Merge branch 'master' into tangj-knowledge

src/Hotline.Api/Controllers/CommonPController.cs

@@ -7,6 +7,9 @@ using MongoDB.Driver;
 
 namespace Hotline.Api.Controllers
 {
+    /// <summary>
+    /// 常用意见接口
+    /// </summary>
     public class CommonPController: BaseController
     {
         private readonly ICommonOpinionDomainService _commonOpinionDomainService;

src/Hotline.Api/Controllers/OrderController.cs

@@ -9,6 +9,7 @@ using Hotline.Share.Dtos.Order;
 using Hotline.Share.Enums.Order;
 using Hotline.Share.Requests;
 using MapsterMapper;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using XF.Domain.Authentications;
 using XF.Domain.Exceptions;

src/Hotline.Api/Controllers/RoleController.cs

@@ -23,19 +23,22 @@ public class RoleController : BaseController
     private readonly ISystemDataAuthorityRepository _systemDataAuthorityRepository;
     private readonly IMapper _mapper;
     private readonly IOptions<IdentityConfiguration> _identityConfigurationAccessor;
+    private readonly ISystemDataTableRepository _systemDataTableRepository;
 
     public RoleController(
         IRoleRepository roleRepository,
         ISystemAuthorityRepository systemAuthorityRepository,
         ISystemDataAuthorityRepository systemDataAuthorityRepository,
         IMapper mapper,
-        IOptions<IdentityConfiguration> identityConfigurationAccessor)
+        IOptions<IdentityConfiguration> identityConfigurationAccessor,
+        ISystemDataTableRepository systemDataTableRepository)
     {
         _roleRepository = roleRepository;
         _systemAuthorityRepository = systemAuthorityRepository;
         _systemDataAuthorityRepository = systemDataAuthorityRepository;
         _mapper = mapper;
         _identityConfigurationAccessor = identityConfigurationAccessor;
+        _systemDataTableRepository = systemDataTableRepository;
     }
 
     /// <summary>
@@ -156,6 +159,16 @@ public class RoleController : BaseController
 
     #region 数据权限管理
 
+    /// <summary>
+    /// 获取数据表
+    /// </summary>
+    /// <returns></returns>
+    [HttpGet("datatable-list")]
+    public async Task<IReadOnlyList<SystemDataTable>> GetDataTable()
+    {
+        return await _systemDataTableRepository.Queryable().ToListAsync() ;
+    }
+
     /// <summary>
     /// 新增数据权限
     /// </summary>

src/Hotline.Repository.SqlSugar/DataPermissions/DataPermissionFilterBuilder.cs

@@ -1,5 +1,6 @@
 using Hotline.Share.Enums.Settings;
 using System.Linq.Expressions;
+using SqlSugar;
 using XF.Domain.Authentications;
 using XF.Domain.Dependency;
 using XF.Domain.Entities;
@@ -41,21 +42,27 @@ public class DataPermissionFilterBuilder : IDataPermissionFilterBuilder, IScopeD
     {
         var userId = _sessionContext.RequiredUserId;
         var roles = _sessionContext.Roles;
+        var orgCode = _sessionContext.RequiredOrgCode;
         var scheme = DataPermissionManager.GetQueryFilter<TEntity>(_sessionContext);
-        var (_, depCode, _, _) = DataPermissionManager.GetDataPermissionOptions();
+        //var (_, orgCode, _, _) = DataPermissionManager.GetDataPermissionOptions();
 
