public async Task <bool> Check(long userId, string serviceId)
{
var servcieRoute = await _serviceRouteProvider.Locate(serviceId);
if (servcieRoute.ServiceDescriptor.GetMetadata <bool>("AllowPermission"))
{
return(true);
}
var checkPermissionResult = await _userDomainService.CheckPermission(userId, serviceId) || await _userGroupDomainService.CheckPermission(userId, serviceId);
if (!checkPermissionResult)
{
var actionName = servcieRoute.ServiceDescriptor.GroupName().IsNullOrEmpty() ? servcieRoute.ServiceDescriptor.RoutePath : servcieRoute.ServiceDescriptor.GroupName();
throw new AuthException($"您没有访问{actionName}的权限");
}
return(true);
}
public async Task <IDictionary <string, object> > Check(long userId, string serviceId)
{
var permissionResult = new Dictionary <string, object>();
var servcieRoute = await _serviceRouteProvider.Locate(serviceId);
var isPermission = false;
if (servcieRoute.ServiceDescriptor.GetMetadata <bool>("AllowPermission"))
{
isPermission = true;
}
var actionName = servcieRoute.ServiceDescriptor.GroupName().IsNullOrEmpty()
? servcieRoute.ServiceDescriptor.RoutePath
: servcieRoute.ServiceDescriptor.GroupName();
if (!isPermission)
{
isPermission = await _userDomainService.CheckPermission(userId, serviceId);
if (!isPermission)
{
throw new AuthException($"您没有{actionName}的权限", StatusCode.UnAuthorized);
}
}
permissionResult.Add("isPermission", isPermission);
var operations = await _operationDomainService.GetOperationsByServiceId(serviceId);
if (operations.Any())
{
var dataPermission = await _userDomainService.GetDataPermissions(userId, operations.First().PermissionId);
permissionResult.Add(ClaimTypes.DataPermission, dataPermission.DataPermissionType);
permissionResult.Add(ClaimTypes.DataPermissionOrgIds, dataPermission.DataPermissionOrgIds);
permissionResult.Add(ClaimTypes.IsAllOrg, dataPermission.DataPermissionType == DataPermissionType.AllOrg);
}
else
{
permissionResult.Add(ClaimTypes.DataPermission, DataPermissionType.AllOrg);
permissionResult.Add(ClaimTypes.IsAllOrg, true);
}
return(permissionResult);
}