Skip to content

Commit d326cb3

Browse files
author
agile.zhou
committed
fix: 修复管理端 Basic 认证接口初始化缺陷并补集成测试
- 修复 PermissionCheckByBasicAttribute 构造函数参数与 TypeFilter 用法不匹配导致所有 AdmBasicAuthentication 接口 500 的问题 - 收敛系统角色与权限初始化到唯一幂等入口 EnsureSystemRolePermissions,重复执行不再产生重复的角色-权限绑定 - 调整启动顺序:先初始化权限体系(Function/角色/绑定)再初始化 superadmin user,并从 InitSa 移除冗余的 EnsureSystemRoles(Freesql+Mongodb) - 重命名 TryInitSuperAdminRole 为 TryInitSystemRolesAndPermissions 以反映真实职责 - 新增 ApiSite 集成测试覆盖全部 AdmBasicAuthentication 接口、错误凭证 403 及初始化幂等性
1 parent be569ab commit d326cb3

9 files changed

Lines changed: 374 additions & 54 deletions

File tree

src/AgileConfig.Server.Apisite/Filters/PermissionCheckByBasicAttribute.cs

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,6 @@ public PermissionCheckByBasicAttribute(
1919
IConfigService configService,
2020
IAdmBasicAuthService basicAuthService,
2121
IUserService userService,
22-
string actionName,
2322
string functionKey) : base(permissionService, configService, functionKey)
2423
{
2524
_userService = userService;

src/AgileConfig.Server.Apisite/InitService.cs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -43,10 +43,10 @@ public async Task StartAsync(CancellationToken cancellationToken)
4343
if (Appsettings.IsAdminConsoleMode)
4444
{
4545
_systemInitializationService.TryInitJwtSecret(); // Initialize the JWT secret.
46+
await _systemInitializationService
47+
.TryInitSystemRolesAndPermissions(); // Initialize system roles, functions and permission bindings.
4648
_systemInitializationService.TryInitSaPassword(); // init super admin password
4749
_systemInitializationService.TryInitDefaultApp();
48-
await _systemInitializationService
49-
.TryInitSuperAdminRole(); // Initialize SuperAdministrator role and functions
5050
_ = _remoteServerNodeProxy.TestEchoAsync(); // Start node connectivity checks.
5151
_ = _serviceHealthCheckService.StartCheckAsync(); // Start service health monitoring.
5252
_eventRegister.Register(); // Register event bus callbacks.

src/AgileConfig.Server.Data.Abstraction/ISysInitRepository.cs

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,4 +32,10 @@ public interface ISysInitRepository
3232
bool HasSa();
3333

3434
bool InitDefaultApp(string appName);
35+
36+
/// <summary>
37+
/// Ensure the built-in system roles and their function permission bindings exist and stay in sync.
38+
/// Idempotent: safe to call on every startup without creating duplicate bindings.
39+
/// </summary>
40+
void EnsureSystemRolePermissions();
3541
}

src/AgileConfig.Server.Data.Repository.Freesql/SysInitRepository.cs

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -45,8 +45,6 @@ public bool InitSa(string password)
4545

4646
var sql = freeSqlFactory.Create();
4747

48-
EnsureSystemRoles(sql);
49-
5048
var user = new User();
5149
user.Id = SystemSettings.SuperAdminId;
5250
user.Password = password;
@@ -103,6 +101,12 @@ public bool InitDefaultApp(string appName)
103101
return true;
104102
}
105103

104+
public void EnsureSystemRolePermissions()
105+
{
106+
var sql = freeSqlFactory.Create();
107+
EnsureSystemRoles(sql);
108+
}
109+
106110
private static void EnsureSystemRoles(IFreeSql sql)
107111
{
108112
// Super Admin gets all permissions

src/AgileConfig.Server.Data.Repository.Mongodb/SysInitRepository.cs

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -48,8 +48,6 @@ public bool InitSa(string password)
4848
var newSalt = Guid.NewGuid().ToString("N");
4949
password = Encrypt.Md5(password + newSalt);
5050

51-
EnsureSystemRoles();
52-
5351
var user = new User();
5452
user.Id = SystemSettings.SuperAdminId;
5553
user.Password = password;
@@ -112,6 +110,11 @@ public bool InitDefaultApp(string appName)
112110
return true;
113111
}
114112

