Fengwo
/
hotline


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321
							using Hotline.Caches;
using Hotline.Identity.Roles;
using Hotline.Permissions;
using Hotline.Repository.SqlSugar;
using Hotline.Repository.SqlSugar.Extensions;
using Hotline.Settings;
using Hotline.Share.Dtos;
using Hotline.Share.Dtos.Roles;
using MapsterMapper;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Options;
using SqlSugar;
using XF.Domain.Exceptions;
using XF.Domain.Options;
using XF.Utility.UnifyResponse;

namespace Hotline.Api.Controllers;

/// <summary>
/// 角色权限管理相关接口
/// </summary>
public class RoleController : BaseController
{
    private readonly IRoleRepository _roleRepository;
    private readonly ISystemAuthorityRepository _systemAuthorityRepository;
    private readonly ISystemDataAuthorityRepository _systemDataAuthorityRepository;
    private readonly ITableAccessLevelRepository _tableAccessLevelRepository;
    private readonly IMapper _mapper;
    private readonly ITableAccessLevelCacheManager _tableAccessLevelCacheManager;
    private readonly IRolePermissionsCacheManager _rolePermissionsCacheManager;
    private readonly IOptions<IdentityConfiguration> _identityConfigurationAccessor;
    private readonly ISystemDataTableRepository _systemDataTableRepository;

    public RoleController(
        IRoleRepository roleRepository,
        ISystemAuthorityRepository systemAuthorityRepository,
        ISystemDataAuthorityRepository systemDataAuthorityRepository,
        ITableAccessLevelRepository tableAccessLevelRepository,
        ITableAccessLevelCacheManager tableAccessLevelCacheManager,
        IRolePermissionsCacheManager rolePermissionsCacheManager,
        IMapper mapper,
        IOptions<IdentityConfiguration> identityConfigurationAccessor,
        ISystemDataTableRepository systemDataTableRepository)
    {
        _roleRepository = roleRepository;
        _systemAuthorityRepository = systemAuthorityRepository;
        _systemDataAuthorityRepository = systemDataAuthorityRepository;
        _tableAccessLevelRepository = tableAccessLevelRepository;
        _tableAccessLevelCacheManager = tableAccessLevelCacheManager;
        _rolePermissionsCacheManager = rolePermissionsCacheManager;
        _mapper = mapper;
        _identityConfigurationAccessor = identityConfigurationAccessor;
        _systemDataTableRepository = systemDataTableRepository;
    }

    /// <summary>
    /// 分页查询角色
    /// </summary>
    /// <param name="dto"></param>
    /// <returns></returns>
    [HttpGet("paged")]
    [Permission(EPermission.QueryPagedRole)]
    public async Task<PagedDto<RoleDto>> QueryPaged([FromQuery] QueryRolesPagedDto dto)
    {
        var (total, items) = await _roleRepository.Queryable(includeDeleted: dto.IncludeDeleted)
            .Includes(d => d.Accounts)
            .WhereIF(!string.IsNullOrEmpty(dto.Keyword), d => d.Name.Contains(dto.Keyword!) || d.DisplayName.Contains(dto.Keyword!))
            .OrderByDescending(d => d.CreationTime)
            .ToPagedListAsync(dto.PageIndex, dto.PageSize, HttpContext.RequestAborted);

        return new PagedDto<RoleDto>(total, _mapper.Map<IReadOnlyList<RoleDto>>(items));
    }

    /// <summary>
    /// 新增角色
    /// </summary>
    /// <param name="dto"></param>
    /// <returns></returns>
    [Permission(EPermission.AddRole)]
    [HttpPost]
    public async Task<string> Add([FromBody] AddRoleDto dto)
    {
        var jwtOption = _identityConfigurationAccessor.Value.Jwt;
        var clientId = jwtOption.Issuer;
        if (string.IsNullOrEmpty(clientId))
            throw new UserFriendlyException("jwt.Issuer未配置");
        var exists = await _roleRepository.Queryable(includeDeleted: true)
            .AnyAsync(d => d.ClientId == clientId && d.Name == dto.Name);
        if (exists)
            throw UserFriendlyException.SameMessage("角色编码重复");

        var role = _mapper.Map<Role>(dto);
        role.ClientId = clientId;
        return await _roleRepository.AddAsync(role, HttpContext.RequestAborted);
    }

