如果用户具有{Self}权限级别。他们只能查看自己创建的楼层。
如果用户的权限级别为{角色}。他们可以查看根据指定角色分配的所有楼层。
权限级别的角色分配如下:
Roles: Supervisor,Technician
如果BranchManager具有上述权限级别。然后,他可以查看由他自己创建的地板以及由具有主管或技术人员角色的任何用户创建的地板。权限级别{用户}与{角色}相同。
这是我的IQueryable来获取楼层:
IQueryable<FloorModel> FloorsQueryable = (from f in Floors join b in Branches on f.BranchId equals b.Id where (string.IsNullOrEmpty(filters.Name) || f.Name.ToLower().Contains(filters.Name.ToLower())) && (string.IsNullOrEmpty(filters.BranchName) || b.Name.ToLower().Contains(filters.BranchName.ToLower())) && (f.IsDeleted == null || f.IsDeleted == false) && f.BranchId == CurrentBranchId && f.ApplicationId == CurrentApplicationId select new FloorModel { Id = f.Id, Name = f.Name, Code = f.Code, Branch = new BranchBriefModel() { Id = f.BranchId, Name = b.Name, }, IsActive = f.IsActive ?? false, Description = f.Description, CreatedBy = f.CreatedBy ?? 0, ApplicationId = CurrentApplicationId, }).AsQueryable();
此后,我需要根据权限级别对此查询应用一些自定义过滤器
FloorsQueryable = CustomFilter(FloorsQueryable,CurrentUserId,filters);
CustomFilter代码
public IQueryable<T> CustomFilter<T>(IQueryable<T> query, int CurrentUserId, BaseSearchModel search) where T : BaseModel, new() { var distinctClaims = search.ScreenPermission.Select(x => x.Claim.PermissionLevel).Distinct().ToList(); var viewPermission = search.ScreenPermission.Where(x => x.Name.Contains("View")).FirstOrDefault(); if (viewPermission != null && viewPermission.Claim.PermissionLevel != PermissionLevelCatalog.All) { if (distinctClaims.Any(x => x == PermissionLevelCatalog.Role)) { query = (from q in query join ur in UsersInRoles on q.CreatedBy equals ur.UserId join r in Roles on ur.RoleId equals r.Id select q); } string propertyName = "CreatedBy"; //if (string.IsNullOrEmpty(propertyName)) // return query; // we have parameter "generic" var selectorParameter = Expression.Parameter(typeof(T), "generic"); // constant "CurrentUserId" var searchTermExpression = Expression.Constant(CurrentUserId); // "generic.CreatedBy" var selector = Expression.PropertyOrField(selectorParameter, propertyName); // "generic.CreatedBy == "CurrentUserId" var equal = Expression.Equal(selector, searchTermExpression); // generic => generic.Name == "CurrentUserId" var genericWhere = Expression.Lambda<Func<T, bool>>(equal, selectorParameter); query = query.Where(genericWhere); } return query; }
现在为权限级别{Role},我需要在IQueryable的select子句中添加CreatorRoleId,以在以下代码中应用所需的检查。
if (distinctClaims.Any(x => x == PermissionLevelCatalog.Role)) { query = (from q in query join ur in UsersInRoles on q.CreatedBy equals ur.UserId join r in Roles on ur.RoleId equals r.Id select q ); }
是否有可能如何设置CreatorRoleId的值?类似于以下内容
select {q=>q.CreatorRoleId=r.Id return q;}
这应该是通用的,并且可以为任何IQueryable运行。我不想为项目中的所有查询联接Role和UserInRole表,因为仅当某些用户具有此{Role}权限级别时才需要这些联接。
return query.Where(q => q.CreatorRoleId == r.Id);