数据权限功能
This commit is contained in:
chenchun
@@ -64,10 +64,8 @@ namespace Yi.Framework.ApiMicroservice.Controllers
|
||||
[HttpPost]
|
||||
public async Task<Result> Login(LoginDto loginDto)
|
||||
{
|
||||
|
||||
//跳过
|
||||
//跳过,需要redis缓存获取uuid与code的关系,进行比较即可
|
||||
//先效验验证码和UUID
|
||||
|
||||
UserEntity user = new();
|
||||
if (await _iUserService.Login(loginDto.UserName, loginDto.Password, o => user = o))
|
||||
{
|
||||
@@ -181,7 +179,7 @@ namespace Yi.Framework.ApiMicroservice.Controllers
|
||||
{
|
||||
var uuid = Guid.NewGuid();
|
||||
var code = _securityCode.GetRandomEnDigitalText(4);
|
||||
//将uuid与code中心化保存起来,登录根据uuid比对即可
|
||||
//将uuid与code,Redis缓存中心化保存起来,登录根据uuid比对即可
|
||||
var imgbyte = _securityCode.GetEnDigitalCodeByte(code);
|
||||
return Result.Success().SetData(new { uuid = uuid, img = imgbyte });
|
||||
}
|
||||
|
||||
@@ -11,6 +11,8 @@ using Microsoft.Extensions.Localization;
|
||||
using Yi.Framework.WebCore.AttributeExtend;
|
||||
using Yi.Framework.WebCore.SignalRHub;
|
||||
using Hei.Captcha;
|
||||
using Yi.Framework.WebCore;
|
||||
using Microsoft.Extensions.DependencyInjection;
|
||||
|
||||
var builder = WebApplication.CreateBuilder(args);
|
||||
builder.Configuration.AddCommandLine(args);
|
||||
@@ -52,9 +54,10 @@ builder.Host.ConfigureLogging(loggingBuilder =>
|
||||
#endregion
|
||||
builder.Services.AddIocService(builder.Configuration);
|
||||
#region
|
||||
//Sqlsugar<61><72><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ע<EFBFBD><D7A2>
|
||||
//Sqlsugar<61><72><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ע<EFBFBD><D7A2>,<2C>Ƿ<EFBFBD><C7B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ȩ<EFBFBD><EFBFBD><DEB9>ܣ<EFBFBD><DCA3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ҪRedis<69><73><EFBFBD><EFBFBD>
|
||||
#endregion
|
||||
builder.Services.AddSqlsugarServer();
|
||||
//builder.Services.AddSqlsugarServer(DbFiterExtend.Data);
|
||||
#region
|
||||
//Quartz<74><7A><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
#endregion
|
||||
@@ -117,8 +120,14 @@ builder.Services.AddLocalizerService();
|
||||
//<2F><><EFBFBD><EFBFBD>signalR
|
||||
#endregion
|
||||
builder.Services.AddSignalR();
|
||||
|
||||
#region
|
||||
//<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD><D6A4>
|
||||
#endregion
|
||||
builder.Services.AddHeiCaptcha();
|
||||
#region
|
||||
//<2F><><EFBFBD><EFBFBD>Http<74><70><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
#endregion
|
||||
builder.Services.AddHttpContextAccessor();
|
||||
//-----------------------------------------------------------------------------------------------------------
|
||||
var app = builder.Build();
|
||||
#region
|
||||
|
||||
@@ -90,6 +90,8 @@
|
||||
{
|
||||
#region 一般类型
|
||||
|
||||
|
||||
|
||||
public static Guid TryToGuid(this string guid)
|
||||
{
|
||||
if (Guid.TryParse(guid, out var guid1))
|
||||
|
||||
@@ -1,10 +0,0 @@
|
||||
using System;
|
||||
|
||||
namespace Yi.Framework.Common.Models
|
||||
{
|
||||
public static class ServiceLocator
|
||||
{
|
||||
public static IServiceProvider Instance { get; set; }
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,90 +0,0 @@
|
||||
//using Brick.Common;
