public AbpUserConfigurationBuilder(
IMultiTenancyConfig multiTenancyConfig,
ILanguageManager languageManager,
ILocalizationManager localizationManager,
IFeatureManager featureManager,
IFeatureChecker featureChecker,
IPermissionManager permissionManager,
IUserNavigationManager userNavigationManager,
ISettingDefinitionManager settingDefinitionManager,
ISettingManager settingManager,
IAbpAntiForgeryConfiguration abpAntiForgeryConfiguration,
IAbpSession abpSession,
IPermissionChecker permissionChecker)
{
_multiTenancyConfig = multiTenancyConfig;
_languageManager = languageManager;
_localizationManager = localizationManager;
_featureManager = featureManager;
_featureChecker = featureChecker;
_permissionManager = permissionManager;
_userNavigationManager = userNavigationManager;
_settingDefinitionManager = settingDefinitionManager;
_settingManager = settingManager;
_abpAntiForgeryConfiguration = abpAntiForgeryConfiguration;
_abpSession = abpSession;
_permissionChecker = permissionChecker;
}
/// <inheritdoc/>
public AuthorizationScriptManager(IPermissionManager permissionManager)
{
OwSession = NullOwSession.Instance;
PermissionChecker = NullPermissionChecker.Instance;
_permissionManager = permissionManager;
}
/// <summary>
/// Sends the permission denied message for the specified permission checker.
/// </summary>
/// <param name="permissionChecker">The permission checker.</param>
/// <param name="player">The player.</param>
/// <returns>true on success; false otherwise.</returns>
protected override bool SendPermissionDeniedMessage(IPermissionChecker permissionChecker, BasePlayer player)
{
if (permissionChecker == null) throw new ArgumentNullException(nameof(permissionChecker));
if (player == null) throw new ArgumentNullException(nameof(player));
if (permissionChecker.Message == null)
return false;
// Send permission denied message in red instead of white.
player.SendClientMessage(Color.Red, permissionChecker.Message);
return true;
}
protected CommandPermissionAction(IServiceProvider serviceProvider,
IPermissionRoleStore permissionRoleStore,
ICommandPermissionBuilder permissionBuilder,
IPermissionChecker permissionChecker,
IUserDataStore userDataStore,
IUserManager userManager,
IPermissionRegistry permissionRegistry) : base(serviceProvider)
{
m_PermissionRoleStore = permissionRoleStore;
m_PermissionBuilder = permissionBuilder;
m_PermissionChecker = permissionChecker;
m_UserDataStore = userDataStore;
m_UserManager = userManager;
m_PermissionRegistry = permissionRegistry;
}
public UserAppService(
IRepository <User, long> repository,
UserManager userManager,
RoleManager roleManager,
IRepository <Role> roleRepository,
IPasswordHasher <User> passwordHasher,
IPermissionChecker permissionChecker)
: base(repository)
{
_userManager = userManager;
_roleManager = roleManager;
_roleRepository = roleRepository;
_passwordHasher = passwordHasher;
_permissionChecker = permissionChecker;
}
public OpenModHostedService(
ILogger <OpenModHostedService> logger,
IPermissionChecker permissionChecker,
IOpenModHost host,
IPluginAssemblyStore pluginAssemblyStore,
IPluginActivator pluginActivator,
IEventBus eventBus
)
{
m_Logger = logger;
m_PermissionChecker = permissionChecker;
m_Host = host;
m_PluginAssemblyStore = pluginAssemblyStore;
m_PluginActivator = pluginActivator;
m_EventBus = eventBus;
}
protected SampleAppTestBase()
{
//Fake DbConnection using Effort!
