORITYID", DbType.String, enumValue.AUTHORITYID); db.AddInParameter(cmdInsert, "@OPID", DbType.String, enumValue.OPID); if (enumValue.VISIBLERANGE) db.AddInParameter(cmdInsert, "@VISIBLERANGE", DbType.String, "1"); else db.AddInParameter(cmdInsert, "@VISIBLERANGE", DbType.String, "0"); if (enumValue.OPERATERANGE) db.AddInParameter(cmdInsert, "@OPERATERANGE", DbType.String, "1"); else db.AddInParameter(cmdInsert, "@OPERATERANGE", DbType.String, "0"); db.AddInParameter(cmdInsert, "@CREATEUSER", DbType.String, userid); db.AddInParameter(cmdInsert, "@CREATETIME", DbType.String, DateTime.Now.ToString("yyyy-MM-dd")); db.ExecuteNonQuery(cmdInsert, tran); } else { if (rtype == "OP") { cmdUpdateop.Parameters.Clear(); db.AddInParameter(cmdUpdateop, "@GID", DbType.String, enumValue.GID); if (enumValue.OPERATERANGE) db.AddInParameter(cmdUpdateop, "@OPERATERANGE", DbType.String, "1"); else db.AddInParameter(cmdUpdateop, "@OPERATERANGE", DbType.String, "0"); db.AddInParameter(cmdUpdateop, "@MODIFIEDUSER", DbType.String, userid); db.AddInParameter(cmdUpdateop, "@MODIFIEDTIME", DbType.String, DateTime.Now.ToString("yyyy-MM-dd")); db.ExecuteNonQuery(cmdUpdateop, tran); } if (rtype == "VS") { cmdUpdate.Parameters.Clear(); db.AddInParameter(cmdUpdate, "@GID", DbType.String, enumValue.GID); if (enumValue.VISIBLERANGE) db.AddInParameter(cmdUpdate, "@VISIBLERANGE", DbType.String, "1"); else db.AddInParameter(cmdUpdate, "@VISIBLERANGE", DbType.String, "0"); db.AddInParameter(cmdUpdate, "@MODIFIEDUSER", DbType.String, userid); db.AddInParameter(cmdUpdate, "@MODIFIEDTIME", DbType.String, DateTime.Now.ToString("yyyy-MM-dd")); db.ExecuteNonQuery(cmdUpdate, tran); } } } } tran.Commit(); } catch (Exception) { tran.Rollback(); result.Success = false; result.Message = "保存出现错误,请重试或联系系统管理员"; return result; } } result.Success = true; result.Message = "保存成功" + result.Message; return result; } public static DBResult SaveAuthorityOpDetailAll(string AUTHORITYID,string op, string userid, string rtype) { var result = new DBResult(); //var UserAuthorityList=GetUserAuthorityList(userid); //if (rtype == "OP") //{ // UserAuthorityList.FindAll(x=>x.OPERATERANGEREF=="选择人员"); //} //else { // UserAuthorityList.FindAll(x => x.VISIBLERANGEREF == "选择人员"); //} Database db = DatabaseFactory.CreateDatabase(); using (var conn = db.CreateConnection()) { conn.Open(); var tran = conn.BeginTransaction(); try { var cmdInsertOp = db.GetSqlStringCommand( @"if (select GID from user_authority_range_op where USERID='" + op + "' and OPID=@OPID AND AUTHORITYID=@AUTHORITYID) is null " + " insert into user_authority_range_op (GID,USERID,AUTHORITYID,OPID,VISIBLERANGE,OPERATERANGE,CREATEUSER,CREATETIME)" + " values (@GID,@USERID,@AUTHORITYID,@OPID,@VISIBLERANGE,@OPERATERANGE,@CREATEUSER,@CREATETIME) else " + "update user_authority_range_op set OPERATERANGE=@OPERATERANGE,MODIFIEDUSER=@MODIFIEDUSER,MODIFIEDTIME=@MODIFIEDTIME where USERID='" + userid + "' and OPID=@OPID AND AUTHORITYID=@AUTHORITYID"); if (rtype == "OP") { var cmdInsertOP = db.GetSqlStringCommand( @"update user_authority_range_op set OPERATERANGE=0 from user_authority_range_op p where USERID='" + op + "' and AUTHORITYID<>'" + AUTHORITYID + "' " + " update user_authority_range_op set OPERATERANGE=1,MODIFIEDUSER='" + userid + "',MODIFIEDTIME=getdate() from user_authority_range_op p where USERID='" + op + "' and AUTHORITYID<>'" + AUTHORITYID + "' " + " and opid in (select opid from user_authority_range_op where AUTHORITYID='" + AUTHORITYID + "' and OPERATERANGE=1 and USERID='" + op + "') " + " insert into user_authority_range_op (GID,USERID,AUTHORITYID,OPID,VISIBLERANGE,OPERATERANGE,CREATEUSER,CREATETIME) " + " select