using BaseService.BaseData; using BaseService.BaseData.Permissions.Dto; using BaseService.RelationBaseData; using BaseService.RelationData.Dto; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Identity; using Microsoft.AspNetCore.Mvc; using Omu.ValueInjecter; using System; using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; using Volo.Abp; using Volo.Abp.Application.Dtos; using Volo.Abp.Application.Services; using Volo.Abp.Authorization; using Volo.Abp.Authorization.Permissions; using Volo.Abp.Domain.Repositories; using Volo.Abp.Identity; using Volo.Abp.ObjectExtending; using Volo.Abp.PermissionManagement; using Volo.Abp.Users; using IdentityUser = Volo.Abp.Identity.IdentityUser; namespace BaseService.Systems.UserManagement { [Route("api/base/user")] [Authorize(IdentityPermissions.Users.Default)] public class UserAppService : ApplicationService, IUserAppService { protected IdentityUserManager UserManager { get; } protected IIdentityUserRepository UserRepository { get; } public IIdentityRoleRepository RoleRepository { get; } private readonly IRepository _branchRepository; private readonly IRepository _branchRoleRepository; //权限提供者类 private readonly IAbpAuthorizationPolicyProvider _abpAuthorizationPolicyProvider; private readonly IAuthorizationService _authorizationService; protected ICurrentUser CurrentUsers { get; } /// /// 权限列表 /// protected IPermissionGrantRepository PermissionGrantRepository { get; } public UserAppService( IdentityUserManager userManager, IIdentityUserRepository userRepository, IIdentityRoleRepository roleRepository, IRepository branchRepository, IRepository branchRoleRepository, IAbpAuthorizationPolicyProvider abpAuthorizationPolicyProvider, IAuthorizationService authorizationService, ICurrentUser currentUser, IPermissionGrantRepository permissionGrantRepository) { UserManager = userManager; UserRepository = userRepository; RoleRepository = roleRepository; _branchRepository = branchRepository; _abpAuthorizationPolicyProvider = abpAuthorizationPolicyProvider; _authorizationService = authorizationService; CurrentUsers = currentUser; PermissionGrantRepository = permissionGrantRepository; _branchRoleRepository = branchRoleRepository; } [HttpGet] [Route("{id}")] public async Task GetAsync(Guid id) { var user = await UserManager.GetByIdAsync(id); var dto = Mapper.Map(user); dto.RoleNames = (await UserRepository.GetRoleNamesAsync(id)).ToArray(); return dto; } /// /// 获取当前登录用户信息 /// /// [HttpGet] [Route("current")] [AllowAnonymous] public async Task GetCurrentUserAsync() { var id = CurrentUser.GetId(); var currentUser = await UserManager.GetByIdAsync(id); var dto = ObjectMapper.Map(currentUser); return dto; } [HttpPost] [Authorize(IdentityPermissions.Users.Create)] public async Task CreateAsync(IdentityUserCreateDto input) { var user = new IdentityUser( GuidGenerator.Create(), input.UserName, input.Email, CurrentTenant.Id ); input.MapExtraPropertiesTo(user); (await UserManager.CreateAsync(user, input.Password)).CheckErrors(); await UpdateAsync(user, input); var dto = ObjectMapper.Map(user); await CurrentUnitOfWork.SaveChangesAsync(); return dto; } [HttpPut] [Route("{id}")] [Authorize(IdentityPermissions.Users.Update)] public async Task UpdateAsync(Guid id, IdentityUserUpdateDto input) { var user = await UserManager.GetByIdAsync(id); user.ConcurrencyStamp = input.ConcurrencyStamp; (await UserManager.SetUserNameAsync(user, input.UserName)).CheckErrors(); await