예제 #1
0
        public async Task <List <Menu> > GetMenuListAuthorizeAsync(Expression <Func <Menu, bool> > where, long belongUserId)
        {
            var accountType =
                (AccountTypeEnum)Convert.ToInt32(ClaimTypeExtensions.GetClaimValue(ClaimTypeExtensions.AccountType));

            var predicate = new PredicateGroup <Menu>();

            predicate.AddPredicate(where != null, where);

            if (accountType != AccountTypeEnum.超级管理员)
            {
                var roles = await _userManage.GetUserRoleListAsync(belongUserId);

                var menus = await _roleRepository.GetAll()
                            .Where(x => roles.Contains(x.Id))
                            .AsNoTracking().Include("Menus")
                            .SelectMany(x => x.Menus.Where(m => m.IsPublic).Select(y => y.Id)).ToListAsync();

                Expression <Func <Menu, bool> > arrayWhere = w => menus.Contains(w.Id);
                predicate.AddPredicate(true, arrayWhere);
            }

            var list = await _menuRepository.QueryAsync(predicate.Predicates, new List <string> {
                "MenuAppAuthorizes"
            });

            var menuList = list.Where(x => x.ParentId == null).ToList();

            var isAll = accountType == AccountTypeEnum.超级管理员;

            return(GetTreeMenuList(menuList, isAll));
        }
예제 #2
0
        public async Task InsertManagerAsync(CreateOrUpdateManagerInputDto input)
        {
            if (string.IsNullOrEmpty(input.UserBase.PasswordHash))
            {
                throw new UserFriendlyException("密码不能为为空!");
            }

            //自动转换一下用户基础表
            var userBase = input.UserBase.MapTo <UserBase>();

            userBase.PasswordHash           = new PasswordHasher().HashPassword(userBase.PasswordHash);
            userBase.SecurityStamp          = Guid.NewGuid().ToString();
            userBase.IsEmailComfirmed       = true;
            userBase.IsLockoutEnaled        = false;
            userBase.IsPhoneNumberComfirmed = true;
            userBase.AccessFailedCount      = 0;

            //用户角色
            var roles = await _roleManage.GetRoleListByIdsAsync(input.RoleIds);

            userBase.Roles = roles;

            //获取当前帐号类型
            var currentAccountType = (AccountTypeEnum)Convert.ToInt32(ClaimTypeExtensions.GetClaimValue(ClaimTypeExtensions.AccountType));

            //需要赋予的帐号类型
            var accountType = AccountTypeEnum.子帐号;

            if (currentAccountType == AccountTypeEnum.超级管理员)
            {
                accountType = AccountTypeEnum.主帐号;
            }

            //用户申明
            userBase.UserClaims = new List <UserClaim> {
                new UserClaim {
                    ClaimType  = "AccountType",
                    ClaimValue = Convert.ToInt32(accountType).ToString()
                }
            };

            //实例化管理员
            userBase.Managers = new List <Manager>
            {
                new Manager()
            };


            var userId = await _userBaseManage.CreateUserBaseAndGetIdAsync(userBase);

            //如果管理员创建主帐号则将所属Id设置成当前自己的Id
            userBase.BelongUserId = currentAccountType == AccountTypeEnum.超级管理员 ? userId : AprilSession.BelongUserId;
            await _userBaseManage.UpdateUserBaseAsync(userBase);
        }
예제 #3
0
        /// <summary>
        ///     获取授权菜单带子集的列表
        /// </summary>
        /// <param name="where"></param>
        /// <param name="belongUserId"></param>
        /// <param name="menuAppAuthorizeIds"></param>
        /// <param name="menuIds"></param>
        /// <returns></returns>
        public async Task <List <MenuJsTreeAuthorizeEntityDto> > GetMenuChildrenListAuthorizeAsync(
            Expression <Func <Menu, bool> > where, long belongUserId, List <long> menuAppAuthorizeIds, List <long> menuIds)
        {
            var accountType = (AccountTypeEnum)Convert.ToInt32(
                ClaimTypeExtensions.GetClaimValue(
                    ClaimTypeExtensions.AccountType));

