697 lines
31 KiB
C#
697 lines
31 KiB
C#
using Microsoft.Extensions.Logging;
|
|
using OrpaonVision.Core.Results;
|
|
using OrpaonVision.Core.Security;
|
|
using OrpaonVision.Model.Security;
|
|
using OrpaonVision.ConfigApp.Infrastructure.Services;
|
|
|
|
namespace OrpaonVision.ConfigApp.Infrastructure.Services;
|
|
|
|
/// <summary>
|
|
/// 用户角色管理服务实现。
|
|
/// </summary>
|
|
public sealed class UserRoleService : IUserRoleService
|
|
{
|
|
private readonly ILogger<UserRoleService> _logger;
|
|
private readonly IUserRoleStore _userRoleStore;
|
|
private readonly IUserStore _userStore;
|
|
private readonly IRoleStore _roleStore;
|
|
|
|
/// <summary>
|
|
/// 构造函数。
|
|
/// </summary>
|
|
public UserRoleService(
|
|
ILogger<UserRoleService> logger,
|
|
IUserRoleStore userRoleStore,
|
|
IUserStore userStore,
|
|
IRoleStore roleStore)
|
|
{
|
|
_logger = logger;
|
|
_userRoleStore = userRoleStore;
|
|
_userStore = userStore;
|
|
_roleStore = roleStore;
|
|
}
|
|
|
|
/// <inheritdoc />
|
|
public async Task<Result> AssignRoleToUser(Guid userId, Guid roleId, string assignedBy)
|
|
{
|
|
try
|
|
{
|
|
_logger.LogInformation("正在为用户分配角色: {UserId} - {RoleId}", userId, roleId);
|
|
|
|
// 检查用户是否存在
|
|
var userResult = await _userStore.GetByIdAsync(userId);
|
|
if (!userResult.Succeeded || userResult.Data == null)
|
|
{
|
|
return Result.Fail("USER_NOT_FOUND", "用户不存在");
|
|
}
|
|
|
|
// 检查角色是否存在
|
|
var roleResult = await _roleStore.GetByIdAsync(roleId);
|
|
if (!roleResult.Succeeded || roleResult.Data == null)
|
|
{
|
|
return Result.Fail("ROLE_NOT_FOUND", "角色不存在");
|
|
}
|
|
|
|
// 检查是否已存在
|
|
var existingResult = await _userRoleStore.GetAssignmentAsync(userId, roleId);
|
|
if (existingResult.Succeeded && existingResult.Data != null)
|
|
{
|
|
return Result.Fail("USER_ROLE_ALREADY_EXISTS", "用户已拥有该角色");
|
|
}
|
|
|
|
// 分配角色
|
|
var assignmentResult = await _userRoleStore.AssignAsync(userId, roleId, assignedBy);
|
|
if (!assignmentResult.Succeeded)
|
|
{
|
|
return assignmentResult;
|
|
}
|
|
|
|
_logger.LogInformation("用户角色分配成功: {UserId} - {RoleId}", userId, roleId);
|
|
return Result.Success("用户角色分配成功");
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
var traceId = Guid.NewGuid().ToString("N");
|
|
_logger.LogError(ex, "分配用户角色失败。TraceId: {TraceId}", traceId);
|
|
var result = Result.FromException(ex, "USER_ROLE_ASSIGN_FAILED", "分配用户角色失败", traceId);
|
|
return Result.FailWithTrace(result.Code, result.Message, result.TraceId ?? traceId, result.Errors.ToArray());
|
|
}
|
|
}
|
|
|
|
/// <inheritdoc />
|
|
public async Task<Result> UnassignRoleFromUser(Guid userId, Guid roleId)
|
|
{
|
|
try
|
|
{
|
|
_logger.LogInformation("正在取消用户角色分配: {UserId} - {RoleId}", userId, roleId);
|
|
|
|
// 检查分配是否存在
|
|
var existingResult = await _userRoleStore.GetAssignmentAsync(userId, roleId);
|
|
if (!existingResult.Succeeded || existingResult.Data == null)
|
|
{
|
|
return Result.Fail("USER_ROLE_NOT_FOUND", "用户角色分配不存在");
|
|
}
|
|
|
|
// 取消分配
|
|
var unassignResult = await _userRoleStore.UnassignAsync(userId, roleId);
|
|
if (!unassignResult.Succeeded)
|
|
{
|
|
return unassignResult;
|
|
}
|
|
|
|
_logger.LogInformation("用户角色分配取消成功: {UserId} - {RoleId}", userId, roleId);
|
|
return Result.Success("用户角色分配取消成功");
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
