public async Task <IEnumerable <UserRoleDto> > GetRolesAsync(string id, bool getAllRoles = false, IEnumerable <string> allowedClientIds = null)
{
var user = await _userRepo.GetAsync(id);
if (user == null)
{
throw new IamException(System.Net.HttpStatusCode.BadRequest, "用户不存在");
}
var roleNames = await _userMgr.GetRolesAsync(user);
var userRoles = await _roleRepo.GetAllByNamesAsync(roleNames, allowedClientIds);
var orgRoles = user.UserOrganizations.SelectMany(itm => itm.Organization.OrganizationRoles.Select(itm => itm.Role));
if (allowedClientIds != null)
{
// 普通管理员只能看到有权限的 clientId
orgRoles = orgRoles.Where(itm => allowedClientIds.Contains(itm.ClientId));
}
List <UserRoleDto> results = null;
if (!getAllRoles)
{
results = userRoles.Select(itm => new UserRoleDto
{
Id = itm.Id,
Name = itm.Name,
Desc = itm.Description,
IsAdmin = itm.IsAdmin,
IsSuperAdmin = itm.IsSuperAdmin,
IsOwned = true,
}).ToList();
// 增加组织中包含的角色
results.AddRange(orgRoles.Select(itm => new UserRoleDto
{
Id = itm.Id,
Name = itm.Name,
Desc = itm.Description,
IsAdmin = itm.IsAdmin,
IsSuperAdmin = itm.IsSuperAdmin,
IsOwned = true,
IsBelongToOrg = true
}));
return(results.Distinct());
}
var allRoles = await _roleRepo.GetAllAsync(allowedClientIds : allowedClientIds, pageSize : 0);
results = allRoles.Data?.Select(itm => new UserRoleDto
{
Id = itm.Id,
Name = itm.Name,
Desc = itm.Description,
IsAdmin = itm.IsAdmin,
IsSuperAdmin = itm.IsSuperAdmin,
IsOwned = userRoles.Any(role => itm.Id == role.Id) || orgRoles.Any(role => itm.Id == role.Id),
IsBelongToOrg = orgRoles.Any(role => itm.Id == role.Id)
}).ToList();
return(results.Distinct());
}