            var predicate = new PredicateGroup <Menu>();

            predicate.AddPredicate(where != null, where);

            if (accountType != AccountTypeEnum.超级管理员)
            {
                var array = await _userManage
                            .GetUserRoleListAsync(belongUserId);

                var menuArray = await _roleRepository.GetAll()
                                .Where(x => array.Contains(x.Id))
                                .AsNoTracking().Include("Menus")
                                .SelectMany(x => x.Menus.Where(w => w.IsPublic).Select(y => y.Id)).ToListAsync();

                Expression <Func <Menu, bool> > arrayWhere =
                    w => menuArray.Contains(w.Id);

                predicate.AddPredicate(true, arrayWhere);
            }

            var infoList = await _menuRepository.QueryAsync(
                predicate.Predicates
                , new List <string> {
                "MenuAppAuthorizes"
            });

            var menus = infoList.Where(x => x.ParentId == null).ToList();

            var isAll = accountType == AccountTypeEnum.超级管理员;

            var menuTreeListDto = new List <MenuJsTreeAuthorizeEntityDto>();

            //递归返回菜单树
            GetTreeChildrenMenuList(menuTreeListDto, menus, menuAppAuthorizeIds, menuIds, isAll);

            return(menuTreeListDto);
        }
        /// <summary>
        ///     判定当前登陆账号的角色是否有该操作方法的授权
        /// </summary>
        /// <param name="invocation"></param>
        public override void Authorize(IInvocation invocation)
        {
            var isAuthorized = HttpContext.Current.User.Identity.IsAuthenticated;

            if (!isAuthorized)
            {
                throw new UserFriendlyException("您未登陆,不能执行该操作");
            }
            //如果是超级管理员则跳过不验证
            var accountType = (AccountTypeEnum)Convert.ToInt32(ClaimTypeExtensions.GetClaimValue(ClaimTypeExtensions.AccountType));

            if (accountType == AccountTypeEnum.超级管理员)
            {
                return;
            }
            //从请求头中获取当前菜单的menuCode
            var menuCode = HttpContext.Current.Request.Headers["menuCode"];

            //如果为home则为工作台,只需登陆权限即可
            if (menuCode == "home")
            {
                return;
            }

            //如果是其他的menuCode则判定当前用户的角色是否有该菜单下的调用操作方法的权限

            //如果角色为空则直接不允许调用
            var roles = ClaimTypeExtensions.GetClaimValue(ClaimTypes.Role);//登陆时构造好了

            if (string.IsNullOrWhiteSpace(roles))
            {
                throw new UserFriendlyException("当前用户未拥有任何角色");
            }
            //如果service类上没打上AppAuthorizeAttribute特性则不验证直接退出
            var appAuthorizeAttribute = invocation.TargetType.GetCustomAttribute
                                            (typeof(AppAuthorizeAttribute)) as AppAuthorizeAttribute;

            if (appAuthorizeAttribute == null)
            {
                return;
            }
            var sql = $@"select  count(1)
                            from MenuAppAuthorizeRoles
                            where Role_Id in ({roles})  AND MenuAppAuthorize_Id in(
                            select Id from MenuAppAuthorizes where
                            MenuCode = '{menuCode}' and AppCode =
                            '{appAuthorizeAttribute.Code}'
                            and OperationCode = '{AppMethodAuthorizeAttribute.Action}')";

            try
            {
                using (var db = FluentDataHelper.CreateInstance())
                {
                    var data = db.Sql(sql)
                               .QuerySingle <int>();
                    if (data <= 0)
                    {
                        throw new UserFriendlyException
                                  ($"用户缺少{AppMethodAuthorizeAttribute.Description}权限!");
                    }
                }
            }
            catch (Exception e)
            {
                throw new UserFriendlyException
                          (e.Message);
            }
        }