Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit 14350a1

Browse files
committed
#增加权限验证#
1 parent b6eb3ab commit 14350a1

File tree

9 files changed

+209
-106
lines changed

9 files changed

+209
-106
lines changed

‎APIJSON.NET/APIJSON.NET.sln‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ Microsoft Visual Studio Solution File, Format Version 12.00
33
# Visual Studio 15
44
VisualStudioVersion = 15.0.27703.2035
55
MinimumVisualStudioVersion = 10.0.40219.1
6-
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "APIJSON.NET", "APIJSON.NET\APIJSON.NET.csproj", "{FF647576-A104-4D54-954D-3547B4FDCDB2}"
6+
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "APIJSON.NET", "APIJSON.NET\APIJSON.NET.csproj", "{FF647576-A104-4D54-954D-3547B4FDCDB2}"
77
EndProject
88
Global
99
GlobalSection(SolutionConfigurationPlatforms) = preSolution

‎APIJSON.NET/APIJSON.NET/APIJSON.NET.csproj‎

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,4 +18,6 @@
1818
<PackageReference Include="Swashbuckle.AspNetCore.Swagger" Version="3.0.0" />
1919
</ItemGroup>
2020

21+
<ProjectExtensions><VisualStudio><UserProperties /></VisualStudio></ProjectExtensions>
22+
2123
</Project>
Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
using System;
2+
using System.Collections.Generic;
3+
using System.Linq;
4+
using System.Threading.Tasks;
5+
using Microsoft.AspNetCore.Mvc;
6+
7+
namespace APIJSON.NET.Controllers
8+
{
9+
public class HomeController : Controller
10+
{
11+
public IActionResult Index()
12+
{
13+
return Redirect("/swagger");
14+
}
15+
}
16+
}

‎APIJSON.NET/APIJSON.NET/Controllers/JsonController.cs‎

Lines changed: 58 additions & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -2,24 +2,29 @@
22
{
33
using System;
44
using System.Collections.Generic;
5+
using System.Security.Claims;
56
using System.Web;
7+
using APIJSON.NET.Models;
68
using Microsoft.AspNetCore.Mvc;
9+
using Microsoft.Extensions.Configuration;
710
using Microsoft.Extensions.Options;
811
using Newtonsoft.Json.Linq;
912
using SqlSugar;
10-
13+
usingSystem.Linq;
1114
[Route("api/[controller]")]
1215
[ApiController]
1316
public class JsonController : ControllerBase
1417
{
15-
privateDbOptions_options;
16-
private JsonToSql sqlbuilder;
18+
19+
private JsonToSql jsonToSql;
1720
private DbContext db;
18-
public JsonController(IOptions<DbOptions> options, JsonToSql jsonToSql, DbContext _db)
21+
protected List<Role> roles;
22+
public JsonController(JsonToSql jsonTo, DbContext _db, IOptions<List<Role>> _roles)
1923
{
20-
_options=options.Value;
21-
sqlbuilder = jsonToSql;
24+
25+
jsonToSql = jsonTo;
2226
db = _db;
27+
roles = _roles.Value;
2328
}
2429
/// <summary>
2530
/// 查询
@@ -43,21 +48,17 @@ public ActionResult Query([FromBody]string json)
4348
{
4449
var htt = new JArray();
4550
var jb = JObject.Parse(item.Value.ToString());
46-
int page = jb["page"] == null ? 0 : int.Parse(jb["page"].ToString()), count = jb["count"] == null ? 0 : int.Parse(jb["count"].ToString())
47-
, query = jb["query"] == null ? 0 : int.Parse(jb["query"].ToString());
48-
jb.Remove("page");
49-
jb.Remove("count");
50-
List<string> tables = new List<string>();
51-
List<string> where = new List<string>();
51+
int page = jb["page"] == null ? 0 : int.Parse(jb["page"].ToString()), count = jb["count"] == null ? 0 : int.Parse(jb["count"].ToString()) , query = jb["query"] == null ? 0 : int.Parse(jb["query"].ToString());
52+
jb.Remove("page");jb.Remove("count");
53+
List<string> tables = new List<string>(), where = new List<string>();
5254
foreach (var t in jb)
5355
{
54-
tables.Add(t.Key);
55-
where.Add(t.Value.ToString());
56+
tables.Add(t.Key); where.Add(t.Value.ToString());
5657
}
5758
if (tables.Count > 0)
5859
{
5960
string table = tables[0];
60-
var template = sqlbuilder.GetTableData(table, page, count, where[0], null);
61+
var template = jsonToSql.GetTableData(table, page, count, where[0], null,User.FindFirstValue(ClaimTypes.Role));
6162
foreach (var dd in template)
6263
{
6364
var zht = new JObject();
@@ -71,21 +72,21 @@ public ActionResult Query([FromBody]string json)
7172
var jbb = JObject.Parse(where[i]);
7273
page = jbb["page"] == null ? 0 : int.Parse(jbb["page"].ToString());
7374
count = jbb["count"] == null ? 0 : int.Parse(jbb["count"].ToString());
74-
template=sqlbuilder.GetTableData(subtable,page,count,jbb[subtable].ToString(),zht);
75+
7576
var lt = new JArray();
76-
foreach (var d in template)
77+
foreach (var d in jsonToSql.GetTableData(subtable,page,count,jbb[subtable].ToString(),zht,User.FindFirstValue(ClaimTypes.Role)))
7778
{
7879
lt.Add(JToken.FromObject(d));
7980
}
8081
zht.Add(tables[i], lt);
8182
}
8283
else
8384
{
84-
template=sqlbuilder.GetTableData(subtable, 0, 0, where[i].ToString(), zht);
85+
varddf=jsonToSql.GetTableData(subtable, 0, 0, where[i].ToString(), zht,User.FindFirstValue(ClaimTypes.Role));
8586