newid() GID,'" + op + "' USERID,A.AUTHORITYID,U.OPID,0 VISIBLERANGE,U.OPERATERANGE,'" + userid + "' CREATEUSER,GETDATE() CREATETIME from VW_User_Authority A, user_authority_range_op U where A.OPERATERANGE=6 AND A.USERID='" + op + "' AND U.AUTHORITYID='" + AUTHORITYID + "' and U.OPERATERANGE=1" + " and a.AUTHORITYID<>'" + AUTHORITYID + "' and u.userid='" +op+ "' and not EXISTS (select 1 from user_authority_range_op y where y.AUTHORITYID=a.AUTHORITYID and y.USERID='" + op + "' and y.OPID=u.OPID)"); db.ExecuteNonQuery(cmdInsertOP, tran); } else { var cmdInsertVs = db.GetSqlStringCommand( @"update user_authority_range_op set VISIBLERANGE=0 from user_authority_range_op p where USERID='"+ op + "' and AUTHORITYID<>'"+ AUTHORITYID + "' " + " update user_authority_range_op set VISIBLERANGE=1,MODIFIEDUSER='"+userid+"',MODIFIEDTIME=getdate() from user_authority_range_op p where USERID='"+ op + "' and AUTHORITYID<>'"+ AUTHORITYID + "' " + " and opid in (select opid from user_authority_range_op where AUTHORITYID='"+ AUTHORITYID + "' and VISIBLERANGE=1 and USERID='"+op+"') " + " insert into user_authority_range_op (GID,USERID,AUTHORITYID,OPID,VISIBLERANGE,OPERATERANGE,CREATEUSER,CREATETIME) " + " select newid() GID,'"+op+ "' USERID,A.AUTHORITYID,U.OPID,U.VISIBLERANGE,0 OPERATERANGE,'" + userid+ "' CREATEUSER,GETDATE() CREATETIME from VW_User_Authority A, user_authority_range_op U where A.VISIBLERANGE=6 AND A.USERID='" + op + "' AND U.AUTHORITYID='"+ AUTHORITYID + "' and U.VISIBLERANGE=1 " + " and a.AUTHORITYID<>'" + AUTHORITYID + "' and u.userid='" + op + "' and not EXISTS (select 1 from user_authority_range_op y where y.AUTHORITYID=a.AUTHORITYID and y.USERID='" + op + "' and y.OPID=u.OPID) "); db.ExecuteNonQuery(cmdInsertVs, tran); } //if (UserAuthorityList != null) //{ // foreach (var enumValueAuthority in UserAuthorityList) // { // if (bodyList != null) // { // foreach (var enumValue in bodyList) // { // if (rtype == "OP") // { // cmdInsertOp.Parameters.Clear(); // db.AddInParameter(cmdInsertOp, "@OPID", DbType.String, enumValue.OPID); // db.AddInParameter(cmdInsertOp, "@AUTHORITYID", DbType.String, enumValueAuthority.AUTHORITYID); // db.AddInParameter(cmdInsertOp, "@USERID", DbType.String,userid); // db.AddInParameter(cmdInsertOp, "@GID", DbType.String, Guid.NewGuid().ToString()); // if (enumValue.OPERATERANGE) // db.AddInParameter(cmdInsertOp, "@OPERATERANGE", DbType.String, "1"); // else // db.AddInParameter(cmdInsertOp, "@OPERATERANGE", DbType.String, "0"); // db.AddInParameter(cmdInsertOp, "@VISIBLERANGE", DbType.String, "0"); // db.AddInParameter(cmdInsertOp, "@CREATEUSER", DbType.String, userid); // db.AddInParameter(cmdInsertOp, "@CREATETIME", DbType.String, DateTime.Now.ToString("yyyy-MM-dd")); // db.AddInParameter(cmdInsertOp, "@MODIFIEDUSER", DbType.String, userid); // db.AddInParameter(cmdInsertOp, "@MODIFIEDTIME", DbType.String, DateTime.Now.ToString("yyyy-MM-dd")); // db.ExecuteNonQuery(cmdInsertOp, tran); // } // else // { // cmdInsertVs.Parameters.Clear(); // db.AddInParameter(cmdInsertVs, "@OPID", DbType.String, enumValue.OPID); // db.AddInParameter(cmdInsertVs, "@AUTHORITYID", DbType.String, enumValueAuthority.AUTHORITYID); // db.AddInParameter(cmdInsertVs, "@USERID", DbType.String, userid); // db.AddInParameter(cmdInsertVs, "@GID", DbType.String, Guid.NewGuid().ToString()); // if (enumValue.VISIBLERANGE) // db.AddInParameter(cmdInsertVs, "@VISIBLERANGE", DbType.String, "1"); // else // db.AddInParameter(cmdInsertVs, "@VISIBLERANGE", DbType.String, "0"); // db.AddInParameter(cmdInsertVs, "@OPERATERANGE", DbType.String, "0"); // db.AddInParameter(cmdInsertVs, "@CREATEUSER", DbType.String, userid); // db.AddInParameter(cmdInsertVs, "@CREATETIME", DbType.String, DateTime.Now.ToString("yyyy-MM-dd")); // db.AddInParameter(cmdInsertVs, "@MODIFIEDUSER", DbType.String, userid); // db.AddInParameter(cmdInsertVs, "@MODIFIEDTIME", DbType.String, DateTime.Now.ToString("yyyy-MM-dd")); // db.ExecuteNonQuery(cmdInsertVs, tran); // } // } // } // } //} tran.Commit(); } catch (Exception) { tran.Rollback(); result.Success = false; result.Message = "保存出现错误,请重试或联系系统管理员"; return result; } } result.Success = true; result.Message = "保存成功" + result.Message; return result; } public static DBResult SaveAuthorityCompanyDetailAll(string AUTHORITYID, string op, string userid, string rtype) { var result = new DBResult(); Database db = DatabaseFactory.CreateDatabase(); using (var conn = db.CreateConnection()) { conn.Open(); var tran = conn.BeginTransaction(); try { if (rtype == "OP") { var cmdInsertOP = db.GetSqlStringCommand( @"update user_authority_range_company set OPERATERANGE=0 from user_authority_range_company p where USERID='" + op + "' and AUTHORITYID<>'" + AUTHORITYID + "' " + " update user_authority_range_company set OPERATERANGE=1,MODIFIEDUSER='" + userid + "',MODIFIEDTIME=getdate() from user_authority_range_company p where USERID='" + op + "' and AUTHORITYID<>'" + AUTHORITYID + "' " + " and companyid in (select companyid from user_authority_range_company where AUTHORITYID='" + AUTHORITYID + "' and OPERATERANGE=1 and USERID='" + op + "') " + " insert into user_authority_range_company (GID,USERID,AUTHORITYID,COMPANYID,VISIBLERANGE,OPERATERANGE,CREATEUSER,CREATETIME) " + " select newid() GID,'" + op + "' USERID,A.AUTHORITYID,U.COMPANYID,0 VISIBLERANGE,U.OPERATERANGE,'" + userid + "' CREATEUSER,GETDATE() CREATETIME from VW_User_Authority A, user_authority_range_company U where A.OPERATERANGE=5 AND A.USERID='" + op + "' AND U.AUTHORITYID='" + AUTHORITYID + "' and U.OPERATERANGE=1" + " and a.AUTHORITYID<>'" + AUTHORITYID + "' and u.userid='" + op + "' and not EXISTS (select 1 from user_authority_range_company y where y.AUTHORITYID=a.AUTHORITYID and y.USERID='" + op + "' and y.COMPANYID=u.COMPANYID)"); db.ExecuteNonQuery(cmdInsertOP, tran); } else { var cmdInsertVs = db.GetSqlStringCommand( @"update user_authority_range_company set VISIBLERANGE=0 from user_authority_range_company p where USERID='" + op + "' and AUTHORITYID<>'" + AUTHORITYID + "' " + " update user_authority_range_company set VISIBLERANGE=1,MODIFIEDUSER='" + userid + "',MODIFIEDTIME=getdate() from user_authority_range_company p where USERID='" + op + "' and AUTHORITYID<>'" + AUTHORITYID + "' " + " and COMPANYID in (select COMPANYID from user_authority_range_company where AUTHORITYID='" + AUTHORITYID + "' and VISIBLERANGE=1 and USERID='" + op + "') " + " insert into user_authority_range_company (GID,USERID,AUTHORITYID,COMPANYID,VISIBLERANGE,OPERATERANGE,CREATEUSER,CREATETIME) " + " select newid() GID,'" + op + "' USERID,A.AUTHORITYID,U.COMPANYID,U.VISIBLERANGE,0 OPERATERANGE,'" + userid + "' CREATEUSER,GETDATE() CREATETIME from VW_User_Authority A, user_authority_range_company U where A.VISIBLERANGE=5 AND A.USERID='" + op + "' AND U.AUTHORITYID='" + AUTHORITYID + "' and U.VISIBLERANGE=1 " + " and a.AUTHORITYID<>'" + AUTHORITYID + "' and u.userid='" + op + "' and not EXISTS (select 1 from user_authority_range_company y where y.AUTHORITYID=a.AUTHORITYID and y.USERID='" + op + "' and y.COMPANYID=u.COMPANYID) "); db.ExecuteNonQuery(cmdInsertVs, tran); } tran.Commit(); } catch (Exception) { tran.Rollback(); result.Success = false; result.Message = "保存出现错误,请重试或联系系统管理员"; return result; } } result.Success = true; result.Message = "保存成功" + result.Message; return result; } #endregion } }