diff --git a/Yi.Abp.Net8/framework/Yi.Framework.SqlSugarCore/SqlSugarDbContext.cs b/Yi.Abp.Net8/framework/Yi.Framework.SqlSugarCore/SqlSugarDbContext.cs index 2e743506..6418bd14 100644 --- a/Yi.Abp.Net8/framework/Yi.Framework.SqlSugarCore/SqlSugarDbContext.cs +++ b/Yi.Abp.Net8/framework/Yi.Framework.SqlSugarCore/SqlSugarDbContext.cs @@ -113,9 +113,9 @@ namespace Yi.Framework.SqlSugarCore { sqlSugarClient.QueryFilter.AddTableFilter(u => u.TenantId == GuidGenerator.Create()); } - CustomDataFilter(); + CustomDataFilter(sqlSugarClient); } - protected virtual void CustomDataFilter() + protected virtual void CustomDataFilter(ISqlSugarClient sqlSugarClient) { } diff --git a/Yi.Abp.Net8/module/bbs/Yi.Framework.Bbs.Application/Services/Forum/ArticleService.cs b/Yi.Abp.Net8/module/bbs/Yi.Framework.Bbs.Application/Services/Forum/ArticleService.cs index 80e85a52..34be565a 100644 --- a/Yi.Abp.Net8/module/bbs/Yi.Framework.Bbs.Application/Services/Forum/ArticleService.cs +++ b/Yi.Abp.Net8/module/bbs/Yi.Framework.Bbs.Application/Services/Forum/ArticleService.cs @@ -14,7 +14,6 @@ using Yi.Framework.Bbs.Application.Contracts.Dtos.Article; using Yi.Framework.Bbs.Application.Contracts.Dtos.Plate; using Yi.Framework.Bbs.Application.Contracts.IServices; using Yi.Framework.Bbs.Domain.Entities.Forum; -using Yi.Framework.Bbs.Domain.Extensions; using Yi.Framework.Bbs.Domain.Managers; using Yi.Framework.Bbs.Domain.Repositories; using Yi.Framework.Bbs.Domain.Shared.Consts; @@ -22,6 +21,7 @@ using Yi.Framework.Bbs.Domain.Shared.Model; using Yi.Framework.Core.Extensions; using Yi.Framework.Ddd.Application; using Yi.Framework.Rbac.Domain.Authorization; +using Yi.Framework.Rbac.Domain.Extensions; using Yi.Framework.Rbac.Domain.Shared.Consts; using Yi.Framework.SqlSugarCore.Abstractions; diff --git a/Yi.Abp.Net8/module/bbs/Yi.Framework.Bbs.Application/Services/Forum/CommentService.cs b/Yi.Abp.Net8/module/bbs/Yi.Framework.Bbs.Application/Services/Forum/CommentService.cs index 59418a68..cdcae5e9 100644 --- a/Yi.Abp.Net8/module/bbs/Yi.Framework.Bbs.Application/Services/Forum/CommentService.cs +++ b/Yi.Abp.Net8/module/bbs/Yi.Framework.Bbs.Application/Services/Forum/CommentService.cs @@ -8,11 +8,11 @@ using Yi.Framework.Bbs.Application.Contracts.Dtos.BbsUser; using Yi.Framework.Bbs.Application.Contracts.Dtos.Comment; using Yi.Framework.Bbs.Application.Contracts.IServices; using Yi.Framework.Bbs.Domain.Entities.Forum; -using Yi.Framework.Bbs.Domain.Extensions; using Yi.Framework.Bbs.Domain.Managers; using Yi.Framework.Bbs.Domain.Shared.Consts; using Yi.Framework.Ddd.Application; using Yi.Framework.Rbac.Domain.Authorization; +using Yi.Framework.Rbac.Domain.Extensions; using Yi.Framework.Rbac.Domain.Shared.Consts; using Yi.Framework.SqlSugarCore.Abstractions; diff --git a/Yi.Abp.Net8/module/bbs/Yi.Framework.Bbs.Application/Services/Forum/DiscussService.cs b/Yi.Abp.Net8/module/bbs/Yi.Framework.Bbs.Application/Services/Forum/DiscussService.cs index 7e1337cb..04f7325f 100644 --- a/Yi.Abp.Net8/module/bbs/Yi.Framework.Bbs.Application/Services/Forum/DiscussService.cs +++ b/Yi.Abp.Net8/module/bbs/Yi.Framework.Bbs.Application/Services/Forum/DiscussService.cs @@ -11,7 +11,6 @@ using Yi.Framework.Bbs.Application.Contracts.Dtos.Discuss; using Yi.Framework.Bbs.Application.Contracts.IServices; using Yi.Framework.Bbs.Domain.Entities; using Yi.Framework.Bbs.Domain.Entities.Forum; -using Yi.Framework.Bbs.Domain.Extensions; using Yi.Framework.Bbs.Domain.Managers; using Yi.Framework.Bbs.Domain.Shared.Consts; using Yi.Framework.Bbs.Domain.Shared.Enums; @@ -20,6 +19,7 @@ using Yi.Framework.Ddd.Application; using Yi.Framework.Rbac.Application.Contracts.Dtos.User; using Yi.Framework.Rbac.Domain.Authorization; using Yi.Framework.Rbac.Domain.Entities; +using Yi.Framework.Rbac.Domain.Extensions; using Yi.Framework.Rbac.Domain.Shared.Consts; using Yi.Framework.SqlSugarCore.Abstractions; diff --git a/Yi.Abp.Net8/module/bbs/Yi.Framework.Bbs.Domain/Extensions/CurrestUserExtensions.cs b/Yi.Abp.Net8/module/bbs/Yi.Framework.Bbs.Domain/Extensions/CurrestUserExtensions.cs deleted file mode 100644 index e6b1f7f6..00000000 --- a/Yi.Abp.Net8/module/bbs/Yi.Framework.Bbs.Domain/Extensions/CurrestUserExtensions.cs +++ /dev/null @@ -1,24 +0,0 @@ -using System; -using System.Collections.Generic; -using System.Linq; -using System.Text; -using System.Threading.Tasks; -using Volo.Abp.Users; -using Yi.Framework.Rbac.Domain.Shared.Consts; - -namespace Yi.Framework.Bbs.Domain.Extensions -{ - public static class CurrestUserExtensions - { - /// - /// 获取用户权限codes - /// - /// - /// - public static List GetPermissions(this ICurrentUser currentUser) - { - return currentUser.FindClaims(TokenTypeConst.Permission).Select(x => x.Value).ToList(); - - } - } -} diff --git a/Yi.Abp.Net8/module/rbac/Yi.Framework.Rbac.Domain.Shared/Consts/TokenTypeConst.cs b/Yi.Abp.Net8/module/rbac/Yi.Framework.Rbac.Domain.Shared/Consts/TokenTypeConst.cs index 670c557d..a0d66b3a 100644 --- a/Yi.Abp.Net8/module/rbac/Yi.Framework.Rbac.Domain.Shared/Consts/TokenTypeConst.cs +++ b/Yi.Abp.Net8/module/rbac/Yi.Framework.Rbac.Domain.Shared/Consts/TokenTypeConst.cs @@ -23,5 +23,7 @@ namespace Yi.Framework.Rbac.Domain.Shared.Consts public const string Roles = nameof(Roles); public const string Permission = nameof(Permission); + + public const string RoleInfo=nameof(RoleInfo); } } diff --git a/Yi.Abp.Net8/module/rbac/Yi.Framework.Rbac.Domain.Shared/Model/RoleTokenInfoModel.cs b/Yi.Abp.Net8/module/rbac/Yi.Framework.Rbac.Domain.Shared/Model/RoleTokenInfoModel.cs new file mode 100644 index 00000000..afbb27af --- /dev/null +++ b/Yi.Abp.Net8/module/rbac/Yi.Framework.Rbac.Domain.Shared/Model/RoleTokenInfoModel.cs @@ -0,0 +1,15 @@ +using System; +using System.Collections.Generic; +using System.Linq; +using System.Text; +using System.Threading.Tasks; +using Yi.Framework.Rbac.Domain.Shared.Enums; + +namespace Yi.Framework.Rbac.Domain.Shared.Model +{ + public class RoleTokenInfoModel + { + public Guid Id { get; set; } + public DataScopeEnum DataScope { get; set; } + } +} diff --git a/Yi.Abp.Net8/module/rbac/Yi.Framework.Rbac.Domain/Extensions/CurrestUserExtensions.cs