/// <summary> /// 更新授权操作 /// </summary> /// <param name="authorityOperation">授权操作对象</param> /// <returns>执行结果</returns> static Result <AuthorityOperation> UpdateAuthorityOperation(AuthorityOperation newAuthorityOperation) { AuthorityOperation nowAuthorityOperation = authorityOperationRepository.Get(QueryFactory.Create <AuthorityOperationQuery>(a => a.SysNo == newAuthorityOperation.SysNo)); if (nowAuthorityOperation == null) { return(Result <AuthorityOperation> .FailedResult("请指定要修改授权操作")); } #region 操作信息修改 nowAuthorityOperation.Name = newAuthorityOperation.Name; nowAuthorityOperation.ControllerCode = newAuthorityOperation.ControllerCode; nowAuthorityOperation.ActionCode = newAuthorityOperation.ActionCode; nowAuthorityOperation.Status = newAuthorityOperation.Status; nowAuthorityOperation.Remark = newAuthorityOperation.Remark; nowAuthorityOperation.AuthorizeType = newAuthorityOperation.AuthorizeType; nowAuthorityOperation.Method = newAuthorityOperation.Method; nowAuthorityOperation.SetGroup(newAuthorityOperation.Group.MapTo <AuthorityOperationGroup>()); #endregion nowAuthorityOperation.Save(); var result = Result <AuthorityOperation> .SuccessResult("修改成功"); result.Data = nowAuthorityOperation; return(result); }
/// <summary> /// 保存授权操作 /// </summary> /// <param name="authorityOperation">授权操作对象</param> /// <returns>执行结果</returns> public Result <AuthorityOperation> SaveAuthorityOperation(AuthorityOperation authorityOperation) { if (authorityOperation == null) { return(Result <AuthorityOperation> .FailedResult("授权操作信息不完整")); } return(authorityOperation.SysNo > 0 ? UpdateAuthorityOperation(authorityOperation) : AddAuthorityOperation(authorityOperation)); }
/// <summary> /// 添加授权操作 /// </summary> /// <param name="authorityOperation">授权操作对象</param> /// <returns>执行结果</returns> static Result <AuthorityOperation> AddAuthorityOperation(AuthorityOperation authorityOperation) { authorityOperation.Save(); var result = Result <AuthorityOperation> .SuccessResult("添加成功"); result.Data = authorityOperation; return(result); }
/// <summary> /// 获取授权操作 /// </summary> /// <param name="controllerCode">操作控制器编码(不区分大小写)</param> /// <param name="actionCode">操作方法编码(不区分大小写)</param> /// <returns></returns> public AuthorityOperation GetAuthorityOperation(string controllerCode, string actionCode) { if (controllerCode.IsNullOrEmpty() || actionCode.IsNullOrEmpty()) { return(null); } AuthorityOperation operation = AuthorityOperation.CreateAuthorityOperation(controllerCode: controllerCode, actionCode: actionCode); IQuery query = QueryFactory.Create <AuthorityOperationQuery>(c => c.ControllerCode == operation.ControllerCode && c.ActionCode == operation.ActionCode); return(GetAuthorityOperation(query)); }
/// <summary> /// 用户授权验证 /// </summary> /// <param name="auth">授权验证信息</param> /// <returns></returns> public bool Authentication(Authentication auth) { if (auth == null || auth.User == null || auth.Operation == null) { return(false); } #region 用户信息验证 User nowUser = userService.GetUser(auth.User.SysNo);//当前用户 if (nowUser == null) { return(false); } if (nowUser.SuperUser) { return(true);//超级用户不受权限控制 } #endregion #region 授权操作信息验证 AuthorityOperation nowOperation = authorityOperationService.GetAuthorityOperation(auth.Operation.ControllerCode, auth.Operation.ActionCode);//授权操作信息 if (nowOperation == null || nowOperation.Status == AuthorityOperationStatus.关闭) { return(false); } if (nowOperation.AuthorizeType == AuthorityOperationAuthorizeType.无限制) { return(true); } #endregion #region 授权验证 //权限 IQuery authorityQuery = QueryManager.Create <AuthorityQuery>(a => a.Status == AuthorityStatus.启用); authorityQuery.AddQueryFields <AuthorityQuery>(a => a.Code); //操作绑定权限 IQuery operationBindQuery = QueryManager.Create <AuthorityBindOperationQuery>(a => a.AuthorityOperationSysNo == nowOperation.SysNo); operationBindQuery.AddQueryFields <AuthorityBindOperationQuery>(a => a.AuthoritySysNo); authorityQuery.And <AuthorityQuery>(a => a.Code, CriteriaOperator.In, operationBindQuery); //当前用户可以使用 IQuery userAuthorizeQuery = QueryManager.Create <UserAuthorizeQuery>(a => a.UserSysNo == auth.User.SysNo && a.Disable == false); userAuthorizeQuery.AddQueryFields <UserAuthorizeQuery>(a => a.AuthoritySysNo); //用户角色 IQuery userRoleQuery = QueryManager.Create <UserRoleQuery>(a => a.UserSysNo == auth.User.SysNo); userRoleQuery.AddQueryFields <UserRoleQuery>(r => r.RoleSysNo); //角色权限 IQuery roleAuthorizeQuery = QueryManager.Create <RoleAuthorizeQuery>(); roleAuthorizeQuery.AddQueryFields <RoleAuthorizeQuery>(a => a.AuthoritySysNo); roleAuthorizeQuery.And <RoleAuthorizeQuery>(a => a.RoleSysNo, CriteriaOperator.In, userRoleQuery); //用户或用户角色拥有权限 IQuery userAndRoleAuthorityQuery = QueryManager.Create(); userAndRoleAuthorityQuery.And <AuthorityQuery>(a => a.Code, CriteriaOperator.In, userAuthorizeQuery); //用户拥有权限 userAndRoleAuthorityQuery.Or <AuthorityQuery>(a => a.Code, CriteriaOperator.In, roleAuthorizeQuery); //或者角色拥有权限 authorityQuery.And(userAndRoleAuthorityQuery); //去除用户禁用的 IQuery userDisableAuthorizeQuery = QueryManager.Create <UserAuthorizeQuery>(a => a.UserSysNo == auth.User.SysNo && a.Disable == true); userDisableAuthorizeQuery.AddQueryFields <UserAuthorizeQuery>(a => a.AuthoritySysNo); authorityQuery.And <AuthorityQuery>(a => a.Code, CriteriaOperator.NotIn, userDisableAuthorizeQuery); return(authorityRepository.Exist(authorityQuery)); #endregion }