ReportsRoleHelper.cs
2.36 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
using Volo.Abp.Users;
using Yi.Framework.Rbac.Domain.Shared.Consts;
namespace FoodLabeling.Application.Helpers;
/// <summary>
/// Reports 模块角色判断(与 JWT 中角色声明一致)
/// </summary>
public static class ReportsRoleHelper
{
/// <summary>
/// 是否为「可查看全部用户打印数据」的管理员:
/// <list type="bullet">
/// <item>标准 <see cref="ICurrentUser.Roles"/> 中含角色码 <c>admin</c>(普通账号绑定 RoleCode=admin 时走此路径);</item>
/// <item>内置超管:用户名 <c>admin</c> 时 JWT 使用自定义 claim <c>Roles</c>,不写多条 <c>role</c>,需单独识别;</item>
/// <item>超管权限 claim <c>Permission</c> 为 <c>*:*:*</c> 时视为管理员。</item>
/// </list>
/// </summary>
public static bool IsAdminRole(ICurrentUser currentUser)
{
if (currentUser.Id is null)
{
return false;
}
var userName = currentUser.UserName?.Trim();
if (!string.IsNullOrWhiteSpace(userName) &&
string.Equals(userName, UserConst.Admin, StringComparison.OrdinalIgnoreCase))
{
return true;
}
foreach (var c in currentUser.FindClaims(TokenTypeConst.Permission))
{
if (!string.IsNullOrWhiteSpace(c.Value) &&
string.Equals(c.Value.Trim(), UserConst.AdminPermissionCode, StringComparison.Ordinal))
{
return true;
}
}
var rolesClaim = currentUser.FindClaims(TokenTypeConst.Roles).Select(x => x.Value).FirstOrDefault();
if (!string.IsNullOrWhiteSpace(rolesClaim))
{
foreach (var part in rolesClaim.Split(',', StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries))
{
if (string.Equals(part, UserConst.AdminRolesCode, StringComparison.OrdinalIgnoreCase))
{
return true;
}
}
}
if (currentUser.Roles is not null)
{
foreach (var r in currentUser.Roles)
{
if (!string.IsNullOrWhiteSpace(r) &&
string.Equals(r.Trim(), UserConst.AdminRolesCode, StringComparison.OrdinalIgnoreCase))
{
return true;
}
}
}
return false;
}
}