Skip to content

Commit 14350a1

Browse files
liaozbliaozb
committed
#增加权限验证#
1 parent b6eb3ab commit 14350a1

File tree

9 files changed

+209
-106
lines changed

9 files changed

+209
-106
lines changed

APIJSON.NET/APIJSON.NET.sln

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ Microsoft Visual Studio Solution File, Format Version 12.00
33
# Visual Studio 15
44
VisualStudioVersion = 15.0.27703.2035
55
MinimumVisualStudioVersion = 10.0.40219.1
6-
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "APIJSON.NET", "APIJSON.NET\APIJSON.NET.csproj", "{FF647576-A104-4D54-954D-3547B4FDCDB2}"
6+
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "APIJSON.NET", "APIJSON.NET\APIJSON.NET.csproj", "{FF647576-A104-4D54-954D-3547B4FDCDB2}"
77
EndProject
88
Global
99
GlobalSection(SolutionConfigurationPlatforms) = preSolution

APIJSON.NET/APIJSON.NET/APIJSON.NET.csproj

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,4 +18,6 @@
1818
<PackageReference Include="Swashbuckle.AspNetCore.Swagger" Version="3.0.0" />
1919
</ItemGroup>
2020

21+
<ProjectExtensions><VisualStudio><UserProperties /></VisualStudio></ProjectExtensions>
22+
2123
</Project>

APIJSON.NET/APIJSON.NET/Controllers/HomeController.cs

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
using System;
2+
using System.Collections.Generic;
3+
using System.Linq;
4+
using System.Threading.Tasks;
5+
using Microsoft.AspNetCore.Mvc;
6+
7+
namespace APIJSON.NET.Controllers
8+
{
9+
public class HomeController : Controller
10+
{
11+
public IActionResult Index()
12+
{
13+
return Redirect("/swagger");
14+
}
15+
}
16+
}

APIJSON.NET/APIJSON.NET/Controllers/JsonController.cs

Lines changed: 58 additions & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -2,24 +2,29 @@
22
{
33
using System;
44
using System.Collections.Generic;
5+
using System.Security.Claims;
56
using System.Web;
7+
using APIJSON.NET.Models;
68
using Microsoft.AspNetCore.Mvc;
9+
using Microsoft.Extensions.Configuration;
710
using Microsoft.Extensions.Options;
811
using Newtonsoft.Json.Linq;
912
using SqlSugar;
10-
13+
using System.Linq;
1114
[Route("api/[controller]")]
1215
[ApiController]
1316
public class JsonController : ControllerBase
1417
{
15-
private DbOptions _options;
16-
private JsonToSql sqlbuilder;
18+
19+
private JsonToSql jsonToSql;
1720
private DbContext db;
18-
public JsonController(IOptions<DbOptions> options, JsonToSql jsonToSql, DbContext _db)
21+
protected List<Role> roles;
22+
public JsonController(JsonToSql jsonTo, DbContext _db, IOptions<List<Role>> _roles)
1923
{
20-
_options = options.Value;
21-
sqlbuilder = jsonToSql;
24+
25+
jsonToSql = jsonTo;
2226
db = _db;
27+
roles = _roles.Value;
2328
}
2429
/// <summary>
2530
/// 查询
@@ -43,21 +48,17 @@ public ActionResult Query([FromBody]string json)
4348
{
4449
var htt = new JArray();
4550
var jb = JObject.Parse(item.Value.ToString());
46-
int page = jb["page"] == null ? 0 : int.Parse(jb["page"].ToString()), count = jb["count"] == null ? 0 : int.Parse(jb["count"].ToString())
47-
, query = jb["query"] == null ? 0 : int.Parse(jb["query"].ToString());
48-
jb.Remove("page");
49-
jb.Remove("count");
50-
List<string> tables = new List<string>();
51-
List<string> where = new List<string>();
51+
int page = jb["page"] == null ? 0 : int.Parse(jb["page"].ToString()), count = jb["count"] == null ? 0 : int.Parse(jb["count"].ToString()) , query = jb["query"] == null ? 0 : int.Parse(jb["query"].ToString());
52+
jb.Remove("page");jb.Remove("count");
53+
List<string> tables = new List<string>(), where = new List<string>();
5254
foreach (var t in jb)
5355
{
54-
tables.Add(t.Key);
55-
where.Add(t.Value.ToString());
56+
tables.Add(t.Key); where.Add(t.Value.ToString());
5657
}
5758
if (tables.Count > 0)
5859
{
5960
string table = tables[0];
60-
var template = sqlbuilder.GetTableData(table, page, count, where[0], null);
61+
var template = jsonToSql.GetTableData(table, page, count, where[0], null, User.FindFirstValue(ClaimTypes.Role));
6162
foreach (var dd in template)
6263
{
6364
var zht = new JObject();
@@ -71,21 +72,21 @@ public ActionResult Query([FromBody]string json)
7172
var jbb = JObject.Parse(where[i]);
7273
page = jbb["page"] == null ? 0 : int.Parse(jbb["page"].ToString());
7374
count = jbb["count"] == null ? 0 : int.Parse(jbb["count"].ToString());
74-
template = sqlbuilder.GetTableData(subtable, page, count, jbb[subtable].ToString(), zht);
75+
7576
var lt = new JArray();
76-
foreach (var d in template)
77+
foreach (var d in jsonToSql.GetTableData(subtable, page, count, jbb[subtable].ToString(), zht, User.FindFirstValue(ClaimTypes.Role)))
7778
{
7879
lt.Add(JToken.FromObject(d));
7980
}
8081
zht.Add(tables[i], lt);
8182
}
8283
else
8384
{
84-
template = sqlbuilder.GetTableData(subtable, 0, 0, where[i].ToString(), zht);
85+
var ddf = jsonToSql.GetTableData(subtable, 0, 0, where[i].ToString(), zht, User.FindFirstValue(ClaimTypes.Role));
8586

