重构权限检查逻辑

将权限检查逻辑移至 `progName` 不为 null 的条件下，并在此条件下调用 `next()`。调整了对 OPTIONS 请求的处理，确保在权限不足时返回相应的错误信息。
2025-03-10 17:58:37 +08:00 · 2025-03-10 17:58:37 +08:00 · e2ccb07b51
parent fa160cac83
commit e2ccb07b51
1 changed files with 29 additions and 27 deletions
--- a/LFlow.UserManagement/UserMiddleware.cs
+++ b/LFlow.UserManagement/UserMiddleware.cs
@ -28,36 +28,38 @@ namespace LFlow.UserManagement
        /// <param name="next"></param>
        public async Task RunAsync(Microsoft.AspNetCore.Http.HttpContext context, Func<Task> next)
        {
-             var progName = context.GetRouteData()?.Values["controller"]?.ToString();
-        var progAction = context.GetRouteData()?.Values["action"]?.ToString();
-        if (progName != null)
-        {
-            var service = App.GetService<IPermissionService>();
-            var progPermission = service != null ? await service.GetProgPerminssionListAsync(progName) : null;
-            var currentPermission = progPermission?.FirstOrDefault(p => p.PermissionAction == progAction);
-            if (currentPermission == null || currentPermission!.IsPublic)
+            var progName = context.GetRouteData()?.Values["controller"]?.ToString();
+            var progAction = context.GetRouteData()?.Values["action"]?.ToString();
+            if (progName != null)
+            {
+                var service = App.GetService<IPermissionService>();
+                var progPermission = service != null ? await service.GetProgPerminssionListAsync(progName) : null;
+                var currentPermission = progPermission?.FirstOrDefault(p => p.PermissionAction == progAction);
+                if (currentPermission == null || currentPermission!.IsPublic)
+                {
+                    await next();
+                }
+                else
+                {
+                    //TODO 从缓存中根据Token获取用户信息，并判断是否有权限
+                    await context.Response.WriteAsync(JsonConvert.SerializeObject(ApiResult<object>.FailResult("无权限！", 100501)));
+                    var token = context.Request.Cookies["Token"]?.ToString();
+                    if (token != null)
+                    {
+                        var user = selfCache.GetAsync<UserModel>(token!);
+                        var userPermissions = service?.GetPermissions();
+                    }
+                    else
+                    {
+                        await context.Response.WriteAsync(JsonConvert.SerializeObject(ApiResult<object>.FailResult("未登录！", 100500)));
+                    }
+                }
+            }
+            // 预检请求
+            if (context.Request.Method == "OPTIONS")
            {
                await next();
            }
-            else
-            {
-                //TODO 从缓存中根据Token获取用户信息，并判断是否有权限
-                await context.Response.WriteAsync(JsonConvert.SerializeObject(ApiResult<object>.FailResult("无权限！", 100501)));
-                var token = context.Request.Cookies["Token"]?.ToString();
-                if(token != null){
-                    var user =  selfCache.GetAsync<UserModel>(token!);
-                    var userPermissions = service.GetPermissions()
-                }else{
-                    await context.Response.WriteAsync(JsonConvert.SerializeObject(ApiResult<object>.FailResult("未登录！", 100500)));
-                }
-            }
-        }
-        // 预检请求
-        if (context.Request.Method == "OPTIONS")
-        {
-            await next();
-            // context.Response.StatusCode = StatusCodes.Status200OK;
-        }
        }
    }
 }