public bool Permit(IAcSession user, FunctionState function, IManagedObject data)
{
if (function == null)
{
throw new ArgumentNullException("function");
}
// 如果非托管
if (!function.IsManaged)
{
return true;
}
if (!user.Identity.IsAuthenticated)
{
return false;
}
if (user.IsDeveloper())
{
return true;
}
var functionIDs = user.AccountPrivilege.AuthorizedFunctionIDs;
if (!functionIDs.Contains(function.Id))
{
return false;
}
if (data != null)
{
// TODO:验证实体级权限。anycmd 1.0版本暂不支持,后续版本支持
}
return true;
}
public bool Permit(IAcSession user, FunctionState function, IManagedObject data)
{
if (function == null)
{
throw new ArgumentNullException("function");
}
// 如果非托管
if (!function.IsManaged)
{
return(true);
}
if (!user.Identity.IsAuthenticated)
{
return(false);
}
if (user.IsDeveloper())
{
return(true);
}
var functionIDs = user.AccountPrivilege.AuthorizedFunctionIDs;
if (!functionIDs.Contains(function.Id))
{
return(false);
}
if (data != null)
{
// TODO:验证实体级权限。anycmd 1.0版本暂不支持,后续版本支持
}
return(true);
}
private void OnObjectUnregistered(IManagedObject obj)
{
if (!(obj is T t))
{
return;
}
_registeredObjects.Remove(t.ID);
ObjectUnregistered?.Invoke(t);
}
private void OnObjectRegistered(IManagedObject obj)
{
if (!(obj is T t))
{
return;
}
t.ID = _nextID++;
_registeredObjects[t.ID] = t;
ObjectRegistered?.Invoke(t);
}
public static bool Permit <TEntity, TInput>(this IAcSession user, string resourceCode, string functionCode, IManagedObject currentEntity)
where TEntity : IManagedPropertyValues
where TInput : IManagedPropertyValues
{
var securityService = user.AcDomain.RetrieveRequiredService <ISecurityService>();
CatalogState resource;
if (!user.AcDomain.CatalogSet.TryGetCatalog(user.AcDomain.AppSystemSet.SelfAppSystem.Code + "." + resourceCode, out resource))
{
throw new ValidationException("意外的资源码" + resourceCode);
}
FunctionState function;
if (!user.AcDomain.FunctionSet.TryGetFunction(resource, functionCode, out function))
{
return(true);
}
return(securityService.Permit(user, function, currentEntity));
}
public static bool Permit <T, TInput>(this IAcSession user, FunctionState function, IManagedObject currentEntity)
where T : IManagedPropertyValues
where TInput : IManagedPropertyValues
{
var securityService = user.AcDomain.RetrieveRequiredService <ISecurityService>();
return(securityService.Permit(user, function, currentEntity));
}
public static bool Permit <TEntity, TInput>(this IAcSession user, Guid functionId, IManagedObject currentEntity)
where TEntity : IManagedPropertyValues
where TInput : IManagedPropertyValues
{
var securityService = user.AcDomain.RetrieveRequiredService <ISecurityService>();
FunctionState function;
if (!user.AcDomain.FunctionSet.TryGetFunction(functionId, out function))
{
return(true);
}
return(securityService.Permit(user, function, currentEntity));
}
public static bool Permit <TEntity, TInput>(this IAcSession user, UiViewState view, IManagedObject currentEntity)
where TEntity : IManagedPropertyValues
where TInput : IManagedPropertyValues
{
var securityService = user.AcDomain.RetrieveRequiredService <ISecurityService>();
if (view == null)
{
throw new ArgumentNullException("view");
}
if (view == UiViewState.Empty)
{
return(true);
}
FunctionState function;
if (!user.AcDomain.FunctionSet.TryGetFunction(view.Id, out function))
{
return(true);
}
return(securityService.Permit(user, function, currentEntity));
}
public IReadOnlyCollection <FunctionState> UserOperationsOnObject(IAcSession subject, IAcSession targetSession, IManagedObject obj)
{
AccountPrivilege accountPrivilege = targetSession.AccountPrivilege;