LocalIocManager.IocContainer.Register(
Component.For <DbConnection>()
.UsingFactoryMethod(Effort.DbConnectionFactory.CreateTransient)
.LifestyleSingleton()
);
CreateInitialData();
RoleManager = Resolve <RoleManager>();
UserManager = Resolve <UserManager>();
PermissionManager = Resolve <IPermissionManager>();
PermissionChecker = Resolve <IPermissionChecker>();
}
public virtual async Task TestHasAnyPermissionsGroup()
{
IPermissionChecker checker = LoadChecker();
IPermissionProvider provider = LoadProvider();
IPermissionGroup group = await provider.GetGroupAsync("TestGroup2");
Assert.AreEqual(PermissionResult.Grant,
await checker.CheckHasAnyPermissionAsync(group, "GroupPermission2", "NonExistantPermission"));
Assert.AreEqual(PermissionResult.Default,
await checker.CheckHasAnyPermissionAsync(group, "NonExistantPermission", "GroupPermission1"));
//GroupPermission3 is explicitly denied
Assert.AreEqual(PermissionResult.Deny,
await checker.CheckHasAnyPermissionAsync(group, "NonExistantPermission", "GroupPermission3"));
}
public OpenModHostedService(
ILogger <OpenModHostedService> logger,
IPermissionChecker permissionChecker,
IRuntime runtime,
IOpenModHost host,
IPluginAssemblyStore pluginAssemblyStore,
IPluginActivator pluginActivator
)
{
m_Logger = logger;
m_PermissionChecker = permissionChecker;
m_Runtime = runtime;
m_Host = host;
m_PluginAssemblyStore = pluginAssemblyStore;
m_PluginActivator = pluginActivator;
}
public Registration(
IRepository <Mindfight, long> mindfightRepository,
IRepository <Team, long> teamRepository,
IRepository <Models.Registration, long> registrationRepository,
IPermissionChecker permissionChecker,
UserManager userManager,
IObjectMapper objectMapper
)
{
_mindfightRepository = mindfightRepository;
_teamRepository = teamRepository;
_registrationRepository = registrationRepository;
_permissionChecker = permissionChecker;
_userManager = userManager;
_objectMapper = objectMapper;
}
public virtual async Task TestHasAllPermissionsPlayer()
{
IPermissionChecker checker = LoadChecker();
Assert.AreEqual(PermissionResult.Grant, await checker.CheckHasAllPermissionsAsync(TestPlayer,
"PlayerPermission.Test", "PlayerPermission.Test2.ChildNode",
"GroupPermission2", "GroupPermission2.Child"));
Assert.AreEqual(PermissionResult.Default,
await checker.CheckHasAllPermissionsAsync(TestPlayer, "PlayerPermission.Test", "GroupPermission2",
"NonExistantPermission"));
//GroupPermission3 is explicitly denied
Assert.AreEqual(PermissionResult.Deny,
await checker.CheckHasAllPermissionsAsync(TestPlayer, "PlayerPermission.Test", "GroupPermission2",
"GroupPermission3"));
}
/// <summary>
/// Authorizes current user for given permission or permissions,
/// throws <see cref="AuthorizationException"/> if not authorized.
/// </summary>
/// <param name="permissionChecker">Permission checker</param>
/// <param name="requireAll">
/// If this is set to true, all of the <see cref="permissionNames"/> must be granted.
/// If it's false, at least one of the <see cref="permissionNames"/> must be granted.
/// </param>
/// <param name="permissionNames">Name of the permissions to authorize</param>
/// <exception cref="AuthorizationException">Throws authorization exception if</exception>
public static async Task AuthorizeAsync(this IPermissionChecker permissionChecker, bool requireAll, params string[] permissionNames)
{
if (await IsGrantedAsync(permissionChecker, requireAll, permissionNames))
{
return;
}
//var localizedPermissionNames = LocalizePermissionNames(permissionChecker, permissionNames);
if (requireAll)
{
throw new AuthorizationException(
//string.Format(
// L(
// permissionChecker,
// "AllOfThesePermissionsMustBeGranted",
// "Required permissions are not granted. All of these permissions must be granted: {0}"
// ),
// string.Join(", ", localizedPermissionNames)
//)
string.Format(
"Required permissions are not granted. All of these permissions must be granted: {0}",
string.Join(", ", "ALL")
)
);
}
else
{
throw new AuthorizationException(
//string.Format(
// L(
// permissionChecker,
// "AtLeastOneOfThesePermissionsMustBeGranted",
