public PermissionCheckResult Check(RoleBasedPermissionRule rule, PermissionCheckContext checkContext)
{
//todo: allowed super do any thing!
if (rule == null)
{
return(PermissionCheckResult.Allowed.WithMessage("没有定义规则 => 放行"));
}
if (checkContext.CheckPermissionIds == null || checkContext.CheckPermissionIds.Count == 0)
{
return(PermissionCheckResult.Allowed.WithMessage("没有指定需要检测的PermissionId => 放行"));
}
if (!checkContext.MatchPermissionId(rule.PermissionId))
{
return(PermissionCheckResult.NotSure
.WithMessage($"规则不匹配 => 无法判断: {rule.PermissionId} ? [{string.Join(',', checkContext.CheckPermissionIds)}]")
.WithData(rule.PermissionId));
}
var userContext = checkContext.CurrentUserContext;
if (rule.NeedGuest())
{
return(PermissionCheckResult.Allowed.WithMessage("访客规则 => 满足").WithData(rule.PermissionId));
}
var hasLogin = userContext.IsLogin();
if (!hasLogin)
{
return(PermissionCheckResult.Forbidden.WithMessage("需要登录 => 不满足").WithData(rule.PermissionId));
}
if (rule.NeedLogin())
{
return(PermissionCheckResult.Allowed.WithMessage("需要登录 => 满足").WithData(rule.PermissionId));
}
var msg = $"指定用户或角色: ctx:[{userContext.User}],[{userContext.Roles.MyJoin()}] + rule:[{rule.AllowedUsers}],[{rule.AllowedRoles}]";
if (rule.NeedUsersOrRoles(userContext.User, userContext.Roles.MyJoin()))
{
return(PermissionCheckResult.Allowed.WithMessage(msg + " => 满足").WithData(rule.PermissionId));
}
return(PermissionCheckResult.Forbidden.WithMessage(msg + " => 不满足").WithData(rule.PermissionId));
}
private static PermissionCheckResult CheckRoleBasedRule(this PermissionCheckContext checkContext, RoleBasedRule rule)
{
if (!checkContext.MatchPermissionId(rule.PermissionId))
{
return(PermissionCheckResult.NotSure
.WithMessage($"规则中没有发现匹配的规则: {rule.PermissionId} not found in [{string.Join(',', checkContext.NeedCheckPermissionIds)}] ")
.WithData(rule.PermissionId));
}
var ruleExpression = rule.ToExpression();
var userContext = checkContext.UserContext;
var msg = $"userContext:[{userContext.User}],[{userContext.Roles.JoinToOneValue()}] ? rule:[{rule.Rule}]";
if (ruleExpression.ValidateNeedGuest())
{
return(PermissionCheckResult.Allowed.WithMessage("访客规则 => 满足 " + msg).WithData(rule.PermissionId));
}
var hasLogin = userContext.IsLogin();
if (!hasLogin)
{
return(PermissionCheckResult.Forbidden.WithMessage("需要登录 => 不满足 " + msg).WithData(rule.PermissionId));
}
if (ruleExpression.ValidateNeedLogin())
{
return(PermissionCheckResult.Allowed.WithMessage("需要登录 => 满足 " + msg).WithData(rule.PermissionId));
}
if (ruleExpression.ValidateNeedAnyOfUsersOrRoles(userContext.User, userContext.Roles.JoinToOneValue()))
{
return(PermissionCheckResult.Allowed.WithMessage("满足 " + msg).WithData(rule.PermissionId));
}
return(PermissionCheckResult.Forbidden.WithMessage("不满足 " + msg).WithData(rule.PermissionId));
}
public Task<bool> ShouldCareAsync(PermissionCheckContext permissionCheckContext)
{
return permissionCheckContext.MatchPermissionId(DemoConst.PermissionIds.DemoBasedOp).AsTask();
}
public Task <bool> ShouldCareAsync(ICurrentUserContext userContext, PermissionCheckContext permissionCheckContext)
{
//按需决定是否需要参与
return(Task.FromResult(permissionCheckContext.MatchPermissionId(KnownPermissionIds.DemoOp)));
}