Exemple #1
0
        /// <summary>
        ///     Authorizes current user for given permission or permissions,
        ///     throws <see cref="AbpAuthorizationException" /> if not authorized.
        /// </summary>
        /// <typeparam name="TUserId">The type of UserId</typeparam>
        /// <typeparam name="TTenantId">The type of TenantId</typeparam>
        /// <param name="permissionChecker">Permission checker</param>
        /// <param name="abpAuthorizeAttribute">Abp authorization attributes.</param>
        /// <returns></returns>
        public static async Task AuthorizeAsync <TTenantId, TUserId>(
            this IPermissionChecker <TTenantId, TUserId> permissionChecker,
            IAbpAuthorizeAttribute abpAuthorizeAttribute)
            where TTenantId : struct
            where TUserId : struct
        {
            var moduleCode  = abpAuthorizeAttribute.ModuleCode;
            var permissions = abpAuthorizeAttribute.Permissions;
            var requireAll  = abpAuthorizeAttribute.RequireAllPermissions;

            if (permissions.IsNullOrEmpty())
            {
                return;
            }

            if (string.IsNullOrEmpty(moduleCode))
            {
                await permissionChecker.AuthorizeAsync(requireAll, permissions);

                return;
            }

            if (requireAll)
            {
                foreach (var permissionName in permissions)
                {
                    if (!(await permissionChecker.IsGrantedAsync(moduleCode, permissionName)))
                    {
                        throw new AbpAuthorizationException(
                                  "Required permissions of " + moduleCode +
                                  " are not granted. All of these permissions must be granted: " +
                                  string.Join(", ", permissions)
                                  );
                    }
                }
            }
            else
            {
                foreach (var permissionName in permissions)
                {
                    if (await permissionChecker.IsGrantedAsync(moduleCode, permissionName))
                    {
                        return;
                    }
                }

                throw new AbpAuthorizationException(
                          "Required permissions of " + moduleCode +
                          " are not granted. At least one of these permissions must be granted: " +
                          string.Join(", ", permissions)
                          );
            }
        }