private void CheckUserDefinedDataPermission(DataPermissionType dataPermissionType, long[] orgIds)
{
if (dataPermissionType == DataPermissionType.UserDefined)
{
if (orgIds == null || !orgIds.Any())
{
throw new BusinessException("设置角色的数据权限为自定义数据权限,则指定的部门不允许为空");
}
}
}
public async Task <CheckPermissionResult> GetDataPermissions(long userId, long permissionId)
{
var roles = await GetUserRoles(userId, Status.Valid);
DataPermissionType dataPermissionType = DataPermissionType.OnlySelfOrg;
var userDefinedRoleIds = new List <long>();
foreach (var role in roles)
{
var rolePermissions = await _roleDomainService.GetRolePermissions(role.Id);
if (!rolePermissions.Any(p => p.PermissionId == permissionId))
{
continue;
}
if (role.DataPermissionType > dataPermissionType)
{
dataPermissionType = role.DataPermissionType;
}
if (dataPermissionType == DataPermissionType.UserDefined)
{
userDefinedRoleIds.Add(role.Id);
}
}
var userGroups = await GetUserGroups(userId);
var userDefinedUserGroupIds = new List <long>();
foreach (var userGroup in userGroups)
{
var userGroupPermissions = await
_userGroupPermissionRepository.GetAllAsync(p => p.UserGroupId == userGroup.Id);
if (!userGroupPermissions.Any(p => p.PermissionId == permissionId))
{
continue;
}
if (userGroup.DataPermissionType.HasValue && userGroup.DataPermissionType.Value > dataPermissionType)
{
dataPermissionType = userGroup.DataPermissionType.Value;
}
if (dataPermissionType == DataPermissionType.UserDefined)
{
userDefinedUserGroupIds.Add(userGroup.Id);
}
var userGroupRoles = await _userGroupDomainService.GetUserGroupRoles(userGroup.Id, Status.Valid);
foreach (var userGroupRole in userGroupRoles)
{
var rolePermissions = await _roleDomainService.GetRolePermissions(userGroupRole.Id);
if (!rolePermissions.Any(p => p.PermissionId == permissionId))
{
continue;
}
if (userGroupRole.DataPermissionType > dataPermissionType)
{
dataPermissionType = userGroupRole.DataPermissionType;
}
if (dataPermissionType == DataPermissionType.UserDefined)
{
userDefinedRoleIds.Add(userGroupRole.Id);
}
}
}
var checkPermission = new CheckPermissionResult(dataPermissionType);
switch (dataPermissionType)
{
case DataPermissionType.AllOrg:
checkPermission.DataPermissionOrgIds = new long[0];
break;
case DataPermissionType.OnlySelfOrg:
DebugCheck.NotNull(_session.OrgId);
checkPermission.DataPermissionOrgIds = new[] { _session.OrgId.Value };
break;
case DataPermissionType.SelfAndLowerOrg:
DebugCheck.NotNull(_session.OrgId);
var organizationAppServiceProxy = GetService <IOrganizationAppService>();
var subOrgIds = await organizationAppServiceProxy.GetSubOrgIds(_session.OrgId.Value);
checkPermission.DataPermissionOrgIds = subOrgIds.ToArray();
break;
case DataPermissionType.UserDefined:
checkPermission.DataPermissionOrgIds =
await GetUserDefinedPermissionOrgIds(userDefinedRoleIds, userDefinedUserGroupIds);
break;
}
return(checkPermission);
}
public CheckPermissionResult(DataPermissionType dataPermissionType)
{
DataPermissionType = dataPermissionType;
}
