新增权限验证

src/Hotline.Api/Controllers/CallController.cs

@@ -14,34 +14,26 @@ namespace Hotline.Api.Controllers
     /// </summary>
     public class CallController : BaseController
     {
-        private readonly ICallDomainService _callDomainService;
         private readonly ICallRepository _callRepository;
         private readonly IMapper _mapper;
-        private readonly ICallDetailRepository _callDetailRepository;
         private readonly IBlacklistDomainService _blacklistDomainService;
         private readonly IBlacklistRepository _blacklistRepository;
 
         /// <summary>
         /// 通话相关接口构造
         /// </summary>
-        /// <param name="callDomainService"></param>
         /// <param name="callRepository"></param>
         /// <param name="mapper"></param>
-        /// <param name="callDetailRepository"></param>
         /// <param name="blacklistDomainService"></param>
         /// <param name="blacklistRepository"></param>
         public CallController(
-            ICallDomainService callDomainService, 
             ICallRepository callRepository, 
             IMapper mapper, 
-            ICallDetailRepository callDetailRepository,
             IBlacklistDomainService blacklistDomainService,
             IBlacklistRepository blacklistRepository)
         {
-            _callDomainService = callDomainService;
             _callRepository = callRepository;
             _mapper = mapper;
-            _callDetailRepository = callDetailRepository;
             _blacklistDomainService = blacklistDomainService;
             _blacklistRepository = blacklistRepository;
         }

src/Hotline.Api/Controllers/HomeController.cs

@@ -20,38 +20,17 @@ namespace Hotline.Api.Controllers;
 
 public class HomeController : BaseController
 {
-    private readonly IUserRepository _userRepository;
     private readonly ISugarUnitOfWork<HotlineDbContext> _uow;
-    private readonly IUserCacheManager _userCacheManager;
-    private readonly ITelDomainService _telDomainService;
-    private readonly IMapper _mapper;
     private readonly ISessionContext _sessionContext;
-    private readonly IDeviceManager _deviceManager;
-    private readonly ITelCacheManager _telCacheManager;
-    private readonly IUserDomainService _userDomainService;
     private readonly ISystemAuthorityRepository _systemAuthorityRepository;
 
     public HomeController(
-        IUserRepository userRepository, 
         ISugarUnitOfWork<HotlineDbContext> uow,
-        IUserCacheManager userCacheManager,
-        ITelDomainService telDomainService,
-        IMapper mapper,
         ISessionContext sessionContext,
-        IDeviceManager deviceManager,
-        ITelCacheManager telCacheManager,
-        IUserDomainService userDomainService,
         ISystemAuthorityRepository systemAuthorityRepository)
     {
-        _userRepository = userRepository;
         _uow = uow;
-        _userCacheManager = userCacheManager;
-        _telDomainService = telDomainService;
-        _mapper = mapper;
         _sessionContext = sessionContext;
-        _deviceManager = deviceManager;
-        _telCacheManager = telCacheManager;
-        _userCacheManager = userCacheManager;
         _systemAuthorityRepository = systemAuthorityRepository;
     }
     
@@ -77,7 +56,7 @@ public class HomeController : BaseController
     /// 获取当前用户所有菜单
     /// </summary>
     /// <returns></returns>
-    //[AllowAnonymous]
+    [AllowAnonymous]
     [HttpGet("get-my-auth-menu")]
     public async Task<IReadOnlyList<SystemMenu>> GetUserAuthorityMenuByToken()
     {
@@ -89,6 +68,7 @@ public class HomeController : BaseController
     /// 获取当前用户所有按钮
     /// </summary>
     /// <returns></returns>
+    [AllowAnonymous]
     [HttpGet("get-my-auth-button")]
     public async Task<IReadOnlyList<string>> GetUserAuthorityButtonByToken()
     {