    /// <summary>
    /// 删除角色
    /// </summary>
    /// <param name="id"></param>
    /// <returns></returns>
    [Permission(EPermission.RemoveRole)]
    [HttpDelete("{id}")]
    public async Task Remove(string id)
    {
        var role = await _roleRepository.Queryable()
            .Includes(d => d.Accounts)
            .FirstAsync(d => d.Id == id);

        role.Accounts.Clear();
        await _roleRepository.UpdateNav(role)
            .Include(d => d.Accounts)
            .ExecuteCommandAsync();

        await _systemAuthorityRepository.RemoveAsync(id);
        await _systemDataAuthorityRepository.RemoveAsync(x => x.RoleId == id);

        await _roleRepository.RemoveAsync(id, true, HttpContext.RequestAborted);
    }

    /// <summary>
    /// 更新角色
    /// </summary>
    /// <param name="dto"></param>
    /// <returns></returns>
    [Permission(EPermission.UpdateRole)]
    [HttpPut]
    public async Task Update([FromBody] UpdateRoleDto dto)
    {
        await _roleRepository.UpdateAsync(_mapper.Map<Role>(dto), HttpContext.RequestAborted);
    }

    #region 应用权限管理

    /// <summary>
    /// 分配权限
    /// </summary>
    /// <param name="dto"></param>
    /// <returns></returns>
    [Permission(EPermission.AllocationAuthority)]
    [HttpPost("allocationauthority")]
    public async Task AllocationAuthority(RoleAuthorityDto dto)
    {
        //判断是否存在，如果存在就做更新
        var model = await _systemAuthorityRepository.GetAsync(x => x.RoleId == dto.RoleId);
        if (model is null)
        {
            model = _mapper.Map<SystemAuthority>(dto);
            await _systemAuthorityRepository.AddAsync(model);
        }
        else
        {
            _mapper.Map(dto, model);
            await _systemAuthorityRepository.UpdateAsync(model);
        }
        _rolePermissionsCacheManager.RemovePermissions(dto.RoleCode);
    }

    /// <summary>
    /// 获取角色权限
    /// </summary>
    /// <param name="roleid"></param>
    /// <returns></returns>
    [Permission(EPermission.GetAuthority)]
    [HttpGet("getauthority")]
    public async Task<SystemAuthority?> GetAuthority(string roleid)
    {
        return await _systemAuthorityRepository.GetAsync(x => x.RoleId == roleid, HttpContext.RequestAborted);
    }

    #endregion

    #region 数据权限管理

    /// <summary>
    /// 获取数据表
    /// </summary>
    /// <returns></returns>
    [HttpGet("datatable-list")]
    [Obsolete]
    public async Task<IReadOnlyList<SystemDataTable>> GetDataTable()
    {
        return await _systemDataTableRepository.Queryable().ToListAsync();
    }

    /// <summary>
    /// 获取数据表
    /// </summary>
    [HttpGet("tables")]
    public IReadOnlyList<KeyValuePair<string, string>> GetTables([FromServices] ISugarUnitOfWork<HotlineDbContext> uow)
    {
        var tables = uow.Db.DbMaintenance.GetTableInfoList(false)
            .Where(d => !string.IsNullOrEmpty(d.Description))
            .Select(d => new KeyValuePair<string, string>(d.Name, d.Description))
            .ToList();

        return tables;
    }

    /// <summary>
    /// 新增数据权限
    /// </summary>
    /// <param name="dto"></param>
    /// <returns></returns>
    [Permission(EPermission.AddDataAuthority)]
    [HttpPost("add-data-authority")]
    [Obsolete]
    public async Task AddDataAuthority([FromBody] AddAccessLevelDto dto)
    {
        var dataAuthority = _mapper.Map<SystemDataAuthority>(dto);
        await _systemDataAuthorityRepository.AddAsync(dataAuthority);
    }

