public async Task <PaginationResult <PermissionSummary> > GetPermissionsAsync(PermissionOptions options) { var itemCount = await _permissionRepository.GetCountAsync(); var result = new PaginationResult <PermissionSummary>(options, itemCount); if (itemCount == 0) { return(result); } var permissions = await _permissionRepository.GetPermissionsAsync(result.Offset, result.Limit); result.Items = permissions .Select(x => new PermissionSummary { Id = x.Id, Code = x.Code, Name = x.Name, IsEnabled = x.IsEnabled, }) .ToList(); return(result); }
public MainSettingsSection(IWebDriver driver, Navigator navigator) : base(driver, navigator) { AddSection = new PermissionOptions(driver, navigator, "add"); EditSection = new PermissionOptions(driver, navigator, "edit"); DeleteSection = new PermissionOptions(driver, navigator, "delete"); }
public static IServiceCollection AddPermission(this IServiceCollection services, Action <PermissionOptions> optionAction) { if (services == null) { throw new ArgumentNullException(nameof(services)); } if (optionAction == null) { throw new ArgumentNullException(nameof(optionAction)); } var options = new PermissionOptions(); optionAction.Invoke(options); foreach (var extension in options.Extensions) { extension.AddServices(services); } services.AddScoped <IPermissionHandler, DefaultPermissionHandler>(); services.AddSingleton <IPermissionRoleProvider, DefaultPermissionRoleProvider>(); services.AddMemoryCache(); services.AddHostedService <PermissionBackgroundService>(); return(services); }
public override async Task <PaginatePermissionsResponse> PaginatePermissions(PaginatePermissionsRequest request, ServerCallContext context) { var options = new PermissionOptions { PageIndex = request.PageIndex, PageSize = request.PageSize, }; var permissions = await _authorizationApp.GetPermissionsAsync(options); var items = permissions.Items.Select(x => new PaginatePermissionsResponse.Types.Permission { Id = x.Id, Code = x.Code, Name = x.Name, IsEnabled = x.IsEnabled, }); var result = new PaginatePermissionsResponse { PageIndex = permissions.PageIndex, PageSize = permissions.PageSize, ItemCount = permissions.ItemCount, }; result.Items.AddRange(items); return(result); }
/// <summary> /// 加载权限配置 /// </summary> /// <param name="options">Identity配置</param> /// <param name="permissionOptions">权限配置</param> public static void Load(this IdentityOptions options, PermissionOptions permissionOptions) { if (options == null || permissionOptions == null) { return; } LoadPassword(options, permissionOptions); LoadUser(options, permissionOptions); }
/// <summary> /// 加载密码配置 /// </summary> private static void LoadPassword(IdentityOptions options, PermissionOptions permissionOptions) { options.Password.RequiredLength = permissionOptions.Password.MinLength; options.Password.RequireNonAlphanumeric = permissionOptions.Password.NonAlphanumeric; options.Password.RequireUppercase = permissionOptions.Password.Uppercase; options.Password.RequireLowercase = false; options.Password.RequireDigit = permissionOptions.Password.Digit; options.Password.RequiredUniqueChars = permissionOptions.Password.UniqueChars; }
public PermissionDefinitionManager( IOptions <PermissionOptions> options, IServiceProvider serviceProvider) { Options = options.Value; _serviceProvider = serviceProvider; _lazyPermissionDefinitions = new Lazy <Dictionary <string, PermissionDefinition> >(CreatePermissionDefinitions, true); _lazyPermissionGroupDefinitions = new Lazy <Dictionary <string, PermissionGroupDefinition> >(CreatePermissionGroupDefinitions, true); }
public AuthorizationHelper(IAuthorizationService authorizationService, IUsersApiClient usersClient, ILogger logger, IOptions <PermissionOptions> permissionOptions) { Guard.ArgumentNotNull(authorizationService, nameof(authorizationService)); Guard.ArgumentNotNull(usersClient, nameof(usersClient)); Guard.ArgumentNotNull(logger, nameof(logger)); Guard.ArgumentNotNull(permissionOptions, nameof(permissionOptions)); _authorizationService = authorizationService; _usersClient = usersClient; _logger = logger; _permissionOptions = permissionOptions.Value; }
