diff --git a/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/BaseController/BaseCrudController.cs b/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/BaseController/BaseCrudController.cs
index 2f3114a2..17f005ce 100644
--- a/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/BaseController/BaseCrudController.cs
+++ b/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/BaseController/BaseCrudController.cs
@@ -33,7 +33,6 @@ namespace Yi.Framework.ApiMicroservice.Controllers
///
///
///
- [Permission($"{nameof(T)}:get")]
[HttpGet]
public virtual async Task GetById(long id)
{
@@ -44,7 +43,6 @@ namespace Yi.Framework.ApiMicroservice.Controllers
/// 列表查询
///
///
- [Permission($"{nameof(T)}:get")]
[HttpPost]
public virtual async Task GetList(QueryCondition queryCondition)
{
@@ -56,7 +54,6 @@ namespace Yi.Framework.ApiMicroservice.Controllers
///
///
///
- [Permission($"{nameof(T)}:get")]
[HttpPost]
public virtual async Task PageList(QueryPageCondition queryCondition)
{
@@ -68,7 +65,6 @@ namespace Yi.Framework.ApiMicroservice.Controllers
///
///
///
- [Permission($"{nameof(T)}:add")]
[HttpPost]
public virtual async Task Add(T entity)
{
@@ -80,7 +76,6 @@ namespace Yi.Framework.ApiMicroservice.Controllers
///
///
///
- [Permission($"{nameof(T)}:update")]
[HttpPut]
public virtual async Task Update(T entity)
{
@@ -92,7 +87,6 @@ namespace Yi.Framework.ApiMicroservice.Controllers
///
///
///
- [Permission($"{nameof(T)}:del")]
[HttpDelete]
public virtual async Task DeleteList(List ids)
{
diff --git a/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/BaseController/BaseSimpleCrudController.cs b/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/BaseController/BaseSimpleCrudController.cs
index 2feb5aaf..c59f9265 100644
--- a/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/BaseController/BaseSimpleCrudController.cs
+++ b/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/BaseController/BaseSimpleCrudController.cs
@@ -45,7 +45,6 @@ namespace Yi.Framework.ApiMicroservice.Controllers
/// 全部列表查询
///
///
- [Permission($"{nameof(T)}:get")]
[HttpGet]
public virtual async Task GetList()
{
@@ -57,7 +56,6 @@ namespace Yi.Framework.ApiMicroservice.Controllers
///
///
///
- [Permission($"{nameof(T)}:add")]
[HttpPost]
public virtual async Task Add(T entity)
{
@@ -70,7 +68,6 @@ namespace Yi.Framework.ApiMicroservice.Controllers
///
///
///
- [Permission($"{nameof(T)}:update")]
[HttpPut]
public virtual async Task Update(T entity)
{
@@ -82,7 +79,6 @@ namespace Yi.Framework.ApiMicroservice.Controllers
///
///
///
- [Permission($"{nameof(T)}:del")]
[HttpDelete]
public virtual async Task DelList(List ids)
{
diff --git a/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/BaseController/BaseSimpleRdController.cs b/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/BaseController/BaseSimpleRdController.cs
index 3c0c2a32..fbd01fef 100644
--- a/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/BaseController/BaseSimpleRdController.cs
+++ b/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/BaseController/BaseSimpleRdController.cs
@@ -33,7 +33,6 @@ namespace Yi.Framework.ApiMicroservice.Controllers
///
///
///
- [Permission($"{nameof(T)}:get")]
[Route("{id}")]
[HttpGet]
public virtual async Task GetById([FromRoute]long id)
@@ -45,7 +44,6 @@ namespace Yi.Framework.ApiMicroservice.Controllers
/// 全部列表查询
///
///
- [Permission($"{nameof(T)}:get")]
[HttpGet]
public virtual async Task GetList()
{
@@ -57,7 +55,6 @@ namespace Yi.Framework.ApiMicroservice.Controllers
///
///
///
- [Permission($"{nameof(T)}:del")]
[HttpDelete]
public virtual async Task DelList(List ids)
{
diff --git a/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/UserController.cs b/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/UserController.cs
index c57b935e..ad33aef3 100644
--- a/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/UserController.cs
+++ b/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Controllers/UserController.cs