86-
if (template != null)
87+
if (ddf != null)
8788
{
88-
zht.Add(subtable, JToken.FromObject(template));
89+
zht.Add(subtable, JToken.FromObject(ddf));
8990
}
9091

9192
}
@@ -97,16 +98,15 @@ public ActionResult Query([FromBody]string json)
9798
}
9899
else if (key.EndsWith("[]"))
99100
{
100-
101+
101102
var htt = new JArray();
102103
var jb = JObject.Parse(item.Value.ToString());
103104
int page = jb["page"] == null ? 0 : int.Parse(jb["page"].ToString()), count = jb["count"] == null ? 0 : int.Parse(jb["count"].ToString());
104105
jb.Remove("page");
105106
jb.Remove("count");
106107
foreach (var t in jb)
107108
{
108-
var template = sqlbuilder.GetTableData(t.Key, page, count, t.Value.ToString(), null);
109-
foreach (var d in template)
109+
foreach (var d in jsonToSql.GetTableData(t.Key, page, count, t.Value.ToString(), null, User.FindFirstValue(ClaimTypes.Role)))
110110
{
111111
htt.Add(JToken.FromObject(d));
112112
}
@@ -115,7 +115,7 @@ public ActionResult Query([FromBody]string json)
115115
}
116116
else
117117
{
118-
var template = sqlbuilder.GetTableData(key, 0, 0, item.Value.ToString(), ht);
118+
var template = jsonToSql.GetTableData(key, 0, 0, item.Value.ToString(), ht,User.FindFirstValue(ClaimTypes.Role));
119119
if (template != null)
120120
{
121121
ht.Add(key, JToken.FromObject(template));
@@ -147,26 +147,29 @@ public ActionResult Add([FromBody]string json)
147147
{
148148
JObject jobject = JObject.Parse(json);
149149
var sb = new System.Text.StringBuilder(100);
150-
150+
151151
foreach (var item in jobject)
152152
{
153153
string key = item.Key.Trim();
154-
154+
var role = jsonToSql.GetRole(User.FindFirstValue(ClaimTypes.Role));
155+
if (!role.Insert.Table.Contains(key, StringComparer.CurrentCultureIgnoreCase))
156+
{
157+
ht["code"] = "500";
158+
ht["msg"] = $"没权限添加{key}";
159+
break;
160+
}
155161
var dt = new Dictionary<string, object>();
156162
foreach (var f in JObject.Parse(item.Value.ToString()))
157163
{
158-
dt.Add(f.Key, f.Value);
164+
if (f.Key.ToLower() != "id" && role.Insert.Column.Contains(f.Key, StringComparer.CurrentCultureIgnoreCase))
165+
dt.Add(f.Key, f.Value);
159166
}
160-
161167
int id = db.Db.Insertable(dt).AS(key).ExecuteReturnIdentity();
162168
ht.Add(key, JToken.FromObject(new { code = 200, msg = "success", id }));
163-
164169
}
165-
166170
}
167171
catch (Exception ex)
168172
{
169-
170173
ht["code"] = "500";
171174
