/// <summary>
/// 解析用户的权限规则用于权限验证
/// </summary>
/// <param name="userId">用户Id</param>
/// <returns></returns>
public ResolvedUserPermission ResolveUserPermission(long userId)
{
string cacheKey = "ResolvedUserPermission:" + userId;
ICacheService cacheService = DIContainer.Resolve <ICacheService>();
ResolvedUserPermission resolvedUserPermission = cacheService.Get <ResolvedUserPermission>(cacheKey);
if (resolvedUserPermission == null)
{
resolvedUserPermission = new ResolvedUserPermission();
var user = DIContainer.Resolve <IUserService>().GetUser(userId);
//匿名用户
if (user == null)
{
return(resolvedUserPermission);
}
RoleService roleService = DIContainer.Resolve <RoleService>();
IList <string> roleNamesOfUser = roleService.GetRoleNamesOfUser(userId).ToList();
roleNamesOfUser.Add(RoleNames.Instance().RegisteredUsers());
if (user.IsModerated)
{
roleNamesOfUser.Add(RoleNames.Instance().ModeratedUser());
}
foreach (var roleName in roleNamesOfUser)
{
IEnumerable <PermissionItemInUserRole> permissionItemsInUserRole = GetPermissionItemsInUserRole(roleName);
foreach (var permissionItemInUserRole in permissionItemsInUserRole)
{
PermissionItem permissionItem = GetPermissionItem(permissionItemInUserRole.ItemKey);
if (permissionItem == null)
{
continue;
}
resolvedUserPermission.Merge(permissionItem, permissionItemInUserRole.PermissionType, permissionItemInUserRole.PermissionScope, permissionItemInUserRole.PermissionQuota);
}
}
cacheService.Add(cacheKey, resolvedUserPermission, CachingExpirationType.UsualObjectCollection);
}
return(resolvedUserPermission);
}
/// <summary>
/// 判断是否需要在一定的严格程度上需要审核
/// </summary>
/// <param name="userId">UserId</param>
/// <param name="auditable">可审核实体</param>
/// <param name="strictDegree">审核严格程度</param>
/// <returns></returns>
private bool NeedAudit(long userId, IAuditable auditable, AuditStrictDegree strictDegree)
{
var user = DIContainer.Resolve <IUserService>().GetUser(userId);
//匿名用户需要审核
if (user == null)
{
return(true);
}
UserSettings userSettings = DIContainer.Resolve <ISettingsManager <UserSettings> >().Get();
RoleService roleService = new RoleService();
//不启用审核
if (!userSettings.EnableAudit)
{
return(false);
}
//如果用户处于免审核角色,则直接通过
if (roleService.IsUserInRoles(userId, userSettings.NoAuditedRoleNames.ToArray()))
{
return(false);
}
//获取用户所属的角色,并附加上注册用户角色
IList <string> roleNamesOfUser = roleService.GetRoleNamesOfUser(userId).ToList();
roleNamesOfUser.Add(RoleNames.Instance().RegisteredUsers());
if (user.IsModerated)
{
roleNamesOfUser.Add(RoleNames.Instance().ModeratedUser());
}
//判断每个用户角色的设置是否可用
foreach (var roleName in roleNamesOfUser)
{
IEnumerable <AuditItemInUserRole> auditItemInUserRoles = GetAuditItemsInUserRole(roleName);
foreach (var auditItemInUserRole in auditItemInUserRoles)
{
if (auditItemInUserRole.ItemKey.Equals(auditable.AuditItemKey))
{
if (auditItemInUserRole.StrictDegree == AuditStrictDegree.None)
{
return(false);
}
else if (auditItemInUserRole.StrictDegree == AuditStrictDegree.NotSet)
{
break;
}
else if ((int)auditItemInUserRole.StrictDegree >= (int)strictDegree)
{
return(true);
}
}
}
}
//如果用户处于免审核用户等级,也直接通过
if (user.Rank >= userSettings.MinNoAuditedUserRank)
{
return(false);
}
return(false);
}
/// <summary>
/// 判断用户是否为超级管理员
/// </summary>
/// <param name="user"></param>
/// <param name="onlyPublic">是否仅获取对外公开的角色</param>
/// <returns></returns>
public static IEnumerable <string> UserRoleNames(this IUser user, bool onlyPublic = false)
{
RoleService roleService = DIContainer.Resolve <RoleService>();
return(roleService.GetRoleNamesOfUser(user.UserId, onlyPublic));
}
