MES-WEB-API.git

parent: b525eb94 | 补丁 | 提交 | ignore whitespace

Security_Log_second方法无法判断角色权限问题解决； Security_Log方法判断角色权限时对于id最大的一个权限的判断无法判断问...

duhe

2023-12-25 2bf053827c10f3b9d74f9fae8c956a0f2266997f

Security_Log_second方法无法判断角色权限问题解决；
Security_Log方法判断角色权限时对于id最大的一个权限的判断无法判断问题解决。
信用额度申请单、特批申请单、销售订单变更单、应收退款单、收款单：增加查询权限判断。
工艺路线查询：增加查询权限判断。
生产班组、生产资源：增加查询权限判断

9个文件已修改

	Pub_Class/CustomerCls/ClsPub.cs	8 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	WebAPI/Controllers/BaseSet/Gy_GroupController.cs	16 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	WebAPI/Controllers/BaseSet/Gy_SourceController.cs	34 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	WebAPI/Controllers/JHGL/Gy_RoutingBillController.cs	18 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	WebAPI/Controllers/XSGL/Xs_CusRatingChangeBillController.cs	16 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	WebAPI/Controllers/XSGL/Xs_ExceptiveCheckRequestBillController.cs	16 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	WebAPI/Controllers/XSGL/Xs_SeOrderChangeBillController.cs	16 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	WebAPI/Controllers/XSGL/YS_ReceiveBackBillController.cs	16 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	WebAPI/Controllers/XSGL/YS_ReceiveBillController.cs	16 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史

 Pub_Class/CustomerCls/ClsPub.cs

@@ -966,7 +966,7 @@
                                //HavRight = false;
                                for (int i = 0; i < DsJS.Tables[0].Rows.Count; i++)
                                {
                                    if (ClsPub.isStrNull(DsJS.Tables[0].Rows[i]["AuthorityID"]).Length > ModID)
                                    if (ClsPub.isStrNull(DsJS.Tables[0].Rows[i]["AuthorityID"]).Length >= ModID)
                                    {
                                        if (DsJS.Tables[0].Rows[i]["AuthorityID"].ToString().Trim().Substring((int)ModID - 1, 1) == "1")
                                        {
@@ -1055,7 +1055,7 @@
                    }
                    else
                    {
                        if (DsUser.Tables[0].Rows[0]["AuthorityID"].ToString().Trim().Substring((int)ModID - 1, 1) == "1")
                        if (ClsPub.isStrNull(DsUser.Tables[0].Rows[0]["AuthorityID"]).Length >= ModID && DsUser.Tables[0].Rows[0]["AuthorityID"].ToString().Trim().Substring((int)ModID - 1, 1) == "1")
                        {
                            HavRight = true;
                        }
@@ -1064,7 +1064,7 @@
                            //获取用户组  并循环判断权限
                            //判断角色是否有权限
                            DsJS = oCn.RunProcReturn("select isnull(AuthorityID,'') AuthorityID from System_UserGroupinfo a inner join System_UserGroup b on a.GroupID=b.GroupID " +
                                " Where a.USERID='" + UserID.Trim() + "'", "gy_czygl");
                                " Where a.USERID='" + DsUser.Tables[0].Rows[0]["Czybm"].ToString().Trim() + "'", "gy_czygl");
                            if (DsJS == null)
                            {
                                HavRight = false;
@@ -1074,7 +1074,7 @@
                                HavRight = false;
                                for (int i = 0; i < DsJS.Tables[0].Rows.Count; i++)
                                {
                                    if (ClsPub.isStrNull(DsJS.Tables[0].Rows[i]["AuthorityID"]).Length > ModID)
                                    if (ClsPub.isStrNull(DsJS.Tables[0].Rows[i]["AuthorityID"]).Length >= ModID)
                                    {
                                        if (DsJS.Tables[0].Rows[i]["AuthorityID"].ToString().Trim().Substring((int)ModID - 1, 1) == "1")
                                        {

