public IActionResult ListShadow([FromBody] QueryApplyViewModel model, string entityType) { CheckValidQuery(model, entityType); if (entityType == "vacation") { var list = applyService.QueryApplies(model, false, out var totalCount).Select(a => a.ToShadowDto()); return(new JsonResult(new EntitiesListViewModel <ApplyShadowDto>(list, totalCount))); } else { var list = applyInDayService.QueryApplies(model, false, out var totalCount).Select(a => a.ToShadowDto()); return(new JsonResult(new EntitiesListViewModel <ApplyShadowDto>(list, totalCount))); }; }
public IActionResult List([FromBody] QueryApplyViewModel model, string entityType) { CheckValidQuery(model, entityType); if (entityType == "vacation") { var list = applyService.QueryApplies(model, false, out var totalCount).Select(a => a.ToSummaryDto(a.RequestInfo)); return(new JsonResult(new EntitiesListViewModel <ApplySummaryDto <ApplyRequest> >(list, totalCount))); } else { var list = applyInDayService.QueryApplies(model, false, out var totalCount).Select(a => a.ToSummaryDto(a.RequestInfo)); return(new JsonResult(new EntitiesListViewModel <ApplySummaryDto <ApplyIndayRequest> >(list, totalCount))); } }
private void CheckValidQuery(QueryApplyViewModel model, string entityType) { var auditUser = currentUserService.CurrentUser; if (model.Auth?.AuthByUserID != null && model.Auth?.AuthByUserID != null && auditUser?.Id != model.Auth?.AuthByUserID) { if (model.Auth.Verify(authService, currentUserService.CurrentUser?.Id)) { auditUser = usersService.GetById(model.Auth.AuthByUserID); } else { throw new ActionStatusMessageException(ActionStatusMessage.Account.Auth.AuthCode.Invalid); } } if (auditUser == null) { throw new ActionStatusMessageException(auditUser.NotLogin()); } // 检查查询的单位范围,如果范围是空,则需要root权限 var permitCompanies = model.CreateCompany?.Arrays ?? new List <string>() { "root" }; foreach (var c in permitCompanies) { var permission = entityType switch { "vacation" => DictionaryAllPermission.Apply.Default, _ => DictionaryAllPermission.Apply.InDayApply }; var permit = userActionServices.Permission(auditUser?.Application?.Permission, permission, Operation.Query, auditUser.Id, c, "审批列表"); var cItem = companiesService.GetById(c); if (!permit) { throw new ActionStatusMessageException(new ApiResult(ActionStatusMessage.Account.Auth.Invalid.Default.Status, $"不具有{cItem?.Name}({c})的权限")); } } }