b/Yi.Abp.Net8/module/rbac/Yi.Framework.Rbac.Domain/Extensions/CurrestUserExtensions.cs new file mode 100644 index 00000000..f94caa66 --- /dev/null +++ b/Yi.Abp.Net8/module/rbac/Yi.Framework.Rbac.Domain/Extensions/CurrestUserExtensions.cs @@ -0,0 +1,39 @@ +using Newtonsoft.Json; +using Volo.Abp.Users; +using Yi.Framework.Rbac.Domain.Shared.Consts; +using Yi.Framework.Rbac.Domain.Shared.Model; + +namespace Yi.Framework.Rbac.Domain.Extensions +{ + public static class CurrestUserExtensions + { + /// + /// 获取用户权限codes + /// + /// + /// + public static List GetPermissions(this ICurrentUser currentUser) + { + return currentUser.FindClaims(TokenTypeConst.Permission).Select(x => x.Value).ToList(); + + } + + /// + /// 获取用户权限岗位id + /// + /// + /// + public static Guid? GetDeptId(this ICurrentUser currentUser) + { + var deptIdOrNull = currentUser.FindClaims(TokenTypeConst.DeptId).Select(x => x.Value).FirstOrDefault(); + return deptIdOrNull is null ? null : Guid.Parse(deptIdOrNull); + } + + public static List? GetRoleInfo(this ICurrentUser currentUser) + { + var roleOrNull = currentUser.FindClaims(TokenTypeConst.RoleInfo).Select(x => x.Value).FirstOrDefault(); + return roleOrNull is null ? null : JsonConvert.DeserializeObject>(roleOrNull); + + } + } +} diff --git a/Yi.Abp.Net8/module/rbac/Yi.Framework.Rbac.Domain/Managers/AccountManager.cs b/Yi.Abp.Net8/module/rbac/Yi.Framework.Rbac.Domain/Managers/AccountManager.cs index ddc6f6f8..de820cdd 100644 --- a/Yi.Abp.Net8/module/rbac/Yi.Framework.Rbac.Domain/Managers/AccountManager.cs +++ b/Yi.Abp.Net8/module/rbac/Yi.Framework.Rbac.Domain/Managers/AccountManager.cs @@ -6,6 +6,7 @@ using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Identity; using Microsoft.Extensions.Options; using Microsoft.IdentityModel.Tokens; +using Newtonsoft.Json; using TencentCloud.Tdmq.V20200217.Models; using Volo.Abp; using Volo.Abp.Domain.Entities; @@ -19,6 +20,7 @@ using Yi.Framework.Rbac.Domain.Repositories; using Yi.Framework.Rbac.Domain.Shared.Consts; using Yi.Framework.Rbac.Domain.Shared.Dtos; using Yi.Framework.Rbac.Domain.Shared.Etos; +using Yi.Framework.Rbac.Domain.Shared.Model; using Yi.Framework.Rbac.Domain.Shared.Options; using Yi.Framework.SqlSugarCore.Abstractions; @@ -44,11 +46,11 @@ namespace Yi.Framework.Rbac.Domain.Managers , ISqlSugarRepository roleRepository) { _repository = repository; - _httpContextAccessor= httpContextAccessor; + _httpContextAccessor = httpContextAccessor; _jwtOptions = jwtOptions.Value; - _localEventBus=localEventBus; - _userManager=userManager; - _roleRepository=roleRepository; + _localEventBus = localEventBus; + _userManager = userManager; + _roleRepository = roleRepository; } /// @@ -164,24 +166,28 @@ namespace Yi.Framework.Rbac.Domain.Managers public List> UserInfoToClaim(UserRoleMenuDto dto) { var claims = new List>(); - AddToClaim(claims,AbpClaimTypes.UserId, dto.User.Id.ToString()); - AddToClaim(claims,AbpClaimTypes.UserName, dto.User.UserName); + AddToClaim(claims, AbpClaimTypes.UserId, dto.User.Id.ToString()); + AddToClaim(claims, AbpClaimTypes.UserName, dto.User.UserName); if (dto.User.DeptId is