support prevent modify super admin

Author: dudes-come

README.md

@@ -3,6 +3,8 @@
 Different to [ZKWeb.Demo](https://github.com/zkweb-framework/ZKWeb.Demo), this demo use Entity Framework Core and it's a single page application.<br/>
 Also it supports linux (docker) hosting, which [ZKWeb.Demo](https://github.com/zkweb-framework/ZKWeb.Demo) doesn't for now.
 
+This demo is host on [http://mvvmdemo.zkweb.org](http://mvvmdemo.zkweb.org)<br/>
+
 # Screenshots
 
 ![preview](./docs/preview.jpg)

ZKWeb.MVVMDemo.sln

@@ -1,6 +1,6 @@
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio 15
-VisualStudioVersion = 15.0.26730.10
+VisualStudioVersion = 15.0.26730.12
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{ADA47558-C1AF-4CFA-B0FF-AF09BE8E4602}"
 EndProject

src/ZKWeb.MVVMDemo.AspNetCore/App_Data/config.json

@@ -16,5 +16,8 @@
         "MVVM.Example.CrudExample",
         "MVVM.Angular.Support",
         "MVVM.Angular.Website"
-    ]
+    ],
+    "Extra": {
+        "Common.Admin.PreventModifySuperAdmin": true
+    }
 }

src/ZKWeb.MVVMPlugins/MVVM.Angular.Website/static/src/modules/generated_module/translations/zh-cn.ts

@@ -123,6 +123,8 @@ export class Translation_zh_CN {
 		"IsSuccess": "是否成功",
 		"Switch Language": "切换语言",
 		"Switch Timezone": "切换时区",
+		"Modify super admin is disabled, please modify website configuration": "网站已禁止修改超级管理员, 有需要请修改网站设置启用",
+		"Delete super admin is disabled, please modify website configuration": "网站已禁止删除超级管理员, 有需要请修改网站设置启用",
 		"ExampleData": "示例数据",
 		"Example Datas": "示例数据",
 		"Edit ExampleData": "编辑示例数据",

src/ZKWeb.MVVMPlugins/MVVM.Common.MultiTenant/src/Domain/Services/TenantManager.cs

@@ -16,7 +16,7 @@ public class TenantManager : DomainServiceBase<Tenant, Guid>
         /// <summary>
         /// 主租户的名称
         /// </summary>
-        protected const string MasterTenantName = "Master";
+        public const string MasterTenantName = "Master";
         /// <summary>
         /// 主租户的实例
         /// </summary>

src/ZKWeb.MVVMPlugins/MVVM.Common.Organization/src/Components/ExtraConfigKeys/OrganizationExtraConfigKeys.cs

@@ -14,6 +14,10 @@ public class OrganizationExtraConfigKeys
         /// </summary>
         public const string SessionExpireDaysWithoutRememberLogin = "Common.Admin.SessionExpireDaysWithoutRememberLogin";
         /// <summary>
+        /// 是否禁止修改或删除超级管理员
+        /// </summary>
+        public const string PreventModifySuperAdmin = "Common.Admin.PreventModifySuperAdmin";
+        /// <summary>
         /// 头像宽度
         /// </summary>
         public const string AvatarWidth = "Common.Admin.AvatarWidth";

src/ZKWeb.MVVMPlugins/MVVM.Common.Organization/src/Components/Translates/zh_CN.cs

@@ -113,7 +113,11 @@ public zh_CN()
                 { "ErrorMessage", "错误信息" },
                 { "IsSuccess", "是否成功" },
                 { "Switch Language", "切换语言" },
-                { "Switch Timezone", "切换时区" }
+                { "Switch Timezone", "切换时区" },
+                { "Modify super admin is disabled, please modify website configuration",
+                    "网站已禁止修改超级管理员, 有需要请修改网站设置启用" },
+                { "Delete super admin is disabled, please modify website configuration",
+                    "网站已禁止删除超级管理员, 有需要请修改网站设置启用" },
             };
         }
     }

src/ZKWeb.MVVMPlugins/MVVM.Common.Organization/src/Domain/Filters/PreventModifySuperAdminFilter.cs