// "Required permissions are not granted. At least one of these permissions must be granted: {0}"
// ),
// string.Join(", ", localizedPermissionNames)
//)
string.Format(
"Required permissions are not granted. At least one of these permissions must be granted: {0}",
string.Join(", ", "ALL")
)
);
}
}
public virtual async Task TestGroupPermissions()
{
IPermissionChecker checker = LoadChecker();
IPermissionProvider provider = LoadProvider();
IPermissionGroup group = await provider.GetGroupAsync("TestGroup2");
Assert.AreEqual(PermissionResult.Default, await
checker.CheckPermissionAsync(TestPlayer,
"GroupPermission1")); // permission of a group the player doesnt belong to
Assert.AreEqual(PermissionResult.Default, await checker.CheckPermissionAsync(TestPlayer, "NonExistantPermission"));
Assert.AreEqual(PermissionResult.Grant, await checker.CheckPermissionAsync(TestPlayer, "GroupPermission2"));
Assert.AreEqual(PermissionResult.Deny, await checker.CheckPermissionAsync(TestPlayer, "GroupPermission3"));
Assert.AreEqual(PermissionResult.Default, await checker.CheckPermissionAsync(group, "NonExistantPermission"));
Assert.AreEqual(PermissionResult.Grant, await checker.CheckPermissionAsync(group, "GroupPermission2"));
Assert.AreEqual(PermissionResult.Deny, await checker.CheckPermissionAsync(group, "GroupPermission3"));
}
public CWarpRoot(IStringLocalizer stringLocalizer,
IDataStore dataStore,
IPermissionChecker permissionChecker,
IConfiguration configuration,
IPluginAccessor <NewEssentials> pluginAccessor,
ITeleportService teleportService,
ICooldownManager cooldownManager,
IServiceProvider serviceProvider) :
base(serviceProvider)
{
m_StringLocalizer = stringLocalizer;
m_DataStore = dataStore;
m_PermissionChecker = permissionChecker;
m_Configuration = configuration;
m_PluginAccessor = pluginAccessor;
m_TeleportService = teleportService;
m_CooldownManager = cooldownManager;
}
public Question(
IRepository <Models.Question, long> questionRepository,
IRepository <Team, long> teamRepository,
IRepository <Tour, long> tourRepository,
IRepository <Mindfight, long> mindfightRepository,
IPermissionChecker permissionChecker,
UserManager userManager,
IObjectMapper objectMapper
)
{
_questionRepository = questionRepository;
_teamRepository = teamRepository;
_tourRepository = tourRepository;
_mindfightRepository = mindfightRepository;
_permissionChecker = permissionChecker;
_userManager = userManager;
_objectMapper = objectMapper;
}
public ConfigurationsController(ILogger <ConfigurationsController> logger,
IHttpContextAccessor httpContextAccessor,
IOptions <AuthorizationOptions> authorizationOptions,
IOptions <RequestLocalizationOptions> requestLocalizationOptions,
IPermissionDefinitionManager permissionDefinitionManager,
IPermissionChecker permissionChecker,
IAuthorizationService authorizationService,
IStringLocalizerFactory stringLocalizerFactory)
{
_logger = logger ?? NullLogger <ConfigurationsController> .Instance;
_httpContextAccessor = httpContextAccessor;
_authorizationOptions = authorizationOptions.Value;
_requestLocalizationOptions = requestLocalizationOptions.Value;
_permissionDefinitionManager = permissionDefinitionManager;
_permissionChecker = permissionChecker;
_authorizationService = authorizationService;
_stringLocalizerFactory = stringLocalizerFactory;
}
public CommandHelp(
IRuntime runtime,
ICommandStore commandStore,
IServiceProvider serviceProvider,
IPermissionRegistry permissionRegistry,
ICommandPermissionBuilder commandPermissionBuilder,
ICommandContextBuilder commandContextBuilder,
IOpenModStringLocalizer stringLocalizer) : base(serviceProvider)
{
// get global permission checker instead of scoped
m_PermissionChecker = runtime.Host !.Services.GetRequiredService <IPermissionChecker>();
m_CommandStore = commandStore;
m_PermissionRegistry = permissionRegistry;
m_CommandPermissionBuilder = commandPermissionBuilder;
m_CommandContextBuilder = commandContextBuilder;
m_StringLocalizer = stringLocalizer;
}
/// <summary>
/// Sends the permission denied message for the specified permission checker.
