/// <summary>
/// 验证权限,
/// 每个Action都必须加上PermissionAuthroize的描述,
/// 且必须为Operate,Module给值,
/// 然后如果参数中存在ViewModel,则取Id作为数据权限验证的唯一标识
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public virtual async Task <bool> Authorize(AuthorizationContext context)
{
var descriptor = context.ActionDescriptor as ControllerActionDescriptor;
var attributes = descriptor.MethodInfo.CustomAttributes;
var permissionAuthorize = attributes.Where(p => p.AttributeType == typeof(PermissionAuthroizeAttribute)).FirstOrDefault();
if (permissionAuthorize != null)
{
var operate = "";
var module = "";
foreach (var arg in permissionAuthorize.NamedArguments)
{
if (arg.MemberName == nameof(PermissionAuthroizeAttribute.Operate))
{
operate = arg.TypedValue.Value.ToString();
}
else if (arg.MemberName == nameof(PermissionAuthroizeAttribute.Module))
{
module = arg.TypedValue.Value.ToString();
}
}
var parameters = descriptor.Parameters;
var rightContext = new RightAuthorizeContext(context, module, operate, parameters);
return(await FrameworkConfig.IocConfig.Resolve <RightAuthorize>().AuthorizeAsync(rightContext));
}
return(true);
}
public async Task <bool> AuthorizeAsync(RightAuthorizeContext context)
{
if (string.IsNullOrWhiteSpace(context.ModuleKey))
{
throw new ArgumentNullException(nameof(context.ModuleKey));
}
if (string.IsNullOrWhiteSpace(context.Operate))
{
throw new ArgumentNullException(nameof(context.Operate));
}
RightAuthorizeResult result = null;
foreach (var handler in Handlers.OrderBy(p => p.Option.Order))
{
result = await handler.AuthorizeAsync(context);
if (result.Failed != null)
{
return(false);
}
}
return(true);
}
public override async Task <RightAuthorizeResult> Authorize(RightAuthorizeContext context)
{
string userId = "", username = "";
var user = context.HttpContext.User;
foreach (var identity in user.Identities)
{
if (identity.IsAuthenticated && identity.AuthenticationType == Const.AUTHORIZE_TYPE)
{
foreach (var item in identity.Claims)
{
if (item.Type == Const.AUTHORIZE_NAME_IDENTITY_SCHEME)
{
userId = item.Value;
}
else if (item.Type == Const.AUTHORIZE_NAME_SCHEME)
{
username = item.Value;
}
}
}
}
if (string.IsNullOrWhiteSpace(userId) || string.IsNullOrWhiteSpace(username))
{
throw new InvalidOperationException(Resources.EXCEPTION_USER_NOT_FOUND);
}
var userService = FrameworkConfig.IocConfig.Resolve <UserService>();
var userInfo = await userService.FindUserById(userId);
throw new Exception();
}
public async Task<RightAuthorizeResult> AuthorizeAsync(RightAuthorizeContext context)
{
var loggerFactory = context.HttpContext.ApplicationServices.GetService<ILoggerFactory>();
var logger = loggerFactory.CreateLogger(nameof(RightHandler<TOption>.AuthorizeAsync));
var result = RightAuthorizeResult.Skip();
if (Option.Scheme == RightOption.AUTOMIC_SCHEME || Option.Scheme.Split(',').Contains(context.ModuleKey))
{
result = await Authorize(context);
if (result.Successed)
{
logger.LogVerbose($"scheme is {context.ModuleKey} Right Authorization Success");
await AuthorizeSuccess(context);
}
else if (result.Failed != null)
{
logger.LogVerbose($"scheme is {context.ModuleKey} Right Authorization Failed");
await AuthorizeFail(context, result.Failed);
}
else
{
logger.LogVerbose($"scheme is {context.ModuleKey} Right Authorization Skip");
}
}
return result;
}
public virtual Task AuthorizeFail(RightAuthorizeContext context, Exception ex)
{
context.HttpContext.Response.StatusCode = 401;
return Task.FromResult<object>(null);
}
public virtual Task AuthorizeSuccess(RightAuthorizeContext context) => Task.FromResult<object>(null);
public abstract Task<RightAuthorizeResult> Authorize(RightAuthorizeContext context);