86-
if (template != null)
87+
if (ddf != null)
8788
{
88-
zht.Add(subtable, JToken.FromObject(template));
89+
zht.Add(subtable, JToken.FromObject(ddf));
8990
}
9091

9192
}
@@ -97,16 +98,15 @@ public ActionResult Query([FromBody]string json)
9798
}
9899
else if (key.EndsWith("[]"))
99100
{
100-
101+
101102
var htt = new JArray();
102103
var jb = JObject.Parse(item.Value.ToString());
103104
int page = jb["page"] == null ? 0 : int.Parse(jb["page"].ToString()), count = jb["count"] == null ? 0 : int.Parse(jb["count"].ToString());
104105
jb.Remove("page");
105106
jb.Remove("count");
106107
foreach (var t in jb)
107108
{
108-
var template = sqlbuilder.GetTableData(t.Key, page, count, t.Value.ToString(), null);
109-
foreach (var d in template)
109+
foreach (var d in jsonToSql.GetTableData(t.Key, page, count, t.Value.ToString(), null, User.FindFirstValue(ClaimTypes.Role)))
110110
{
111111
htt.Add(JToken.FromObject(d));
112112
}
@@ -115,7 +115,7 @@ public ActionResult Query([FromBody]string json)
115115
}
116116
else
117117
{
118-
var template = sqlbuilder.GetTableData(key, 0, 0, item.Value.ToString(), ht);
118+
var template = jsonToSql.GetTableData(key, 0, 0, item.Value.ToString(), ht, User.FindFirstValue(ClaimTypes.Role));
119119
if (template != null)
120120
{
121121
ht.Add(key, JToken.FromObject(template));
@@ -147,26 +147,29 @@ public ActionResult Add([FromBody]string json)
147147
{
148148
JObject jobject = JObject.Parse(json);
149149
var sb = new System.Text.StringBuilder(100);
150-
150+
151151
foreach (var item in jobject)
152152
{
153153
string key = item.Key.Trim();
154-
154+
var role = jsonToSql.GetRole(User.FindFirstValue(ClaimTypes.Role));
155+
if (!role.Insert.Table.Contains(key, StringComparer.CurrentCultureIgnoreCase))
156+
{
157+
ht["code"] = "500";
158+
ht["msg"] = $"没权限添加{key}";
159+
break;
160+
}
155161
var dt = new Dictionary<string, object>();
156162
foreach (var f in JObject.Parse(item.Value.ToString()))
157163
{
158-
dt.Add(f.Key, f.Value);
164+
if (f.Key.ToLower() != "id" && role.Insert.Column.Contains(f.Key, StringComparer.CurrentCultureIgnoreCase))
165+
dt.Add(f.Key, f.Value);
159166
}
160-
161167
int id = db.Db.Insertable(dt).AS(key).ExecuteReturnIdentity();
162168
ht.Add(key, JToken.FromObject(new { code = 200, msg = "success", id }));
163-
164169
}
165-
166170
}
167171
catch (Exception ex)
168172
{
169-
170173
ht["code"] = "500";