/// </summary>
/// <param name="permissionChecker">The permission checker.</param>
/// <param name="player">The player.</param>
/// <returns>true on success; false otherwise.</returns>
protected virtual bool SendPermissionDeniedMessage(IPermissionChecker permissionChecker, BasePlayer player)
{
if (permissionChecker == null)
{
throw new ArgumentNullException(nameof(permissionChecker));
}
if (player == null)
{
throw new ArgumentNullException(nameof(player));
}
if (permissionChecker.Message == null)
{
return(false);
}
player.SendClientMessage(permissionChecker.Message);
return(true);
}
public async Task ExecuteAsync(ICommandContext context)
{
IPermissionChecker permissions = context.Container.Resolve <IPermissionChecker>();
ITranslationCollection translations = ((RocketUnturnedHost)context.Container.Resolve <IHost>()).ModuleTranslations;
IPlayer target;
if (await permissions.CheckPermissionAsync(context.User, Permission + ".Others") == PermissionResult.Grant &&
context.Parameters.Length >= 1)
{
target = await context.Parameters.GetAsync <IPlayer>(0);
}
else
{
target = ((UnturnedUser)context.User).Player;
}
if (!(target is UnturnedPlayer uPlayer))
{
await context.User.SendMessageAsync($"Could not heal {target.User.DisplayName}", ConsoleColor.Red);
return;
}
uPlayer.Entity.Heal(100);
uPlayer.Entity.Bleeding = false;
uPlayer.Entity.Broken = false;
uPlayer.Entity.Infection = 0;
uPlayer.Entity.Hunger = 0;
uPlayer.Entity.Thirst = 0;
if (target == context.User)
{
await context.User.SendLocalizedMessageAsync(translations, "command_heal_success");
return;
}
await context.User.SendLocalizedMessageAsync(translations, "command_heal_success_me", null, target.User.DisplayName);
await target.User.SendLocalizedMessageAsync(translations, "command_heal_success_other", null, context.User.DisplayName);
}
public OpenModHostedService(
ILogger <OpenModHostedService> logger,
IPermissionChecker permissionChecker,
IHostInformation hostInformation,
IOpenModHost host,
IPluginAssemblyStore pluginAssemblyStore,
IPluginActivator pluginActivator,
IEventBus eventBus,
IJobScheduler jobScheduler
)
{
m_Logger = logger;
m_PermissionChecker = permissionChecker;
m_HostInformation = hostInformation;
m_Host = host;
m_PluginAssemblyStore = pluginAssemblyStore;
m_PluginActivator = pluginActivator;
m_EventBus = eventBus;
m_JobScheduler = jobScheduler;
}
/// <summary>
/// Sends the permission denied message for the specified permission checker.
/// </summary>
/// <param name="permissionChecker">The permission checker.</param>
/// <param name="player">The player.</param>
/// <returns>true on success; false otherwise.</returns>
protected override bool SendPermissionDeniedMessage(IPermissionChecker permissionChecker, BasePlayer player)
{
if (permissionChecker == null)
{
throw new ArgumentNullException(nameof(permissionChecker));
}
if (player == null)
{
throw new ArgumentNullException(nameof(player));
}
if (permissionChecker.Message == null)
{
return(false);
}
// Send permission denied message in red instead of white.
player.SendClientMessage(Color.Red, permissionChecker.Message);
return(true);
}
/// <summary>
/// Initializes a new instance of the <see cref="DefaultCommand" /> class.
/// </summary>
/// <param name="names">The names.</param>
/// <param name="displayName">The display name.</param>
/// <param name="ignoreCase">if set to <c>true</c> ignore the case of the command.</param>
/// <param name="permissionCheckers">The permission checkers.</param>
/// <param name="method">The method.</param>
/// <param name="usageMessage">The usage message.</param>
public DefaultCommand(CommandPath[] names, string displayName, bool ignoreCase,
IPermissionChecker[] permissionCheckers,
MethodInfo method, string usageMessage)
{
if (names == null) throw new ArgumentNullException(nameof(names));
if (method == null) throw new ArgumentNullException(nameof(method));
if (names.Length == 0) throw new ArgumentException("Must contain at least 1 name", nameof(names));
if (!IsValidCommandMethod(method))
throw new ArgumentException("Method unsuitable as command", nameof(method));
IsMethodMemberOfPlayer = typeof (BasePlayer).IsAssignableFrom(method.DeclaringType);
var skipCount = IsMethodMemberOfPlayer ? 0 : 1;
var index = 0;
var count = method.GetParameters().Length - skipCount;
Names = names;
_displayName = displayName;
IsCaseIgnored = ignoreCase;
Method = method;
UsageMessage = string.IsNullOrWhiteSpace(usageMessage) ? null : usageMessage;
Parameters = Method.GetParameters()
.Skip(skipCount)
.Select(
p =>
{
var type = GetParameterType(p, index++, count);
return type == null
? null
: new CommandParameterInfo(p.Name, type, p.HasDefaultValue, p.DefaultValue);
})
.ToArray();
if (Parameters.Any(v => v == null))
{
throw new ArgumentException("Method has parameter of unknown type", nameof(method));
}
PermissionCheckers = (permissionCheckers?.Where(p => p != null).ToArray() ?? new IPermissionChecker[0]);
}
public FxServiceProxy(ILoginRulesProvider loginRulesProvider, ITradingSettingsProvider tradingSettingsProvider,
IPermissionChecker permissionChecker, IRequestProvider requestProvider, ITableManager tableManager, ISessionProvider sessionProvider)
{
var feedback = new SessionFeedbackContext();
feedback.SetLoginRulesProvider = this.SetLoginRules;
feedback.SetPermissionChecker = this.SetPermissionChecker;
feedback.SetRequestProvider = this.SetRequests;
feedback.SetTableManager = this.SetTableManager;
feedback.SetTradingSettingsProvider = this.SetTradingSettings;
this.Session = sessionProvider ??
