MemberCenter/Member/MemberWeb/Controllers/CM_OrgManPermissionController.cs

using JCSoft.WX.Framework.Api;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Http;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Common.Wechat;
using Common;
using System.Data;
using Common.Model;
using ZcPeng.PublicLibrary;
using CoreEntity.Entity;
using CoreEntity.DAL;
using System.Collections.Concurrent;
using Newtonsoft.Json.Converters;
using Newtonsoft.Json;
using System.Data.SqlClient;
using Microsoft.Extensions.Primitives;
using Microsoft.Extensions.Caching.Memory;
using Jwt;
using PublicLibrary.Model;
using Newtonsoft.Json.Linq;
using SupplierWeb.Codes.mvc;
using SupplierWeb.Codes.Auth;
using Common.Config;

namespace SupplierWeb.Controllers
{
    [Route("web/CM_OrgManPermission")]
    public class CM_OrgManPermissionController : BaseController
    {
        public CM_OrgManPermissionController(IMemoryCache cache, IApiClient client) : base(cache, client)
        {

        }
        private ConcurrentDictionary<int, Role> roleMap = new ConcurrentDictionary<int, Role>();
        public class TempTableResult
        {
            public int id { get; set; }
            public string permissionName { get; set; }
            public string permissionUrl { get; set; }
            public int roleId { get; set; }
            public int checkedValue { get; set; }
            public string permissionRule { get; set; }
            public string permissionRuleType { get; set; }
            public int relateId { get; set; }
            public string AuthType { get; set; }
        }
        public class TreeNode
        {
            public string parentValue { get; set; }
            public string label { get; set; }
            public int value { get; set; }

        }
        public class TempQuery
        {
            public int[] data { get; set; }
            public int OrgId { get; set; }
        }
        public class SortContent
        {
            public Object content { get; set; }//权限内容
            public string code { get; set; }//权限id
            public int sort { get; set; }//权限序号
        }


        /// 供应商，采购，供应商业务员挂靠，资料管理员，财务，仓库 等角色权限列表
        /// 权限列表
        //[HttpGet, Route("index")]
        //public ActionResult index(string[] filters, Int32 pageIndex, Int32 pageSize,
        //    string sortField, Int32 sortDirection, string[] sumFields, string callback)
        //{
        //    var r = this.indexp(filters, pageIndex, pageSize,
        //     sortField, sortDirection, sumFields, null);
        //    return Content(callback + "(" + JsonConvert.SerializeObject(r.Value)
        //       + ")");
        //}
        /// 供应商，采购，供应商业务员挂靠，资料管理员，财务，仓库 等角色权限列表
        /// 权限列表
        [AuthPermission]
        [HttpPost, Route("index")]
        public JsonResult indexp(QueryFilter[] filters, Int32 pageIndex, Int32 pageSize,
            string sortField, Int32 sortDirection, string[] sumFields, [FromBody]dynamic data)
        {
            if (data != null)
            {
                //Newtonsoft.Json.Linq.JArray
                filters = data.filters.ToObject<QueryFilter[]>();
                pageIndex = data.pageIndex;
                pageSize = data.pageSize;
                sortField = data.sortField;
                sortDirection = data.sortDirection;
                sumFields = data.sumFields.ToObject<string[]>();
            }
            #region 获取权限列表
            DataTable dt = new DataTable();
            string result;
            IList<Permission> permss = new List<Permission>(0);

            List<SqlParameter> parameters = new List<SqlParameter>();
            string filterstr = QueryFilter.getFilterSqlParam(filters, out parameters, new Permission(), "A.");

            string direct = " desc ";
            if (sortDirection != 1)
                direct = " asc";

            int start = (pageIndex - 1) * pageSize;
            int end = (start + 1 + pageSize);

            string commandText0 = "select * from ";
            string commandText1 = "(" +
                "select A.*,row_number() over" +
                "(  order by " + sortField + " " + direct + " )  as rownum from " +
                Config.TablePrefix + "Permission as A  " +
                " where  1=1 " +
                    filterstr +
            ")AAA ";
            string commandText2 = " where AAA.rownum>" + start + " and AAA.rownum<" + end;
            string commandText3 = commandText0 + commandText1 + commandText2;//-tanyang
            bool success = DataAccess.GetValues(commandText3, ref dt, parameters.ToArray(), out result);