    /// <summary>
    /// 新增数据权限
    /// </summary>
    [HttpPost("accesslevel")]
    public async Task<string> AddAccessLevel([FromBody] AddAccessLevelDto dto)
    {
        var access = _mapper.Map<TableAccessLevel>(dto);
        await _tableAccessLevelRepository.AddAsync(access, HttpContext.RequestAborted);
        _tableAccessLevelCacheManager.Reload();
        return access.Id;
    }

    /// <summary>
    /// 修改数据权限
    /// </summary>
    /// <param name="dto"></param>
    /// <returns></returns>
    [Permission(EPermission.UpdateDataAuthority)]
    [HttpPost("update-data-authority")]
    [Obsolete]
    public async Task UpdateDataAuthority([FromBody] UpdateDataAuthorityDto dto)
    {
        var entity = await _systemDataAuthorityRepository.GetAsync(x => x.Id == dto.Id, HttpContext.RequestAborted);
        if (entity is null)
            throw UserFriendlyException.SameMessage("无效数据");

        _mapper.Map(dto, entity);
        await _systemDataAuthorityRepository.UpdateAsync(entity, HttpContext.RequestAborted);
    }

    /// <summary>
    /// 修改数据权限
    /// </summary>
    [HttpPut("accesslevel")]
    public async Task UpdateAccessLevel([FromBody] UpdateDataAuthorityDto dto)
    {
        var access = await _tableAccessLevelRepository.GetAsync(dto.Id, HttpContext.RequestAborted);
        if (access is null)
            throw UserFriendlyException.SameMessage("无效accesslevel编号");
        _mapper.Map(dto, access);
        await _tableAccessLevelRepository.UpdateAsync(access, HttpContext.RequestAborted);
        _tableAccessLevelCacheManager.Reload();
    }

    /// <summary>
    /// 删除数据权限
    /// </summary>
    /// <param name="id"></param>
    /// <returns></returns>
    [Permission(EPermission.RemoveDataAuthority)]
    [HttpDelete("remove-data-authority/{id}")]
    [Obsolete]
    public async Task RemoveDataAuthority(string id)
    {
        var entity = await _systemDataAuthorityRepository.GetAsync(id, HttpContext.RequestAborted);
        if (entity is null)
            throw UserFriendlyException.SameMessage("无效数据");

        await _systemDataAuthorityRepository.RemoveAsync(id);
    }

    /// <summary>
    /// 删除数据权限
    /// </summary>
    [HttpDelete("accesslevel/{id}")]
    public async Task RemoveAccessLevel(string id)
    {
        await _tableAccessLevelRepository.RemoveAsync(id, cancellationToken: HttpContext.RequestAborted);
        _tableAccessLevelCacheManager.Reload();
    }

    /// <summary>
    /// 获取角色所有数据权限设置
    /// </summary>
    /// <param name="roleid"></param>
    /// <returns></returns>
    [Permission(EPermission.GetDataAuthorityByRole)]
    [HttpGet("getdataauthoritybyrole")]
    [Obsolete]
    public async Task<IReadOnlyList<SystemDataAuthority>> GetDataAuthorityByRole(string roleid)
    {
        return await _systemDataAuthorityRepository.Queryable().Where(x => x.RoleId == roleid).Includes(x => x.Table).Includes(x => x.Role).ToListAsync();
    }


    /// <summary>
    /// 获取角色所有数据权限设置
    /// </summary>
    [HttpGet("{roleId}/accesslevels")]
    public async Task<IReadOnlyList<TableAccessLevel>> GetAccessLevels(string roleId)
    {
        return await _tableAccessLevelRepository.Queryable()
            .Where(d => d.RoleId == roleId)
            .ToListAsync();
    }

    #endregion

    #region private

    private void CheckHttpRequestSuccess(ApiResponse response, string msg)
    {
        if (response == null || !response.IsSuccess)
            throw new UserFriendlyException($"identity service request failed: {msg}");
    }

    #endregion
}