src/Hotline.Api/Controllers/IvrController.cs

@@ -1,4 +1,5 @@
 using Hotline.CallCenter.Ivrs;
+using Hotline.Permissions;
 using Hotline.Share.Dtos.CallCenter;
 using Hotline.Share.Enums;
 using MapsterMapper;
@@ -35,6 +36,7 @@ public class IvrController : BaseController
     /// 查询所有ivr分类
     /// </summary>
     /// <returns></returns>
+    [Permission(EPermission.GetCategories)]
     [HttpGet("categories")]
     public async Task<IReadOnlyList<IvrCategory>> GetCategories()
     {
@@ -46,6 +48,7 @@ public class IvrController : BaseController
     /// </summary>
     /// <param name="id"></param>
     /// <returns></returns>
+    [Permission(EPermission.GetCategorie)]
     [HttpGet("category/{id}")]
     public async Task<IvrCategory> GetCategory(string id)
     {
@@ -56,6 +59,7 @@ public class IvrController : BaseController
     /// 新增IVR分类
     /// </summary>
     /// <returns></returns>
+    [Permission(EPermission.AddCategory)]
     [HttpPost("category")]
     public async Task<string> AddCategory([FromBody] AddIvrCategoryDto request)
     {
@@ -68,6 +72,7 @@ public class IvrController : BaseController
     /// </summary>
     /// <param name="request"></param>
     /// <returns></returns>
+    [Permission(EPermission.UpdateCategory)]
     [HttpPut("category")]
     public async Task UpdateCategory([FromBody] UpdateIvrCategoryDto request)
     {
@@ -80,6 +85,7 @@ public class IvrController : BaseController
     /// </summary>
     /// <param name="id"></param>
     /// <returns></returns>
+    [Permission(EPermission.RemoveCategory)]
     [HttpDelete("category/{id}")]
     public async Task RemoveCategory(string id)
     {
@@ -94,6 +100,7 @@ public class IvrController : BaseController
     /// </summary>
     /// <param name="dto"></param>
     /// <returns></returns>
+    [Permission(EPermission.AddIvr)]
     [HttpPost]
     public async Task<string> Add([FromBody] AddIvrDto dto)
     {
@@ -106,6 +113,7 @@ public class IvrController : BaseController
     /// </summary>
     /// <param name="dto"></param>
     /// <returns></returns>
+    [Permission(EPermission.UpdateIvr)]
     [HttpPut]
     public async Task Update([FromBody] UpdateIvrDto dto)
     {
@@ -120,6 +128,7 @@ public class IvrController : BaseController
     /// <param name="dto"></param>
     /// <returns></returns>
     /// <exception cref="UserFriendlyException"></exception>
+    [Permission(EPermission.Structure)]
     [HttpPost("structure")]
     public async Task Structure([FromBody] StructureIvrDto dto)
     {
@@ -131,6 +140,7 @@ public class IvrController : BaseController
     /// </summary>
     /// <param name="ivrId"></param>
     /// <returns></returns>
+    [Permission(EPermission.DeStructureIvr)]
     [HttpPut("destructure/{ivrId}")]
     public async Task DeStructureIvr(string ivrId)
     {
@@ -142,6 +152,7 @@ public class IvrController : BaseController
     /// </summary>
     /// <param name="ivrId"></param>
     /// <returns></returns>
+    [Permission(EPermission.ReplaceRoot)]
     [HttpPut("replace-root/{ivrId}")]
     public async Task ReplaceRootAsync(string ivrId)
     {
@@ -152,6 +163,7 @@ public class IvrController : BaseController
     /// 查询所有ivr
     /// </summary>
     /// <returns></returns>
+    [Permission(EPermission.QueryIvrs)]
     [HttpGet]
     public async Task<IReadOnlyList<IvrDto>> QueryIvrs()
     {
@@ -164,6 +176,7 @@ public class IvrController : BaseController
     /// </summary>
     /// <param name="categoryId"></param>
     /// <returns></returns>
+    [Permission(EPermission.GetBeginingIvr)]
     [HttpGet("tree/{categoryId}")]
     public async Task<IvrDto> GetBeginingIvrAsync(string categoryId)
     {
@@ -186,6 +199,7 @@ public class IvrController : BaseController
     /// 页面基础信息
     /// </summary>
     /// <returns></returns>
+    [Permission(EPermission.GetBaseInfoIvr)]
     [HttpGet("base-info")]
     public async Task<dynamic> GetBaseInfo()
     {

