/// <summary> /// 检查用户是否有权限进行某项操作 /// </summary> /// <param name="currentUser">当前用户</param> /// <param name="permissionItemKey">权限项目标识</param> /// <returns>有权限操作返回true,否则返回false</returns> public bool Check(IUser currentUser, string permissionItemKey) { if (currentUser == null) { return(false); } if (IsSuperAdministrator(currentUser)) { return(true); } ResolvedUserPermission resolvedUserPermission = permissionService.ResolveUserPermission(currentUser.UserId); return(resolvedUserPermission.Validate(permissionItemKey)); }
/// <summary> /// 解析用户的权限规则用于权限验证 /// </summary> /// <param name="userId">用户Id</param> /// <returns></returns> public ResolvedUserPermission ResolveUserPermission(long userId) { string cacheKey = "ResolvedUserPermission:" + userId; ICacheService cacheService = DIContainer.Resolve <ICacheService>(); ResolvedUserPermission resolvedUserPermission = cacheService.Get <ResolvedUserPermission>(cacheKey); if (resolvedUserPermission == null) { resolvedUserPermission = new ResolvedUserPermission(); var user = DIContainer.Resolve <IUserService>().GetUser(userId); //匿名用户 if (user == null) { return(resolvedUserPermission); } RoleService roleService = DIContainer.Resolve <RoleService>(); IEnumerable <Role> userRoles = roleService.GetRolesOfUser(userId); IList <string> roleNamesOfUser = userRoles.Select(n => n.RoleName).ToList(); roleNamesOfUser.Add(RoleNames.Instance().RegisteredUsers()); if (user.IsModerated) { roleNamesOfUser.Add(RoleNames.Instance().ModeratedUser()); } foreach (var roleName in roleNamesOfUser) { IEnumerable <PermissionItemInUserRole> permissionItemsInUserRole = GetPermissionItemsInUserRole(roleName); foreach (var permissionItemInUserRole in permissionItemsInUserRole) { PermissionItem permissionItem = GetPermissionItem(permissionItemInUserRole.ItemKey); if (permissionItem == null) { continue; } resolvedUserPermission.Merge(permissionItem, permissionItemInUserRole.PermissionType, permissionItemInUserRole.PermissionScope, permissionItemInUserRole.PermissionQuota); } } cacheService.Add(cacheKey, resolvedUserPermission, CachingExpirationType.UsualObjectCollection); } return(resolvedUserPermission); }