feat: 添加数据权限过滤
This commit is contained in:
陈淳
@@ -113,9 +113,9 @@ namespace Yi.Framework.SqlSugarCore
|
||||
{
|
||||
sqlSugarClient.QueryFilter.AddTableFilter<IMultiTenant>(u => u.TenantId == GuidGenerator.Create());
|
||||
}
|
||||
CustomDataFilter();
|
||||
CustomDataFilter(sqlSugarClient);
|
||||
}
|
||||
protected virtual void CustomDataFilter()
|
||||
protected virtual void CustomDataFilter(ISqlSugarClient sqlSugarClient)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
@@ -14,7 +14,6 @@ using Yi.Framework.Bbs.Application.Contracts.Dtos.Article;
|
||||
using Yi.Framework.Bbs.Application.Contracts.Dtos.Plate;
|
||||
using Yi.Framework.Bbs.Application.Contracts.IServices;
|
||||
using Yi.Framework.Bbs.Domain.Entities.Forum;
|
||||
using Yi.Framework.Bbs.Domain.Extensions;
|
||||
using Yi.Framework.Bbs.Domain.Managers;
|
||||
using Yi.Framework.Bbs.Domain.Repositories;
|
||||
using Yi.Framework.Bbs.Domain.Shared.Consts;
|
||||
@@ -22,6 +21,7 @@ using Yi.Framework.Bbs.Domain.Shared.Model;
|
||||
using Yi.Framework.Core.Extensions;
|
||||
using Yi.Framework.Ddd.Application;
|
||||
using Yi.Framework.Rbac.Domain.Authorization;
|
||||
using Yi.Framework.Rbac.Domain.Extensions;
|
||||
using Yi.Framework.Rbac.Domain.Shared.Consts;
|
||||
using Yi.Framework.SqlSugarCore.Abstractions;
|
||||
|
||||
|
||||
@@ -8,11 +8,11 @@ using Yi.Framework.Bbs.Application.Contracts.Dtos.BbsUser;
|
||||
using Yi.Framework.Bbs.Application.Contracts.Dtos.Comment;
|
||||
using Yi.Framework.Bbs.Application.Contracts.IServices;
|
||||
using Yi.Framework.Bbs.Domain.Entities.Forum;
|
||||
using Yi.Framework.Bbs.Domain.Extensions;
|
||||
using Yi.Framework.Bbs.Domain.Managers;
|
||||
using Yi.Framework.Bbs.Domain.Shared.Consts;
|
||||
using Yi.Framework.Ddd.Application;
|
||||
using Yi.Framework.Rbac.Domain.Authorization;
|
||||
using Yi.Framework.Rbac.Domain.Extensions;
|
||||
using Yi.Framework.Rbac.Domain.Shared.Consts;
|
||||
using Yi.Framework.SqlSugarCore.Abstractions;
|
||||
|
||||
|
||||
@@ -11,7 +11,6 @@ using Yi.Framework.Bbs.Application.Contracts.Dtos.Discuss;
|
||||
using Yi.Framework.Bbs.Application.Contracts.IServices;
|
||||
using Yi.Framework.Bbs.Domain.Entities;
|
||||
using Yi.Framework.Bbs.Domain.Entities.Forum;
|
||||
using Yi.Framework.Bbs.Domain.Extensions;
|
||||
using Yi.Framework.Bbs.Domain.Managers;
|
||||
using Yi.Framework.Bbs.Domain.Shared.Consts;
|
||||
using Yi.Framework.Bbs.Domain.Shared.Enums;
|
||||
@@ -20,6 +19,7 @@ using Yi.Framework.Ddd.Application;
|
||||
using Yi.Framework.Rbac.Application.Contracts.Dtos.User;
|
||||
using Yi.Framework.Rbac.Domain.Authorization;
|
||||
using Yi.Framework.Rbac.Domain.Entities;
|
||||
using Yi.Framework.Rbac.Domain.Extensions;
|
||||
using Yi.Framework.Rbac.Domain.Shared.Consts;
|
||||
using Yi.Framework.SqlSugarCore.Abstractions;
|
||||
|
||||
|
||||
@@ -1,24 +0,0 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Text;
|
||||
using System.Threading.Tasks;