src/Hotline.Api/Controllers/PbxController.cs

@@ -390,23 +390,7 @@ namespace Hotline.Api.Controllers
         {
             await _voiceFileDomainService.RemoveVoiceFileAsync(new RemoveVoiceFileRequest(voiceFileName), HttpContext.RequestAborted);
         }
-
-
-        /// <summary>
-        /// 页面基础信息
-        /// </summary>
-        /// <returns></returns>
-        [Permission(EPermission.GetBaseInfoIvr)]
-        [HttpGet("base-info-ivr")]
-        public async Task<dynamic> GetBaseInfoIvr()
-        {
-            return new
-            {
-                IvrTypes = EnumExts.GetDescriptions<EIvrType>(),
-                IvrStrategeTypes = EnumExts.GetDescriptions<EIvrStrategeType>(),
-                IvrAnswerTypes = EnumExts.GetDescriptions<EIvrAnswerType>(),
-            };
-        }
+    
 
         #region private
 
@@ -660,6 +644,7 @@ namespace Hotline.Api.Controllers
         /// </summary>
         /// <param name="request"></param>
         /// <returns></returns>
+        [Permission(EPermission.MonitorExt)]
         [HttpPost("monitor-ext")]
         public async Task MonitorExt([FromBody] MonitorExtRequest request)
         {
@@ -675,6 +660,7 @@ namespace Hotline.Api.Controllers
         /// </summary>
         /// <param name="request"></param>
         /// <returns></returns>
+        [Permission(EPermission.MonitorExtToTalk)]
         [HttpPost("monitor-ext-to-talk")]
         public async Task MonitorExtToTalk([FromBody] MonitorExtToTalkRequest request)
         {
@@ -690,6 +676,7 @@ namespace Hotline.Api.Controllers
         /// </summary>
         /// <param name="request"></param>
         /// <returns></returns>
+        [Permission(EPermission.MonitorExtToListen)]
         [HttpPost("monitor-ext-to-listen")]
         public async Task MonitorExtToListen([FromBody] MonitorExtToListenRequest request)
         {
@@ -709,6 +696,7 @@ namespace Hotline.Api.Controllers
         /// </summary>
         /// <param name="request"></param>
         /// <returns></returns>
+        [Permission(EPermission.BargeinExt)]
         [HttpPost("bargein-ext")]
         public async Task BargeinExt([FromBody] BargeinExtRequest request)
         {
@@ -724,6 +712,7 @@ namespace Hotline.Api.Controllers
         /// </summary>
         /// <param name="request"></param>
         /// <returns></returns>
+        [Permission(EPermission.ClearExt)]
         [HttpPost("clear-ext")]
         public async Task ClearExt([FromBody] ClearExtRequest request)
         {
@@ -735,6 +724,7 @@ namespace Hotline.Api.Controllers
         /// </summary>
         /// <param name="request"></param>
         /// <returns></returns>
+        [Permission(EPermission.ClearVisitor)]
         [HttpPost("clear-visitor")]
         public async Task ClearVisitor([FromBody] ClearVisitorRequest request)
         {
@@ -746,6 +736,7 @@ namespace Hotline.Api.Controllers
         /// </summary>
         /// <param name="request"></param>
         /// <returns></returns>
+        [Permission(EPermission.ClearOuter)]
         [HttpPost("clear-outer")]
         public async Task ClearOuter([FromBody] ClearOuterRequest request)
         {

src/Hotline.Api/Controllers/RoleController.cs

@@ -1,7 +1,12 @@
-using Hotline.Share.Dtos.CallCenter;
+using Hotline.Permissions;
+using Hotline.Repository.SqlSugar;
+using Hotline.Settings;
+using Hotline.Share.Dtos.CallCenter;
+using Hotline.Share.Dtos.Role;
 using Identity.Admin.HttpClient;
 using Identity.Shared.Dtos.Identity;
 using Identity.Shared.Dtos.Role;
+using MapsterMapper;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using XF.Domain.Exceptions;
@@ -12,10 +17,19 @@ namespace Hotline.Api.Controllers;
 public class RoleController : BaseController
 {
     private readonly IIdentityClient _identityClient;
+    private readonly ISystemAuthorityRepository _systemAuthorityRepository;
+    private readonly ISystemDataAuthorityRepository _systemDataAuthorityRepository;
+    private readonly IMapper _mapper;
 
