You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 

159 lines
6.3 KiB

using Easy;
using Easy.Authorization.Abstractions;
using Easy.Authorization.Realization;
using Easy.DDD.Domain;
using Easy.DDD.Domain.Repositories;
using Identity.Api.Clean.Domain.Entites;
using Identity.Api.Clean.Shared.IServices;
using Identity.Api.Clean.Shared.ValueObjects;
using Microsoft.EntityFrameworkCore;
namespace Identity.Api.Clean.Domain.Services;
public class PermissionGrantManager : DomainService, IPermissionGrantManager
{
protected IRepository<PermissionGrant> PermissionGrantRepository => LazyServiceProvider.LazyGetService<IRepository<PermissionGrant>>();
protected IPermissionDefinitionManager PermissionDefinitionManager => LazyServiceProvider.LazyGetService<IPermissionDefinitionManager>();
public async Task<IEnumerable<string>> GetPermissionNamesAsync(params (string providerName, Guid providerKey)[] providerKeys)
{
var values = new List<string>();
foreach (var providerKey in providerKeys)
{
var permissionNames = await PermissionGrantRepository
.Where(o => o.ProviderName == providerKey.providerName && o.ProviderKey == providerKey.providerKey)
.Select(o => o.PermissionName)
.ToListAsync();
values.AddRange(permissionNames);
}
return values.Distinct();
}
public async Task<List<PermissionGroupValueObject>> GetPermissionGrantsAsync(string providerName, Guid providerKey)
{
var permissionNames = await GetPermissionNamesAsync((providerName, providerKey));
var permissionGroups = GetPermissionGroups(permissionNames);
return permissionGroups;
}
public List<PermissionGroupValueObject> GetPermissionGroups(IEnumerable<string> permissionNames)
{
var permissionGroups = new List<PermissionGroupValueObject>();
foreach (var group in PermissionDefinitionManager.GetGroups())
{
var permissionGroupValueObject = new PermissionGroupValueObject()
{
Description = group.Description,
DisplayName = group.DisplayName,
GroupName = group.GroupName,
Permissions = new List<PermissionValueObject>()
};
foreach (var permission in group.Permissions)
{
var per = new PermissionValueObject()
{
Children = new List<PermissionValueObject>(),
Description = permission.Description,
DisplayName = permission.DisplayName,
IsEnabled = permission.IsEnabled,
PermissionName = permission.PermissionName,
IsGranted = permissionNames.Contains(permission.PermissionName)
};
foreach (var childPermission in permission.Children)
{
per.Children.Add(new()
{
Description = childPermission.Description,
DisplayName = childPermission.DisplayName,
IsEnabled = childPermission.IsEnabled,
PermissionName = childPermission.PermissionName,
IsGranted = per.IsGranted == true || permissionNames.Contains(childPermission.PermissionName)
});
}
permissionGroupValueObject.Permissions.Add(per);
}
permissionGroups.Add(permissionGroupValueObject);
}
return permissionGroups;
}
//private static void SetPermissions(PermissionDefinition permissionDefinition, PermissionGroupValueObject permissionGroup)
//{
// //父权限
// if (permissionDefinition.Parent == null)
// {
// //添加父权限
// permissionGroup.Permissions.Add(new PermissionValueObject()
// {
// PermissionName = permissionDefinition.PermissionName,
// Description = permissionDefinition.Description,
// DisplayName = permissionDefinition.DisplayName,
// IsEnabled = permissionDefinition.IsEnabled,
// Children = new List<PermissionValueObject>()
// });
// }
// //子权限
// else
// {
// //判断组里面是否有父权限
// var permission = permissionGroup.Permissions.FirstOrDefault(o => o.PermissionName == permissionDefinition.Parent.PermissionName);
// if (permission == null)
// {
// permissionGroup.Permissions.Add(new PermissionValueObject()
// {
// PermissionName = permissionDefinition.PermissionName,
// Description = permissionDefinition.Description,
// DisplayName = permissionDefinition.DisplayName,
// IsEnabled = permissionDefinition.IsEnabled,
// Children = new List<PermissionValueObject>()
// });
// }
// //添加子权限
// permission.Children.Add(new PermissionValueObject()
// {
// PermissionName = permissionDefinition.PermissionName,
// Description = permissionDefinition.Description,
// DisplayName = permissionDefinition.DisplayName,
// IsEnabled = permissionDefinition.IsEnabled,
// });
// }
//}
public async Task SetAsync(string permissionName, string providerName, Guid providerKey, bool isGranted)
{
var permission = PermissionDefinitionManager.Get(permissionName);
When.Is(!permission.IsEnabled, $"这个权限 '{permissionName}' 被禁用!");
if (isGranted)
{
var permissionGrant = new PermissionGrant(GuidGenerator.Create(), permission.PermissionName, providerName, providerKey);
await PermissionGrantRepository.AddAsync(permissionGrant, true);
}
else
{
var permissionGrant = await PermissionGrantRepository
.Where(o => o.PermissionName == permissionName)
.Where(o => o.ProviderKey == providerKey)
.FirstOrDefaultAsync();
if (permissionGrant == null)
{
return;
}
await PermissionGrantRepository.RemoveAsync(permissionGrant, true);
}
}
}