private void CheckAuth(string requestUrl, UserViewModel user) { if (BusinessConst.PermissionFilter.Contains(requestUrl)) { return; } if ((int)user.Type != 0) { requestUrl = requestUrl + ","; var tmp = user.Menus.Where(c => c.Url.Contains(requestUrl)).ToList(); if (!tmp.Any()) throw new DataOperationPermissions("用户无权限访问该资源,请求失败"); } }
/// <summary> /// 设置权限 /// </summary> /// <param name="user"></param> /// <param name="operateUserId"></param> public void SetAuthorityAccount(UserViewModel user, int operateUserId) { var model = _userRepository.GetModelTracking() .Include(p => p.Menus).FirstOrDefault(p => p.ID == user.ID && (p.Status == UserStatus.Normal || p.Status == UserStatus.Freeze)); if (model == null) throw new BusinessException("此账号不存在"); var loginUser = RedisHelp.GetLoginUserCacheNotNull(operateUserId); BuidDataAuthorityVerify(operateUserId, model); model.Menus.Clear(); //当权限值不为空时 if (user.Menus != null && user.Menus.Any()) { //注:用户得到 自己的权限 int value = (int)model.Type; var listMenu = _menuRepository.GetModelTracking().Where(p => ((p.UserMenu & value) == value)).ToList(); List<string> errMgs = new List<string>(); foreach (var item in user.Menus) { var menu = listMenu.FirstOrDefault(p => p.ID == item.ID); if (menu == null) { errMgs.Add(item.Name); } else { model.Menus.Add(menu); //用户不为专线时 //要添加一级菜单 if (model.Type != UserType.SpecialLine) { var upMenu = listMenu.FirstOrDefault(p => p.ID == menu.UpMenuId); if (upMenu == null) throw new BusinessException("菜单权限值设置有误,除专线以外的角色都有一级菜单权限"); //不存在一级菜单时 添加 if (model.Menus.All(p => p.ID != upMenu.ID)) model.Menus.Add(upMenu); } } } if (errMgs.Any()) { throw new DataOperationPermissions(string.Format("此用户不能设置{0}权限", string.Join(",", errMgs))); } } _userRepository.Update(model); #region 更新缓存 var updateUser = RedisHelp.GetLoginUserCache(user.ID); if (updateUser != null) { updateUser.Menus = user.Menus; RedisHelp.RefreshLoginUserCache(updateUser); } #endregion }
/// <summary> /// 账号添加 /// 注:前端传入分社与专线编号都用 BranchId /// 通过 登录人Type 判断添加的用户类型 /// </summary> /// <param name="user"></param> /// <param name="operateUserId"></param> public void AccountAdd(UserViewModel user, int operateUserId) { #region 验证 if (user == null) throw new DataValidationException(string.Format(BusinessResourceMessage.ItemCanNotNull, "传入参数")); if (!user.Name.ValidateLen(20)) throw new DataValidationException("真实姓名长度在1-20个汉字"); if (!user.Login.ValidateLen(20)) throw new DataValidationException("登录账号不能超过20个字符"); if (!CommonValidator.isMobile(user.Phone)) throw new DataValidationException("请输入正确的手机号码"); if (user.Type <= 0 || !user.BranchId.HasValue) throw new DataValidationException("请选择机构"); #endregion if (_userRepository.GetModel().Any(p => p.Login.Equals(user.Login) && (p.Status == UserStatus.Normal || p.Status == UserStatus.Freeze))) throw new BusinessException("用户名已存在,请重新输入"); if (_userRepository.GetModel().Any(p => p.Phone.Equals(user.Phone) && (p.Status == UserStatus.Normal || p.Status == UserStatus.Freeze))) throw new BusinessException("用户手机号已存在,请重新输入"); var operateUser = RedisHelp.GetLoginUserCacheNotNull(operateUserId); var model = new User(); model.Login = user.Login; model.PassWord = CommonMD5.getInstance().Get2MD5(BusinessConst._PASSWORD); model.Name = user.Name; model.IsSpecialManager = user.IsSpecialManager; //当操作员为总公司时添加账号则为分社 //操作员为总公司时 分社所属机构为操作员ID switch (operateUser.Type) { case UserType.Company: if (user.Type != UserType.Branch) throw new DataOperationPermissions("无此操作权限,总公司只能添加分社账号"); model.Type = UserType.Branch; model.BranchId = user.BranchId; break; case UserType.Branch: if (user.Type != UserType.SpecialLine) throw new DataOperationPermissions("无此操作权限,分社只能添加专线账号"); model.Type = UserType.SpecialLine; model.SpecialId = user.BranchId; break; case UserType.SpecialLine: //当登录人为专线操作员时 if (!operateUser.IsSpecialManager) throw new DataOperationPermissions("无此操作权限,专线操作员不能操作账号管控所有权限"); //登录人 与添加专线不一致时 if (operateUser.SpecialId != user.BranchId) throw new DataOperationPermissions("无此操作权限,专线管理员只能操作自己所属专线"); //当添加用户为管理员时 if (user.IsSpecialManager) throw new DataOperationPermissions("无此操作权限,专线管理员只能添加专线操作员账号"); model.Type = UserType.SpecialLine; model.SpecialId = user.BranchId; break; default: model.Type = user.Type; switch (user.Type) { case UserType.Branch: model.BranchId = user.BranchId; break; case UserType.SpecialLine: model.SpecialId = user.BranchId; break; default: throw new BusinessException("数据异常,不存在此数据"); } break; } model.Status = UserStatus.Normal; model.Phone = user.Phone; model.CreaterId = operateUserId; model.CreateTime = DateTime.Now; model.UpdaterId = operateUserId; model.UpdateTime = DateTime.Now; #region 设置默认权限 var value = (int)model.Type; var listMenu = _menuRepository.GetModelTracking().Where(p => ((p.UserMenu & value) == value)).ToList(); model.Menus = listMenu; #endregion BuidDataAuthorityVerify(operateUserId, model); _userRepository.Insert(model); }
/// <summary> /// 账号更新 /// 注:只能更新手机 此处权限不控制 /// 现业务正常情况只能自己更新自己的 /// </summary> /// <param name="user"></param> /// <param name="operateUserId"></param> public void AccountUpdate(UserViewModel user, int operateUserId) { if (user.ID != operateUserId) throw new DataOperationPermissions("无此操作权限,只能修改自己信息"); if (!_userRepository.GetModel().Any(p => p.ID == user.ID && p.Status == UserStatus.Normal)) throw new BusinessException("此账号不存在"); DateTime dt = DateTime.Now; _userRepository.Update(p => p.ID == user.ID, u => new User() { Phone = user.Phone, UpdaterId = operateUserId, UpdateTime = dt }); #region 更新缓存 var loginUser = RedisHelp.GetLoginUserCache(user.ID); if (loginUser != null) { loginUser.Status = user.Status; RedisHelp.RefreshLoginUserCache(loginUser); } #endregion }