-    public RoleController(IIdentityClient identityClient)
+    public RoleController(IIdentityClient identityClient, 
+            ISystemAuthorityRepository systemAuthorityRepository,
+            ISystemDataAuthorityRepository systemDataAuthorityRepository,
+            IMapper mapper)
     {
         _identityClient = identityClient;
+        _systemAuthorityRepository = systemAuthorityRepository;
+        _systemDataAuthorityRepository = systemDataAuthorityRepository;
+        _mapper = mapper;
     }
 
     /// <summary>
@@ -24,7 +38,7 @@ public class RoleController : BaseController
     /// <param name="dto"></param>
     /// <returns></returns>
     [HttpGet("paged")]
-    [Authorize("d")]
+    [Permission(EPermission.QueryPagedRole)]
     public async Task<PagedDto<IdentityRoleDto>> QueryPaged([FromQuery] QueryRolesPagedDto dto)
     {
 
@@ -39,6 +53,7 @@ public class RoleController : BaseController
     /// </summary>
     /// <param name="dto"></param>
     /// <returns></returns>
+    [Permission(EPermission.AddRole)]
     [HttpPost]
     public async Task<string> Add([FromBody] IdentityRoleDto dto)
     {
@@ -52,6 +67,7 @@ public class RoleController : BaseController
     /// </summary>
     /// <param name="roleId"></param>
     /// <returns></returns>
+    [Permission(EPermission.RemoveRole)]
     [HttpDelete("{roleId}")]
     public async Task Remove(string roleId)
     {
@@ -64,6 +80,7 @@ public class RoleController : BaseController
     /// </summary>
     /// <param name="dto"></param>
     /// <returns></returns>
+    [Permission(EPermission.UpdateRole)]
     [HttpPut]
     public async Task Update([FromBody] IdentityRoleDto dto)
     {
@@ -71,6 +88,97 @@ public class RoleController : BaseController
         CheckHttpRequestSuccess(updateRoleRsp, "UpdateRoleAsync");
     }
 
+    #region 应用权限管理
+
+    /// <summary>
+    /// 分配权限
+    /// </summary>
+    /// <param name="dto"></param>
+    /// <returns></returns>
+    [Permission(EPermission.AllocationAuthority)]
+    [HttpPost("allocationauthority")]
+    public async Task AllocationAuthority(List<RoleAuthorityDto> dto)
+    {
+        var list = _mapper.Map<List<SystemAuthority>>(dto);
+        await _systemAuthorityRepository.AddRangeAsync(list);
+    }
+
+    /// <summary>
+    /// 获取角色权限
+    /// </summary>
+    /// <param name="roleid"></param>
+    /// <returns></returns>
+    [Permission(EPermission.GetAuthority)]
+    [HttpGet("getauthority")]
+    public async Task<IReadOnlyList<SystemAuthority>> GetAuthority(string roleid)
+    {
+        return await _systemAuthorityRepository.QueryAsync(x => x.RoleId == roleid);
+    }
+
+    #endregion
+
+    #region 数据权限管理
+
+    /// <summary>
+    /// 新增数据权限
+    /// </summary>
+    /// <param name="dto"></param>
+    /// <returns></returns>
+    [Permission(EPermission.AddDataAuthority)]
+    [HttpPost("add-data-authority")]
+    public async Task AddDataAuthority([FromBody] AddDataAuthorityDto dto)
+    {
+        var dataAuthority = _mapper.Map<SystemDataAuthority>(dto);
+        await _systemDataAuthorityRepository.AddAsync(dataAuthority);
+    }
+
+    /// <summary>
+    /// 修改数据权限
+    /// </summary>
+    /// <param name="dto"></param>
+    /// <returns></returns>
+    [Permission(EPermission.UpdateDataAuthority)]
+    [HttpPost("update-data-authority")]
+    public async Task UpdateDataAuthority([FromBody] UpdateDataAuthorityDto dto)
+    {
+        var entity = await _systemDataAuthorityRepository.GetAsync(x => x.Id == dto.Id, HttpContext.RequestAborted);
+        if (entity is null)
+            throw UserFriendlyException.SameMessage("无效数据");
+
+        _mapper.Map(dto, entity);
+        await _systemDataAuthorityRepository.UpdateAsync(entity, HttpContext.RequestAborted);
+    }
+
+    /// <summary>
+    /// 删除数据权限
+    /// </summary>
+    /// <param name="id"></param>
+    /// <returns></returns>
+    [Permission(EPermission.RemoveDataAuthority)]
+    [HttpDelete("remove-data-authority/{id}")]
+    public async Task RemoveDataAuthority(string id)
+    {
+        var entity = await _systemDataAuthorityRepository.GetAsync(id, HttpContext.RequestAborted);
+        if (entity is null)
+            throw UserFriendlyException.SameMessage("无效数据");
+
+        await _systemDataAuthorityRepository.RemoveAsync(id);
+    }
+
+    /// <summary>
+    /// 获取角色所有数据权限设置
+    /// </summary>
+    /// <param name="roleid"></param>
+    /// <returns></returns>
+    [Permission(EPermission.GetDataAuthorityByRole)]
+    [HttpGet("getdataauthoritybyrole")]
+    public async Task<IReadOnlyList<SystemDataAuthority>> GetDataAuthorityByRole(string roleid)
+    {
+        return await _systemDataAuthorityRepository.QueryAsync(x => x.RoleId == roleid);
+    }
+
+    #endregion
+
     #region private
 