var traceId = Guid.NewGuid().ToString("N");
|
|
_logger.LogError(ex, "取消用户角色分配失败。TraceId: {TraceId}", traceId);
|
|
var result = Result.FromException(ex, "USER_ROLE_UNASSIGN_FAILED", "取消用户角色分配失败", traceId);
|
|
return Result.FailWithTrace(result.Code, result.Message, result.TraceId ?? traceId, result.Errors.ToArray());
|
|
}
|
|
}
|
|
|
|
/// <inheritdoc />
|
|
public async Task<Result<IReadOnlyList<RoleModel>>> GetUserRoles(Guid userId)
|
|
{
|
|
try
|
|
{
|
|
_logger.LogDebug("获取用户角色: {UserId}", userId);
|
|
|
|
var rolesResult = await _userRoleStore.GetUserRolesAsync(userId);
|
|
if (!rolesResult.Succeeded)
|
|
{
|
|
return Result<IReadOnlyList<RoleModel>>.Fail(rolesResult.Code, rolesResult.Message, rolesResult.Errors.ToArray());
|
|
}
|
|
|
|
_logger.LogDebug("获取用户角色成功: {UserId} - {Count}个角色", userId, rolesResult.Data?.Count ?? 0);
|
|
return Result<IReadOnlyList<RoleModel>>.Success(rolesResult.Data ?? new List<RoleModel>().AsReadOnly());
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
var traceId = Guid.NewGuid().ToString("N");
|
|
_logger.LogError(ex, "获取用户角色失败。TraceId: {TraceId}", traceId);
|
|
var result = Result.FromException(ex, "USER_ROLES_GET_FAILED", "获取用户角色失败", traceId);
|
|
return Result<IReadOnlyList<RoleModel>>.FailWithTrace(result.Code, result.Message, result.TraceId ?? traceId, result.Errors.ToArray());
|
|
}
|
|
}
|
|
|
|
/// <inheritdoc />
|
|
public async Task<Result<IReadOnlyList<UserModel>>> GetRoleUsers(Guid roleId)
|
|
{
|
|
try
|
|
{
|
|
_logger.LogDebug("获取角色用户: {RoleId}", roleId);
|
|
|
|
var usersResult = await _userRoleStore.GetRoleUsersAsync(roleId);
|
|
if (!usersResult.Succeeded)
|
|
{
|
|
return Result<IReadOnlyList<UserModel>>.Fail(usersResult.Code, usersResult.Message, usersResult.Errors.ToArray());
|
|
}
|
|
|
|
_logger.LogDebug("获取角色用户成功: {RoleId} - {Count}个用户", roleId, usersResult.Data?.Count ?? 0);
|
|
return Result<IReadOnlyList<UserModel>>.Success(usersResult.Data ?? new List<UserModel>().AsReadOnly());
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
var traceId = Guid.NewGuid().ToString("N");
|
|
_logger.LogError(ex, "获取角色用户失败。TraceId: {TraceId}", traceId);
|
|
var result = Result.FromException(ex, "ROLE_USERS_GET_FAILED", "获取角色用户失败", traceId);
|
|
return Result<IReadOnlyList<UserModel>>.FailWithTrace(result.Code, result.Message, result.TraceId ?? traceId, result.Errors.ToArray());
|
|
}
|
|
}
|
|
|
|
/// <inheritdoc />
|
|
public async Task<Result<bool>> UserHasRole(Guid userId, Guid roleId)
|
|
{
|
|
try
|
|
{
|
|
_logger.LogDebug("检查用户角色: {UserId} - {RoleId}", userId, roleId);
|
|
|
|
var hasRoleResult = await _userRoleStore.UserHasRoleAsync(userId, roleId);
|
|
if (!hasRoleResult.Succeeded)
|
|
{
|
|
return Result<bool>.Fail(hasRoleResult.Code, hasRoleResult.Message, hasRoleResult.Errors.ToArray());
|
|
}
|
|
|
|
_logger.LogDebug("用户角色检查结果: {UserId} - {RoleId} - {HasRole}", userId, roleId, hasRoleResult.Data);
|
|
return hasRoleResult;
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
var traceId = Guid.NewGuid().ToString("N");
|
|
_logger.LogError(ex, "检查用户角色失败。TraceId: {TraceId}", traceId);
|
|
var result = Result.FromException(ex, "USER_ROLE_CHECK_FAILED", "检查用户角色失败", traceId);
|
|
return Result<bool>.FailWithTrace(result.Code, result.Message, result.TraceId ?? traceId, result.Errors.ToArray());
