public async Task <List <UserBasicInfoModel> > QueryUsersAsync(string patterns)
{
var userId = userManager.GetUserId(User);
var userInfo = await userManager.FindByIdAsync(userId);
var normalizedPatterns = patterns.ToUpper();
var users = userManager.Users.Where(i => i.Email.Contains(normalizedPatterns) ||
i.NormalizedUserName.Contains(normalizedPatterns) ||
(i.Name != null && i.Name.Contains(patterns)));
if (!PrivilegeHelper.IsAdmin(userInfo?.Privilege ?? 0))
{
return(await users.Select(i => new UserBasicInfoModel
{
Email = i.Email,
UserId = i.Id,
UserName = i.UserName
}).ToListAsync());
}
else
{
return(await users.Select(i => new UserBasicInfoModel
{
Name = i.Name,
Email = i.Email,
UserId = i.Id,
UserName = i.UserName
}).ToListAsync());
}
}
public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
var dbContext = context.HttpContext.RequestServices.GetService <WebHostDbContext>();
var userId = context.HttpContext.User.FindFirstValue(ClaimTypes.NameIdentifier);
var userInfo = await dbContext.Users.FirstOrDefaultAsync(i => i.Id == userId);
if (userInfo == null)
{
throw new AuthenticationException("没有登录账户");
}
if (!PrivilegeHelper.IsAdmin(userInfo?.Privilege ?? 0))
{
throw new ForbiddenException();
}
await next();
}