feat:: 完善权限添加
This commit is contained in:
橙子
@@ -1,5 +1,6 @@
|
|||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using Mapster;
|
using Mapster;
|
||||||
|
using Microsoft.AspNetCore.Authorization;
|
||||||
using Microsoft.AspNetCore.Http;
|
using Microsoft.AspNetCore.Http;
|
||||||
using Microsoft.AspNetCore.Mvc;
|
using Microsoft.AspNetCore.Mvc;
|
||||||
using Microsoft.Extensions.DependencyInjection;
|
using Microsoft.Extensions.DependencyInjection;
|
||||||
@@ -16,6 +17,7 @@ using Yi.Framework.Bbs.Domain.Repositories;
|
|||||||
using Yi.Framework.Bbs.Domain.Shared.Consts;
|
using Yi.Framework.Bbs.Domain.Shared.Consts;
|
||||||
using Yi.Framework.Core.Extensions;
|
using Yi.Framework.Core.Extensions;
|
||||||
using Yi.Framework.Ddd.Application;
|
using Yi.Framework.Ddd.Application;
|
||||||
|
using Yi.Framework.Rbac.Domain.Authorization;
|
||||||
using Yi.Framework.Rbac.Domain.Shared.Consts;
|
using Yi.Framework.Rbac.Domain.Shared.Consts;
|
||||||
using Yi.Framework.SqlSugarCore.Abstractions;
|
using Yi.Framework.SqlSugarCore.Abstractions;
|
||||||
|
|
||||||
@@ -97,6 +99,8 @@ namespace Yi.Framework.Bbs.Application.Services
|
|||||||
/// <param name="input"></param>
|
/// <param name="input"></param>
|
||||||
/// <returns></returns>
|
/// <returns></returns>
|
||||||
/// <exception cref="UserFriendlyException"></exception>
|
/// <exception cref="UserFriendlyException"></exception>
|
||||||
|
[Permission("bbs:article:add")]
|
||||||
|
[Authorize]
|
||||||
public async override Task<ArticleGetOutputDto> CreateAsync(ArticleCreateInputVo input)
|
public async override Task<ArticleGetOutputDto> CreateAsync(ArticleCreateInputVo input)
|
||||||
{
|
{
|
||||||
await VerifyDiscussCreateIdAsync(input.DiscussId);
|
await VerifyDiscussCreateIdAsync(input.DiscussId);
|
||||||
@@ -144,13 +148,25 @@ namespace Yi.Framework.Bbs.Application.Services
|
|||||||
{
|
{
|
||||||
throw new UserFriendlyException(DiscussConst.No_Exist);
|
throw new UserFriendlyException(DiscussConst.No_Exist);
|
||||||
}
|
}
|
||||||
//只有文章是特殊的,不能在其他主题下创建
|
|
||||||
//主题的创建者不是当前用户,同时,没有权限或者超级管理
|
|
||||||
//false & true & false ,三个条件任意满意一个,即可成功使用||,最后取反,一个都不满足
|
|
||||||
|
|
||||||
|
//这块有点绕,这个版本的写法比较清晰
|
||||||
|
bool result = false;
|
||||||
|
|
||||||
//一个条件都不满足,即可拦截
|
if (this.CurrentUser.GetPermissions().Contains(UserConst.AdminPermissionCode))
|
||||||
if (discuss.CreatorId != CurrentUser.Id && !UserConst.Admin.Equals(this.CurrentUser.UserName) && !CurrentUser.GetPermissions().Contains("bbs:discuss:add"))
|
{
|
||||||
|
//如果是超管,直接跳过
|
||||||
|
result = true;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
//如果不是超管,必须满足作者是自己,同时还有发布的权限
|
||||||
|
if (discuss.CreatorId == CurrentUser.Id)
|
||||||
|
{
|
||||||
|
result = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!result)
|
||||||
{
|
{
|
||||||
throw new UserFriendlyException("权限不足,请联系主题作者或管理员申请开通");
|
throw new UserFriendlyException("权限不足,请联系主题作者或管理员申请开通");
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,4 +1,5 @@
|
|||||||
using Mapster;
|
using Mapster;
|
||||||
|
using Microsoft.AspNetCore.Authorization;
|
||||||
using Microsoft.AspNetCore.Mvc;
|
using Microsoft.AspNetCore.Mvc;
|
||||||
using SqlSugar;
|
using SqlSugar;
|
||||||
using Volo.Abp;
|
using Volo.Abp;
|
||||||
@@ -7,9 +8,12 @@ using Yi.Framework.Bbs.Application.Contracts.Dtos.BbsUser;
|
|||||||
using Yi.Framework.Bbs.Application.Contracts.Dtos.Comment;
