private EGMSPermissionRM CreateEGMSPermission(Commands.V1.EGMSPermission.Create cmd)
{
if (_repository.PermissionExists(cmd.PermissionName))
{
throw new InvalidOperationException($"Permission with name {cmd.PermissionName} already exists");
}
EGMSPermission permission = EGMSPermission.Create(_permissions++, PermissionName.Create(cmd.PermissionName),
PermissionDescription.Create(cmd.PermissionDescription), cmd.IsActive);
_repository.AddPermission(permission);
return(Conversions.GetEGMSPermissionRM(permission));
}
/// <summary>
/// 检查是否符合授权
/// </summary>
/// <param name="auth"></param>
/// <param name="permission">需要何授权</param>
/// <param name="operation">进行何操作</param>
/// <param name="targetCompany">被授权方使用何单位,为空表示需要root授权</param>
/// <param name="description"></param>
private User CheckPermission(GoogleAuthDataModel auth, PermissionDescription permission = null, Operation operation = Operation.Update, string targetCompany = "", string description = null)
{
var authUser = auth.AuthUser(googleAuthService, usersService, currentUserService.CurrentUser?.Id);
if (authUser == null)
{
throw new ActionStatusMessageException(ActionStatusMessage.UserMessage.NotExist);
}
if (permission == null)
{
permission = DictionaryAllPermission.Grade.Subject;
}
if (!userActionServices.Permission(authUser.Application.Permission, permission, operation, authUser.Id, targetCompany, description))
{
throw new ActionStatusMessageException(auth.PermitDenied());
}
return(authUser);
}
public async Task <bool> PermissionAsync(Permissions permissions, PermissionDescription key, Operation operation, string permissionUserName, string targetUserCompanyCode, string description = null)
{
var a = await LogAsync(UserOperation.Permission, permissionUserName, $"授权到{targetUserCompanyCode}执行{key?.Name} {key?.Description}@{operation} {description}", false, ActionRank.Danger);
if (permissions.Check(key, operation, targetUserCompanyCode))
{
Status(a, true, "直接权限");
return(true);
}
var u = usersService.GetById(permissionUserName);
if (u != null)
{
var uc = u.CompanyInfo;
var ud = uc.Duties.IsMajorManager;
var ucmp = uc.CompanyCode;
if (targetUserCompanyCode == null || (targetUserCompanyCode.Length >= ucmp.Length && targetUserCompanyCode.StartsWith(ucmp)) && ud)
{
Status(a, true, $"单位主官");
return(true);
}
else
{
var results = userServiceDetail.InMyManage(u).Result;
if (targetUserCompanyCode == null && results.Item2 > 0)
{
return(true); // 如果无授权对象,则有任意单位权限即可
}
else if (results.Item2 > 0 && results.Item1.Any(c => targetUserCompanyCode.Length >= c.Code.Length && targetUserCompanyCode.StartsWith(c.Code)))
{
Status(a, true, $"单位管理");
return(true);
}
}
}
//throw new ActionStatusMessageException(ActionStatusMessage.Account.Auth.Invalid.Default);
return(false);
}
public bool Permission(Permissions permissions, PermissionDescription key, Operation operation, string permissionUserName, string targetUserCompanyCode, string description = null) => PermissionAsync(permissions, key, operation, permissionUserName, targetUserCompanyCode, description).Result;
public static EGMSPermission Create(int permissionId, PermissionName permissionName, PermissionDescription permissionDescription,
bool isActive)
{
return(new EGMSPermission
{
Id = permissionId, PermissionName = permissionName, PermissionDescription = permissionDescription, IsActive = isActive
});
}
