fix: 修复获取权限

1 year ago · 4b55d26796
7 changed files with 176 additions and 25 deletions
--- a/aspnet-core/modules/BasicManagement/src/Lion.AbpPro.BasicManagement.Application.Contracts/Users/Dtos/PageIdentityUserOutput.cs
+++ b/aspnet-core/modules/BasicManagement/src/Lion.AbpPro.BasicManagement.Application.Contracts/Users/Dtos/PageIdentityUserOutput.cs
@ -0,0 +1,11 @@
+using Volo.Abp.Identity;
+
+namespace Lion.AbpPro.BasicManagement.Users.Dtos;
+
+public class PageIdentityUserOutput : IdentityUserDto
+{
+    /// <summary>
+    /// 是否开启双因素验证码
+    /// </summary>
+    public bool TwoFactorEnabled { get; set; }
+}
--- a/aspnet-core/modules/BasicManagement/src/Lion.AbpPro.BasicManagement.Application.Contracts/Users/IUserAppService.cs
+++ b/aspnet-core/modules/BasicManagement/src/Lion.AbpPro.BasicManagement.Application.Contracts/Users/IUserAppService.cs
@ -10,7 +10,7 @@ namespace Lion.AbpPro.BasicManagement.Users
        /// <summary>
        /// 分页查询用户
        /// </summary>
-        Task<PagedResultDto<IdentityUserDto>> ListAsync(PagingUserListInput input);
+        Task<PagedResultDto<PageIdentityUserOutput>> ListAsync(PagingUserListInput input);

        /// <summary>
        /// 分页查询用户
--- a/aspnet-core/modules/BasicManagement/src/Lion.AbpPro.BasicManagement.Application/ApplicationConfigurations/AbpProApplicationConfigurationAppService.cs
+++ b/aspnet-core/modules/BasicManagement/src/Lion.AbpPro.BasicManagement.Application/ApplicationConfigurations/AbpProApplicationConfigurationAppService.cs
@ -191,40 +191,60 @@ public class AbpProApplicationConfigurationAppService : ApplicationService, IAbp
    /// <remarks>比如设置了角色有权限AbpIdentity.Roles.Update,但是没有AbpIdentity.Roles权限，那么这个时候AbpIdentity.Roles应该是false</remarks>
    private List<string> GetPolicy(string policy, MultiplePermissionGrantResult permissions)
    {
+        // AbpIdentity.Roles.Create
+        // AbpIdentity 按照.分割，第一级是分组，剩下的才是权限
        var result = new List<string>();
        var split = policy.Split('.', StringSplitOptions.RemoveEmptyEntries);
        if (split.Length <= 0) return result;
-        var currentPolicy = string.Empty;
-        for (int i = 0; i < split.Length - 1; i++)
+        // 1. 获取当前policy组名
+        var groupName = split.First();
+        
+        // 这个情况是菜单权限
+        if (split.Length == 2)
        {
-            if (i == 0)
-            {
-                currentPolicy += split[i];
-            }
-            else
+            var currentPolicyValue = permissions.Result.FirstOrDefault(e => e.Key == policy);
+
+            if (currentPolicyValue.Value != PermissionGrantResult.Granted) return result;
            {
-                currentPolicy += "." + split[i];
+                result.Add(groupName);
            }
        }
-
-        if (!currentPolicy.IsNullOrWhiteSpace())
+        else
        {
-            var currentPolicyValue = permissions.Result.FirstOrDefault(e => e.Key == currentPolicy);
-            if (currentPolicyValue.Value == PermissionGrantResult.Granted)
+            var currentPolicy = string.Empty;
+            for (int i = 0; i < split.Length - 1; i++)
            {
-                result.Add(currentPolicy);
-                // 获取上级code
-                var parent = currentPolicy.Split('.', StringSplitOptions.RemoveEmptyEntries);
-                if (parent.Length > 1)
+                if (i == 0)
+                {
+                    currentPolicy += split[i];
+                }
+                else
                {
-                    result.Add(parent[0]);
+                    currentPolicy += "." + split[i];
                }
            }

-            result.AddRange(GetPolicy(currentPolicy, permissions));
+            if (!currentPolicy.IsNullOrWhiteSpace())
+            {
+                var currentPolicyValue = permissions.Result.FirstOrDefault(e => e.Key == currentPolicy);
+                if (currentPolicyValue.Value == PermissionGrantResult.Granted)
+                {
+                    result.Add(currentPolicy);
+                    // 获取上级code
+                    var parent = currentPolicy.Split('.', StringSplitOptions.RemoveEmptyEntries);
+                    if (parent.Length > 1)
+                    {
+                        result.Add(parent.First());
+                       
+                    }
+                }
+
+                result.AddRange(GetPolicy(currentPolicy, permissions));
+            }
        }
+        

