diff --git a/Yi.Abp.Net8/module/bbs/Yi.Framework.Bbs.Application/Services/ArticleService.cs b/Yi.Abp.Net8/module/bbs/Yi.Framework.Bbs.Application/Services/ArticleService.cs
index 32f0c14e..d6ef86c5 100644
--- a/Yi.Abp.Net8/module/bbs/Yi.Framework.Bbs.Application/Services/ArticleService.cs
+++ b/Yi.Abp.Net8/module/bbs/Yi.Framework.Bbs.Application/Services/ArticleService.cs
@@ -1,5 +1,6 @@
using System.Collections.Generic;
using Mapster;
+using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.DependencyInjection;
@@ -16,6 +17,7 @@ using Yi.Framework.Bbs.Domain.Repositories;
using Yi.Framework.Bbs.Domain.Shared.Consts;
using Yi.Framework.Core.Extensions;
using Yi.Framework.Ddd.Application;
+using Yi.Framework.Rbac.Domain.Authorization;
using Yi.Framework.Rbac.Domain.Shared.Consts;
using Yi.Framework.SqlSugarCore.Abstractions;
@@ -97,6 +99,8 @@ namespace Yi.Framework.Bbs.Application.Services
///
///
///
+ [Permission("bbs:article:add")]
+ [Authorize]
public async override Task CreateAsync(ArticleCreateInputVo input)
{
await VerifyDiscussCreateIdAsync(input.DiscussId);
@@ -144,13 +148,25 @@ namespace Yi.Framework.Bbs.Application.Services
{
throw new UserFriendlyException(DiscussConst.No_Exist);
}
- //只有文章是特殊的,不能在其他主题下创建
- //主题的创建者不是当前用户,同时,没有权限或者超级管理
- //false & true & false ,三个条件任意满意一个,即可成功使用||,最后取反,一个都不满足
+ //这块有点绕,这个版本的写法比较清晰
+ bool result = false;
- //一个条件都不满足,即可拦截
- if (discuss.CreatorId != CurrentUser.Id && !UserConst.Admin.Equals(this.CurrentUser.UserName) && !CurrentUser.GetPermissions().Contains("bbs:discuss:add"))
+ if (this.CurrentUser.GetPermissions().Contains(UserConst.AdminPermissionCode))
+ {
+ //如果是超管,直接跳过
+ result = true;
+ }
+ else
+ {
+ //如果不是超管,必须满足作者是自己,同时还有发布的权限
+ if (discuss.CreatorId == CurrentUser.Id)
+ {
+ result = true;
+ }
+ }
+
+ if (!result)
{
throw new UserFriendlyException("权限不足,请联系主题作者或管理员申请开通");
}
diff --git a/Yi.Abp.Net8/module/bbs/Yi.Framework.Bbs.Application/Services/CommentService.cs b/Yi.Abp.Net8/module/bbs/Yi.Framework.Bbs.Application/Services/CommentService.cs
index e0f20f18..1f6e4be7 100644
--- a/Yi.Abp.Net8/module/bbs/Yi.Framework.Bbs.Application/Services/CommentService.cs
+++ b/Yi.Abp.Net8/module/bbs/Yi.Framework.Bbs.Application/Services/CommentService.cs
@@ -1,4 +1,5 @@
using Mapster;
+using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using SqlSugar;
using Volo.Abp;
@@ -7,9 +8,12 @@ using Yi.Framework.Bbs.Application.Contracts.Dtos.BbsUser;
using Yi.Framework.Bbs.Application.Contracts.Dtos.Comment;
using Yi.Framework.Bbs.Application.Contracts.IServices;
using Yi.Framework.Bbs.Domain.Entities;
+using Yi.Framework.Bbs.Domain.Extensions;
using Yi.Framework.Bbs.Domain.Managers;
using Yi.Framework.Bbs.Domain.Shared.Consts;
using Yi.Framework.Ddd.Application;
+using Yi.Framework.Rbac.Domain.Authorization;
+using Yi.Framework.Rbac.Domain.Shared.Consts;
using Yi.Framework.SqlSugarCore.Abstractions;
namespace Yi.Framework.Bbs.Application.Services
@@ -28,7 +32,7 @@ namespace Yi.Framework.Bbs.Application.Services
_discussRepository = discussRepository;
_discussService = discussService;
_repository = CommentRepository;
- _bbsUserManager=bbsUserManager;
+ _bbsUserManager = bbsUserManager;
}
private ForumManager _forumManager { get; set; }