            #endregion
            if (dt != null && dt.Rows.Count > 0)
            {

                // 把DataTable转换为IList<Permission>  
                permss = ModelConvertHelper<Permission>.ConvertToModel(dt);

                #region 获取权限的角色列表，角色列表
                //角色列表
                IList<Role> roles = RoleDAL.GetRoles();
                // 把DataTable转换为IList<Role>  
                if (roleMap.Count < roles.Count)
                {
                    foreach (Role role in roles)
                    {
                        roleMap.TryAdd(role.Id, role);
                    }
                }

                foreach (Permission perms in permss)
                {
                    string direct1 = " desc ";
                    dt = DataAccess.GetDataTable(Config.TablePrefix + "RoleRelatePermission", "Id", "*", "PermissionId=" + perms.Id + " and IsDelete = 0 ", "", "Id" + direct1, 1, 100, out var msg);
                    // 把DataTable转换为IList<RoleRelatePermission>  
                    if (dt != null && dt.Rows.Count > 0)
                    {
                        IList<RoleRelatePermission> permRelates = ModelConvertHelper<RoleRelatePermission>.ConvertToModel(dt);
                        List<int> superior_list = new List<int>(0);
                        foreach (RoleRelatePermission permsr in permRelates)
                        {
                            superior_list.Add(permsr.RoleId);
                        }
                        //perms.RoleList = listRoles;
                        perms.Roleids = string.Join(",", superior_list.ToArray());
                    }
                }
                #endregion
            }
            string result1;
            long totalcount = DataAccess.GetRowCountDefine("select count(Id) from " + commandText1, parameters.ToArray(), out result1);
            IsoDateTimeConverter timejson = new IsoDateTimeConverter
            {
                DateTimeFormat = "yyyy'-'MM'-'dd' 'HH':'mm':'ss"
            };
            //IList<Menu> menus = Permission.Convert(permss);
            var jsonData = JsonConvert.SerializeObject(permss, timejson);

            return Json(new
            {
                items = JsonConvert.DeserializeObject(jsonData),
                sum = new { },
                totalCount = totalcount
            });
        }


        /// <summary>
        /// 新增
        /// </summary>
        /// <param name="PermissionName"></param>
        /// <param name="PermissionUrl"></param>
        /// <param name="AuthType"></param>
        /// <param name="ActionType"></param>
        /// <param name="Icon"></param>
        /// <param name="ParentId"></param>
        /// <param name="Roleids"></param>
        /// <param name="data"></param>
        /// <param name="IsDelete"></param>
        /// <returns></returns>
        [AuthPermission]
        [HttpPost, Route("add")]
        public JsonResult addp(
            string PermissionName, string PermissionUrl,
            string AuthType, Int32 ActionType,
            string Icon
            , string ParentId, string Roleids, [FromBody]dynamic data
            , Int32 IsDelete = 0
        )
        {
            if (data != null)
            {
                //Newtonsoft.Json.Linq.JArray
                PermissionName = data.PermissionName;
                PermissionUrl = data.PermissionUrl;
                AuthType = data.AuthType;
                if (ActionType != 0)
                {
                    ActionType = data.ActionType;
                }
                Icon = data.Icon;
                ParentId = data.ParentId;
                Roleids = data.Roleids;
                IsDelete = (data.IsDelete == null) ? 0 : data.IsDelete;
            }
            string[] RoleIdss = Roleids.Split(",");
            int[] RoleIdis = Array.ConvertAll(RoleIdss, s => Convert.ToInt32(s));