         switch (scheme.QueryFilter)
         {
             case EAuthorityType.Create:
-                return d => d.CreatorId == userId || FlowDataFiltering(d, userId, depCode, roles);
+                return d => d.CreatorId == userId || FlowDataFiltering(d, userId, orgCode, roles);
             case EAuthorityType.Org:
-                return d => d.CreatorOrgCode == scheme.OrgCode || FlowDataFiltering(d, userId, depCode, roles);
+                return d => d.CreatorOrgCode == scheme.OrgCode
+                            || d.AssignUserIds.Contains(userId)
+                            || d.AssignOrgCodes.Contains(orgCode)
+                            
+                            //todo 扩展sqlfunc || d.AssignRoles.Intersect(roles).Any()
+                            ;
             case EAuthorityType.OrgAndBelow:
-                return d => d.CreatorOrgCode.StartsWith(scheme.OrgCode) || FlowDataFiltering(d, userId, depCode, roles);
+                return d => d.CreatorOrgCode.StartsWith(scheme.OrgCode) || FlowDataFiltering(d, userId, orgCode, roles);
             case EAuthorityType.All:
                 return d => true;
             default:
-                return d => FlowDataFiltering(d, userId, depCode, roles);
+                return d => FlowDataFiltering(d, userId, orgCode, roles);
         }
     }
 

src/Hotline.Repository.SqlSugar/DataPermissions/DataPermissionManager.cs

@@ -5,6 +5,7 @@ using Microsoft.Extensions.DependencyInjection;
 using XF.Domain.Authentications;
 using XF.Domain.Dependency;
 using XF.Domain.Entities;
+using XF.Domain.Exceptions;
 
 namespace Hotline.Repository.SqlSugar.DataPermissions;
 
@@ -25,7 +26,7 @@ public class DataPermissionManager : IDataPermissionManager, IScopeDependency
         return new DataPermissionScheme(queryFilter);
     }
 
-    public (string orgId,string departmentCode, string creatorId, string? areaId) GetDataPermissionOptions()
+    public (string orgId, string orgCode, string creatorId, string? areaId) GetDataPermissionOptions()
     {
         using var scope = _serviceScopeFactory.CreateScope();
         var userRepository = scope.ServiceProvider.GetRequiredService<IUserRepository>();
@@ -48,8 +49,10 @@ public class DataPermissionManager : IDataPermissionManager, IScopeDependency
 
         ////查询对应表配置
         var tableModel = systemDataTableRepository.GetAsync(x => x.EntityName == entityName).GetAwaiter().GetResult();
+        if (tableModel == null)
+            throw UserFriendlyException.SameMessage($"未配置表{entityName}的查询权限");
         ////查询表对应最高数据权限
-        var auth = systemDataAuthorityRepository.GetMyTopDataAuth(roles, tableModel!.Id);
+        var auth = systemDataAuthorityRepository.GetMyTopDataAuth(roles, tableModel.Id);
         return auth;
     }
 }

src/Hotline.Repository.SqlSugar/DataPermissions/IDataPermissionManager.cs

@@ -6,5 +6,5 @@ namespace Hotline.Repository.SqlSugar.DataPermissions;
 public interface IDataPermissionManager
 {
     DataPermissionScheme GetQueryFilter<TEntity>(ISessionContext sessionContext) where TEntity : class, IEntity<string>, IDataPermission, new();
-    (string orgId,string departmentCode, string creatorId, string? areaId) GetDataPermissionOptions();
+    (string orgId, string orgCode, string creatorId, string? areaId) GetDataPermissionOptions();
 }

src/Hotline/Orders/CommonOpinionDomainService.cs

@@ -18,12 +18,14 @@ namespace Hotline.Orders
 
         public async Task<IReadOnlyList<CommonOpinion>> GetCommonOpinions(string code)
         {
-            return await _commonOpinionRepository.Queryable(true).Where(x => x.TypeCode == code).ToListAsync();
+            //TODO 加权限
+            return await _commonOpinionRepository.Queryable().Where(x => x.TypeCode == code).ToListAsync();
         }
 
         public async Task DelCommonOpinion(string[] Ids,CancellationToken cancellationToken)
         {
-            var list =await _commonOpinionRepository.Queryable(true).In(Ids).ToListAsync();
+            //TODO 加权限
+            var list =await _commonOpinionRepository.Queryable().In(Ids).ToListAsync();
             if (list.Count!=Ids.Length)
             {
                 throw new UserFriendlyException("数据异常，无权限操作");