fix #I3RHPD 完成在api中对接口权限进行鉴权

2025-09-19 01:58:01 +08:00 · 2025-03-11 17:34:54 +08:00
parent 18c6fbfaad
commit 2d108586e7
6 changed files with 119 additions and 15 deletions
--- a/OpenAuth.WebApi/Controllers/AccessObjsController.cs
+++ b/OpenAuth.WebApi/Controllers/AccessObjsController.cs
@@ -133,6 +133,26 @@ namespace OpenAuth.WebApi.Controllers

            return result;
        }
+
+         /// <summary>
+        /// 角色分配资源，整体提交，会覆盖之前的配置
+        /// </summary>
+        [HttpPost]
+        public Response AssignRoleResources([FromBody] AssignRoleResources request)
+        {
+            var result = new Response();
+            try
+            {
+                _app.AssignRoleResources(request);
+            }
+            catch (Exception ex)
+            {
+                result.Code = 500;
+                result.Message = ex.InnerException?.Message ?? ex.Message;
+            }
+
+            return result;
+        }
        
        /// <summary>
        /// 部门分配用户，整体提交，会覆盖之前的配置
--- a/OpenAuth.WebApi/Model/OpenAuthFilter.cs
+++ b/OpenAuth.WebApi/Model/OpenAuthFilter.cs
@@ -14,10 +14,13 @@ namespace OpenAuth.WebApi.Model
        private readonly IAuth _authUtil;
        private readonly SysLogApp _logApp;

-        public OpenAuthFilter(IAuth authUtil, SysLogApp logApp)
+        private readonly ResourceApp _resourceApp;
+
+        public OpenAuthFilter(IAuth authUtil, SysLogApp logApp, ResourceApp resourceApp)
        {
            _authUtil = authUtil;
            _logApp = logApp;
+            _resourceApp = resourceApp;
        }

        public void OnActionExecuting(ActionExecutingContext context)
@@ -28,9 +31,9 @@ namespace OpenAuth.WebApi.Model
            var Controllername = description.ControllerName.ToLower();
            var Actionname = description.ActionName.ToLower();

-            //匿名标识
-            var authorize = description.MethodInfo.GetCustomAttribute(typeof(AllowAnonymousAttribute));
-            if (authorize != null)
+            //匿名访问的不需要验证
+            var allowAnonymous = description.MethodInfo.GetCustomAttribute(typeof(AllowAnonymousAttribute));
+            if (allowAnonymous != null)
            {
                return;
            }
@@ -41,14 +44,29 @@ namespace OpenAuth.WebApi.Model
                context.Result = new JsonResult(new Response
                {
                    Code = 401,
-                    Message = "认证失败，请提供认证信息"
+                    Message = "登录已过期，请重新登录"
                });
                return;
            }
+
+            var apiPath = $"{Controllername}/{Actionname}";
+            //判断登录角色是否拥有访问该URL的权限
+            var resource = _resourceApp.CanAccess(apiPath);
+            if(!resource)
+            {
+                context.Result = new JsonResult(new Response
+                {
+                    Code = 500,
+                    Message = $"当前用户没有访问{apiPath}的权限,请在【角色管理】中分配资源"
+                });
+                return;
+            }
+
+
            _logApp.Add(new SysLog
            {
                Content = $"用户访问",
-                Href = $"{Controllername}/{Actionname}",
+                Href = apiPath,
                CreateName = _authUtil.GetUserName(),
                CreateId = _authUtil.GetCurrentUser().User.Id,
                TypeName = "访问日志"