            #region 添加权限节点
            string commandText = "INSERT INTO " + Config.TablePrefix + "Permission (permissionname,permissionurl," +
                "AuthType,ActionType," +
                "Icon,ParentId," +
                "isdelete)"
                + " VALUES (@permissionname,@permissionurl,@AuthType,@ActionType,@Icon,@ParentId,@isdelete)";
            string result;
            //准备参数
            List<List<Object>> parameters = new List<List<Object>>();
            parameters.Add(new List<Object>() { "permissionname", PermissionName });
            parameters.Add(new List<Object>() { "permissionurl", PermissionUrl });
            parameters.Add(new List<Object>() { "AuthType", AuthType });
            parameters.Add(new List<Object>() { "ActionType", ActionType });
            parameters.Add(new List<Object>() { "Icon", Icon });
            parameters.Add(new List<Object>() { "ParentId", ParentId != null ? Convert.ToInt32(ParentId) : 0 });
            parameters.Add(new List<Object>() { "isdelete", IsDelete });

            List<SqlParameter> parameters1 = DataAccess.ToParameters(parameters);
            int success = DataAccess.ExecuteCommand(commandText, parameters1, out result);
            #endregion
            #region 添加角色
            int id = BaseDAL.GetId(Config.TablePrefix + "Permission");
            RoleDAL.SaveRolesRelatePermission(id, RoleIdis);
            #endregion

            return Json(new
            {
                success = success
            });
        }


        ////编辑权限
        //[HttpGet, Route("edit")]
        //public ActionResult edit(Int32 Id,
        //     string PermissionName, string PermissionUrl, string Icon
        //    , string ParentId, string Roleids
        //    , string callback, Int32 IsDelete
        //    )
        //{

        //    var r = this.editp(Id, PermissionName, PermissionUrl, Icon
        //    , ParentId, Roleids, null
        //    , IsDelete);

        //    return Content(callback + "(" + JsonConvert.SerializeObject(r.Value)
        //        + ")");
        //}

        [AuthPermission]
        [HttpPost, Route("edit")]
        public JsonResult editp(Int32 Id,
             string PermissionName, string PermissionUrl,
             string AuthType,
             string Icon,
             string ParentId, string Roleids,
             [FromBody]dynamic data
            , Int32 IsDelete
            )
        {
            if (data != null)
            {
                //Newtonsoft.Json.Linq.JArray
                Id = data.Id;
                PermissionName = data.PermissionName;
                PermissionUrl = data.PermissionUrl;
                AuthType = data.AuthType;
                Icon = data.Icon;
                ParentId = data.ParentId;
                Roleids = data.Roleids;
                IsDelete = data.IsDelete == null ? 0 : data.IsDelete;
            }
            string[] RoleIdss = Roleids.Split(",");
            int[] RoleIdis = Array.ConvertAll(RoleIdss, s => Convert.ToInt32(s));
            #region 编辑用户
            string commandText = "UPDATE " + Config.TablePrefix + "Permission " +
                " SET permissionname = @permissionname,";
            if (PermissionUrl != null)
                commandText += "permissionurl = @permissionurl,";
            commandText += " ParentId = @ParentId" +
                ",Icon = @Icon" +
               " ,isdelete = @isdelete" +
                ",AuthType = @AuthType" +
                " WHERE id= @Id";
            string result;
            //准备参数
            List<List<Object>> parameters = new List<List<Object>>();
            parameters.Add(new List<Object>() { "permissionname", PermissionName });
            parameters.Add(new List<Object>() { "permissionurl", PermissionUrl });
            parameters.Add(new List<Object>() { "AuthType", AuthType });
            parameters.Add(new List<Object>() { "ParentId", ParentId });
            parameters.Add(new List<Object>() { "Icon", Icon });

            parameters.Add(new List<Object>() { "isdelete", IsDelete });
            parameters.Add(new List<Object>() { "Id", Id });

            List<SqlParameter> parameters1 = DataAccess.ToParameters(parameters);
            int success = DataAccess.ExecuteCommand(commandText, parameters1, out result);
            #endregion

            #region 角色
            RoleDAL.SaveRolesRelatePermission(Id, RoleIdis);
            #endregion

            return Json(new
            {
                success = success
            });
        }