@@ -20,6 +20,7 @@ namespace Yi.Framework.ApiMicroservice.Controllers
/// 用户管理
///
[ApiController]
+ [Authorize]
[Route("api/[controller]/[action]")]
public class UserController : BaseSimpleRdController
{
@@ -37,6 +38,7 @@ namespace Yi.Framework.ApiMicroservice.Controllers
///
///
[HttpGet]
+ [Permission("system:user:query")]
public async Task PageList([FromQuery] UserEntity user, [FromQuery] PageParModel page,[FromQuery] long? deptId)
{
return Result.Success().SetData(await _iUserService.SelctPageList(user, page, deptId));
@@ -49,6 +51,7 @@ namespace Yi.Framework.ApiMicroservice.Controllers
///
///
[HttpPut]
+ [Permission("system:user:edit")]
public async Task UpdateStatus(long userId, bool isDel)
{
return Result.Success().SetData(await _iUserService._repository.UpdateIgnoreNullAsync(new UserEntity() { Id = userId, IsDeleted = isDel }));
@@ -61,6 +64,7 @@ namespace Yi.Framework.ApiMicroservice.Controllers
///
///
[HttpPut]
+ [Permission("system:user:edit")]
public async Task GiveUserSetRole(GiveUserSetRoleDto giveUserSetRoleDto)
{
return Result.Success().SetStatus(await _iUserService.GiveUserSetRole(giveUserSetRoleDto.UserIds, giveUserSetRoleDto.RoleIds));
@@ -74,6 +78,7 @@ namespace Yi.Framework.ApiMicroservice.Controllers
///
[HttpGet]
[Route("{id}")]
+ [Permission("system:user:query")]
public override async Task GetById([FromRoute] long id)
{
return Result.Success().SetData(await _iUserService.GetInfoById(id));
@@ -85,6 +90,7 @@ namespace Yi.Framework.ApiMicroservice.Controllers
///
///
[HttpPut]
+ [Permission("system:user:edit")]
public async Task Update(UserInfoDto userDto)
{
if (await _iUserService._repository.IsAnyAsync(u => userDto.User.UserName.Equals(u.UserName)&&!userDto.User.Id.Equals(u.Id)))
@@ -101,6 +107,7 @@ namespace Yi.Framework.ApiMicroservice.Controllers
///
///
[HttpPut]
+ [Permission("system:user:edit")]
public async Task UpdateProfile(UserInfoDto userDto)
{
return Result.Success().SetStatus(await _iUserService.UpdateProfile(userDto));
@@ -112,6 +119,7 @@ namespace Yi.Framework.ApiMicroservice.Controllers
///
///
[HttpPost]
+ [Permission("system:user:add2")]
public async Task Add(UserInfoDto userDto)
{
if (await _iUserService._repository.IsAnyAsync(u => userDto.User.UserName.Equals(u.UserName)))
@@ -128,9 +136,20 @@ namespace Yi.Framework.ApiMicroservice.Controllers
///
///
[HttpPut]
+ [Permission("system:user:edit")]
public async Task RestPassword(UserEntity user)
{
return Result.Success().SetStatus(await _iUserService.RestPassword(user.Id, user.Password));
}
+ [Permission("system:user:query")]
+ public override Task GetList()
+ {
+ return base.GetList();
+ }
+ [Permission("system:user:remove")]
+ public override Task DelList(List ids)
+ {
+ return base.DelList(ids);
+ }
}
}
diff --git a/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Program.cs b/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Program.cs
index efc12b16..dc68771a 100644
--- a/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Program.cs
+++ b/Yi.Framework.Net6/Yi.Framework.ApiMicroservice/Program.cs
@@ -150,7 +150,7 @@ ServiceLocator.Instance = app.Services;
#region
//ץȡע
#endregion
-//app.UseErrorHandlingService();
+app.UseErrorHandlingService();
#region
//̬ļע
diff --git a/Yi.Framework.Net6/Yi.Framework.Common/Const/SystemConst.cs b/Yi.Framework.Net6/Yi.Framework.Common/Const/SystemConst.cs
index c6c7e2d4..1d6f695f 100644
--- a/Yi.Framework.Net6/Yi.Framework.Common/Const/SystemConst.cs
+++ b/Yi.Framework.Net6/Yi.Framework.Common/Const/SystemConst.cs
@@ -11,5 +11,6 @@ namespace Yi.Framework.Common.Const
public const string Admin = "cc";
public const string AdminRolesCode = "admin";
public const string AdminPermissionCode = "*:*:*";
+ public const string PermissionClaim = "permission";
}
}
diff --git a/Yi.Framework.Net6/Yi.Framework.Core/JwtInvoker.cs b/Yi.Framework.Net6/Yi.Framework.Core/JwtInvoker.cs
index 5e948bfb..74ecfe3c 100644
