|
@@ -3,6 +3,7 @@ using System.Collections.Generic;
|
|
|
using System.ComponentModel.DataAnnotations;
|
|
|
using System.Linq;
|
|
|
using System.Reflection;
|
|
|
+using Unity;
|
|
|
using VCommon.Collections;
|
|
|
using VCommon.Ioc;
|
|
|
using VCommon.Logging;
|
|
@@ -16,19 +17,12 @@ namespace VCommon.VApplication.Auditing
|
|
|
{
|
|
|
public abstract class ApplicationServiceAuditInterceptorBase : IInterceptor, ITransientIocClass
|
|
|
{
|
|
|
- private readonly IVSession _session;
|
|
|
- private readonly IIocManager _iocManager;
|
|
|
-
|
|
|
private Guid? _beforeTenantId;
|
|
|
private Guid? _beforeUserId;
|
|
|
|
|
|
- protected ApplicationServiceAuditInterceptorBase(IVSession session, IIocManager iocManager)
|
|
|
- {
|
|
|
- _session = session;
|
|
|
- _iocManager = iocManager;
|
|
|
- }
|
|
|
-
|
|
|
- // --------
|
|
|
+ [Dependency] public IVSession Session { get; set; }
|
|
|
+ [Dependency] public IIocManager IocManager { get; set; }
|
|
|
+ [Dependency] public ServiceInvokeTiming InvokeTiming { get; set; }
|
|
|
|
|
|
//built-in PreProcess Interceptor
|
|
|
|
|
@@ -53,56 +47,56 @@ namespace VCommon.VApplication.Auditing
|
|
|
}
|
|
|
}
|
|
|
|
|
|
- protected void AuthPermissionIntercept(DateTime time, Guid? tenantId, Guid? userId, Type svcClass, MethodBase svcMethod, IReadOnlyDictionary<string, object> paramDic)
|
|
|
+ protected void AuthPermissionIntercept(Guid? tenantId, Guid? userId, Type svcClass, MethodBase svcMethod, IReadOnlyDictionary<string, object> paramDic)
|
|
|
{
|
|
|
var svcAuthInClass = svcClass.GetCustomAttributeIncludeInterface<VServiceAuthorizeAttribute>();
|
|
|
- if (0 != svcAuthInClass.Length) _session.DemandAuth();
|
|
|
+ if (0 != svcAuthInClass.Length) Session.DemandAuth();
|
|
|
|
|
|
var svcAuthInMethod = svcMethod.GetCustomAttribute<VServiceAuthorizeAttribute>(true);
|
|
|
- if (null != svcAuthInMethod) _session.DemandAuth();
|
|
|
+ if (null != svcAuthInMethod) Session.DemandAuth();
|
|
|
|
|
|
- if (false == _iocManager.IsRegistered<IPermissionManager>()) return;
|
|
|
+ if (false == IocManager.IsRegistered<IPermissionManager>()) return;
|
|
|
|
|
|
if (0 == svcAuthInClass.Length && null == svcAuthInMethod) return;
|
|
|
|
|
|
if (0 == svcAuthInClass.Sum(p => p.AnyPermissionsRequired.Length)
|
|
|
&& 0 == (svcAuthInMethod?.AnyPermissionsRequired.Length ?? 0)) return;
|
|
|
|
|
|
- var permMgr = _iocManager.Resolve<IPermissionManager>();
|
|
|
+ var permMgr = IocManager.Resolve<IPermissionManager>();
|
|
|
|
|
|
- if ((0 == svcAuthInClass.Length || permMgr.CheckPermission(_session.GetTenantId(), _session.GetUserId(), svcAuthInClass.SelectMany(p => p.AnyPermissionsRequired).ToArray())) &&
|
|
|
- (null == svcAuthInMethod || permMgr.CheckPermission(_session.GetTenantId(), _session.GetUserId(), svcAuthInMethod.AnyPermissionsRequired))) return;
|
|
|
+ if ((0 == svcAuthInClass.Length || permMgr.CheckPermission(Session.GetTenantId(), Session.GetUserId(), svcAuthInClass.SelectMany(p => p.AnyPermissionsRequired).ToArray())) &&
|
|
|
+ (null == svcAuthInMethod || permMgr.CheckPermission(Session.GetTenantId(), Session.GetUserId(), svcAuthInMethod.AnyPermissionsRequired))) return;
|
|
|
|
|
|
var vrwFriendlyException = new VApplicationAuthException("拒绝访问:您没有权限进行此操作", AuthReason.AccessDenied);
|
|
|
|
|
|
- PreWriteAuditLog(time, -1, tenantId, userId, svcClass, svcMethod, paramDic, null, vrwFriendlyException);