new SessionProvider(loginRulesProvider, tradingSettingsProvider, permissionChecker, requestProvider,
tableManager, new SessionProviderValidator(), feedback);
this.LoginRules = loginRulesProvider;
this.PermissionChecker = permissionChecker;
this.Requests = requestProvider;
this.TableManager = tableManager;
this.TradingSettings = tradingSettingsProvider;
}
public SessionProvider(ILoginRulesProvider loginRules, ITradingSettingsProvider tradingSettings,
IPermissionChecker permissionChecker, IRequestProvider requests, ITableManager tableManager,
ISessionProviderValidator validator, SessionFeedbackContext feedbackContext)
{
if (feedbackContext == null)
{
throw new ArgumentNullException("feedbackContext");
}
this.InitialLoginRulesProvider = loginRules;
this.InitialPermissionChecker = permissionChecker;
this.InitialTableManager = tableManager;
this.InitialTradingSettingsProvider = tradingSettings;
this.InitialRequestProvider = requests;
this.Validator = validator;
this.FeedbackContext = feedbackContext;
this.InitSession();
this.MarketDataRequests = new Dictionary <string, MarketDataRequestItem>(StringComparer.OrdinalIgnoreCase);
}
/// <summary>
/// Checks if the target has all of the given permissions.
/// </summary>
/// <param name="permissionChecker">The permission checker.</param>
/// <param name="target">The target to check.</param>
/// <param name="permissions">The permissions to check.</param>
/// <returns>
/// <see cref="PermissionResult.Grant" /> if the target explicity has access to all of the given permissions,
/// <see cref="PermissionResult.Deny" /> if the target explicitly does not have access to any of the permissions;
/// otherwise, <see cref="PermissionResult.Default" />
/// </returns>
public static async Task <PermissionResult> CheckHasAllPermissionsAsync(this IPermissionChecker permissionChecker, IPermissionActor target, params string[] permissions)
{
PermissionResult result = PermissionResult.Grant;
foreach (string permission in permissions)
{
PermissionResult tmp = await permissionChecker.CheckPermissionAsync(target, permission);
if (tmp == PermissionResult.Deny)
{
return(PermissionResult.Deny);
}
if (tmp == PermissionResult.Default)
{
result = PermissionResult.Default;
}
}
return(result);
}
public CommandCooldownStore(
IConfiguration configuration,
IRuntime runtime,
IDataStoreFactory dataStoreFactory,
ILogger <CommandCooldownStore> logger,
IPermissionRoleStore permissionRoleStore,
IPermissionRolesDataStore permissionRolesDataStore,
IPermissionChecker permissionChecker)
{
m_Configuration = configuration;
m_DataStore = dataStoreFactory.CreateDataStore(new DataStoreCreationParameters()
{
Prefix = "openmod", WorkingDirectory = runtime.WorkingDirectory, LogOnChange = false
});
m_Logger = logger;
m_PermissionRoleStore = permissionRoleStore;
m_PermissionRolesDataStore = permissionRolesDataStore;
m_PermissionChecker = permissionChecker;
m_Records = new Dictionary <string, List <CooldownRecord> >();
m_LoadedPersistedRecords = false;
}
/// <summary>
/// Authorizes current user for given permission or permissions,
/// throws <see cref="AbpAuthorizationException" /> if not authorized.
/// </summary>
/// <param name="permissionChecker">Permission checker</param>
/// <param name="requireAll">
/// If this is set to true, all of the <see cref="permissionNames" /> must be granted.
/// If it's false, at least one of the <see cref="permissionNames" /> must be granted.