|
|
}
|
|
}
|
|
|
|
/// <inheritdoc />
|
|
public async Task<Result> RemoveRoleFromUser(Guid userId, Guid roleId, string operatedBy)
|
|
{
|
|
try
|
|
{
|
|
_logger.LogDebug("从用户移除角色: {UserId} - {RoleId} - {OperatedBy}", userId, roleId, operatedBy);
|
|
|
|
var unassignResult = await _userRoleStore.UnassignAsync(userId, roleId);
|
|
if (!unassignResult.Succeeded)
|
|
{
|
|
return Result.Fail(unassignResult.Code, unassignResult.Message, unassignResult.Errors.ToArray());
|
|
}
|
|
|
|
_logger.LogInformation("用户角色移除成功: {UserId} - {RoleId}", userId, roleId);
|
|
return Result.Success(message: "用户角色移除成功");
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
var traceId = Guid.NewGuid().ToString("N");
|
|
_logger.LogError(ex, "从用户移除角色失败。TraceId: {TraceId}", traceId);
|
|
var result = Result.FromException(ex, "REMOVE_ROLE_FROM_USER_FAILED", "从用户移除角色失败", traceId);
|
|
return Result.FailWithTrace(result.Code, result.Message, result.TraceId ?? traceId, result.Errors.ToArray());
|
|
}
|
|
}
|
|
|
|
/// <inheritdoc />
|
|
public async Task<Result> AssignRolesToUser(Guid userId, List<Guid> roleIds, string operatedBy)
|
|
{
|
|
try
|
|
{
|
|
_logger.LogDebug("为用户分配多个角色: {UserId} - {RoleCount} - {OperatedBy}", userId, roleIds.Count, operatedBy);
|
|
|
|
var results = new List<Result>();
|
|
|
|
foreach (var roleId in roleIds)
|
|
{
|
|
var assignResult = await _userRoleStore.AssignAsync(userId, roleId, operatedBy);
|
|
results.Add(assignResult);
|
|
|
|
if (!assignResult.Succeeded)
|
|
{
|
|
_logger.LogWarning("分配角色失败: {UserId} - {RoleId} - {Error}", userId, roleId, assignResult.Message);
|
|
}
|
|
}
|
|
|
|
var failedCount = results.Count(r => !r.Succeeded);
|
|
if (failedCount > 0)
|
|
{
|
|
return Result.Fail("ASSIGN_ROLES_PARTIAL_FAILED", $"部分角色分配失败,失败数量: {failedCount}/{roleIds.Count}");
|
|
}
|
|
|
|
_logger.LogInformation("用户多角色分配成功: {UserId} - {RoleCount}", userId, roleIds.Count);
|
|
return Result.Success(message: "用户多角色分配成功");
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
var traceId = Guid.NewGuid().ToString("N");
|
|
_logger.LogError(ex, "为用户分配多个角色失败。TraceId: {TraceId}", traceId);
|
|
var result = Result.FromException(ex, "ASSIGN_ROLES_TO_USER_FAILED", "为用户分配多个角色失败", traceId);
|
|
return Result.FailWithTrace(result.Code, result.Message, result.TraceId ?? traceId, result.Errors.ToArray());
|
|
}
|
|
}
|
|
|
|
/// <inheritdoc />
|
|
public async Task<Result> RemoveRolesFromUser(Guid userId, List<Guid> roleIds, string operatedBy)
|
|
{
|
|
try
|
|
{
|
|
_logger.LogDebug("从用户移除多个角色: {UserId} - {RoleCount} - {OperatedBy}", userId, roleIds.Count, operatedBy);
|
|
|
|
var results = new List<Result>();
|
|
|
|
foreach (var roleId in roleIds)
|
|
{
|
|
var unassignResult = await _userRoleStore.UnassignAsync(userId, roleId);
|
|
results.Add(unassignResult);
|
|
|
|
if (!unassignResult.Succeeded)
|
|
{
|
|
_logger.LogWarning("移除角色失败: {UserId} - {RoleId} - {Error}", userId, roleId, unassignResult.Message);
|
|
}
|
|
}
|
|
|
|
var failedCount = results.Count(r => !r.Succeeded);
|
|
if (failedCount > 0)
|
|
{
|
|
return Result.Fail("REMOVE_ROLES_PARTIAL_FAILED", $"部分角色移除失败,失败数量: {failedCount}/{roleIds.Count}");
|
|
}
|
|
|
|
_logger.LogInformation("用户多角色移除成功: {UserId} - {RoleCount}", userId, roleIds.Count);
