public async Task AddDefaultRolesAsync(string id, AssignRoleToOrgDto model, IEnumerable <string> allowedClientIds = null) { var org = await _orgRepo.GetAsync(id, false); if (org == null) { throw new IamException(System.Net.HttpStatusCode.BadRequest, "组织不存在"); } if (allowedClientIds != null) { // 只能添加有权限添加的角色 var roles = await _roleRepo.GetAllAsync(roleIds : model.RoleIds, allowedClientIds : allowedClientIds, pageSize : 0); model.RoleIds = roles.Data?.Select(itm => itm.Id); } if (model.RoleIds != null) { foreach (var itm in model.RoleIds) { org.AddRole(itm); } } }
public async Task UpdateDefaultRolesAsync(string id, AssignRoleToOrgDto model, IEnumerable <string> allowedClientIds = null) { var org = await _orgRepo.GetAsync(id, false); if (org == null) { throw new IamException(System.Net.HttpStatusCode.BadRequest, "组织不存在"); } if (allowedClientIds != null) { org.RemoveDefaultRoles(itm => allowedClientIds.Contains(itm.Role.ClientId)); } else { org.RemoveDefaultRoles(); } if (model != null && model.RoleIds != null && model.RoleIds.Any()) { if (allowedClientIds != null) { var roles = await _roleRepo.GetAllAsync(roleIds : model.RoleIds, allowedClientIds : allowedClientIds, pageSize : 0); model.RoleIds = roles.Data?.Select(itm => itm.Id); } foreach (var itm in model.RoleIds) { org.AddRole(itm); } } }
public async Task <ActionResult> UpdateDefaultRole(string id, AssignRoleToOrgDto model) { // 除了平台的超级管理员,其他管理员只能管理所属 Client 的资源 bool isSuper = User.IsSuperAdmin(); IEnumerable <string> allowedClientIds = null; if (!isSuper) { allowedClientIds = User.FindAll(JwtClaimTypes.ClientId).Select(itm => itm.Value); } await _orgService.UpdateDefaultRolesAsync(id, model, allowedClientIds); return(Ok()); }