diff --git a/DepartmentPortal/Common/DatabaseCore/SecurityManager.cs b/DepartmentPortal/Common/DatabaseCore/SecurityManager.cs
index 083a088..22f9d7a 100644
--- a/DepartmentPortal/Common/DatabaseCore/SecurityManager.cs
+++ b/DepartmentPortal/Common/DatabaseCore/SecurityManager.cs
@@ -31,11 +31,6 @@ namespace DatabaseCore
Access access = null;
if (model != null)
{
- // простой просмотр возможен
- if (model.Model.SkipCheck && model.Type == AccessType.SimpleView)
- {
- return true;
- }
// если не указан идентификатор пользователя, то смотрим, может он авторизован
if (!model.Model.UserId.HasValue && User.HasValue)
{
@@ -60,7 +55,7 @@ namespace DatabaseCore
}
switch (model.Type)
{
- case AccessType.FullView:
+ case AccessType.View:
ErrorMessage = $"Нет доступа на чтение данных по сущности '{model.Entity}'";
return false;
case AccessType.Change:
diff --git a/DepartmentPortal/Common/ModuleTools/BindingModels/AccessBindingModel.cs b/DepartmentPortal/Common/ModuleTools/BindingModels/AccessBindingModel.cs
index 3114ec3..08b62b5 100644
--- a/DepartmentPortal/Common/ModuleTools/BindingModels/AccessBindingModel.cs
+++ b/DepartmentPortal/Common/ModuleTools/BindingModels/AccessBindingModel.cs
@@ -7,11 +7,6 @@ namespace ModuleTools.BindingModels
///
public class AccessBindingModel
{
- ///
- /// Пропускать проверку (работает только для получения данных)
- ///
- public bool SkipCheck { get; set; }
-
///
/// Идентификатор пользователя, который запрашивает выполнение операции
///
diff --git a/DepartmentPortal/Common/ModuleTools/BusinessLogics/BusinessLogicCore.cs b/DepartmentPortal/Common/ModuleTools/BusinessLogics/BusinessLogicCore.cs
index 8e09628..5efde9d 100644
--- a/DepartmentPortal/Common/ModuleTools/BusinessLogics/BusinessLogicCore.cs
+++ b/DepartmentPortal/Common/ModuleTools/BusinessLogics/BusinessLogicCore.cs
@@ -26,14 +26,31 @@ namespace ModuleTools.BusinessLogics
///
public List<(string Title, string Message)> Errors { get; protected set; }
+ ///
+ /// Сервис с хранилищем данных
+ ///
protected IEntityService Service { get; set; }
+ ///
+ /// Менеджер безопасности
+ ///
protected ISecurityManager Security { get; set; }
+ ///
+ /// Тип операции, скоторым работает логика
+ ///
protected readonly AccessOperation _serviceOperation;
+ ///
+ /// Название сущности
+ ///
protected readonly string _entity;
+ ///
+ /// Возможен ли просмотр без авторизации
+ ///
+ protected bool _allowSimpleView = true;
+
public BusinessLogicCore(IEntityService service, string entity, AccessOperation serviceOperation)
{
Service = service;
@@ -70,9 +87,10 @@ namespace ModuleTools.BusinessLogics
Errors.Clear();
try
{
- if (NoAccess(model, AccessType.SimpleView) && NoAccess(model, AccessType.FullView))
+ var fullView = NoAccess(model, AccessType.View);
+ if (fullView && !_allowSimpleView)
{
- return null;
+ throw new MethodAccessException("Нет прав на получение списка");
}
var result = Service.Read(model);
if (!result.IsSucceeded)
@@ -100,9 +118,10 @@ namespace ModuleTools.BusinessLogics
Errors.Clear();
try
{
- if (NoAccess(model, AccessType.SimpleView) && NoAccess(model, AccessType.FullView))
+ var fullView = NoAccess(model, AccessType.View);
+ if (fullView && !_allowSimpleView)
{
- return null;