171174
ht["msg"] = ex.Message;
172175
}
@@ -187,22 +190,30 @@ public ActionResult Edit([FromBody]string json)
187190
try
188191
{
189192
JObject jobject = JObject.Parse(json);
190-
193+
191194
foreach (var item in jobject)
192195
{
193196
string key = item.Key.Trim();
197+
var role = jsonToSql.GetRole(User.FindFirstValue(ClaimTypes.Role));
198+
if (!role.Update.Table.Contains(key, StringComparer.CurrentCultureIgnoreCase))
199+
{
200+
ht["code"] = "500";
201+
ht["msg"] = $"没权限修改{key}";
202+
break;
203+
}
194204
var value = JObject.Parse(item.Value.ToString());
195205
if (!value.ContainsKey("id"))
196206
{
197207
ht["code"] = "500";
198208
ht["msg"] = "未传主键id";
199209
break;
200210
}
211+
201212
var dt = new Dictionary<string, object>();
202213
dt.Add("id", value["id"]);
203214
foreach (var f in value)
204215
{
205-
if (f.Key.ToLower() != "id")
216+
if (f.Key.ToLower() != "id"&& role.Update.Column.Contains(f.Key, StringComparer.CurrentCultureIgnoreCase))
206217
{
207218
dt.Add(f.Key, f.Value);
208219
}
@@ -233,14 +244,26 @@ public ActionResult Remove([FromBody]string json)
233244
ht.Add("msg", "success");
234245
try
235246
{
247+
var role = jsonToSql.GetRole(User.FindFirstValue(ClaimTypes.Role));
236248
JObject jobject = JObject.Parse(json);
237-
238249
foreach (var item in jobject)
239250
{
240251
string key = item.Key.Trim();
241252
var value = JObject.Parse(item.Value.ToString());
242253
var sb = new System.Text.StringBuilder(100);
243254
sb.Append($"delete [{key}] where");
255+
if (role.Delete==null||role.Delete.Table==null)
256+
{
257+
ht["code"] = "500";
258+
ht["msg"] = "delete权限未配置";
259+
break;
260+
}
261+
if (!role.Delete.Table.Contains(key,StringComparer.CurrentCultureIgnoreCase))
262+
{
263+
ht["code"] = "500";
264+
ht["msg"] = $"没权限删除{key}";
265+
break;
266+
}
244267
if (!value.ContainsKey("id"))
245268
{
246269
ht["code"] = "500";
@@ -251,14 +274,12 @@ public ActionResult Remove([FromBody]string json)
251274
foreach (var f in value)
252275
{
253276
sb.Append($"{f.Key}=@{f.Key},");
254-
255277
p.Add(new SugarParameter($"@{f.Key}", f.Value.ToString()));
256278
}
257-
258279
string sql = sb.ToString().TrimEnd(',');
259280
db.Db.Ado.ExecuteCommand(sql, p);
260281
ht.Add(key, JToken.FromObject(new { code = 200, msg = "success", id = value["id"].ToString() }));
261-
282+
262283
}
263284
}
264285
catch (Exception ex)

0 commit comments

Comments
 (0)