/// <summary>
/// 通过ID查询
/// </summary>
/// <param name="userId"></param>
/// <returns></returns>
public async Task <IEnumerable <PermissionJson> > FindByUserId(string userId)
{
// 查询有权组织
var perOegs = RoleOrgPerStore.FindOrgByUserIdPerName(userId, Constants.PER_QUERY);
return(await Find().ToListAsync());
}
/// <summary>
/// 用户(userId)是否具有权限(perName)
/// </summary>
/// <param name="userId">用户ID</param>
/// <param name="perName">权限名</param>
/// <returns></returns>
public async Task <bool> HasPermission(string userId, string perName)
{
// 1. 通过用户ID和权限名查询有权组织ID集合
var perOrgIds = (await RoleOrgPerStore.FindOrgByUserIdPerName(userId, perName)).Select(org => org.Id);
return(perOrgIds.Any());
}
/// <summary>
/// 通过用户ID和组织ID查询 -代码编写中
/// U.ID->R.ID|P.ID->O.ID
/// </summary>
/// <param name="userId">用户ID</param>
/// <param name="orgId">组织ID</param>
/// <returns></returns>
public async Task <IEnumerable <OrganizationJson> > FindByUserIdOrgId(string userId, string orgId)
{
// 1. 查询有权组织集合
var orgs = await RoleOrgPerStore.FindOrgByUserIdPerName(userId, Constants.ORG_QUERY);
// 2. 查询组织ID所在组织
throw new NotImplementedException("未实现");
}
/// <summary>
/// 查询用户(userId)具有组织查询的组织
/// U.ID->R.ID->O.ID-O.ID
/// </summary>
/// <param name="userId">用户ID</param>
/// <returns></returns>
public async Task <IEnumerable <OrganizationJson> > FindPerOrgsByUserId(string userId)
{
// 1. 查询用户的有权组织集合
var orgs = (await RoleOrgPerStore.FindOrgByUserIdPerName(userId, Constants.ORG_QUERY)).ToList();
orgs.ForEach(org => org.Children = null);
return(orgs.Select(org => Mapper.Map <OrganizationJson>(org)));
}
/// <summary>
/// 是否有权限 用户在某个组织下是否具有某项权限
/// </summary>
/// <param name="userId">用户ID</param>
/// <param name="orgId">操作组织ID-前端传入、表示数据范围</param>
/// <param name="perName">权限ID</param>
/// <returns></returns>
public async Task <bool> HasPermission(string userId, string perName, string orgId)
{
// 1. 通过用户ID和权限名查询有权组织ID集合
var perOrgIds = (await RoleOrgPerStore.FindOrgByUserIdPerName(userId, perName)).Select(org => org.Id);
// 2. 判断传入的组织ID在这些权限组织ID集合中
return(perOrgIds.Contains(orgId));
}
/// <summary>
/// 判断用户(userId)有没权限(perName)操作资源(resourceId)
/// </summary>
/// <typeparam name="TResource">资源类型</typeparam>
/// <param name="userId">用户ID</param>
/// <param name="perName">权限名称</param>
/// <param name="resourceId">资源ID(主键)</param>
/// <returns></returns>
public async Task <bool> HasPermission <TResource>(string userId, string perName, string resourceId) where TResource : class
{
// 1. 通过用户ID和权限名查询有权组织ID集合
var perOrgIds = (await RoleOrgPerStore.FindOrgByUserIdPerName(userId, perName)).Select(org => org.Id);
// 2. 查询资源所在组织
var srcOrgIds = (await OrganizationStore.FindByUserIdSrcId <TResource>(userId, resourceId)).Select(uo => uo.Id).ToList();
return(perOrgIds.ContainsAll(srcOrgIds));
}
/// <summary>
/// 用户(userId)在自身的组织下是否具有权限(perName)
/// </summary>
/// <param name="userId">用户ID</param>
/// <param name="perName">权限名</param>
/// <returns></returns>
public async Task <bool> HasPermissionInSelfOrg(string userId, string perName)
{
// 1. 通过用户ID和权限名查询有权组织ID集合
var perOrgIds = (await RoleOrgPerStore.FindOrgByUserIdPerName(userId, perName)).Select(org => org.Id);
// 2. 查询用户所在组织
var userOrgIds = await OrganizationStore.FindByUserId(userId).Select(uo => uo.Id).ToListAsync();
return(perOrgIds.ContainsAll(userOrgIds));
}
/// <summary>
/// 某用户在某组织下是否具有某项权限
/// </summary>
/// <param name="userId">登陆用户ID</param>
/// <param name="perName">权限名</param>
/// <param name="id">用户ID</param>
/// <returns></returns>
public async Task <bool> HasPermissionForUser(string userId, string perName, string id)
{
// 1. 通过用户ID和权限名查询有权组织ID集合
var perOrgIds = (await RoleOrgPerStore.FindOrgByUserIdPerName(userId, perName)).Select(org => org.Id);
// 2. 查询用户所在组织ID集合
var orgIds = await OrganizationStore.FindByUserId(id).Select(org => org.Id).AsNoTracking().ToListAsync();
return(perOrgIds.ContainsAll(orgIds));
}
/// <summary>
/// 通过用户ID查询有权查看的用户列表
/// </summary>
/// <param name="userId">用户ID</param>
/// <returns></returns>
public async Task <IEnumerable <UserJson> > FindByUserId(string userId)
{
// 1. 查询有权组织
var perOrgs = await RoleOrgPerStore.FindOrgByUserIdPerName(userId, Constants.USER_QUERY);
// 2. 查询用户集合
var result = new List <User>();
foreach (var org in perOrgs)
{
result.AddRange(await Store.FindByOrgId(org.Id).ToListAsync());
}
return(result.Select(user => Mapper.Map <UserJson>(user)));
}
/// <summary>
/// 查询用户ID所在组织的所有角色(包含子组织的角色)
/// (((UID-[UR]->RID)|PID)-[ROP]->OID-[RO]->RID)
/// </summary>
/// <param name="userId">用户ID</param>
/// <returns></returns>
public async Task <IEnumerable <RoleJson> > FindRoleOfOrgByUserId(string userId)
{
// 1. 查询用户具有角色查询权限的组织森林,并扩展成组织列表
// 1.1 查询用户权限的组织ID集合
var orgIds = (await RoleOrgPerStore.FindOrgByUserIdPerName(userId, Constants.ROLE_QUERY)).Select(org => org.Id).ToList();
// 2. 查询这些所有组织所包含的角色
// 2.1 查询角色ID集合
var roleIds = await(from ro in RoleOrgStore.Find()
where orgIds.Contains(ro.OrgId)
select ro.RoleId).ToListAsync();
// 2.2 查询角色
var roles = await(from role in Store.Context.Roles
where roleIds.Contains(role.Id)
select role).AsNoTracking().Select(role => Mapper.Map <RoleJson>(role)).ToListAsync();
return(roles);
}
/// <summary>
/// 查询有权组织
/// 根据用户名和权限名查询权限组织
/// </summary>
/// <param name="userId">用户ID</param>
/// <param name="perName">权限名</param>
/// <returns></returns>
public Task <IEnumerable <Organization> > FindOrgByUserIdPerName(string userId, string perName)
{
return(RoleOrgPerStore.FindOrgByUserIdPerName(userId, perName));
}