[feat] 完善数据权限

Author: xianhc

Ape.Volo.Api/Authentication/Jwt/TokenService.cs

@@ -38,6 +38,7 @@ public async Task<Token> IssueTokenAsync(LoginUserInfo loginUserInfo, bool refre
             new(AuthConstants.JwtClaimTypes.Jti, loginUserInfo.UserId.ToString()),
             new(AuthConstants.JwtClaimTypes.Name, loginUserInfo.Account),
             new(AuthConstants.JwtClaimTypes.TenantId, loginUserInfo.TenantId.ToString()),
+            new(AuthConstants.JwtClaimTypes.DeptId, loginUserInfo.DeptId.ToString()),
             new(AuthConstants.JwtClaimTypes.Iat, nowTime.ToUnixTimeStampSecond().ToString()),
             new(AuthConstants.JwtClaimTypes.Ip, loginUserInfo.Ip)
         };

Ape.Volo.Api/Controllers/Auth/AuthorizationController.cs

@@ -124,7 +124,8 @@ public async Task<ActionResult<object>> RefreshToken(string token = "")
         }
 
         var tokenMd5 = token.ToMd5String16();
-        var tokenBlacklist = await _tokenBlacklistService.TableWhere(x => x.AccessToken == tokenMd5).FirstAsync();
+        var tokenBlacklist = await _tokenBlacklistService.TableWhere(x => x.AccessToken == tokenMd5, null, null, true)
+            .FirstAsync();
         if (tokenBlacklist.IsNull())
         {
             var jwtSecurityToken = await _tokenService.ReadJwtToken(token);
@@ -219,9 +220,14 @@ await _apeContext.Cache.RemoveAsync(GlobalConstants.CachePrefix.OnlineKey +
                                             _apeContext.HttpUser.JwtToken.ToMd5String16());
         await _apeContext.Cache.RemoveAsync(GlobalConstants.CachePrefix.UserInfoById +
                                             _apeContext.HttpUser.Id.ToString().ToMd5String16());
-
         await _apeContext.Cache.RemoveAsync(GlobalConstants.CachePrefix.UserMenuById +
                                             _apeContext.HttpUser.Id.ToString().ToMd5String16());
+        await _apeContext.Cache.RemoveAsync(GlobalConstants.CachePrefix.UserPermissionRoles +
+                                            _apeContext.HttpUser.Id.ToString().ToMd5String16());
+        await _apeContext.Cache.RemoveAsync(GlobalConstants.CachePrefix.UserPermissionUrls +
+                                            _apeContext.HttpUser.Id.ToString().ToMd5String16());
+        await _apeContext.Cache.RemoveAsync(GlobalConstants.CachePrefix.UserDataScopeById +
+                                            _apeContext.HttpUser.Id.ToString().ToMd5String16());
 
 
         return Success();

Ape.Volo.Api/Controllers/Permission/DeptController.cs

@@ -9,6 +9,7 @@
 using Ape.Volo.IBusiness.Interface.Permission;
 using Ape.Volo.IBusiness.QueryModel;
 using Ape.Volo.IBusiness.RequestModel;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
 namespace Ape.Volo.Api.Controllers.Permission;
@@ -124,6 +125,19 @@ public async Task<ActionResult<object>> Query(DeptQueryCriteria deptQueryCriteri
         });
     }
 
+
+    [HttpGet]
+    [Route("queryTree")]
+    [Description("树形部门数据")]
+    public async Task<ActionResult<object>> QueryTree()
+    {
+        var deptList = await _departmentService.QueryAllAsync();
+
+        var menuTree = TreeHelper<DepartmentDto>.ListToTrees(deptList, "Id", "ParentId", 0);
+        return menuTree.ToJson();
+    }
+
+
     /// <summary>
     /// 导出部门
     /// </summary>

Ape.Volo.Api/Controllers/Permission/PermissionsController.cs

@@ -51,30 +51,6 @@ public PermissionsController(IRoleService roleService, IMenuService menuService,
     public async Task<ActionResult<object>> QueryAllMenus()
     {
         var menus = await _menuService.QueryAllAsync();
-        foreach (var item in menus)
-        {
-            if (item.Children.Count == 0)
-            {
-                item.Children = null;
-            }
-            else
-            {
-                foreach (var item2 in item.Children)
-                {
-                    if (item2.Children.Count == 0)
-                    {
-                        item2.Children = null;
-                    }
-                    else
-                    {
-                        foreach (var item3 in item2.Children.Where(item3 => item3.Children.Count == 0))
-                        {
-                            item3.Children = null;
-                        }
-                    }
-                }
-            }
-        }
 
         var menuTree = TreeHelper<MenuDto>.ListToTrees(menus, "Id", "ParentId", 0);
         return menuTree.ToJson();

Ape.Volo.Api/Extensions/AuthorizationSetup.cs

@@ -9,6 +9,7 @@
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.IdentityModel.Tokens;
 
