Blame view

泰额版/Food Labeling Management Code/Yi.Abp.Net8/module/food-labeling-us/FoodLabeling.Application/Helpers/ReportsRoleHelper.cs 2.36 KB
59e51671   “wangming”   1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
  using Volo.Abp.Users;
  using Yi.Framework.Rbac.Domain.Shared.Consts;
  
  namespace FoodLabeling.Application.Helpers;
  
  /// <summary>
  /// Reports 模块角色判断(与 JWT 中角色声明一致)
  /// </summary>
  public static class ReportsRoleHelper
  {
      /// <summary>
      /// 是否为「可查看全部用户打印数据」的管理员:
      /// <list type="bullet">
      /// <item>标准 <see cref="ICurrentUser.Roles"/> 中含角色码 <c>admin</c>(普通账号绑定 RoleCode=admin 时走此路径);</item>
      /// <item>内置超管:用户名 <c>admin</c>  JWT 使用自定义 claim <c>Roles</c>,不写多条 <c>role</c>,需单独识别;</item>
      /// <item>超管权限 claim <c>Permission</c>  <c>*:*:*</c> 时视为管理员。</item>
      /// </list>
      /// </summary>
      public static bool IsAdminRole(ICurrentUser currentUser)
      {
          if (currentUser.Id is null)
          {
              return false;
          }
  
          var userName = currentUser.UserName?.Trim();
          if (!string.IsNullOrWhiteSpace(userName) &&
              string.Equals(userName, UserConst.Admin, StringComparison.OrdinalIgnoreCase))
          {
              return true;
          }
  
          foreach (var c in currentUser.FindClaims(TokenTypeConst.Permission))
          {
              if (!string.IsNullOrWhiteSpace(c.Value) &&
                  string.Equals(c.Value.Trim(), UserConst.AdminPermissionCode, StringComparison.Ordinal))
              {
                  return true;
              }
          }
  
          var rolesClaim = currentUser.FindClaims(TokenTypeConst.Roles).Select(x => x.Value).FirstOrDefault();
          if (!string.IsNullOrWhiteSpace(rolesClaim))
          {
              foreach (var part in rolesClaim.Split(',', StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries))
              {
                  if (string.Equals(part, UserConst.AdminRolesCode, StringComparison.OrdinalIgnoreCase))
                  {
                      return true;
                  }
              }
          }
  
          if (currentUser.Roles is not null)
          {
              foreach (var r in currentUser.Roles)
              {
                  if (!string.IsNullOrWhiteSpace(r) &&
                      string.Equals(r.Trim(), UserConst.AdminRolesCode, StringComparison.OrdinalIgnoreCase))
                  {
                      return true;
                  }
              }
          }
  
          return false;
      }
  }