public async Task <List <UserBasicInfoModel> > QueryUsersAsync(string patterns) { var userId = userManager.GetUserId(User); var userInfo = await userManager.FindByIdAsync(userId); var normalizedPatterns = patterns.ToUpper(); var users = userManager.Users.Where(i => i.Email.Contains(normalizedPatterns) || i.NormalizedUserName.Contains(normalizedPatterns) || (i.Name != null && i.Name.Contains(patterns))); if (!PrivilegeHelper.IsAdmin(userInfo?.Privilege ?? 0)) { return(await users.Select(i => new UserBasicInfoModel { Email = i.Email, UserId = i.Id, UserName = i.UserName }).ToListAsync()); } else { return(await users.Select(i => new UserBasicInfoModel { Name = i.Name, Email = i.Email, UserId = i.Id, UserName = i.UserName }).ToListAsync()); } }
public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next) { var dbContext = context.HttpContext.RequestServices.GetService <WebHostDbContext>(); var userId = context.HttpContext.User.FindFirstValue(ClaimTypes.NameIdentifier); var userInfo = await dbContext.Users.FirstOrDefaultAsync(i => i.Id == userId); if (userInfo == null) { throw new AuthenticationException("没有登录账户"); } if (!PrivilegeHelper.IsAdmin(userInfo?.Privilege ?? 0)) { throw new ForbiddenException(); } await next(); }