/// </param>
/// <param name="permissionNames">Name of the permissions to authorize</param>
/// <exception cref="AbpAuthorizationException">Throws authorization exception if</exception>
public static async Task AuthorizeAsync <TTenantId, TUserId>(
this IPermissionChecker <TTenantId, TUserId> permissionChecker, bool requireAll,
params string[] permissionNames)
where TTenantId : struct
where TUserId : struct
{
if (permissionNames.IsNullOrEmpty())
{
return;
}
if (requireAll)
{
foreach (var permissionName in permissionNames)
{
if (!(await permissionChecker.IsGrantedAsync(permissionName)))
{
throw new AbpAuthorizationException(
"Required permissions are not granted. All of these permissions must be granted: " +
string.Join(", ", permissionNames)
);
}
}
}
else
{
foreach (var permissionName in permissionNames)
{
if (await permissionChecker.IsGrantedAsync(permissionName))
{
return;
}
}
throw new AbpAuthorizationException(
"Required permissions are not granted. At least one of these permissions must be granted: " +
string.Join(", ", permissionNames)
);
}
}
public static string[] LocalizePermissionNames(IPermissionChecker permissionChecker, string[] permissionNames)
{
if (!(permissionChecker is IIocManagerAccessor))
{
return(permissionNames);
}
var iocManager = (permissionChecker as IIocManagerAccessor).IocManager;
using (var localizationContext = iocManager.ResolveAsDisposable <ILocalizationContext>())
{
using (var permissionManager = iocManager.ResolveAsDisposable <IPermissionManager>())
{
return(permissionNames.Select(permissionName =>
{
var permission = permissionManager.Object.GetPermissionOrNull(permissionName);
return permission == null
? permissionName
: permission.DisplayName.Localize(localizationContext.Object);
}).ToArray());
}
}
}
/// <summary>
/// Authorizes current user for given permission or permissions,
/// throws <see cref="AbpAuthorizationException"/> if not authorized.
/// </summary>
/// <param name="permissionChecker">Permission checker</param>
/// <param name="requireAll">
/// If this is set to true, all of the <see cref="permissionNames"/> must be granted.
/// If it's false, at least one of the <see cref="permissionNames"/> must be granted.
/// </param>
/// <param name="permissionNames">Name of the permissions to authorize</param>
/// <exception cref="AbpAuthorizationException">Throws authorization exception if</exception>
public static async Task AuthorizeAsync(this IPermissionChecker permissionChecker, bool requireAll, params string[] permissionNames)
{
if (await IsGrantedAsync(permissionChecker, requireAll, permissionNames))
{
return;
}
if (requireAll)
{
throw new AbpAuthorizationException(
"Required permissions are not granted. All of these permissions must be granted: " +
string.Join(", ", permissionNames)
);
}
else
{
throw new AbpAuthorizationException(
"Required permissions are not granted. At least one of these permissions must be granted: " +
string.Join(", ", permissionNames)
);
}
}
/// <summary>
/// Checks if the target has any of the given permissions.
/// </summary>
/// <param name="permissionChecker">The permission checker.</param>
/// <param name="target">The target to check.</param>
/// <param name="permissions">The permissions to check.</param>
/// <returns>
/// <see cref="PermissionResult.Grant" /> if the target explicity has access to any of the given permissions,
/// <see cref="PermissionResult.Deny" /> if the target explicitly does not have access to any of the permissions;
/// otherwise, <see cref="PermissionResult.Default" />
/// </returns>
public static async Task <PermissionResult> CheckHasAnyPermissionAsync(this IPermissionChecker permissionChecker, IPermissionActor target, params string[] permissions)
{
foreach (string permission in permissions)
{
Console.WriteLine("Checking: " + permission);
PermissionResult result = await permissionChecker.CheckPermissionAsync(target, permission);
if (result == PermissionResult.Deny)
{
Console.WriteLine("Denied: " + permission);
return(PermissionResult.Deny);
}
if (result == PermissionResult.Grant)
{
Console.WriteLine("Granted: " + permission);
return(PermissionResult.Grant);
}
}
Console.WriteLine("Default: " + permissions);
return(PermissionResult.Default);
}
public AbpApplicationConfigurationAppService(
IOptions <AbpLocalizationOptions> localizationOptions,
IOptions <AbpMultiTenancyOptions> multiTenancyOptions,
IServiceProvider serviceProvider,
IAbpAuthorizationPolicyProvider abpAuthorizationPolicyProvider,
IPermissionDefinitionManager permissionDefinitionManager,
DefaultAuthorizationPolicyProvider defaultAuthorizationPolicyProvider,
IPermissionChecker permissionChecker,
IAuthorizationService authorizationService,
ICurrentUser currentUser,
ISettingProvider settingProvider,
ISettingDefinitionManager settingDefinitionManager,
IFeatureDefinitionManager featureDefinitionManager,
ILanguageProvider languageProvider,
ITimezoneProvider timezoneProvider,
IOptions <AbpClockOptions> abpClockOptions,
ICachedObjectExtensionsDtoService cachedObjectExtensionsDtoService,
IOptions <AbpApplicationConfigurationOptions> options)
{
_serviceProvider = serviceProvider;
_abpAuthorizationPolicyProvider = abpAuthorizationPolicyProvider;
_permissionDefinitionManager = permissionDefinitionManager;
_defaultAuthorizationPolicyProvider = defaultAuthorizationPolicyProvider;
_permissionChecker = permissionChecker;
_authorizationService = authorizationService;
_currentUser = currentUser;
_settingProvider = settingProvider;
_settingDefinitionManager = settingDefinitionManager;
_featureDefinitionManager = featureDefinitionManager;
_languageProvider = languageProvider;
_timezoneProvider = timezoneProvider;
_abpClockOptions = abpClockOptions.Value;
_cachedObjectExtensionsDtoService = cachedObjectExtensionsDtoService;
_options = options.Value;
_localizationOptions = localizationOptions.Value;
_multiTenancyOptions = multiTenancyOptions.Value;
}
/// <summary>
/// Authorizes current user for given permission or permissions,
/// throws <see cref="AbpAuthorizationException"/> if not authorized.