var functions = new HashSet <FunctionState>();
foreach (var f in accountPrivilege.AuthorizedFunctions)
{
functions.Add(f);
}
// TODO:执行实体级策略筛选返回的功能列表
return(functions.ToList());
}
public IReadOnlyCollection <FunctionState> RoleOperationsOnObject(IAcSession subject, IAcSession targetSession, Guid roleId, IManagedObject obj)
{
RoleState role;
if (!_acDomain.RoleSet.TryGetRole(roleId, out role))
{
throw new ValidationException("给定标识的角色不存在" + roleId);
}
var functions = new HashSet <FunctionState>();
foreach (var item in _acDomain.RoleSet.GetDescendantRoles(role))
{
foreach (var privilege in _acDomain.PrivilegeSet.Where(a =>
a.SubjectType == AcElementType.Role && a.SubjectInstanceId == roleId && a.ObjectType == AcElementType.Function))
{
FunctionState f;
if (_acDomain.FunctionSet.TryGetFunction(privilege.ObjectInstanceId, out f))
{
functions.Add(f);
}
}
}
// TODO:执行实体级策略筛选返回的功能列表
return(functions.ToList());
}
public bool CheckAccess(IAcSession subject, IAcSession targetSession, Guid functionId, IManagedObject obj)
{
var securityService = _acDomain.RetrieveRequiredService <ISecurityService>();
FunctionState function;
if (!_acDomain.FunctionSet.TryGetFunction(functionId, out function))
{
throw new ValidationException("给定标识的功能不存在" + functionId);
}
IAcSession session = targetSession;
if (session == null)
{
throw new ValidationException("给定标识的会话不存在");
}
return(securityService.Permit(session, function, obj));
}
public IReadOnlyCollection<FunctionState> UserOperationsOnObject(IAcSession subject, IAcSession targetSession, IManagedObject obj)
{
AccountPrivilege accountPrivilege = targetSession.AccountPrivilege;
var functions = new HashSet<FunctionState>();
foreach (var f in accountPrivilege.AuthorizedFunctions)
{
functions.Add(f);
}
// TODO:执行实体级策略筛选返回的功能列表
return functions.ToList();
}
public IReadOnlyCollection<FunctionState> RoleOperationsOnObject(IAcSession subject, IAcSession targetSession, Guid roleId, IManagedObject obj)
{
RoleState role;
if (!_acDomain.RoleSet.TryGetRole(roleId, out role))
{
throw new ValidationException("给定标识的角色不存在" + roleId);
}
var functions = new HashSet<FunctionState>();
foreach (var item in _acDomain.RoleSet.GetDescendantRoles(role))
{
foreach (var privilege in _acDomain.PrivilegeSet.Where(a =>
a.SubjectType == AcElementType.Role && a.SubjectInstanceId == roleId && a.ObjectType == AcElementType.Function))
{
FunctionState f;
if (_acDomain.FunctionSet.TryGetFunction(privilege.ObjectInstanceId, out f))
{
functions.Add(f);
}
}
}
// TODO:执行实体级策略筛选返回的功能列表
return functions.ToList();
}
public bool CheckAccess(IAcSession subject, IAcSession targetSession, Guid functionId, IManagedObject obj)
{
var securityService = _acDomain.RetrieveRequiredService<ISecurityService>();
FunctionState function;
if (!_acDomain.FunctionSet.TryGetFunction(functionId, out function))
{
throw new ValidationException("给定标识的功能不存在" + functionId);
}
IAcSession session = targetSession;
if (session == null)
{
throw new ValidationException("给定标识的会话不存在");
}
return securityService.Permit(session, function, obj);
}
/// <summary>
/// Unregister the <see cref="IManagedObject"/>. The object is then no longer managed by the <see cref="HoloFlowSceneManager"/>
/// </summary>
/// <param name="mObject"></param>
public void UnregisterObject(IManagedObject mObject)
{
ManagedObjects.Remove(mObject);
}
/// <summary>
/// Registers a <see cref="IManagedObject"/> which should be managed by the <see cref="HoloFlowSceneManager"/>
/// </summary>
public void RegisterObject(IManagedObject mObject)
{
ManagedObjects.Add(mObject);
}
