private void CheckAuth(string requestUrl, UserViewModel user)
{
if (BusinessConst.PermissionFilter.Contains(requestUrl))
{
return;
}
if ((int)user.Type != 0)
{
requestUrl = requestUrl + ",";
var tmp = user.Menus.Where(c => c.Url.Contains(requestUrl)).ToList();
if (!tmp.Any())
throw new DataOperationPermissions("用户无权限访问该资源,请求失败");
}
}
/// <summary>
/// 设置权限
/// </summary>
/// <param name="user"></param>
/// <param name="operateUserId"></param>
public void SetAuthorityAccount(UserViewModel user, int operateUserId)
{
var model = _userRepository.GetModelTracking()
.Include(p => p.Menus).FirstOrDefault(p => p.ID == user.ID && (p.Status == UserStatus.Normal || p.Status == UserStatus.Freeze));
if (model == null) throw new BusinessException("此账号不存在");
var loginUser = RedisHelp.GetLoginUserCacheNotNull(operateUserId);
BuidDataAuthorityVerify(operateUserId, model);
model.Menus.Clear();
//当权限值不为空时
if (user.Menus != null && user.Menus.Any())
{
//注:用户得到 自己的权限
int value = (int)model.Type;
var listMenu = _menuRepository.GetModelTracking().Where(p => ((p.UserMenu & value) == value)).ToList();
List<string> errMgs = new List<string>();
foreach (var item in user.Menus)
{
var menu = listMenu.FirstOrDefault(p => p.ID == item.ID);
if (menu == null)
{
errMgs.Add(item.Name);
}
else
{
model.Menus.Add(menu);
//用户不为专线时
//要添加一级菜单
if (model.Type != UserType.SpecialLine)
{
var upMenu = listMenu.FirstOrDefault(p => p.ID == menu.UpMenuId);
if (upMenu == null)
throw new BusinessException("菜单权限值设置有误,除专线以外的角色都有一级菜单权限");
//不存在一级菜单时 添加
if (model.Menus.All(p => p.ID != upMenu.ID))
model.Menus.Add(upMenu);
}
}
}
if (errMgs.Any())
{
throw new DataOperationPermissions(string.Format("此用户不能设置{0}权限", string.Join(",", errMgs)));
}
}
_userRepository.Update(model);
#region 更新缓存
var updateUser = RedisHelp.GetLoginUserCache(user.ID);
if (updateUser != null)
{
updateUser.Menus = user.Menus;
RedisHelp.RefreshLoginUserCache(updateUser);
}
#endregion
}
/// <summary>
/// 账号添加
/// 注:前端传入分社与专线编号都用 BranchId
/// 通过 登录人Type 判断添加的用户类型
/// </summary>
/// <param name="user"></param>
/// <param name="operateUserId"></param>
public void AccountAdd(UserViewModel user, int operateUserId)
{
#region 验证
if (user == null)
throw new DataValidationException(string.Format(BusinessResourceMessage.ItemCanNotNull, "传入参数"));
if (!user.Name.ValidateLen(20))
throw new DataValidationException("真实姓名长度在1-20个汉字");
if (!user.Login.ValidateLen(20))
throw new DataValidationException("登录账号不能超过20个字符");
if (!CommonValidator.isMobile(user.Phone))
throw new DataValidationException("请输入正确的手机号码");
if (user.Type <= 0 || !user.BranchId.HasValue)
throw new DataValidationException("请选择机构");
#endregion
if (_userRepository.GetModel().Any(p => p.Login.Equals(user.Login)
&& (p.Status == UserStatus.Normal || p.Status == UserStatus.Freeze)))
throw new BusinessException("用户名已存在,请重新输入");
if (_userRepository.GetModel().Any(p => p.Phone.Equals(user.Phone)
&& (p.Status == UserStatus.Normal || p.Status == UserStatus.Freeze)))
throw new BusinessException("用户手机号已存在,请重新输入");
var operateUser = RedisHelp.GetLoginUserCacheNotNull(operateUserId);
var model = new User();
model.Login = user.Login;
model.PassWord = CommonMD5.getInstance().Get2MD5(BusinessConst._PASSWORD);
model.Name = user.Name;
model.IsSpecialManager = user.IsSpecialManager;
//当操作员为总公司时添加账号则为分社
//操作员为总公司时 分社所属机构为操作员ID
switch (operateUser.Type)
{
case UserType.Company:
if (user.Type != UserType.Branch)
throw new DataOperationPermissions("无此操作权限,总公司只能添加分社账号");
model.Type = UserType.Branch;
model.BranchId = user.BranchId;
break;
case UserType.Branch:
if (user.Type != UserType.SpecialLine)
throw new DataOperationPermissions("无此操作权限,分社只能添加专线账号");
model.Type = UserType.SpecialLine;
model.SpecialId = user.BranchId;
break;
case UserType.SpecialLine:
//当登录人为专线操作员时
if (!operateUser.IsSpecialManager)
throw new DataOperationPermissions("无此操作权限,专线操作员不能操作账号管控所有权限");
//登录人 与添加专线不一致时
if (operateUser.SpecialId != user.BranchId)
throw new DataOperationPermissions("无此操作权限,专线管理员只能操作自己所属专线");
//当添加用户为管理员时
if (user.IsSpecialManager)
throw new DataOperationPermissions("无此操作权限,专线管理员只能添加专线操作员账号");
model.Type = UserType.SpecialLine;
model.SpecialId = user.BranchId;
break;
default:
model.Type = user.Type;
switch (user.Type)
{
case UserType.Branch:
model.BranchId = user.BranchId;
break;
case UserType.SpecialLine:
model.SpecialId = user.BranchId;
break;
default:
throw new BusinessException("数据异常,不存在此数据");
}
break;
}
model.Status = UserStatus.Normal;
model.Phone = user.Phone;
model.CreaterId = operateUserId;
model.CreateTime = DateTime.Now;
model.UpdaterId = operateUserId;
model.UpdateTime = DateTime.Now;
#region 设置默认权限
var value = (int)model.Type;
var listMenu = _menuRepository.GetModelTracking().Where(p => ((p.UserMenu & value) == value)).ToList();
model.Menus = listMenu;
#endregion
BuidDataAuthorityVerify(operateUserId, model);
_userRepository.Insert(model);
}
/// <summary>
/// 账号更新
/// 注:只能更新手机 此处权限不控制
/// 现业务正常情况只能自己更新自己的
/// </summary>
/// <param name="user"></param>
/// <param name="operateUserId"></param>
public void AccountUpdate(UserViewModel user, int operateUserId)
{
if (user.ID != operateUserId)
throw new DataOperationPermissions("无此操作权限,只能修改自己信息");
if (!_userRepository.GetModel().Any(p => p.ID == user.ID && p.Status == UserStatus.Normal)) throw new BusinessException("此账号不存在");
DateTime dt = DateTime.Now;
_userRepository.Update(p => p.ID == user.ID, u => new User() { Phone = user.Phone, UpdaterId = operateUserId, UpdateTime = dt });
#region 更新缓存
var loginUser = RedisHelp.GetLoginUserCache(user.ID);
if (loginUser != null)
{
loginUser.Status = user.Status;
RedisHelp.RefreshLoginUserCache(loginUser);
}
#endregion
}