 WebAPI/Controllers/BaseSet/Gy_GroupController.cs

@@ -33,14 +33,14 @@
            {
                List<object> columnNameList = new List<object>();
                ////查看权限
                //if (!DBUtility.ClsPub.Security_Log("Gy_Group_Query", 1, false, user))
                //{
                //    objJsonResult.code = "0";
                //    objJsonResult.count = 0;
                //    objJsonResult.Message = "无查看权限！";
                //    objJsonResult.data = null;
                //    return objJsonResult;
                //}
                if (!DBUtility.ClsPub.Security_Log("Gy_Group_Query", 1, false, user))
                {
                    objJsonResult.code = "0";
                    objJsonResult.count = 0;
                    objJsonResult.Message = "无查看权限！";
                    objJsonResult.data = null;
                    return objJsonResult;
                }
                if (sWhere == null || sWhere.Equals(""))
                {
                    ds = oCN.RunProcReturn("select * from h_v_GroupList " + sWhere+ " order by 班组代码 ", "h_v_GroupList");

 WebAPI/Controllers/BaseSet/Gy_SourceController.cs

@@ -38,14 +38,14 @@
            {
                List<object> columnNameList = new List<object>();
                //判断是否有查询权限
                //if (!DBUtility.ClsPub.Security_Log("Gy_Source_Query", 1, false, user))
                //{
                //    objJsonResult.code = "0";
                //    objJsonResult.count = 0;
                //    objJsonResult.Message = "无权限查询!";
                //    objJsonResult.data = null;
                //    return objJsonResult;
                //}
                if (!DBUtility.ClsPub.Security_Log("Gy_Source_Query", 1, false, user))
                {
                    objJsonResult.code = "0";
                    objJsonResult.count = 0;
                    objJsonResult.Message = "无权限查询!";
                    objJsonResult.data = null;
                    return objJsonResult;
                }

                if (sWhere == null || sWhere.Equals(""))
                {
@@ -110,15 +110,15 @@
            string msg1 = sArray[0].ToString();
            string msg2 = sArray[1].ToString();

            ////查看权限
            //if (!DBUtility.ClsPub.Security_Log("Gy_Source_Edit", 1, false, msg2))
            //{
            //    objJsonResult.code = "0";
            //    objJsonResult.count = 0;
            //    objJsonResult.Message = "无保存权限！";
            //    objJsonResult.data = null;
            //    return objJsonResult;
            //}
            //查看权限
            if (!DBUtility.ClsPub.Security_Log("Gy_Source_Edit", 1, false, msg2))
            {
                objJsonResult.code = "0";
                objJsonResult.count = 0;
                objJsonResult.Message = "无保存权限！";
                objJsonResult.data = null;
                return objJsonResult;
            }

            Int64 HItemID = 0;
            SQLHelper.ClsCN oCN = new SQLHelper.ClsCN();

 WebAPI/Controllers/JHGL/Gy_RoutingBillController.cs

@@ -1243,14 +1243,14 @@
            try
            {
                //判断是否有查询权限
                //if (!DBUtility.ClsPub.Security_Log("Gy_RoutingBill_Query", 1, false, user))
                //{
                //    objJsonResult.code = "0";
                //    objJsonResult.count = 0;
                //    objJsonResult.Message = "无权限查询!";
                //    objJsonResult.data = null;
                //    return objJsonResult;
                //}
                if (!DBUtility.ClsPub.Security_Log("Gy_RoutingBill_Query", 1, false, user))
                {
                    objJsonResult.code = "0";
                    objJsonResult.count = 0;
                    objJsonResult.Message = "无权限查询!";
                    objJsonResult.data = null;
                    return objJsonResult;
                }

                SQLHelper.ClsCN oCN = new SQLHelper.ClsCN();
                string sql1 = "select  top 1000 * from h_v_Gy_RoutingBillQuery where 1 = 1 ";
@@ -1283,7 +1283,7 @@
            DataSet ds;
            try
            {
                

