public void Decide(IPrincipalToken principal, object cntext) { if (!principal.GetGrandedPermission().Contains(cntext as PermissionInfo)) { AccessException ex = new AccessException("无权限") { CheckObject = cntext }; throw ex; } }
/// <summary> /// 在页面的指定事件中添加事件哨兵进行权限检查 /// </summary> public override void Decide(IPrincipalToken principal, object check, out bool result, bool throwException = true) { result = true; bool r = result; Page page = check as Page; if (page == null) return; page.PreLoad += (sender, e) => { try { IEnumerable<PermissionPoint> eventPoint = site.GetPoints(page, p => { if (!p.Action.Equals(ControlPermissionInfo.VISIABLE_PERMISSION_NAME)) return true; return false; }); foreach (ControlPermissionPoint point in eventPoint) { Control c = ASPNetPageCrystalWallSite.FindControlInContainer(page, point.Name); EventInfo eventInfo = c.GetType().GetEvent(point.EventName, BindingFlags.Instance | BindingFlags.Public | BindingFlags.NonPublic); //加入权限检查事件 EventHandler deciderMethod = (s, ee) => { base.Decide(principal, new ControlEventContextObject(point.Name, point, c, point.EventName), out r, throwException); }; //无法动态创建委托! //Delegate d = Delegate.CreateDelegate(eventInfo.EventHandlerType, deciderMethod.Method); //获取控件中的指定事件对象。无法获取,.NET反射行为非常不一致!(只能通过Events列表属性获取) //Delegate eventObject = (Delegate)eventInfo.DeclaringType.GetField(eventInfo.Name, BindingFlags.NonPublic | BindingFlags.Instance | BindingFlags.Public | BindingFlags.Static).GetValue(c); EventHandlerList eventHandlerList = (EventHandlerList)c.GetType().GetProperty("Events", BindingFlags.NonPublic | BindingFlags.Instance | BindingFlags.Public | BindingFlags.Static).GetValue(c, null); object eventkey = c.GetType().GetField("Event" + eventInfo.Name, BindingFlags.NonPublic | BindingFlags.Instance | BindingFlags.Public | BindingFlags.Static).GetValue(c); Delegate eventObject = eventHandlerList[eventkey]; if (eventObject == null || eventObject.GetInvocationList() == null || eventObject.GetInvocationList().Length == 0) { //eventInfo.AddEventHandler(c, d); eventInfo.AddEventHandler(c, deciderMethod); } else { //将原有列表存储,然后插入权限检查事件为第一个执行的事件 foreach (Delegate de in eventObject.GetInvocationList()) { eventInfo.RemoveEventHandler(c, de); } //eventInfo.AddEventHandler(c, d); eventInfo.AddEventHandler(c, deciderMethod); eventInfo.AddEventHandler(c, Delegate.Combine(eventObject.GetInvocationList())); } } } catch { ServiceManager.LoggingService.Error("检查页面:" + page.Request.Url + "中事件的权限时出错"); } }; result = r; }
public void SetCurrentToken(IPrincipalToken token) { if (principals.ContainsKey(CURRENT_KEY)) { principals[CURRENT_KEY] = token; return; } if (token != null) { principals.Add(CURRENT_KEY, token); } else principals.Add(CURRENT_KEY, FactoryServices.ANONY_PRINCIPAL_TOKEN); }
public virtual void Decide(IPrincipalToken principal, object check, out bool result, bool throwException = true) { result = true; PermissionInfoCollection pc = principal.GetGrandedPermission(); if (ConfuseElect != null) pc.ElectVisitor = ConfuseElect; if (check is PermissionInfo) { CheckPermission(pc, (PermissionInfo)check, check, out result, throwException); } else { //资源上没有配置当前权限点指定的权限,则不允许任何人访问 PermissionPoint[] point = GetPoint(check); if (point == null || point.Length == 0) return;//程序没有定义权限点,不做任何权限控制! bool isThrow = true; try { foreach (PermissionPoint p in point) {//在当前对象上定义了多个权限点,每一个都需要进行权限检测 PermissionInfo checkPermission = p.NewPermission(); CheckPermission(pc, checkPermission, check, out result, throwException); } if (result) isThrow = false; } finally { if (isThrow) { //权限检查抛出异常则执行事件,执行此事件但异常继续抛出 OnAccessException(principal, check); } } } }
public void SetCurrentToken(IPrincipalToken token) { if (token != null) HttpContext.Current.Session.Add(WebPrincipalTokenStorage.__CURRENT_USER_KEY__, token); }
public AccessExceptionEventArgs(IPrincipalToken principal, object check) { this.principal = principal; this.check = check; }
/// <summary> /// 授权不通过,则执行不通过时的事件处理 /// </summary> protected void OnAccessException(IPrincipalToken principal, object check) { if (AccessDenyed != null) AccessDenyed(this, new AccessExceptionEventArgs(principal, check)); }
public override void Decide(IPrincipalToken principal, object check, out bool result, bool throwException = true) { viewDecider.Decide(principal, check, out result, throwException); eventDecider.Decide(principal, check, out result, throwException); }
/// <summary> /// 添加init事件, 页面加载事件中检测具有visiable的权限点的控件,如果当前用户不具有此权限,将其visiable设置为false /// </summary> /// <param name="check">必须为Page对象</param> public override void Decide(IPrincipalToken principal, object check, out bool result, bool throwException = true) { result = true; bool r = result; Page page = check as Page; if (page == null) return; page.Init += (sender, e) => { try { //查找权限点中具有可见权限的权限点 IEnumerable<PermissionPoint> controlCheckView = site.GetPoints(page, p => { if (p.Action.Equals(ControlPermissionInfo.VISIABLE_PERMISSION_NAME)) return true; return false; }); foreach (ControlPermissionPoint point in controlCheckView) { Control c = ASPNetPageCrystalWallSite.FindControlInContainer(page, point.Name); try { base.Decide(principal, new ControlEventContextObject(point.Name, point, c, point.EventName), out r, throwException); } catch (AccessException ae) { //DO NOTHING ServiceManager.LoggingService.Debug("当前用户对页面:" + page.Request.Url + "中控件:" + c.ID + "没有可见权限"); } } } catch (Exception ex) { ServiceManager.LoggingService.Error("检查页面:" + page.Request.Url + "中对象的可见权限时出错"); } }; result = r; }