优化登录权限存储jwt

2022-01-07 21:39:22 +08:00 · 2022-01-07 21:39:22 +08:00 · 93f235ae2e
commit 93f235ae2e
parent 197b5975f3
6 changed files with 15 additions and 25 deletions
--- a/Infrastructure/GlobalConstant.cs
+++ b/Infrastructure/GlobalConstant.cs
@ -21,5 +21,9 @@ namespace Infrastructure
        /// 开发版本API映射路径
        /// </summary>
        public static string DevApiProxy = "/dev-api/";
        /// <summary>
        /// 用户权限缓存key
        /// </summary>
        public static string UserPermKEY = "CACHE-USER-PERM";
    }
 }
--- a/ZR.Admin.WebApi/Controllers/System/SysLoginController.cs
+++ b/ZR.Admin.WebApi/Controllers/System/SysLoginController.cs
@ -73,15 +73,15 @@ namespace ZR.Admin.WebApi.Controllers.System
            }
            var user = sysLoginService.Login(loginBody, AsyncFactory.RecordLogInfo(httpContextAccessor.HttpContext, "0", "login"));
            #region 存入cookie Action校验权限使用
-            //角色集合 eg: admin,yunying,common
+            List<SysRole> roles = roleService.SelectUserRoleListByUserId(user.UserId);
            //List<string> roles = permissionService.GetRolePermission(user);
            List<SysRole> roles = roleService.SelectRolePermissionByUserId(user.UserId);
            //权限集合 eg *:*:*,system:user:list
            List<string> permissions = permissionService.GetMenuPermission(user);
            #endregion
            LoginUser loginUser = new LoginUser(user, roles, permissions);
            LoginUser loginUser = new(user, roles, permissions);
            CacheHelper.SetCache(GlobalConstant.UserPermKEY + user.UserId, loginUser);
            return SUCCESS(JwtUtil.GenerateJwtToken(HttpContext.AddClaims(loginUser)));
        }
@ -98,7 +98,9 @@ namespace ZR.Admin.WebApi.Controllers.System
            //    //注销登录的用户，相当于ASP.NET中的FormsAuthentication.SignOut  
            //    await HttpContext.SignOutAsync();
            //}).Wait();
            var id = HttpContext.GetUId();
            CacheHelper.Remove(GlobalConstant.UserPermKEY + id);
            return SUCCESS(1);
        }
--- a/ZR.Admin.WebApi/Extensions/DbExtension.cs
+++ b/ZR.Admin.WebApi/Extensions/DbExtension.cs
@ -91,9 +91,9 @@ namespace ZR.Admin.WebApi.Extensions
                            }
                            else if ("2".Equals(dataScope))
                            {
-                                var roleDepts = db0.Queryable<SysRoleDept>()
+                                //var roleDepts = db0.Queryable<SysRoleDept>()
-                                .Where(f => f.RoleId == role.RoleId).Select(f => f.DeptId).ToList();
+                                //.Where(f => f.RoleId == role.RoleId).Select(f => f.DeptId).ToList();
-                                var filter1 = new TableFilterItem<SysDept>(it => roleDepts.Contains(it.DeptId));
+                                //var filter1 = new TableFilterItem<SysDept>(it => roleDepts.Contains(it.DeptId));
                            }
                            else if ("3".Equals(dataScope))
                            {
--- a/ZR.Admin.WebApi/Extensions/HttpContextExtension.cs
+++ b/ZR.Admin.WebApi/Extensions/HttpContextExtension.cs
@ -137,14 +137,6 @@ namespace ZR.Admin.WebApi.Extensions
                    new Claim(ClaimTypes.Name, user.UserName),
                    new Claim(ClaimTypes.UserData, JsonConvert.SerializeObject(user))
                };
            if (user.RoleIds != null)
            {
                claims.Add(new Claim(ClaimTypes.Role, string.Join(",", user.RoleIds)));
            }
            if (user.Permissions != null)
            {
                claims.Add(new Claim("perm", string.Join(",", user.Permissions)));
            }
            //写入Cookie
            //WhiteCookie(context, claims);
--- a/ZR.Admin.WebApi/Filters/ActionPermissionFilter.cs
+++ b/ZR.Admin.WebApi/Filters/ActionPermissionFilter.cs
@ -67,7 +67,7 @@ namespace ZR.Admin.WebApi.Filters
                }
                if (!HasPermi && !Permission.Equals("common"))
                {
-                    logger.Info($"用户{info.NickName}没有权限访问{context.HttpContext.Request.Path}，当前权限[{Permission}]");
+                    logger.Info($"用户{info.UserName}没有权限访问{context.HttpContext.Request.Path}，当前权限[{Permission}]");
                    context.Result = new JsonResult(new { code = ResultCode.FORBIDDEN, msg = "你没有权限访问" });
                }
            }
--- a/ZR.Model/System/LoginUser.cs
+++ b/ZR.Model/System/LoginUser.cs
@ -13,13 +13,12 @@ namespace ZR.Model.System
        public long UserId { get; set; }
        public long DeptId { get; set; }
        public string UserName { get; set; }
        public string NickName { get; set; }
        /// <summary>
        /// 角色集合
        /// </summary>
        public List<string> RoleIds { get; set; }
        /// <summary>
-        /// 角色集合
+        /// 角色集合(数据权限过滤使用)
        /// </summary>
        public List<SysRole> Roles { get; set; }
        /// <summary>
@ -30,13 +29,6 @@ namespace ZR.Model.System
        {
        }
        public LoginUser(long userId, string userName, List<string> roleIds, List<string> permissions)
        {
            UserId = userId;
            UserName = userName;
            RoleIds = roleIds;
            Permissions = permissions;
        }
        public LoginUser(SysUser user, List<SysRole> roles, List<string> permissions)
        {
            UserId = user.UserId;