public async Task <bool> Check(long userId, string serviceId) { var servcieRoute = await _serviceRouteProvider.Locate(serviceId); if (servcieRoute.ServiceDescriptor.GetMetadata <bool>("AllowPermission")) { return(true); } var checkPermissionResult = await _userDomainService.CheckPermission(userId, serviceId) || await _userGroupDomainService.CheckPermission(userId, serviceId); if (!checkPermissionResult) { var actionName = servcieRoute.ServiceDescriptor.GroupName().IsNullOrEmpty() ? servcieRoute.ServiceDescriptor.RoutePath : servcieRoute.ServiceDescriptor.GroupName(); throw new AuthException($"您没有访问{actionName}的权限"); } return(true); }
public async Task <IDictionary <string, object> > Check(long userId, string serviceId) { var permissionResult = new Dictionary <string, object>(); var servcieRoute = await _serviceRouteProvider.Locate(serviceId); var isPermission = false; if (servcieRoute.ServiceDescriptor.GetMetadata <bool>("AllowPermission")) { isPermission = true; } var actionName = servcieRoute.ServiceDescriptor.GroupName().IsNullOrEmpty() ? servcieRoute.ServiceDescriptor.RoutePath : servcieRoute.ServiceDescriptor.GroupName(); if (!isPermission) { isPermission = await _userDomainService.CheckPermission(userId, serviceId); if (!isPermission) { throw new AuthException($"您没有{actionName}的权限", StatusCode.UnAuthorized); } } permissionResult.Add("isPermission", isPermission); var operations = await _operationDomainService.GetOperationsByServiceId(serviceId); if (operations.Any()) { var dataPermission = await _userDomainService.GetDataPermissions(userId, operations.First().PermissionId); permissionResult.Add(ClaimTypes.DataPermission, dataPermission.DataPermissionType); permissionResult.Add(ClaimTypes.DataPermissionOrgIds, dataPermission.DataPermissionOrgIds); permissionResult.Add(ClaimTypes.IsAllOrg, dataPermission.DataPermissionType == DataPermissionType.AllOrg); } else { permissionResult.Add(ClaimTypes.DataPermission, DataPermissionType.AllOrg); permissionResult.Add(ClaimTypes.IsAllOrg, true); } return(permissionResult); }