|
using Yi.Framework.Bbs.Application.Contracts.Dtos.Comment;
|
||||||
using Yi.Framework.Bbs.Application.Contracts.IServices;
|
using Yi.Framework.Bbs.Application.Contracts.IServices;
|
||||||
using Yi.Framework.Bbs.Domain.Entities;
|
using Yi.Framework.Bbs.Domain.Entities;
|
||||||
|
using Yi.Framework.Bbs.Domain.Extensions;
|
||||||
using Yi.Framework.Bbs.Domain.Managers;
|
using Yi.Framework.Bbs.Domain.Managers;
|
||||||
using Yi.Framework.Bbs.Domain.Shared.Consts;
|
using Yi.Framework.Bbs.Domain.Shared.Consts;
|
||||||
using Yi.Framework.Ddd.Application;
|
using Yi.Framework.Ddd.Application;
|
||||||
|
using Yi.Framework.Rbac.Domain.Authorization;
|
||||||
|
using Yi.Framework.Rbac.Domain.Shared.Consts;
|
||||||
using Yi.Framework.SqlSugarCore.Abstractions;
|
using Yi.Framework.SqlSugarCore.Abstractions;
|
||||||
|
|
||||||
namespace Yi.Framework.Bbs.Application.Services
|
namespace Yi.Framework.Bbs.Application.Services
|
||||||
@@ -28,7 +32,7 @@ namespace Yi.Framework.Bbs.Application.Services
|
|||||||
_discussRepository = discussRepository;
|
_discussRepository = discussRepository;
|
||||||
_discussService = discussService;
|
_discussService = discussService;
|
||||||
_repository = CommentRepository;
|
_repository = CommentRepository;
|
||||||
_bbsUserManager=bbsUserManager;
|
_bbsUserManager = bbsUserManager;
|
||||||
}
|
}
|
||||||
|
|
||||||
private ForumManager _forumManager { get; set; }
|
private ForumManager _forumManager { get; set; }
|
||||||
@@ -60,7 +64,7 @@ namespace Yi.Framework.Bbs.Application.Services
|
|||||||
|
|
||||||
//同时为所有用户id进行bbs的扩展即可
|
//同时为所有用户id进行bbs的扩展即可
|
||||||
List<Guid> userIds = outoutDto.Select(x => x.CommentedUser.Id).Union(outoutDto.Select(x => x.CreateUser.Id)).ToList();
|
List<Guid> userIds = outoutDto.Select(x => x.CommentedUser.Id).Union(outoutDto.Select(x => x.CreateUser.Id)).ToList();
|
||||||
var bbsUserInfoDic=( await _bbsUserManager.GetBbsUserInfoAsync(userIds)).ToDictionary(x=>x.Id);
|
var bbsUserInfoDic = (await _bbsUserManager.GetBbsUserInfoAsync(userIds)).ToDictionary(x => x.Id);
|
||||||
|
|
||||||
foreach (var singleOutput in outoutDto)
|
foreach (var singleOutput in outoutDto)
|
||||||
{
|
{
|
||||||
@@ -71,8 +75,8 @@ namespace Yi.Framework.Bbs.Application.Services
|
|||||||
|
|
||||||
|
|
||||||
//开始组装dto的层级关系
|
//开始组装dto的层级关系
|
||||||
//将全部数据进行hash
|
//将全部数据进行hash
|
||||||
var dic = outoutDto.ToDictionary(x => x.Id);
|
var dic = outoutDto.ToDictionary(x => x.Id);
|
||||||
foreach (var comment in outoutDto)
|
foreach (var comment in outoutDto)
|
||||||
{
|
{
|
||||||
//不是根节点,需要赋值 被评论者用户信息等
|
//不是根节点,需要赋值 被评论者用户信息等
|
||||||
@@ -116,6 +120,8 @@ namespace Yi.Framework.Bbs.Application.Services
|
|||||||
/// <param name="input"></param>
|
/// <param name="input"></param>
|
||||||
/// <returns></returns>
|
/// <returns></returns>
|
||||||
/// <exception cref="UserFriendlyException"></exception>
|
/// <exception cref="UserFriendlyException"></exception>
|
||||||
|
[Permission("bbs:comment:add")]
|
||||||
|
[Authorize]
|
||||||
public override async Task<CommentGetOutputDto> CreateAsync(CommentCreateInputVo input)
|
public override async Task<CommentGetOutputDto> CreateAsync(CommentCreateInputVo input)
|
||||||
{
|
{
|
||||||
var discuess = await _discussRepository.GetFirstAsync(x => x.Id == input.DiscussId);
|
var discuess = await _discussRepository.GetFirstAsync(x => x.Id == input.DiscussId);
