wip: (idetity)强化系统账号权限的变更拦截，登录日志列表添加默认时间倒序排序

dotnetcore · Oct 5, 2023 · 8fdfbcf · 8fdfbcf
1 parent 01d342f
commit 8fdfbcf
Show file tree

Hide file tree

Showing 5 changed files with 40 additions and 11 deletions.
diff --git a/src/OSharp.Hosting.Apis/Areas/Admin/Controllers/Identity/LoginLogController.cs b/src/OSharp.Hosting.Apis/Areas/Admin/Controllers/Identity/LoginLogController.cs
@@ -34,6 +34,7 @@ public AjaxResult Read(PageRequest request)
     {
         Check.NotNull(request, nameof(request));
 
+        request.AddDefaultSortCondition(new SortCondition("CreatedTime", ListSortDirection.Descending));
         Expression<Func<LoginLog, bool>> exp = FilterService.GetExpression<LoginLog>(request.FilterGroup);
         var page = IdentityContract.LoginLogs.ToPage(exp,
             request.PageCondition,
@@ -44,8 +45,8 @@ public AjaxResult Read(PageRequest request)
             }).ToPageResult(data => data.Select(m => new LoginLogOutputDto(m.D)
         {
             UserName = m.User.UserName,
-            NickName = m.User.NickName
-        }).ToArray());
+            NickName = m.User.NickName,
+}).ToArray());
 
         return new AjaxResult(page.ToPageData());
     }

diff --git a/src/OSharp.Hosting.Apis/Areas/Admin/Controllers/Identity/UserRoleController.cs b/src/OSharp.Hosting.Apis/Areas/Admin/Controllers/Identity/UserRoleController.cs
@@ -49,6 +49,7 @@ public AjaxResult Read(PageRequest request)
         {
             UserName = m.UserName,
             RoleName = m.RoleName,
+            IsLocked = m.D.IsLocked,
             Updatable = updateFunc(m.D),
             Deletable = deleteFunc(m.D)
         }).ToArray());

diff --git a/src/OSharp.Hosting.Core/Identity/Dtos/UserOutputDto.cs b/src/OSharp.Hosting.Core/Identity/Dtos/UserOutputDto.cs
@@ -40,6 +40,7 @@ public UserOutputDto(User u)
         LockoutEnabled = u.LockoutEnabled;
         AccessFailedCount = u.AccessFailedCount;
         IsLocked = u.IsLocked;
+        IsSystem = u.IsSystem;
         CreatedTime = u.CreatedTime;
     }
 
@@ -98,6 +99,11 @@ public UserOutputDto(User u)
     /// </summary>
     public bool IsLocked { get; set; }
 
+    /// <summary>
+    /// 获取或设置 是否系统用户
+    /// </summary>
+    public bool IsSystem { get; set; }
+
     /// <summary>
     /// 获取或设置 创建时间
     /// </summary>

diff --git a/src/OSharp.Hosting.Core/Identity/IdentityService.UserRole.cs b/src/OSharp.Hosting.Core/Identity/IdentityService.UserRole.cs
@@ -1,4 +1,4 @@
-// -----------------------------------------------------------------------
+// -----------------------------------------------------------------------
 //  <copyright file="IdentityService.UserRole.cs" company="OSharp开源团队">
 //      Copyright (c) 2014-2018 OSharp. All rights reserved.
 //  </copyright>
@@ -50,14 +50,21 @@ public IQueryable<UserRole> UserRoles
     /// <returns>业务操作结果</returns>
     public async Task<OperationResult> UpdateUserRoles(params UserRoleInputDto[] dtos)
     {
-        Check2.Validate<UserRoleInputDto,Guid>(dtos, nameof(dtos));
+        Check2.Validate<UserRoleInputDto, Guid>(dtos, nameof(dtos));
 