+ throw new MethodAccessException("Нет прав на получение списка");
}
var result = Service.Read(model);
if (!result.IsSucceeded)
diff --git a/DepartmentPortal/Common/ModuleTools/Enums/AccessType.cs b/DepartmentPortal/Common/ModuleTools/Enums/AccessType.cs
index acff2c2..035fa90 100644
--- a/DepartmentPortal/Common/ModuleTools/Enums/AccessType.cs
+++ b/DepartmentPortal/Common/ModuleTools/Enums/AccessType.cs
@@ -5,24 +5,19 @@
///
public enum AccessType : int
{
- ///
- /// Простой просомтр
- ///
- SimpleView = 1,
-
///
/// Полный просомтр
///
- FullView = 2,
+ View = 1,
///
/// Добавление/Изменение
///
- Change = 4,
+ Change = 2,
///
/// Удаление
///
- Delete = 8
+ Delete = 4
}
}
\ No newline at end of file
diff --git a/DepartmentPortal/Documetations/Кафедральный портал.docx b/DepartmentPortal/Documetations/Кафедральный портал.docx
new file mode 100644
index 0000000..d6d5223
Binary files /dev/null and b/DepartmentPortal/Documetations/Кафедральный портал.docx differ
diff --git a/DepartmentPortal/Security/SecurityBusinessLogic/ViewModels/AccessViewModels.cs b/DepartmentPortal/Security/SecurityBusinessLogic/ViewModels/AccessViewModels.cs
index 569a59e..6d5ce41 100644
--- a/DepartmentPortal/Security/SecurityBusinessLogic/ViewModels/AccessViewModels.cs
+++ b/DepartmentPortal/Security/SecurityBusinessLogic/ViewModels/AccessViewModels.cs
@@ -32,25 +32,13 @@ namespace SecurityBusinessLogic.ViewModels
public AccessType AccessType { get; set; }
[ViewModelOnListProperty("Тип", 150)]
- public string AccessTypeTitle
+ public string AccessTypeTitle => AccessType switch
{
- get
- {
- switch (AccessType)
- {
- case AccessType.Delete:
- return "Полные права";
- case AccessType.Change:
- return "Просмотр, Редактирование";
- case AccessType.FullView:
- return "Просмотр";
- case AccessType.SimpleView:
- return "Частичный просмотр";
- default:
- return "Неопределено";
- }
- }
- }
+ AccessType.Delete => "Полные права",
+ AccessType.Change => "Просмотр, Редактирование",
+ AccessType.View => "Просмотр",
+ _ => "Неопределено",
+ };
public override string ToString() => $"{RoleName}-{AccessOperationTitle}({AccessTypeTitle})";
}
diff --git a/DepartmentPortal/Security/SecurityWindowsDesktop/SecurityWindowDesktopExtension.cs b/DepartmentPortal/Security/SecurityWindowsDesktop/SecurityWindowDesktopExtension.cs
index fca70e1..68d488a 100644
--- a/DepartmentPortal/Security/SecurityWindowsDesktop/SecurityWindowDesktopExtension.cs
+++ b/DepartmentPortal/Security/SecurityWindowsDesktop/SecurityWindowDesktopExtension.cs
@@ -22,7 +22,7 @@ namespace SecurityWindowsDesktop
}
if (!manager.CheckAccess(new SecurityManagerCheckAccessModel(new AccessBindingModel { UserId = manager.User },
- AccessOperation.Администрирование, AccessType.SimpleView, "Администрирование")))
+ AccessOperation.Администрирование, AccessType.View, "Администрирование")))
{
return null;
}
@@ -42,7 +42,7 @@ namespace SecurityWindowsDesktop
foreach (var cntrl in _controls)
{
if (manager.CheckAccess(new SecurityManagerCheckAccessModel(new AccessBindingModel { UserId = manager.User },
- cntrl.AccessOperation, AccessType.SimpleView, cntrl.Title)))
+ cntrl.AccessOperation, AccessType.View, cntrl.Title)))
{
list.Add(new WindowDesktopExtensionControlModel
{