113+
public void EnsureSystemRolePermissions()
114+
{
115+
EnsureSystemRoles();
116+
}
117+
115118
private void EnsureSystemRoles()
116119
{
117120
EnsureRole(SystemRoleConstants.SuperAdminId, "Super Administrator");

src/AgileConfig.Server.IService/ISystemInitializationService.cs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,5 +14,5 @@ public interface ISystemInitializationService
1414

1515
bool TryInitDefaultEnvironment();
1616

17-
Task<bool> TryInitSuperAdminRole();
17+
Task<bool> TryInitSystemRolesAndPermissions();
1818
}

src/AgileConfig.Server.Service/SystemInitializationService.cs

Lines changed: 10 additions & 46 deletions
Original file line numberDiff line numberDiff line change
@@ -14,9 +14,7 @@ public class SystemInitializationService(
1414
ISysInitRepository sysInitRepository,
1515
IConfiguration configuration,
1616
ILogger<SystemInitializationService> logger,
17-
IRoleDefinitionRepository roleDefinitionRepository,
18-
IFunctionRepository functionRepository,
19-
IRoleFunctionRepository roleFunctionRepository) : ISystemInitializationService
17+
IFunctionRepository functionRepository) : ISystemInitializationService
2018
{
2119
/// <summary>
2220
/// Initialize the JWT secret if it is not configured via file or environment variables.
@@ -130,59 +128,25 @@ public bool TryInitDefaultApp(string appName = "")
130128
return true;
131129
}
132130

133-
public async Task<bool> TryInitSuperAdminRole()
131+
public async Task<bool> TryInitSystemRolesAndPermissions()
134132
{
135133
try
136134
{
137-
// Check if SuperAdministrator role already exists
138-
var superAdminRole = await roleDefinitionRepository.GetAsync(SystemRoleConstants.SuperAdminId);
139-
if (superAdminRole != null)
140-
{
141-
logger.LogInformation("SuperAdministrator role already exists.");
142-
return true;
143-
}
144-
145-
// Create SuperAdministrator role
146-
superAdminRole = new Role
147-
{
148-
Id = SystemRoleConstants.SuperAdminId,
149-
Name = "SuperAdministrator",
150-
Description = "System super administrator with all permissions",
151-
IsSystem = true,
152-
CreateTime = DateTime.Now
153-
};
154-
155-
await roleDefinitionRepository.InsertAsync(superAdminRole);
156-
logger.LogInformation("SuperAdministrator role created successfully.");
157-
158-
// Get all existing functions
135+
// Ensure the built-in permission (function) catalog exists first, because the
136+
// system role-function bindings are matched against these function codes.
159137
var allFunctions = await functionRepository.AllAsync();
138+
if (allFunctions.Count == 0) await InitializeFunctions();
160139

161-
// If no functions exist yet, create them from the Functions class constants
162-
if (allFunctions.Count == 0) allFunctions = await InitializeFunctions();
163-
164-
// Bind all functions to SuperAdministrator role
165-
var roleFunctions = new List<RoleFunction>();
166-
foreach (var function in allFunctions)
167-
roleFunctions.Add(new RoleFunction
168-
{
169-
Id = Guid.NewGuid().ToString("N"),
170-
RoleId = SystemRoleConstants.SuperAdminId,
171-
FunctionId = function.Id,
172-
CreateTime = DateTime.Now
173-
});
174-
175-
if (roleFunctions.Count > 0)
176-
{
177-
await roleFunctionRepository.InsertAsync(roleFunctions);
178-
logger.LogInformation("Bound {count} functions to SuperAdministrator role.", roleFunctions.Count);
179-
}
140+
// Delegate system role creation and role-function binding to the single
141+
// idempotent implementation in the repository layer. It only adds missing
142+
// bindings and removes stale ones, so it is safe to run on every startup.
143+
sysInitRepository.EnsureSystemRolePermissions();
180144

181145
return true;
182146
}
183147
catch (Exception e)
184148
{
185-
logger.LogError(e, "Failed to initialize SuperAdministrator role.");
149+
logger.LogError(e, "Failed to initialize system roles and permissions.");
186150
return false;
187151
}
188152
}

0 commit comments

Comments
 (0)