|
|
return Result.Success(message: "用户多角色移除成功");
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
var traceId = Guid.NewGuid().ToString("N");
|
|
_logger.LogError(ex, "从用户移除多个角色失败。TraceId: {TraceId}", traceId);
|
|
var result = Result.FromException(ex, "REMOVE_ROLES_FROM_USER_FAILED", "从用户移除多个角色失败", traceId);
|
|
return Result.FailWithTrace(result.Code, result.Message, result.TraceId ?? traceId, result.Errors.ToArray());
|
|
}
|
|
}
|
|
|
|
/// <inheritdoc />
|
|
public async Task<Result<bool>> CheckUserHasRole(Guid userId, Guid roleId)
|
|
{
|
|
try
|
|
{
|
|
_logger.LogDebug("检查用户角色: {UserId} - {RoleId}", userId, roleId);
|
|
|
|
var hasRoleResult = await _userRoleStore.UserHasRoleAsync(userId, roleId);
|
|
if (!hasRoleResult.Succeeded)
|
|
{
|
|
return Result<bool>.Fail(hasRoleResult.Code, hasRoleResult.Message, hasRoleResult.Errors.ToArray());
|
|
}
|
|
|
|
_logger.LogDebug("用户角色检查结果: {UserId} - {RoleId} - {HasRole}", userId, roleId, hasRoleResult.Data);
|
|
return hasRoleResult;
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
var traceId = Guid.NewGuid().ToString("N");
|
|
_logger.LogError(ex, "检查用户角色失败。TraceId: {TraceId}", traceId);
|
|
var result = Result.FromException(ex, "USER_ROLE_CHECK_FAILED", "检查用户角色失败", traceId);
|
|
return Result<bool>.FailWithTrace(result.Code, result.Message, result.TraceId ?? traceId, result.Errors.ToArray());
|
|
}
|
|
}
|
|
|
|
/// <inheritdoc />
|
|
public async Task<Result<bool>> CheckUserHasRole(Guid userId, string roleName)
|
|
{
|
|
try
|
|
{
|
|
_logger.LogDebug("检查用户角色名称: {UserId} - {RoleName}", userId, roleName);
|
|
|
|
var hasRoleResult = await _userRoleStore.UserHasRoleAsync(userId, roleName);
|
|
if (!hasRoleResult.Succeeded)
|
|
{
|
|
return Result<bool>.Fail(hasRoleResult.Code, hasRoleResult.Message, hasRoleResult.Errors.ToArray());
|
|
}
|
|
|
|
_logger.LogDebug("用户角色名称检查结果: {UserId} - {RoleName} - {HasRole}", userId, roleName, hasRoleResult.Data);
|
|
return hasRoleResult;
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
var traceId = Guid.NewGuid().ToString("N");
|
|
_logger.LogError(ex, "检查用户角色名称失败。TraceId: {TraceId}", traceId);
|
|
var result = Result.FromException(ex, "USER_ROLE_NAME_CHECK_FAILED", "检查用户角色名称失败", traceId);
|
|
return Result<bool>.FailWithTrace(result.Code, result.Message, result.TraceId ?? traceId, result.Errors.ToArray());
|
|
}
|
|
}
|
|
}
|
|
|
|
/// <summary>
|
|
/// 角色权限管理服务实现。
|
|
/// </summary>
|
|
public sealed class RolePermissionService : IRolePermissionService
|
|
{
|
|
private readonly ILogger<RolePermissionService> _logger;
|
|
private readonly IRolePermissionStore _rolePermissionStore;
|
|
private readonly IRoleStore _roleStore;
|
|
private readonly IPermissionStore _permissionStore;
|
|
|
|
/// <summary>
|
|
/// 构造函数。
|
|
/// </summary>
|
|
public RolePermissionService(
|
|
ILogger<RolePermissionService> logger,
|
|
IRolePermissionStore rolePermissionStore,
|
|
IRoleStore roleStore,
|
|
IPermissionStore permissionStore)
|
|
{
|
|
_logger = logger;
|
|
_rolePermissionStore = rolePermissionStore;
|
|
_roleStore = roleStore;
|
|
_permissionStore = permissionStore;
|
|
}
|
|
|
|
/// <inheritdoc />
|
|
public async Task<Result> AssignPermissionToRole(Guid roleId, Guid permissionId, string assignedBy)
