feat: 新增驗證通過用戶 ID 的選項至權限驗證邏輯

Author: arenchen

src/Netcorext.Auth.Authentication/Middlewares/PermissionMiddleware.cs

@@ -114,7 +114,7 @@ public async Task InvokeAsync(HttpContext context, IDispatcher dispatcher)
                              });
         }
 
-        if (await IsValidAsync(dispatcher, _config.AppSettings.ValidationPassUserId && rt == "1" ? id : null, role, functionId, method, rv.Values.ToArray()))
+        if (await IsValidAsync(dispatcher, rt == "1" ? id : null, role, functionId, method, _config.AppSettings.ValidationPassUserId, rv.Values.ToArray()))
         {
             await _next(context);
 
@@ -140,7 +140,7 @@ public async Task InvokeAsync(HttpContext context, IDispatcher dispatcher)
         await context.ForbiddenAsync(_config.AppSettings.UseNativeStatus);
     }
 
-    private static async Task<bool> IsValidAsync(IDispatcher dispatcher, long? userId, string? role, string functionId, string httpMethod, IEnumerable<ValidatePermission.PermissionCondition> permissionConditions)
+    private static async Task<bool> IsValidAsync(IDispatcher dispatcher, long? userId, string? role, string functionId, string httpMethod, bool validationPassUserId, IEnumerable<ValidatePermission.PermissionCondition> permissionConditions)
     {
         var roleIds = role?.Split(" ", StringSplitOptions.RemoveEmptyEntries)
                            .Where(t => !t.IsEmpty() && long.TryParse(t, out var _))
@@ -156,7 +156,8 @@ private static async Task<bool> IsValidAsync(IDispatcher dispatcher, long? userI
                                                     RoleId = roleIds,
                                                     FunctionId = functionId,
                                                     PermissionType = httpMethod.ToPermissionType(),
-                                                    PermissionConditions = permissionConditions.ToArray()
+                                                    PermissionConditions = permissionConditions.ToArray(),
+                                                    ValidationPassUserId = validationPassUserId
                                                 });
 
         return result == Result.Success;

src/Netcorext.Auth.Authentication/Services/Permission/Queries/ValidatePermission/ValidatePermission.cs

@@ -10,6 +10,7 @@ public class ValidatePermission : IRequest<Result>
     public long[]? RoleId { get; set; }
     public string FunctionId { get; set; } = null!;
     public string? Group { get; set; }
+    public bool ValidationPassUserId { get; set; }
     public PermissionType PermissionType { get; set; }
     public PermissionCondition[]? PermissionConditions { get; set; }
     public ExtendData[]? RoleExtendData { get; set; }
@@ -25,4 +26,4 @@ public class ExtendData
         public string Key { get; set; } = null!;
         public string Value { get; set; } = null!;
     }
-}
+}

src/Netcorext.Auth.Authentication/Services/Permission/Queries/ValidatePermission/ValidatePermissionHandler.cs

@@ -40,7 +40,7 @@ public async Task<Result> Handle(ValidatePermission request, CancellationToken c
         if (request.RoleId != null && request.RoleId.Any())
             roleIds = request.RoleId;
 
-        if (request.UserId.HasValue)
+        if (request.ValidationPassUserId && request.UserId.HasValue)
         {
             if (_config.AppSettings.Owner?.Any(t => t == request.UserId) ?? false)
                 return Result.Success;

src/Netcorext.Auth.Protobufs/Protos/auth-authentication-permission-validation-service.proto

@@ -18,7 +18,8 @@ message ValidatePermissionRequest {
   netcorext.auth.protobufs.enums.PermissionType permissionType = 5;
   repeated PermissionCondition permissionConditions = 6;
   repeated ExtendData roleExtendData = 7;
-  
+  google.protobuf.BoolValue validationPassUserId = 8;
+
   message PermissionCondition {
     string key = 1;
     string value = 2;
@@ -28,4 +29,4 @@ message ValidatePermissionRequest {
     string key = 1;
     string value = 2;
   }
-}
+}