public static PermissionCheckContext CreatePermissionCheckContext(string permissionIdsValue, string user, params string[] roles) { var context = new PermissionCheckContext(null, null, CreateUserContext(user, roles), null); context.AddCheckPermissionIdsValue(permissionIdsValue); return(context); }
public Task<PermissionCheckResult> CheckPermissionAsync(PermissionCheckContext permissionCheckContext) { if (Allowed) { //根据演示flag放行 return PermissionCheckResult.Allowed.WithSource(nameof(DemoBasedLogic)).AsTask(); } return PermissionCheckResult.Forbidden.WithSource(nameof(DemoBasedLogic)).AsTask(); }
public Task <bool> ShouldCareAsync(PermissionCheckContext checkContext) { var needCheckPermissionIds = checkContext.NeedCheckPermissionIds.ToArray(); var roleBasedRules = checkContext.ControlPointRegistry.RoleBasedRules; MatchedRules = roleBasedRules.GetRoleBasedRules(needCheckPermissionIds); var hasIt = MatchedRules.Count > 0; return(hasIt.AsTask()); }
private PermissionCheckContext CreatePermissionCheckContext(AuthorizationHandlerContext context, HttpContext httpContext, ActionDescriptor actionDescriptor, IEnumerable <string> permissionIds, PermissionCheckRequirement requirement) { var permissionCheckContext = new PermissionCheckContext(actionDescriptor, httpContext, _currentUserContext, requirement); permissionCheckContext.AddCheckPermissionIds(permissionIds?.ToArray()); return(permissionCheckContext); }
public PermissionCheckResult Check(RoleBasedPermissionRule rule, PermissionCheckContext checkContext) { //todo: allowed super do any thing! if (rule == null) { return(PermissionCheckResult.Allowed.WithMessage("没有定义规则 => 放行")); } if (checkContext.CheckPermissionIds == null || checkContext.CheckPermissionIds.Count == 0) { return(PermissionCheckResult.Allowed.WithMessage("没有指定需要检测的PermissionId => 放行")); } if (!checkContext.MatchPermissionId(rule.PermissionId)) { return(PermissionCheckResult.NotSure .WithMessage($"规则不匹配 => 无法判断: {rule.PermissionId} ? [{string.Join(',', checkContext.CheckPermissionIds)}]") .WithData(rule.PermissionId)); } var userContext = checkContext.CurrentUserContext; if (rule.NeedGuest()) { return(PermissionCheckResult.Allowed.WithMessage("访客规则 => 满足").WithData(rule.PermissionId)); } var hasLogin = userContext.IsLogin(); if (!hasLogin) { return(PermissionCheckResult.Forbidden.WithMessage("需要登录 => 不满足").WithData(rule.PermissionId)); } if (rule.NeedLogin()) { return(PermissionCheckResult.Allowed.WithMessage("需要登录 => 满足").WithData(rule.PermissionId)); } var msg = $"指定用户或角色: ctx:[{userContext.User}],[{userContext.Roles.MyJoin()}] + rule:[{rule.AllowedUsers}],[{rule.AllowedRoles}]"; if (rule.NeedUsersOrRoles(userContext.User, userContext.Roles.MyJoin())) { return(PermissionCheckResult.Allowed.WithMessage(msg + " => 满足").WithData(rule.PermissionId)); } return(PermissionCheckResult.Forbidden.WithMessage(msg + " => 不满足").WithData(rule.PermissionId)); }
private async Task <PermissionCheckResult> RunCheckAsync(HttpContext httpContext, string endPointId, PermissionCheckRequirement requirement) { var permissionIds = _controlPointService.GetCurrentEndPointPermissionIds(httpContext, endPointId)?.ToArray(); //- 非注册的控制点 => Allowed //- 注册的控制点,使用投票服务(PermissionCheckVoteService)计算结果 if (permissionIds == null || permissionIds.Length == 0) { return(PermissionCheckResult.Allowed.WithMessage("非注册的控制点,放行").WithTarget(endPointId)); //return PermissionCheckResult.NotSure.WithMessage("非注册的控制点,不置可否"); } var userContext = httpContext.GetCurrentUserContext(); var registry = httpContext.RequestServices.GetService <ControlPointRegistry>(); var checkContext = PermissionCheckContext.Create(registry, userContext, requirement, permissionIds); var checkResult = await _permissionCheckService.CheckAsync(checkContext); return(checkResult.WithTarget(endPointId)); }
private static async Task <string> TryGetCurrentOrgId(PermissionCheckContext permissionCheckContext) { //or read currentOrgId from other context var httpContext = permissionCheckContext.HttpContext; if (httpContext.Request.Query.TryGetValue("orgId", out var currentOrgId)) { return(currentOrgId); } var form = await httpContext.Request.ReadFormAsync(); if (form.TryGetValue("orgId", out currentOrgId)) { return(currentOrgId); } //or read currentOrgId from other context return(null); }
