using DSWeb.Areas.CommMng.Models; using DSWeb.EntityDA; using Microsoft.Practices.EnterpriseLibrary.Data; using System; using System.Collections.Generic; using System.Data; using System.Linq; using System.Text; using System.Web; namespace DSWeb.MvcShipping.DAL.MsOpSeaeRunBill { public class MsOpSeaeRunBillDAL { public static string GetDataListSql(string strCondition, string userid, string usercode, string companyid, string sort = null, int start = 1, int limit = 50) { var rangstr = GetRangDAStr(userid, usercode, companyid); if (!string.IsNullOrEmpty(rangstr)) { if (!string.IsNullOrEmpty(strCondition)) { strCondition = strCondition + " and " + rangstr; } else { strCondition = rangstr; } } var sortstring = DatasetSort.Getsortstring(sort); if (string.IsNullOrEmpty(sortstring)) { sortstring = "createtime desc"; } var strSql = new StringBuilder(); strSql.AppendLine("select * from "); strSql.AppendLine("("); strSql.AppendLine($"select row_number() over(order by {sortstring}) as rownum,* from op_seae_run_bill where {strCondition} "); strSql.AppendLine($") t where rownum>={start} and rownum<={limit} "); return strSql.ToString(); } public static string GetDataCountSql(string strCondition, string userid, string usercode, string companyid) { var rangstr = GetRangDAStr(userid, usercode, companyid); if (!string.IsNullOrEmpty(rangstr)) { if (!string.IsNullOrEmpty(strCondition)) { strCondition = strCondition + " and " + rangstr; } else { strCondition = rangstr; } } var strSql = new StringBuilder(); strSql.AppendLine($"select count(1) from op_seae_run_bill where {strCondition}"); return strSql.ToString(); } #region 权限范围 public static string GetRangDAStr(string userid, string username, string companyid) { string str = ""; var strSql = new StringBuilder(); strSql.Append("SELECT "); strSql.Append(" VISIBLERANGE,OPERATERANGE,AUTHORITYID "); strSql.Append(" from VW_User_Authority "); strSql.Append(" where [NAME]='modSeaeRunBillList' and USERID='" + userid + "' and ISDELETE=0"); string visiblerange = "4"; string operaterange = "4"; string AUTHORITYID = ""; Database db = DatabaseFactory.CreateDatabase(); using (IDataReader reader = db.ExecuteReader(CommandType.Text, strSql.ToString())) { while (reader.Read()) { visiblerange = Convert.ToString(reader["VISIBLERANGE"]); operaterange = Convert.ToString(reader["OPERATERANGE"]); AUTHORITYID = Convert.ToString(reader["AUTHORITYID"]); break; } reader.Close(); } if (visiblerange == "4") { str = "1=2"; } else if (visiblerange == "3") { str = " (CREATEUSER='" + userid + "' OR USERID='" + userid + "')"; } else if (visiblerange == "2") { var rangeDa = new RangeDA(); var deptid = rangeDa.GetDEPTGID(userid); str = " (CREATEUSER in (select userid from vw_user where deptgid='" + deptid + "') OR USERID in (select userid from vw_user where deptgid='" + deptid + "'))"; } else if (visiblerange == "1") { str = " (CREATEUSER in (select gid from [user] where GID in (select USERID from user_company where COMPANYID='" + companyid + "'))" + " OR USERID in (select gid from [user] where GID in (select USERID from user_company where COMPANYID='" + companyid + "')))"; } else if (visiblerange == "5") { var userstr = new StringBuilder(); userstr.Append(" select COMPANYID from user_authority_range_company where userid='" + userid + "' and AUTHORITYID='" + AUTHORITYID + "' and VISIBLERANGE=1"); Database userdb = DatabaseFactory.CreateDatabase(); using (IDataReader reader = userdb.ExecuteReader(CommandType.Text, userstr.ToString())) { str = ""; while (reader.Read()) { if (str == "") { str = " (CREATEUSER in (select USERID from user_company where COMPANYID='" + companyid + "') or USERID in (select USERID from user_company where COMPANYID='" + companyid + "')"; } else { str = str + " or CREATEUSER in (select USERID from user_company where COMPANYID='" + companyid + "') or USERID in (select USERID from user_company where COMPANYID='" + companyid + "')"; }; } if (str != "") str = str + ")"; reader.Close(); } } else if (visiblerange == "6") { var userstr = new StringBuilder(); userstr.Append(" select OPID from user_authority_range_op where userid='" + userid + "' and AUTHORITYID='" + AUTHORITYID + "' and VISIBLERANGE=1"); Database userdb = DatabaseFactory.CreateDatabase(); using (IDataReader reader = userdb.ExecuteReader(CommandType.Text, userstr.ToString())) { str = ""; while (reader.Read()) { if (str == "") { str = " (CREATEUSER='" + Convert.ToString(reader["OPID"]) + "' or USERID='" + Convert.ToString(reader["OPID"]) + "' "; } else { str = str + " or CREATEUSER='" + Convert.ToString(reader["OPID"]) + "' or USERID='" + Convert.ToString(reader["OPID"]) + "' "; }; } if (str != "") str = str + ")"; reader.Close(); } } else if (visiblerange == "0") { str = " 1=1 "; } return str; } #endregion } }