109 lines
3.5 KiB
C#
109 lines
3.5 KiB
C#
using Microsoft.AspNetCore.Mvc;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using LingAdmin.AuthorizationService.Services;
|
|
using LingAdmin.Shared.DTOs;
|
|
using System.Security.Claims;
|
|
|
|
namespace LingAdmin.AuthorizationService.Controllers;
|
|
|
|
/// <summary>
|
|
/// 授权控制器 - 处理权限验证和查询
|
|
/// </summary>
|
|
[ApiController]
|
|
[Route("api/[controller]")]
|
|
public class AuthorizationController : ControllerBase
|
|
{
|
|
private readonly IRoleService _roleService;
|
|
private readonly IPermissionService _permissionService;
|
|
private readonly ILogger<AuthorizationController> _logger;
|
|
|
|
public AuthorizationController(
|
|
IRoleService roleService,
|
|
IPermissionService permissionService,
|
|
ILogger<AuthorizationController> logger)
|
|
{
|
|
_roleService = roleService;
|
|
_permissionService = permissionService;
|
|
_logger = logger;
|
|
}
|
|
|
|
/// <summary>
|
|
/// 获取用户的角色和权限(用于服务间调用)
|
|
/// </summary>
|
|
[HttpGet("users/{userId}/permissions")]
|
|
public async Task<ActionResult<ApiResponse<UserPermissionsDto>>> GetUserPermissions(int userId)
|
|
{
|
|
var result = await _permissionService.GetUserRolesAndPermissionsAsync(userId);
|
|
return Ok(ApiResponse<UserPermissionsDto>.Ok(result));
|
|
}
|
|
|
|
/// <summary>
|
|
/// 获取用户的角色列表
|
|
/// </summary>
|
|
[HttpGet("users/{userId}/roles")]
|
|
public async Task<ActionResult<ApiResponse<IEnumerable<RoleDto>>>> GetUserRoles(int userId)
|
|
{
|
|
var roles = await _roleService.GetUserRoleDetailsAsync(userId);
|
|
return Ok(ApiResponse<IEnumerable<RoleDto>>.Ok(roles));
|
|
}
|
|
|
|
/// <summary>
|
|
/// 检查用户是否有指定权限
|
|
/// </summary>
|
|
[HttpGet("users/{userId}/check")]
|
|
public async Task<ActionResult<object>> CheckPermission(int userId, [FromQuery] string permission)
|
|
{
|
|
var hasPermission = await _permissionService.HasPermissionAsync(userId, permission);
|
|
return Ok(new { HasPermission = hasPermission });
|
|
}
|
|
|
|
/// <summary>
|
|
/// 获取当前用户的权限
|
|
/// </summary>
|
|
[Authorize]
|
|
[HttpGet("me/permissions")]
|
|
public async Task<ActionResult<UserPermissionsDto>> GetMyPermissions()
|
|
{
|
|
var userId = GetCurrentUserId();
|
|
if (userId == null)
|
|
{
|
|
return Unauthorized();
|
|
}
|
|
|
|
var result = await _permissionService.GetUserRolesAndPermissionsAsync(userId.Value);
|
|
return Ok(result);
|
|
}
|
|
|
|
/// <summary>
|
|
/// 获取所有权限列表
|
|
/// </summary>
|
|
[Authorize(Roles = "Admin,SuperAdmin")]
|
|
[HttpGet("permissions")]
|
|
public async Task<ActionResult<ApiResponse<IEnumerable<PermissionDto>>>> GetAllPermissions()
|
|
{
|
|
var permissions = await _permissionService.GetAllPermissionsAsync();
|
|
return Ok(ApiResponse<IEnumerable<PermissionDto>>.Ok(permissions));
|
|
}
|
|
|
|
/// <summary>
|
|
/// 按资源获取权限
|
|
/// </summary>
|
|
[Authorize(Roles = "Admin,SuperAdmin")]
|
|
[HttpGet("permissions/resource/{resource}")]
|
|
public async Task<ActionResult<ApiResponse<IEnumerable<PermissionDto>>>> GetPermissionsByResource(string resource)
|
|
{
|
|
var permissions = await _permissionService.GetPermissionsByResourceAsync(resource);
|
|
return Ok(ApiResponse<IEnumerable<PermissionDto>>.Ok(permissions));
|
|
}
|
|
|
|
private int? GetCurrentUserId()
|
|
{
|
|
var userIdClaim = User.FindFirst(ClaimTypes.NameIdentifier)?.Value;
|
|
if (int.TryParse(userIdClaim, out var userId))
|
|
{
|
|
return userId;
|
|
}
|
|
return null;
|
|
}
|
|
}
|