not null) { - AddToClaim(claims,TokenTypeConst.DeptId, dto.User.DeptId.ToString()); + AddToClaim(claims, TokenTypeConst.DeptId, dto.User.DeptId.ToString()); } if (dto.User.Email is not null) { - AddToClaim(claims,AbpClaimTypes.Email, dto.User.Email); + AddToClaim(claims, AbpClaimTypes.Email, dto.User.Email); } if (dto.User.Phone is not null) { - AddToClaim(claims,AbpClaimTypes.PhoneNumber, dto.User.Phone.ToString()); + AddToClaim(claims, AbpClaimTypes.PhoneNumber, dto.User.Phone.ToString()); + } + if (dto.Roles.Count > 0) + { + AddToClaim(claims, TokenTypeConst.RoleInfo, JsonConvert.SerializeObject(dto.Roles.Select(x => new RoleTokenInfoModel { Id = x.Id, DataScope = x.DataScope }))); } if (UserConst.Admin.Equals(dto.User.UserName)) { - AddToClaim(claims,TokenTypeConst.Permission, UserConst.AdminPermissionCode); - AddToClaim(claims,TokenTypeConst.Roles, UserConst.AdminRolesCode); + AddToClaim(claims, TokenTypeConst.Permission, UserConst.AdminPermissionCode); + AddToClaim(claims, TokenTypeConst.Roles, UserConst.AdminRolesCode); } else { @@ -235,7 +241,7 @@ namespace Yi.Framework.Rbac.Domain.Managers } - public async Task RegisterAsync(string userName,string password,long phone) + public async Task RegisterAsync(string userName, string password, long phone) { //输入的用户名与电话号码都不能在数据库中存在 UserEntity user = new(); diff --git a/Yi.Abp.Net8/module/rbac/Yi.Framework.Rbac.SqlSugarCore/YiRbacDbContext.cs b/Yi.Abp.Net8/module/rbac/Yi.Framework.Rbac.SqlSugarCore/YiRbacDbContext.cs index 5c0a8427..a43997b7 100644 --- a/Yi.Abp.Net8/module/rbac/Yi.Framework.Rbac.SqlSugarCore/YiRbacDbContext.cs +++ b/Yi.Abp.Net8/module/rbac/Yi.Framework.Rbac.SqlSugarCore/YiRbacDbContext.cs @@ -1,6 +1,9 @@ -using Microsoft.Extensions.Logging; -using SqlSugar; +using SqlSugar; using Volo.Abp.DependencyInjection; +using Yi.Framework.Rbac.Domain.Entities; +using Yi.Framework.Rbac.Domain.Extensions; +using Yi.Framework.Rbac.Domain.Shared.Consts; +using Yi.Framework.Rbac.Domain.Shared.Enums; using Yi.Framework.SqlSugarCore; namespace Yi.Framework.Rbac.SqlSugarCore @@ -11,9 +14,76 @@ namespace Yi.Framework.Rbac.SqlSugarCore { } - protected override void CustomDataFilter() + protected override void CustomDataFilter(ISqlSugarClient sqlSugarClient) { - base.CustomDataFilter(); + + DataPermissionFilter(sqlSugarClient); + + base.CustomDataFilter(sqlSugarClient); + } + + + /// + /// 数据权限过滤 + /// + protected void DataPermissionFilter(ISqlSugarClient sqlSugarClient) + { + //获取当前用户的信息 + if (CurrentUser.Id == null) return; + //管理员不过滤 + if (CurrentUser.UserName.Equals(UserConst.Admin) || CurrentUser.Roles.Any(f => f.Equals(UserConst.AdminRolesCode))) return; + var expUser = Expressionable.Create(); + var expRole = Expressionable.Create(); + + + var roleInfo = CurrentUser.GetRoleInfo(); + + //如果无岗位,或者无角色,只能看自己的数据 + if (CurrentUser.GetDeptId() is null || roleInfo is null) + { + expUser.Or(it => it.Id == CurrentUser.Id); + expRole.Or(it => roleInfo.Select(x=>x.Id).Contains(it.Id)); + } + else + { + foreach (var role in roleInfo.OrderBy(f => f.DataScope)) + { + var dataScope = role.DataScope; + if (DataScopeEnum.ALL.Equals(dataScope))//所有权限 + { + break; + } + else if (DataScopeEnum.CUSTOM.Equals(dataScope))//自定数据权限 + { + //" OR {}.dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id = {} ) ", deptAlias, role.getRoleId())); + + expUser.Or(it => SqlFunc.Subqueryable().Where(f => f.DeptId == it.DeptId && f.RoleId == role.Id).Any()); + } + else if (DataScopeEnum.DEPT.Equals(dataScope))//本部门数据 + { + expUser.Or(it => it.DeptId == CurrentUser.GetDeptId()); + } + else if (DataScopeEnum.DEPT_FOLLOW.Equals(dataScope))//本部门及以下数据 + { + //SQl OR {}.dept_id IN ( SELECT dept_id FROM sys_dept WHERE dept_id = {} or find_in_set( {} , ancestors ) ) + var allChildDepts = sqlSugarClient.Queryable().ToChildList(it => it.ParentId, CurrentUser.GetDeptId()); + + expUser.Or(it => allChildDepts.Select(f => f.Id).ToList().Contains(it.DeptId??Guid.Empty)); + } + else if (DataScopeEnum.USER.Equals(dataScope))//仅本人数据 + { + expUser.Or(it => it.Id == CurrentUser.Id); + expRole.Or(it => roleInfo.Select(x => x.Id).Contains(it.Id)); + + } + } + + } + + + + sqlSugarClient.QueryFilter.AddTableFilter(expUser.ToExpression()); + sqlSugarClient.QueryFilter.AddTableFilter(expRole.ToExpression()); } protected override void DataExecuted(object oldValue, DataAfterModel entityInfo) @@ -28,7 +98,7 @@ namespace Yi.Framework.Rbac.SqlSugarCore protected override void OnLogExecuting(string sql, SugarParameter[] pars) { - base.OnLogExecuting(sql,pars); + base.OnLogExecuting(sql, pars); } protected override void OnLogExecuted(string sql, SugarParameter[] pars) diff --git a/Yi.Abp.Net8/sample/Acme.BookStore.SqlSugarCore/YiDbContext.cs b/Yi.Abp.Net8/sample/Acme.BookStore.SqlSugarCore/YiDbContext.cs index 10c9265d..e9c0dd7b 100644 --- a/Yi.Abp.Net8/sample/Acme.BookStore.SqlSugarCore/YiDbContext.cs +++ b/Yi.Abp.Net8/sample/Acme.BookStore.SqlSugarCore/YiDbContext.cs @@ -11,9 +11,9 @@ namespace Acme.BookStore.SqlSugarCore { } - protected override void CustomDataFilter() + protected override void CustomDataFilter(ISqlSugarClient sqlSugarClient) { - base.CustomDataFilter(); + base.CustomDataFilter(sqlSugarClient); } diff --git a/Yi.Abp.Net8/src/Yi.Abp.SqlSugarCore/YiDbContext.cs b/Yi.Abp.Net8/src/Yi.Abp.SqlSugarCore/YiDbContext.cs index 35913b5e..b732354c 100644 --- a/Yi.Abp.Net8/src/Yi.Abp.SqlSugarCore/YiDbContext.cs +++ b/Yi.Abp.Net8/src/Yi.Abp.SqlSugarCore/YiDbContext.cs @@ -1,5 +1,4 @@ -using Microsoft.Extensions.Logging; -using SqlSugar; +using SqlSugar; using Volo.Abp.DependencyInjection; using Yi.Framework.Rbac.SqlSugarCore; @@ -11,9 +10,9 @@ namespace Yi.Abp.SqlSugarCore { } - protected override void CustomDataFilter() + protected override void CustomDataFilter(ISqlSugarClient sqlSugarClient) { - base.CustomDataFilter(); + base.CustomDataFilter(sqlSugarClient); } diff --git a/Yi.RuoYi.Vue3/src/views/system/role/index.vue b/Yi.RuoYi.Vue3/src/views/system/role/index.vue index 2e2cd45d..c4d232a1 100644 --- a/Yi.RuoYi.Vue3/src/views/system/role/index.vue +++ b/Yi.RuoYi.Vue3/src/views/system/role/index.vue @@ -74,10 +74,10 @@ - + @@ -149,7 +149,7 @@ - + 展开/折叠 全选/全不选 父子联动