SecMPS/api_sqlsugar/VolPro.Core/Generic/GenericBaseController.cs

using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using Microsoft.AspNetCore.Mvc.Controllers;
using System.Linq;
using VolPro.Core.Controllers.Basic;
using VolPro.Core.Filters;
using VolPro.Core.UserManager;
using VolPro.Entity.DomainModels;
using VolPro.Core.ManageUser;
using VolPro.Core.Enums;
using VolPro.Core.Utilities;
using Microsoft.AspNetCore.Mvc.Authorization;
using System.Reflection;
using VolPro.Core.Extensions;

namespace VolPro.Core.Generic
{
    [JWTAuthorize, ApiController]
    public class GenericBaseController : VolController
    {
        public GenericBaseController() { }
        public override void OnActionExecuting(ActionExecutingContext context)
        {
            GenericTableAsyncLocal.Clear();
            string TableName = null;
            if (context.ActionArguments?.Count > 0)
            {
                foreach (var argument in context.ActionArguments.Values.Where(argument => argument != null))
                {

                    var argumentType = argument.GetType();
                    if (argumentType == typeof(PageDataOptions)|| argumentType == typeof(SaveModel))
                    {
                        var tableNameProperty = argumentType.GetProperty("TableName");
                        if (tableNameProperty != null)
                        {
                            TableName = tableNameProperty.GetValue(argument)?.ToString();
                        }
                    }
                }
            }

            WebResponseContent webResponse = new();
            if (string.IsNullOrEmpty(TableName))
            {
                TableName = HttpContext.Request.Query["tableName"];
            }
            if (string.IsNullOrEmpty(TableName))
            {
                context.Result = GetResult(context, "缺少参数table,请检查代码生成器生器Sys_TableInfo、Sys_TableColumn是否有当前表配置，或菜单设置的表名是否正确");
                return;
            }
            var list = TableColumnContext.TableInfo
            .Where(x => x.TableName == TableName).ToList();
            if (list.Count == 0)
            {
                context.Result = GetResult(context, $"未找到表【{TableName}】 配置信息,请检查代码生成器配置是否存在当前表");
                context.Result = Json(webResponse);
                return;
            }
            if (list.Count > 1)
            {
                context.Result = GetResult(context, $"表【{TableName}】 存在多个配置信息,请检查代码生成器配置是否重复");
                return;
            }

            GenericTableAsyncLocal.CurrentTableName = TableName;
            if (context.Filters.Any(item => item is IAllowAnonymousFilter))
            {
                base.OnActionExecuting(context);
                return;
            }
            if (UserContext.Current.IsSuperAdmin)
            {
                base.OnActionExecuting(context);
                return;
            }

            string[] currentActionPermissionNames = [];
            if (!(context.ActionDescriptor is ControllerActionDescriptor controllerActionDescriptor))
            {
                base.OnActionExecuting(context);
                return;
            }
            CustomAttributeData attrData = controllerActionDescriptor.MethodInfo
                    .CustomAttributes
                    .FirstOrDefault(a => a.AttributeType == typeof(ApiActionPermissionAttribute))
                ?? controllerActionDescriptor.ControllerTypeInfo
                    .CustomAttributes
                    .FirstOrDefault(a => a.AttributeType == typeof(ApiActionPermissionAttribute));

            if (attrData == null)
            {
                base.OnActionExecuting(context);
                return;
            }
            ActionPermissionOptions currentActionPermission = default;
            foreach (var arg in attrData.ConstructorArguments)
            {
                if (arg.ArgumentType == typeof(ActionPermissionOptions) && arg.Value != null)
                {
                    currentActionPermission = (ActionPermissionOptions)arg.Value;
                    break;
                }
            }
            if (Equals(currentActionPermission, default(ActionPermissionOptions)))
            {
                base.OnActionExecuting(context);
                return;
            }
            //ActionPermissionFilter.cs中统一验证权限
            //var names = new List<string>();
            //foreach (ActionPermissionOptions option in Enum.GetValues(typeof(ActionPermissionOptions)))
            //{
            //    if (option == 0) continue;
            //    if (currentActionPermission.HasFlag(option))
            //    {
            //        names.Add(option.ToString());
            //    }
            //}
            //currentActionPermissionNames = names.ToArray();
            //var hasActionAuth = UserContext.Current.Permissions
            //    .Where(x => x.TableName == TableName.ToLower())
            //    .Any(c => c.UserAuthArr != null && currentActionPermissionNames.Any(action => c.UserAuthArr.Contains(action)));

            //if (!hasActionAuth)
            //{
            //    context.Result = GetResult(context, "没有权限操作");
            //    return;
            //}
            base.OnActionExecuting(context);
        }
        private IActionResult GetResult(ActionExecutingContext context, string message)
        {
            return Json(new { status = false, message });
        }
    }
}