                SQLHelper.ClsCN oCN = new SQLHelper.ClsCN();
                string sql1 = "select  top 1000 * from h_v_Gy_RoutingBillQuerySub where 1 = 1 and hmainid=" + sWhere;
                string sql = sql1  + " order by hmainid desc,cast(工序号 as int)";

 WebAPI/Controllers/XSGL/Xs_CusRatingChangeBillController.cs

@@ -37,14 +37,14 @@
            {
                List<object> columnNameList = new List<object>();
                //查看权限
                //if (!DBUtility.ClsPub.Security_Log("Gy_ProjectStage_Query", 1, false, user))
                //{
                //    objJsonResult.code = "0";
                //    objJsonResult.count = 0;
                //    objJsonResult.Message = "无查看权限！";
                //    objJsonResult.data = null;
                //    return objJsonResult;
                //}
                if (!DBUtility.ClsPub.Security_Log("Xs_CusRatingChangeBill_Query", 1, false, user))
                {
                    objJsonResult.code = "0";
                    objJsonResult.count = 0;
                    objJsonResult.Message = "无查看权限！";
                    objJsonResult.data = null;
                    return objJsonResult;
                }

                if (sWhere == null || sWhere.Equals(""))
                {

 WebAPI/Controllers/XSGL/Xs_ExceptiveCheckRequestBillController.cs

@@ -37,14 +37,14 @@
            {
                List<object> columnNameList = new List<object>();
                //查看权限
                //if (!DBUtility.ClsPub.Security_Log("Gy_ProjectStage_Query", 1, false, user))
                //{
                //    objJsonResult.code = "0";
                //    objJsonResult.count = 0;
                //    objJsonResult.Message = "无查看权限！";
                //    objJsonResult.data = null;
                //    return objJsonResult;
                //}
                if (!DBUtility.ClsPub.Security_Log("Xs_ExceptiveCheckRequestBill_Query", 1, false, user))
                {
                    objJsonResult.code = "0";
                    objJsonResult.count = 0;
                    objJsonResult.Message = "无查看权限！";
                    objJsonResult.data = null;
                    return objJsonResult;
                }

                if (sWhere == null || sWhere.Equals(""))
                {

 WebAPI/Controllers/XSGL/Xs_SeOrderChangeBillController.cs

@@ -37,14 +37,14 @@
            {
                List<object> columnNameList = new List<object>();
                //查看权限
                //if (!DBUtility.ClsPub.Security_Log("Gy_ProjectStage_Query", 1, false, user))
                //{
                //    objJsonResult.code = "0";
                //    objJsonResult.count = 0;
                //    objJsonResult.Message = "无查看权限！";
                //    objJsonResult.data = null;
                //    return objJsonResult;
                //}
                if (!DBUtility.ClsPub.Security_Log("Xs_SeOrderChangeBill_Query", 1, false, user))
                {
                    objJsonResult.code = "0";
                    objJsonResult.count = 0;
                    objJsonResult.Message = "无查看权限！";
                    objJsonResult.data = null;
                    return objJsonResult;
                }

                if (sWhere == null || sWhere.Equals(""))
                {

 WebAPI/Controllers/XSGL/YS_ReceiveBackBillController.cs

@@ -38,14 +38,14 @@
            {
                List<object> columnNameList = new List<object>();
                //查看权限
                //if (!DBUtility.ClsPub.Security_Log("Gy_ProjectStage_Query", 1, false, user))
                //{
                //    objJsonResult.code = "0";
                //    objJsonResult.count = 0;
                //    objJsonResult.Message = "无查看权限！";
                //    objJsonResult.data = null;
                //    return objJsonResult;
                //}
                if (!DBUtility.ClsPub.Security_Log("YS_ReceiveBackBillQuery", 1, false, user))
                {
                    objJsonResult.code = "0";
                    objJsonResult.count = 0;
                    objJsonResult.Message = "无查看权限！";
                    objJsonResult.data = null;
                    return objJsonResult;
                }

