diff --git a/modules/EasyAbp.EShop.Products/src/EasyAbp.EShop.Products.Application.Contracts/EasyAbp/EShop/Products/Products/IProductAppService.cs b/modules/EasyAbp.EShop.Products/src/EasyAbp.EShop.Products.Application.Contracts/EasyAbp/EShop/Products/Products/IProductAppService.cs index 4684d477..077bf733 100644 --- a/modules/EasyAbp.EShop.Products/src/EasyAbp.EShop.Products.Application.Contracts/EasyAbp/EShop/Products/Products/IProductAppService.cs +++ b/modules/EasyAbp.EShop.Products/src/EasyAbp.EShop.Products.Application.Contracts/EasyAbp/EShop/Products/Products/IProductAppService.cs @@ -20,6 +20,8 @@ namespace EasyAbp.EShop.Products.Products Task UpdateSkuAsync(Guid productId, Guid productSkuId, Guid storeId, UpdateProductSkuDto input); + Task GetAsync(Guid id, Guid storeId); + Task DeleteSkuAsync(Guid productId, Guid productSkuId, Guid storeId); } } \ No newline at end of file diff --git a/modules/EasyAbp.EShop.Products/src/EasyAbp.EShop.Products.Application/EasyAbp/EShop/Products/Categories/CategoryAppService.cs b/modules/EasyAbp.EShop.Products/src/EasyAbp.EShop.Products.Application/EasyAbp/EShop/Products/Categories/CategoryAppService.cs index da8e5c97..45644a9f 100644 --- a/modules/EasyAbp.EShop.Products/src/EasyAbp.EShop.Products.Application/EasyAbp/EShop/Products/Categories/CategoryAppService.cs +++ b/modules/EasyAbp.EShop.Products/src/EasyAbp.EShop.Products.Application/EasyAbp/EShop/Products/Categories/CategoryAppService.cs @@ -32,14 +32,17 @@ namespace EasyAbp.EShop.Products.Categories return input.ShowHidden ? query : query.Where(x => !x.IsHidden); } - public override Task> GetListAsync(GetCategoryListDto input) + public override async Task> GetListAsync(GetCategoryListDto input) { - if (input.ShowHidden) + // Todo: Check if current user is an admin of the store. + var isCurrentUserStoreAdmin = true; + + if (input.ShowHidden && (!isCurrentUserStoreAdmin || !await AuthorizationService.IsGrantedAsync(ProductsPermissions.Categories.Default))) { - AuthorizationService.CheckAsync(ProductsPermissions.Products.Default); + throw new NotAllowedToGetCategoryListWithShowHiddenException(); } - return base.GetListAsync(input); + return await base.GetListAsync(input); } } } \ No newline at end of file diff --git a/modules/EasyAbp.EShop.Products/src/EasyAbp.EShop.Products.Application/EasyAbp/EShop/Products/Categories/NotAllowedToGetCategoryListWithShowHiddenException.cs b/modules/EasyAbp.EShop.Products/src/EasyAbp.EShop.Products.Application/EasyAbp/EShop/Products/Categories/NotAllowedToGetCategoryListWithShowHiddenException.cs new file mode 100644 index 00000000..780fb99d --- /dev/null +++ b/modules/EasyAbp.EShop.Products/src/EasyAbp.EShop.Products.Application/EasyAbp/EShop/Products/Categories/NotAllowedToGetCategoryListWithShowHiddenException.cs @@ -0,0 +1,12 @@ +using Volo.Abp; + +namespace EasyAbp.EShop.Products.Categories +{ + public class NotAllowedToGetCategoryListWithShowHiddenException : BusinessException + { + public NotAllowedToGetCategoryListWithShowHiddenException() : base( + message: $"You have no permission to get category list with hidden categories.") + { + } + } +} \ No newline at end of file diff --git a/modules/EasyAbp.EShop.Products/src/EasyAbp.EShop.Products.Application/EasyAbp/EShop/Products/Products/NotAllowedToGetProductListWithShowHiddenException.cs b/modules/EasyAbp.EShop.Products/src/EasyAbp.EShop.Products.Application/EasyAbp/EShop/Products/Products/NotAllowedToGetProductListWithShowHiddenException.cs