public string[] GetAuthInfo()
{
IServiceProvider provider = HttpContext.RequestServices;
IModuleHandler moduleHandler = provider.GetRequiredService <IModuleHandler>();
IFunctionAuthorization functionAuthorization = provider.GetService <IFunctionAuthorization>();
ModuleInfo[] moduleInfos = moduleHandler.ModuleInfos;
//先查找出所有有权限的模块
List <ModuleInfo> authModules = new List <ModuleInfo>();
foreach (ModuleInfo moduleInfo in moduleInfos)
{
bool hasAuth = moduleInfo.DependOnFunctions.All(m => functionAuthorization.Authorize(m, User).IsOk);
if (moduleInfo.DependOnFunctions.Length == 0 || hasAuth)
{
authModules.Add(moduleInfo);
}
}
List <string> codes = new List <string>();
foreach (ModuleInfo moduleInfo in authModules)
{
string fullCode = moduleInfo.FullCode;
//模块下边有功能,或者拥有子模块
if (moduleInfo.DependOnFunctions.Length > 0 ||
authModules.Any(m => m.FullCode.Length > fullCode.Length && m.FullCode.Contains(fullCode) && m.DependOnFunctions.Length > 0))
{
codes.AddIfNotExist(fullCode);
}
}
return(codes.ToArray());
}
/// <summary>
/// 重写以实现功能权限的核心验证逻辑
/// </summary>
/// <param name="context">权限过滤器上下文</param>
/// <param name="function">要验证的功能</param>
/// <returns>权限验证结果</returns>
protected virtual AuthorizationResult AuthorizeCore(AuthorizationHandlerContext context, IFunction function)
{
ClaimsPrincipal user = context.User;
AuthorizationResult result = _functionAuthorization.Authorize(function, user);
return(result);
}
/// <summary>
/// 重写以实现功能权限的核心验证逻辑
/// </summary>
/// <param name="context">权限过滤器上下文</param>
/// <param name="function">要验证的功能</param>
/// <returns>权限验证结果</returns>
protected virtual AuthorizationResult AuthorizeCore(AuthorizationFilterContext context, IFunction function)
{
IPrincipal user = context.HttpContext.User;
IServiceProvider provider = context.HttpContext.RequestServices;
IFunctionAuthorization authorization = provider.GetService<IFunctionAuthorization>();
AuthorizationResult result = authorization.Authorize(function, user);
return result;
}
/// <summary>
/// 检测当前用户是否拥有指定URL的功能权限
/// </summary>
public static bool CheckFunctionAuth(this ControllerBase controller, string url)
{
IFunction function = controller.GetFunction(url);
if (function == null)
{
return(false);
}
IFunctionAuthorization authorization = controller.HttpContext.RequestServices.GetService <IFunctionAuthorization>();
return(authorization.Authorize(function, controller.User).IsOk);
}
/// <summary>
/// 检测当前用户是否有指定功能的功能权限
/// </summary>
public static bool CheckFunctionAuth(this ControllerBase controller, string actionName, string controllerName, string areaName = null)
{
IServiceProvider provider = controller.HttpContext.RequestServices;
IFunctionHandler functionHandler = provider.GetService <IFunctionHandler>();
IFunction function = functionHandler?.GetFunction(areaName, controllerName, actionName);
if (function == null)
{
return(false);
}
IFunctionAuthorization authorization = provider.GetService <IFunctionAuthorization>();
return(authorization.Authorize(function, controller.User).IsOk);
}
/// <summary>
/// 验证是否拥有指定模块的权限
/// </summary>
/// <param name="module">要验证的模块</param>
/// <param name="empty">返回模块是否为空模块,即是否分配有功能</param>
/// <returns></returns>
private bool CheckFuncAuth(Module module, out bool empty)
{
IServiceProvider services = HttpContext.RequestServices;
IFunctionAuthorization authorization = services.GetRequiredService <IFunctionAuthorization>();
Function[] functions = _securityManager.ModuleFunctions.Where(m => m.ModuleId == module.Id).Select(m => m.Function).ToArray();
empty = functions.Length == 0;
if (empty)
{
return(true);
}
foreach (Function function in functions)
{
if (!authorization.Authorize(function, User).IsOk)
{
return(false);
}
}
return(true);
}