|
||||
//using Brick.Common.Const;
|
||||
//using Brick.Core;
|
||||
//using Brick.Grpc;
|
||||
//using Brick.WebCore.MiddlewareExtend;
|
||||
//using ETX.Common.Enum;
|
||||
//using ETX.Entity;
|
||||
//using ETX.Interface.IService;
|
||||
//using SqlSugar;
|
||||
//using System.Linq;
|
||||
//using Yi.Framework.Common.Enum;
|
||||
//using Yi.Framework.Model.Models;
|
||||
|
||||
//namespace Yi.Framework.Core
|
||||
//{
|
||||
// public class DbFiterExtend
|
||||
// {
|
||||
// public static void Data(SqlSugarClient db)
|
||||
// {
|
||||
// //未登录情况
|
||||
// //if (!ServiceLocator.GetHttp(out var httpContext))
|
||||
// //{
|
||||
// // return;
|
||||
// //}
|
||||
|
||||
// //无需授权情况
|
||||
// //var account = httpContext.GetAccount();
|
||||
// //if (account.IsNull())
|
||||
// //{
|
||||
// // return;
|
||||
// //}
|
||||
|
||||
// //超级管理员直接放行
|
||||
// //if (ServiceLocator.Admin.Equals(account))
|
||||
// //{
|
||||
// // return;
|
||||
// //}
|
||||
|
||||
// //这里可以优化一下
|
||||
// //根据缓存获取全部用户信息
|
||||
// //var userRoleMenu = ServiceLocator.Instance.GetService<CacheClientDB>().Get<UserRoleMenu>(RedisConst.GetStr(RedisConst.UserRoleMenu, account));
|
||||
|
||||
|
||||
// var roles = userRoleMenu.Roles;
|
||||
// if (roles.IsNull())
|
||||
// {
|
||||
// roles = new ();
|
||||
// }
|
||||
// //先测试部门就是LEBG
|
||||
// long deptId= userRoleMenu.User.DeptId.TryToGuid();
|
||||
// long userId =httpContext.GetId();
|
||||
// //根据角色的数据范围,来添加相对于的数据权限
|
||||
// foreach (var role in roles)
|
||||
// {
|
||||
// DataScopeEnum dataScope =(DataScopeEnum)role.DataScope;
|
||||
// switch (dataScope)
|
||||
// {
|
||||
// case DataScopeEnum.ALL:
|
||||
// //直接放行
|
||||
// break;
|
||||
// case DataScopeEnum.DEPT:
|
||||
// //只能查询到自己的部门的数据
|
||||
// db.QueryFilter.Add(new TableFilterItem<UserEntity>(it => it.DeptId== deptId, true));
|
||||
// break;
|
||||
// case DataScopeEnum.USER:
|
||||
// //只能查询到自己
|
||||
// db.QueryFilter.Add(new TableFilterItem<UserEntity>(it => it.Id == userId,true));
|
||||
// break;
|
||||
// case DataScopeEnum.CUSTOM:
|
||||
// //自定义查询
|
||||
// var filter = new TableFilterItem<UserEntity>(it => SqlFunc.Subqueryable<RoleDeptEntity>().Where(f => f.DeptId == it.DeptId && f.RoleId == role.Id.TryToGuid()).Any(),true);
|
||||
// db.QueryFilter.Add(filter);
|
||||
// break;
|
||||
// case DataScopeEnum.DEPT_FOLLOW:
|
||||
// //放行自己部门及以下
|
||||
// var allChildDepts = db.Queryable<DeptEntity>().ToChildList(it => it.ParentId, deptId);
|
||||
|
||||
// var filter1 = new TableFilterItem<UserEntity>(it => allChildDepts.Select(f => f.Id).ToList().Contains((long)it.DeptId),true);
|
||||
// db.QueryFilter.Add(filter1);
|
||||
|
||||
// //var filter2 = new TableFilterItem<DeptEntity>(it => allChildDepts.Select(f => f.Id).ToList().Contains(it.Id),true);
|
||||
// //db.QueryFilter.Add(filter2);
|
||||
// break;
|
||||
// default:
|
||||
// break;
|
||||
// }
|
||||
// }
|
||||
// }
|
||||
// }
|
||||
//}
|
||||
@@ -37,7 +37,8 @@ namespace Yi.Framework.Core
|
||||
claims.Add(new Claim(JwtRegisteredClaimNames.Nbf, $"{new DateTimeOffset(DateTime.Now).ToUnixTimeSeconds()}"));
|
||||