-        return result;
+        return result.Distinct().ToList();
    }


--- a/aspnet-core/modules/BasicManagement/src/Lion.AbpPro.BasicManagement.Application/BasicManagementApplicationAutoMapperProfile.cs
+++ b/aspnet-core/modules/BasicManagement/src/Lion.AbpPro.BasicManagement.Application/BasicManagementApplicationAutoMapperProfile.cs
@ -36,5 +36,6 @@ public class BasicManagementApplicationAutoMapperProfile : Profile
        CreateMap<IdentitySecurityLog, PagingIdentitySecurityLogOutput>();
        CreateMap<TenantConnectionString, PageTenantConnectionStringOutput>();
        CreateMap<IdentityUser, MyProfileOutput>();
+        CreateMap<IdentityUser, PageIdentityUserOutput>();
    }
 }
--- a/aspnet-core/modules/BasicManagement/src/Lion.AbpPro.BasicManagement.Application/Users/UserAppService.cs
+++ b/aspnet-core/modules/BasicManagement/src/Lion.AbpPro.BasicManagement.Application/Users/UserAppService.cs
@ -10,7 +10,7 @@ using IdentityRole = Volo.Abp.Identity.IdentityRole;

 namespace Lion.AbpPro.BasicManagement.Users
 {
-    [Authorize(IdentityPermissions.Users.Default)]
+    [Authorize]
    public class UserAppService : BasicManagementAppService, IUserAppService
    {
        private readonly IIdentityUserAppService _identityUserAppService;
@ -36,7 +36,8 @@ namespace Lion.AbpPro.BasicManagement.Users
        /// <summary>
        /// 分页查询用户
        /// </summary>
-        public virtual async Task<PagedResultDto<IdentityUserDto>> ListAsync(PagingUserListInput input)
+        [Authorize(IdentityPermissions.Users.Default)]
+        public virtual async Task<PagedResultDto<PageIdentityUserOutput>> ListAsync(PagingUserListInput input)
        {
            var request = new GetIdentityUsersInput
            {
@ -50,8 +51,8 @@ namespace Lion.AbpPro.BasicManagement.Users
            var source = await _identityUserRepository
                .GetListAsync(request.Sorting, request.MaxResultCount, request.SkipCount, request.Filter);

-            return new PagedResultDto<IdentityUserDto>(count,
-                base.ObjectMapper.Map<List<Volo.Abp.Identity.IdentityUser>, List<IdentityUserDto>>(source));
+            return new PagedResultDto<PageIdentityUserOutput>(count,
+                base.ObjectMapper.Map<List<Volo.Abp.Identity.IdentityUser>, List<PageIdentityUserOutput>>(source));
        }

        public async Task<List<IdentityUserDto>> ListAllAsync(PagingUserListInput input)
--- a/aspnet-core/modules/BasicManagement/src/Lion.AbpPro.BasicManagement.HttpApi/Systems/UserController.cs
+++ b/aspnet-core/modules/BasicManagement/src/Lion.AbpPro.BasicManagement.HttpApi/Systems/UserController.cs
@ -15,7 +15,7 @@ namespace Lion.AbpPro.BasicManagement.Systems