/// </summary>
/// <param name="permissionChecker">Permission checker</param>
/// <param name="requireAll">
/// If this is set to true, all of the <paramref name="permissionNames"/> must be granted.
/// If it's false, at least one of the <paramref name="permissionNames"/> must be granted.
/// </param>
/// <param name="permissionNames">Name of the permissions to authorize</param>
/// <exception cref="AbpAuthorizationException">Throws authorization exception if</exception>
public static void Authorize(this IPermissionChecker permissionChecker, bool requireAll, params string[] permissionNames)
{
if (IsGranted(permissionChecker, requireAll, permissionNames))
{
return;
}
var localizedPermissionNames = LocalizePermissionNames(permissionChecker, permissionNames);
if (requireAll)
{
throw new AbpAuthorizationException(
string.Format(
L(
permissionChecker,
"AllOfThesePermissionsMustBeGranted",
"Required permissions are not granted. All of these permissions must be granted: {0}"
),
string.Join(", ", localizedPermissionNames)
)
);
}
else
{
throw new AbpAuthorizationException(
string.Format(
L(
permissionChecker,
"AtLeastOneOfThesePermissionsMustBeGranted",
"Required permissions are not granted. At least one of these permissions must be granted: {0}"
),
string.Join(", ", localizedPermissionNames)
)
);
}
}
public BlogAppService(
IRepository <Article, long> articleRepository,
IRepository <ArticleComment, long> articleCommentRepository,
IRepository <ArticleTag, long> articleTagRepository,
IRepository <ArticleType> articleTypeRepository,
IRepository <BlogProposal> blogProposalRepository,
IRepository <FriendshipLink> blogFriendshipLinkRepository,
UserManager userManager,
ICacheManager cacheManager,
IClientInfoProvider clientInfoProvider,
IPermissionChecker permissionChecker)
{
_articleRepository = articleRepository;
_articleCommentRepository = articleCommentRepository;
_articleTagRepository = articleTagRepository;
_articleTypeRepository = articleTypeRepository;
_blogProposalRepository = blogProposalRepository;
_blogFriendshipLinkRepository = blogFriendshipLinkRepository;
_userManager = userManager;
_cacheManager = cacheManager;
_clientInfoProvider = clientInfoProvider;
_permissionChecker = permissionChecker;
AbpSession = NullAbpSession.Instance;
}
public static async Task AuthorizeAsync(this IPermissionChecker permissionChecker, IStringLocalizer stringLocalizer, string userId, bool requireAll, params string[] permissions)
{
if (await permissionChecker.IsGrantedAsync(userId, requireAll, permissions))
{
return;
}
var errorMessageStringBuilder = new StringBuilder();
// TODO: 本地化 permission 名称
if (requireAll)
{
errorMessageStringBuilder.AppendLine(stringLocalizer["SomePermissionDoNotExist"]);
}
else
{
errorMessageStringBuilder.AppendLine(stringLocalizer["WithoutAnyPermission"]);
}
foreach (var permission in permissions)
{
errorMessageStringBuilder.AppendLine(stringLocalizer[permission]);
}
throw new AuthorizationException(errorMessageStringBuilder.ToString());
}
public AuthorizeAttributeHelper()
{
ZbpSession = NullZbpSession.Instance;
PermissionChecker = NullPermissionChecker.Instance;
}
public static string[] LocalizePermissionNames(IPermissionChecker permissionChecker, string[] permissionNames)
{
if (!(permissionChecker is IIocManagerAccessor))
{
return permissionNames;
}
var iocManager = (permissionChecker as IIocManagerAccessor).IocManager;
using (var localizationContext = iocManager.ResolveAsDisposable<ILocalizationContext>())
{
using (var permissionManager = iocManager.ResolveAsDisposable<IPermissionManager>())
{
return permissionNames.Select(permissionName =>
{
var permission = permissionManager.Object.GetPermissionOrNull(permissionName);
return permission == null
? permissionName
: permission.DisplayName.Localize(localizationContext.Object);
}).ToArray();
}
}
}
/// <summary>
/// Creates a command.
