using Dapper; using DataControlMod.Common; using DataControlMod.Entity; using Microsoft.AspNetCore.Mvc; using Microsoft.Net.Http.Headers; using MySqlX.XDevAPI.Common; using Newtonsoft.Json; using Newtonsoft.Json.Linq; using PullChargeData.Helper; using System.Data; using System.Net.Http; using System.Text; using System.Linq; using static System.Net.Mime.MediaTypeNames; namespace DataControlMod.Controllers { [ApiController] [Route("newOpenApi/[action]")] public class OutputDataModifyController : ControllerBase { private readonly ILogger _logger; private readonly IHttpClientFactory _httpClientFactory; public OutputDataModifyController(ILogger logger, IHttpClientFactory httpClientFactory) { _logger = logger; _httpClientFactory = httpClientFactory; } [HttpPost] public async Task search([FromHeader] string token, dynamic inputData) { //读取底座接口配置 var uri_db2 = AppSettingsHelper.App("DB2", "set1"); var method_db2 = AppSettingsHelper.App("DB2", "set1_query_method"); //配置httpClient请求底座接口 HttpClient httpClient = _httpClientFactory.CreateClient(); httpClient.BaseAddress = new Uri(uri_db2); var inputBody = new StringContent(inputData.ToString(),Encoding.UTF8,Application.Json); var httpResponseMessage = await httpClient.PostAsync(method_db2, inputBody); //处理返回值 httpResponseMessage.EnsureSuccessStatusCode(); var rtnStr = await httpResponseMessage.Content.ReadAsStringAsync(); var rtnObj = JsonConvert.DeserializeObject(rtnStr.ToString()); //获取用户查询数据权限 var inputObj = JsonConvert.DeserializeObject(inputData.ToString()); var user_id = inputObj.user_id; var auth_id = inputObj.auth_id; using (IDbConnection conn = DapperHelper.MySqlConnection()) { string sql = $@"SELECT ur.user_id, group_concat(rad.query_row_condition SEPARATOR ' and ') as query_row_condition, group_concat(rad.query_col_conditon SEPARATOR ' and ') as query_col_condition, group_concat(rad.new_col_condition SEPARATOR ' and ') as new_col_condition, group_concat(rad.edit_row_condition SEPARATOR ' and ') as edit_row_condition, group_concat(rad.edit_col_condition SEPARATOR ' and ') as edit_col_condition, group_concat(rad.delete_row_condition SEPARATOR ' and ') as delete_row_condition FROM t_user_role ur, t_auth auth, t_role_auth ra LEFT JOIN t_role_auth_data rad on rad.role_id = ra.role_id and rad.auth_id = ra.auth_id WHERE ur.role_id = ra.role_id AND ra.auth_id = auth.auth_id AND ur.user_id = @user_id AND (not isnull(query_row_condition) or not isnull(query_col_conditon)) AND auth.auth_id = @auth_id"; var dynamicParams = new DynamicParameters(); dynamicParams.Add("user_id", user_id.ToString()); dynamicParams.Add("auth_id", auth_id.ToString()); var result = conn.Query(sql, dynamicParams).FirstOrDefault(); if (result.user_id != null) { var queryRow = result.query_row_condition == null ? null : result.query_row_condition.ToString(); string[] queryRowArr = queryRow.Split(" and "); List queryRowListTmp = queryRowArr.Cast().ToList(); var queryRowList = new Dictionary(); foreach(var item in queryRowListTmp) { queryRowList.Add(item.Split("=")[0], item.Split("=")[1]); //if (item.IndexOf(">=") >= 0) //{ // queryRowList.Add(item.Split(">=")[0], item.Split(">=")[1]); //} //else if(item.IndexOf("=") >= 0){ // queryRowList.Add(item.Split("=")[0], item.Split("=")[1]); //} } //var queryT = queryRow.Replace(" and ", ","); var queryCol = result.query_col_condition == null ? null : result.query_col_condition.ToString(); string[] queryColArr = queryCol.Split(","); List queryColList = queryColArr.Cast().ToList(); //根据用户数据权限过滤已获取的数据 var removeList = new List(); var removeItem = new List(); foreach (var item in rtnObj.returnData.listValues) { if (!string.IsNullOrEmpty(queryRow)) { foreach(var queryItem in queryRowList) { var queryKey = queryItem.Key; var queryValue = queryItem.Value.ToString().Replace("'",""); if (item[queryKey] != queryValue) { removeItem.Add(item); } } } } foreach(var remove in removeItem) { rtnObj.returnData.listValues.Remove(remove); } foreach (var item in rtnObj.returnData.listValues) { if (!string.IsNullOrEmpty(queryCol)) { foreach (var itemChild in item) { var tmp = queryColList.Exists(col => col == itemChild.Name); if (!tmp) { removeList.Add(itemChild.Name); } } foreach (var itemName in removeList) { item.Remove(itemName); } var ttt = item; } } } return rtnObj; } } } }