UpdateAsync(user, input); input.MapExtraPropertiesTo(user); (await UserManager.UpdateAsync(user)).CheckErrors(); if (!input.Password.IsNullOrEmpty()) { (await UserManager.RemovePasswordAsync(user)).CheckErrors(); (await UserManager.AddPasswordAsync(user, input.Password)).CheckErrors(); } var dto = ObjectMapper.Map(user); await CurrentUnitOfWork.SaveChangesAsync(); return dto; } [HttpGet] public async Task> GetAll(GetIdentityUsersInput input) { var totalCount = await UserRepository.GetCountAsync(input.Filter); var items = await UserRepository.GetListAsync(input.Sorting, input.MaxResultCount, input.SkipCount, input.Filter); var dtos = ObjectMapper.Map, List>(items); return new PagedResultDto(totalCount, dtos); } [HttpGet] [Route("update")] protected virtual async Task UpdateAsync(IdentityUser user, IdentityUserCreateOrUpdateDtoBase input) { if (!string.Equals(user.Email, input.Email, StringComparison.InvariantCultureIgnoreCase)) { (await UserManager.SetEmailAsync(user, input.Email)).CheckErrors(); } if (!string.Equals(user.PhoneNumber, input.PhoneNumber, StringComparison.InvariantCultureIgnoreCase)) { (await UserManager.SetPhoneNumberAsync(user, input.PhoneNumber)).CheckErrors(); } //说明:从3.1升级到3.3后,去掉了TwoFactorEnabled属性 //(await UserManager.SetTwoFactorEnabledAsync(user, input.TwoFactorEnabled)).CheckErrors(); (await UserManager.SetLockoutEnabledAsync(user, input.LockoutEnabled)).CheckErrors(); user.Name = input.Name; user.Surname = input.Surname; if (input.RoleNames != null) { (await UserManager.SetRolesAsync(user, input.RoleNames)).CheckErrors(); } } /// /// 获取当前登录用户的分支信息,绑定分支下拉列表项 /// /// [HttpGet] [Route("current/branches")] [AllowAnonymous] public async Task> GetCurrentUserBranchesAsync() { var branchList = new List(); //获取用户的所有分支 var branchRoles = await GetUserBranchRolesAsync(CurrentUsers.GetId()); var groupBranchRoles = branchRoles.GroupBy(x => x.BranchId) .Select(y => new { xx = new { BranchId = y.Key }, items = y }); foreach (var group in groupBranchRoles ) { var mybranchrole = new BranchRoleDto { BranchId = @group.xx.BranchId, BranchName = (await _branchRepository.GetListAsync()) .FirstOrDefault(_ => _.Id == @group.xx.BranchId)?.Name }; branchList.Add(mybranchrole); } return branchList; } /// /// 根据用户ID,查所有该用户的分支(供用户管理用) /// /// /// [HttpGet] [Route("{userId}/branches")] public async Task> GetUserBranchesAsync(Guid userId) { var branchList = new List(); //获取用户的所有分支 var branchRoles = await GetUserBranchRolesAsync(userId); var groupBranchRoles = branchRoles.GroupBy(x => x.BranchId) .Select(y => new { xx = new { BranchId = y.Key }, items = y }); foreach (var group in groupBranchRoles) { var mybranchrole = new BranchRoleDto { BranchId = @group.xx.BranchId, BranchName = (await _branchRepository.GetListAsync()) .FirstOrDefault(_ => _.Id == @group.xx.BranchId) .Name }; branchList.Add(mybranchrole); } return new ListResultDto(branchList); } /// /// 根据用户ID,获取当前登录用户的所有权限信息,带角色名称 /// /// [HttpGet] [Route("{userId}/granted-permissions")] protected virtual async Task> GetUserGrantedPermissionsAsync(Guid userId) { // var userRoleNames = (await AppService.GetRolesAsync(id)).Items.Select(r => r.Name).ToList(); var listPermiss = new List(); var listRolesName = await UserRepository.GetRoleNamesAsync(userId); if (listRolesName != null) { foreach (var rolename in listRolesName) { var permissionGrantsInRole = await PermissionGrantRepository.GetListAsync(RolePermissionValueProvider.ProviderName, rolename); if (permissionGrantsInRole != null) { foreach (var permiss in permissionGrantsInRole) { listPermiss.Add(permiss); } } } } return listPermiss; } /// /// 获取当前用户的组织信息 /// /// /// protected virtual async Task> GetUserBranchRolesAsync(Guid userId) { var branchList = new List(); //获取当前用户的所有角色 var userRoles = await UserRepository.GetRolesAsync(userId); if (userRoles == null) { throw new BusinessException("当前登录用户没有任何角色信息,请找管理员进行维护!"); } else { //获取所有分支-角色的信息 var allBranchRoles = await _branchRoleRepository.GetListAsync(); if (allBranchRoles != null) { foreach (var role in userRoles) { var branchRoles = allBranchRoles.Where(_ => _.RoleId == role.Id).ToList(); foreach (var branch in branchRoles) { if (branch == null) continue; //该用户没有角色-分支信息 var branchRole = new BranchRole(branch.BranchId, role.Id); branchList.Add(branchRole); } } } else { // Logger.LogDebug("未找到分支和角色的关联信息!"); throw new BusinessException("未找到分支和角色的关联信息!"); } } var dtos = ObjectMapper.Map, List>(branchList); return new List(dtos); } /// /// 重要:根据分支ID,过滤当前登录用户的权限信息 /// /// /// [HttpGet] [Route("{branchId}/auth-config")] public async Task GetAuthConfigAsync(Guid branchId) { var authConfig = new ApplicationAuthes(); var policyNames = await _abpAuthorizationPolicyProvider.GetPoliciesNamesAsync(); foreach (var policyName in policyNames) { authConfig.Policies[policyName] = true; //if (await _authorizationService.IsGrantedAsync(policyName)) //{ // authConfig.GrantedPolicies[policyName] = true; //} } var userPermissList = new List(); var userId = CurrentUsers.GetId(); //获取当前用户的所有权限信息 var getUserPermissions = await GetUserGrantedPermissionsAsync(userId); //获取当前用户的所有分支 var gerUserBranches = await GetUserBranchRolesAsync(userId); if (gerUserBranches == null) { throw new BusinessException("当前登录用户没有任何分支信息,请找管理员进行维护!"); } else { //根据分支ID过滤 var branchRoles = gerUserBranches.Where(_ => _.BranchId == branchId).ToList(); if (!branchRoles.Any()) { throw new BusinessException("当前登录用户在分支【" + branchRoles.FirstOrDefault()?.BranchName + "】中不存在!"); } else { if (getUserPermissions == null) { throw new BusinessException("当前登录用户没有任何权限信息,请找管理员进行维护!"); } else { foreach (var role in branchRoles) { var userPermission = getUserPermissions.Where(_ => _.ProviderKey == role.RoleName); foreach (var permission in userPermission) { authConfig.GrantedPolicies.Add(permission.Name, true); } } } } } return authConfig; } /// /// 重置密码功能 /// /// /// //[HttpPut] //[Route("{userId}/reset-password")] //public async Task ResetPasswordAsync(Guid userId) //{ // var user = await UserManager.FindByIdAsync(userId.ToString()); // string token = await UserManager.GeneratePasswordResetTokenAsync(user); // await UserManager.ResetPasswordAsync(user, token, "1q2w3E*"); // //await UserManager.ResetPasswordAsync(user, token, "123456"); // var dto = ObjectMapper.Map(user); // return dto; //} [HttpPut] [Route("{userId}/reset-password")] [Authorize(IdentityPermissions.Users.Update)] public async Task ResetPasswordAsync(Guid userId) { var user = await UserManager.FindByIdAsync(userId.ToString()); //string token = await UserManager.GeneratePasswordResetTokenAsync(user);//err:No IUserTwoFactorTokenProvider named 'Default' is registered. //await UserManager.ResetPasswordAsync(user, token, "1q2w3E*"); await UserManager.RemovePasswordAsync(user); if (user.PasswordHash == null) { (await UserManager.AddPasswordAsync(user, "123456")).CheckErrors(); } var dto = ObjectMapper.Map(user); return dto; } } }