        /// <summary>
        /// 删除权限
        /// </summary>
        /// <param name="Id"></param>
        /// <param name="callback"></param>
        /// <returns></returns>
        [AuthPermission]
        [HttpGet, Route("delete/{0}")]
        public ActionResult Delete(Int32 Id, string callback)
        {
            string commandText = "DELETE FROM " + Config.TablePrefix + "Permission WHERE Id = @Id";

            //准备参数
            List<List<Object>> parameters = new List<List<Object>>();
            parameters.Add(new List<Object>() { "Id", Id });

            string result = "";
            List<SqlParameter> parameters1 = DataAccess.ToParameters(parameters);
            int success = DataAccess.ExecuteCommand(commandText, parameters1, out result);
            return Content(callback + "({"
                + success
                + "})");
        }


        /// <summary>
        /// 删除权限
        /// </summary>
        /// <param name="Id"></param>
        /// <returns></returns>
        [AuthPermission]
        [HttpPost, Route("delete")]
        public ActionResult Delete(Int32 Id)
        {
            string commandText = "DELETE FROM " + Config.TablePrefix + "Permission WHERE Id = @Id";

            //准备参数
            List<List<Object>> parameters = new List<List<Object>>();
            parameters.Add(new List<Object>() { "Id", Id });

            string result = "";
            List<SqlParameter> parameters1 = DataAccess.ToParameters(parameters);
            int success = DataAccess.ExecuteCommand(commandText, parameters1, out result);
            return Content("{success:"
                + success
                + "}");
        }


        /// <summary>
        /// 权限列表
        /// </summary>
        /// <param name="staffid"></param>
        /// <returns></returns>
        [HttpGet, Route("menus")]
        public ActionResult menus(string staffid)
        {
            HttpRequest request = HttpContext.Request;
            StringValues oo;
            request.Headers.TryGetValue("token", out oo);
            if (oo.Count > 0 && oo.ToArray()[0] != "")
            {
                staffid = oo.ToArray()[0];
            }

            //取token
            var token = (string)_cache.Get(staffid);
            var secret = TokenConfig.SecretKey;
            Dictionary<string, object> data;
            Object roleid;
            Int64 roleid1;
            string jsonData = "";
            if (token != null)
            {

                try
                {
                    data = JsonWebToken.DecodeToObject<Dictionary<string, object>>(token, secret);

                    data.TryGetValue("roleid", out roleid);
                    roleid1 = (Int64)roleid;

                    var options = RoleDAL.GetPermissions(roleid1);
                    var permissions = Permission.Convert(options);
                    jsonData = JsonConvert.SerializeObject(permissions);
                }
                catch (SignatureVerificationException)
                {
                    // Given token is either expired or hashed with an unsupported algorithm.
                }
            }

            return Content(jsonData
                );
        }

        /// <summary>
        /// 权限列表
        /// </summary>
        /// <param name="staffid"></param>
        /// <param name="callback"></param>
        /// <returns></returns>
        [HttpGet, Route("menus1")]
        public ActionResult menus1(string staffid, string callback)
        {
            var jsonData = "";
            return Content(callback + "(" + jsonData
                + ")");
        }

        /// <summary>
        /// 父权限列表
        /// </summary>
        /// <param name="callback"></param>
        /// <returns></returns>
        [HttpGet, Route("parents/{0}")]
        public ActionResult parents(string callback)
        {

            var permss = RoleDAL.GetTopPermissions();
            IList<Option> options = new List<Option>();
            foreach (Permission perms in permss)
            {
                var option = new Option() { label = perms.PermissionName, value = perms.Id.ToString(), disabled = perms.IsDelete };
                options.Add(option);
            }
            var jsonData = JsonConvert.SerializeObject(options);

            return Content(callback + "(" + jsonData
                + ")");
        }

        /// <summary>
        /// 父权限列表
        /// </summary>
        /// <returns></returns>
        [HttpGet, Route("parents")]
        public ActionResult parents()
        {

