diff --git a/aspnet-core/modules/identity/LINGYUN.Abp.Identity.Application.Contracts/LINGYUN/Abp/Identity/IdentityPermissions.cs b/aspnet-core/modules/identity/LINGYUN.Abp.Identity.Application.Contracts/LINGYUN/Abp/Identity/IdentityPermissions.cs index 9c4ea91cd..c7d34cf8d 100644 --- a/aspnet-core/modules/identity/LINGYUN.Abp.Identity.Application.Contracts/LINGYUN/Abp/Identity/IdentityPermissions.cs +++ b/aspnet-core/modules/identity/LINGYUN.Abp.Identity.Application.Contracts/LINGYUN/Abp/Identity/IdentityPermissions.cs @@ -1,44 +1,44 @@ -using Volo.Abp.Reflection; - -namespace LINGYUN.Abp.Identity -{ - public class IdentityPermissions - { - public static class Roles - { - public const string ManageClaims = Volo.Abp.Identity.IdentityPermissions.Roles.Default + ".ManageClaims"; - public const string ManageOrganizationUnits = Volo.Abp.Identity.IdentityPermissions.Roles.Default + ".ManageOrganizationUnits"; - } - - public static class Users - { - public const string ResetPassword = Volo.Abp.Identity.IdentityPermissions.Users.Default + ".ResetPassword"; - public const string ManageClaims = Volo.Abp.Identity.IdentityPermissions.Users.Default + ".ManageClaims"; - public const string ManageOrganizationUnits = Volo.Abp.Identity.IdentityPermissions.Users.Default + ".ManageOrganizationUnits"; - } - - public static class OrganizationUnits - { - public const string Default = Volo.Abp.Identity.IdentityPermissions.GroupName + ".OrganizationUnits"; - public const string Create = Default + ".Create"; - public const string Update = Default + ".Update"; - public const string Delete = Default + ".Delete"; - public const string ManageUsers = Default + ".ManageUsers"; +using Volo.Abp.Reflection; + +namespace LINGYUN.Abp.Identity +{ + public class IdentityPermissions + { + public static class Roles + { + public const string ManageClaims = Volo.Abp.Identity.IdentityPermissions.Roles.Default + ".ManageClaims"; + public const string ManageOrganizationUnits = Volo.Abp.Identity.IdentityPermissions.Roles.Default + ".ManageOrganizationUnits"; + } + + public static class Users + { + public const string ResetPassword = Volo.Abp.Identity.IdentityPermissions.Users.Default + ".ResetPassword"; + public const string ManageClaims = Volo.Abp.Identity.IdentityPermissions.Users.Default + ".ManageClaims"; + public const string ManageOrganizationUnits = Volo.Abp.Identity.IdentityPermissions.Users.Default + ".ManageOrganizationUnits"; + } + + public static class OrganizationUnits + { + public const string Default = Volo.Abp.Identity.IdentityPermissions.GroupName + ".OrganizationUnits"; + public const string Create = Default + ".Create"; + public const string Update = Default + ".Update"; + public const string Delete = Default + ".Delete"; + public const string ManageUsers = Default + ".ManageUsers"; public const string ManageRoles = Default + ".ManageRoles"; - public const string ManagePermissions = Default + ".ManagePermissions"; - } - - public static class IdentityClaimType - { - public const string Default = Volo.Abp.Identity.IdentityPermissions.GroupName + ".IdentityClaimTypes"; - public const string Create = Default + ".Create"; - public const string Update = Default + ".Update"; - public const string Delete = Default + ".Delete"; - } - - public static string[] GetAll() - { - return ReflectionHelper.GetPublicConstantsRecursively(typeof(IdentityPermissions)); - } - } -} + public const string ManagePermissions = Default + ".ManagePermissions"; + } + + public static class IdentityClaimType + { + public const string