| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151 |
- using Dapper;
- using DataControlMod.Common;
- using DataControlMod.Entity;
- using Microsoft.AspNetCore.Mvc;
- using Microsoft.Net.Http.Headers;
- using MySqlX.XDevAPI.Common;
- using Newtonsoft.Json;
- using Newtonsoft.Json.Linq;
- using PullChargeData.Helper;
- using System.Data;
- using System.Net.Http;
- using System.Text;
- using System.Linq;
- using static System.Net.Mime.MediaTypeNames;
- namespace DataControlMod.Controllers
- {
- [ApiController]
- [Route("newOpenApi/[action]")]
- public class OutputDataModifyController : ControllerBase
- {
- private readonly ILogger<OutputDataModifyController> _logger;
- private readonly IHttpClientFactory _httpClientFactory;
- public OutputDataModifyController(ILogger<OutputDataModifyController> logger, IHttpClientFactory httpClientFactory)
- {
- _logger = logger;
- _httpClientFactory = httpClientFactory;
- }
- [HttpPost]
- public async Task<JObject> search([FromHeader] string token, dynamic inputData)
- {
- //读取底座接口配置
- var uri_db2 = AppSettingsHelper.App("DB2", "set1");
- var method_db2 = AppSettingsHelper.App("DB2", "set1_query_method");
- //配置httpClient请求底座接口
- HttpClient httpClient = _httpClientFactory.CreateClient();
- httpClient.BaseAddress = new Uri(uri_db2);
- var inputBody = new StringContent(inputData.ToString(),Encoding.UTF8,Application.Json);
- var httpResponseMessage = await httpClient.PostAsync(method_db2, inputBody);
- //处理返回值
- httpResponseMessage.EnsureSuccessStatusCode();
- var rtnStr = await httpResponseMessage.Content.ReadAsStringAsync();
- var rtnObj = JsonConvert.DeserializeObject<dynamic>(rtnStr.ToString());
- //获取用户查询数据权限
- var inputObj = JsonConvert.DeserializeObject(inputData.ToString());
- var user_id = inputObj.user_id;
- var auth_id = inputObj.auth_id;
- using (IDbConnection conn = DapperHelper.MySqlConnection())
- {
- string sql = $@"SELECT
- ur.user_id,
- group_concat(rad.query_row_condition SEPARATOR ' and ') as query_row_condition,
- group_concat(rad.query_col_conditon SEPARATOR ' and ') as query_col_condition,
- group_concat(rad.new_col_condition SEPARATOR ' and ') as new_col_condition,
- group_concat(rad.edit_row_condition SEPARATOR ' and ') as edit_row_condition,
- group_concat(rad.edit_col_condition SEPARATOR ' and ') as edit_col_condition,
- group_concat(rad.delete_row_condition SEPARATOR ' and ') as delete_row_condition
- FROM
- t_user_role ur,
- t_auth auth,
- t_role_auth ra
- LEFT JOIN t_role_auth_data rad on rad.role_id = ra.role_id and rad.auth_id = ra.auth_id
- WHERE
- ur.role_id = ra.role_id
- AND ra.auth_id = auth.auth_id
- AND ur.user_id = @user_id
- AND (not isnull(query_row_condition) or not isnull(query_col_conditon))
- AND auth.auth_id = @auth_id";
- var dynamicParams = new DynamicParameters();
- dynamicParams.Add("user_id", user_id.ToString());
- dynamicParams.Add("auth_id", auth_id.ToString());
- var result = conn.Query(sql, dynamicParams).FirstOrDefault();
- if (result.user_id != null)
- {
- var queryRow = result.query_row_condition == null ? null : result.query_row_condition.ToString();
- string[] queryRowArr = queryRow.Split(" and ");
- List<string> queryRowListTmp = queryRowArr.Cast<string>().ToList();
- var queryRowList = new Dictionary<string, dynamic>();
- foreach(var item in queryRowListTmp) {
- queryRowList.Add(item.Split("=")[0], item.Split("=")[1]);
- //if (item.IndexOf(">=") >= 0)
- //{
- // queryRowList.Add(item.Split(">=")[0], item.Split(">=")[1]);
- //}
- //else if(item.IndexOf("=") >= 0){
- // queryRowList.Add(item.Split("=")[0], item.Split("=")[1]);
- //}
- }
- //var queryT = queryRow.Replace(" and ", ",");
- var queryCol = result.query_col_condition == null ? null : result.query_col_condition.ToString();
- string[] queryColArr = queryCol.Split(",");
- List<string> queryColList = queryColArr.Cast<string>().ToList();
- //根据用户数据权限过滤已获取的数据
- var removeList = new List<string>();
- var removeItem = new List<JObject>();
- foreach (var item in rtnObj.returnData.listValues)
- {
- if (!string.IsNullOrEmpty(queryRow))
- {
- foreach(var queryItem in queryRowList)
- {
- var queryKey = queryItem.Key;
- var queryValue = queryItem.Value.ToString().Replace("'","");
- if (item[queryKey] != queryValue)
- {
- removeItem.Add(item);
- }
- }
- }
- }
- foreach(var remove in removeItem)
- {
- rtnObj.returnData.listValues.Remove(remove);
- }
- foreach (var item in rtnObj.returnData.listValues)
- {
- if (!string.IsNullOrEmpty(queryCol))
- {
- foreach (var itemChild in item)
- {
- var tmp = queryColList.Exists(col => col == itemChild.Name);
- if (!tmp)
- {
- removeList.Add(itemChild.Name);
- }
- }
- foreach (var itemName in removeList)
- {
- item.Remove(itemName);
- }
- var ttt = item;
- }
- }
- }
- return rtnObj;
- }
- }
- }
- }
|