|
||||
using Volo.Abp.Users;
|
||||
using Yi.Framework.Rbac.Domain.Shared.Consts;
|
||||
|
||||
namespace Yi.Framework.Bbs.Domain.Extensions
|
||||
{
|
||||
public static class CurrestUserExtensions
|
||||
{
|
||||
/// <summary>
|
||||
/// 获取用户权限codes
|
||||
/// </summary>
|
||||
/// <param name="currentUser"></param>
|
||||
/// <returns></returns>
|
||||
public static List<string> GetPermissions(this ICurrentUser currentUser)
|
||||
{
|
||||
return currentUser.FindClaims(TokenTypeConst.Permission).Select(x => x.Value).ToList();
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -23,5 +23,7 @@ namespace Yi.Framework.Rbac.Domain.Shared.Consts
|
||||
public const string Roles = nameof(Roles);
|
||||
|
||||
public const string Permission = nameof(Permission);
|
||||
|
||||
public const string RoleInfo=nameof(RoleInfo);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,15 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Text;
|
||||
using System.Threading.Tasks;
|
||||
using Yi.Framework.Rbac.Domain.Shared.Enums;
|
||||
|
||||
namespace Yi.Framework.Rbac.Domain.Shared.Model
|
||||
{
|
||||
public class RoleTokenInfoModel
|
||||
{
|
||||
public Guid Id { get; set; }
|
||||
public DataScopeEnum DataScope { get; set; }
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,39 @@
|
||||
using Newtonsoft.Json;
|
||||
using Volo.Abp.Users;
|
||||
using Yi.Framework.Rbac.Domain.Shared.Consts;
|
||||
using Yi.Framework.Rbac.Domain.Shared.Model;
|
||||
|
||||
namespace Yi.Framework.Rbac.Domain.Extensions
|
||||
{
|
||||
public static class CurrestUserExtensions
|
||||
{
|
||||
/// <summary>
|
||||
/// 获取用户权限codes
|
||||
/// </summary>
|
||||
/// <param name="currentUser"></param>
|
||||
/// <returns></returns>
|
||||
public static List<string> GetPermissions(this ICurrentUser currentUser)
|
||||
{
|
||||
return currentUser.FindClaims(TokenTypeConst.Permission).Select(x => x.Value).ToList();
|
||||
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// 获取用户权限岗位id
|
||||
/// </summary>
|
||||
/// <param name="currentUser"></param>
|
||||
/// <returns></returns>
|
||||
public static Guid? GetDeptId(this ICurrentUser currentUser)
|
||||
{
|
||||
var deptIdOrNull = currentUser.FindClaims(TokenTypeConst.DeptId).Select(x => x.Value).FirstOrDefault();
|
||||
return deptIdOrNull is null ? null : Guid.Parse(deptIdOrNull);
|
||||
}
|
||||
|
||||
public static List<RoleTokenInfoModel>? GetRoleInfo(this ICurrentUser currentUser)
|
||||
{
|
||||
var roleOrNull = currentUser.FindClaims(TokenTypeConst.RoleInfo).Select(x => x.Value).FirstOrDefault();
|
||||
return roleOrNull is null ? null : JsonConvert.DeserializeObject<List<RoleTokenInfoModel>>(roleOrNull);
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -6,6 +6,7 @@ using Microsoft.AspNetCore.Http;
|
||||
using Microsoft.AspNetCore.Identity;
|
||||
using Microsoft.Extensions.Options;
|
||||
using Microsoft.IdentityModel.Tokens;
|
||||
using Newtonsoft.Json;