            var permss = RoleDAL.GetTopPermissions();
            IList<Option> options = new List<Option>();
            foreach (Permission perms in permss)
            {
                var option = new Option() { label = perms.PermissionName, value = perms.Id.ToString(), disabled = perms.IsDelete };
                options.Add(option);
            }
            var jsonData = JsonConvert.SerializeObject(options);

            return Content(jsonData
                );
        }
        

        /// <summary>
        /// 获取组织机构
        /// </summary>
        /// <returns></returns>
        [HttpGet]
        [Route("getOrg")]
        public JsonResult getOrg()
        {
            var sql = $"select OrgName as label,'1' as parentValue,(ROW_NUMBER() over(order by OrgId))+1 as value from CM_Org";

            DataTable dt = new DataTable();
            var param = new List<SqlParameter>();

            DataAccess.GetValues(sql, ref dt, param.ToArray(), out _);
            IList<TreeNode> result = new List<TreeNode>();
            if (dt != null && dt.Rows.Count > 0)
            {
                result = ModelConvertHelper<TreeNode>.ConvertToModel(dt);
            }
            result.Add(new TreeNode { parentValue = "0", label = "亮健好医药有限公司", value = 1 });
            return Json(new
            {
                //httpCode = 200,
                //message = "获取成功",
                result
            });
        }


        /// <summary>
        /// 根据角色查询功能列表
        /// </summary>
        /// <param name="data"></param>
        /// <returns></returns>
        [AuthPermission]
        [HttpPost]
        [Route("table")]
        public JsonResult Table([FromBody] dynamic data)
        {
            QueryFilter[] jArray = JsonConvert.DeserializeObject<QueryFilter[]>(data.filters.ToString());
            var a = "";
            List<QueryFilter> filterList = new List<QueryFilter>();
            var i = 0;
            foreach (QueryFilter filter in jArray)
            {
                if (filter.field == "OrgId")
                    a = filter.value.ToString();
                else
                {
                    filterList.Add(filter);
                    i++;
                }
            }
            var OrgId = int.Parse(a) - 1;

            var param = new List<SqlParameter>();
            var filterstr = QueryFilter.getFilterSqlParam(filterList.ToArray(), out param, new TempTableResult(), "A.");
            filterstr = filterstr.Replace("A.permissionRule", "B.PermissionRule");
            filterstr = filterstr.Replace("A.permissionRuleType", "B.PermissionRuleType");

            var sql = $"select case when B.orgmanmoduleId is null then 0 else A.id end as checkedValue,A.*," +
                $"B.OrgManModuleId as relateId from sup_Permission A left join CM_OrgManPermission B on " +
                $"B.MODULEID = A.Id and B.OrgId='"+ OrgId + "'  where A.IsDelete <> 1" +
                $"" + filterstr;
            DataTable dt = new DataTable();
            param.Add(new SqlParameter("OrgId", OrgId));
            DataAccess.GetValues(sql, ref dt, param.ToArray(), out var msg);
            IList<TempTableResult> result = new List<TempTableResult>();
            if (dt != null && dt.Rows.Count > 0)
            {
                result = ModelConvertHelper<TempTableResult>.ConvertToModel(dt);
            }
            var countSql =
              $"select count(1) from sup_Permission  where IsDelete <> 1";

            var count = DataAccess.GetRowCountDefine(countSql, param.ToArray(), out var msg1);
            return Json(new
            {
                items = result,
                sum = new { },
                totalCount = count,
                msg
            });
        }


        [AuthPermission]
        [HttpPost]
        [Route("setOrg")]
        public JsonResult setOrg([FromBody] TempQuery data)
        {
            var param = new List<SqlParameter>();
            param.Add(new SqlParameter("OrgId", data.OrgId));
            string uuid = System.Guid.NewGuid().ToString("N");
            var sql = "update CM_OrgManPermission set IsDelete =1 where OrgId=@OrgId;  ";
            var index = 0;
            foreach (var item in data.data)
            {
                index++;
                param.Add(new SqlParameter($"{index}", item));
                sql += $" if (exists(select * from CM_OrgManPermission where OrgId = @OrgId and ModuleId = '"+index+"' and IsDelete = 1)) " +
                    " begin " +
                      $" update CM_OrgManPermission set IsDelete = 0 where OrgId = @OrgId and ModuleId =  '" + index + "'} and IsDelete = 1 " +
                    " end " +
                    " else " +
                    " begin " +
                    $" insert into CM_OrgManPermission (OrgManModuleId,ModuleId, OrgId) values ('"+uuid+ "','" + index + "',@OrgId) end ";
            }
            DataAccess.ExecuteCommand(sql, param.ToArray(), out var x);

