/// <summary>
/// 判断用户是否至少含有requiredRoleNames的一个用户角色
/// </summary>
/// <param name="user"><see cref="IUser"/></param>
/// <param name="requiredRoleNames">待检测用户角色集合</param>
/// <returns></returns>
public static bool IsInRoles(this IUser user, params string[] requiredRoleNames)
{
if (user == null)
{
return(false);
}
for (int i = 0; i < requiredRoleNames.Length; i++)
{
requiredRoleNames[i] = requiredRoleNames[i].ToLower();
}
RoleService roleService = DIContainer.Resolve <RoleService>();
IEnumerable <string> userRoleNames = roleService.GetRolesOfUser(user.UserId).Select(r => r.RoleName.ToLower());
if (roleService == null)
{
roleService = new RoleService();
}
foreach (var roleName in userRoleNames)
{
if (requiredRoleNames.Contains(roleName))
{
return(true);
}
}
return(false);
}
/// <summary>
/// 解析用户的权限规则用于权限验证
/// </summary>
/// <param name="userId">用户Id</param>
/// <returns></returns>
public ResolvedUserPermission ResolveUserPermission(long userId)
{
string cacheKey = "ResolvedUserPermission:" + userId;
ICacheService cacheService = DIContainer.Resolve <ICacheService>();
ResolvedUserPermission resolvedUserPermission = cacheService.Get <ResolvedUserPermission>(cacheKey);
if (resolvedUserPermission == null)
{
resolvedUserPermission = new ResolvedUserPermission();
var user = DIContainer.Resolve <IUserService>().GetUser(userId);
//匿名用户
if (user == null)
{
return(resolvedUserPermission);
}
RoleService roleService = DIContainer.Resolve <RoleService>();
IEnumerable <Role> userRoles = roleService.GetRolesOfUser(userId);
IList <string> roleNamesOfUser = userRoles.Select(n => n.RoleName).ToList();
roleNamesOfUser.Add(RoleNames.Instance().RegisteredUsers());
if (user.IsModerated)
{
roleNamesOfUser.Add(RoleNames.Instance().ModeratedUser());
}
foreach (var roleName in roleNamesOfUser)
{
IEnumerable <PermissionItemInUserRole> permissionItemsInUserRole = GetPermissionItemsInUserRole(roleName);
foreach (var permissionItemInUserRole in permissionItemsInUserRole)
{
PermissionItem permissionItem = GetPermissionItem(permissionItemInUserRole.ItemKey);
if (permissionItem == null)
{
continue;
}
resolvedUserPermission.Merge(permissionItem, permissionItemInUserRole.PermissionType, permissionItemInUserRole.PermissionScope, permissionItemInUserRole.PermissionQuota);
}
}
cacheService.Add(cacheKey, resolvedUserPermission, CachingExpirationType.UsualObjectCollection);
}
return(resolvedUserPermission);
}
/// <summary>
/// 判断是否需要在一定的严格程度上需要审核
/// </summary>
/// <param name="userId">UserId</param>
/// <param name="auditable">可审核实体</param>
/// <param name="strictDegree">审核严格程度</param>
/// <returns></returns>
private bool NeedAudit(long userId, IAuditable auditable, AuditStrictDegree strictDegree)
{
var user = DIContainer.Resolve <IUserService>().GetUser(userId);
//匿名用户需要审核
if (user == null)
{
return(true);
}
IUserSettingsManager userSettingsManager = DIContainer.Resolve <IUserSettingsManager>();
UserSettings userSettings = userSettingsManager.Get();
RoleService roleService = new RoleService();
//不启用审核
if (!userSettings.EnableAudit)
{
return(false);
}
//如果用户处于免审核角色,则直接通过
if (roleService.IsUserInRoles(userId, userSettings.NoAuditedRoleNames.ToArray()))
{
return(false);
}
//获取用户所属的角色,并附加上注册用户角色
IEnumerable <Role> rolesOfUser = roleService.GetRolesOfUser(userId);
IList <string> roleNamesOfUser = rolesOfUser.Select(n => n.RoleName).ToList();
roleNamesOfUser.Add(RoleNames.Instance().RegisteredUsers());
if (user.IsModerated)
{
roleNamesOfUser.Add(RoleNames.Instance().ModeratedUser());
}
//判断每个用户角色的设置是否可用
foreach (var roleName in roleNamesOfUser)
{
IEnumerable <AuditItemInUserRole> auditItemInUserRoles = GetAuditItemsInUserRole(roleName);
foreach (var auditItemInUserRole in auditItemInUserRoles)
{
if (auditItemInUserRole.ItemKey.Equals(auditable.AuditItemKey))
{
if (auditItemInUserRole.StrictDegree == AuditStrictDegree.None)
{
return(false);
}
else if (auditItemInUserRole.StrictDegree == AuditStrictDegree.NotSet)
{
break;
}
else if ((int)auditItemInUserRole.StrictDegree >= (int)strictDegree)
{
return(true);
}
}
}
}
//如果用户处于免审核用户等级,也直接通过
if (user.Rank >= userSettings.MinNoAuditedUserRank)
{
return(false);
}
return(false);
}
