fix #I3RHPD 完成在api中对接口权限进行鉴权

2025-11-08 10:24:44 +08:00 · 2025-03-11 17:34:54 +08:00
parent 18c6fbfaad
commit 2d108586e7
6 changed files with 119 additions and 15 deletions
--- a/OpenAuth.App/Relevance/Request/AssignRoleResources.cs
+++ b/OpenAuth.App/Relevance/Request/AssignRoleResources.cs
@@ -0,0 +1,17 @@
+namespace OpenAuth.App.Request
+{
+    /// <summary>
+    /// 角色分配资源
+    /// </summary>
+    public class AssignRoleResources
+    {
+        /// <summary>
+        /// 角色id
+        /// </summary>
+        public string RoleId { get; set; }
+        /// <summary>
+        /// 资源id列表
+        /// </summary>
+        public string[] ResourceIds { get; set; }
+    }
+}
--- a/OpenAuth.App/Relevance/RevelanceManagerApp.cs
+++ b/OpenAuth.App/Relevance/RevelanceManagerApp.cs
@@ -234,5 +234,28 @@ namespace OpenAuth.App
                UnitWork.Save();
            });
        }
+
+        /// <summary>
+        /// 为角色分配资源，需要统一提交，会删除以前该角色的所有资源
+        /// </summary>
+        /// <param name="request"></param>
+        public void AssignRoleResources(AssignRoleResources request)
+        {
+            UnitWork.ExecuteWithTransaction(() =>
+            {
+                //删除以前的所有资源
+                UnitWork.Delete<Relevance>(u => u.FirstId == request.RoleId && u.Key == Define.ROLERESOURCE);
+                //批量分配角色资源
+                UnitWork.BatchAdd((from firstId in request.ResourceIds
+                    select new Relevance
+                    {
+                        Key = Define.ROLERESOURCE,
+                        FirstId = request.RoleId,
+                        SecondId = firstId,
+                        OperateTime = DateTime.Now
+                    }).ToArray());
+                UnitWork.Save();
+            });
+        }
    }
 }
--- a/OpenAuth.App/Resources/ResourceApp.cs
+++ b/OpenAuth.App/Resources/ResourceApp.cs
@@ -21,7 +21,7 @@ namespace OpenAuth.App
        private RevelanceManagerApp _revelanceApp;
        private ApiService _apiService;

-        private IAuth _auth;
+        private readonly IAuth _auth;

        public ResourceApp(ISqlSugarClient client, IAuth auth, RevelanceManagerApp revelanceApp, ApiService apiService) : base(client, auth)
        {
@@ -155,7 +155,40 @@ namespace OpenAuth.App
                Repository.Insert(resource);
            }
        }
-        
+
+        /// <summary>
+        /// 判断当前登录用户是否拥有访问该API的权限
+        /// <para>如果角色没有做任何分配，则默认拥有权限。这个可以根据实际需要修改。</para>
+        /// </summary>
+        /// <param name="apiPath">API路径</param>
+        /// <returns>true:拥有权限,false:没有权限</returns>
+        public bool CanAccess(string apiPath)
+        {
+            var loginContext = _auth.GetCurrentUser();
+            if (loginContext == null)
+            {
+                throw new CommonException("登录已过期", Define.INVALID_TOKEN);
+            }
+
+            //如果当前登录用户是管理员，则拥有所有权限
+            if(loginContext.User.Account == Define.SYSTEM_USERNAME){
+                return true;
+            }
+
+            var elementIds = _revelanceApp.Get(Define.ROLERESOURCE, true, loginContext.Roles.Select(u => u.Id).ToArray());
+            //如果角色没有做任何分配，则默认拥有权限。这个可以根据实际需要修改。
+            if(elementIds.Count == 0)
+            {
+                return true;
+            }
+            //如果分配了资源，则判断是否拥有权限
+            var resource = Repository.GetFirst(u => u.Name.Contains(apiPath) && u.TypeId == Define.API && elementIds.Contains(u.Id));
+            if(resource == null)
+            {
+                return false;
+            }
+            return true;
+        }
    }

    /// <summary>