/// <summary>
/// 更新授权操作
/// </summary>
/// <param name="authorityOperation">授权操作对象</param>
/// <returns>执行结果</returns>
static Result <AuthorityOperation> UpdateAuthorityOperation(AuthorityOperation newAuthorityOperation)
{
AuthorityOperation nowAuthorityOperation = authorityOperationRepository.Get(QueryFactory.Create <AuthorityOperationQuery>(a => a.SysNo == newAuthorityOperation.SysNo));
if (nowAuthorityOperation == null)
{
return(Result <AuthorityOperation> .FailedResult("请指定要修改授权操作"));
}
#region 操作信息修改
nowAuthorityOperation.Name = newAuthorityOperation.Name;
nowAuthorityOperation.ControllerCode = newAuthorityOperation.ControllerCode;
nowAuthorityOperation.ActionCode = newAuthorityOperation.ActionCode;
nowAuthorityOperation.Status = newAuthorityOperation.Status;
nowAuthorityOperation.Remark = newAuthorityOperation.Remark;
nowAuthorityOperation.AuthorizeType = newAuthorityOperation.AuthorizeType;
nowAuthorityOperation.Method = newAuthorityOperation.Method;
nowAuthorityOperation.SetGroup(newAuthorityOperation.Group.MapTo <AuthorityOperationGroup>());
#endregion
nowAuthorityOperation.Save();
var result = Result <AuthorityOperation> .SuccessResult("修改成功");
result.Data = nowAuthorityOperation;
return(result);
}
/// <summary>
/// 保存授权操作
/// </summary>
/// <param name="authorityOperation">授权操作对象</param>
/// <returns>执行结果</returns>
public Result <AuthorityOperation> SaveAuthorityOperation(AuthorityOperation authorityOperation)
{
if (authorityOperation == null)
{
return(Result <AuthorityOperation> .FailedResult("授权操作信息不完整"));
}
return(authorityOperation.SysNo > 0 ? UpdateAuthorityOperation(authorityOperation) : AddAuthorityOperation(authorityOperation));
}
/// <summary>
/// 添加授权操作
/// </summary>
/// <param name="authorityOperation">授权操作对象</param>
/// <returns>执行结果</returns>
static Result <AuthorityOperation> AddAuthorityOperation(AuthorityOperation authorityOperation)
{
authorityOperation.Save();
var result = Result <AuthorityOperation> .SuccessResult("添加成功");
result.Data = authorityOperation;
return(result);
}
/// <summary>
/// 获取授权操作
/// </summary>
/// <param name="controllerCode">操作控制器编码(不区分大小写)</param>
/// <param name="actionCode">操作方法编码(不区分大小写)</param>
/// <returns></returns>
public AuthorityOperation GetAuthorityOperation(string controllerCode, string actionCode)
{
if (controllerCode.IsNullOrEmpty() || actionCode.IsNullOrEmpty())
{
return(null);
}
AuthorityOperation operation = AuthorityOperation.CreateAuthorityOperation(controllerCode: controllerCode, actionCode: actionCode);
IQuery query = QueryFactory.Create <AuthorityOperationQuery>(c => c.ControllerCode == operation.ControllerCode && c.ActionCode == operation.ActionCode);
return(GetAuthorityOperation(query));
}
/// <summary>
/// 用户授权验证
/// </summary>
/// <param name="auth">授权验证信息</param>
/// <returns></returns>
public bool Authentication(Authentication auth)
{
if (auth == null || auth.User == null || auth.Operation == null)
{
return(false);
}
#region 用户信息验证
User nowUser = userService.GetUser(auth.User.SysNo);//当前用户
if (nowUser == null)
{
return(false);
}
if (nowUser.SuperUser)
{
return(true);//超级用户不受权限控制
}
#endregion
#region 授权操作信息验证
AuthorityOperation nowOperation = authorityOperationService.GetAuthorityOperation(auth.Operation.ControllerCode, auth.Operation.ActionCode);//授权操作信息
if (nowOperation == null || nowOperation.Status == AuthorityOperationStatus.关闭)
{
return(false);
}
if (nowOperation.AuthorizeType == AuthorityOperationAuthorizeType.无限制)
{
return(true);
}
#endregion
#region 授权验证
//权限
IQuery authorityQuery = QueryManager.Create <AuthorityQuery>(a => a.Status == AuthorityStatus.启用);
authorityQuery.AddQueryFields <AuthorityQuery>(a => a.Code);
//操作绑定权限
IQuery operationBindQuery = QueryManager.Create <AuthorityBindOperationQuery>(a => a.AuthorityOperationSysNo == nowOperation.SysNo);
operationBindQuery.AddQueryFields <AuthorityBindOperationQuery>(a => a.AuthoritySysNo);
authorityQuery.And <AuthorityQuery>(a => a.Code, CriteriaOperator.In, operationBindQuery);
//当前用户可以使用
IQuery userAuthorizeQuery = QueryManager.Create <UserAuthorizeQuery>(a => a.UserSysNo == auth.User.SysNo && a.Disable == false);
userAuthorizeQuery.AddQueryFields <UserAuthorizeQuery>(a => a.AuthoritySysNo);
//用户角色
IQuery userRoleQuery = QueryManager.Create <UserRoleQuery>(a => a.UserSysNo == auth.User.SysNo);
userRoleQuery.AddQueryFields <UserRoleQuery>(r => r.RoleSysNo);
//角色权限
IQuery roleAuthorizeQuery = QueryManager.Create <RoleAuthorizeQuery>();
roleAuthorizeQuery.AddQueryFields <RoleAuthorizeQuery>(a => a.AuthoritySysNo);
roleAuthorizeQuery.And <RoleAuthorizeQuery>(a => a.RoleSysNo, CriteriaOperator.In, userRoleQuery);
//用户或用户角色拥有权限
IQuery userAndRoleAuthorityQuery = QueryManager.Create();
userAndRoleAuthorityQuery.And <AuthorityQuery>(a => a.Code, CriteriaOperator.In, userAuthorizeQuery); //用户拥有权限
userAndRoleAuthorityQuery.Or <AuthorityQuery>(a => a.Code, CriteriaOperator.In, roleAuthorizeQuery); //或者角色拥有权限
authorityQuery.And(userAndRoleAuthorityQuery);
//去除用户禁用的
IQuery userDisableAuthorizeQuery = QueryManager.Create <UserAuthorizeQuery>(a => a.UserSysNo == auth.User.SysNo && a.Disable == true);
userDisableAuthorizeQuery.AddQueryFields <UserAuthorizeQuery>(a => a.AuthoritySysNo);
authorityQuery.And <AuthorityQuery>(a => a.Code, CriteriaOperator.NotIn, userDisableAuthorizeQuery);
return(authorityRepository.Exist(authorityQuery));
#endregion
}