|
|
|
+ PreWriteAuditLog(tenantId, userId, svcClass, svcMethod, paramDic, null, vrwFriendlyException);
|
|
|
|
|
|
throw vrwFriendlyException;
|
|
|
}
|
|
|
|
|
|
- protected void AuthOrgIntercept(DateTime time, Guid? tenantId, Guid? userId, Type svcClass, MethodBase svcMethod, IReadOnlyDictionary<string, object> paramDic)
|
|
|
+ protected void AuthOrgIntercept(Guid? tenantId, Guid? userId, Type svcClass, MethodBase svcMethod, IReadOnlyDictionary<string, object> paramDic)
|
|
|
{
|
|
|
var mustHaveOrg = paramDic.Values.OfType<IMustHaveOrg>().ToArray();
|
|
|
if (mustHaveOrg.Length == 0) return;
|
|
|
|
|
|
- if (false == _iocManager.IsRegistered<IOrgManager>()) return;
|
|
|
+ if (false == IocManager.IsRegistered<IOrgManager>()) return;
|
|
|
|
|
|
- var orgMgr = _iocManager.Resolve<IOrgManager>();
|
|
|
+ var orgMgr = IocManager.Resolve<IOrgManager>();
|
|
|
if (false == orgMgr.Enabled) return;
|
|
|
|
|
|
- var uvOrg = orgMgr.GetUserVisionOrgs(_session.GetTenantId(), _session.GetUserId()).ToArray();
|
|
|
+ var uvOrg = orgMgr.GetUserVisionOrgs(Session.GetTenantId(), Session.GetUserId()).ToArray();
|
|
|
if (mustHaveOrg.All(argument => argument.OrgId.In(uvOrg))) return;
|
|
|
|
|
|
var vrwFriendlyException = new VApplicationAuthException("拒绝访问:您没有权限操作此对象", AuthReason.AccessDenied);
|
|
|
|
|
|
- PreWriteAuditLog(time, -1, tenantId, userId, svcClass, svcMethod, paramDic, null, vrwFriendlyException);
|
|
|
+ PreWriteAuditLog(tenantId, userId, svcClass, svcMethod, paramDic, null, vrwFriendlyException);
|
|
|
|
|
|
throw vrwFriendlyException;
|
|
|
}
|
|
|
|
|
|
//built-in PostProcess LogAction
|
|
|
|
|
|
- protected void LogServiceInvoke(DateTime time, long msUsed, Guid? tenantIdBefore, Guid? userIdBefore, Guid? tenantIdAfter, Guid? userIdAfter, Type svcClass, MethodBase svcMethod, IReadOnlyDictionary<string, object> paramDic, object returnValue, Exception exception)
|
|
|
+ protected void LogServiceInvoke(Guid? tenantIdBefore, Guid? userIdBefore, Guid? tenantIdAfter, Guid? userIdAfter, Type svcClass, MethodBase svcMethod, IReadOnlyDictionary<string, object> paramDic, object returnValue, Exception exception)
|
|
|
{
|
|
|
object ex = exception;
|
|
|
|
|
@@ -122,45 +116,45 @@ namespace VCommon.VApplication.Auditing
|
|
|
});
|
|
|
}
|
|
|
|
|
|
- PreWriteAuditLog(time, msUsed, tenantIdToLog, userIdToLog, svcClass, svcMethod, paramDic, returnValue, ex);
|
|
|
+ PreWriteAuditLog(tenantIdToLog, userIdToLog, svcClass, svcMethod, paramDic, returnValue, ex);
|
|
|
}
|
|
|
|
|
|
//ovr able
|
|
|
|
|
|
- public void BeforeInvoke(DateTime time, Type svcClass, MethodBase svcMethod, IReadOnlyDictionary<string, object> paramDic)
|
|
|
+ public void BeforeInvoke(Type svcClass, MethodBase svcMethod, IReadOnlyDictionary<string, object> paramDic)
|
|
|
{
|
|
|
- _beforeTenantId = _session.TenantId;
|
|
|
- _beforeUserId = _session.UserId;
|
|
|
+ _beforeTenantId = Session.TenantId;
|
|
|
+ _beforeUserId = Session.UserId;
|
|
|
|
|
|
- BeforeInvokeService(time, _beforeTenantId, _beforeUserId, svcClass, svcMethod, paramDic);
|
|
|
+ BeforeInvokeService(_beforeTenantId, _beforeUserId, svcClass, svcMethod, paramDic);
|
|
|
}
|
|
|
|
|
|
- public void AfterInvoke(DateTime time, long msUsed, Type svcClass, MethodBase svcMethod, IReadOnlyDictionary<string, object> paramDic, object returnValue, Exception exception)
|
|
|
