/// <summary> /// 判断用户是否至少含有requiredRoleNames的一个用户角色 /// </summary> /// <param name="user"><see cref="IUser"/></param> /// <param name="requiredRoleNames">待检测用户角色集合</param> /// <returns></returns> public static bool IsInRoles(this IUser user, params string[] requiredRoleNames) { if (user == null) { return(false); } RoleService roleService = DIContainer.Resolve <RoleService>(); return(roleService.IsUserInRoles(user.UserId, requiredRoleNames)); }
/// <summary> /// 判断是否需要在一定的严格程度上需要审核 /// </summary> /// <param name="userId">UserId</param> /// <param name="auditable">可审核实体</param> /// <param name="strictDegree">审核严格程度</param> /// <returns></returns> private bool NeedAudit(long userId, IAuditable auditable, AuditStrictDegree strictDegree) { var user = DIContainer.Resolve <IUserService>().GetUser(userId); //匿名用户需要审核 if (user == null) { return(true); } UserSettings userSettings = DIContainer.Resolve <ISettingsManager <UserSettings> >().Get(); RoleService roleService = new RoleService(); //不启用审核 if (!userSettings.EnableAudit) { return(false); } //如果用户处于免审核角色,则直接通过 if (roleService.IsUserInRoles(userId, userSettings.NoAuditedRoleNames.ToArray())) { return(false); } //获取用户所属的角色,并附加上注册用户角色 IList <string> roleNamesOfUser = roleService.GetRoleNamesOfUser(userId).ToList(); roleNamesOfUser.Add(RoleNames.Instance().RegisteredUsers()); if (user.IsModerated) { roleNamesOfUser.Add(RoleNames.Instance().ModeratedUser()); } //判断每个用户角色的设置是否可用 foreach (var roleName in roleNamesOfUser) { IEnumerable <AuditItemInUserRole> auditItemInUserRoles = GetAuditItemsInUserRole(roleName); foreach (var auditItemInUserRole in auditItemInUserRoles) { if (auditItemInUserRole.ItemKey.Equals(auditable.AuditItemKey)) { if (auditItemInUserRole.StrictDegree == AuditStrictDegree.None) { return(false); } else if (auditItemInUserRole.StrictDegree == AuditStrictDegree.NotSet) { break; } else if ((int)auditItemInUserRole.StrictDegree >= (int)strictDegree) { return(true); } } } } //如果用户处于免审核用户等级,也直接通过 if (user.Rank >= userSettings.MinNoAuditedUserRank) { return(false); } return(false); }
// This method must be thread-safe since it is called by the thread-safe OnCacheAuthorization() method. protected virtual bool AuthorizeCore(AuthorizationContext filterContext) { IUser currentUser = UserContext.CurrentUser; if (currentUser == null) return false; if (CheckCookie) { HttpCookie adminCookie = filterContext.HttpContext.Request.Cookies["SpacebuilderAdminCookie" + currentUser.UserId]; if (adminCookie != null) { bool isLoginMarked = false; try { bool.TryParse(Utility.DecryptTokenForAdminCookie(adminCookie.Value), out isLoginMarked); } catch { } if (!isLoginMarked) return false; } else { return false; } } RoleService roleService = new RoleService(); if (RequireSystemAdministrator) { if (roleService.IsUserInRoles(currentUser.UserId, RoleNames.Instance().SuperAdministrator())) return true; else return false; } else { if (roleService.IsUserInRoles(currentUser.UserId, RoleNames.Instance().SuperAdministrator(), RoleNames.Instance().ContentAdministrator())) return true; } if (checkApplication) { //是否为管理员 string applicationKey = GetAreaName(filterContext.RouteData); var application = DIContainer.Resolve<ApplicationService>().Get(applicationKey); var authorizer = DIContainer.Resolve<Authorizer>(); if (application != null && authorizer.IsAdministrator(application.ApplicationId)) return true; string tenantTypeId = filterContext.RequestContext.GetParameterFromRouteDataOrQueryString("tenantTypeId"); if (!string.IsNullOrEmpty(tenantTypeId)) { TenantType tenantType = DIContainer.Resolve<TenantTypeService>().Get(tenantTypeId); if (tenantType != null) { if (authorizer.IsAdministrator(tenantType.ApplicationId)) return true; } } } else { return currentUser.IsAllowEntryControlPannel(); } return false; }
/// <summary> /// 判断用户是否为超级管理员 /// </summary> /// <param name="user"></param> /// <returns></returns> public static bool IsContentAdministrator(this IUser user) { RoleService roleService = DIContainer.Resolve <RoleService>(); return(roleService.IsUserInRoles(user.UserId, RoleNames.Instance().ContentAdministrator())); }