feat:: 完善权限添加

2023-12-24 11:45:43 +08:00
parent 706df9ab78
commit 3272117564
3 changed files with 41 additions and 16 deletions
--- a/Yi.Abp.Net8/module/bbs/Yi.Framework.Bbs.Application/Services/ArticleService.cs
+++ b/Yi.Abp.Net8/module/bbs/Yi.Framework.Bbs.Application/Services/ArticleService.cs
@@ -1,5 +1,6 @@
 using System.Collections.Generic;
 using Mapster;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.DependencyInjection;
@@ -16,6 +17,7 @@ using Yi.Framework.Bbs.Domain.Repositories;
 using Yi.Framework.Bbs.Domain.Shared.Consts;
 using Yi.Framework.Core.Extensions;
 using Yi.Framework.Ddd.Application;
+using Yi.Framework.Rbac.Domain.Authorization;
 using Yi.Framework.Rbac.Domain.Shared.Consts;
 using Yi.Framework.SqlSugarCore.Abstractions;

@@ -97,6 +99,8 @@ namespace Yi.Framework.Bbs.Application.Services
        /// <param name="input"></param>
        /// <returns></returns>
        /// <exception cref="UserFriendlyException"></exception>
+        [Permission("bbs:article:add")]
+        [Authorize]
        public async override Task<ArticleGetOutputDto> CreateAsync(ArticleCreateInputVo input)
        {
            await VerifyDiscussCreateIdAsync(input.DiscussId);
@@ -144,13 +148,25 @@ namespace Yi.Framework.Bbs.Application.Services
            {
                throw new UserFriendlyException(DiscussConst.No_Exist);
            }
-            //只有文章是特殊的，不能在其他主题下创建
-            //主题的创建者不是当前用户，同时，没有权限或者超级管理
-            //false  & true  & false  ,三个条件任意满意一个，即可成功使用||，最后取反，一个都不满足

+            //这块有点绕，这个版本的写法比较清晰
+            bool result = false;

-            //一个条件都不满足，即可拦截
-            if (discuss.CreatorId != CurrentUser.Id && !UserConst.Admin.Equals(this.CurrentUser.UserName) && !CurrentUser.GetPermissions().Contains("bbs:discuss:add"))
+            if (this.CurrentUser.GetPermissions().Contains(UserConst.AdminPermissionCode))
+            {
+                //如果是超管,直接跳过
+                result = true;
+            }
+            else
+            {
+                //如果不是超管,必须满足作者是自己，同时还有发布的权限
+                if (discuss.CreatorId == CurrentUser.Id)
+                {
+                    result = true;
+                }
+            }
+
+            if (!result)
            {
                throw new UserFriendlyException("权限不足，请联系主题作者或管理员申请开通");
            }
--- a/Yi.Abp.Net8/module/bbs/Yi.Framework.Bbs.Application/Services/CommentService.cs
+++ b/Yi.Abp.Net8/module/bbs/Yi.Framework.Bbs.Application/Services/CommentService.cs
@@ -1,4 +1,5 @@
 using Mapster;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using SqlSugar;
 using Volo.Abp;
@@ -7,9 +8,12 @@ using Yi.Framework.Bbs.Application.Contracts.Dtos.BbsUser;
 using Yi.Framework.Bbs.Application.Contracts.Dtos.Comment;
 using Yi.Framework.Bbs.Application.Contracts.IServices;
 using Yi.Framework.Bbs.Domain.Entities;
+using Yi.Framework.Bbs.Domain.Extensions;
 using Yi.Framework.Bbs.Domain.Managers;
 using Yi.Framework.Bbs.Domain.Shared.Consts;
 using Yi.Framework.Ddd.Application;
+using Yi.Framework.Rbac.Domain.Authorization;
+using Yi.Framework.Rbac.Domain.Shared.Consts;
 using Yi.Framework.SqlSugarCore.Abstractions;

 namespace Yi.Framework.Bbs.Application.Services
@@ -28,7 +32,7 @@ namespace Yi.Framework.Bbs.Application.Services
            _discussRepository = discussRepository;
            _discussService = discussService;
            _repository = CommentRepository;
-            _bbsUserManager=bbsUserManager;
+            _bbsUserManager = bbsUserManager;
        }

        private ForumManager _forumManager { get; set; }
@@ -60,7 +64,7 @@ namespace Yi.Framework.Bbs.Application.Services