new file mode 100644 index 00000000..44fdb291 --- /dev/null +++ b/modules/EasyAbp.EShop.Products/src/EasyAbp.EShop.Products.Application/EasyAbp/EShop/Products/Products/NotAllowedToGetProductListWithShowHiddenException.cs @@ -0,0 +1,13 @@ +using System; +using Volo.Abp; + +namespace EasyAbp.EShop.Products.Products +{ + public class NotAllowedToGetProductListWithShowHiddenException : BusinessException + { + public NotAllowedToGetProductListWithShowHiddenException() : base( + message: $"You have no permission to get product list with hidden products.") + { + } + } +} \ No newline at end of file diff --git a/modules/EasyAbp.EShop.Products/src/EasyAbp.EShop.Products.Application/EasyAbp/EShop/Products/Products/ProductAppService.cs b/modules/EasyAbp.EShop.Products/src/EasyAbp.EShop.Products.Application/EasyAbp/EShop/Products/Products/ProductAppService.cs index 84332a1b..201ef42e 100644 --- a/modules/EasyAbp.EShop.Products/src/EasyAbp.EShop.Products.Application/EasyAbp/EShop/Products/Products/ProductAppService.cs +++ b/modules/EasyAbp.EShop.Products/src/EasyAbp.EShop.Products.Application/EasyAbp/EShop/Products/Products/ProductAppService.cs @@ -163,29 +163,62 @@ namespace EasyAbp.EShop.Products.Products } [RemoteService(false)] - public override async Task DeleteAsync(Guid id) + public override Task DeleteAsync(Guid id) { throw new NotImplementedException(); } - public override async Task GetAsync(Guid id) + [RemoteService(false)] + public override Task GetAsync(Guid id) + { + throw new NotImplementedException(); + } + + public virtual async Task GetAsync(Guid id, Guid storeId) { var dto = await base.GetAsync(id); + if (!dto.IsPublished) + { + await CheckStoreIsProductOwnerAsync(id, storeId); + } + dto.CategoryIds = (await _productCategoryRepository.GetListByProductIdAsync(dto.Id)) .Select(x => x.CategoryId).ToList(); return dto; } - public override Task> GetListAsync(GetProductListDto input) + public override async Task> GetListAsync(GetProductListDto input) { - if (input.ShowHidden) + await CheckGetListPolicyAsync(); + + // Todo: Check if current user is an admin of the store. + var isCurrentUserStoreAdmin = true; + + if (input.ShowHidden && (!isCurrentUserStoreAdmin || !await AuthorizationService.IsGrantedAsync(ProductsPermissions.Products.Default))) { - AuthorizationService.CheckAsync(ProductsPermissions.Products.Default); + throw new NotAllowedToGetProductListWithShowHiddenException(); } + + var query = CreateFilteredQuery(input); - return base.GetListAsync(input); + if (!isCurrentUserStoreAdmin) + { + query = query.Where(x => x.IsPublished); + } + + var totalCount = await AsyncQueryableExecuter.CountAsync(query); + + query = ApplySorting(query, input); + query = ApplyPaging(query, input); + + var entities = await AsyncQueryableExecuter.ToListAsync(query); + + return new PagedResultDto( + totalCount, + entities.Select(MapToGetListOutputDto).ToList() + ); } public async Task DeleteAsync(Guid id, Guid storeId) diff --git a/modules/EasyAbp.EShop.Products/src/EasyAbp.EShop.Products.Web/Pages/EShop/Products/Products/Product/EditModal.cshtml.cs b/modules/EasyAbp.EShop.Products/src/EasyAbp.EShop.Products.Web/Pages/EShop/Products/Products/Product/EditModal.cshtml.cs index 554be307..6244d478 100644 --- a/modules/EasyAbp.EShop.Products/src/EasyAbp.EShop.Products.Web/Pages/EShop/Products/Products/Product/EditModal.cshtml.cs +++ b/modules/EasyAbp.EShop.Products/src/EasyAbp.EShop.Products.Web/Pages/EShop/Products/Products/Product/EditModal.cshtml.cs @@ -58,7 +58,7 @@ namespace EasyAbp.EShop.Products.Web.Pages.EShop.Products.Products.Product {MaxResultCount = LimitedResultRequestDto.MaxMaxResultCount}))?.Items .Select(dto => new SelectListItem(dto.DisplayName, dto.Id.ToString())).ToList(); - var productDto = await _service.GetAsync(Id); + var productDto = await _service.GetAsync(Id, storeId); var detailDto = await _productDetailAppService.GetAsync(productDto.ProductDetailId); @@ -75,7 +75,7 @@ namespace EasyAbp.EShop.Products.Web.Pages.EShop.Products.Products.Product public virtual async Task OnPostAsync() { - var product = await _service.GetAsync(Id); + var product = await _service.GetAsync(Id, Product.StoreId); var detail = await _productDetailAppService.GetAsync(product.ProductDetailId); diff --git a/modules/EasyAbp.EShop.Products/src/EasyAbp.EShop.Products.Web/Pages/EShop/Products/Products/ProductSku/CreateModal.cshtml.cs b/modules/EasyAbp.EShop.Products/src/EasyAbp.EShop.Products.Web/Pages/EShop/Products/Products/ProductSku/CreateModal.cshtml.cs index 418bcee7..629998b4 100644 --- a/modules/EasyAbp.EShop.Products/src/EasyAbp.EShop.Products.Web/Pages/EShop/Products/Products/ProductSku/CreateModal.cshtml.cs +++ b/modules/EasyAbp.EShop.Products/src/EasyAbp.EShop.Products.Web/Pages/EShop/Products/Products/ProductSku/CreateModal.cshtml.cs @@ -44,7 +44,7 @@ namespace EasyAbp.EShop.Products.Web.Pages.EShop.Products.Products.ProductSku public virtual async Task OnGetAsync() { - var product = await _productAppService.GetAsync(ProductId); + var product = await _productAppService.GetAsync(ProductId, StoreId); Attributes = new Dictionary>(); diff --git a/modules/EasyAbp.EShop.Products/src/EasyAbp.EShop.Products.Web/Pages/EShop/Products/Products/ProductSku/EditModal.cshtml.cs b/modules/EasyAbp.EShop.Products/src/EasyAbp.EShop.Products.Web/Pages/EShop/Products/Products/ProductSku/EditModal.cshtml.cs index cae688b3..442f7c08 100644 --- a/modules/EasyAbp.EShop.Products/src/EasyAbp.EShop.Products.Web/Pages/EShop/Products/Products/ProductSku/EditModal.cshtml.cs +++ b/modules/EasyAbp.EShop.Products/src/EasyAbp.EShop.Products.Web/Pages/EShop/Products/Products/ProductSku/EditModal.cshtml.cs @@ -36,7 +36,7 @@ namespace EasyAbp.EShop.Products.Web.Pages.EShop.Products.Products.ProductSku public virtual async Task OnGetAsync() { - var product = await _productAppService.GetAsync(ProductId); + var product = await _productAppService.GetAsync(ProductId, StoreId); ProductSku = ObjectMapper.Map( diff --git a/modules/EasyAbp.EShop.Products/src/EasyAbp.EShop.Products.Web/Pages/EShop/Products/Products/ProductSku/Index.cshtml.cs b/modules/EasyAbp.EShop.Products/src/EasyAbp.EShop.Products.Web/Pages/EShop/Products/Products/ProductSku/Index.cshtml.cs index da070df5..a821f448 100644 --- a/modules/EasyAbp.EShop.Products/src/EasyAbp.EShop.Products.Web/Pages/EShop/Products/Products/ProductSku/Index.cshtml.cs +++ b/modules/EasyAbp.EShop.Products/src/EasyAbp.EShop.Products.Web/Pages/EShop/Products/Products/ProductSku/Index.cshtml.cs @@ -25,7 +25,7 @@ namespace EasyAbp.EShop.Products.Web.Pages.EShop.Products.Products.ProductSku public virtual async Task OnGetAsync() { - ProductDisplayName = (await _productAppService.GetAsync(ProductId)).DisplayName; + ProductDisplayName = (await _productAppService.GetAsync(ProductId, StoreId)).DisplayName; } } }