@@ -79,7 +80,7 @@ public static void AddAuthorizationSetup(this IServiceCollection services, Confi
                         // 如果过期，把过期信息添加到头部
                         if (context.Exception.GetType() == typeof(SecurityTokenExpiredException))
                         {
-                            context.Response.Headers.Add("Token-Expired", "true");
+                            context.Response.Headers.Append("Token-Expired", "true");
                         }
 
                         return Task.CompletedTask;

Ape.Volo.Api/Extensions/SqlSugarSetup.cs

@@ -9,10 +9,12 @@
 using Ape.Volo.Common.Extensions;
 using Ape.Volo.Common.Global;
 using Ape.Volo.Common.Helper;
+using Ape.Volo.Common.Helper.Serilog;
 using Ape.Volo.Common.Model;
 using Ape.Volo.Common.SnowflakeIdHelper;
 using Ape.Volo.Common.WebApp;
 using Ape.Volo.Entity.Base;
+using Ape.Volo.IBusiness.Interface.Permission;
 using Microsoft.Extensions.DependencyInjection;
 using Serilog;
 using SqlSugar;
@@ -26,6 +28,8 @@ namespace Ape.Volo.Api.Extensions;
 /// </summary>
 public static class SqlSugarSetup
 {
+    private static readonly ILogger Logger = SerilogManager.GetLogger(typeof(SqlSugarSetup));
+
     public static void AddSqlSugarSetup(this IServiceCollection services, Configs configs)
     {
         if (services.IsNull())
@@ -98,7 +102,7 @@ public static void AddSqlSugarSetup(this IServiceCollection services, Configs co
                 MoreSettings = new ConnMoreSettings
                 {
                     IsAutoRemoveDataCache = true,
-                    SqlServerCodeFirstNvarchar = true, //sqlserver默认使用nvarchar
+                    SqlServerCodeFirstNvarchar = true //sqlserver默认使用nvarchar
                 },
                 ConfigureExternalServices = new ConfigureExternalServices
                 {
@@ -152,6 +156,9 @@ public static void AddSqlSugarSetup(this IServiceCollection services, Configs co
                         //租户
                         sugarScopeProvider.ConfiguringTenantFilter();
 
+                        //数据权限  这个要放在最后
+                        sugarScopeProvider.ConfiguringUserDataScopeFilter();
+
                         #endregion
 
                         #region 读写事件
@@ -193,6 +200,8 @@ private static void DataExecuting(object value, DataFilterModel entityInfo)
             rootEntity.Id = IdHelper.GetLongId();
         }
 
+        #region BaseEntity
+
         if (entityInfo.EntityValue is BaseEntity baseEntity)
         {
             switch (entityInfo.OperationType)
@@ -212,31 +221,88 @@ private static void DataExecuting(object value, DataFilterModel entityInfo)
             }
 
             var httpUser = AutofacHelper.GetService<IHttpUser>();
-            if (httpUser.IsNull()) return;
-            switch (entityInfo.OperationType)
+            if (httpUser.IsNotNull() && !httpUser.Account.IsNullOrEmpty())
             {
-                case DataFilterType.InsertByObject:
+                switch (entityInfo.OperationType)
                 {
-                    if (baseEntity.CreateBy.IsNullOrEmpty())
+                    case DataFilterType.InsertByObject:
                     {
-                        baseEntity.CreateBy = httpUser.Account;
-                    }
+                        if (baseEntity.CreateBy.IsNullOrEmpty())
+                        {
+                            baseEntity.CreateBy = httpUser.Account;
+                        }
 
-                    if (baseEntity is ITenantEntity tenant && httpUser.TenantId > 0)
-                    {
-                        if (tenant.TenantId == 0)
+                        var tenant = baseEntity as ITenantEntity;
+                        if (tenant != null && httpUser.TenantId > 0)
                         {
-                            tenant.TenantId = httpUser.TenantId;
+                            if (tenant.TenantId == 0)
+                            {
+                                tenant.TenantId = httpUser.TenantId;
+                            }
                         }
+
+                        break;
+                    }
+                    case DataFilterType.UpdateByObject:
+                        baseEntity.UpdateBy = httpUser.Account;
+                        break;
+                }
+            }
+        }
+
+        #endregion
+
+        #region BaseEntityNoDataScope
+
+        if (entityInfo.EntityValue is BaseEntityNoDataScope baseEntityNoDataScope)
+        {
+            switch (entityInfo.OperationType)
+            {
+                case DataFilterType.InsertByObject:
+                {
+                    if (baseEntityNoDataScope.CreateTime == DateTime.MinValue)
+                    {
+                        baseEntityNoDataScope.CreateTime = DateTime.Now;
                     }
 