/// </summary>
/// <param name="commandPaths">The command paths.</param>
/// <param name="displayName">The display name.</param>
/// <param name="ignoreCase">if set to <c>true</c> ignore the case the command.</param>
/// <param name="permissionCheckers">The permission checkers.</param>
/// <param name="method">The method.</param>
/// <param name="usageMessage">The usage message.</param>
/// <returns>The created command</returns>
protected override ICommand CreateCommand(CommandPath[] commandPaths, string displayName, bool ignoreCase,
IPermissionChecker[] permissionCheckers, MethodInfo method, string usageMessage)
{
return new MyCommand(commandPaths, displayName, ignoreCase, permissionCheckers, method, usageMessage);
}
public CommandBuilder AddCheck(IPermissionChecker check)
{
_checks.Add(check);
return this;
}
/// <summary>
/// Initializes a new instance of the <see cref="DefaultCommand" /> class.
/// </summary>
/// <param name="names">The names.</param>
/// <param name="displayName">The display name.</param>
/// <param name="ignoreCase">if set to <c>true</c> ignore the case of the command.</param>
/// <param name="permissionCheckers">The permission checkers.</param>
/// <param name="method">The method.</param>
/// <param name="usageMessage">The usage message.</param>
public MyCommand(CommandPath[] names, string displayName, bool ignoreCase,
IPermissionChecker[] permissionCheckers, MethodInfo method, string usageMessage)
: base(names, displayName, ignoreCase, permissionCheckers, method, usageMessage)
{
}
/// <summary>
/// Sends the permission denied message for the specified permission checker.
/// </summary>
/// <param name="permissionChecker">The permission checker.</param>
/// <param name="player">The player.</param>
/// <returns>true on success; false otherwise.</returns>
protected virtual bool SendPermissionDeniedMessage(IPermissionChecker permissionChecker, BasePlayer player)
{
if (permissionChecker == null) throw new ArgumentNullException(nameof(permissionChecker));
if (player == null) throw new ArgumentNullException(nameof(player));
if (permissionChecker.Message == null)
return false;
player.SendClientMessage(permissionChecker.Message);
return true;
}
internal void SetChecks(IPermissionChecker[] checks)
{
_checks = checks;
}
public GridItemController(IGridRepository db, IPermissionChecker userDb)
{
this.db = db;
this.userDb = userDb;
}
public InputFileValidator(IFileChecker fileChecker, ITextFileChecker textFileChecker, IPermissionChecker permissionChecker)
{
_fileChecker = fileChecker;
_textFileChecker = textFileChecker;
_permissionsChecker = permissionChecker;
}
public CoordController(IItemRepository db, IPermissionChecker userDb)
{
this.db = db;
this.userDb = userDb;
}
public UserNavigationManager(INavigationManager navigationManager)
{
_navigationManager = navigationManager;
PermissionChecker = NullPermissionChecker.Instance;
}
public AuthController(IUserRepository db, IPermissionChecker checker)
{
this.db = db;
this.checker = checker;
}
public PermissionDependencyContext(IIocResolver iocResolver)
{
IocResolver = iocResolver;
PermissionChecker = NullPermissionChecker.Instance;
}
public UserNavigationManager(INavigationManager navigationManager, IFeatureDependencyContext featureDependencyContext)
{
_navigationManager = navigationManager;
_featureDependencyContext = featureDependencyContext;
PermissionChecker = NullPermissionChecker.Instance;
}
public void AddCheck(IPermissionChecker checker)
{
_checks.Add(checker);
}
public NoteController(INoteRepository db, IPermissionChecker userDb)
{
this.db = db;
this.userDb = userDb;
}
public static string L(IPermissionChecker permissionChecker, string name, string defaultValue)
{
if (!(permissionChecker is IIocManagerAccessor))
{
return defaultValue;
}
using (var localizationManager = (permissionChecker as IIocManagerAccessor).IocManager.ResolveAsDisposable<ILocalizationManager>())
{
return localizationManager.Object.GetString(AbpConsts.LocalizationSourceName, name);
}
}
