/// <summary>
/// 分配权限
/// </summary>
/// <param name="assignModel"></param>
/// <returns></returns>
public bool AssignPermission(AssignPermissionDto assignModel)
{
if (assignModel.IsChecked)
{
var exist = RolePermissionRepo.Exists(t => t.PermissionCode == assignModel.PermissionCode && t.RoleCode == assignModel.RoleCode &&
t.PermissionType == assignModel.PermissionType);
if (!exist)//如果不存在则新增
{
var rolePermission = new RolePermission
{
ID = Util.NewID(),
PermissionCode = assignModel.PermissionCode,
PermissionType = assignModel.PermissionType,
RoleCode = assignModel.RoleCode,
};
this.RolePermissionRepo.Add(rolePermission);
}
}
else
{
var rolePermission = RolePermissionRepo.Get(t => t.PermissionCode == assignModel.PermissionCode && t.RoleCode == assignModel.RoleCode &&
t.PermissionType == assignModel.PermissionType);
if (rolePermission != null)
{
rolePermission.IsDeleted = true;
RolePermissionRepo.Update(rolePermission);
}
}
return(true);
}
public async Task <ActionResult> AssignPermissions(string id, AssignPermissionDto model)
{
// 除了平台的超级管理员,其他管理员只能管理所属 Client 的资源
bool isSuper = User.IsSuperAdmin();
IEnumerable <string> allowedClientIds = null;
if (!isSuper)
{
allowedClientIds = User.FindAll(JwtClaimTypes.ClientId).Select(itm => itm.Value);
}
await _roleService.UpdatePermissionsAsync(id, model, allowedClientIds);
return(Ok());
}
public async Task AssignPermissionAsync(AssignPermissionDto input)
{
await _rolePermissionRepository.DeleteAsync(a => a.RoleId == input.Id);
var entities = input.PermissionIds.Select(
a => new RolePermission
{
RoleId = input.Id,
PermissionId = a
}
);
await _rolePermissionRepository.InsertAsync(entities);
/*
* 角色重新分配权限,对应的用户的所有权限都产生改变
* 在这里把用户权限缓存清除,以保证角色分配权限实时生效
*/
await Cache.RemoveByKeyPrefixAsync(SystemCacheKeyPrefixDefinition.UserPermission);
}
public async Task RemovePermissionsAsync(string id, AssignPermissionDto model, IEnumerable <string> allowedClientIds = null)
{
if (model == null || model.PermissionIds == null || !model.PermissionIds.Any())
{
return;
}
var role = await _roleRepo.GetAsync(id, true, false);
if (role == null)
{
throw new IamException(HttpStatusCode.BadRequest, "角色不存在");
}
if (allowedClientIds != null && allowedClientIds.Any() && !allowedClientIds.Contains(role.ClientId))
{
throw new IamException(HttpStatusCode.BadRequest, "无权操作");
}
role.RemovePermissions(model.PermissionIds);
}
public async Task UpdatePermissionsAsync(string id, AssignPermissionDto model, IEnumerable <string> allowedClientIds = null)
{
var role = await _roleRepo.GetAsync(id, true, false);
if (role == null)
{
throw new IamException(HttpStatusCode.BadRequest, "角色不存在");
}
if (allowedClientIds != null && allowedClientIds.Any() && !allowedClientIds.Contains(role.ClientId))
{
throw new IamException(HttpStatusCode.BadRequest, "无权操作");
}
if (model != null && model.PermissionIds != null)
{
role.RemovePermissions();
foreach (var permId in model.PermissionIds)
{
role.AddPermissions(permId);
}
}
}
public JsonActionResult <bool> AssignPermission(AssignPermissionDto assignModel)
{
return(SafeExecute(() => PermissionFuncService.AssignPermission(assignModel)));
}
public async Task <JsonResultModel <bool> > AssignPermissionAsync([FromBody] AssignPermissionDto input)
{
await _service.AssignPermissionAsync(input);
return(true.ToSuccess());
}