|
|
{
|
|
try
|
|
{
|
|
_logger.LogInformation("正在为角色分配权限: {RoleId} - {PermissionId}", roleId, permissionId);
|
|
|
|
// 检查角色是否存在
|
|
var roleResult = await _roleStore.GetByIdAsync(roleId);
|
|
if (!roleResult.Succeeded || roleResult.Data == null)
|
|
{
|
|
return Result.Fail("ROLE_NOT_FOUND", "角色不存在");
|
|
}
|
|
|
|
// 检查权限是否存在
|
|
var permissionResult = await _permissionStore.GetByIdAsync(permissionId);
|
|
if (!permissionResult.Succeeded || permissionResult.Data == null)
|
|
{
|
|
return Result.Fail("PERMISSION_NOT_FOUND", "权限不存在");
|
|
}
|
|
|
|
// 检查是否已存在
|
|
var existingResult = await _rolePermissionStore.GetAssignmentAsync(roleId, permissionId);
|
|
if (existingResult.Succeeded && existingResult.Data != null)
|
|
{
|
|
return Result.Fail("ROLE_PERMISSION_ALREADY_EXISTS", "角色已拥有该权限");
|
|
}
|
|
|
|
// 分配权限
|
|
var assignmentResult = await _rolePermissionStore.AssignAsync(roleId, permissionId, assignedBy);
|
|
if (!assignmentResult.Succeeded)
|
|
{
|
|
return assignmentResult;
|
|
}
|
|
|
|
_logger.LogInformation("角色权限分配成功: {RoleId} - {PermissionId}", roleId, permissionId);
|
|
return Result.Success("角色权限分配成功");
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
var traceId = Guid.NewGuid().ToString("N");
|
|
_logger.LogError(ex, "分配角色权限失败。TraceId: {TraceId}", traceId);
|
|
var result = Result.FromException(ex, "ROLE_PERMISSION_ASSIGN_FAILED", "分配角色权限失败", traceId);
|
|
return Result.FailWithTrace(result.Code, result.Message, result.TraceId ?? traceId, result.Errors.ToArray());
|
|
}
|
|
}
|
|
|
|
/// <inheritdoc />
|
|
public async Task<Result> UnassignPermissionFromRole(Guid roleId, Guid permissionId)
|
|
{
|
|
try
|
|
{
|
|
_logger.LogInformation("正在取消角色权限分配: {RoleId} - {PermissionId}", roleId, permissionId);
|
|
|
|
// 检查分配是否存在
|
|
var existingResult = await _rolePermissionStore.GetAssignmentAsync(roleId, permissionId);
|
|
if (!existingResult.Succeeded || existingResult.Data == null)
|
|
{
|
|
return Result.Fail("ROLE_PERMISSION_NOT_FOUND", "角色权限分配不存在");
|
|
}
|
|
|
|
// 取消分配
|
|
var unassignResult = await _rolePermissionStore.UnassignAsync(roleId, permissionId);
|
|
if (!unassignResult.Succeeded)
|
|
{
|
|
return unassignResult;
|
|
}
|
|
|
|
_logger.LogInformation("角色权限分配取消成功: {RoleId} - {PermissionId}", roleId, permissionId);
|
|
return Result.Success("角色权限分配取消成功");
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
var traceId = Guid.NewGuid().ToString("N");
|
|
_logger.LogError(ex, "取消角色权限分配失败。TraceId: {TraceId}", traceId);
|
|
var result = Result.FromException(ex, "ROLE_PERMISSION_UNASSIGN_FAILED", "取消角色权限分配失败", traceId);
|
|
return Result.FailWithTrace(result.Code, result.Message, result.TraceId ?? traceId, result.Errors.ToArray());
|
|
}
|
|
}
|
|
|
|
/// <inheritdoc />
|
|
public async Task<Result<IReadOnlyList<PermissionModel>>> GetRolePermissions(Guid roleId)
|
|
{
|
|
try
|
|
{
|
|
_logger.LogDebug("获取角色权限: {RoleId}", roleId);
|
|
|
|
var permissionsResult = await _rolePermissionStore.GetRolePermissionsAsync(roleId);
|
|
if (!permissionsResult.Succeeded)
|
|
{
|
|
return Result<IReadOnlyList<PermissionModel>>.Fail(permissionsResult.Code, permissionsResult.Message, permissionsResult.Errors.ToArray());
|
|
}
|
|
|
|
_logger.LogDebug("获取角色权限成功: {RoleId} - {Count}个权限", roleId, permissionsResult.Data?.Count ?? 0);