            return Json(new
            {
                success = true
            });
        }
        

        [HttpGet, Route("authtype")]
        public ActionResult AuthType()
        {

            IList<Option> options = new List<Option>();
            var option = new Option() { label = "界面", value = "U", disabled = false };
            options.Add(option);
            var option1 = new Option() { label = "操作", value = "O", disabled = false };
            options.Add(option1);
            var option2 = new Option() { label = "按钮", value = "A", disabled = false };
            options.Add(option2);
            var jsonData = JsonConvert.SerializeObject(options);

            return Content(jsonData
                );
        }


        [HttpGet, Route("permissions")]
        public ActionResult Permissions()
        {
            string roleid = getStaff("roleid");
            if (roleid == null || roleid == "")
            {
                return Json(new { success = false, msg = "没有登陆" });
            }
            Dictionary<string, Permission> permission = PermissionHelper.Permissions(Convert.ToInt32(roleid));

            return Json(permission);
        }
        

        [AuthPermission]
        [HttpPost]
        [Route("setSort")]
        public JsonResult setSort([FromBody]dynamic data)
        {
            SortContent[] dataItems = new SortContent[] { };
            if (data != null)
            {
                //Newtonsoft.Json.Linq.JArray
                dataItems = data.data.ToObject<SortContent[]>();
            }
            List<DataAccessCommand> list = new List<DataAccessCommand>();
            foreach (SortContent item in dataItems)
            {
                var param = new List<SqlParameter>();
                param.Add(new SqlParameter("Id", item.code));
                param.Add(new SqlParameter("Sort", item.sort));
                var sql = "update " + Config.TablePrefix + "Permission set  Sort=@Sort where Id=@Id;  ";

                list.Add(new DataAccessCommand(sql, param, CommandType.Text, false));

            }
            var success = DataAccess.ExecuteBatchCommands(list, out var x);
            return Json(new
            {
                success,
                msg = x
            });
        }


        [AuthPermission]
        [HttpPost]
        [Route("editroleperm")]
        public JsonResult editRolePerm([FromBody] TempTableResult entity)
        {
            var sql = "update " + Config.TablePrefix + "RoleRelatePermission set " +
                " PermissionRule = a1,PermissionRuleType = a2 " +
                " from (select @PermissionRule as a1 ,@PermissionRuleType as a2 )A " +
                " where Id = @relateId";
            var param = new List<SqlParameter>();
            param.Add(new SqlParameter("@PermissionRule", entity.permissionRule));
            param.Add(new SqlParameter("@PermissionRuleType", entity.permissionRuleType));
            var ss = new SqlParameter("@relateId", SqlDbType.Int);
            ss.Value = entity.relateId;
            param.Add(ss);

            List<DataAccessCommand> list = new List<DataAccessCommand>(0);
            list.Add(new DataAccessCommand(sql, param, CommandType.Text, false));
            var success = DataAccess.ExecuteBatchCommands(list, out var msg);
            return Json(new
            {
                success,
                msg
            });
        }


        [AuthPermission]
        [HttpGet]
        [Route("getruletype")]
        public ActionResult getRuleType()
        {

            IList<Option> options = new List<Option>();
            var option = new Option() { label = "SQL", value = "S", disabled = false };
            options.Add(option);
            var option1 = new Option() { label = "JSON", value = "J", disabled = false };
            options.Add(option1);
            var jsonData = JsonConvert.SerializeObject(options);

            return Content(jsonData
                );
        }
    }

}