public async Task <List <Menu> > GetMenuListAuthorizeAsync(Expression <Func <Menu, bool> > where, long belongUserId)
{
var accountType =
(AccountTypeEnum)Convert.ToInt32(ClaimTypeExtensions.GetClaimValue(ClaimTypeExtensions.AccountType));
var predicate = new PredicateGroup <Menu>();
predicate.AddPredicate(where != null, where);
if (accountType != AccountTypeEnum.超级管理员)
{
var roles = await _userManage.GetUserRoleListAsync(belongUserId);
var menus = await _roleRepository.GetAll()
.Where(x => roles.Contains(x.Id))
.AsNoTracking().Include("Menus")
.SelectMany(x => x.Menus.Where(m => m.IsPublic).Select(y => y.Id)).ToListAsync();
Expression <Func <Menu, bool> > arrayWhere = w => menus.Contains(w.Id);
predicate.AddPredicate(true, arrayWhere);
}
var list = await _menuRepository.QueryAsync(predicate.Predicates, new List <string> {
"MenuAppAuthorizes"
});
var menuList = list.Where(x => x.ParentId == null).ToList();
var isAll = accountType == AccountTypeEnum.超级管理员;
return(GetTreeMenuList(menuList, isAll));
}
public async Task InsertManagerAsync(CreateOrUpdateManagerInputDto input)
{
if (string.IsNullOrEmpty(input.UserBase.PasswordHash))
{
throw new UserFriendlyException("密码不能为为空!");
}
//自动转换一下用户基础表
var userBase = input.UserBase.MapTo <UserBase>();
userBase.PasswordHash = new PasswordHasher().HashPassword(userBase.PasswordHash);
userBase.SecurityStamp = Guid.NewGuid().ToString();
userBase.IsEmailComfirmed = true;
userBase.IsLockoutEnaled = false;
userBase.IsPhoneNumberComfirmed = true;
userBase.AccessFailedCount = 0;
//用户角色
var roles = await _roleManage.GetRoleListByIdsAsync(input.RoleIds);
userBase.Roles = roles;
//获取当前帐号类型
var currentAccountType = (AccountTypeEnum)Convert.ToInt32(ClaimTypeExtensions.GetClaimValue(ClaimTypeExtensions.AccountType));
//需要赋予的帐号类型
var accountType = AccountTypeEnum.子帐号;
if (currentAccountType == AccountTypeEnum.超级管理员)
{
accountType = AccountTypeEnum.主帐号;
}
//用户申明
userBase.UserClaims = new List <UserClaim> {
new UserClaim {
ClaimType = "AccountType",
ClaimValue = Convert.ToInt32(accountType).ToString()
}
};
//实例化管理员
userBase.Managers = new List <Manager>
{
new Manager()
};
var userId = await _userBaseManage.CreateUserBaseAndGetIdAsync(userBase);
//如果管理员创建主帐号则将所属Id设置成当前自己的Id
userBase.BelongUserId = currentAccountType == AccountTypeEnum.超级管理员 ? userId : AprilSession.BelongUserId;
await _userBaseManage.UpdateUserBaseAsync(userBase);
}
/// <summary>
/// 获取授权菜单带子集的列表
/// </summary>
/// <param name="where"></param>
/// <param name="belongUserId"></param>
/// <param name="menuAppAuthorizeIds"></param>
/// <param name="menuIds"></param>
/// <returns></returns>
public async Task <List <MenuJsTreeAuthorizeEntityDto> > GetMenuChildrenListAuthorizeAsync(
Expression <Func <Menu, bool> > where, long belongUserId, List <long> menuAppAuthorizeIds, List <long> menuIds)
{
var accountType = (AccountTypeEnum)Convert.ToInt32(
ClaimTypeExtensions.GetClaimValue(
ClaimTypeExtensions.AccountType));
var predicate = new PredicateGroup <Menu>();
predicate.AddPredicate(where != null, where);
if (accountType != AccountTypeEnum.超级管理员)
{
var array = await _userManage
.GetUserRoleListAsync(belongUserId);
var menuArray = await _roleRepository.GetAll()
.Where(x => array.Contains(x.Id))
.AsNoTracking().Include("Menus")
.SelectMany(x => x.Menus.Where(w => w.IsPublic).Select(y => y.Id)).ToListAsync();
Expression <Func <Menu, bool> > arrayWhere =
w => menuArray.Contains(w.Id);
predicate.AddPredicate(true, arrayWhere);
}
var infoList = await _menuRepository.QueryAsync(
predicate.Predicates
, new List <string> {
"MenuAppAuthorizes"
});
var menus = infoList.Where(x => x.ParentId == null).ToList();
var isAll = accountType == AccountTypeEnum.超级管理员;
var menuTreeListDto = new List <MenuJsTreeAuthorizeEntityDto>();
//递归返回菜单树
GetTreeChildrenMenuList(menuTreeListDto, menus, menuAppAuthorizeIds, menuIds, isAll);
return(menuTreeListDto);
}
/// <summary>
/// 判定当前登陆账号的角色是否有该操作方法的授权
/// </summary>
/// <param name="invocation"></param>
public override void Authorize(IInvocation invocation)
{
var isAuthorized = HttpContext.Current.User.Identity.IsAuthenticated;
if (!isAuthorized)
{
throw new UserFriendlyException("您未登陆,不能执行该操作");
}
//如果是超级管理员则跳过不验证
var accountType = (AccountTypeEnum)Convert.ToInt32(ClaimTypeExtensions.GetClaimValue(ClaimTypeExtensions.AccountType));
if (accountType == AccountTypeEnum.超级管理员)
{
return;
}
//从请求头中获取当前菜单的menuCode
var menuCode = HttpContext.Current.Request.Headers["menuCode"];
//如果为home则为工作台,只需登陆权限即可
if (menuCode == "home")
{
return;
}
//如果是其他的menuCode则判定当前用户的角色是否有该菜单下的调用操作方法的权限
//如果角色为空则直接不允许调用
var roles = ClaimTypeExtensions.GetClaimValue(ClaimTypes.Role);//登陆时构造好了
if (string.IsNullOrWhiteSpace(roles))
{
throw new UserFriendlyException("当前用户未拥有任何角色");
}
//如果service类上没打上AppAuthorizeAttribute特性则不验证直接退出
var appAuthorizeAttribute = invocation.TargetType.GetCustomAttribute
(typeof(AppAuthorizeAttribute)) as AppAuthorizeAttribute;
if (appAuthorizeAttribute == null)
{
return;
}
var sql = $@"select count(1)
from MenuAppAuthorizeRoles
where Role_Id in ({roles}) AND MenuAppAuthorize_Id in(
select Id from MenuAppAuthorizes where
MenuCode = '{menuCode}' and AppCode =
'{appAuthorizeAttribute.Code}'
and OperationCode = '{AppMethodAuthorizeAttribute.Action}')";
try
{
using (var db = FluentDataHelper.CreateInstance())
{
var data = db.Sql(sql)
.QuerySingle <int>();
if (data <= 0)
{
throw new UserFriendlyException
($"用户缺少{AppMethodAuthorizeAttribute.Description}权限!");
}
}
}
catch (Exception e)
{
throw new UserFriendlyException
(e.Message);
}
}