|
|
return Result<IReadOnlyList<PermissionModel>>.Success(permissionsResult.Data ?? new List<PermissionModel>().AsReadOnly());
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
var traceId = Guid.NewGuid().ToString("N");
|
|
_logger.LogError(ex, "获取角色权限失败。TraceId: {TraceId}", traceId);
|
|
var result = Result.FromException(ex, "ROLE_PERMISSIONS_GET_FAILED", "获取角色权限失败", traceId);
|
|
return Result<IReadOnlyList<PermissionModel>>.FailWithTrace(result.Code, result.Message, result.TraceId ?? traceId, result.Errors.ToArray());
|
|
}
|
|
}
|
|
|
|
/// <inheritdoc />
|
|
public async Task<Result<IReadOnlyList<RoleModel>>> GetPermissionRoles(Guid permissionId)
|
|
{
|
|
try
|
|
{
|
|
_logger.LogDebug("获取权限角色: {PermissionId}", permissionId);
|
|
|
|
var rolesResult = await _rolePermissionStore.GetPermissionRolesAsync(permissionId);
|
|
if (!rolesResult.Succeeded)
|
|
{
|
|
return Result<IReadOnlyList<RoleModel>>.Fail(rolesResult.Code, rolesResult.Message, rolesResult.Errors.ToArray());
|
|
}
|
|
|
|
_logger.LogDebug("获取权限角色成功: {PermissionId} - {Count}个角色", permissionId, rolesResult.Data?.Count ?? 0);
|
|
return Result<IReadOnlyList<RoleModel>>.Success(rolesResult.Data ?? new List<RoleModel>().AsReadOnly());
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
var traceId = Guid.NewGuid().ToString("N");
|
|
_logger.LogError(ex, "获取权限角色失败。TraceId: {TraceId}", traceId);
|
|
var result = Result.FromException(ex, "PERMISSION_ROLES_GET_FAILED", "获取权限角色失败", traceId);
|
|
return Result<IReadOnlyList<RoleModel>>.FailWithTrace(result.Code, result.Message, result.TraceId ?? traceId, result.Errors.ToArray());
|
|
}
|
|
}
|
|
|
|
/// <inheritdoc />
|
|
public async Task<Result<bool>> RoleHasPermission(Guid roleId, Guid permissionId)
|
|
{
|
|
try
|
|
{
|
|
_logger.LogDebug("检查角色权限: {RoleId} - {PermissionId}", roleId, permissionId);
|
|
|
|
var hasPermissionResult = await _rolePermissionStore.RoleHasPermissionAsync(roleId, permissionId);
|
|
if (!hasPermissionResult.Succeeded)
|
|
{
|
|
return Result<bool>.Fail(hasPermissionResult.Code, hasPermissionResult.Message, hasPermissionResult.Errors.ToArray());
|
|
}
|
|
|
|
_logger.LogDebug("角色权限检查结果: {RoleId} - {PermissionId} - {HasPermission}", roleId, permissionId, hasPermissionResult.Data);
|
|
return hasPermissionResult;
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
var traceId = Guid.NewGuid().ToString("N");
|
|
_logger.LogError(ex, "检查角色权限失败。TraceId: {TraceId}", traceId);
|
|
var result = Result.FromException(ex, "ROLE_PERMISSION_CHECK_FAILED", "检查角色权限失败", traceId);
|
|
return Result<bool>.FailWithTrace(result.Code, result.Message, result.TraceId ?? traceId, result.Errors.ToArray());
|
|
}
|
|
}
|
|
|
|
/// <inheritdoc />
|
|
public async Task<Result<bool>> RoleHasPermission(Guid roleId, string permissionCode)
|
|
{
|
|
try
|
|
{
|
|
_logger.LogDebug("检查角色权限编码: {RoleId} - {PermissionCode}", roleId, permissionCode);
|
|
|
|
var hasPermissionResult = await _rolePermissionStore.RoleHasPermissionAsync(roleId, permissionCode);
|
|
if (!hasPermissionResult.Succeeded)
|
|
{
|
|
return Result<bool>.Fail(hasPermissionResult.Code, hasPermissionResult.Message, hasPermissionResult.Errors.ToArray());
|
|
}
|
|
|
|
