/// <summary>
/// 判断用户是否至少含有requiredRoleNames的一个用户角色
/// </summary>
/// <param name="user"><see cref="IUser"/></param>
/// <param name="requiredRoleNames">待检测用户角色集合</param>
/// <returns></returns>
public static bool IsInRoles(this IUser user, params string[] requiredRoleNames)
{
if (user == null)
{
return(false);
}
RoleService roleService = DIContainer.Resolve <RoleService>();
return(roleService.IsUserInRoles(user.UserId, requiredRoleNames));
}
/// <summary>
/// 判断是否需要在一定的严格程度上需要审核
/// </summary>
/// <param name="userId">UserId</param>
/// <param name="auditable">可审核实体</param>
/// <param name="strictDegree">审核严格程度</param>
/// <returns></returns>
private bool NeedAudit(long userId, IAuditable auditable, AuditStrictDegree strictDegree)
{
var user = DIContainer.Resolve <IUserService>().GetUser(userId);
//匿名用户需要审核
if (user == null)
{
return(true);
}
UserSettings userSettings = DIContainer.Resolve <ISettingsManager <UserSettings> >().Get();
RoleService roleService = new RoleService();
//不启用审核
if (!userSettings.EnableAudit)
{
return(false);
}
//如果用户处于免审核角色,则直接通过
if (roleService.IsUserInRoles(userId, userSettings.NoAuditedRoleNames.ToArray()))
{
return(false);
}
//获取用户所属的角色,并附加上注册用户角色
IList <string> roleNamesOfUser = roleService.GetRoleNamesOfUser(userId).ToList();
roleNamesOfUser.Add(RoleNames.Instance().RegisteredUsers());
if (user.IsModerated)
{
roleNamesOfUser.Add(RoleNames.Instance().ModeratedUser());
}
//判断每个用户角色的设置是否可用
foreach (var roleName in roleNamesOfUser)
{
IEnumerable <AuditItemInUserRole> auditItemInUserRoles = GetAuditItemsInUserRole(roleName);
foreach (var auditItemInUserRole in auditItemInUserRoles)
{
if (auditItemInUserRole.ItemKey.Equals(auditable.AuditItemKey))
{
if (auditItemInUserRole.StrictDegree == AuditStrictDegree.None)
{
return(false);
}
else if (auditItemInUserRole.StrictDegree == AuditStrictDegree.NotSet)
{
break;
}
else if ((int)auditItemInUserRole.StrictDegree >= (int)strictDegree)
{
return(true);
}
}
}
}
//如果用户处于免审核用户等级,也直接通过
if (user.Rank >= userSettings.MinNoAuditedUserRank)
{
return(false);
}
return(false);
}
// This method must be thread-safe since it is called by the thread-safe OnCacheAuthorization() method.
protected virtual bool AuthorizeCore(AuthorizationContext filterContext)
{
IUser currentUser = UserContext.CurrentUser;
if (currentUser == null)
return false;
if (CheckCookie)
{
HttpCookie adminCookie = filterContext.HttpContext.Request.Cookies["SpacebuilderAdminCookie" + currentUser.UserId];
if (adminCookie != null)
{
bool isLoginMarked = false;
try
{
bool.TryParse(Utility.DecryptTokenForAdminCookie(adminCookie.Value), out isLoginMarked);
}
catch { }
if (!isLoginMarked)
return false;
}
else
{
return false;
}
}
RoleService roleService = new RoleService();
if (RequireSystemAdministrator)
{
if (roleService.IsUserInRoles(currentUser.UserId, RoleNames.Instance().SuperAdministrator()))
return true;
else
return false;
}
else
{
if (roleService.IsUserInRoles(currentUser.UserId, RoleNames.Instance().SuperAdministrator(), RoleNames.Instance().ContentAdministrator()))
return true;
}
if (checkApplication)
{
//是否为管理员
string applicationKey = GetAreaName(filterContext.RouteData);
var application = DIContainer.Resolve<ApplicationService>().Get(applicationKey);
var authorizer = DIContainer.Resolve<Authorizer>();
if (application != null && authorizer.IsAdministrator(application.ApplicationId))
return true;
string tenantTypeId = filterContext.RequestContext.GetParameterFromRouteDataOrQueryString("tenantTypeId");
if (!string.IsNullOrEmpty(tenantTypeId))
{
TenantType tenantType = DIContainer.Resolve<TenantTypeService>().Get(tenantTypeId);
if (tenantType != null)
{
if (authorizer.IsAdministrator(tenantType.ApplicationId))
return true;
}
}
}
else
{
return currentUser.IsAllowEntryControlPannel();
}
return false;
}
/// <summary>
/// 判断用户是否为超级管理员
/// </summary>
/// <param name="user"></param>
/// <returns></returns>
public static bool IsContentAdministrator(this IUser user)
{
RoleService roleService = DIContainer.Resolve <RoleService>();
return(roleService.IsUserInRoles(user.UserId, RoleNames.Instance().ContentAdministrator()));
}