     private void CheckHttpRequestSuccess(ApiResponse response, string msg)

src/Hotline.Api/Controllers/SettingController.cs

@@ -1,4 +1,5 @@
 using Hotline.CallCenter.Manage;
+using Hotline.Permissions;
 using Hotline.Settings;
 using Hotline.Share.Requests;
 using Microsoft.AspNetCore.Mvc;
@@ -23,6 +24,7 @@ namespace Hotline.Api.Controllers
         /// 查询语音文件
         /// </summary>
         /// <returns></returns>
+        [Permission(EPermission.VoiceQueryList)]
         [HttpGet("voicequerylist")]
         public async Task<List<string>> VoiceQueryList()
         {
@@ -34,6 +36,7 @@ namespace Hotline.Api.Controllers
         /// </summary>
         /// <param name="voiceFileName"></param>
         /// <returns></returns>
+        [Permission(EPermission.RemoveVoiceFile)]
         [HttpPost("removevoicefile")]
         public async Task RemoveVoiceFile(string voiceFileName)
         {
@@ -45,6 +48,7 @@ namespace Hotline.Api.Controllers
         /// 获取系统参数列表
         /// </summary>
         /// <returns></returns>
+        [Permission(EPermission.GetSysSettingsAsync)]
         [HttpGet("getsyssettings")]
         public async Task<List<SystemSettingGroup>> GetSysSettingsAsync()
         {
@@ -60,6 +64,7 @@ namespace Hotline.Api.Controllers
         /// <param name="request"></param>
         /// <returns></returns>
         /// <exception cref="UserFriendlyException"></exception>
+        [Permission(EPermission.ModifySettings)]
         [HttpPost("modifysettings")]
         public async Task ModifySettings([FromBody] ModifySettingsRequest request)
         {

src/Hotline.Api/Controllers/SysController.cs

@@ -29,64 +29,36 @@ namespace Hotline.Api.Controllers
     /// </summary>
     public class SysController : BaseController
     {
-        private readonly ISessionContext _sessionContext;
-        private readonly IUserRepository _userRepository;
-        private readonly IUserCacheManager _userCacheManager;
         private readonly IIdentityClient _identityClient;
-        private readonly IOptionsSnapshot<IdentityConfigs> _identityConfigs;
         private readonly IMapper _mapper;
         private readonly ISystemSettingRepository _systemSettingsRepository;
         private readonly ISystemSettingGroupRepository _systemSettingGroupRepository;
-        private readonly ITelRepository _telRepository;
         private readonly ISystemMenuRepository _systemMenuRepository;
         private readonly ISystemButtonRepository _systemButtonRepository;
-        private readonly ISystemAuthorityRepository _systemAuthorityRepository;
-        private readonly ISystemDataAuthorityRepository _systemDataAuthorityRepository;
 