                if (sWhere == null || sWhere.Equals(""))
                {

 WebAPI/Controllers/XSGL/YS_ReceiveBillController.cs

@@ -38,14 +38,14 @@
            {
                List<object> columnNameList = new List<object>();
                //查看权限
                //if (!DBUtility.ClsPub.Security_Log("Gy_ProjectStage_Query", 1, false, user))
                //{
                //    objJsonResult.code = "0";
                //    objJsonResult.count = 0;
                //    objJsonResult.Message = "无查看权限！";
                //    objJsonResult.data = null;
                //    return objJsonResult;
                //}
                if (!DBUtility.ClsPub.Security_Log("YS_ReceiveBillQuery", 1, false, user))
                {
                    objJsonResult.code = "0";
                    objJsonResult.count = 0;
                    objJsonResult.Message = "无查看权限！";
                    objJsonResult.data = null;
                    return objJsonResult;
                }

                if (sWhere == null || sWhere.Equals(""))
                {

			@@ -966,7 +966,7 @@
			//HavRight = false;
			for (int i = 0; i < DsJS.Tables[0].Rows.Count; i++)
			{
			if (ClsPub.isStrNull(DsJS.Tables[0].Rows[i]["AuthorityID"]).Length > ModID)
			if (ClsPub.isStrNull(DsJS.Tables[0].Rows[i]["AuthorityID"]).Length >= ModID)
			{
			if (DsJS.Tables[0].Rows[i]["AuthorityID"].ToString().Trim().Substring((int)ModID - 1, 1) == "1")
			{
			@@ -1055,7 +1055,7 @@
			}
			else
			{
			if (DsUser.Tables[0].Rows[0]["AuthorityID"].ToString().Trim().Substring((int)ModID - 1, 1) == "1")
			if (ClsPub.isStrNull(DsUser.Tables[0].Rows[0]["AuthorityID"]).Length >= ModID && DsUser.Tables[0].Rows[0]["AuthorityID"].ToString().Trim().Substring((int)ModID - 1, 1) == "1")
			{
			HavRight = true;
			}
			@@ -1064,7 +1064,7 @@
			//获取用户组并循环判断权限
			//判断角色是否有权限
			DsJS = oCn.RunProcReturn("select isnull(AuthorityID,'') AuthorityID from System_UserGroupinfo a inner join System_UserGroup b on a.GroupID=b.GroupID " +
			" Where a.USERID='" + UserID.Trim() + "'", "gy_czygl");
			" Where a.USERID='" + DsUser.Tables[0].Rows[0]["Czybm"].ToString().Trim() + "'", "gy_czygl");
			if (DsJS == null)
			{
			HavRight = false;
			@@ -1074,7 +1074,7 @@
			HavRight = false;
			for (int i = 0; i < DsJS.Tables[0].Rows.Count; i++)
			{
			if (ClsPub.isStrNull(DsJS.Tables[0].Rows[i]["AuthorityID"]).Length > ModID)
			if (ClsPub.isStrNull(DsJS.Tables[0].Rows[i]["AuthorityID"]).Length >= ModID)
			{
			if (DsJS.Tables[0].Rows[i]["AuthorityID"].ToString().Trim().Substring((int)ModID - 1, 1) == "1")
			{

			@@ -33,14 +33,14 @@
			{
			List<object> columnNameList = new List<object>();
			////查看权限
			//if (!DBUtility.ClsPub.Security_Log("Gy_Group_Query", 1, false, user))
			//{
			// objJsonResult.code = "0";
			// objJsonResult.count = 0;
			// objJsonResult.Message = "无查看权限！";
			// objJsonResult.data = null;
			// return objJsonResult;
			//}
			if (!DBUtility.ClsPub.Security_Log("Gy_Group_Query", 1, false, user))
			{
			objJsonResult.code = "0";
			objJsonResult.count = 0;
			objJsonResult.Message = "无查看权限！";
			objJsonResult.data = null;
			return objJsonResult;
			}
			if (sWhere == null \|\| sWhere.Equals(""))
			{
			ds = oCN.RunProcReturn("select * from h_v_GroupList " + sWhere+ " order by 班组代码 ", "h_v_GroupList");

