Dynamics CRM 365 实现某个人没有权限查看记录,但是通过插件共享的方式,成功让他能看
步骤1,在pre共享给当前人
using System; using Microsoft.Crm.Sdk.Messages; using Microsoft.Xrm.Sdk; using Microsoft.Xrm.Sdk.Client; using Microsoft.Xrm.Sdk.Query; using Newtonsoft.Json; namespace SCWCRMSolution.Plugin.authorize { /// <summary> /// 授权产品查询后:增加医院对应授权的查看权限:通过共享实现 /// </summary> public class scw_authorize_retrieve_pre : IPlugin { public void Execute(IServiceProvider serviceProvider) { ITracingService tracer = (ITracingService)serviceProvider.GetService(typeof(ITracingService)); IPluginExecutionContext context = (IPluginExecutionContext)serviceProvider.GetService(typeof(IPluginExecutionContext)); IOrganizationServiceFactory factory = (IOrganizationServiceFactory)serviceProvider.GetService(typeof(IOrganizationServiceFactory)); IOrganizationService service = factory.CreateOrganizationService(context.UserId); IOrganizationService adminService = factory.CreateOrganizationService(null); try { if (context.Depth > 1) { return; } if (context.MessageName.ToLower() == "retrieve") { if (context.InputParameters.Contains("Target")) { var enfer = (Microsoft.Xrm.Sdk.EntityReference)context.InputParameters["Target"]; #region 将当前记录共享给当前人 bool isNeedShare = true; //是否需要共享 RetrieveSharedPrincipalsAndAccessRequest shareRequest = new RetrieveSharedPrincipalsAndAccessRequest(); shareRequest.Target = enfer; RetrieveSharedPrincipalsAndAccessResponse shareResponse =(RetrieveSharedPrincipalsAndAccessResponse)adminService.Execute(shareRequest); if (shareResponse.PrincipalAccesses != null) { foreach (PrincipalAccess pa in shareResponse.PrincipalAccesses) { if (pa.Principal.Id.ToString() == context.UserId.ToString()) { isNeedShare = false; } } } if (isNeedShare) { var request = new GrantAccessRequest { PrincipalAccess = new PrincipalAccess { AccessMask = AccessRights.ReadAccess | AccessRights.AppendAccess | AccessRights.AppendToAccess, Principal = new EntityReference("systemuser", context.UserId) }, Target = enfer }; adminService.Execute(request); Entity SysEn = new Entity("systemuser", context.UserId); SysEn["scw_authorizeid"] = enfer.Id.ToString(); //记录手动共享的,在post取消共享 adminService.Update(SysEn); } #endregion } } } catch (Exception e) { throw new InvalidPluginExecutionException(e.Message); } } } }
步骤2:在post取消共享给当前人
using System; using Microsoft.Crm.Sdk.Messages; using Microsoft.Xrm.Sdk; using Microsoft.Xrm.Sdk.Client; using Microsoft.Xrm.Sdk.Query; using Newtonsoft.Json; namespace SCWCRMSolution.Plugin.authorize { /// <summary> /// 授权产品查询后:增加医院对应授权的查看权限 /// </summary> public class scw_authorize_retrieve_post : IPlugin { public void Execute(IServiceProvider serviceProvider) { ITracingService tracer = (ITracingService)serviceProvider.GetService(typeof(ITracingService)); IPluginExecutionContext context = (IPluginExecutionContext)serviceProvider.GetService(typeof(IPluginExecutionContext)); IOrganizationServiceFactory factory = (IOrganizationServiceFactory)serviceProvider.GetService(typeof(IOrganizationServiceFactory)); IOrganizationService service = factory.CreateOrganizationService(context.UserId); IOrganizationService adminService = factory.CreateOrganizationService(null); try { if (context.MessageName.ToLower() == "retrieve") { if (context.OutputParameters.Contains("BusinessEntity")) { var en = (Microsoft.Xrm.Sdk.Entity)context.OutputParameters["BusinessEntity"]; #region 将当前记录共享取消给当前人 bool isNeedDeleteShare = false; //是否需要取消共享 RetrieveSharedPrincipalsAndAccessRequest shareRequest = new RetrieveSharedPrincipalsAndAccessRequest(); shareRequest.Target = en.ToEntityReference(); RetrieveSharedPrincipalsAndAccessResponse shareResponse = (RetrieveSharedPrincipalsAndAccessResponse)adminService.Execute(shareRequest); if (shareResponse.PrincipalAccesses != null) { foreach (PrincipalAccess pa in shareResponse.PrincipalAccesses) { if (pa.Principal.Id.ToString() == context.UserId.ToString()) //存在共享记录 { //判断该共享记录是不是pre共享的 Entity sysEn = adminService.Retrieve("systemuser", context.UserId, new ColumnSet("systemuserid", "scw_authorizeid")); if (sysEn != null && sysEn.Contains("scw_authorizeid") && !string.IsNullOrWhiteSpace(sysEn.GetAttributeValue<string>("scw_authorizeid"))) { isNeedDeleteShare = true; } } } } if (isNeedDeleteShare) { //取消共享 var request = new RevokeAccessRequest { Revokee = new EntityReference("systemuser", context.UserId), Target = en.ToEntityReference() }; service.Execute(request); //这里不能用管理员,不然报:Only owner can revoke access to the owner. //标记已经移除 Entity SysEn = new Entity("systemuser", context.UserId); SysEn["scw_authorizeid"] = null; adminService.Update(SysEn); } #endregion } } } catch (Exception e) { throw new InvalidPluginExecutionException(e.Message); } } } }