_logger.LogDebug("角色权限编码检查结果: {RoleId} - {PermissionCode} - {HasPermission}", roleId, permissionCode, hasPermissionResult.Data);
|
|
return hasPermissionResult;
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
var traceId = Guid.NewGuid().ToString("N");
|
|
_logger.LogError(ex, "检查角色权限编码失败。TraceId: {TraceId}", traceId);
|
|
var result = Result.FromException(ex, "ROLE_PERMISSION_CODE_CHECK_FAILED", "检查角色权限编码失败", traceId);
|
|
return Result<bool>.FailWithTrace(result.Code, result.Message, result.TraceId ?? traceId, result.Errors.ToArray());
|
|
}
|
|
}
|
|
|
|
/// <inheritdoc />
|
|
public async Task<Result> RemovePermissionFromRole(Guid roleId, Guid permissionId, string removedBy)
|
|
{
|
|
try
|
|
{
|
|
_logger.LogDebug("从角色移除权限: {RoleId} - {PermissionId} - {RemovedBy}", roleId, permissionId, removedBy);
|
|
|
|
var unassignResult = await _rolePermissionStore.UnassignAsync(roleId, permissionId);
|
|
if (!unassignResult.Succeeded)
|
|
{
|
|
return Result.Fail(unassignResult.Code, unassignResult.Message, unassignResult.Errors.ToArray());
|
|
}
|
|
|
|
_logger.LogInformation("角色权限移除成功: {RoleId} - {PermissionId}", roleId, permissionId);
|
|
return Result.Success(message: "角色权限移除成功");
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
var traceId = Guid.NewGuid().ToString("N");
|
|
_logger.LogError(ex, "从角色移除权限失败。TraceId: {TraceId}", traceId);
|
|
var result = Result.FromException(ex, "REMOVE_PERMISSION_FROM_ROLE_FAILED", "从角色移除权限失败", traceId);
|
|
return Result.FailWithTrace(result.Code, result.Message, result.TraceId ?? traceId, result.Errors.ToArray());
|
|
}
|
|
}
|
|
|
|
/// <inheritdoc />
|
|
public async Task<Result> AssignPermissionsToRole(Guid roleId, List<Guid> permissionIds, string assignedBy)
|
|
{
|
|
try
|
|
{
|
|
_logger.LogDebug("为角色分配多个权限: {RoleId} - {PermissionCount} - {AssignedBy}", roleId, permissionIds.Count, assignedBy);
|
|
|
|
var results = new List<Result>();
|
|
|
|
foreach (var permissionId in permissionIds)
|
|
{
|
|
var assignResult = await _rolePermissionStore.AssignAsync(roleId, permissionId, assignedBy);
|
|
results.Add(assignResult);
|
|
|
|
if (!assignResult.Succeeded)
|
|
{
|
|
_logger.LogWarning("分配权限失败: {RoleId} - {PermissionId} - {Error}", roleId, permissionId, assignResult.Message);
|
|
}
|
|
}
|
|
|
|
var failedCount = results.Count(r => !r.Succeeded);
|
|
if (failedCount > 0)
|
|
{
|
|
return Result.Fail("ASSIGN_PERMISSIONS_PARTIAL_FAILED", $"部分权限分配失败,失败数量: {failedCount}/{permissionIds.Count}");
|
|
}
|
|
|
|
_logger.LogInformation("角色多权限分配成功: {RoleId} - {PermissionCount}", roleId, permissionIds.Count);
|
|
return Result.Success(message: "角色多权限分配成功");
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
var traceId = Guid.NewGuid().ToString("N");
|
|
_logger.LogError(ex, "为角色分配多个权限失败。TraceId: {TraceId}", traceId);
|
|
var result = Result.FromException(ex, "ASSIGN_PERMISSIONS_TO_ROLE_FAILED", "为角色分配多个权限失败", traceId);
|
|
return Result.FailWithTrace(result.Code, result.Message, result.TraceId ?? traceId, result.Errors.ToArray());
|
|
}
|
|
}
|
|
|
|
/// <inheritdoc />
|
|
public async Task<Result> RemovePermissionsFromRole(Guid roleId, List<Guid> permissionIds, string removedBy)
|
|
{
|
|
try
|
|
{
|
|
_logger.LogDebug("从角色移除多个权限: {RoleId} - {PermissionCount} - {RemovedBy}", roleId, permissionIds.Count, removedBy);
|
|
|
|
