/// <summary> /// 解析用户的权限规则用于权限验证 /// </summary> /// <param name="userId">用户Id</param> /// <returns></returns> public ResolvedUserPermission ResolveUserPermission(long userId) { string cacheKey = "ResolvedUserPermission:" + userId; ICacheService cacheService = DIContainer.Resolve <ICacheService>(); ResolvedUserPermission resolvedUserPermission = cacheService.Get <ResolvedUserPermission>(cacheKey); if (resolvedUserPermission == null) { resolvedUserPermission = new ResolvedUserPermission(); var user = DIContainer.Resolve <IUserService>().GetUser(userId); //匿名用户 if (user == null) { return(resolvedUserPermission); } RoleService roleService = DIContainer.Resolve <RoleService>(); IList <string> roleNamesOfUser = roleService.GetRoleNamesOfUser(userId).ToList(); roleNamesOfUser.Add(RoleNames.Instance().RegisteredUsers()); if (user.IsModerated) { roleNamesOfUser.Add(RoleNames.Instance().ModeratedUser()); } foreach (var roleName in roleNamesOfUser) { IEnumerable <PermissionItemInUserRole> permissionItemsInUserRole = GetPermissionItemsInUserRole(roleName); foreach (var permissionItemInUserRole in permissionItemsInUserRole) { PermissionItem permissionItem = GetPermissionItem(permissionItemInUserRole.ItemKey); if (permissionItem == null) { continue; } resolvedUserPermission.Merge(permissionItem, permissionItemInUserRole.PermissionType, permissionItemInUserRole.PermissionScope, permissionItemInUserRole.PermissionQuota); } } cacheService.Add(cacheKey, resolvedUserPermission, CachingExpirationType.UsualObjectCollection); } return(resolvedUserPermission); }
/// <summary> /// 判断是否需要在一定的严格程度上需要审核 /// </summary> /// <param name="userId">UserId</param> /// <param name="auditable">可审核实体</param> /// <param name="strictDegree">审核严格程度</param> /// <returns></returns> private bool NeedAudit(long userId, IAuditable auditable, AuditStrictDegree strictDegree) { var user = DIContainer.Resolve <IUserService>().GetUser(userId); //匿名用户需要审核 if (user == null) { return(true); } UserSettings userSettings = DIContainer.Resolve <ISettingsManager <UserSettings> >().Get(); RoleService roleService = new RoleService(); //不启用审核 if (!userSettings.EnableAudit) { return(false); } //如果用户处于免审核角色,则直接通过 if (roleService.IsUserInRoles(userId, userSettings.NoAuditedRoleNames.ToArray())) { return(false); } //获取用户所属的角色,并附加上注册用户角色 IList <string> roleNamesOfUser = roleService.GetRoleNamesOfUser(userId).ToList(); roleNamesOfUser.Add(RoleNames.Instance().RegisteredUsers()); if (user.IsModerated) { roleNamesOfUser.Add(RoleNames.Instance().ModeratedUser()); } //判断每个用户角色的设置是否可用 foreach (var roleName in roleNamesOfUser) { IEnumerable <AuditItemInUserRole> auditItemInUserRoles = GetAuditItemsInUserRole(roleName); foreach (var auditItemInUserRole in auditItemInUserRoles) { if (auditItemInUserRole.ItemKey.Equals(auditable.AuditItemKey)) { if (auditItemInUserRole.StrictDegree == AuditStrictDegree.None) { return(false); } else if (auditItemInUserRole.StrictDegree == AuditStrictDegree.NotSet) { break; } else if ((int)auditItemInUserRole.StrictDegree >= (int)strictDegree) { return(true); } } } } //如果用户处于免审核用户等级,也直接通过 if (user.Rank >= userSettings.MinNoAuditedUserRank) { return(false); } return(false); }
/// <summary> /// 判断用户是否为超级管理员 /// </summary> /// <param name="user"></param> /// <param name="onlyPublic">是否仅获取对外公开的角色</param> /// <returns></returns> public static IEnumerable <string> UserRoleNames(this IUser user, bool onlyPublic = false) { RoleService roleService = DIContainer.Resolve <RoleService>(); return(roleService.GetRoleNamesOfUser(user.UserId, onlyPublic)); }