            //同时为所有用户id进行bbs的扩展即可
            List<Guid> userIds = outoutDto.Select(x => x.CommentedUser.Id).Union(outoutDto.Select(x => x.CreateUser.Id)).ToList();
-            var bbsUserInfoDic=( await _bbsUserManager.GetBbsUserInfoAsync(userIds)).ToDictionary(x=>x.Id);
+            var bbsUserInfoDic = (await _bbsUserManager.GetBbsUserInfoAsync(userIds)).ToDictionary(x => x.Id);

            foreach (var singleOutput in outoutDto)
            {
@@ -71,8 +75,8 @@ namespace Yi.Framework.Bbs.Application.Services


            //开始组装dto的层级关系
-             //将全部数据进行hash
-             var dic = outoutDto.ToDictionary(x => x.Id);
+            //将全部数据进行hash
+            var dic = outoutDto.ToDictionary(x => x.Id);
            foreach (var comment in outoutDto)
            {
                //不是根节点，需要赋值 被评论者用户信息等
@@ -104,7 +108,7 @@ namespace Yi.Framework.Bbs.Application.Services

            });

-       
+

            return new PagedResultDto<CommentGetListOutputDto>(entities.Count(), outoutDto);
        }
@@ -116,6 +120,8 @@ namespace Yi.Framework.Bbs.Application.Services
        /// <param name="input"></param>
        /// <returns></returns>
        /// <exception cref="UserFriendlyException"></exception>
+        [Permission("bbs:comment:add")]
+        [Authorize]
        public override async Task<CommentGetOutputDto> CreateAsync(CommentCreateInputVo input)
        {
            var discuess = await _discussRepository.GetFirstAsync(x => x.Id == input.DiscussId);
@@ -123,12 +129,14 @@ namespace Yi.Framework.Bbs.Application.Services
            {
                throw new UserFriendlyException(DiscussConst.No_Exist);
            }
+            //不是超级管理员，且主题开启禁止评论

-            if (discuess.IsDisableCreateComment == true)
+            if (discuess.IsDisableCreateComment == true && !CurrentUser.GetPermissions().Contains(UserConst.AdminPermissionCode))
            {
                throw new UserFriendlyException("该主题已禁止评论功能");
-
            }
+
+
            var entity = await _forumManager.CreateCommentAsync(input.DiscussId, input.ParentId, input.RootId, input.Content);
            return await MapToGetOutputDtoAsync(entity);
        }
--- a/Yi.Abp.Net8/module/bbs/Yi.Framework.Bbs.Application/Services/DiscussService.cs
+++ b/Yi.Abp.Net8/module/bbs/Yi.Framework.Bbs.Application/Services/DiscussService.cs
@@ -17,6 +17,7 @@ using Yi.Framework.Bbs.Domain.Shared.Enums;
 using Yi.Framework.Bbs.Domain.Shared.Etos;
 using Yi.Framework.Ddd.Application;
 using Yi.Framework.Rbac.Application.Contracts.Dtos.User;
+using Yi.Framework.Rbac.Domain.Authorization;
 using Yi.Framework.Rbac.Domain.Entities;
 using Yi.Framework.Rbac.Domain.Shared.Consts;
 using Yi.Framework.SqlSugarCore.Abstractions;
@@ -170,6 +171,8 @@ namespace Yi.Framework.Bbs.Application.Services
        /// </summary>
        /// <param name="input"></param>
        /// <returns></returns>
+        [Permission("bbs:discuss:add")]
+        [Authorize]
        public override async Task<DiscussGetOutputDto> CreateAsync(DiscussCreateInputVo input)
        {
            var plate = await _plateEntityRepository.FindAsync(x => x.Id == input.PlateId);
@@ -181,15 +184,13 @@ namespace Yi.Framework.Bbs.Application.Services
            //如果开启了禁用创建主题
            if (plate.IsDisableCreateDiscuss == true)
            {
-
-                if (!CurrentUser.GetPermissions().Contains("") && CurrentUser.UserName != UserConst.Admin)
+                //只有超级管理员权限才能进行发布
+                if (!CurrentUser.GetPermissions().Contains(UserConst.AdminPermissionCode))
                {
                    throw new UserFriendlyException("该板块已禁止创建主题，请在其他板块中发布");
                }
            }

-
-
            var entity = await _forumManager.CreateDiscussAsync(await MapToEntityAsync(input));
            return await MapToGetOutputDtoAsync(entity);
        }