			@@ -38,14 +38,14 @@
			{
			List<object> columnNameList = new List<object>();
			//判断是否有查询权限
			//if (!DBUtility.ClsPub.Security_Log("Gy_Source_Query", 1, false, user))
			//{
			// objJsonResult.code = "0";
			// objJsonResult.count = 0;
			// objJsonResult.Message = "无权限查询!";
			// objJsonResult.data = null;
			// return objJsonResult;
			//}
			if (!DBUtility.ClsPub.Security_Log("Gy_Source_Query", 1, false, user))
			{
			objJsonResult.code = "0";
			objJsonResult.count = 0;
			objJsonResult.Message = "无权限查询!";
			objJsonResult.data = null;
			return objJsonResult;
			}

			if (sWhere == null \|\| sWhere.Equals(""))
			{
			@@ -110,15 +110,15 @@
			string msg1 = sArray[0].ToString();
			string msg2 = sArray[1].ToString();

			////查看权限
			//if (!DBUtility.ClsPub.Security_Log("Gy_Source_Edit", 1, false, msg2))
			//{
			// objJsonResult.code = "0";
			// objJsonResult.count = 0;
			// objJsonResult.Message = "无保存权限！";
			// objJsonResult.data = null;
			// return objJsonResult;
			//}
			//查看权限
			if (!DBUtility.ClsPub.Security_Log("Gy_Source_Edit", 1, false, msg2))
			{
			objJsonResult.code = "0";
			objJsonResult.count = 0;
			objJsonResult.Message = "无保存权限！";
			objJsonResult.data = null;
			return objJsonResult;
			}

			Int64 HItemID = 0;
			SQLHelper.ClsCN oCN = new SQLHelper.ClsCN();

			@@ -1243,14 +1243,14 @@
			try
			{
			//判断是否有查询权限
			//if (!DBUtility.ClsPub.Security_Log("Gy_RoutingBill_Query", 1, false, user))
			//{
			// objJsonResult.code = "0";
			// objJsonResult.count = 0;
			// objJsonResult.Message = "无权限查询!";
			// objJsonResult.data = null;
			// return objJsonResult;
			//}
			if (!DBUtility.ClsPub.Security_Log("Gy_RoutingBill_Query", 1, false, user))
			{
			objJsonResult.code = "0";
			objJsonResult.count = 0;
			objJsonResult.Message = "无权限查询!";
			objJsonResult.data = null;
			return objJsonResult;
			}

			SQLHelper.ClsCN oCN = new SQLHelper.ClsCN();
			string sql1 = "select top 1000 * from h_v_Gy_RoutingBillQuery where 1 = 1 ";
			@@ -1283,7 +1283,7 @@
			DataSet ds;
			try
			{


			SQLHelper.ClsCN oCN = new SQLHelper.ClsCN();
			string sql1 = "select top 1000 * from h_v_Gy_RoutingBillQuerySub where 1 = 1 and hmainid=" + sWhere;
			string sql = sql1 + " order by hmainid desc,cast(工序号 as int)";

			@@ -37,14 +37,14 @@
			{
			List<object> columnNameList = new List<object>();
			//查看权限
			//if (!DBUtility.ClsPub.Security_Log("Gy_ProjectStage_Query", 1, false, user))
			//{
			// objJsonResult.code = "0";
			// objJsonResult.count = 0;
			// objJsonResult.Message = "无查看权限！";
			// objJsonResult.data = null;
			// return objJsonResult;
			//}
			if (!DBUtility.ClsPub.Security_Log("Xs_CusRatingChangeBill_Query", 1, false, user))
			{
			objJsonResult.code = "0";
			objJsonResult.count = 0;
			objJsonResult.Message = "无查看权限！";
			objJsonResult.data = null;
			return objJsonResult;
			}

			if (sWhere == null \|\| sWhere.Equals(""))
			{