         List<string> userNames = new List<string>();
         OperationResult result = await UserRoleRepository.UpdateAsync(dtos,
             (dto, entity) =>
             {
-                string userName = UserRoleRepository.QueryAsNoTracking(m => m.UserId == entity.UserId).Select(m => m.User.UserName).FirstOrDefault();
-                userNames.AddIfNotNull(userName);
+                var user = UserRepository.QueryAsNoTracking(m => m.Id == entity.UserId).Select(m => new
+                {
+                    m.UserName, m.IsSystem
+                }).First();
+                if (user.IsSystem)
+                {
+                    throw new OsharpException($"系统用户“{user.UserName}”的角色分配不能更新");
+                }
+                userNames.AddIfNotNull(user.UserName);
                 return Task.FromResult(0);
             });
         if (result.Succeeded && userNames.Count > 0)
@@ -75,17 +82,25 @@ public async Task<OperationResult> UpdateUserRoles(params UserRoleInputDto[] dto
     /// <returns>业务操作结果</returns>
     public async Task<OperationResult> DeleteUserRoles(Guid[] ids)
     {
-        List<string>userNames = new List<string>();
+        List<string> userNames = new List<string>();
         OperationResult result = await UserRoleRepository.DeleteAsync(ids,
             (entity) =>
             {
-                string userName = UserRoleRepository.QueryAsNoTracking(m => m.UserId == entity.UserId).Select(m => m.User.UserName).FirstOrDefault();
-                userNames.AddIfNotNull(userName);
+                var user = UserRepository.QueryAsNoTracking(m => m.Id == entity.UserId).Select(m => new
+                {
+                    m.UserName,
+                    m.IsSystem
+                }).First();
+                if (user.IsSystem)
+                {
+                    throw new OsharpException($"系统用户“{user.UserName}”的角色不能删除");
+                }
+                userNames.AddIfNotNull(user.UserName);
                 return Task.FromResult(0);
             });
         if (result.Succeeded && userNames.Count > 0)
         {
-            OnlineUserCacheRemoveEventData eventData = new OnlineUserCacheRemoveEventData(){UserNames = userNames.ToArray()};
+            OnlineUserCacheRemoveEventData eventData = new OnlineUserCacheRemoveEventData() { UserNames = userNames.ToArray() };
             await EventBus.PublishAsync(eventData);
         }
 
@@ -105,6 +120,11 @@ public async Task<OperationResult> SetUserRoles(int userId, int[] roleIds)
         {
             return new OperationResult(OperationResultType.QueryNull, $"编号为“{userId}”的用户不存在");
         }
+
+        if (user.IsSystem)
+        {
+            return new OperationResult(OperationResultType.Error, $"系统用户“{user.UserName}”不能变更角色");
+        }
         IList<string> roleNames = RoleManager.Roles.Where(m => roleIds.Contains(m.Id)).Select(m => m.Name).ToList();
         IList<string> existRoleNames = await UserManager.GetRolesAsync(user);
         string[] addRoleNames = roleNames.Except(existRoleNames).ToArray();
@@ -148,4 +168,4 @@ public async Task<OperationResult> SetUserRoles(int userId, int[] roleIds)
         return new OperationResult(OperationResultType.Success,
             $"用户“{user.UserName}”添加角色“{addRoleNames.ExpandAndToString()}”，移除角色“{removeRoleNames.ExpandAndToString()}”操作成功");
     }
-}
+}
diff --git a/src/OSharp.Hosting.Core/Identity/IdentityService.cs b/src/OSharp.Hosting.Core/Identity/IdentityService.cs
@@ -33,6 +33,7 @@ public IdentityService(IServiceProvider provider)
 
     protected IEventBus EventBus => _provider.GetService<IEventBus>();
     protected RoleManager<Role> RoleManager => _provider.GetService<RoleManager<Role>>();
+    protected IRepository<User, int> UserRepository => _provider.GetService<IRepository<User, int>>();
     protected IRepository<UserDetail, int> UserDetailRepository => _provider.GetService<IRepository<UserDetail, int>>();
     protected IRepository<UserLogin, Guid> UserLoginRepository => _provider.GetService<IRepository<UserLogin, Guid>>();
     protected IRepository<LoginLog, Guid> LoginLogReqRepository => _provider.GetService<IRepository<LoginLog, Guid>>();