/// <summary> /// 判断用户是否至少含有requiredRoleNames的一个用户角色 /// </summary> /// <param name="user"><see cref="IUser"/></param> /// <param name="requiredRoleNames">待检测用户角色集合</param> /// <returns></returns> public static bool IsInRoles(this IUser user, params string[] requiredRoleNames) { if (user == null) { return(false); } for (int i = 0; i < requiredRoleNames.Length; i++) { requiredRoleNames[i] = requiredRoleNames[i].ToLower(); } RoleService roleService = DIContainer.Resolve <RoleService>(); IEnumerable <string> userRoleNames = roleService.GetRolesOfUser(user.UserId).Select(r => r.RoleName.ToLower()); if (roleService == null) { roleService = new RoleService(); } foreach (var roleName in userRoleNames) { if (requiredRoleNames.Contains(roleName)) { return(true); } } return(false); }
/// <summary> /// 解析用户的权限规则用于权限验证 /// </summary> /// <param name="userId">用户Id</param> /// <returns></returns> public ResolvedUserPermission ResolveUserPermission(long userId) { string cacheKey = "ResolvedUserPermission:" + userId; ICacheService cacheService = DIContainer.Resolve <ICacheService>(); ResolvedUserPermission resolvedUserPermission = cacheService.Get <ResolvedUserPermission>(cacheKey); if (resolvedUserPermission == null) { resolvedUserPermission = new ResolvedUserPermission(); var user = DIContainer.Resolve <IUserService>().GetUser(userId); //匿名用户 if (user == null) { return(resolvedUserPermission); } RoleService roleService = DIContainer.Resolve <RoleService>(); IEnumerable <Role> userRoles = roleService.GetRolesOfUser(userId); IList <string> roleNamesOfUser = userRoles.Select(n => n.RoleName).ToList(); roleNamesOfUser.Add(RoleNames.Instance().RegisteredUsers()); if (user.IsModerated) { roleNamesOfUser.Add(RoleNames.Instance().ModeratedUser()); } foreach (var roleName in roleNamesOfUser) { IEnumerable <PermissionItemInUserRole> permissionItemsInUserRole = GetPermissionItemsInUserRole(roleName); foreach (var permissionItemInUserRole in permissionItemsInUserRole) { PermissionItem permissionItem = GetPermissionItem(permissionItemInUserRole.ItemKey); if (permissionItem == null) { continue; } resolvedUserPermission.Merge(permissionItem, permissionItemInUserRole.PermissionType, permissionItemInUserRole.PermissionScope, permissionItemInUserRole.PermissionQuota); } } cacheService.Add(cacheKey, resolvedUserPermission, CachingExpirationType.UsualObjectCollection); } return(resolvedUserPermission); }
/// <summary> /// 判断是否需要在一定的严格程度上需要审核 /// </summary> /// <param name="userId">UserId</param> /// <param name="auditable">可审核实体</param> /// <param name="strictDegree">审核严格程度</param> /// <returns></returns> private bool NeedAudit(long userId, IAuditable auditable, AuditStrictDegree strictDegree) { var user = DIContainer.Resolve <IUserService>().GetUser(userId); //匿名用户需要审核 if (user == null) { return(true); } IUserSettingsManager userSettingsManager = DIContainer.Resolve <IUserSettingsManager>(); UserSettings userSettings = userSettingsManager.Get(); RoleService roleService = new RoleService(); //不启用审核 if (!userSettings.EnableAudit) { return(false); } //如果用户处于免审核角色,则直接通过 if (roleService.IsUserInRoles(userId, userSettings.NoAuditedRoleNames.ToArray())) { return(false); } //获取用户所属的角色,并附加上注册用户角色 IEnumerable <Role> rolesOfUser = roleService.GetRolesOfUser(userId); IList <string> roleNamesOfUser = rolesOfUser.Select(n => n.RoleName).ToList(); roleNamesOfUser.Add(RoleNames.Instance().RegisteredUsers()); if (user.IsModerated) { roleNamesOfUser.Add(RoleNames.Instance().ModeratedUser()); } //判断每个用户角色的设置是否可用 foreach (var roleName in roleNamesOfUser) { IEnumerable <AuditItemInUserRole> auditItemInUserRoles = GetAuditItemsInUserRole(roleName); foreach (var auditItemInUserRole in auditItemInUserRoles) { if (auditItemInUserRole.ItemKey.Equals(auditable.AuditItemKey)) { if (auditItemInUserRole.StrictDegree == AuditStrictDegree.None) { return(false); } else if (auditItemInUserRole.StrictDegree == AuditStrictDegree.NotSet) { break; } else if ((int)auditItemInUserRole.StrictDegree >= (int)strictDegree) { return(true); } } } } //如果用户处于免审核用户等级,也直接通过 if (user.Rank >= userSettings.MinNoAuditedUserRank) { return(false); } return(false); }