ht["msg"] = ex.Message;
172175
}
@@ -187,22 +190,30 @@ public ActionResult Edit([FromBody]string json)
187190
try
188191
{
189192
JObject jobject = JObject.Parse(json);
190-
193+
191194
foreach (var item in jobject)
192195
{
193196
string key = item.Key.Trim();
197+
var role = jsonToSql.GetRole(User.FindFirstValue(ClaimTypes.Role));
198+
if (!role.Update.Table.Contains(key, StringComparer.CurrentCultureIgnoreCase))
199+
{
200+
ht["code"] = "500";
201+
ht["msg"] = $"没权限修改{key}";
202+
break;
203+
}
194204
var value = JObject.Parse(item.Value.ToString());
195205
if (!value.ContainsKey("id"))
196206
{
197207
ht["code"] = "500";
198208
ht["msg"] = "未传主键id";
199209
break;
200210
}
211+
201212
var dt = new Dictionary<string, object>();
202213
dt.Add("id", value["id"]);
203214
foreach (var f in value)
204215
{
205-
if (f.Key.ToLower() != "id")
216+
if (f.Key.ToLower() != "id"&&role.Update.Column.Contains(f.Key,StringComparer.CurrentCultureIgnoreCase))
206217
{
207218
dt.Add(f.Key, f.Value);
208219
}
@@ -233,14 +244,26 @@ public ActionResult Remove([FromBody]string json)
233244
ht.Add("msg", "success");
234245
try
235246
{
247+
var role = jsonToSql.GetRole(User.FindFirstValue(ClaimTypes.Role));
236248
JObject jobject = JObject.Parse(json);
237-
238249
foreach (var item in jobject)
239250
{
240251
string key = item.Key.Trim();
241252
var value = JObject.Parse(item.Value.ToString());
242253
var sb = new System.Text.StringBuilder(100);
243254
sb.Append($"delete [{key}] where");
255+
if (role.Delete==null||role.Delete.Table==null)
256+
{
257+
ht["code"] = "500";
258+
ht["msg"] = "delete权限未配置";
259+
break;
260+
}
261+
if (!role.Delete.Table.Contains(key,StringComparer.CurrentCultureIgnoreCase))
262+
{
263+
ht["code"] = "500";
264+
ht["msg"] = $"没权限删除{key}";
265+
break;
266+
}
244267
if (!value.ContainsKey("id"))
245268
{
246269
ht["code"] = "500";
@@ -251,14 +274,12 @@ public ActionResult Remove([FromBody]string json)
251274
foreach (var f in value)
252275
{
253276
sb.Append($"{f.Key}=@{f.Key},");
254-
255277
p.Add(new SugarParameter($"@{f.Key}", f.Value.ToString()));
256278
}
257-
258279
string sql = sb.ToString().TrimEnd(',');
259280
db.Db.Ado.ExecuteCommand(sql, p);
260281
ht.Add(key, JToken.FromObject(new { code = 200, msg = "success", id = value["id"].ToString() }));
261-
282+
262283
}
263284
}
264285
catch (Exception ex)

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /