コード例 #1
0
        public async Task <ActionResult> AddPermission(PermissionNewViewModel permission)
        {
            // 除了平台的超级管理员,其他管理员只能管理所属 Client 的资源
            bool isSuper = User.IsSuperAdmin();
            IEnumerable <string> allowedClientIds = null;

            if (!isSuper)
            {
                allowedClientIds = User.FindAll(JwtClaimTypes.ClientId).Select(itm => itm.Value);

                if (String.IsNullOrWhiteSpace(permission.ClientId))
                {
                    throw new IamException(HttpStatusCode.BadRequest, "Client Id 不能为空");
                }

                if (!allowedClientIds.Contains(permission.ClientId))
                {
                    throw new IamException(HttpStatusCode.BadRequest, "无权操作!");
                }
            }

            var id = await _permissionService.AddAsync(_mapper.Map <PermissionNewDto>(permission));

            return(Ok());
        }
コード例 #2
0
        public async Task <JsonResult> Add(Permission permission)
        {
            if (!ModelState.IsValid)
            {
                var list = ModelState.SelectMany(s => s.Value.Errors.Select(s => s.ErrorMessage));
                return(AjaxHelper.Seed(Ajax.Bad, list));
            }
            if (await _permission.IsExistsCode(permission.Code))
            {
                return(AjaxHelper.Seed(Ajax.Bad, "权限编码已存在!"));
            }
            var entity = await _permission.AddAsync(permission);

            return(AjaxHelper.Seed(Ajax.Ok, entity));
        }
コード例 #3
0
        public PermissionMutations(IPermissionService permissionService, ILogger <PermissionMutations> logger)
        {
            FieldAsync <ActionResponseViewModel>(
                "add",
                "Add a new permissions for user",
                new QueryArguments(new QueryArgument <ListGraphType <PermissionInputViewModel> > {
                Name = "permissions"
            }),
                async context =>
            {
                try
                {
                    var permissions = context.GetArgument <List <Permission> >("permissions");
                    var username    = context.UserContext.As <GraphQLUserContext>().UserId.ToString();
                    return(await permissionService.AddAsync(permissions, username));
                }
                catch (Exception ex)
                {
                    logger.LogCritical(ex.Message, ex);
                    return(ActionResponse.ServerError());
                }
            }).AuthorizeWith(UserPermission.Permissions.ToString());

            FieldAsync <ActionResponseViewModel>(
                "remove",
                "Remove permissions for user",
                new QueryArguments(new QueryArgument <ListGraphType <PermissionInputViewModel> > {
                Name = "permissions"
            }),
                async context =>
            {
                try
                {
                    var permissions = context.GetArgument <List <Permission> >("permissions");
                    var username    = context.UserContext.As <GraphQLUserContext>().UserId.ToString();
                    return(await permissionService.RemoveAsync(permissions, username));
                }
                catch (Exception ex)
                {
                    logger.LogCritical(ex.Message, ex);
                    return(ActionResponse.ServerError());
                }
            }).AuthorizeWith(UserPermission.Permissions.ToString());
        }
コード例 #4
0
 public async Task<IResult> AddAsync([FromBody] AddPermissionDto dto)
 {
     var result = await _permissionService.AddAsync(dto);
     return result;
 }