@@ -60,7 +64,7 @@ namespace Yi.Framework.Bbs.Application.Services
//同时为所有用户id进行bbs的扩展即可
List userIds = outoutDto.Select(x => x.CommentedUser.Id).Union(outoutDto.Select(x => x.CreateUser.Id)).ToList();
- var bbsUserInfoDic=( await _bbsUserManager.GetBbsUserInfoAsync(userIds)).ToDictionary(x=>x.Id);
+ var bbsUserInfoDic = (await _bbsUserManager.GetBbsUserInfoAsync(userIds)).ToDictionary(x => x.Id);
foreach (var singleOutput in outoutDto)
{
@@ -71,8 +75,8 @@ namespace Yi.Framework.Bbs.Application.Services
//开始组装dto的层级关系
- //将全部数据进行hash
- var dic = outoutDto.ToDictionary(x => x.Id);
+ //将全部数据进行hash
+ var dic = outoutDto.ToDictionary(x => x.Id);
foreach (var comment in outoutDto)
{
//不是根节点,需要赋值 被评论者用户信息等
@@ -104,7 +108,7 @@ namespace Yi.Framework.Bbs.Application.Services
});
-
+
return new PagedResultDto(entities.Count(), outoutDto);
}
@@ -116,6 +120,8 @@ namespace Yi.Framework.Bbs.Application.Services
///
///
///
+ [Permission("bbs:comment:add")]
+ [Authorize]
public override async Task CreateAsync(CommentCreateInputVo input)
{
var discuess = await _discussRepository.GetFirstAsync(x => x.Id == input.DiscussId);
@@ -123,12 +129,14 @@ namespace Yi.Framework.Bbs.Application.Services
{
throw new UserFriendlyException(DiscussConst.No_Exist);
}
+ //不是超级管理员,且主题开启禁止评论
- if (discuess.IsDisableCreateComment == true)
+ if (discuess.IsDisableCreateComment == true && !CurrentUser.GetPermissions().Contains(UserConst.AdminPermissionCode))
{
throw new UserFriendlyException("该主题已禁止评论功能");
-
}
+
+
var entity = await _forumManager.CreateCommentAsync(input.DiscussId, input.ParentId, input.RootId, input.Content);
return await MapToGetOutputDtoAsync(entity);
}
diff --git a/Yi.Abp.Net8/module/bbs/Yi.Framework.Bbs.Application/Services/DiscussService.cs b/Yi.Abp.Net8/module/bbs/Yi.Framework.Bbs.Application/Services/DiscussService.cs
index 0aa7d6d9..dff7df6a 100644
--- a/Yi.Abp.Net8/module/bbs/Yi.Framework.Bbs.Application/Services/DiscussService.cs
+++ b/Yi.Abp.Net8/module/bbs/Yi.Framework.Bbs.Application/Services/DiscussService.cs
@@ -17,6 +17,7 @@ using Yi.Framework.Bbs.Domain.Shared.Enums;
using Yi.Framework.Bbs.Domain.Shared.Etos;
using Yi.Framework.Ddd.Application;
using Yi.Framework.Rbac.Application.Contracts.Dtos.User;
+using Yi.Framework.Rbac.Domain.Authorization;
using Yi.Framework.Rbac.Domain.Entities;
using Yi.Framework.Rbac.Domain.Shared.Consts;
using Yi.Framework.SqlSugarCore.Abstractions;
@@ -170,6 +171,8 @@ namespace Yi.Framework.Bbs.Application.Services
///
///
///
+ [Permission("bbs:discuss:add")]
+ [Authorize]
public override async Task CreateAsync(DiscussCreateInputVo input)
{
var plate = await _plateEntityRepository.FindAsync(x => x.Id == input.PlateId);
@@ -181,15 +184,13 @@ namespace Yi.Framework.Bbs.Application.Services
//如果开启了禁用创建主题
if (plate.IsDisableCreateDiscuss == true)
{
-
- if (!CurrentUser.GetPermissions().Contains("") && CurrentUser.UserName != UserConst.Admin)
+ //只有超级管理员权限才能进行发布
+ if (!CurrentUser.GetPermissions().Contains(UserConst.AdminPermissionCode))
{
throw new UserFriendlyException("该板块已禁止创建主题,请在其他板块中发布");
}
}
-
-
var entity = await _forumManager.CreateDiscussAsync(await MapToEntityAsync(input));
return await MapToGetOutputDtoAsync(entity);
}