|
||||
using TencentCloud.Tdmq.V20200217.Models;
|
||||
using Volo.Abp;
|
||||
using Volo.Abp.Domain.Entities;
|
||||
@@ -19,6 +20,7 @@ using Yi.Framework.Rbac.Domain.Repositories;
|
||||
using Yi.Framework.Rbac.Domain.Shared.Consts;
|
||||
using Yi.Framework.Rbac.Domain.Shared.Dtos;
|
||||
using Yi.Framework.Rbac.Domain.Shared.Etos;
|
||||
using Yi.Framework.Rbac.Domain.Shared.Model;
|
||||
using Yi.Framework.Rbac.Domain.Shared.Options;
|
||||
using Yi.Framework.SqlSugarCore.Abstractions;
|
||||
|
||||
@@ -44,11 +46,11 @@ namespace Yi.Framework.Rbac.Domain.Managers
|
||||
, ISqlSugarRepository<RoleEntity> roleRepository)
|
||||
{
|
||||
_repository = repository;
|
||||
_httpContextAccessor= httpContextAccessor;
|
||||
_httpContextAccessor = httpContextAccessor;
|
||||
_jwtOptions = jwtOptions.Value;
|
||||
_localEventBus=localEventBus;
|
||||
_userManager=userManager;
|
||||
_roleRepository=roleRepository;
|
||||
_localEventBus = localEventBus;
|
||||
_userManager = userManager;
|
||||
_roleRepository = roleRepository;
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
@@ -164,24 +166,28 @@ namespace Yi.Framework.Rbac.Domain.Managers
|
||||
public List<KeyValuePair<string, string>> UserInfoToClaim(UserRoleMenuDto dto)
|
||||
{
|
||||
var claims = new List<KeyValuePair<string, string>>();
|
||||
AddToClaim(claims,AbpClaimTypes.UserId, dto.User.Id.ToString());
|
||||
AddToClaim(claims,AbpClaimTypes.UserName, dto.User.UserName);
|
||||
AddToClaim(claims, AbpClaimTypes.UserId, dto.User.Id.ToString());
|
||||
AddToClaim(claims, AbpClaimTypes.UserName, dto.User.UserName);
|
||||
if (dto.User.DeptId is not null)
|
||||
{
|
||||
AddToClaim(claims,TokenTypeConst.DeptId, dto.User.DeptId.ToString());
|
||||
AddToClaim(claims, TokenTypeConst.DeptId, dto.User.DeptId.ToString());
|
||||
}
|
||||
if (dto.User.Email is not null)
|
||||
{
|
||||
AddToClaim(claims,AbpClaimTypes.Email, dto.User.Email);
|
||||
AddToClaim(claims, AbpClaimTypes.Email, dto.User.Email);
|
||||
}
|
||||
if (dto.User.Phone is not null)
|
||||
{
|
||||
AddToClaim(claims,AbpClaimTypes.PhoneNumber, dto.User.Phone.ToString());
|
||||
AddToClaim(claims, AbpClaimTypes.PhoneNumber, dto.User.Phone.ToString());
|
||||
}
|
||||
if (dto.Roles.Count > 0)
|
||||
{
|
||||
AddToClaim(claims, TokenTypeConst.RoleInfo, JsonConvert.SerializeObject(dto.Roles.Select(x => new RoleTokenInfoModel { Id = x.Id, DataScope = x.DataScope })));
|
||||
}
|
||||
if (UserConst.Admin.Equals(dto.User.UserName))
|
||||
{
|
||||
AddToClaim(claims,TokenTypeConst.Permission, UserConst.AdminPermissionCode);
|
||||
AddToClaim(claims,TokenTypeConst.Roles, UserConst.AdminRolesCode);
|
||||
AddToClaim(claims, TokenTypeConst.Permission, UserConst.AdminPermissionCode);
|
||||
AddToClaim(claims, TokenTypeConst.Roles, UserConst.AdminRolesCode);
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -235,7 +241,7 @@ namespace Yi.Framework.Rbac.Domain.Managers
|
||||
}
|
||||
|