private static PermissionCheckResult CheckRoleBasedRule(this PermissionCheckContext checkContext, RoleBasedRule rule) { if (!checkContext.MatchPermissionId(rule.PermissionId)) { return(PermissionCheckResult.NotSure .WithMessage($"规则中没有发现匹配的规则: {rule.PermissionId} not found in [{string.Join(',', checkContext.NeedCheckPermissionIds)}] ") .WithData(rule.PermissionId)); } var ruleExpression = rule.ToExpression(); var userContext = checkContext.UserContext; var msg = $"userContext:[{userContext.User}],[{userContext.Roles.JoinToOneValue()}] ? rule:[{rule.Rule}]"; if (ruleExpression.ValidateNeedGuest()) { return(PermissionCheckResult.Allowed.WithMessage("访客规则 => 满足 " + msg).WithData(rule.PermissionId)); } var hasLogin = userContext.IsLogin(); if (!hasLogin) { return(PermissionCheckResult.Forbidden.WithMessage("需要登录 => 不满足 " + msg).WithData(rule.PermissionId)); } if (ruleExpression.ValidateNeedLogin()) { return(PermissionCheckResult.Allowed.WithMessage("需要登录 => 满足 " + msg).WithData(rule.PermissionId)); } if (ruleExpression.ValidateNeedAnyOfUsersOrRoles(userContext.User, userContext.Roles.JoinToOneValue())) { return(PermissionCheckResult.Allowed.WithMessage("满足 " + msg).WithData(rule.PermissionId)); } return(PermissionCheckResult.Forbidden.WithMessage("不满足 " + msg).WithData(rule.PermissionId)); }
public Task<bool> ShouldCareAsync(PermissionCheckContext permissionCheckContext) { return permissionCheckContext.MatchPermissionId(DemoConst.PermissionIds.DemoBasedOp).AsTask(); }
public Task <PermissionCheckResult> CheckPermissionAsync(PermissionCheckContext permissionCheckContext) { var checkResult = permissionCheckContext.CheckRoleBasedRules(MatchedRules.ToArray()); return(checkResult.AsTask()); }
public Task <PermissionCheckResult> CheckPermissionAsync(ICurrentUserContext userContext, PermissionCheckContext permissionCheckContext) { //此示例演示基于自身Claims,来完成判断逻辑的场景。 var msg = "需要授权: " + KnownPermissionIds.DemoOp; if (userContext.Permissions.MyContains(KnownPermissionIds.DemoOp)) { var allowedCheckResult = PermissionCheckResult.Allowed .WithMessage(msg) .WithData(KnownPermissionIds.DemoOp); _debugHelper.AppendPermissionCheckResults(allowedCheckResult); _logger.LogInformation(allowedCheckResult.Message); return(Task.FromResult(allowedCheckResult)); } var forbiddenResult = PermissionCheckResult.Forbidden .WithMessage(msg) .WithData(KnownPermissionIds.DemoOp); _debugHelper.AppendPermissionCheckResults(forbiddenResult); _logger.LogInformation(forbiddenResult.Message); return(Task.FromResult(forbiddenResult)); }
public Task <bool> ShouldCareAsync(ICurrentUserContext userContext, PermissionCheckContext permissionCheckContext) { //按需决定是否需要参与 return(Task.FromResult(permissionCheckContext.MatchPermissionId(KnownPermissionIds.DemoOp))); }
public static IList <PermissionCheckResult> CheckRules(this IRoleBasedCheckLogic logic, IEnumerable <RoleBasedPermissionRule> rules, PermissionCheckContext checkContext) { if (rules == null) { return(new List <PermissionCheckResult>() { PermissionCheckResult.NotSure }); } var checkResults = rules.Select(x => logic.Check(x, checkContext)).ToList(); return(checkResults); }
public static PermissionCheckResult CheckRulesAsOne(this IRoleBasedCheckLogic logic, IEnumerable <RoleBasedPermissionRule> rules, PermissionCheckContext checkContext) { return(logic.CheckRules(rules, checkContext).Combine()); }
public async Task <PermissionCheckResult> CheckPermissionAsync(ICurrentUserContext userContext, PermissionCheckContext permissionCheckContext) { //此示例演示基于额外的请求上下文,来完成判断逻辑的场景。例如Query,Form, Cookie等 if (userContext == null) { throw new ArgumentNullException(nameof(userContext)); } if (permissionCheckContext == null) { throw new ArgumentNullException(nameof(permissionCheckContext)); } //todo: read current user's allowed scoped from database or somewhere else var scopeOrgIds = new List <string>() { "123", "789" }; var currentOrgId = await TryGetCurrentOrgId(permissionCheckContext); if (scopeOrgIds.MyContains(currentOrgId)) { var permissionCheckResult = PermissionCheckResult.Allowed.WithMessage("当前组织已授权: " + currentOrgId); _debugHelper.AppendPermissionCheckResults(permissionCheckResult); _logger.LogInformation(permissionCheckResult.Message); return(permissionCheckResult); } var permissionCheckResult2 = PermissionCheckResult.Forbidden.WithMessage("当前组织没有授权: " + currentOrgId); _debugHelper.AppendPermissionCheckResults(permissionCheckResult2); _logger.LogInformation(permissionCheckResult2.Message); return(permissionCheckResult2); }
public static PermissionCheckResult CheckRoleBasedRules(this PermissionCheckContext checkContext, params RoleBasedRule[] roleBasedRules) { var result = roleBasedRules.Select(checkContext.CheckRoleBasedRule).Combine(); return(result); }