@@ -0,0 +1,52 @@
+using System;
+using ZKWeb.Localize;
+using ZKWeb.MVVMPlugins.MVVM.Common.Base.src.Domain.Filters.Interfaces;
+using ZKWeb.MVVMPlugins.MVVM.Common.MultiTenant.src.Domain.Services;
+using ZKWeb.MVVMPlugins.MVVM.Common.Organization.src.Components.ExtraConfigKeys;
+using ZKWeb.MVVMPlugins.MVVM.Common.Organization.src.Domain.Entities;
+using ZKWeb.MVVMPlugins.MVVM.Common.Organization.src.Domain.Services;
+using ZKWeb.Server;
+using ZKWebStandard.Extensions;
+using ZKWebStandard.Ioc;
+
+namespace ZKWeb.MVVMPlugins.MVVM.Common.Organization.src.Domain.Filters {
+    /// <summary>
+    /// 阻止修改超级管理员的密码, 或删除管理员
+    /// </summary>
+    [ExportMany, SingletonReuse]
+    public class PreventModifySuperAdminFilter : IEntityOperationFilter
+    {
+        public bool PreventModifySuperAdmin { get; set; }
+
+        public PreventModifySuperAdminFilter()
+        {
+            var configManager = ZKWeb.Application.Ioc.Resolve<WebsiteConfigManager>();
+            var extra = configManager.WebsiteConfig.Extra;
+            PreventModifySuperAdmin = extra.GetOrDefault(
+                OrganizationExtraConfigKeys.PreventModifySuperAdmin, false);
+        }
+
+        void IEntityOperationFilter.FilterSave<TEntity, TPrimaryKey>(TEntity entity)
+        {
+            if (PreventModifySuperAdmin &&
+                entity is User &&
+                ((User)(object)entity).OwnerTenant.Name == TenantManager.MasterTenantName &&
+                ((User)(object)entity).Username == AdminManager.SuperAdminName)
+            {
+                throw new NotSupportedException(
+                    new T("Modify super admin is disabled, please modify website configuration"));
+            }
+        }
+
+        void IEntityOperationFilter.FilterDelete<TEntity, TPrimaryKey>(TEntity entity)
+        {
+            if (PreventModifySuperAdmin &&
+                entity is User &&
+                ((User)(object)entity).OwnerTenant.Name == TenantManager.MasterTenantName &&
+                ((User)(object)entity).Username == AdminManager.SuperAdminName) {
+                throw new NotSupportedException(
+                    new T("Delete super admin is disabled, please modify website configuration"));
+            }
+        }
+    }
+}

src/ZKWeb.MVVMPlugins/MVVM.Common.Organization/src/Domain/Services/AdminManager.cs

@@ -1,19 +1,15 @@
-using System;
-using System.Linq;
-using ZKWeb.Localize;
+using System.Linq;
 using ZKWeb.MVVMPlugins.MVVM.Common.Base.src.Components.Exceptions;
 using ZKWeb.MVVMPlugins.MVVM.Common.Base.src.Domain.Services.Bases;
-using ZKWeb.MVVMPlugins.MVVM.Common.Base.src.Domain.Services.Interfaces;
 using ZKWeb.MVVMPlugins.MVVM.Common.Base.src.Domain.Uow.Extensions;
 using ZKWeb.MVVMPlugins.MVVM.Common.MultiTenant.src.Domain.Filters;
 using ZKWeb.MVVMPlugins.MVVM.Common.MultiTenant.src.Domain.Services;
 using ZKWeb.MVVMPlugins.MVVM.Common.Organization.src.Domain.Entities;
 using ZKWeb.MVVMPlugins.MVVM.Common.Organization.src.Domain.Entities.Interfaces;
 using ZKWeb.MVVMPlugins.MVVM.Common.Organization.src.Domain.Entities.UserTypes;
 using ZKWeb.MVVMPlugins.MVVM.Common.Organization.src.Domain.Extensions;
-using ZKWebStandard.Extensions;
+using ZKWeb.MVVMPlugins.MVVM.Common.Organization.src.Domain.Filters;
 using ZKWebStandard.Ioc;
-using ZKWebStandard.Web;
 
 namespace ZKWeb.MVVMPlugins.MVVM.Common.Organization.src.Domain.Services
 {
@@ -26,11 +22,11 @@ public class AdminManager : DomainServiceBase
         /// <summary>
         /// 超级管理员的名称
         /// </summary>
-        protected const string SuperAdminName = "admin";
+        public const string SuperAdminName = "admin";
         /// <summary>
         /// 超级管理员的密码
         /// </summary>
-        protected const string SuperAdminPassword = "123456";
+        public const string SuperAdminPassword = "123456";
         /// <summary>
         /// 生成超级管理员时使用的锁
         /// </summary>
@@ -59,6 +55,7 @@ public virtual User EnsureSuperAdmin()
         {
             using (UnitOfWork.Scope())
             using (UnitOfWork.DisableFilter(typeof(OwnerTenantFilter)))
+            using (UnitOfWork.DisableFilter(typeof(PreventModifySuperAdminFilter)))
             {
                 var admin = GetSuperAdmin();
                 if (admin != null)

src/ZKWeb.MVVMPlugins/MVVM.Common.Organization/src/Domain/Services/UserManager.cs

@@ -242,6 +242,7 @@ public virtual void ChangePassword(Guid userId, string oldPassword, string newPa
         {
             using (UnitOfWork.Scope())
             {
+                UnitOfWork.Context.BeginTransaction();
                 var user = Get(userId);
                 if (user == null)
                 {
@@ -252,6 +253,7 @@ public virtual void ChangePassword(Guid userId, string oldPassword, string newPa
                     throw new ForbiddenException("Incorrect old password");
                 }
                 Save(ref user, u => u.SetPassword(newPassword));
+                UnitOfWork.Context.FinishTransaction();
             }
         }