--- a/Yi.Framework.Net6/Yi.Framework.Core/JwtInvoker.cs
+++ b/Yi.Framework.Net6/Yi.Framework.Core/JwtInvoker.cs
@@ -8,6 +8,7 @@ using System.Linq;
using System.Security.Claims;
using System.Text;
using System.Threading.Tasks;
+using Yi.Framework.Common.Const;
using Yi.Framework.Common.IOCOptions;
using Yi.Framework.Model.Models;
using JwtRegisteredClaimNames = Microsoft.IdentityModel.JsonWebTokens.JwtRegisteredClaimNames;
@@ -45,9 +46,14 @@ namespace Yi.Framework.Core
{
if (!string.IsNullOrEmpty(m.PermissionCode))
{
- claims.Add(new Claim("permission", m.PermissionCode.ToString()));
+ claims.Add(new Claim(SystemConst.PermissionClaim, m.PermissionCode.ToString()));
}
}
+ if (SystemConst.Admin.Equals(user.UserName))
+ {
+ claims.Add(new Claim(SystemConst.PermissionClaim, SystemConst.AdminPermissionCode));
+ }
+
var creds = new SigningCredentials(new RsaSecurityKey(Common.Helper.RSAFileHelper.GetKey()), SecurityAlgorithms.RsaSha256);
var token = new JwtSecurityToken(
issuer: _JWTTokenOptions.Issuer,
diff --git a/Yi.Framework.Net6/Yi.Framework.WebCore/AttributeExtend/PermissionAttribute.cs b/Yi.Framework.Net6/Yi.Framework.WebCore/AttributeExtend/PermissionAttribute.cs
index 7754dabe..65ccb4cd 100644
--- a/Yi.Framework.Net6/Yi.Framework.WebCore/AttributeExtend/PermissionAttribute.cs
+++ b/Yi.Framework.Net6/Yi.Framework.WebCore/AttributeExtend/PermissionAttribute.cs
@@ -5,6 +5,7 @@ using System.Collections.Generic;
using System.Linq;
using System.Text.RegularExpressions;
using System.Threading.Tasks;
+using Yi.Framework.Common.Const;
namespace Yi.Framework.WebCore.AttributeExtend
{
@@ -25,12 +26,13 @@ namespace Yi.Framework.WebCore.AttributeExtend
///
public override void OnActionExecuting(ActionExecutingContext context)
{
- base.OnActionExecuting(context);
+
if (string.IsNullOrEmpty(permission))
{
throw new Exception("权限不能为空!");
}
+
var result = false;
@@ -38,16 +40,20 @@ namespace Yi.Framework.WebCore.AttributeExtend
var sid = context.HttpContext.User.Claims.FirstOrDefault(u => u.Type == JwtRegisteredClaimNames.Sid);
//jwt存在的权限列表
- var perList = context.HttpContext.User.Claims.Where(u => u.Type == "permission").Select(u=> u.Value.ToString().ToLower()). ToList();
+ var perList = context.HttpContext.User.Claims.Where(u => u.Type == SystemConst.PermissionClaim).Select(u => u.Value.ToString().ToLower()).ToList();
//判断权限是否存在Redis中,或者jwt中
//进行正则表达式的匹配,以code开头
Regex regex = new Regex($"^{permission.ToLower()}");
foreach (var p in perList)
{
- //过滤多余的标签
- p.Replace("Entity","");
- p.Replace("entity","");
+ //如果存在超级管理员权限,直接放行
+ if (SystemConst.AdminPermissionCode.Equals(p))
+ {
+ result = true;
+ break;
+ }
+
if (regex.IsMatch(p))
{
result = true;
@@ -56,11 +62,6 @@ namespace Yi.Framework.WebCore.AttributeExtend
}
//用户的增删改查直接可以user:*即可
-
- //这里暂时全部放行即可
- result = true;
-
-
if (!result)
{
throw new Exception("拦截未授权请求!");
diff --git a/Yi.Framework.Net6/Yi.Framework.WebCore/MiddlewareExtend/ErrorHandExtension.cs b/Yi.Framework.Net6/Yi.Framework.WebCore/MiddlewareExtend/ErrorHandExtension.cs
index eed13c4c..63e3ce36 100644
--- a/Yi.Framework.Net6/Yi.Framework.WebCore/MiddlewareExtend/ErrorHandExtension.cs
+++ b/Yi.Framework.Net6/Yi.Framework.WebCore/MiddlewareExtend/ErrorHandExtension.cs
@@ -1,5 +1,6 @@
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Logging;
using Newtonsoft.Json;
using System;
using System.Collections.Generic;
@@ -15,10 +16,11 @@ namespace Yi.Framework.WebCore.MiddlewareExtend
public class ErrorHandExtension
{
private readonly RequestDelegate next;
-
- public ErrorHandExtension(RequestDelegate next)
+ private ILogger _logger;
+ public ErrorHandExtension(RequestDelegate next,ILogger logger)
{
this.next = next;
+ _logger = logger;
}
public async Task Invoke(HttpContext context)
@@ -34,6 +36,7 @@ namespace Yi.Framework.WebCore.MiddlewareExtend
{
statusCode = 200;
}
+ _logger.LogError($"中间件抓取错误\r\n错误信息:{ex.Message}\r\n堆栈信息“{ex.StackTrace}");
await HandleExceptionAsync(context, statusCode, ex.Message);
}
finally