         /// <summary>
         /// 系统管理相关接口
         /// </summary>
-        /// <param name="sessionContext"></param>
-        /// <param name="userRepository"></param>
-        /// <param name="userCacheManager"></param>
         /// <param name="identityClient"></param>
-        /// <param name="identityConfigs"></param>
         /// <param name="mapper"></param>
         /// <param name="systemSettingsRepository"></param>
         /// <param name="systemSettingGroupRepository"></param>
-        /// <param name="telRepository"></param>
         /// <param name="systemMenuRepository"></param>
         /// <param name="systemButtonRepository"></param>
-        /// <param name="systemAuthorityRepository"></param>
-        /// <param name="systemDataAuthorityRepository"></param>
         public SysController(
-            ISessionContext sessionContext,
-            IUserRepository userRepository,
-            IUserCacheManager userCacheManager,
             IIdentityClient identityClient,
-            IOptionsSnapshot<IdentityConfigs> identityConfigs,
             IMapper mapper,
             ISystemSettingRepository systemSettingsRepository,
             ISystemSettingGroupRepository systemSettingGroupRepository,
-            ITelRepository telRepository,
             ISystemMenuRepository systemMenuRepository,
-            ISystemButtonRepository systemButtonRepository,
-            ISystemAuthorityRepository systemAuthorityRepository,
-            ISystemDataAuthorityRepository systemDataAuthorityRepository)
+            ISystemButtonRepository systemButtonRepository)
         {
-            _sessionContext = sessionContext;
-            _userRepository = userRepository;
-            _userCacheManager = userCacheManager;
             _identityClient = identityClient;
-            _identityConfigs = identityConfigs;
             _mapper = mapper;
             _systemSettingsRepository = systemSettingsRepository;
             _systemSettingGroupRepository = systemSettingGroupRepository;
-            _telRepository = telRepository;
             _systemMenuRepository = systemMenuRepository;
             _systemButtonRepository = systemButtonRepository;
-            _systemAuthorityRepository = systemAuthorityRepository;
-            _systemDataAuthorityRepository = systemDataAuthorityRepository;
         }
 
         #region private

src/Hotline.Api/Controllers/TelController.cs

@@ -20,50 +20,34 @@ namespace Hotline.Api.Controllers
     /// </summary>
     public class TelController : BaseController
     {
-        private readonly ITelDomainService _telDomainService;
         private readonly IUserCacheManager _userCacheManager;
-        private readonly ITypedCache<Tel> _cacheTel;
-        private readonly ITypedCache<TelGroup> _cacheTelGroup;
         private readonly ITelCacheManager _telCacheManager;
         private readonly IDeviceManager _deviceManager;
         private readonly IMapper _mapper;
-        private readonly ICallDetailRepository _callDetailRepository;
         private readonly ICallRepository _callRepository;
         private readonly ISessionContext _sessionContext;
 
         /// <summary>
         /// 构造
         /// </summary>
-        /// <param name="telDomainService"></param>
         /// <param name="userCacheManager"></param>
-        /// <param name="cacheTel"></param>
-        /// <param name="cacheTelGroup"></param>
         /// <param name="telCacheManager"></param>
         /// <param name="deviceManager"></param>
         /// <param name="mapper"></param>
-        /// <param name="callDetailRepository"></param>
         /// <param name="callRepository"></param>
         /// <param name="sessionContext"></param>
         public TelController(
-            ITelDomainService telDomainService,
             IUserCacheManager userCacheManager,
-            ITypedCache<Tel> cacheTel,
-            ITypedCache<TelGroup> cacheTelGroup,
             ITelCacheManager telCacheManager,
             IDeviceManager deviceManager,
             IMapper mapper,
-            ICallDetailRepository callDetailRepository,
             ICallRepository callRepository,
             ISessionContext sessionContext)
         {
-            _telDomainService = telDomainService;
             _userCacheManager = userCacheManager;
-            _cacheTel = cacheTel;
-            _cacheTelGroup = cacheTelGroup;
             _telCacheManager = telCacheManager;
             _deviceManager = deviceManager;
             _mapper = mapper;
-            _callDetailRepository = callDetailRepository;
             _callRepository = callRepository;
             _sessionContext = sessionContext;
         }

src/Hotline.Api/Controllers/UserController.cs

@@ -17,6 +17,7 @@ using XF.Domain.Exceptions;
 using Microsoft.Extensions.Options;
 using XF.Utility.AppIdentityModel;
 using XF.Utility.UnifyResponse;
+using Microsoft.AspNetCore.Authorization;
 
 namespace Hotline.Api.Controllers;
 
