fix: 修复权限层级bug

WangJunZzz · Jan 10, 2025 · d11fb4e · d11fb4e
1 parent 1e09358
commit d11fb4e
Showing 1 changed file with 17 additions and 7 deletions.
diff --git a/...agement.Application/ApplicationConfigurations/AbpProApplicationConfigurationAppService.cs b/...agement.Application/ApplicationConfigurations/AbpProApplicationConfigurationAppService.cs
@@ -164,7 +164,7 @@ protected virtual async Task<ApplicationAuthConfigurationDto> GetAuthConfigAsync
             }
         }
 
-        var policies = BuildGrantedPolicies(authConfig.GrantedPolicies.Select(e => e.Key).ToList());
+        var policies = BuildGrantedPolicies(authConfig.GrantedPolicies.Select(e => e.Key).ToList(), result);
         foreach (var item in policies)
         {
             if (authConfig.GrantedPolicies.Any(e => e.Key == item)) continue;
@@ -174,18 +174,22 @@ protected virtual async Task<ApplicationAuthConfigurationDto> GetAuthConfigAsync
         return authConfig;
     }
 
-    private List<string> BuildGrantedPolicies(List<string> grantedPolicies)
+    private List<string> BuildGrantedPolicies(List<string> grantedPolicies, MultiplePermissionGrantResult permissions)
     {
         var result = new List<string>();
         foreach (var policy in grantedPolicies)
         {
-            result.AddRange(GetPolicy(policy));
+            result.AddRange(GetPolicy(policy, permissions));
         }
 
         return result.Distinct().ToList();
     }
 
-    private List<string> GetPolicy(string policy)
+    /// <summary>
+    /// 获取权限
+    /// </summary>
+    /// <remarks>比如设置了角色有权限AbpIdentity.Roles.Update,但是没有AbpIdentity.Roles权限，那么这个时候AbpIdentity.Roles应该是false</remarks>
+    private List<string> GetPolicy(string policy, MultiplePermissionGrantResult permissions)
     {
         var result = new List<string>();
         var split = policy.Split('.', StringSplitOptions.RemoveEmptyEntries);
@@ -205,8 +209,13 @@ private List<string> GetPolicy(string policy)
 
         if (!currentPolicy.IsNullOrWhiteSpace())
         {
-            result.Add(currentPolicy);
-            result.AddRange(GetPolicy(currentPolicy));
+            var currentPolicyValue = permissions.Result.FirstOrDefault(e => e.Key == currentPolicy);
+            if (currentPolicyValue.Value == PermissionGrantResult.Granted)
+            {
+                result.Add(currentPolicy);
+            }
+
+            result.AddRange(GetPolicy(currentPolicy, permissions));
         }
 
         return result;
@@ -327,11 +336,12 @@ protected virtual async Task<ApplicationFeatureConfigurationDto> GetFeaturesConf
             {
                 continue;
             }
-            
+
             if (featureDefinition.Name == "SettingManagement.AllowChangingEmailSettings")
             {
                 continue;
             }
+
             result.Values[featureDefinition.Name] = await FeatureChecker.GetOrNullAsync(featureDefinition.Name);
         }