||||
|
||||
public async Task RegisterAsync(string userName,string password,long phone)
|
||||
public async Task RegisterAsync(string userName, string password, long phone)
|
||||
{
|
||||
//输入的用户名与电话号码都不能在数据库中存在
|
||||
UserEntity user = new();
|
||||
|
||||
@@ -1,6 +1,9 @@
|
||||
using Microsoft.Extensions.Logging;
|
||||
using SqlSugar;
|
||||
using SqlSugar;
|
||||
using Volo.Abp.DependencyInjection;
|
||||
using Yi.Framework.Rbac.Domain.Entities;
|
||||
using Yi.Framework.Rbac.Domain.Extensions;
|
||||
using Yi.Framework.Rbac.Domain.Shared.Consts;
|
||||
using Yi.Framework.Rbac.Domain.Shared.Enums;
|
||||
using Yi.Framework.SqlSugarCore;
|
||||
|
||||
namespace Yi.Framework.Rbac.SqlSugarCore
|
||||
@@ -11,9 +14,76 @@ namespace Yi.Framework.Rbac.SqlSugarCore
|
||||
{
|
||||
}
|
||||
|
||||
protected override void CustomDataFilter()
|
||||
protected override void CustomDataFilter(ISqlSugarClient sqlSugarClient)
|
||||
{
|
||||
base.CustomDataFilter();
|
||||
|
||||
DataPermissionFilter(sqlSugarClient);
|
||||
|
||||
base.CustomDataFilter(sqlSugarClient);
|
||||
}
|
||||
|
||||
|
||||
/// <summary>
|
||||
/// 数据权限过滤
|
||||
/// </summary>
|
||||
protected void DataPermissionFilter(ISqlSugarClient sqlSugarClient)
|
||||
{
|
||||
//获取当前用户的信息
|
||||
if (CurrentUser.Id == null) return;
|
||||
//管理员不过滤
|
||||
if (CurrentUser.UserName.Equals(UserConst.Admin) || CurrentUser.Roles.Any(f => f.Equals(UserConst.AdminRolesCode))) return;
|
||||
var expUser = Expressionable.Create<UserEntity>();
|
||||
var expRole = Expressionable.Create<RoleEntity>();
|
||||
|
||||
|
||||
var roleInfo = CurrentUser.GetRoleInfo();
|
||||
|
||||
//如果无岗位,或者无角色,只能看自己的数据
|
||||
if (CurrentUser.GetDeptId() is null || roleInfo is null)
|
||||
{
|
||||
expUser.Or(it => it.Id == CurrentUser.Id);
|
||||
expRole.Or(it => roleInfo.Select(x=>x.Id).Contains(it.Id));
|
||||
}
|
||||
else
|
||||
{
|
||||
foreach (var role in roleInfo.OrderBy(f => f.DataScope))
|
||||
{
|
||||
var dataScope = role.DataScope;
|
||||
if (DataScopeEnum.ALL.Equals(dataScope))//所有权限
|
||||
{
|
||||
break;
|
||||
}
|
||||
else if (DataScopeEnum.CUSTOM.Equals(dataScope))//自定数据权限
|
||||
{
|
||||
//" OR {}.dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id = {} ) ", deptAlias, role.getRoleId()));
|
||||
|
||||
expUser.Or(it => SqlFunc.Subqueryable<RoleDeptEntity>().Where(f => f.DeptId == it.DeptId && f.RoleId == role.Id).Any());
|
||||
}
|
||||
else if (DataScopeEnum.DEPT.Equals(dataScope))//本部门数据
|
||||
{
|
||||
expUser.Or(it => it.DeptId == CurrentUser.GetDeptId());
|
||||
}
|
||||
else if (DataScopeEnum.DEPT_FOLLOW.Equals(dataScope))//本部门及以下数据
|
||||
{
|
||||
//SQl OR {}.dept_id IN ( SELECT dept_id FROM sys_dept WHERE dept_id = {} or find_in_set( {} , ancestors ) )
|
||||
var allChildDepts = sqlSugarClient.Queryable<DeptEntity>().ToChildList(it => it.ParentId, CurrentUser.GetDeptId());
|
||||
|
||||
expUser.Or(it => allChildDepts.Select(f => f.Id).ToList().Contains(it.DeptId??Guid.Empty));