        [HttpPost("page")]
        [SwaggerOperation(summary: "分页获取用户信息", Tags = new[] { "Users" })]
-        public Task<PagedResultDto<IdentityUserDto>> ListAsync(PagingUserListInput input)
+        public Task<PagedResultDto<PageIdentityUserOutput>> ListAsync(PagingUserListInput input)
        {
            return _userAppService.ListAsync(input);
        }
--- a/aspnet-core/modules/BasicManagement/test/Lion.AbpPro.BasicManagement.Application.Tests/Permission_Tests.cs
+++ b/aspnet-core/modules/BasicManagement/test/Lion.AbpPro.BasicManagement.Application.Tests/Permission_Tests.cs
@ -0,0 +1,118 @@
+using Shouldly;
+using Volo.Abp.Authorization.Permissions;
+using Xunit;
+
+namespace Lion.AbpPro.BasicManagement;
+
+public class Permission_Tests:BasicManagementApplicationTestBase
+{
+    
+    [Fact]
+    public void GetPolicySingleTest()
+    {
+        var grant = new MultiplePermissionGrantResult();
+        
+        grant.Result.Add("AbpIdentity.AuditLog", PermissionGrantResult.Granted);
+        var result=  GetPolicy("AbpIdentity.AuditLog", grant);
+        result.FirstOrDefault(e=>e=="AbpIdentity").ShouldBe("AbpIdentity");
+    }
+    
+    
+    [Fact]
+    public void GetPolicyTest()
+    {
+        var grant = new MultiplePermissionGrantResult();
+        grant.Result.Add("AbpIdentity.Roles", PermissionGrantResult.Granted);
+        grant.Result.Add("AbpIdentity.Roles.Create", PermissionGrantResult.Granted);
+        grant.Result.Add("AbpIdentity.Roles.Update", PermissionGrantResult.Undefined);
+        
+        grant.Result.Add("AbpIdentity.Users", PermissionGrantResult.Undefined);
+        grant.Result.Add("AbpIdentity.Users.Create", PermissionGrantResult.Granted);
+        grant.Result.Add("AbpIdentity.Users.Update", PermissionGrantResult.Granted);
+        
+        
+        grant.Result.Add("AbpCode.CodeManagement.Project", PermissionGrantResult.Granted);
+        grant.Result.Add("AbpCode.CodeManagement.Project.Create", PermissionGrantResult.Undefined);
+        var result1=  GetPolicy("AbpIdentity.Roles.Update", grant);
+     
+        result1.FirstOrDefault(e=>e=="AbpIdentity").ShouldBe("AbpIdentity");
+        result1.FirstOrDefault(e=>e=="AbpIdentity.Roles").ShouldBe("AbpIdentity.Roles");
+        result1.FirstOrDefault(e=>e=="AbpIdentity.Roles.Update").ShouldBe(null);
+        
+        var result2=  GetPolicy("AbpIdentity.Users.Update", grant);
+        result2.FirstOrDefault(e=>e=="AbpIdentity").ShouldBe(null);
+        result2.FirstOrDefault(e=>e=="AbpIdentity.Users").ShouldBe(null);
+        
+        var result3=  GetPolicy("AbpCode.CodeManagement.Project", grant);
+        result3.FirstOrDefault(e=>e=="AbpCode.CodeManagement").ShouldBe(null);
+        result3.FirstOrDefault(e=>e=="AbpCode.CodeManagement.Project").ShouldBe(null);
+    }
+    
+    
+    /// <summary>
+    /// 获取权限
+    /// </summary>
+    /// <remarks>比如设置了角色有权限AbpIdentity.Roles.Update,但是没有AbpIdentity.Roles权限，那么这个时候AbpIdentity.Roles应该是false</remarks>
+    private List<string> GetPolicy(string policy, MultiplePermissionGrantResult permissions)
+    {
+        // AbpIdentity.Roles.Create
+        // AbpIdentity 按照.分割，第一级是分组，剩下的才是权限
+        var result = new List<string>();
+        var split = policy.Split('.', StringSplitOptions.RemoveEmptyEntries);
+        if (split.Length <= 0) return result;
+        // 1. 获取当前policy组名
+        var groupName = split.First();
+        
+        //2. 判断组下面的权限是菜单权限还是按钮权限
+        // AbpIdentity.Roles 页面权限
+        // AbpIdentity.Roles.Create 按钮权限
+        // AbpIdentity.AuditLog 页面权限
+
+        // 这个情况是菜单权限
+        if (split.Length == 2)
+        {
+            var currentPolicyValue = permissions.Result.FirstOrDefault(e => e.Key == policy);
+
+            if (currentPolicyValue.Value != PermissionGrantResult.Granted) return result;
+            {
+                result.Add(groupName);
+            }
+        }
+        else
+        {
+            var currentPolicy = string.Empty;
+            for (int i = 0; i < split.Length - 1; i++)
+            {
+                if (i == 0)
+                {
+                    currentPolicy += split[i];
+                }
+                else
+                {
+                    currentPolicy += "." + split[i];
+                }
+            }
+
+            if (!currentPolicy.IsNullOrWhiteSpace())
+            {
+                var currentPolicyValue = permissions.Result.FirstOrDefault(e => e.Key == currentPolicy);
+                if (currentPolicyValue.Value == PermissionGrantResult.Granted)
+                {
+                    result.Add(currentPolicy);
+                    // 获取上级code
+                    var parent = currentPolicy.Split('.', StringSplitOptions.RemoveEmptyEntries);
+                    if (parent.Length > 1)
+                    {
+                        result.Add(parent.First());
+                       
+                    }
+                }
+
+                result.AddRange(GetPolicy(currentPolicy, permissions));
+            }
+        }
+        
+
+        return result.Distinct().ToList();
+    }
+}