public PermissionChecker( IOptions <PermissionOptions> options, IServiceProvider serviceProvider, ICurrentPrincipalAccessor principalAccessor, IPermissionDefinitionManager permissionDefinitionManager) { PrincipalAccessor = principalAccessor; PermissionDefinitionManager = permissionDefinitionManager; Options = options.Value; _lazyProviders = new Lazy <List <IPermissionValueProvider> >(() => Options.ValueProviders .Select(c => serviceProvider.GetRequiredService(c) as IPermissionValueProvider) .ToList(), true); }
/// <summary> /// 添加权限服务 /// </summary> /// <param name="services">服务集合</param> /// <param name="setupAction">配置操作</param> public static IServiceCollection AddPermission(this IServiceCollection services, Action <PermissionOptions> setupAction = null) { var permissionOptions = new PermissionOptions(); setupAction?.Invoke(permissionOptions); services.AddScoped <IdentityUserManager>(); services.AddScoped <IdentitySignInManager>(); services.AddIdentity <User, Role>(options => options.Load(permissionOptions)) .AddUserStore <UserRepository>() .AddRoleStore <RoleRepository>() .AddDefaultTokenProviders(); services.AddScoped <IdentityErrorDescriber, IdentityErrorChineseDescriber>(); services.AddLogging(); return(services); }
public PermissionManager( IServiceProvider provider, ICacheClient cache, IDiscordClient client, ILogger <PermissionManager> logger, IOptions <PermissionOptions> options, ICommandManager commandManager) { _provider = provider; _cache = cache; _client = client; _logger = logger; _options = options.Value; Permissions = commandManager.Commands.Select(c => c.Permission).Distinct().ToList(); _defaultPermissions = commandManager.Commands .GroupBy(c => c.PermissionGroup) .ToDictionary( g => g.Key, g => g.Select(c => new Permission(c.Permission, true)).Cast <IPermission>().ToList() ); }
/// <summary> /// 加载存储配置 /// </summary> /// <param name="options">Identity配置</param> /// <param name="permissionOptions">权限配置</param> private static void LoadStore(IdentityOptions options, PermissionOptions permissionOptions) { options.Stores.MaxLengthForKeys = permissionOptions.Store.MaxLengthForKeys; options.Stores.ProtectPersonalData = permissionOptions.Store.ProtectPersonalData; }
/// <summary> /// 加载存储配置 /// </summary> private static void LoadStore(IdentityOptions options, PermissionOptions permissionOptions) { options.Stores.MaxLengthForKeys = permissionOptions.Store.MaxLengthForKeys; }
/// <summary> /// 加载用户配置 /// </summary> private static void LoadUser(IdentityOptions options, PermissionOptions permissionOptions) { options.User.AllowedUserNameCharacters = permissionOptions.User.UserNameCharacters; options.User.RequireUniqueEmail = permissionOptions.User.UniqueEmail; }
public static PermissionOptions AddPostgreSql(this PermissionOptions options, Action <PermissionPostgreSqlOptions> actionOptions) { options.AddExtensions(new PostgreSqlOptionsExtensions(actionOptions)); return(options); }
public DefaultPermission(IPermissionStore permissionStore, IOptionsMonitor <PermissionOptions> permissionOptions) : base(permissionStore) { PermissionOptions = permissionOptions.CurrentValue ?? new PermissionOptions(); }
/// <summary> /// 加载登录锁定配置 /// </summary> private static void LoadLockout(IdentityOptions options, PermissionOptions permissionOptions) { options.Lockout.AllowedForNewUsers = permissionOptions.Lockout.AllowedForNewUsers; options.Lockout.DefaultLockoutTimeSpan = permissionOptions.Lockout.LockoutTimeSpan; options.Lockout.MaxFailedAccessAttempts = permissionOptions.Lockout.MaxFailedAccessAttempts; }
/// <summary> /// 加载登录配置 /// </summary> private static void LoadSignIn(IdentityOptions options, PermissionOptions permissionOptions) { options.SignIn.RequireConfirmedEmail = permissionOptions.SignIn.ConfirmedEmail; options.SignIn.RequireConfirmedPhoneNumber = permissionOptions.SignIn.ConfirmedPhoneNumber; }