var results = new List<Result>();
|
|
|
|
foreach (var permissionId in permissionIds)
|
|
{
|
|
var unassignResult = await _rolePermissionStore.UnassignAsync(roleId, permissionId);
|
|
results.Add(unassignResult);
|
|
|
|
if (!unassignResult.Succeeded)
|
|
{
|
|
_logger.LogWarning("移除权限失败: {RoleId} - {PermissionId} - {Error}", roleId, permissionId, unassignResult.Message);
|
|
}
|
|
}
|
|
|
|
var failedCount = results.Count(r => !r.Succeeded);
|
|
if (failedCount > 0)
|
|
{
|
|
return Result.Fail("REMOVE_PERMISSIONS_PARTIAL_FAILED", $"部分权限移除失败,失败数量: {failedCount}/{permissionIds.Count}");
|
|
}
|
|
|
|
_logger.LogInformation("角色多权限移除成功: {RoleId} - {PermissionCount}", roleId, permissionIds.Count);
|
|
return Result.Success(message: "角色多权限移除成功");
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
var traceId = Guid.NewGuid().ToString("N");
|
|
_logger.LogError(ex, "从角色移除多个权限失败。TraceId: {TraceId}", traceId);
|
|
var result = Result.FromException(ex, "REMOVE_PERMISSIONS_FROM_ROLE_FAILED", "从角色移除多个权限失败", traceId);
|
|
return Result.FailWithTrace(result.Code, result.Message, result.TraceId ?? traceId, result.Errors.ToArray());
|
|
}
|
|
}
|
|
|
|
/// <inheritdoc />
|
|
public async Task<Result<bool>> CheckRoleHasPermission(Guid roleId, Guid permissionId)
|
|
{
|
|
try
|
|
{
|
|
_logger.LogDebug("检查角色权限: {RoleId} - {PermissionId}", roleId, permissionId);
|
|
|
|
var hasPermissionResult = await _rolePermissionStore.RoleHasPermissionAsync(roleId, permissionId);
|
|
if (!hasPermissionResult.Succeeded)
|
|
{
|
|
return Result<bool>.Fail(hasPermissionResult.Code, hasPermissionResult.Message, hasPermissionResult.Errors.ToArray());
|
|
}
|
|
|
|
_logger.LogDebug("角色权限检查结果: {RoleId} - {PermissionId} - {HasPermission}", roleId, permissionId, hasPermissionResult.Data);
|
|
return hasPermissionResult;
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
var traceId = Guid.NewGuid().ToString("N");
|
|
_logger.LogError(ex, "检查角色权限失败。TraceId: {TraceId}", traceId);
|
|
var result = Result.FromException(ex, "ROLE_PERMISSION_CHECK_FAILED", "检查角色权限失败", traceId);
|
|
return Result<bool>.FailWithTrace(result.Code, result.Message, result.TraceId ?? traceId, result.Errors.ToArray());
|
|
}
|
|
}
|
|
|
|
/// <inheritdoc />
|
|
public async Task<Result<bool>> CheckRoleHasPermission(Guid roleId, string permissionCode)
|
|
{
|
|
try
|
|
{
|
|
_logger.LogDebug("检查角色权限编码: {RoleId} - {PermissionCode}", roleId, permissionCode);
|
|
|
|
var hasPermissionResult = await _rolePermissionStore.RoleHasPermissionAsync(roleId, permissionCode);
|
|
if (!hasPermissionResult.Succeeded)
|
|
{
|
|
return Result<bool>.Fail(hasPermissionResult.Code, hasPermissionResult.Message, hasPermissionResult.Errors.ToArray());
|
|
}
|
|
|
|
_logger.LogDebug("角色权限编码检查结果: {RoleId} - {PermissionCode} - {HasPermission}", roleId, permissionCode, hasPermissionResult.Data);
|
|
return hasPermissionResult;
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
var traceId = Guid.NewGuid().ToString("N");
|
|
_logger.LogError(ex, "检查角色权限编码失败。TraceId: {TraceId}", traceId);
|
|
var result = Result.FromException(ex, "ROLE_PERMISSION_CODE_CHECK_FAILED", "检查角色权限编码失败", traceId);
|
|
return Result<bool>.FailWithTrace(result.Code, result.Message, result.TraceId ?? traceId, result.Errors.ToArray());
|
|
}
|
|
}
|
|
}
|