                     break;
                 }
                 case DataFilterType.UpdateByObject:
-                    baseEntity.UpdateBy = httpUser.Account;
+                    baseEntityNoDataScope.UpdateTime = DateTime.Now;
                     break;
             }
+
+            var httpUser = AutofacHelper.GetService<IHttpUser>();
+            if (httpUser.IsNotNull() && !httpUser.Account.IsNullOrEmpty())
+            {
+                switch (entityInfo.OperationType)
+                {
+                    case DataFilterType.InsertByObject:
+                    {
+                        if (baseEntityNoDataScope.CreateBy.IsNullOrEmpty())
+                        {
+                            baseEntityNoDataScope.CreateBy = httpUser.Account;
+                        }
+
+                        var tenant = baseEntityNoDataScope as ITenantEntity;
+                        if (tenant != null && httpUser.TenantId > 0)
+                        {
+                            if (tenant.TenantId == 0)
+                            {
+                                tenant.TenantId = httpUser.TenantId;
+                            }
+                        }
+
+                        break;
+                    }
+                    case DataFilterType.UpdateByObject:
+                        baseEntityNoDataScope.UpdateBy = httpUser.Account;
+                        break;
+                }
+            }
         }
+
+        #endregion
     }
 
     #endregion
@@ -339,4 +405,45 @@ private static void ConfiguringTenantFilter(this SqlSugarScopeProvider db)
             db.QueryFilter.AddTableFilter<ITenantEntity>(it => it.TenantId == httpUser.TenantId);
         }
     }
+
+    /// <summary>
+    /// 配置用户数据权限
+    /// </summary>
+    /// <param name="db"></param>
+    private static void ConfiguringUserDataScopeFilter(this SqlSugarScopeProvider db)
+    {
+        var httpUser = AutofacHelper.GetService<IHttpUser>();
+        if (httpUser.IsNull() || httpUser.Account.IsNullOrEmpty()) return;
+        var dataScopeService = AutofacHelper.GetService<IDataScopeService>();
+        if (dataScopeService == null) return;
+
+        try
+        {
+            var accounts = AsyncHelper.RunSync(() =>
+                dataScopeService.GetDataScopeAccountsAsync(httpUser.Id));
+            if (accounts.Count > 0)
+            {
+                if (accounts.Count == 1)
+                {
+                    if (!accounts[0].Equals("All"))
+                    {
+                        db.QueryFilter.AddTableFilter<ICreateByEntity>(it => it.CreateBy == accounts[0]);
+                    }
+                }
+                else
+                {
+                    db.QueryFilter.AddTableFilter<ICreateByEntity>(it => accounts.Contains(it.CreateBy));
+                }
+            }
+            else
+            {
+                db.QueryFilter.AddTableFilter<ICreateByEntity>(it => it.CreateBy == httpUser.Account);
+            }
+        }
+        catch (Exception e)
+        {
+            Logger.Fatal("配置用户数据权限错误：\r\n" + ExceptionHelper.GetExceptionAllMsg(e));
+            db.QueryFilter.AddTableFilter<ICreateByEntity>(it => it.CreateBy == httpUser.Account);
+        }
+    }
 }

Ape.Volo.Api/wwwroot/resources/db/sys_apis.tsv

@@ -12,7 +12,7 @@
     {
         "group":"授权管理",
         "url":"/auth/refreshtoken",
-        "description":"刷新Token",
+        "description":"刷新Token(必需)",
         "method":"POST",
         "isDeleted":false,
         "createBy":"apevolo",
@@ -22,7 +22,7 @@
     {
         "group":"授权管理",
         "url":"/auth/info",
-        "description":"个人信息",
+        "description":"个人信息(必需)",
         "method":"GET",
         "isDeleted":false,
         "createBy":"apevolo",
@@ -322,7 +322,7 @@
     {
         "group":"菜单管理",
         "url":"/api/menu/build",
-        "description":"构建菜单",
+        "description":"构建菜单(必需)",
         "method":"GET",
         "isDeleted":false,
         "createBy":"apevolo",
@@ -1128,5 +1128,15 @@
         "createBy":"apevolo",
         "CreateTime":"\/Date(1609430400000+0800)\/",
         "id":"1763017911204581312"
-    }
+    },
+    {
+        "group":"部门管理",
+        "url":"/api/dept/queryTree",
+        "description":"获取部门树形数据",
+        "method":"GET",
+        "isDeleted":false,
+        "createBy":"apevolo",
+        "CreateTime":"\/Date(1609430400000+0800)\/",
+        "id":"1763017911204581313"
+    },
 ]

Ape.Volo.Api/wwwroot/resources/db/sys_dict.tsv

@@ -97,5 +97,16 @@
     "UpdateBy": null,
     "UpdateTime": null,
     "IsDeleted": false
+  },
+  {
+    "Id": "1799832924720205825",
+    "DictType": 2,
+    "Name": "data_scope_type",
+    "Description": "数据权限",
+    "CreateBy": "apevolo",
+    "CreateTime": "/Date(1609430400000+0800)/",
+    "UpdateBy": null,
+    "UpdateTime": null,
+    "IsDeleted": false
   }
 ]