public Token(IMemoryCache cache, IOptionsMonitor <PermissionOptions> optionsMonitor) { _cache = cache; _options = optionsMonitor?.CurrentValue ?? new PermissionOptions(); }
/// <summary> /// 权限控制核心,即必须的配置 /// </summary> /// <param name="services"></param> /// <param name="action"></param> public static void AddCorePermission(this IServiceCollection services, Action <PermissionOptions> action) { services.AddSingleton <IToken, Token>(); #region 身份验证 var permissionOption = new PermissionOptions(); action(permissionOption); //addAuthentication不放到AddPermissionCore方法里,是为了外部可自己配置 // 当未通过authenticate时(如无token或是token出错时),会返回401,当通过了authenticate但没通过authorize时,会返回403。 services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme) .AddCookie( CookieAuthenticationDefaults.AuthenticationScheme, options => { //下面的委托方法只会在第一次cookie验证时调用,调用时会用到上面的permissionOption变量,但其实permissionOption变量是在以前已经初始化的,所以在此方法调用之前,permissionOption变量不会被释放 options.Cookie.Name = "auth"; options.AccessDeniedPath = permissionOption.AccessDeniedPath; // 当403时,返回到无授权界面 options.LoginPath = permissionOption.LoginPath; // 当401时,返回到登录界面,会自动在url后加上returnUrl=xxx options.ExpireTimeSpan = permissionOption.ExpireTimeSpan != default ? permissionOption.ExpireTimeSpan : new TimeSpan(12, 0, 0); options.ForwardDefaultSelector = context => { string authorization = context.Request.Headers["Authorization"]; //身份验证的顺序为jwt、cookie if (authorization != null && authorization.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase)) { return(JwtBearerDefaults.AuthenticationScheme); } else { return(CookieAuthenticationDefaults.AuthenticationScheme); } }; var cookieAuthenticationEvents = new CookieAuthenticationEvents { OnSignedIn = context => { return(Task.CompletedTask); }, OnSigningOut = context => { return(Task.CompletedTask); } }; options.Events = cookieAuthenticationEvents; }) .AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options => { // jwt可用对称和非对称算法进行验签 SecurityKey key; if (permissionOption.IsAsymmetric) { key = new RsaSecurityKey(RSAHelper.GetRSAParametersFromFromPublicPem(permissionOption.RsaPublicKey)); } else { key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(permissionOption.SymmetricSecurityKey)); } options.TokenValidationParameters = new TokenValidationParameters() { NameClaimType = PermissionConstant.userIdClaim, RoleClaimType = PermissionConstant.roleIdsClaim, ValidIssuer = permissionOption.Issuer, ValidAudience = permissionOption.Audience, IssuerSigningKey = key, ValidateIssuer = false, ValidateAudience = false }; var jwtBearerEvents = new JwtBearerEvents { OnMessageReceived = context => { return(Task.CompletedTask); }, OnTokenValidated = context => { return(Task.CompletedTask); }, OnAuthenticationFailed = context => { return(Task.CompletedTask); } }; options.Events = jwtBearerEvents; }); #endregion #region 授权 //权限控制只要在配置IServiceCollection,不需要额外配置app管道 //权限控制参考:https://docs.microsoft.com/en-us/aspnet/core/security/authorization/policies?view=aspnetcore-2.2 //handler和requirement有几种关系:1 handler对多requirement(此时handler实现IAuthorizationHandler);1对1(实现AuthorizationHandler<PermissionRequirement>),和多对1 //所有的handler都要注入到services,用services.AddSingleton<IAuthorizationHandler, xxxHandler>(),而哪个requirement用哪个handler,低层会自动匹配。最后将requirement对到policy里即可 services.AddAuthorization(options => { // 增加鉴权策略,并告知这个策略要判断用户是否获得了PermissionRequirement这个Requirement options.AddPolicy(PermissionConstant.PermissionAuthorizePolicy, policyBuilder => { policyBuilder.AddRequirements(new PermissionRequirement()); }); //options.AddPolicy(PermissionConstant.OnlyAuthenticationPolicy, policyBuilder => // { // policyBuilder.AddRequirements(new OnlyAuthenticationRequirement()); // }); }); services.AddScoped <IAuthorizationHandler, PermissionRequirementHandler>(); services.AddMemoryCache(); services.TryAddScoped <IApplicationContext, ApplicationContext>(); services.AddHttpContextAccessor(); services.Configure(action); #endregion }
public static PermissionOptions AddInMemory(this PermissionOptions options) { options.AddExtensions(new InMemoryOptionsExtensions()); return(options); }