private async Task <long[]> GetAllUserRoleIds(long userId)
{
var userRoles = await _userRoleRepository.GetAllAsync(p => p.UserId == userId);
var userRoleIds = userRoles.Select(p => p.RoleId).ToList();
var userGroups = await _userUserGroupRelationRoleRepository.GetAllAsync(p => p.UserId == userId);
foreach (var userGroup in userGroups)
{
var userGroupRoles = await _userGroupDomainService.GetUserGroupRoles(userGroup.UserGroupId);
userRoleIds.AddRange(userGroupRoles.Select(p => p.Id));
}
return(userRoleIds.ToArray());
}
public async Task <GetUserGroupOutput> Get(long id)
{
var userGroup = await _userGroupRepository.SingleOrDefaultAsync(p => p.Id == id);
if (userGroup == null)
{
throw new UserFriendlyException($"不存在id为{id}的用户组信息");
}
var userGroupOutput = userGroup.MapTo <GetUserGroupOutput>();
userGroupOutput.Roles = await _userGroupDomainService.GetUserGroupRoles(id);
userGroupOutput.Users = await _userGroupDomainService.GetUserGroupUsers(id);
return(userGroupOutput);
}
public async Task <CheckPermissionResult> GetDataPermissions(long userId, long permissionId)
{
var roles = await GetUserRoles(userId, Status.Valid);
DataPermissionType dataPermissionType = DataPermissionType.OnlySelfOrg;
var userDefinedRoleIds = new List <long>();
foreach (var role in roles)
{
var rolePermissions = await _roleDomainService.GetRolePermissions(role.Id);
if (!rolePermissions.Any(p => p.PermissionId == permissionId))
{
continue;
}
if (role.DataPermissionType > dataPermissionType)
{
dataPermissionType = role.DataPermissionType;
}
if (dataPermissionType == DataPermissionType.UserDefined)
{
userDefinedRoleIds.Add(role.Id);
}
}
var userGroups = await GetUserGroups(userId);
var userDefinedUserGroupIds = new List <long>();
foreach (var userGroup in userGroups)
{
var userGroupPermissions = await
_userGroupPermissionRepository.GetAllAsync(p => p.UserGroupId == userGroup.Id);
if (!userGroupPermissions.Any(p => p.PermissionId == permissionId))
{
continue;
}
if (userGroup.DataPermissionType.HasValue && userGroup.DataPermissionType.Value > dataPermissionType)
{
dataPermissionType = userGroup.DataPermissionType.Value;
}
if (dataPermissionType == DataPermissionType.UserDefined)
{
userDefinedUserGroupIds.Add(userGroup.Id);
}
var userGroupRoles = await _userGroupDomainService.GetUserGroupRoles(userGroup.Id, Status.Valid);
foreach (var userGroupRole in userGroupRoles)
{
var rolePermissions = await _roleDomainService.GetRolePermissions(userGroupRole.Id);
if (!rolePermissions.Any(p => p.PermissionId == permissionId))
{
continue;
}
if (userGroupRole.DataPermissionType > dataPermissionType)
{
dataPermissionType = userGroupRole.DataPermissionType;
}
if (dataPermissionType == DataPermissionType.UserDefined)
{
userDefinedRoleIds.Add(userGroupRole.Id);
}
}
}
var checkPermission = new CheckPermissionResult(dataPermissionType);
switch (dataPermissionType)
{
case DataPermissionType.AllOrg:
checkPermission.DataPermissionOrgIds = new long[0];
break;
case DataPermissionType.OnlySelfOrg:
DebugCheck.NotNull(_session.OrgId);
checkPermission.DataPermissionOrgIds = new[] { _session.OrgId.Value };
break;
case DataPermissionType.SelfAndLowerOrg:
DebugCheck.NotNull(_session.OrgId);
var organizationAppServiceProxy = GetService <IOrganizationAppService>();
var subOrgIds = await organizationAppServiceProxy.GetSubOrgIds(_session.OrgId.Value);
checkPermission.DataPermissionOrgIds = subOrgIds.ToArray();
break;
case DataPermissionType.UserDefined:
checkPermission.DataPermissionOrgIds =
await GetUserDefinedPermissionOrgIds(userDefinedRoleIds, userDefinedUserGroupIds);
break;
}
return(checkPermission);
}