⚡ 优化数据权限

2023-06-29 08:25:49 +08:00 · 2023-06-29 08:25:49 +08:00 · c3e024f7b5
commit c3e024f7b5
parent a9547257e6
1 changed files with 3 additions and 96 deletions
--- a/ZR.Admin.WebApi/Extensions/DbExtension.cs
+++ b/ZR.Admin.WebApi/Extensions/DbExtension.cs
@ -2,7 +2,6 @@ using Infrastructure;
 using Infrastructure.Extensions;
 using SqlSugar;
 using SqlSugar.IOC;
 using ZR.Admin.WebApi.Framework;
 using ZR.Model;
 using ZR.Model.System;
@ -14,16 +13,6 @@ namespace ZR.Admin.WebApi.Extensions
    public static class DbExtension
    {
        private static NLog.Logger logger = NLog.LogManager.GetCurrentClassLogger();
        //全部数据权限
        public static long DATA_SCOPE_ALL = 1;
        //自定数据权限
        public static long DATA_SCOPE_CUSTOM = 2;
        //部门数据权限
        public static long DATA_SCOPE_DEPT = 3;
        //部门及以下数据权限
        public static long DATA_SCOPE_DEPT_AND_CHILD = 4;
        //仅本人数据权限
        public static long DATA_SCOPE_SELF = 5;
        /// <summary>
        /// 初始化db
@ -53,9 +42,9 @@ namespace ZR.Admin.WebApi.Extensions
                var u = App.User;
                if (u != null)
                {
-                    FilterData(0);
+                    DataPermi.FilterData(0);
                    //ConfigId = 1的数据权限过滤
-                    //FilterData1(1);
+                    //DataPermi.FilterData1(1);
                }
                iocList.ForEach(iocConfig =>
@ -182,87 +171,5 @@ namespace ZR.Admin.WebApi.Extensions
            }
            return x.Value;
        }
        /// <summary>
        /// 数据过滤
        /// </summary>
        /// <param name="configId">多库id</param>
        private static void FilterData(int configId)
        {
            //获取当前用户的信息
            var user = JwtUtil.GetLoginUser(App.HttpContext);
            if (user == null) return;
            //管理员不过滤
            if (user.RoleIds.Any(f => f.Equals(GlobalConstant.AdminRole))) return;
            var db = DbScoped.SugarScope.GetConnectionScope(configId);
            var expUser = Expressionable.Create<SysUser>().Or(it => 1 == 1);
            var expRole = Expressionable.Create<SysRole>().Or(it => 1 == 1);
            var expLoginlog = Expressionable.Create<SysLogininfor>();
            foreach (var role in user.Roles.OrderBy(f => f.DataScope))
            {
                long dataScope = role.DataScope;
                if (DATA_SCOPE_ALL.Equals(dataScope))//所有权限
                {
                    break;
                }
                else if (DATA_SCOPE_CUSTOM.Equals(dataScope))//自定数据权限
                {
                    //" OR {}.dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id = {} ) ", deptAlias, role.getRoleId()));
                    expUser.Or(it => SqlFunc.Subqueryable<SysRoleDept>().Where(f => f.DeptId == it.DeptId && f.RoleId == role.RoleId).Any());
                }
                else if (DATA_SCOPE_DEPT.Equals(dataScope))//本部门数据
                {
                    expUser.Or(it => it.DeptId == user.DeptId);
                }
                else if (DATA_SCOPE_DEPT_AND_CHILD.Equals(dataScope))//本部门及以下数据
                {
                    //SQl  OR {}.dept_id IN ( SELECT dept_id FROM sys_dept WHERE dept_id = {} or find_in_set( {} , ancestors ) )
                    var allChildDepts = db.Queryable<SysDept>().ToChildList(it => it.ParentId, user.DeptId);
                    expUser.Or(it => allChildDepts.Select(f => f.DeptId).ToList().Contains(it.DeptId));
                }
                else if (DATA_SCOPE_SELF.Equals(dataScope))//仅本人数据
                {
                    expUser.Or(it => it.UserId == user.UserId);
                    expRole.Or(it => user.RoleIds.Contains(it.RoleKey));
                    expLoginlog.And(it => it.UserName == user.UserName);
                }
                db.QueryFilter.AddTableFilter(expUser.ToExpression());
                db.QueryFilter.AddTableFilter(expRole.ToExpression());
                db.QueryFilter.AddTableFilter(expLoginlog.ToExpression());
            }
        }
        private static void FilterData1(int configId)
        {
            //获取当前用户的信息
            var user = JwtUtil.GetLoginUser(App.HttpContext);
            if (user == null) return;
            var db = DbScoped.SugarScope.GetConnectionScope(configId);
            foreach (var role in user.Roles.OrderBy(f => f.DataScope))
            {
                long dataScope = role.DataScope;
                if (DATA_SCOPE_ALL.Equals(dataScope))//所有权限
                {
                    break;
                }
                else if (DATA_SCOPE_CUSTOM.Equals(dataScope))//自定数据权限
                {
                }
                else if (DATA_SCOPE_DEPT.Equals(dataScope))//本部门数据
                {
                }
                else if (DATA_SCOPE_DEPT_AND_CHILD.Equals(dataScope))//本部门及以下数据
                {
                }
                else if (DATA_SCOPE_SELF.Equals(dataScope))//仅本人数据
                {
                }
            }
        }
    }
 }