protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, PermissionRequirement requirement)
{
if (requirement != null && !String.IsNullOrWhiteSpace(requirement.Permission))
{
var permsInfo = requirement.Permission.Split(Constants.ColonDelimiter);
Boolean.TryParse(permsInfo[_isAdminIndex], out bool isAdminRequired);
if (await _permissionService.HasPermissionAsync(context.User, permsInfo[_permKeyIndex], isAdminRequired))
{
context.Succeed(requirement);
}
}
}
public async Task <bool> HasPermissionAsync(string permKey, bool isAdmin = false)
{
// 除了平台的超级管理员,其他管理员只能管理所属 Client 的资源
bool isSuper = User.IsSuperAdmin();
List <string> allowedClientIds = null;
if (!isSuper)
{
allowedClientIds = User.FindAll(JwtClaimTypes.ClientId).Select(itm => itm.Value).ToList();
}
return(await _permissionService.HasPermissionAsync(User, permKey, isAdmin, allowedClientIds));
}