Default = Volo.Abp.Identity.IdentityPermissions.GroupName + ".IdentityClaimTypes"; + public const string Create = Default + ".Create"; + public const string Update = Default + ".Update"; + public const string Delete = Default + ".Delete"; + } + + public static string[] GetAll() + { + return ReflectionHelper.GetPublicConstantsRecursively(typeof(IdentityPermissions)); + } + } +} diff --git a/aspnet-core/modules/permissions-management/LINGYUN.Abp.PermissionManagement.Domain.OrganizationUnits/LINGYUN/Abp/PermissionManagement/OrganizationUnits/AbpPermissionManagementDomainOrganizationUnitsModule.cs b/aspnet-core/modules/permissions-management/LINGYUN.Abp.PermissionManagement.Domain.OrganizationUnits/LINGYUN/Abp/PermissionManagement/OrganizationUnits/AbpPermissionManagementDomainOrganizationUnitsModule.cs index cf57e6907..2ba95c1f8 100644 --- a/aspnet-core/modules/permissions-management/LINGYUN.Abp.PermissionManagement.Domain.OrganizationUnits/LINGYUN/Abp/PermissionManagement/OrganizationUnits/AbpPermissionManagementDomainOrganizationUnitsModule.cs +++ b/aspnet-core/modules/permissions-management/LINGYUN.Abp.PermissionManagement.Domain.OrganizationUnits/LINGYUN/Abp/PermissionManagement/OrganizationUnits/AbpPermissionManagementDomainOrganizationUnitsModule.cs @@ -1,25 +1,25 @@ using LINGYUN.Abp.Authorization.OrganizationUnits; using LINGYUN.Abp.Authorization.Permissions; using LINGYUN.Abp.Identity; -using Volo.Abp.Modularity; +using Volo.Abp.Modularity; using Volo.Abp.PermissionManagement; -namespace LINGYUN.Abp.PermissionManagement.OrganizationUnits; - -[DependsOn( - typeof(AbpIdentityDomainModule), - typeof(AbpPermissionManagementDomainModule), - typeof(AbpAuthorizationOrganizationUnitsModule) - )] -public class AbpPermissionManagementDomainOrganizationUnitsModule : AbpModule -{ - public override void ConfigureServices(ServiceConfigurationContext context) - { - Configure(options => - { - options.ManagementProviders.Add(); - - options.ProviderPolicies[OrganizationUnitPermissionValueProvider.ProviderName] = "AbpIdentity.OrganizationUnits.ManagePermissions"; - }); - } -} +namespace LINGYUN.Abp.PermissionManagement.OrganizationUnits; + +[DependsOn( + typeof(AbpIdentityDomainModule), + typeof(AbpPermissionManagementDomainModule), + typeof(AbpAuthorizationOrganizationUnitsModule) + )] +public class AbpPermissionManagementDomainOrganizationUnitsModule : AbpModule +{ + public override void ConfigureServices(ServiceConfigurationContext context) + { + Configure(options => + { + options.ManagementProviders.Add(); + + options.ProviderPolicies[OrganizationUnitPermissionValueProvider.ProviderName] = "AbpIdentity.OrganizationUnits.ManagePermissions"; + }); + } +} diff --git a/aspnet-core/modules/permissions-management/LINGYUN.Abp.PermissionManagement.Domain.OrganizationUnits/LINGYUN/Abp/PermissionManagement/OrganizationUnits/OrganizationUnitPermissionManagementProvider.cs b/aspnet-core/modules/permissions-management/LINGYUN.Abp.PermissionManagement.Domain.OrganizationUnits/LINGYUN/Abp/PermissionManagement/OrganizationUnits/OrganizationUnitPermissionManagementProvider.cs index a28327563..8bf9af5a1 100644 --- a/aspnet-core/modules/permissions-management/LINGYUN.Abp.PermissionManagement.Domain.OrganizationUnits/LINGYUN/Abp/PermissionManagement/OrganizationUnits/OrganizationUnitPermissionManagementProvider.cs +++ b/aspnet-core/modules/permissions-management/LINGYUN.Abp.PermissionManagement.Domain.OrganizationUnits/LINGYUN/Abp/PermissionManagement/OrganizationUnits/OrganizationUnitPermissionManagementProvider.cs @@ -5,7 +5,9 @@ using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; using Volo.Abp.Authorization.Permissions; +using Volo.Abp.Domain.Repositories; using Volo.Abp.Guids; +using Volo.Abp.Linq; using Volo.Abp.MultiTenancy; using Volo.Abp.PermissionManagement; using UserManager = Volo.Abp.Identity.IdentityUserManager; @@ -16,10 +18,14 @@ public class OrganizationUnitPermissionManagementProvider : PermissionManagement public override string Name => OrganizationUnitPermissionValueProvider.ProviderName; protected UserManager UserManager { get; } + protected IAsyncQueryableExecuter AsyncQueryableExecuter { get; } protected IIdentityUserRepository IdentityUserRepository { get; } protected IIdentityRoleRepository IdentityRoleRepository { get; } + protected IRepository PermissionGrantBasicRepository { get; } public OrganizationUnitPermissionManagementProvider( + IAsyncQueryableExecuter asyncQueryableExecuter, + IRepository permissionGrantBasicRepository, IPermissionGrantRepository permissionGrantRepository, IIdentityUserRepository identityUserRepository, IIdentityRoleRepository identityRoleRepository, @@ -32,8 +38,10 @@ public class OrganizationUnitPermissionManagementProvider : PermissionManagement currentTenant) { UserManager = userManager; + AsyncQueryableExecuter = asyncQueryableExecuter; IdentityUserRepository = identityUserRepository; IdentityRoleRepository = identityRoleRepository; + PermissionGrantBasicRepository = permissionGrantBasicRepository; } public override async Task CheckAsync(string name, string providerName, string providerKey) @@ -51,29 +59,32 @@ public class OrganizationUnitPermissionManagementProvider : PermissionManagement if (providerName == Name) { permissionGrants.AddRange(await PermissionGrantRepository.GetListAsync(names, providerName, providerKey)); - } if (providerName == RolePermissionValueProvider.ProviderName) { var role = await IdentityRoleRepository.FindByNormalizedNameAsync(UserManager.NormalizeName(providerKey)); var organizationUnits = await IdentityRoleRepository.GetOrganizationUnitsAsync(role.Id); + var roleOrganizationUnits = organizationUnits.Select(x => x.Id.ToString()); - foreach (var organizationUnit in organizationUnits) - { - permissionGrants.AddRange(await PermissionGrantRepository.GetListAsync(names, Name, organizationUnit.Id.ToString())); - } + var quaryble = await PermissionGrantBasicRepository.GetQueryableAsync(); + quaryble = quaryble.Where(x => x.ProviderName == Name && roleOrganizationUnits.Contains(x.ProviderKey) && names.Contains(x.Name)); + var roleUnitGrants = await AsyncQueryableExecuter.ToListAsync(quaryble); + + permissionGrants.AddRange(roleUnitGrants); } if (providerName == UserPermissionValueProvider.ProviderName) { var userId = Guid.Parse(providerKey); var organizationUnits = await IdentityUserRepository.GetOrganizationUnitsAsync(id: userId); + var userOrganizationUnits = organizationUnits.Select(x => x.Id.ToString()); - foreach (var organizationUnit in organizationUnits) - { - permissionGrants.AddRange(await PermissionGrantRepository.GetListAsync(names, Name, organizationUnit.Id.ToString())); - } + var quaryble = await PermissionGrantBasicRepository.GetQueryableAsync(); + quaryble = quaryble.Where(x => x.ProviderName == Name && userOrganizationUnits.Contains(x.ProviderKey) && names.Contains(x.Name)); + var userOrganizationUnitGrants = await AsyncQueryableExecuter.ToListAsync(quaryble); + + permissionGrants.AddRange(userOrganizationUnitGrants); } permissionGrants = permissionGrants.Distinct().ToList();