+ public void AfterInvoke(Type svcClass, MethodBase svcMethod, IReadOnlyDictionary<string, object> paramDic, object returnValue, Exception exception)
|
|
|
{
|
|
|
- AfterInvokeService(time, msUsed, _beforeTenantId, _beforeUserId, _session.TenantId, _session.UserId, svcClass, svcMethod, paramDic, returnValue, exception);
|
|
|
+ AfterInvokeService(_beforeTenantId, _beforeUserId, Session.TenantId, Session.UserId, svcClass, svcMethod, paramDic, returnValue, exception);
|
|
|
}
|
|
|
|
|
|
- public virtual void BeforeInvokeService(DateTime time, Guid? tenantId, Guid? userId, Type svcClass, MethodBase svcMethod, IReadOnlyDictionary<string, object> paramDic)
|
|
|
+ public virtual void BeforeInvokeService(Guid? tenantId, Guid? userId, Type svcClass, MethodBase svcMethod, IReadOnlyDictionary<string, object> paramDic)
|
|
|
{
|
|
|
InputValidationIntercept(paramDic);
|
|
|
- AuthPermissionIntercept(time, tenantId, userId, svcClass, svcMethod, paramDic);
|
|
|
- AuthOrgIntercept(time, tenantId, userId, svcClass, svcMethod, paramDic);
|
|
|
+ AuthPermissionIntercept(tenantId, userId, svcClass, svcMethod, paramDic);
|
|
|
+ AuthOrgIntercept(tenantId, userId, svcClass, svcMethod, paramDic);
|
|
|
}
|
|
|
|
|
|
- public virtual void AfterInvokeService(DateTime time, long msUsed, Guid? tenantIdBefore, Guid? userIdBefore, Guid? tenantIdAfter, Guid? userIdAfter, Type svcClass, MethodBase svcMethod, IReadOnlyDictionary<string, object> paramDic, object returnValue, Exception exception)
|
|
|
+ public virtual void AfterInvokeService(Guid? tenantIdBefore, Guid? userIdBefore, Guid? tenantIdAfter, Guid? userIdAfter, Type svcClass, MethodBase svcMethod, IReadOnlyDictionary<string, object> paramDic, object returnValue, Exception exception)
|
|
|
{
|
|
|
- LogServiceInvoke(time, msUsed, tenantIdBefore, userIdBefore, tenantIdAfter, userIdAfter, svcClass, svcMethod, paramDic, returnValue, exception);
|
|
|
+ LogServiceInvoke(tenantIdBefore, userIdBefore, tenantIdAfter, userIdAfter, svcClass, svcMethod, paramDic, returnValue, exception);
|
|
|
}
|
|
|
|
|
|
- protected virtual void PreWriteAuditLog(DateTime time, long msUsed, Guid? tenantId, Guid? userId, Type serviceClass, MethodBase serviceMethod, IReadOnlyDictionary<string, object> input, object output, object exception)
|
|
|
+ protected virtual void PreWriteAuditLog(Guid? tenantId, Guid? userId, Type serviceClass, MethodBase serviceMethod, IReadOnlyDictionary<string, object> input, object output, object exception)
|
|
|
{
|
|
|
if (serviceClass.IsDefinedIncludeInterface(typeof(DisableServiceAuditingLogAttribute)) || serviceMethod.IsDefined(typeof(DisableServiceAuditingLogAttribute))) return;
|
|
|
|
|
|
- WriteAuditLog(time, msUsed, tenantId, userId, serviceClass.FullName, serviceMethod.Name, input, output, exception);
|
|
|
+ WriteAuditLog(tenantId, userId, serviceClass.FullName, serviceMethod.Name, input, output, exception);
|
|
|
}
|
|
|
|
|
|
//abstract
|
|
|
|
|
|
- protected abstract void WriteAuditLog(DateTime time, long msUsed, Guid? tenantId, Guid? userId, string serviceClassName, string serviceMethodName, IReadOnlyDictionary<string, object> input, object output, object exception);
|
|
|
+ protected abstract void WriteAuditLog(Guid? tenantId, Guid? userId, string serviceClassName, string serviceMethodName, IReadOnlyDictionary<string, object> input, object output, object exception);
|
|
|
}
|
|
|
}
|