claims.Add(new Claim(JwtRegisteredClaimNames.Exp, $"{new DateTimeOffset(DateTime.Now.AddMinutes(minutes)).ToUnixTimeSeconds()}"));
|
||||
claims.Add(new Claim(JwtRegisteredClaimNames.Sid, user.Id.ToString()));
|
||||
|
||||
claims.Add(new Claim(JwtRegisteredClaimNames.Name, user.UserName));
|
||||
claims.Add(new Claim("deptId", user.DeptId.ToString()));
|
||||
//-----------------------------以下从user的权限表中添加权限-----------------------例如:
|
||||
|
||||
foreach (var m in menus)
|
||||
@@ -47,12 +48,6 @@ namespace Yi.Framework.Core
|
||||
claims.Add(new Claim("permission", m.PermissionCode.ToString()));
|
||||
}
|
||||
}
|
||||
|
||||
if (isRefresh)
|
||||
{
|
||||
claims.Add(new Claim("Re", "true"));
|
||||
}
|
||||
|
||||
var creds = new SigningCredentials(new RsaSecurityKey(Common.Helper.RSAFileHelper.GetKey()), SecurityAlgorithms.RsaSha256);
|
||||
var token = new JwtSecurityToken(
|
||||
issuer: _JWTTokenOptions.Issuer,
|
||||
|
||||
@@ -26,13 +26,49 @@ namespace Yi.Framework.WebCore
|
||||
return "XMLHttpRequest".Equals(header);
|
||||
}
|
||||
|
||||
|
||||
/// <summary>
|
||||
/// 通过鉴权完的token获取用户id
|
||||
/// </summary>
|
||||
/// <param name="httpContext"></param>
|
||||
/// <returns></returns>
|
||||
public static long GetUserIdInfo(this HttpContext httpContext)
|
||||
{
|
||||
var p = httpContext;
|
||||
return Convert.ToInt64(httpContext .User.Claims.FirstOrDefault(u => u.Type== JwtRegisteredClaimNames.Sid).Value);
|
||||
return Convert.ToInt64(httpContext.User.Claims.FirstOrDefault(u => u.Type == JwtRegisteredClaimNames.Sid).Value);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// 通过鉴权完的token获取用户名
|
||||
/// </summary>
|
||||
/// <param name="httpContext"></param>
|
||||
/// <returns></returns>
|
||||
public static string GetUserNameInfo(this HttpContext httpContext)
|
||||
{
|
||||
var p = httpContext;
|
||||
return httpContext.User.Claims.FirstOrDefault(u => u.Type == JwtRegisteredClaimNames.Name).Value;
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// 通过鉴权完的token获取用户部门
|
||||
/// </summary>
|
||||
/// <param name="httpContext"></param>
|
||||
/// <returns></returns>
|
||||
public static string GetDeptIdInfo(this HttpContext httpContext)
|
||||
{
|
||||
var p = httpContext;
|
||||
return httpContext.User.Claims.FirstOrDefault(u => u.Type == "deptId").Value;
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// 通过鉴权完的token获取权限code
|
||||
/// </summary>
|
||||
/// <param name="httpContext"></param>
|
||||
/// <returns></returns>
|
||||
public static string GetPermissionInfo(this HttpContext httpContext)
|
||||
{
|
||||
var p = httpContext;
|
||||
return httpContext.User.Claims.FirstOrDefault(u => u.Type == "permission").Value;
|
||||
}
|
||||
/// <summary>
|
||||
/// 基于HttpContext,当前鉴权方式解析,获取用户信息
|
||||
/// 现在使用redis作为缓存,不需要将菜单存放至jwt中了
|
||||
|
||||
@@ -0,0 +1,88 @@
|
||||
using Microsoft.Extensions.DependencyInjection;
|
||||
using SqlSugar;
|
||||
using System;
|
||||
using System.Linq;
|
||||
using Yi.Framework.Common.Enum;
|
||||
using Yi.Framework.Common.Models;
|
||||
using Yi.Framework.DTOModel;
|
||||
using Yi.Framework.Model.Models;
|
||||
using Yi.Framework.WebCore;
|
||||
|
||||
namespace Yi.Framework.Core
|
||||
{
|
||||
public class DbFiterExtend
|
||||
{
|
||||
public static void Data(SqlSugarClient db)
|
||||
{
|
||||
//非请求情况
|
||||
if (!ServiceLocator.GetHttp(out var httpContext))
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
//无需授权情况
|
||||
var userName = httpContext.GetUserNameInfo();
|
||||
if (userName is null)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
//超级管理员直接放行
|
||||
if (ServiceLocator.Admin.Equals(userName))
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
//这里可以优化一下
|
||||
//根据缓存获取全部用户信息
|
||||
var userRoleMenu = ServiceLocator.Instance.GetService<CacheClientDB>().Get<UserRoleMenuDto>("用户id");
|
||||
|
||||
|
||||
var roles = userRoleMenu.Roles;
|
||||
if (roles.IsNull())
|
||||
{
|
||||
roles = new();
|
||||
}
|
||||
//先测试部门就是LEBG
|
||||
long deptId = (long)userRoleMenu.User.DeptId;
|
||||
long userId = httpContext.GetUserIdInfo();
|
||||
//根据角色的数据范围,来添加相对于的数据权限
|
||||
foreach (var role in roles)
|
||||
{
|
||||
DataScopeEnum dataScope = (DataScopeEnum)role.DataScope;
|
||||
switch (dataScope)
|
||||
{
|
||||
case DataScopeEnum.ALL:
|
||||
//直接放行
|
||||
break;
|
||||
case DataScopeEnum.DEPT:
|
||||
//只能查询到自己的部门的数据
|
||||
db.QueryFilter.Add(new TableFilterItem<UserEntity>(it => it.DeptId == deptId, true));
|
||||
break;
|
||||
case DataScopeEnum.USER:
|
||||
//只能查询到自己
|
||||
db.QueryFilter.Add(new TableFilterItem<UserEntity>(it => it.Id == userId, true));
|
||||
break;
|
||||
case DataScopeEnum.CUSTOM:
|
||||
//自定义查询
|
||||
var filter = new TableFilterItem<UserEntity>(it => SqlFunc.Subqueryable<RoleDeptEntity>().Where(f => f.DeptId == it.DeptId && f.RoleId == (long)role.Id).Any(), true);
|
||||
db.QueryFilter.Add(filter);
|
||||
break;
|
||||
case DataScopeEnum.DEPT_FOLLOW:
|
||||
//放行自己部门及以下
|
||||
var allChildDepts = db.Queryable<DeptEntity>().ToChildList(it => it.ParentId, deptId);
|
||||
|
||||
var filter1 = new TableFilterItem<UserEntity>(it => allChildDepts.Select(f => f.Id).ToList().Contains((long)it.DeptId), true);
|
||||
db.QueryFilter.Add(filter1);
|
||||
|
||||
//部门无需过滤
|
||||
//var filter2 = new TableFilterItem<DeptEntity>(it => allChildDepts.Select(f => f.Id).ToList().Contains(it.Id),true);
|
||||
//db.QueryFilter.Add(filter2);
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
27
Yi.Framework.Net6/Yi.Framework.WebCore/ServiceLocator.cs
Normal file
27
Yi.Framework.Net6/Yi.Framework.WebCore/ServiceLocator.cs
Normal file
@@ -0,0 +1,27 @@
|
||||
using Microsoft.AspNetCore.Http;
|
||||
using Microsoft.Extensions.DependencyInjection;
|
||||
using System;
|
||||
using Ubiety.Dns.Core.Common;
|
||||
|
||||
namespace Yi.Framework.WebCore
|
||||
{
|
||||
public static class ServiceLocator
|
||||
{
|
||||
public static IServiceProvider Instance { get; set; }
|
||||
|
||||
public static string Admin { get; set; } = "cc";
|
||||
|
||||
public static bool GetHttp(out HttpContext httpContext)
|
||||
{
|
||||
httpContext = null;
|
||||
var httpContextAccessor = Instance.GetService<IHttpContextAccessor>();
|
||||
if (httpContextAccessor is null)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
httpContext = httpContextAccessor.HttpContext;
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user