public bool Authorize(RoleFunctionMapDto dto) { var cache = _serviceProvider.GetService <IDistributedCache>(); var k = "_role_" + dto.RoleId.ToString(); var roles = cache.Get <RoleFunctionMapDto[]>(k); return(roles.Any(m => m.Source == dto.Source && m.RoleId == dto.RoleId && m.Area == dto.Area && m.Controller == dto.Controller && m.Action == dto.Action && m.IsLocked == false)); }
public void OnAuthorization(AuthorizationFilterContext context) { //允许匿名访问 if (context.Filters.Any(m => m is IAllowAnonymousFilter)) { return; } Check.NotNull(context, nameof(context)); IPrincipal user = context.HttpContext.User; //未登录 if (user == null || !user.Identity.IsAuthenticated) { return; } bool isJsRequest = context.HttpContext.Request.IsAjaxRequest() || context.HttpContext.Request.IsJsonContextType(); //已登录 if (user.Identity.IsAuthenticated) { var roleId = user.Identity.GetClaimValueFirstOrDefault("RoleId"); var role = user.Identity.GetClaimValueFirstOrDefault(ClaimTypes.Role); bool.TryParse(user.Identity.GetClaimValueFirstOrDefault("UserLocked"), out bool userLocked); bool.TryParse(user.Identity.GetClaimValueFirstOrDefault("RoleLocked"), out bool roleLocked); if (userLocked || roleLocked) { //进入用户或角色锁定界面或者返回被锁定数据 context.Result = isJsRequest ? (IActionResult) new JsonResult(new AjaxResult("权限被锁定,无法访问", AjaxResultType.Locked)) : new RedirectResult("/Exception/Locked"); } if (role == "超级管理员") { return; } IServiceProvider provider = context.HttpContext.RequestServices; var service = provider.GetService <IRoleFunctionMapContract>(); var options = provider.GetTomNetOptions(); string area = GetAreaName(context); string controller = GetControllerName(context); string action = GetActionName(context); var dto = new RoleFunctionMapDto { RoleId = int.Parse(roleId), Source = options.LocalOption.AppKey, Area = area, Controller = controller, Action = action }; //判断是否基于角色权限授权 if (!service.Authorize(dto)) { context.Result = isJsRequest ? (IActionResult) new JsonResult(new AjaxResult("权限不足,无法访问", AjaxResultType.Forbidden)) : new RedirectResult("/Exception/Forbidden"); } } if (isJsRequest) { context.HttpContext.Response.StatusCode = 200; } }