@@ -78,6 +79,7 @@ public class UserController : BaseController
     /// <summary>
     /// 下班
     /// </summary>
+    [Permission(EPermission.OffDuty)]
     [HttpPost("off-duty")]
     public Task<WorkDto?> OffDuty()
     {
@@ -88,6 +90,7 @@ public class UserController : BaseController
     /// 分页查询用户
     /// </summary>
     /// <returns></returns>
+    [Permission(EPermission.QueryPagedUser)]
     [HttpGet("paged")]
     public async Task<PagedDto<UserDto>> QueryPaged([FromQuery] UserPagedDto dto)
     {
@@ -106,6 +109,7 @@ public class UserController : BaseController
     /// </summary>
     /// <param name="userDto"></param>
     /// <returns></returns>
+    [Permission(EPermission.UpdateUser)]
     [HttpPut]
     public async Task Update([FromBody] UpdateUserDto userDto)
     {
@@ -124,6 +128,7 @@ public class UserController : BaseController
     /// </summary>
     /// <param name="userDto"></param>
     /// <returns></returns>
+    [Permission(EPermission.AddUser)]
     [HttpPost]
     public async Task<string> Add([FromBody] AddUserDto userDto)
     {
@@ -177,6 +182,7 @@ public class UserController : BaseController
     /// </summary>
     /// <param name="id"></param>
     /// <returns></returns>
+    [Permission(EPermission.RemoveUser)]
     [HttpDelete("{id}")]
     public async Task Remove(string id)
     {
@@ -194,6 +200,7 @@ public class UserController : BaseController
     /// 查询用户当前状态
     /// </summary>
     /// <returns></returns>
+    [AllowAnonymous]
     [HttpGet("state")]
     public async Task<UserStateDto> GetUserState()
     {
@@ -212,9 +219,10 @@ public class UserController : BaseController
     }
 
     /// <summary>
-    /// 分页查询用户权限
+    /// 分页查询用户角色
     /// </summary>
     /// <returns></returns>
+    [Permission(EPermission.GetUserRoles)]
     [HttpGet("roles")]
     public async Task<PagedDto<IdentityRoleDto>> GetUserRoles([FromQuery] UserRolesPagedDto dto)
     {
@@ -229,6 +237,7 @@ public class UserController : BaseController
     /// 设置用户角色
     /// </summary>
     /// <returns></returns>
+    [Permission(EPermission.SetUserRoles)]
     [HttpPost("roles")]
     public async Task SetUserRoles([FromBody] SetUserRolesDto dto)
     {
@@ -241,6 +250,7 @@ public class UserController : BaseController
     /// </summary>
     /// <returns></returns>
     /// <exception cref="UserFriendlyException"></exception>
+    [Permission(EPermission.GetPasswordChangeStatus)]
     [HttpGet("pwd-changed")]
     public Task<bool> GetPasswordChangeStatus()
     {

src/Hotline.Api/Permissions/EPermission.cs

@@ -53,7 +53,16 @@ namespace Hotline.Permissions
         /// </summary>
         [Display(GroupName = "用户管理", Name ="设置用户角色",Description ="设置用户角色")]
         SetUserRoles = 100105,
-
+        /// <summary>
+        /// 分页查询用户角色
+        /// </summary>
+        [Display(GroupName = "用户管理",Name ="分页查询用户角色",Description ="分页查询用户角色")]
+        GetUserRoles = 100106,
+        /// <summary>
+        /// 查询密码更改状态
+        /// </summary>
+        [Display(GroupName ="用户管理",Name = "查询密码更改状态",Description = "查询密码更改状态")]
+        GetPasswordChangeStatus=100107,
         #endregion
 
         #region 角色管理