|
||||||
@@ -123,12 +129,14 @@ namespace Yi.Framework.Bbs.Application.Services
|
|||||||
{
|
{
|
||||||
throw new UserFriendlyException(DiscussConst.No_Exist);
|
throw new UserFriendlyException(DiscussConst.No_Exist);
|
||||||
}
|
}
|
||||||
|
//不是超级管理员,且主题开启禁止评论
|
||||||
|
|
||||||
if (discuess.IsDisableCreateComment == true)
|
if (discuess.IsDisableCreateComment == true && !CurrentUser.GetPermissions().Contains(UserConst.AdminPermissionCode))
|
||||||
{
|
{
|
||||||
throw new UserFriendlyException("该主题已禁止评论功能");
|
throw new UserFriendlyException("该主题已禁止评论功能");
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
var entity = await _forumManager.CreateCommentAsync(input.DiscussId, input.ParentId, input.RootId, input.Content);
|
var entity = await _forumManager.CreateCommentAsync(input.DiscussId, input.ParentId, input.RootId, input.Content);
|
||||||
return await MapToGetOutputDtoAsync(entity);
|
return await MapToGetOutputDtoAsync(entity);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -17,6 +17,7 @@ using Yi.Framework.Bbs.Domain.Shared.Enums;
|
|||||||
using Yi.Framework.Bbs.Domain.Shared.Etos;
|
using Yi.Framework.Bbs.Domain.Shared.Etos;
|
||||||
using Yi.Framework.Ddd.Application;
|
using Yi.Framework.Ddd.Application;
|
||||||
using Yi.Framework.Rbac.Application.Contracts.Dtos.User;
|
using Yi.Framework.Rbac.Application.Contracts.Dtos.User;
|
||||||
|
using Yi.Framework.Rbac.Domain.Authorization;
|
||||||
using Yi.Framework.Rbac.Domain.Entities;
|
using Yi.Framework.Rbac.Domain.Entities;
|
||||||
using Yi.Framework.Rbac.Domain.Shared.Consts;
|
using Yi.Framework.Rbac.Domain.Shared.Consts;
|
||||||
using Yi.Framework.SqlSugarCore.Abstractions;
|
using Yi.Framework.SqlSugarCore.Abstractions;
|
||||||
@@ -170,6 +171,8 @@ namespace Yi.Framework.Bbs.Application.Services
|
|||||||
/// </summary>
|
/// </summary>
|
||||||
/// <param name="input"></param>
|
/// <param name="input"></param>
|
||||||
/// <returns></returns>
|
/// <returns></returns>
|
||||||
|
[Permission("bbs:discuss:add")]
|
||||||
|
[Authorize]
|
||||||
public override async Task<DiscussGetOutputDto> CreateAsync(DiscussCreateInputVo input)
|
public override async Task<DiscussGetOutputDto> CreateAsync(DiscussCreateInputVo input)
|
||||||
{
|
{
|
||||||
var plate = await _plateEntityRepository.FindAsync(x => x.Id == input.PlateId);
|
var plate = await _plateEntityRepository.FindAsync(x => x.Id == input.PlateId);
|
||||||
@@ -181,15 +184,13 @@ namespace Yi.Framework.Bbs.Application.Services
|
|||||||
//如果开启了禁用创建主题
|
//如果开启了禁用创建主题
|
||||||
if (plate.IsDisableCreateDiscuss == true)
|
if (plate.IsDisableCreateDiscuss == true)
|
||||||
{
|
{
|
||||||
|
//只有超级管理员权限才能进行发布
|
||||||
if (!CurrentUser.GetPermissions().Contains("") && CurrentUser.UserName != UserConst.Admin)
|
if (!CurrentUser.GetPermissions().Contains(UserConst.AdminPermissionCode))
|
||||||
{
|
{
|
||||||
throw new UserFriendlyException("该板块已禁止创建主题,请在其他板块中发布");
|
throw new UserFriendlyException("该板块已禁止创建主题,请在其他板块中发布");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
var entity = await _forumManager.CreateDiscussAsync(await MapToEntityAsync(input));
|
var entity = await _forumManager.CreateDiscussAsync(await MapToEntityAsync(input));
|
||||||
return await MapToGetOutputDtoAsync(entity);
|
return await MapToGetOutputDtoAsync(entity);
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user