版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/woniu1104913/article/details/83592199
最近碰到几个人问我,怎么在js里使用web api查询当前用户是否对某个实体有某某权限,问我有没有写过类似的博客,找了下还真没有,那就补上。
直接上代码,主要用到了几张表的联合,关注代码中的fetchxml即可,两个condition分别是当前用户id和你要查询的这个用户的某个权限,这个权限的value值可以去数据库的privilege这张表查
var userid = Xrm.Page.context.getUserId();
var quoteFetchXML = "<fetch version='1.0' output-format='xml-platform' mapping='logical' distinct='false'>\
<entity name='systemuser'>\
<attribute name='systemuserid' />\
<link-entity name='systemuserroles' alias='a' from='systemuserid' to='systemuserid'>\
<link-entity name='role' alias='b' from='roleid' to='roleid'>\
<link-entity name='roleprivileges' alias='c' from='roleid' to='roleid'>\
<link-entity name='privilege' alias='d' from='privilegeid' to='privilegeid'>\
<filter type='and'>\
<condition attribute='name' operator='eq' value='prvReadLead'/>\
</filter>\
</link-entity>\
</link-entity>\
</link-entity>\
</link-entity>\
<filter type='and'>\
<condition attribute='systemuserid' operator='eq' value='"
+ userid + "'/>\
</filter>\
</entity>\
</fetch>";
var encodedFetchXML = encodeURIComponent(quoteFetchXML);
var req = new XMLHttpRequest();
req.open("GET", Xrm.Page.context.getClientUrl() + "/api/data/v8.2/systemusers?fetchXml=" + encodedFetchXML, false);
req.setRequestHeader("OData-MaxVersion", "4.0");
req.setRequestHeader("OData-Version", "4.0");
req.setRequestHeader("Accept", "application/json");
req.setRequestHeader("Prefer", "odata.include-annotations=\"OData.Community.Display.V1.FormattedValue\"");
req.onreadystatechange = function () {
if (this.readyState === 4) {
req.onreadystatechange = null;
if (this.status === 200) {
var results = JSON.parse(this.response);
}
}
};
req.send();上面代码中的fetchxml只是用户自身的权限查询,还有一个所属团队的权限查询,fetchxml如下
<fetch version='1.0' output-format='xml-platform' mapping='logical' distinct='false'>
<entity name='systemuser'>
<attribute name='systemuserid' />
<link-entity name='teammembership' alias='a' from='systemuserid' to='systemuserid'>
<link-entity name='team' alias='e' from='teamid' to='teamid'>
<link-entity name='teamRoles' alias='f' from='teamid' to='teamid'>
<link-entity name='role' alias='b' from='roleid' to='roleid'>
<link-entity name='roleprivileges' alias='c' from='roleid' to='roleid'>
<link-entity name='privilege' alias='d' from='privilegeid' to='privilegeid'>
<filter type='and'>
<condition attribute='name' operator='eq' value='prvReadLead'/>
</filter>
</link-entity>
</link-entity>
</link-entity>
</link-entity>
</link-entity>
</link-entity>
<filter type='and'>
<condition attribute='systemuserid' operator='eq' value='FCCBB09D-D559-E811-80D4-0017FA01322A'/>
</filter>
</entity>
</fetch>下面上两张执行结果图,下面这张是以管理员id执行,对lead是有读权限的
下面这张是换了个没有权限的账号id,返回数据集就是空了
这里要注意个问题,使用web api查询执行代码的权限用的是当前用户自身的权限,在你的实际业务场景中有可能当前账号对用户实体就没读权限,那这段代码的执行就需要使用web api中的模拟用户了,使用管理员的身份去执行。