|
||||
}
|
||||
else if (DataScopeEnum.USER.Equals(dataScope))//仅本人数据
|
||||
{
|
||||
expUser.Or(it => it.Id == CurrentUser.Id);
|
||||
expRole.Or(it => roleInfo.Select(x => x.Id).Contains(it.Id));
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
sqlSugarClient.QueryFilter.AddTableFilter(expUser.ToExpression());
|
||||
sqlSugarClient.QueryFilter.AddTableFilter(expRole.ToExpression());
|
||||
}
|
||||
|
||||
protected override void DataExecuted(object oldValue, DataAfterModel entityInfo)
|
||||
@@ -28,7 +98,7 @@ namespace Yi.Framework.Rbac.SqlSugarCore
|
||||
|
||||
protected override void OnLogExecuting(string sql, SugarParameter[] pars)
|
||||
{
|
||||
base.OnLogExecuting(sql,pars);
|
||||
base.OnLogExecuting(sql, pars);
|
||||
}
|
||||
|
||||
protected override void OnLogExecuted(string sql, SugarParameter[] pars)
|
||||
|
||||
@@ -11,9 +11,9 @@ namespace Acme.BookStore.SqlSugarCore
|
||||
{
|
||||
}
|
||||
|
||||
protected override void CustomDataFilter()
|
||||
protected override void CustomDataFilter(ISqlSugarClient sqlSugarClient)
|
||||
{
|
||||
base.CustomDataFilter();
|
||||
base.CustomDataFilter(sqlSugarClient);
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
using Microsoft.Extensions.Logging;
|
||||
using SqlSugar;
|
||||
using SqlSugar;
|
||||
using Volo.Abp.DependencyInjection;
|
||||
using Yi.Framework.Rbac.SqlSugarCore;
|
||||
|
||||
@@ -11,9 +10,9 @@ namespace Yi.Abp.SqlSugarCore
|
||||
{
|
||||
}
|
||||
|
||||
protected override void CustomDataFilter()
|
||||
protected override void CustomDataFilter(ISqlSugarClient sqlSugarClient)
|
||||
{
|
||||
base.CustomDataFilter();
|
||||
base.CustomDataFilter(sqlSugarClient);
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -74,10 +74,10 @@
|
||||
<el-button type="text" icon="CircleCheck" @click="handleDataScope(scope.row)"
|
||||
v-hasPermi="['system:role:edit']"></el-button>
|
||||
</el-tooltip>
|
||||
<el-tooltip content="分配用户" placement="top" v-if="scope.row.roleId !== 1">
|
||||
<!-- <el-tooltip content="分配用户" placement="top" v-if="scope.row.roleId !== 1">
|
||||
<el-button type="text" icon="User" @click="handleAuthUser(scope.row)" v-hasPermi="['system:role:edit']">
|
||||
</el-button>
|
||||
</el-tooltip>
|
||||
</el-tooltip> -->
|
||||
</template>
|
||||
</el-table-column>
|
||||
</el-table>
|
||||
@@ -149,7 +149,7 @@
|
||||
</el-option>
|
||||
</el-select>
|
||||
</el-form-item>
|
||||
<el-form-item label="数据权限" v-show="form.dataScope == 1">
|
||||
<el-form-item label="数据权限" v-show="form.dataScope == 'CUSTOM'">
|
||||
<el-checkbox v-model="deptExpand" @change="handleCheckedTreeExpand($event, 'dept')">展开/折叠</el-checkbox>
|
||||
<el-checkbox v-model="deptNodeAll" @change="handleCheckedTreeNodeAll($event, 'dept')">全选/全不选</el-checkbox>
|
||||
<el-checkbox v-model="form.deptCheckStrictly" @change="handleCheckedTreeConnect($event, 'dept')">父子联动
|
||||
|
||||
Reference in New Issue
Block a user